You are browsing the archive for Windows Server.

Hyper-V 2019: Configure antivirus exclusions in Windows Defender Antivirus

3:43 pm in antivirus exclusions, automatic exclusions, custom exclusions, Hyper-V, PowerShell, Windows Defender Antivirus, Windows Server, Windows Server 2019, Windows Server 2019 Hyper-V, WS2019 by Wim Matthyssen

Running a solid, constantly updated antivirus product on your Hyper-V hosts is a necessity to keep a healthy and secure virtual environment. By using Windows Defender Antivirus, the built-in antimalware solution in Windows Server 2019 you will be provided with next-gen cloud-delivered protection, which includes near-instant detection, always-on scanning and dedicated protection updates.

However, when using any antivirus software on a Hyper-V host, you also risk having issues when it is not configured properly and especially when real-time scanning (or monitoring) is enabled. This can negatively affect the overall host performance and even cause corruption of your virtual machines (VMs) or Hyper-V files.

To avoid these file conflicts and to minimize performance degradations you should implement the following recommend antivirus exclusions (directories, files and processes) on all your Hyper-V hosts, which can be found over here.

Luckily Windows Defender Antivirus automatically enrolls certain exclusions (automatic exclusions), defined by your specific server role. To determine which roles are installed on the server, Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools. You should be aware that these automatic exclusions will not appear in the standard exclusion list shown in the Windows Security app.

clip_image002

Below you can find a list of the automatic exclusions for the Hyper-V role:

File type exclusions:

  • *.vhd,*.vhdx,*.avhd,*.avhdx,*.vsv,*.iso,*.rct,*.vmcx,*.vmrs

Folder exclusions:

  • %ProgramData%\Microsoft\Windows\Hyper-V
  • %ProgramFiles%\Hyper-V
  • %SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  • %Public%\Documents\Hyper-V\Virtual Hard Disks

Process exclusions:

  • %systemroot%\System32\Vmms.exe
  • %systemroot%\System32\Vmwp.exe

Hyper-V Failover Cluster folder exclusions:

  • %SystemDrive%\ClusterStorage

Although the automatic exclusions include almost all recommended Hyper-V antivirus exclusions you still may need to configure additional custom exclusions. These custom exclusions will take precedence over the automatic exclusions but will not conflict if a duplicate exists.

If you prefer to disable automatic exclusions you can run the following PowerShell cmdlet.

Below you can find an additional short list of custom exclusions for a server running the Hyper-V role which you can implement if applicable to your environment. There can be even more exclusions for your specific environment.

  • Any custom virtual machine configuration or hard disk drive directories (for example E:\VMs).

clip_image004

  • Any custom replication data directories, if you’re using Hyper-V Replica.
  • The Vmsp.exe process (%systemroot%\System32\Vmsp.exe)

clip_image006

  • The Vmcompute.exe process (%systemroot%\System32\Vmcompute.exe).

clip_image008

To add these exclusions for Windows Defender Antivirus in the Windows Security app you can follow the below steps.

Open the Windows Security app by clicking the magnifier in the task bar and type defender. Select Virus & threat protection.

clip_image010

Under the Virus & threat protection settings title select Manage settings.

clip_image012

On the Virus & threat protection settings page scroll down to Exclusions setting and click on Add or remove exclusions.

clip_image014

Click Add an exclusion. Click the + icon to choose the type and set the options for each exclusion. When adding an exclusion click Yes if the User Account Control box pops up.

clip_image016

clip_image018

When all custom exclusions are added the screen will look like this.

clip_image020

To remove an added exclusion, press the down arrow next to the exclusion and click Remove.

clip_image022

You can also add these custom exclusions with the use of PowerShell (as administrator). To do so you need to run the below commands.

clip_image024

Hope this helps securing your Hyper-V hosts.

Wim Matthyssen (@wmatthyssen)

PowerShell: BgInfo Automation script for Windows Server 2012 R2

10:09 am in Bg, BgInfo, Hyper-V, PowerShell, PowerShell Script, scugbe, VM Template, Windows Server, Windows Server 2012 R2, Windows Sysinternals by Wim Matthyssen

Sometime ago I already wrote a PowerShell script to install the BgInfo tool in an automated way whenever you create a VM Template or a base image (also called golden image) for a Windows Server 2016 Virtual Machine (VM) or physical server, which can be donwloaded here. More information can be found int this previous blog post: http://scug.be/wim/2017/02/23/powershell-bginfo-automation-script/

To return to the current blog post and like you can already figure out from the title, now I also wrote a script to automate the BgInfo installation and configuration for a Windows Server 2012 R2 server (VM or physical server).

This PowerShell script will do all of the following:

  • Download the latest BgInfo tool
  • Create the BgInfo folder on the C drive
  • Extract and cleanup the BgInfo.zip file
  • Download the logon.bgi file which holds the preferred settings
  • Extract and cleanup the LogonBgi.zip file
  • Create the registry key (regkey) to AutoStart the BgInfo tool in combination with the logon.bgi config file
  • Start the tool for the first time
  • Set to start up automatically whenever a user logs on to the server

 

Prerequisites

Windows PowerShell 4.0

 

PowerShell script

To use the script copy and save the above as BgInfo_Automated_WS2012_R2_v1.0.ps1, or whatever name you prefer. Afterwards run the script with Administrator privileges from the server you wish to use for your VM template or physical base image. If you want to change configuration settings, just open the logon.bgi file and adjust the settings to your preferences.

This PowerShell script can also found on the TechNet Gallery: https://gallery.technet.microsoft.com/PowerShell-BgInfo-07ade714

image

image

image

image

image

Hope this script comes in handy for you. If you have and questions or recommendations, please feel free to contact me through my twitter handle.

Wim Matthyssen (@wmatthyssen)