Endpoint Insights
Configuration Manager, Endpoint Protection, and Hyper-V
Topics: Endpoint Insights
Configuration Manager, Endpoint Protection, and Hyper-V
More and more companies are using Endpoint Protection in SCCM, along with the Hyper-V role, to virtualize computers within their environments.
It should be noted that in order to get the most out of the Hyper-V role you should exclude VHD* files from being scanned by any antivirus (AV) products, including Endpoint Protection. Excluding these files will prevent unnecessary AV scans on these very large files which then helps to increase disk I/O.
This blog post will show you how to exclude VHD* files from Endpoint Protection scanning.
How to Exclude VHD* Files from Endpoint Protection
Start by opening the Configuration Manager console and expanding Endpoint Protection | Antimalware Policies. Next, select the Default Client Antimalware Policy and click on the Properties button.
In the Default Antimalware Policy window, select the Exclusion settings node. Then click on the Set button for Excluded file types.
In the Configure File Type Exclusions window, type .vhd and then click on the Add button.
Repeat this process for .vhdx extensions too. Your window should now look similar to the one below.
Once all file type exclusions are added, click on the OK button twice to close the open windows.
Now all VHD* files will be excluded from AV scanning. This will ultimately lead to faster disk access on your Hyper-V role. If you have any questions, please feel free to contact me @GarthMJ.
