Recommended antivirus exclusions for Hyper-V hosts

27 Mar

Recommended antivirus exclusions for Hyper-V hosts

Summary

If antivirus software is installed and running on a Hyper-V host, there are several exclusions and options that you should configure for optimal operation of Hyper-V and the running virtual machines. These configurations will help avoid issues such as those that are described in the following Knowledge Base article:

Use the information that’s provided in the “Resolution” section to configure your antivirus software to co-exist optimally with Hyper-V and your virtual machines. This guidance applies to the following Hyper-V host operating systems:

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Hyper-V Server 2012 R2
  • Hyper-V Server 2012
  • Hyper-V Server 2008 R2
  • Hyper-V Server 2008

Important This article contains information that shows how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. These specific configuration changes should be made only on the following systems:

  • Physical systems that are configured to have the Hyper-V role enabled and that have virtual machines currently running
  • Physical systems that may be providing storage for the virtual machine files, such as a Windows Server File Server

For specific guidance about how to configure your antivirus software, please work with your antivirus vendor.

Configurations

Configure the real-time scanning component within your antivirus software to exclude the following directories, files, and processes:

  • All directories that contain VHD, VHDX, AVHD, AVHDX, VSV, and ISO files
  • The following default virtual machine configuration directory, if it’s used, and any of its subdirectories:
    C:\ProgramData\Microsoft\Windows\Hyper-V
  • The following default virtual machine virtual hard disk files directory, if it’s used, and any of its subdirectories:
    C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
  • The following default snapshot files directory, if it’s used, and any of its subdirectories:
    C:\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  • The following default Cluster Shared Volumes path, if you’re using Cluster Shared Volumes, and any of its subdirectories:
    C:\ClusterStorage
  • Any custom virtual machine configuration directories, if applicable
  • Any custom virtual hard disk drive directories, if applicable
  • Any custom replication data directories, if you’re using Hyper-V Replica
  • If antivirus software is running on your file servers, any Server Message Block protocol 3.0 (SMB 3.0) file shares on which you store virtual machine files
  • Vmms.exe

    Note This file may have to be configured as a process exclusion within the antivirus software.

  • Vmwp.exe

    Note This file may have to be configured as a process exclusion within the antivirus software.