Let’s look at what exclusion configuration should look like. On Hyper-V host you’ll find couple of core processes that’s crucial to host and VM performance.
Prevent following processes from AV scans by excluding following as part of Hyper-V AV policy:
VMMS.exe | VMWP.exe.
Also exclude root directories where VM configurations and Virtual Hard Disks are stored:
C:\ProgramData\Microsoft\Windows\Hyper-V
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks, Custom VM configuration, Virtual Hard Disk and Snapshot directories.
Next, create AV exclusions for following file extensions:
*.XML | *.VHD | *.AVHD | *.VFD | *. VSV | *.ISO. |*. BIN
- XML files
- These files contain the virtual machine configuration details. There is one of these for each virtual machine and each snapshot of a virtual machine. They are always named with the GUID used to internally identify the virtual machine or snapshot in question.
- .VHD files
- These are the virtual hard disk files for the virtual machine
- .AVHD files
- These are the differencing disk files used for virtual machine snapshots
- .BIN files
- This file contains the memory of a virtual machine or snapshot that is in a saved state.
- .VSV files
- This file contains the saved state from the devices associated with the virtual machine.
Finally, if you’re using Hyper-V R2’s Live Migration feature with CSVs, then you’ll need to exclude CSV path and any sub-directories. CSV path is as follows: C:\Clusterstorage. Failure to create this exclusion on hosts using CSV, can only result in poor performance, but can also result in a missing or corrupt VM configuration.
Guidelines for Antivirus Exclusions
Posts
0 comments:
Post a Comment