none
AntiVirus exclusions RRS feed

  • General discussion

  • For the historically most common anti-virus (AV) solutions (those that scan files and don't go or didn't go to the API level) the known exclusions are the following. Note: they may not all be needed in all scenarios. So include/apply as needed

    • Scan on connect for attached VHD(x) files / drives
    • VHD(x) files themselves
    • The FSLogix processes (frxsvc and frxccds) and the three drivers (frxdrv, frxdrvvt, frxccd)
    • The files in the FSLogix install directory (c:\program files\fslogix\apps) and sub directories.
    • See the note on frxrobocopy.exe on this page: https://docs.microsoft.com/en-us/fslogix/fslogix-installed-components-functions-reference
    • The files in (this is for CCD storage) in the c:\programdata\fslogix\proxy and \cache directories

    Newer generation AV solution sometimes go to the API level and they require their own definition sets. They can of course refer to the above items and as necessary include the items from above in their rule sets. But they need by whatever method they use to allow the FSLogix components named above and execution files  (.exe, .dll, .sys in c:\program files\fslogix\apps) to run.

    kbart


    Thursday, January 9, 2020 10:56 PM
    Owner

All replies

  • Antivirus Exclusions:

    Some antivirus scan on access which can get in the way at logon. This can be fixed by excluding VHD (or VHDX) files from being scanned in the Users and the Windows\Temp folders.

    Path: C:\Program Files\FSLogix

    Exclude frxdrv.sys, frxdrvvt.sys, frxccd.sys drivers

    Exclude frxccd.exe, frxccds.exe, frxsvc.exe processes

    Path: C:\Windows\TEMP

    Exclusion: Exclude .VHD and .VHDX for Folder and Subfolders

    Path: Profile Root Path (Wherever your FSLogix Profiles are stored)


    Paul


    • Edited by Paulsur Friday, July 10, 2020 6:11 PM accuracy
    Friday, July 10, 2020 6:07 PM
  • I do not see any .VHD/.VHDX files in C:\Windows\TEMP? And is it safe to exclude .VHD/.VHDX files, doesn't those files contain the user profile? Our .VHDX-files are located in \\fslogixshare\rd\%USERNAME%\vhdx-file (FileServer E:\), but in GPO I use \\IP-address\rd.

    Should I configure Windows Defender like this (with GPO):

    RDSH (Worker)
    -------------

    Process Exclusions
    Value Name, Value
    %ProgramFiles%\FSLogix\frxccd.exe, 0
    %ProgramFiles%\FSLogix\frxccds.exe, 0
    %ProgramFiles%\FSLogix\frxsvc.exe, 0

    Path Exclusions
    Value Name, Value
    C:\Windows\TEMP\*.VHD, 0
    C:\Windows\TEMP\*.VHDX, 0
    %ProgramFiles%\FSLogix, 0
    %ProgramFiles%\FSLogix\frxdrv.sys, 0
    %ProgramFiles%\FSLogix\frxdrvvt.sys, 0
    %ProgramFiles%\FSLogix\frxccd.sys, 0
    %ProgramFiles%\FSLogix\frxccd.exe, 0
    %ProgramFiles%\FSLogix\frxccds.exe, 0
    %ProgramFiles%\FSLogix\frxsvc.exe, 0
    \\IP-address\rd
    \\fslogixshare\rd
    \\fslogixshare.domain.local\rd

    FileServer (fslogixshare)
    -------------------------

    Path Exclusions
    Value Name, Value
    E:\, 0

    • Edited by tmr01234 Thursday, July 23, 2020 9:02 AM
    Monday, July 20, 2020 5:43 PM
  • Could someone tell me are those exclusions OK, and is it safe to exclude .vhdx files? Or do people even have exclusions when using Windows Defender & FSLogix?
    Friday, July 24, 2020 4:58 PM