Recommended antivirus exclusions for Hyper-V hosts

Summary
If antivirus software is installed and running on a Hyper-V host, there are several exclusions and options that you should configure for optimal operation of Hyper-V and the running virtual machines. These configurations will help avoid issues such as those that are described in the following Knowledge Base article:

Use the information that's provided in the "Resolution" section to configure your antivirus software to co-exist optimally with Hyper-V and your virtual machines. This guidance applies to the following Hyper-V host operating systems:

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Hyper-V Server 2012 R2
  • Hyper-V Server 2012
  • Hyper-V Server 2008 R2
  • Hyper-V Server 2008
Important This article contains information that shows how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. These specific configuration changes should be made only on the following systems:

  • Physical systems that are configured to have the Hyper-V role enabled and that have virtual machines currently running
  • Physical systems that may be providing storage for the virtual machine files, such as a Windows Server File Server
For specific guidance about how to configure your antivirus software, please work with your antivirus vendor.

Configurations

Configure the real-time scanning component within your antivirus software to exclude the following directories, files, and processes:

  • All directories that contain VHD, VHDX, AVHD, AVHDX, VSV, and ISO files
  • The following default virtual machine configuration directory, if it's used, and any of its subdirectories:

    C:\ProgramData\Microsoft\Windows\Hyper-V
  • The following default virtual machine virtual hard disk files directory, if it's used, and any of its subdirectories:

    C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
  • The following default snapshot files directory, if it's used, and any of its subdirectories:

    C:\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  • The following default Cluster Shared Volumes path, if you're using Cluster Shared Volumes, and any of its subdirectories:

    C:\ClusterStorage
  • Any custom virtual machine configuration directories, if applicable
  • Any custom virtual hard disk drive directories, if applicable
  • Any custom replication data directories, if you're using Hyper-V Replica
  • If antivirus software is running on your file servers, any Server Message Block protocol 3.0 (SMB 3.0) file shares on which you store virtual machine files
  • Vmms.exe

    Note This file may have to be configured as a process exclusion within the antivirus software.
  • Vmwp.exe

    Note This file may have to be configured as a process exclusion within the antivirus software.
Properties

Article ID: 3105657 - Last Review: 10/19/2015 23:53:00 - Revision: 3.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Standard, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Microsoft Hyper-V Server 2012 R2, Microsoft Hyper-V Server 2008 R2, Microsoft Hyper-V Server 2008

  • kbtshoot kbexpertiseadvanced kbsurveynew KB3105657
Feedback