< Blog

Configuration Manager, Endpoint Protection and Hyper-V

By Garth Jones

More and more companies are using Endpoint Protection in System Center Configuration Manager, along with the Hyper-V role, to virtualize computers within their environments.

It should be noted that in order to get the most out of the Hyper-V role you should exclude VHD* files from being scanned by any antivirus (AV) products, including Endpoint Protection. Excluding these files will prevent unnecessary AV scans on these very large files which then helps to increase disk I/O.

This blog post will show you how to exclude VHD* files from Endpoint Protection scanning.

Start by opening the Configuration Manager console and expanding Endpoint Protection | Antimalware Policies. Next, select the Default Client Antimalware Policy and click on the Properties button.

Configuration Manager-Endpoint Protection and Hyper-V-Properties

In the Default Antimalware Policy window, select the Exclusion settings node. Then click on the Set button for Excluded file types.

Configuration Manager-Endpoint Protection and Hyper-V-Exclusion Settings 

In the Configure File Type Exclusions window, type .vhd and then click on the Add button.

Configuration Manager-Endpoint Protection and Hyper-V-Configure File Type Exclusions

Repeat this process for .vhdx extensions too. Your window should now look similar to the one below.

Configuration Manager-Endpoint Protection and Hyper-V-File Types 

Once all file type exclusions are added, click on the OK button twice to close the open windows.

Now all VHD* files will be excluded from AV scanning. This will ultimately lead to faster disk access on your Hyper-V role. If you have any questions, please feel free to contact me @GarthMJ.