6

I'm trying to exclude my Ubuntu VM in WSL 2 running in an up to date Windows 11 Pro installation.
The problem is that my local build is terribly slow when Windows Defender is active. Setup is as follows:
Java, maven, docker and code are all installed inside the ubuntu vm.

Im using IntelliJ 2022.1 in Windows to run and build the project using the wsl path:
\\wsl$\Ubuntu\home\<user>\<maven project>

This works and recognizes the correct JDK etc. from the VM. The problem is that the process "Antimalware Service Executable" is blocking all I/O and makes the build extremely slow. (stuck for 40 minutes slow)
As soon as I deactivate realtime protection of Windows Defender, the build is very fast -> https://medium.com/@leandrocrs/speeding-up-wsl-i-o-up-than-5x-fast-saving-a-lot-of-battery-life-cpu-usage-c3537dd03c74 This of course leaves the system basically without protection, which is not a real long term solution.

I read a lot of documentation and different threads about this problem, but almost all are about WSL 1 and advising to change to WSL2. Especially this thread has a lot of Info on this topic: https://github.com/Microsoft/WSL/issues/1932

The main approach there is to exclude specific folders from being scanned by Windows Defender, which existed in WSL 1 but not anymore in WSL 2. This is because WSL 2 now uses an ext4 image and doesn't expose the local folders anymore. I tried the same approach for WSL2.
The most important one, is the one for my VM: \\wsl.localhost\Ubuntu

This is not working and doesn't exclude my project inside the vm from being scanned by Windows Defender.
Does anyone have an idea how to exlude folders / files from WSL 2 VMs?
My Windows Defender Exclusions

Burfi
  • 61
  • 1
  • 2
  • 1
    Windows Defender is only part of the problem. This file access method has serious limitations in general and you should not use it like you do. Instead, run IntelliJ inside the VM. Windows Defender _does not_ scan files inside WSL 2. – Daniel B May 04 '22 at 17:40
  • 1
    I tried to run IntelliJ 2022.1 with Wayland in the VM, but it's just too buggy to develop this way. I had random crashes every 20 minutes. Also the UI is not stable and half of the dropdown menus would not stay open when clicked. And as I said - when I disable Windows Defender, the performance of my current approach is good. It's just not secure.. – Burfi May 04 '22 at 17:59
  • @Burfi Are you running the WSL Preview from the Microsoft Store by any chance? I wonder if, since it is installed as an App, that process might get scanned while the normal "Windows feature" isn't. – NotTheDr01ds May 06 '22 at 13:18
  • @NotTheDr01ds I checked and I don't have WSL Preview installed. Though this made me wonder and I am seeing that the `WSLg Preview` is installed by default. Also Ubuntu is shown as an installed app in the app browser of Windows 11. For installation I followed the manual of Microsoft and used the following: `wsl --install` Is Windows 11 installing WSL VMs now as apps by default, or is there a different approach? – Burfi May 07 '22 at 19:18
  • @Burfi `wsl --install` is definitely the "normal way", so I'm not sure why Defender is scanning it :-/ – NotTheDr01ds May 07 '22 at 19:57
  • @NotTheDr01ds thanks for clarifying. So still not sure what defender is scanning in my system. – Burfi May 07 '22 at 20:00

1 Answers1

0

Turns out Microsoft has something called Credential Guard which uses virtualization based security. E. g. using Hyper-V in Defender security scans. I cannot say how or why this got enabled on my machine, but it uses Hyper-V even though the optional Windows feature is disabled.

I found this only in an attempt of trying to compare performance with a new virtual machine in Oracle VirtualBox. There virtualization only worked with software emulation, because Hyper-V was active (Hyper-V must be inactive for Virtualbox native virtualization). Check this thread to analyze if Credential Guard is active and how to disable it: https://social.technet.microsoft.com/Forums/en-US/8a1f9ba3-9d6b-439a-99a7-f2c318169f9c/why-is-the-hypervisor-running-even-after-hyperv-is-uninstalled-?forum=winserverhyperv

I don't know how this "feature" got enabled. On a second PC with a fresh Windows 11 installation and WSL2 this doesn't happen. After disabling it, performance went to normal with Defender being enabled.

Burfi
  • 61
  • 1
  • 2