ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows defender quarentined my VM... WTH?

    Scheduled Pinned Locked Moved IT Discussion
    virushyper-vantivirusserver
    6 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CCWTechC
      CCWTech
      last edited by

      Server down this morning...
      VHDX File is just gone... It's missing...
      I found out that Windows Defender had detected it was (or had) a virus and quarantined it...

      How Windows defender even would ever quarantine a VHDX is beyond me.

      Come on Microsoft!

      ObsolesceO 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        The issue is that it is a VM file used by Hyper-V. If it was a normal VHDX file, used for say file installation (they are basically ISO files) then Defender does need to be scanning it. Ideally, Hyper-V would tell Defender where its resources are and at least default to not scanning them.

        Some people want their VMs scanned from the base platform. Hosting companies sometimes, for example. But that should not be the default.

        1 Reply Last reply Reply Quote 1
        • ObsolesceO
          Obsolesce @CCWTech
          last edited by Obsolesce

          @CCWTech said in Windows defender quarentined my VM... WTH?:

          Server down this morning...
          VHDX File is just gone... It's missing...
          I found out that Windows Defender had detected it was (or had) a virus and quarantined it...

          How Windows defender even would ever quarantine a VHDX is beyond me.

          Come on Microsoft!

          That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.

          Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.

          What happened to you isn't default behavior.

          ObsolesceO CCWTechC 2 Replies Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @Obsolesce
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • CCWTechC
              CCWTech @Obsolesce
              last edited by

              @Obsolesce said in Windows defender quarentined my VM... WTH?:

              @CCWTech said in Windows defender quarentined my VM... WTH?:

              Server down this morning...
              VHDX File is just gone... It's missing...
              I found out that Windows Defender had detected it was (or had) a virus and quarantined it...

              How Windows defender even would ever quarantine a VHDX is beyond me.

              Come on Microsoft!

              That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.

              Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.

              What happened to you isn't default behavior.

              Not sure, we 'inherited' the server. We don't do HYPER-V any longer. Everything is KVM now. (Proxmox)

              But it was for sure quarantiined. Funny thing is that Windows defender scan of the actual VM shows no virus... So weird.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @CCWTech
                last edited by

                @CCWTech said in Windows defender quarentined my VM... WTH?:

                @Obsolesce said in Windows defender quarentined my VM... WTH?:

                @CCWTech said in Windows defender quarentined my VM... WTH?:

                Server down this morning...
                VHDX File is just gone... It's missing...
                I found out that Windows Defender had detected it was (or had) a virus and quarantined it...

                How Windows defender even would ever quarantine a VHDX is beyond me.

                Come on Microsoft!

                That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.

                Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.

                What happened to you isn't default behavior.

                Not sure, we 'inherited' the server. We don't do HYPER-V any longer. Everything is KVM now. (Proxmox)

                But it was for sure quarantiined. Funny thing is that Windows defender scan of the actual VM shows no virus... So weird.

                My guess would be that the VM's AV cleaned it up separate from the host's AV killing the VM.

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post