Windows defender quarentined my VM... WTH?
-
Server down this morning...
VHDX File is just gone... It's missing...
I found out that Windows Defender had detected it was (or had) a virus and quarantined it...How Windows defender even would ever quarantine a VHDX is beyond me.
Come on Microsoft!
-
The issue is that it is a VM file used by Hyper-V. If it was a normal VHDX file, used for say file installation (they are basically ISO files) then Defender does need to be scanning it. Ideally, Hyper-V would tell Defender where its resources are and at least default to not scanning them.
Some people want their VMs scanned from the base platform. Hosting companies sometimes, for example. But that should not be the default.
-
@CCWTech said in Windows defender quarentined my VM... WTH?:
Server down this morning...
VHDX File is just gone... It's missing...
I found out that Windows Defender had detected it was (or had) a virus and quarantined it...How Windows defender even would ever quarantine a VHDX is beyond me.
Come on Microsoft!
That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.
Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.
What happened to you isn't default behavior.
-
This post is deleted! -
@Obsolesce said in Windows defender quarentined my VM... WTH?:
@CCWTech said in Windows defender quarentined my VM... WTH?:
Server down this morning...
VHDX File is just gone... It's missing...
I found out that Windows Defender had detected it was (or had) a virus and quarantined it...How Windows defender even would ever quarantine a VHDX is beyond me.
Come on Microsoft!
That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.
Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.
What happened to you isn't default behavior.
Not sure, we 'inherited' the server. We don't do HYPER-V any longer. Everything is KVM now. (Proxmox)
But it was for sure quarantiined. Funny thing is that Windows defender scan of the actual VM shows no virus... So weird.
-
@CCWTech said in Windows defender quarentined my VM... WTH?:
@Obsolesce said in Windows defender quarentined my VM... WTH?:
@CCWTech said in Windows defender quarentined my VM... WTH?:
Server down this morning...
VHDX File is just gone... It's missing...
I found out that Windows Defender had detected it was (or had) a virus and quarantined it...How Windows defender even would ever quarantine a VHDX is beyond me.
Come on Microsoft!
That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.
Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.
What happened to you isn't default behavior.
Not sure, we 'inherited' the server. We don't do HYPER-V any longer. Everything is KVM now. (Proxmox)
But it was for sure quarantiined. Funny thing is that Windows defender scan of the actual VM shows no virus... So weird.
My guess would be that the VM's AV cleaned it up separate from the host's AV killing the VM.