-
-
Save noelbundick/9c804a710eb76e1d6a234b14abf42a52 to your computer and use it in GitHub Desktop.
############ | |
# This script will add your WSL environments to the Windows Defender exclusion list so that | |
# realtime protection does not have an adverse effect on performance. | |
# | |
# You should be aware that this could make your system less secure. Use at your own risk. | |
# Note: This should be run from an administrative PowerShell prompt | |
############ | |
# Find registered WSL environments | |
$wslPaths = (Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath}).BasePath | |
# Get the current Windows Defender exclusion paths | |
$currentExclusions = $(Get-MpPreference).ExclusionPath | |
if (!$currentExclusions) { | |
$currentExclusions = '' | |
} | |
# Find the WSL paths that are not excluded | |
$exclusionsToAdd = ((Compare-Object $wslPaths $currentExclusions) | Where-Object SideIndicator -eq "<=").InputObject | |
# List of paths inside the Linux distro to exclude (https://github.com/Microsoft/WSL/issues/1932#issuecomment-407855346) | |
$dirs = @("\bin", "\sbin", "\usr\bin", "\usr\sbin", "\usr\local\bin", "\usr\local\go\bin") | |
# Add the missing entries to Windows Defender | |
if ($exclusionsToAdd.Length -gt 0) { | |
$exclusionsToAdd | ForEach-Object { | |
# Exclude paths from the root of the WSL install | |
Add-MpPreference -ExclusionPath $_ | |
Write-Output "Added exclusion for $_" | |
# Exclude processes contained inside WSL | |
$rootfs = $_ + "\rootfs" | |
$dirs | ForEach-Object { | |
$exclusion = $rootfs + $_ + "\*" | |
Add-MpPreference -ExclusionProcess $exclusion | |
Write-Output "Added exclusion for $exclusion" | |
} | |
} | |
} |
MIT License | |
Copyright (c) 2018 Noel Bundick | |
Permission is hereby granted, free of charge, to any person obtaining a copy | |
of this software and associated documentation files (the "Software"), to deal | |
in the Software without restriction, including without limitation the rights | |
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
copies of the Software, and to permit persons to whom the Software is | |
furnished to do so, subject to the following conditions: | |
The above copyright notice and this permission notice shall be included in all | |
copies or substantial portions of the Software. | |
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
SOFTWARE. |
It works great thank you!
Thanks Noel! Another happy customer. Definite step up in WSL speed after this.
I ran it and then modified/added some paths but it won't add those in another run. What's the reason for that?
Edit: Got it. The script checks if $wslPaths
(WSL base path) is excluded and exits if it is.
The other paths are not evaluated in that case.
I don't think WSL2 make active changes to rootfs folder again, at least in my case(Ubuntu 20.04, WSL2)
Adding to @mwittmann info, you can run this script using a bypass instead of changing Powershell execution policy to run untrusted/unsigned scripts.
Inside a Powershell as administrator, run it like this:
powershell -ExecutionPolicy Bypass -File .\excludeWSL.ps1
Working great on WSL2 kali, 11 Pro as of right now.
I'm hoping that this will help with the VmmemWSL high CPU usage when coming out of sleep. microsoft/WSL#6982 calls it out as "random", but from my experience it is consistently spiking when coming out of sleep (harddrives shutdown) and a WSL terminal or WSLg app is running.
Works fine on Windows 11 and WSL1
Works fine, thx
+ #Requires -RunAsAdministrator
############
# This script will add your WSL environments to the Windows Defender exclusion list so that
# realtime protection does not have an adverse effect on performance.
#
# You should be aware that this could make your system less secure. Use at your own risk.
- # Note: This should be run from an administrative PowerShell prompt
############
To filter out WSL 2 distros one can test Flags, bit 3 means WSL 2 according to https://patrickwu.space/2020/07/19/wsl-related-registry/
I guess WSL 2 does not need this workaround so only WSL 1 distros make sense to exclude (?)
$wslPaths = (Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath} | where {($_).Flags -lt 8}).BasePath
If you have a separate Administrator that runs the script, you can modify it to take your actual WSL user into account:
############
+ $userName = 'John'
+
+ $userSid = (New-Object System.Security.Principal.NTAccount($userName)).Translate([System.Security.Principal.SecurityIdentifier]).Value
# Find registered WSL environments
- $wslPaths = (Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath}).BasePath
+ $wslPaths = (Get-ChildItem Registry::HKEY_USERS\$userSid\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath}).BasePath
# Get the current Windows Defender exclusion paths
$currentExclusions = $(Get-MpPreference).ExclusionPath
Just in case it's not clear from the comments in the script, this must be run within a Powershell command prompt that is launched with "Run as Administrator" privileges. If you get messages like
Add-MpPreference : You don't have enough permissions to perform the requested operation.
when you run this script, that is the reason it's not working.In addition, your Powershell execution policy (GetExecutionPolicy, SetExecutionPolicy commands) must be configured appropriately, for example:
SetExecutionPolicy RemoteSigned
.