Last active
November 6, 2024 11:46
-
-
Save noelbundick/9c804a710eb76e1d6a234b14abf42a52 to your computer and use it in GitHub Desktop.
Exclude WSL installations from Windows Defender realtime protection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############ | |
| # This script will add your WSL environments to the Windows Defender exclusion list so that | |
| # realtime protection does not have an adverse effect on performance. | |
| # | |
| # You should be aware that this could make your system less secure. Use at your own risk. | |
| # Note: This should be run from an administrative PowerShell prompt | |
| ############ | |
| # Find registered WSL environments | |
| $wslPaths = (Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath}).BasePath | |
| # Get the current Windows Defender exclusion paths | |
| $currentExclusions = $(Get-MpPreference).ExclusionPath | |
| if (!$currentExclusions) { | |
| $currentExclusions = '' | |
| } | |
| # Find the WSL paths that are not excluded | |
| $exclusionsToAdd = ((Compare-Object $wslPaths $currentExclusions) | Where-Object SideIndicator -eq "<=").InputObject | |
| # List of paths inside the Linux distro to exclude (https://github.com/Microsoft/WSL/issues/1932#issuecomment-407855346) | |
| $dirs = @("\bin", "\sbin", "\usr\bin", "\usr\sbin", "\usr\local\bin", "\usr\local\go\bin") | |
| # Add the missing entries to Windows Defender | |
| if ($exclusionsToAdd.Length -gt 0) { | |
| $exclusionsToAdd | ForEach-Object { | |
| # Exclude paths from the root of the WSL install | |
| Add-MpPreference -ExclusionPath $_ | |
| Write-Output "Added exclusion for $_" | |
| # Exclude processes contained inside WSL | |
| $rootfs = $_ + "\rootfs" | |
| $dirs | ForEach-Object { | |
| $exclusion = $rootfs + $_ + "\*" | |
| Add-MpPreference -ExclusionProcess $exclusion | |
| Write-Output "Added exclusion for $exclusion" | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MIT License | |
| Copyright (c) 2018 Noel Bundick | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| copies of the Software, and to permit persons to whom the Software is | |
| furnished to do so, subject to the following conditions: | |
| The above copyright notice and this permission notice shall be included in all | |
| copies or substantial portions of the Software. | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| SOFTWARE. |
Working great on WSL2 kali, 11 Pro as of right now.
I'm hoping that this will help with the VmmemWSL high CPU usage when coming out of sleep. microsoft/WSL#6982 calls it out as "random", but from my experience it is consistently spiking when coming out of sleep (harddrives shutdown) and a WSL terminal or WSLg app is running.
Works fine on Windows 11 and WSL1
Works fine, thx
+ #Requires -RunAsAdministrator
############
# This script will add your WSL environments to the Windows Defender exclusion list so that
# realtime protection does not have an adverse effect on performance.
#
# You should be aware that this could make your system less secure. Use at your own risk.
- # Note: This should be run from an administrative PowerShell prompt
############
To filter out WSL 2 distros one can test Flags, bit 3 means WSL 2 according to https://patrickwu.space/2020/07/19/wsl-related-registry/
I guess WSL 2 does not need this workaround so only WSL 1 distros make sense to exclude (?)
$wslPaths = (Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath} | where {($_).Flags -lt 8}).BasePath
If you have a separate Administrator that runs the script, you can modify it to take your actual WSL user into account:
############
+ $userName = 'John'
+
+ $userSid = (New-Object System.Security.Principal.NTAccount($userName)).Translate([System.Security.Principal.SecurityIdentifier]).Value
# Find registered WSL environments
- $wslPaths = (Get-ChildItem HKCU:\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath}).BasePath
+ $wslPaths = (Get-ChildItem Registry::HKEY_USERS\$userSid\Software\Microsoft\Windows\CurrentVersion\Lxss | ForEach-Object { Get-ItemProperty $_.PSPath}).BasePath
# Get the current Windows Defender exclusion paths
$currentExclusions = $(Get-MpPreference).ExclusionPath
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Adding to @mwittmann info, you can run this script using a bypass instead of changing Powershell execution policy to run untrusted/unsigned scripts.
Inside a Powershell as administrator, run it like this:
powershell -ExecutionPolicy Bypass -File .\excludeWSL.ps1