Configuring Microsoft Defender Antivirus for non-persistent VDI machines

baker999855  I'm going crazy. I can't get it for working even with your blog.

I have created a fresh new test share on my 2019er lab DC. I can see - based on your posted screenshot for SMB Access - that you have added the BUILTIN\Administors Group. On an Active Directory you can setup such a file share only on a Domain Controller. Not on any other server member system.

My share permissions are exactly the same:

I have shared the folder with following UNC-Path: "\\ADS01\wdav-update".

My NTFS permissions are the same:

I have cleared up the Group Policy Cache on my MDT fresh installed Win 10 20H2 VM and only added the above mentioned UNC path in the Local Group Policy Editor under "Define File Shares for downloading Intelligence Security Updates" and "Define Security Intelligence location for VDI Clients". And of course setting the local GPO "Define the order of the sources for downloading security intelligence updates" to "FileShares" only.

The joke is:

• when I am modifying the NTFS permissions for Authenticated Users in Write permissions, the GUID folders will be deleted on the share published by my DC from my fresh MDT installed Win 10 20H2 VM with new applied Group Policy Cache. 
• But the Windows Defender eventlog is always logging the Event ID 2001 and Event ID 2003 - Access denied to the security intelligence updates whether Authenticated Users have read only permissions or write permissions.

I am openminded for new ideas I can trying for. 

Best,

Daniel

Best,

Daniel