Blog Post

Microsoft Defender for Endpoint Blog
8 MIN READ

Configuring Microsoft Defender Antivirus for non-persistent VDI machines

JesseEsquivel's avatar
JesseEsquivel
Icon for Microsoft rankMicrosoft
Jun 25, 2020
Updated 3/23/2023 to focus on the shared security intelligence feature for VDI.   Virtual Desktop Infrastructure (VDI) brings an interesting dynamic when tuning the platform. The delicate balance...
Updated Mar 23, 2023
Version 23.0
Microsoft Defender Antivirus
VDI
Daniel-San's avatar
Daniel-San
Copper Contributor
Mar 23, 2021

Hello baker999855,

yes I have set up modifying NTFS permissions for SYSTEM account (look at my permissions screenshot above).

I have tried your suggestions, too: check for updates on startup, prevent Windows Defender from deactivating and installing an old mpam-fe.ex from two days before.

Nothing helps, I can't download any security intelligence updates form my file share.

Time to speak about your master. I'm using MDT and WDS for deploying the default Win 10 20H2 Pro wim file on my master image. After that the default actions for

  • joining the domain
  • installing software
  • and installing WSUS updates from my WSUS server

are running in the task sequence. Nothing else. After the reboot from WSUS MDT tasks I am clearing the local GPO cache, install the old mpam-fe.exe manually and setting up the new local GPO with the five settings:

  • Define file share for security intelligence updates
  • Define file share for security intelligence updates for VDI clients
  • Define the order only to "FileShares"
  • Check for updates on startup
  • deactivate the Windows Defender deactivating policy

Then I perform the reboot of my master. After startup checking the Windows Defender event logs will provide me the "Access denied" entries and no update has happened.

 

How about your master image setup? Are you using MDT and WDS? Are you joining the domain with your master?

 

Best,

Daniel