Antimalware support on UWF-protected devices

Learn how to enable antimalware support on your USB Filter-enabled Windows 10 Enterprise device.

When using antimalware software on your Unified Write Filter (UWF)-protected device, you must add the required file and registry exclusions that enable the software to apply updates to signature files and persist changes to the device after a system restart.

Add support for Microsoft Defender on UWF-protected devices

Add these exclusions to UWF:

1. File exclusions

   C:\Program Files\Windows Defender
   C:\ProgramData\Microsoft\Windows Defender
   C:\Windows\WindowsUpdate.log
   C:\Windows\Temp\MpCmdRun.log
   

2. Registry exclusions

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
   

   Note

   If a Windows IoT Enterprise computer stops responding during Windows startup, see Windows doesn't start after you exclude UWF from Microsoft Defender for a workaround. This issue impacts:

   • Windows 10 IoT Enterprise, version 21H1
   • Windows 10 IoT Enterprise, version 21H2
   • Windows 10 IoT Enterprise, version 22H1
   • Windows 10 IoT Enterprise LTSC 2016
   • Windows 10 IoT Enterprise LTSC 2019
   • Windows 10 IoT Enterprise LTSC 2021
   • Windows 11 IoT Enterprise

Add support for System Center Endpoint Protection on UWF-protected devices

Add these exclusions to UWF:

1. File exclusions

   C:\Program Files\Microsoft Security Client
   C:\Windows\Windowsupdate.log
   C:\Windows\Temp\Mpcmdrun.log
   C:\ProgramData\Microsoft\Microsoft Antimalware
   

2. Registry exclusions

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware
   

Related articles

• Service UWF-protected devices