Antimalware support on UWF-protected devices
Learn how to enable antimalware support on your USB Filter-enabled Windows 10 Enterprise device.
When using antimalware software on your Unified Write Filter (UWF)-protected device, you must add the required file and registry exclusions that enable the software to apply updates to signature files and persist changes to the device after a system restart.
Add support for Microsoft Defender on UWF-protected devices
Add these exclusions to UWF:
File exclusions
C:\Program Files\Microsoft Defender C:\ProgramData\Microsoft\Microsoft Defender C:\Windows\WindowsUpdate.log C:\Windows\Temp\MpCmdRun.logRegistry exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Defender HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefendNote
If a Windows IoT Enterprise computer stops responding during Windows startup, see Windows doesn't start after you exclude UWF from Microsoft Defender for a workaround. This issue impacts:
- Windows 10 IoT Enterprise, version 21H1
- Windows 10 IoT Enterprise, version 21H2
- Windows 10 IoT Enterprise, version 22H1
- Windows 10 IoT Enterprise LTSC 2016
- Windows 10 IoT Enterprise LTSC 2019
- Windows 10 IoT Enterprise LTSC 2021
- Windows 11 IoT Enterprise
Add support for System Center Endpoint Protection on UWF-protected devices
Add these exclusions to UWF:
File exclusions
C:\Program Files\Microsoft Security Client C:\Windows\Windowsupdate.log C:\Windows\Temp\Mpcmdrun.log C:\ProgramData\Microsoft\Microsoft AntimalwareRegistry exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware
Note
Windows 10 Enterprise does not include System Center Endpoint Protection. You can purchase licenses and install System Center Endpoint Protection independently.