Link to home
Start Free TrialLog in
Avatar of AdvizeIT
AdvizeITFlag for Canada

asked on

Windows Defender Accessing Excluded Drives

I'm trying to figure out what keeps on waking up my external USB drives. I've added them to the excluded list in Windows Defender but using Process Monitor I see entries like this attributed to the MsMpEng.exe process:

CreateFile
Desired Access: Read Attributes, Disposition: Open, Options: Open For Backup, Open Requiring Oplock, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened

FileSystemControl
Control: FSCTL_REQUEST_OPLOCK

FileSystemControl
Control: 0x902eb (Device:0x9 Function:186 Method: 3)

Why is Defender still accessing the drives?  This is on a Windows 8.1 Pro machine
ASKER CERTIFIED SOLUTION
Avatar of Cris Hanna
Cris Hanna
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AdvizeIT

ASKER

I disabled Defender and am currently trialling MalwareBytes 3.0. The drives now only wake up very infrequently.
Here's the issue with the "Free" Malwarebytes...it's REACTIVE and NOT PROACTIVE
The paid version is PROACTIVE
But it does not protect users against bad websites, etc.   But if it works for your needs...great!!
Hi Cris. Yes, I'll be getting the paid version (which protects against bad websites) after I verify it doesn't interfere with anything else and isn't too "heavy" for my work processes (I'm looking at you AVG and Avast).  It's what we recommend to our more virus-prone clients when standard AV isn't enough and I like the new built in anti-ransomware feature.  The reason why I was using Defender is because it doesn't go CPU or hard drive access crazy when I'm using an IDE.