0

I'm not certain whether WSL 2 instances, running in Hyper-V, are actually scanned by Windows Defender.

I have found some articles on Google describing Window Defender's performance impact on WSL, but they are not mentioning whether they are talking about WSL 1 or WSL 2.

Indeed, it's possible for Windows Defender to scan WSL 1 instances, since they aare user-space processes running in Windows, and their file systems are rooted at folders (e.g. C:\path\to\wsl1\dist)

However, does Microsoft implement any "Windows Defender"-like security for WSL 2 instances?

Indeed, Windows Defender running in Windows cannot scan WSL 2 instances, since they are both running in Hyper-V. So, does Microsoft run any "Windows Defender"-like process in WSL 2 instances? Does Hyper-V perform any kind of monitoring of WSL 2 instances?

Shuzheng
  • 1,097
  • 4
  • 22
  • 37
  • Do you mean: Is er a Windows Degfender process runing inside the WSL container? or do you mean to ask "Can Windows Defender protect from Linux based threats?" – LvB Oct 15 '20 at 11:30
  • I mean “any”. Does Windows implement any security for WSL2? Does it scan the file systems (virtual disks), does it monitor processes, etc.? Windows didn’t detect I downloaded Mimikatz into WSL2. – Shuzheng Oct 17 '20 at 06:00
  • Did you download the windows version or the Linux version of minikatz? And I would suspect windows defender does not scan the virtual disks as such. But I have no proof of that. – LvB Oct 18 '20 at 13:26
  • @LvB - I downloaded the Windows version. – Shuzheng Oct 18 '20 at 17:20

0 Answers0