Note: this material is excepted from Planning for Hyper-V Security at

Table of Contents

As a best practice, you should NOT run any applications in the management operating system (also called a host or sometimes the Hyper-V server)—run all applications on virtual machines. By keeping the management operating system free of applications and running a Windows Server 2008 core installation, you will need fewer updates to the management operating system because nothing requires software updates except the Server Core installation, the Hyper-V service components, and the hypervisor.

If you choose to run programs in the management operating system, you should also run your antivirus solution there and add the following to the antivirus exclusions to avoid negative performance impacts to all Virtual Machines running on that host:

  • All folders containing VHD, VHDX, AVHD, AVHDX, VSV and ISO files

  • Default virtual machine configuration directory, if used  C:\ProgramData\Microsoft\Windows\Hyper-V

  • Default snapshot files directory, if used  %systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots

  • Custom virtual machine configuration directories, if applicable

  • Virtual machine virtual hard disk files directory. By default, it is C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks

  • Custom virtual hard disk drive directories

  • Snapshot files directory. By default, it is %systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots

  • Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)

  • Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)

  • Additionally, when you use Cluster Shared Volumes, exclude the CSV path C:\ClusterStorage and all its subdirectories.

See Also

Others Languages