Microsoft Defender

Microsoft has introduced a new Microsoft Defender capability named "performance mode" for developers on Windows 11, tuned to reduce the impact of antivirus scans when analyzing files stored on Dev Drives.

Introduced at this year's Microsoft Build conference, Dev Drive is a new type of Windows 11 storage volume using the Resilient File System (ReFS) available in public preview and offers developers enhanced performance and resiliency against data corruption.

These developer-focused storage volumes are designed to store large data sets, such as source code repositories, build output or intermediate files, and package caches (e.g., Npm, Nuget).

As Microsoft's Chief Product Officer for Windows and Devices Panos Panay stated, the Dev Drive and Defender performance mode combination can lead to a build speed boost of up to 30%.

"Dev Drive is based on the Resilient File System, which, combined with a new performance mode capability in Microsoft Defender for Antivirus, offers up to 30% file system improvement in build times for file I/O scenarios," Panay said.

"The new performance mode is more secure for your workloads than folder or process exclusions, providing an ultimate solution to balance security with performance."

When this new Defender Antivirus mode is on, it will balance performance and threat protection by delaying scans until file operations are completed.

To set up a new Dev Drive, you have to click the "Create Dev Drive" button after going to System > Storage > Advanced Store Settings > Disks & volumes in the Windows Settings app.

Creating a new Dev Drive
Creating a new Dev Drive (BleepingComputer)

Performance mode will be enabled by default for 'Trusted' drives, which is true for all newly created Dev Drives, and will only be available if real-time protection is toggled on.

It's also ONLY available for Dev Drives and cannot be enabled on volumes using other file systems, such as FAT32 or NTFS.

"A Dev Drive is automatically designated as trusted, providing the best possible performance by default. A trusted Dev Drive means that the developer using the volume has high confidence in the security of the content stored there," Microsoft explains.

However, any Dev Drives transferred from another device will be set as untrusted and use Microsoft Defender's real-time protection mode instead, and not the new performance mode.

Checking if a Dev Drive is trusted
Checking if a Dev Drive is trusted (BleepingComputer)

Nevertheless, it is possible to set a Dev Drive as trusted using the FSUTIL command line utility, which will automatically enable the new performance mode feature.

For now, Dev Drives are only available for Insiders in the Windows 11 Dev Channel and need a minimum of 8GB of RAM and at least 50GB of free disk space.

Performance drive also requires Microsoft Defender Antivirus, Microsoft Defender for Business, or Microsoft Defender for Endpoint Plan 1 or Plan 2 with Antimalware platform version of 4.18.2303.8 (or later) and Antimalware signature version of 1.385.1455.0 (or later).

Related Articles:

Hackers hijack antivirus updates to drop GuptiMiner malware

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware