Hi all,
we are currently evaluating ways to improve session host performance, especially if they are freshly deployed. Microsoft Defender for Endpoint on access scan has been identified as a major performance hog during those first hours.
There is a dedicated KB article regarding CPU utilization, which led me down the image optimization rabbit hole:
Upon doing further research, I've stumbled upon a feature called Trusted Image Identifier: By scanning and tagging files during imaging, Defender knows to skip these files once deployed on a host. This is achieved by applying an image, booting it into audit mode, running a full scan, and finally resealing the image with the added Security-Malware-Windows-Defender\TrustedImageIdentifier setting.
Is there a way to elegantly integrate this into Nerdios' Power off & set as image workflow?
Comments (0 comments)