Lately I noticed a lot of CPU and network activity after 7PM-ish while connected to the company VPN. Task Manager tells me that the top two CPU and network users are Antimalware Service Executable and the VPN daemon.

Apparently it's scanning the mapped network shares, all 30TB of 'em! Over the internet! When I unmap the drives, the activity stops immediately.

Things I've tried:

  • Excluding the root folders on the drives in Defender settings.
  • In elevated powershell:
    Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1
  • Registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan\DisableScanningMappedNetworkDrivesForFullScan = 1

But to no avail.

I've been a long time microsoft user, but this "operating system" is starting to annoy me more and more. After every non-trivial update things I changed are being reset and new things start happening that have me hunting for solutions for hours. If microsoft continues this trend windows 10 will become unusable for me and I'll have to switch to Linux.

Have any of you experienced scanning network shares over VPN lately? Is it doing something else? A quick scan? I want it to completely ignore network shares.