System Designate Dev Drive as Trusted or Untrusted in Windows 11


  • Staff
Drive_banner.png

This tutorial will show you how to designate a Dev Drive as trusted or untrusted in Windows 11.

Microsoft introduced Dev Drive starting with Windows 11 build 22621.2338.

Dev Drive is a new form of storage volume available to improve performance for key developer workloads. Dev Drive is built upon Resilient File System (ReFS) technology and includes file system optimizations and features that provide more control over storage volume settings and security, including trust designation, antivirus configuration, and administrative control over what filters are attached. It has been designed to meet a developer’s needs to host project source code, working folders, and package caches. It is not designed for general consumer workloads such as document libraries, installing packaged applications or non-developer tools.

By default, to give the best possible performance, creating a Dev Drive automatically grants trust in the new volume. A trusted Dev Drive volume causes real-time protection to run in a special asynchronousperformance mode” for that volume. Running performance mode provides a balance between threat protection and performance. The balance is achieved by deferring security scans until after the open file operation has completed, instead of performing the security scan synchronously while the file operation is being processed. This mode of performing security scans inherently provides faster performance, but with less protection. However, enabling performance mode provides significantly better protection than other performance tuning methods such as using folder exclusions, which block security scans altogether.

The following table summarizes performance mode synchronous and asynchronous scan behavior.

Performance mode state​
Scan type​
Description​
Summary​
Not enabled (Off)Synchronous
(Real-time protection)		Opening a file initiates a Real-time protection scan.Open now, scan now.
Enabled (On) - defaultAsynchronousFile open operations are scanned asynchronously.Open now, scan later.

An untrusted Dev Drive doesn't have the same benefits as a trusted Dev Drive. Security runs in synchronous, Real-time protection mode when a Dev Drive is untrusted. Real-time protection scans may impact performance.

For performance mode to be enabled, the Dev Drive must be designated as trusted and Microsoft Defender Real-time protection must be set to "On".

Starting with Windows 11 build 25931 (Canary), you can now enable or disable performance mode for Dev Drive protection in Windows Security.

While a Dev Drive is trusted by default, you can designate a Dev Drive as untrusted if wanted for better security at a possible performance cost.

References:
learn.microsoft.com

Set up a Dev Drive on Windows 11

Learn about the new Dev Drive storage available to improve file system performance for development scenarios using the ReFS volume format, including how to set it up, designate trust to use performance mode for Microsoft Defender Antivirus, customized filters, and FAQs.
learn.microsoft.com
learn.microsoft.com

fsutil devdrv

Reference article for the fsutil devdrv command, which groups dev drive related functionality.
learn.microsoft.com


You must be signed in as an administrator to designate a Dev Drive as trusted or untrusted.



Contents





Option One

See if a Dev Drive is Currently Trusted or Untrusted


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Type the command below into Windows Terminal (Admin), and press Enter. (see screenshots below)

fsutil devdrv query <drive letter>:

Substitute <drive letter> in the command above with the actual drive letter (ex: "F") of the Dev Drive you want to check.

For example: fsutil devdrv query F:


3 You will now see if this Dev Drive is currently trusted or untrusted.

Dev_Drive_quary_trusted.png

Dev_Drive_quary_not-trusted.png





Option Two

Designate a Dev Drive as Trusted


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Type the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)

fsutil devdrv trust <drive letter>:

Substitute <drive letter> in the command above with the actual drive letter (ex: "F") of the Dev Drive you want to designate as trusted.

For example: fsutil devdrv trust F:


Trust_Dev_Drive_command.png





Option Three

Designate a Dev Drive as Untrusted


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Type the command below into Windows Terminal (Admin), and press Enter. (see screenshot below)

fsutil devdrv untrust <drive letter>:

Substitute <drive letter> in the command above with the actual drive letter (ex: "F") of the Dev Drive you want to designate as untrusted.

For example: fsutil devdrv untrust F:


Untrust_Dev_Drive_command.png



That's it,
Shawn Brink


Related Tutorials

 

Attachments

  • Drive.png
    Drive.png
    2.7 KB · Views: 45
Last edited:
Click to expand...
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article
System Find All Dev Drives in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article
System Enable or Disable Create Dev Drive in Windows 11
Replies
0
Views
2K
Brink
Brink
  • Article
Privacy and Security Enable or Disable Performance Mode for Dev Drive Protection in Windows 11
Replies
0
Views
4K
Brink
Brink
  • Article
Virtualization Mount Folder as Drive in Windows 11
Replies
0
Views
4K
Brink
Brink
  • Article
System Create Dev Drive in Windows 11
Replies
6
Views
5K
Brink
Brink
  • Article
Virtualization Find File Path Location of Mounted ISO and IMG in Windows 11
Replies
3
Views
2K
Brink
Brink
  • Article
Virtualization Find Location Path of Mounted VHD and VHDX Virtual Disks in Windows 11
Replies
0
Views
2K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom