Privacy and Security Enable or Disable Performance Mode for Dev Drive Protection in Windows 11


DevDrive_banner.png

This tutorial will show you how to enable or disable Dev Drive protection using Microsoft Defender Antivirus protection mode in Windows 11.

Microsoft introduced Dev Drive starting with Windows 11 build 22621.2338.

Dev Drive is a new form of storage volume available to improve performance for key developer workloads. Dev Drive is built upon Resilient File System (ReFS) technology and includes file system optimizations and features that provide more control over storage volume settings and security, including trust designation, antivirus configuration, and administrative control over what filters are attached. It has been designed to meet a developer’s needs to host project source code, working folders, and package caches. It is not designed for general consumer workloads such as document libraries, installing packaged applications or non-developer tools.

By default, to give the best possible performance, creating a Dev Drive automatically grants trust in the new volume. A trusted Dev Drive volume causes real-time protection to run in a special asynchronousperformance mode” for that volume. Running performance mode provides a balance between threat protection and performance. The balance is achieved by deferring security scans until after the open file operation has completed, instead of performing the security scan synchronously while the file operation is being processed. This mode of performing security scans inherently provides faster performance, but with less protection. However, enabling performance mode provides significantly better protection than other performance tuning methods such as using folder exclusions, which block security scans altogether.

The following table summarizes performance mode synchronous and asynchronous scan behavior.

Performance mode state​
Scan type​
Description​
Summary​
Not enabled (Off)Synchronous
(Real-time protection)
Opening a file initiates a Real-time protection scan.Open now, scan now.
Enabled (On) - defaultAsynchronousFile open operations are scanned asynchronously.Open now, scan later.

An untrusted Dev Drive doesn't have the same benefits as a trusted Dev Drive. Security runs in synchronous, Real-time protection mode when a Dev Drive is untrusted. Real-time protection scans may impact performance.

For performance mode to be enabled, the Dev Drive must be designated as trusted and Microsoft Defender Real-time protection must be set to "On".

Starting with Windows 11 build 25931 (Canary), you can now enable or disable performance mode for Dev Drive protection in Windows Security.

References:

You must be signed in as an administrator to enable or disable performance mode for Dev Drive protection.




Here's How:

1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Dev_Drive_protection-1.png

3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

Dev_Drive_protection-2.png

4 Turn On (default) or Off Dev Drive protection for what you want. (see screenshot below)

Dev Drive protection will be grayed out and disabled if Real-time protection is not turned on.


The registry key and DWORD value for the Dev Drive protection setting is located below for reference, but you will not be allowed to manually change it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection

DisableAsyncScanOnOpen DWORD

0 = On
1 = Off


Dev_Drive_protection-3.png

5 You can now close Windows Security if you like.


That's it,
Shawn Brink


 
Last edited:

Latest Support Threads

Back
Top Bottom