This tutorial will show you how to enable or disable Dev Drive protection using Microsoft Defender Antivirus protection mode in Windows 11.
Microsoft introduced Dev Drive starting with Windows 11 build 22621.2338.
Dev Drive is a new form of storage volume available to improve performance for key developer workloads. Dev Drive is built upon Resilient File System (ReFS) technology and includes file system optimizations and features that provide more control over storage volume settings and security, including trust designation, antivirus configuration, and administrative control over what filters are attached. It has been designed to meet a developer’s needs to host project source code, working folders, and package caches. It is not designed for general consumer workloads such as document libraries, installing packaged applications or non-developer tools.
By default, to give the best possible performance, creating a Dev Drive automatically grants trust in the new volume. A trusted Dev Drive volume causes real-time protection to run in a special asynchronous “performance mode” for that volume. Running performance mode provides a balance between threat protection and performance. The balance is achieved by deferring security scans until after the open file operation has completed, instead of performing the security scan synchronously while the file operation is being processed. This mode of performing security scans inherently provides faster performance, but with less protection. However, enabling performance mode provides significantly better protection than other performance tuning methods such as using folder exclusions, which block security scans altogether.
The following table summarizes performance mode synchronous and asynchronous scan behavior.
Performance mode state | Scan type | Description | Summary |
---|---|---|---|
Not enabled (Off) | Synchronous (Real-time protection) | Opening a file initiates a Real-time protection scan. | Open now, scan now. |
Enabled (On) - default | Asynchronous | File open operations are scanned asynchronously. | Open now, scan later. |
An untrusted Dev Drive doesn't have the same benefits as a trusted Dev Drive. Security runs in synchronous, Real-time protection mode when a Dev Drive is untrusted. Real-time protection scans may impact performance.
For performance mode to be enabled, the Dev Drive must be designated as trusted and Microsoft Defender Real-time protection must be set to "On".
Starting with Windows 11 build 25931 (Canary), you can now enable or disable performance mode for Dev Drive protection in Windows Security.
References:
Set up a Dev Drive on Windows 11
Learn about the new Dev Drive storage available to improve file system performance for development scenarios using the ReFS volume format, including how to set it up, designate trust to use performance mode for Microsoft Defender Antivirus, customized filters, and FAQs.
learn.microsoft.com
Protect Dev Drive using performance mode - Microsoft Defender for Endpoint
Learn how to manage, configure, Microsoft Defender Antivirus performance mode for developers who use Dev Drive.
learn.microsoft.com
You must be signed in as an administrator to enable or disable performance mode for Dev Drive protection.
Here's How:
1 Open Windows Security.
2 Click/tap on Virus & threat protection. (see screenshot below)
3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)
4 Turn On (default) or Off Dev Drive protection for what you want. (see screenshot below)
Dev Drive protection will be grayed out and disabled if Real-time protection is not turned on.
The registry key and DWORD value for the Dev Drive protection setting is located below for reference, but you will not be allowed to manually change it.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
DisableAsyncScanOnOpen DWORD
0 = On
1 = Off
5 You can now close Windows Security if you like.
That's it,
Shawn Brink
Last edited: