Microsoft Instructions for WSL Compatibility

[ECELeader 2]

In a post in October there was this issue with High CPU usage and slowdown when using WSL in Windows. A temporary solution to this problem was to exclude the folder "%userprofile%\AppData\Local\Packages\DISTRO_APP_NAME" from Eset Realtime Protection. This solution is not ideal though because ESET doesn't protect processes run in WSL mode.

I noticed that Microsoft has issued an article explaining how 3rd parties AVs and Firewalls like ESET should interact with WSL. Link: WSL Antivirus and Firewall Compatibility.

Are ESET's developers aware of this? Are there any plans to implement this in a future version? I know a lot of people that use WSL mainly for development purposes and such a feature would be appreciated by the programming community that use ESET.

Edited April 11, 2019 by ECELeader

[Marcos 5,074]

I'm not aware of any issues with WSL except the one in the linked topic. The best course of action would be to contact customer care so that the issue is investigated, tracked and possibly fixed if confirmed.

Support for WSL was added 1 or 2 years ago if I remember correctly.

[ECELeader 2]

5 hours ago, Marcos said:

I'm not aware of any issues with WSL except the one in the linked topic. The best course of action would be to contact customer care so that the issue is investigated, tracked and possibly fixed if confirmed.

Support for WSL was added 1 or 2 years ago if I remember correctly.

Thank you for your response! There is a new type of malware called Bashware that takes advantage of the WSL. See here and here. I have two important questions:

1) By excluding the folder of WSL app, is ESET still protecting from such type of attacks mentioned above?

2) Is ESET following Microsoft guidelines and instructions, specified in the Microsoft article regarding Pico Processes such as WSL?

A reassurance by ESET development team would be great to know if ESET products are implementing and following the Microsoft standards mentioned in the article. If yes, since which version is the feature supported?

Edited April 11, 2019 by ECELeader

[itman 1,659]

A while back I created a HIPS rule to block loading of lxcore.sys and lxss.sys drivers plus a HIPS rule to prevent enabling of Developer mode to prevent bashware.

[ECELeader 2]

1 minute ago, itman said:

A while back I created a HIPS rule to block loading of lxcore.sys and lxss.sys drivers plus a HIPS rule to prevent enabling of Developer mode to prevent bashware.

Well the thing is I don't want to block lxcore.sys and lxss.sys drivers because I actively use WSL on a daily basis. I want to use WSL while still be protected from threats like Bashware.