Jump to content
ECELeader

Microsoft Instructions for WSL Compatibility

Recommended Posts

Posted (edited)

In a post in October there was this issue with High CPU usage and slowdown when using WSL in Windows. A temporary solution to this problem was to exclude the folder "%userprofile%\AppData\Local\Packages\DISTRO_APP_NAME" from Eset Realtime Protection. This solution is not ideal though because ESET doesn't protect processes run in WSL mode.

I noticed that Microsoft has issued an article explaining how 3rd parties AVs and Firewalls like ESET should interact with WSL. Link: WSL Antivirus and Firewall Compatibility.

Are ESET's developers aware of this? Are there any plans to implement this in a future version? I know a lot of people that use WSL mainly for development purposes and such a feature would be appreciated by the programming community that use ESET.

Edited by ECELeader

Share this post


Link to post
Share on other sites

I'm not aware of any issues with WSL except the one in the linked topic. The best course of action would be to contact customer care so that the issue is investigated, tracked and possibly fixed if confirmed.

Support for WSL was added 1 or 2 years ago if I remember correctly.

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, Marcos said:

I'm not aware of any issues with WSL except the one in the linked topic. The best course of action would be to contact customer care so that the issue is investigated, tracked and possibly fixed if confirmed.

Support for WSL was added 1 or 2 years ago if I remember correctly.

Thank you for your response! There is a new type of malware called Bashware that takes advantage of the WSL. See here and here. I have two important questions:

1) By excluding the folder of WSL app, is ESET still protecting from such type of attacks mentioned above?

2) Is ESET following Microsoft guidelines and instructions, specified in the Microsoft article regarding Pico Processes such as WSL?

A reassurance by ESET development team would be great to know if ESET products are implementing and following the Microsoft standards mentioned in the article. If yes, since which version is the feature supported?

Edited by ECELeader

Share this post


Link to post
Share on other sites

A while back I created a HIPS rule to block loading of lxcore.sys and lxss.sys drivers plus a HIPS rule to prevent enabling of Developer mode to prevent bashware.

Share this post


Link to post
Share on other sites
1 minute ago, itman said:

A while back I created a HIPS rule to block loading of lxcore.sys and lxss.sys drivers plus a HIPS rule to prevent enabling of Developer mode to prevent bashware.

Well the thing is I don't want to block lxcore.sys and lxss.sys drivers because I actively use WSL on a daily basis. I want to use WSL while still be protected from threats like Bashware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...