Merge pull request #1495 from MicrosoftDocs/main

Publish main to live, 9/30/24, 3:30 pm

Author: garycentric

.github/workflows/Stale.yml

@@ -0,0 +1,19 @@
+name: (Scheduled) Mark stale pull requests
+
+permissions:
+  issues: write
+  pull-requests: write
+
+on:
+  schedule:
+  - cron: "0 */6 * * *"
+  workflow_dispatch:
+
+jobs:
+  stale:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-Stale.yml@workflows-prod
+    with:
+      RunDebug: false
+      RepoVisibility: ${{ github.repository_visibility }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}

defender-endpoint/microsoft-defender-endpoint-antivirus-performance-mode.md

@@ -4,8 +4,8 @@ description: Learn how to manage, configure, Microsoft Defender Antivirus perfor
 ms.service: defender-endpoint
 ms.localizationpriority: high
 ms.topic: conceptual
-author: yongrhee-MSFT
-ms.author: yongrhee
+author: denisebmsft
+ms.author: deniseb
 ms.reviewer: pricci, yongrhee
 manager: deniseb
 ms.custom: nextgen02
@@ -14,7 +14,7 @@ ms.collection:
 - m365-security
 - tier2
 search.appverid: met150
-ms.date: 05/29/2024
+ms.date: 09/30/2024
 ---
 
 # Protect Dev Drive using performance mode
@@ -40,6 +40,17 @@ Performance mode is now available on Windows 11 as a new Microsoft Defender Anti
 
 It's important to note that performance mode can run only on Dev Drive. Additionally, real-time protection must be turned on for performance mode to function. Enabling this feature on a Dev Drive doesn't change standard real-time protection running on volumes with operating systems or other volumes formatted FAT32 or NTFS.
 
+### Microsoft Defender Antivirus requirements for performance mode
+
+1. Review the requirements that are specific to Dev Drive. See [Set up a Dev Drive on Windows 11](/windows/dev-drive).
+
+1. Make sure Microsoft Defender Antivirus is up to date. 
+
+   - Microsoft Defender Antivirus needs to be primary
+   - Real-time protection is turned on
+   - Antimalware platform version: `4.18.2303.8` (or later)
+   - Antimalware security intelligence version: `1.385.1455.0` (or later)
+
 ### Dev Drive
 
 Dev Drive is a new form of storage volume available to improve performance for key developer workloads. It builds on ReFS technology to employ targeted file system optimizations and provide more control over storage volume settings and security, including trust designation, antivirus configuration, and administrative control over which filters are attached.
@@ -51,8 +62,7 @@ For more information about Dev Drive, see: [Set up a Dev Drive on Windows 11](/w
 By default, to give the best possible performance, creating a Dev Drive automatically grants trust in the new volume. A _trusted_ Dev Drive volume causes real-time protection to run in a special _asynchronous_ performance mode for that volume. Running performance mode provides a balance between threat protection and performance. The balance is achieved by deferring security scans until after the _open file_ operation has completed, instead of performing the security scan synchronously while the file operation is being processed. This mode of performing security scans inherently provides faster performance, but with less protection. However, enabling performance mode provides significantly better protection than other _performance tuning_ methods such as using folder exclusions, which block security scans altogether.
 
 > [!NOTE]
-> To enable performance mode, real-time protection must be turned on.
-
+> Does not apply for high cpu or high memory usage in Microsoft Defender Antivirus service (MsMpEng.exe or WinDefend or Antimalware Service Executable).  If you are troubleshooting a high cpu usage, instead use the Microsoft Defender Antivirus [Performance Analyzer](/defender-endpoint/tune-performance-defender-antivirus) to narrow down to the hot processes/paths and add them to the exclusions.  Tip: Use [Contextual exclusions](/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus) to target real-time protection (RTP).
 The following table summarizes performance mode synchronous and asynchronous scan behavior.
 
 | Performance mode state | Scan type | Description | Summary |
@@ -62,16 +72,6 @@ The following table summarizes performance mode synchronous and asynchronous sca
 
 An _untrusted_ Dev Drive doesn't have the same benefits as a _trusted_ Dev Drive. Security runs in synchronous, real-time protection mode when a Dev Drive is _untrusted_. Real-time protection scans can affect performance.
 
-## Microsoft Defender Antivirus requirements for performance mode
-
-1. Review the requirements that are specific to Dev Drive. See [Set up a Dev Drive on Windows 11](/windows/dev-drive).
-
-2. Make sure Microsoft Defender Antivirus is up to date. 
-
-   - Antimalware platform version: `4.18.2303.8` (or later)
-   - Antimalware security intelligence version: `1.385.1455.0` (or later)
-   - Real-time protection is turned on
-
 ## Manage performance mode
 
 1. Performance mode can only run on a *trusted* Dev Drive and is enabled by default when a new Dev Drive is created. For more information, see [Understanding security risks and trust in relation to Dev Drive](/windows/dev-drive#understanding-security-risks-and-trust-in-relation-to-dev-drive).
@@ -119,7 +119,7 @@ To verify that Dev Drive and Defender Performance Mode is enabled, follow these
 
 1. In the Windows Security App, go to **Virus & threat Protection settings** > **Manage settings**, and verify that Dev Drive protection is enabled.
 
-   :::image type="content" alt-text="Screenshot of Defender_Performance_Mode_02." source="media/microsoft-defender-endpoint-antivirus-performance-mode/defender-performance-mode-02.png":::
+   :::image type="content" alt-text="Screenshot of Defender_Performance_Mode_02." source="media/microsoft-defender-endpoint-antivirus-performance-mode/defender-performance-mode-02.png" lightbox="media/microsoft-defender-endpoint-antivirus-performance-mode/defender-performance-mode-02.png":::
 
 2. Select **See volumes**.