How to change location of temp file used by Hyper-...

dwr0805 · ‎01-25-2024

I have the Hyper-V add-on installed and configured on the servers hosting Hyper-VMs, but McAfee (Trellix) Endpoint Security is blocking the creation of executable files to be run within the Windows directory. It appears a dll is being created by PowerShell.exe as part of the add-on and the ‘Access Protection’ component of McAfee sees this as a threat and blocks it. If I disable Access Protection or add PowerShell.exe to the exclusion list within McAfee, then the add-on creates a tmp file (but no visiable dll) and the configured logs are available within Splunk Enterprise. I do not want to do either of these options with McAfee and would instead prefer to change the location used by the Hyper-V add-on to be outside the Windows directory and therefore would not be considered a threat. Is this possible, or is there a better way?

dwr0805 · ‎01-25-2024

The Hyper-V add-on is using C:\Window\Temp folder as the location I want to change from.

How to change location of temp file used by Hyper-V add-on

troubleshooting

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?

How to change location of temp file used by Hyper-V add-on

troubleshooting

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console