Recently, while upgrading Veeam to version 12.2, I encountered an issue that added approximately 45 minutes to the expected installation time. The delay wasn’t due to anything malfunctioning with Veeam itself; it was related to Windows Defender SmartScreen, the Antimalware Service Executable, and Windows Defender Advanced Threat Protection.
As many IT pros have likely experienced, Defender behaved exactly as it was supposed to—scanning every executable, ISO, and MSI during the installation. While this is standard security practice, it made the installation appear stalled when, in fact, it was simply processing as usual.
Here’s a breakdown of what happened and how to recognize and handle this behaviour:
Defender SmartScreen: Security First, But Slower Installs
Defender SmartScreen is an essential security layer to protect systems from malware, phishing attacks, and other malicious software. It screens and analyzes executables, installers, and ISOs for potential threats. During the Veeam 12.2 upgrade, SmartScreen attached itself to the ISO and MSI files, thoroughly scanning them before allowing the installation to continue.
This process isn’t immediate. Depending on system resources and the size of the files, it can take time for SmartScreen to finish its checks. This created the illusion that the installation was stalled when the installer waited for the all-clear from Defender before proceeding.
Antimalware Service Executable: Resource-Intensive Security Scans
The Antimalware Service Executable is another integral part of Windows Defender that provides real-time protection to your system. It can sometimes use many CPU and disk resources when scanning large files or complex software packages like Veeam.
During the upgrade, I noticed the service’s activity spiking multiple times as it scanned Veeam’s installation files. This behaviour added another layer of perceived delay, but like SmartScreen, it’s expected. Antimalware services are designed to be thorough, and depending on the system, this can slow down installation processes that involve multiple large files.
Windows Defender Advanced Threat Protection: A Final Line of Defense
Windows Defender Advanced Threat Protection (ATP) adds another layer of security by analyzing behaviour and looking for patterns of malicious activity during installation and execution. ATP was also running in the background during the Veeam 12.2 upgrade, scanning the installation process step by step.
The continuous monitoring of these services—SmartScreen, Antimalware Service Executable, and ATP—ensured that the system remained protected, but at the cost of added installation time. These processes attach to any executable or installer file, ensuring nothing suspicious is introduced into the system. For this Veeam upgrade, scans occurred at almost every step of the installation process, contributing to the prolonged timeline.
What You Can Do
While this delay was frustrating, it’s essential to understand that this is expected behaviour for Defender services, and nothing is broken. However, there are ways to mitigate future delays:
- Pre-scan ISOs and MSIs: Before installing, you can run manual scans on the files to reduce the likelihood of Defender performing lengthy scans.
- Temporarily disable real-time scanning: If you are confident in the integrity of the files, temporarily disabling real-time protection may speed up the installation process. Just ensure that you re-enable it afterward to maintain system security.
- Monitor installation: Keep the Task Manager open during installations to see whether the Antimalware Service Executable is working hard in the background. This can provide reassurance that the system isn’t stalled—just busy scanning.
In conclusion, the Veeam 12.2 upgrade took longer than expected due to Defender’s thorough scanning processes. It’s not an error or failure—just business as usual for modern security protocols. The key is recognizing the signs of a busy security suite and managing expectations accordingly.
Thanks,
Dave
