Anti-Virus Solution Security | Vulnerability Scans and Assessment Windows

How to Configure and validate exclusions for Microsoft Defender Antivirus scans

Feature-image-1
Configure and Validate Exclusions for Microsoft Defender Antivirus Scans

Windows Defender Antivirus is the default anti-malware engine on Windows, and it protects your device and data against viruses, rootkits, ransomware, and other security threats. Although the built-in Windows antivirus performs well on the whole, it may flag a file or folder that you trust as harmful. If you wish to avoid this sort of behavior, Windows Defender Antivirus has a setting that allows you to exclude files and folders, as well as file types and processes, from being examined and blocked. Such exclusions apply to scheduled scans, on-demand scans, and always-on real-time protection and monitoring.

Here are other related guides: How to find and remove Malware with Microsoft Defender Offline, How to turn on Windows 10 Tamper Protection for Microsoft Defender, Microsoft Endpoint Manager: How to manage Microsoft Defender Antivirus with Group Policy and Microsoft Malware Protection via the Command Line Utility, and Smart App Control and how to enable Phishing Protection: Windows 11 New Security Features.

In this guide, we’ll walk you through how to configure and exclude particular files, file types, folders, and processes from Windows Defender Antivirus scans.

Some Guidelines for defining exclusions

The following are some considerations that Microsoft advises you to bear in mind while defining exclusions:

  • When defining exclusions, take into account all of your possibilities. Other approaches include just ensuring that the excluded location has the required access-control lists (ACLs) or initially setting policies to audit mode.
  • Periodically review the exclusions. As part of your review process, double-check and reinforce mitigations.
  • Exclusions should only be used for specific reasons, such as performance or program compatibility, when exclusions might help.

The following table lists some examples of exclusions based on file extension and folder location.

ExclusionExamplesExclusion list
Any file with a specific extensionAll files with the specified extension, anywhere on the machine.Valid syntax: .test and testExtension exclusions
Any file under a specific folderAll files under the c:\test\sample folderFile and folder exclusions
A specific file in a specific folderThe file c:\sample\sample.test onlyFile and folder exclusions
A specific processThe executable file c:\test\process.exeFile and folder exclusions
Table source: Learn.microsoft.com

Ways to Configure and validate exclusions

Method 1: Add Exclusions to Microsoft Defender Antivirus in Windows Security

Press the Windows + I keys together to open the Settings menu. Select Privacy and Security, and choose Windows Security on the right pane.

image1-2
Settings

Under Windows Security, select the Open Windows Security option.

image2-2
Opening Windows Security in Settings

In Windows Security, click Virus and Threat Protection.

image3-2
Virus & Threat Protection

Click on the Manage settings link under Virus & threat protection settings.

image4-3
Windows Security

Click on the “Add or remove exclusions” link under the Virus & threat protection settings. If prompted by UAC, click Yes.

image5-2


Click Add an exclusion and specify what type of exclusion (file, Folder, File type, Process) you want to add.

image6-1
Windows Security: Exclusions

How to Remove Exclusions from Microsoft Defender Antivirus in Windows Security

If you no longer want to exclude a certain item from the Windows Defender scans, you can easily remove it by going to the Add or remove exclusions link under Virus & threat protection settings.

image5-2
Remove exclusions


Click on an added extension you want to remove to expand it open and click Remove.

image8-1
Added extension removed.

Method 2: Use Group Policy Editor to configure folder or file extension exclusions

If you provide a fully qualified path to a file, just that file is excluded. If a folder is specified in the exclusion, all files and subdirectories inside that folder are excluded.

For Folder Extension Exclusion:

To open the Local Group Policy Editor, press the Win+R keys together to launch the Run dialog box, type gpedit.msc and press the Enter button.

image1-3
Run dialog box

In the Group Policy Management Editor go to: Computer Configuration > Administrative Templates > Windows Components

Expand the tree to Microsoft Defender Antivirus > Exclusions. On the right pane, double-click to open the Path Exclusions setting for editing.

image9
Local Group Policy editor

Set the option to “Enabled.” And under the Options section, select Show.

image10
Path Exclusions

Specify each folder on its own line under the Value name column.

image11-1
Path Exclusions Settings

Enter 0 in the Value column and click OK.

For File Extension Exclusion:

If you are specifying a file, ensure that you enter a fully qualified path to the file, including the drive letter, folder path, file name, and extension.

Next, double-click to open the Extension Exclusions setting for editing and add your exclusions.

image12
Extension Exclusions

Set the option to Enabled and, under the Options section, select Show.

image14
Extension Exclusions Settings

Enter each file extension on its own line under the Value name column.

image13
Extension Exclusions Settings

Enter 0 in the Value column and click OK.

Method 3: Add or Remove File Exclusion for Microsoft Defender Antivirus in PowerShell

To open the PowerShell, launch the Start menu and search for PowerShell

To add file exclusion, enter the following command:​

Add-MpPreference -ExclusionPath "<Full path of file>" -Force​
For example:
Add-MpPreference -ExclusionPath " C:\Windows\Fonts" -Force

To remove file exclusion, enter the following command:​

Remove-MpPreference -ExclusionPath "<Full path of file>" -Force​
For example:

Remove-MpPreference -ExclusionPath " C:\Windows\Fonts" -Force

You can use PowerShell commands to do the same thing for every other exclusion type you want to exclude.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x