Exclude Files or Folders from Microsoft Defender Scan using Intune

Let’s learn How to Exclude Files or Folders from Microsoft Defender Scan using Intune Antimalware Policy. The present discourse aims to elucidate the process of setting up the Microsoft Defender exclusion and deploying the Antivirus Policy to the Security group.

Microsoft Defender Antivirus is a robust security solution that helps protect Windows devices from malware and other security threats. On the other hand, Intune is a cloud-based service provided by Microsoft that enables organizations to manage and secure their devices and applications.

Establishing customized exclusions for Microsoft Defender Antivirus may not generally be essential. However, it is possible to exclude files, folders, processes, and process-opened files from undergoing scans if necessary. This article explains creating custom exclusions for Microsoft Defender Antivirus using Microsoft Intune.

These custom exclusions may be configured to fine-tune the antivirus program’s scan settings according to specific requirements. The exclusion criteria should be chosen with utmost care, as they could potentially lead to the omission of a security threat.

Patch My PC

Important Points about Exclusions in Microsoft Defender

Here are some important points to remember about exclusions in Microsoft Defender. Exclusions can be a useful tool for managing security in Microsoft Defender, but they should be used cautiously and carefully, considering the potential risks and benefits.

It is also important to note that exclusions may have unintended consequences, such as allowing malware to bypass detection. As such, it is recommended that you regularly review and update your exclusions to ensure that they are still necessary and appropriate.

Adaptiva
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 1
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 1

Exclusions added to the exclusion list can prevent Microsoft Defender Antivirus from blocking, inspecting, or remediating related events, files, folders, or processes. Implementing a process exclusion on any platform can impede network protection capabilities and Advanced Threat Protection (ATP) features from inspecting the traffic of the excluded process, hence rendering the enforcement of security policies and rules ineffective for that particular process.

It’s best not to define exclusions in advance as a proactive measure. Instead, use exclusions only for specific issues related to performance or application compatibility that exclusions can help alleviate. Avoid excluding anything because of potential problems in the future. Your security team must document why an exclusion was added to prevent confusion and provide specific answers to questions.

Create an Antivirus Policy with Exclusions in Intune

Let’s learn how to Create a new Antivirus Policy with Exclusions in Microsoft Intune for Windows devices and deploy the Antivirus Policy to the Security group.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 2
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 2

When you click Create Policy, a new window will open. In Platform, select Windows 10, Windows 11, and Windows Server.

PlatformProfile Type
Windows 10, Windows 11, and Windows ServerMicrosoft Defender Antivirus exclusions
Exclude Files or Folders from Microsoft Defender Scan using Intune Table.1

Select Profile Type as Microsoft Defender Antivirus exclusions, and Click on Create.

NOTE! This template allows you to manage settings for Microsoft Defender Antivirus that define Antivirus exclusions for paths, extensions and processes. Antivirus exclusion are also managed by Microsoft Defender Antivirus policy, which includes identical settings for exclusions. Settings from both templates (Antivirus and Antivirus exclusions) are subject to policy merge, and create a super set of exclusions for applicable devices and users.

Navigate to the Basics tab and input the profile’s Name and Description. Click Next to proceed.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 3
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 3

On the Configuration settings page, expand Defender settings, and configure the settings you want to manage with this profile. When you navigate to the Configuration settings page, you will find three different options to choose from. In this example, I will configure Excluded Paths. This allows an administrator to specify a list of directory paths to ignore during a scan.

Configuration settings Description
Excluded Extensions Exclusions that you define by file type extension
Excluded Paths Exclusions that you define by their location (path)
Excluded ProcessesExclusions for files that are opened by certain processes
Exclude Files or Folders from Microsoft Defender Scan using Intune Table.2

Each path in the list must be separated by a |, for example, C: Example | C: Example1. I am excluding two test folders in my example. Don’t forget to replace the folder name that needs to be excluded from Microsoft Defender Scan. When you are done Configuring settings, review the settings and Click Next to go further.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 4
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 4

On the Scope tags page, Add the Scope tags if you wish and click Next to assign the policy to computers. I will deploy it to the HTMD – Test Computers Group. When you check in with Intune service, your devices will receive your policy settings.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 5
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 5

On the Review + Create page, carefully review all your defined settings. Once you’ve confirmed everything is correct, select Save to implement the changes.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 6
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 6

Once the policy is created, you will receive a confirmation in the top right corner. The new profile is now visible in the policy type list, where you can select it.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 7
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 7

Monitor Antivirus Policy Deployment from the Intune

The Antivirus Policy is deployed to Azure AD groups. Let’s see how we can monitor the deployment and status of installation from the Intune portal. To monitor the Intune policy assignment, follow these steps:

  • Navigate to the list of Antivirus Policies and select the policy you targeted.
  • Check the device and user check-in status from here.
  • If you click “View Report,” you can see additional details.
Exclude Files or Folders from Microsoft Defender Scan using Intune 1
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 8

End User Experience after Exclude Files or Folders

Let’s learn the End User Experience After Deploying the Exclusion Policy and how to Monitor Antivirus Policy Deployment from the Windows Client Side. Using different methods, we can Monitor Antivirus Policy Deployment from the Windows Client Side.

You can use the below PowerShell command to check the Exclusion Policy.

Get-MpPreference | Select-Object -expand ExclusionPath

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 9
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 9

You can see the Microsoft Defender Excluded paths in the registry path below.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 10
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 10

In Windows 10 or 11 devices, In the search box, type Windows Security and then select Windows Security in the results list. Scroll down to the Virus & Threat Protection settings and select Manage settings to view the Exclusions.

Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 11
Exclude Files or Folders from Microsoft Defender Scan using Intune Fig. 11

Thank you for your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click hereHTMD WhatsApp.

Author

About Author – Sujin Nelladath has over 10 years of experience in SCCM device management and Automation solutions. He writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.