Sun. May 3rd, 2026

Defender for Endpoint

How to create exclusion policy in Defender for endpoint

ByHarvansh Singh - Admin

Jun 8, 2025

How to create exclusion in Defender for Endpoint

What is Exclusions

Exclusions used to exclude Extensions, Process, and Paths from the Microsoft Defender Scans.
Exclusions apply to scheduled scans, on-demand scans, and always-on real-time protection and monitoring.
Exclusions for process-opened files only apply to real-time protection.
You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.

Exclusions Types

Wildcards in Exclusions

Wildcard	Where	Examples
* (asterisk)	File Extension	C:\MyData\*.txt Includes C:\MyData\notes.txt
	Folder name	C:\somepath\*\Data Includes any file in C:\somepath\Archives\Data and its subfolders, and C:\somepath\Authorized\Data and its subfolders
	In folder exclusions – Use multiple * with folder slashes \ to indicate multiple nested folders.	C:\Serv\\\Backup Includes any file in C:\Serv\Primary\Denied\Backup and its subfolders, and C:\Serv\Secondary\Allowed\Backup and its subfolders

Wildcard	Where	Examples
? (question mark)	File Extension	C:\MyData\my?.zip Includes C:\MyData\my1.zip
	Folder name	C:\somepath\?\Data Includes any file in C:\somepath\P\Data and its subfolders
	In folder exclusions – Use multiple * with folder slashes \ to indicate multiple nested folders.	C:\somepath\test0?\Data Includes any file in C:\somepath\test01\Data and its subfolders

System Environment variable	Redirects to this
%APPDATA%	C:\Windows\system32\config\systemprofile\Appdata\Roaming
%APPDATA%\Microsoft	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft
%LOCALAPPDATA%	C:\Windows\System32\config\systemprofile\AppData\Local
%ProgramData%	C:\ProgramData
%ProgramFiles%	C:\Program Files
%ProgramFiles%\Common Files	C:\Program Files\Common Files
%ProgramFiles(x86)%	C:\Program Files (x86)
%SystemDrive%	C:
%SystemDrive%\Program Files	C:\Program Files
%SystemRoot%	C:\Windows
%windir%	C:\Windows
%windir%\Fonts	C:\Windows\Fonts
%ALLUSERSPROFILE%	C:\ProgramData
%PUBLIC%	C:\Users\Public
%USERPROFILE%	C:\Windows\system32\config\systemprofile

Steps to create Exclusion policy

Follow the below steps to create exclusion policy.

Login to Intune and Click on Endpoint Security then Antivirus and now click on Create Policy as showing in screenshot.

Enter the Exclusion policy name.

Enter the exclusions details.

Select the group name where you want to deploy the policy.

Now review the policy and validate that everything looks OK and click on create.

Check the exclusion policy created.

Open the policy and check the deployment status.

Validate that Exclusions is applied on device.

Open PowerShell with admin and use the below command.

$WDAVprefs = Get-MpPreference
$WDAVprefs.ExclusionExtension
$WDAVprefs.ExclusionPath

By Harvansh Singh - Admin

Related Post

Defender for Endpoint MEM

Defender Local Firewall Logs Reader

Jan 14, 2026 Harvansh Singh - Admin

Defender for Endpoint MEM

Self-healing Automation to update the Virus Definition

Dec 29, 2025 Harvansh Singh - Admin

Defender for Endpoint

How to Setup Microsoft Defender for Endpoints Account

May 4, 2025 Harvansh Singh - Admin

You missed

Configure Microsoft Defender Antivirus Policy

May 3, 2026 Harvansh Singh - Admin

Microsoft 365 E7 – The Frontier Suite

Mar 13, 2026 Harvansh Singh - Admin

Automate the Defender Antivirus Health Status Report

Jan 19, 2026 Harvansh Singh - Admin

Defender for Endpoint MEM

Defender Local Firewall Logs Reader

Jan 14, 2026 Harvansh Singh - Admin