{"id":30868,"date":"2025-06-08T13:04:00","date_gmt":"2025-06-08T13:04:00","guid":{"rendered":"https:\/\/endusersupports.com\/?p=30868"},"modified":"2026-05-03T14:50:24","modified_gmt":"2026-05-03T14:50:24","slug":"how-to-create-exclusion-policy-in-defender-for-endpoint","status":"publish","type":"post","link":"https:\/\/endusersupports.com\/index.php\/2025\/06\/08\/how-to-create-exclusion-policy-in-defender-for-endpoint\/","title":{"rendered":"How to create exclusion policy in Defender for endpoint"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\u00a0How to create exclusion in Defender for Endpoint<\/b><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
What is Exclusions<\/h6>
  1. Exclusions used to exclude Extensions, Process, and Paths from the Microsoft Defender Scans.<\/li>
  2. Exclusions apply to scheduled scans<\/a><\/b>,\u00a0on-demand scans<\/a><\/b>, and\u00a0always-on real-time protection<\/a><\/b> and <\/a>monitoring<\/a><\/b>.<\/li>
  3. Exclusions for process-opened files only apply to real-time protection.<\/li>
  4. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.<\/li><\/ol>
    Exclusions Types<\/h6>

    \"\"<\/p>

    Wildcards in Exclusions<\/h6>

    Wildcard<\/b><\/p><\/td>

    Where <\/b><\/p><\/td>

    Examples<\/b><\/p><\/td><\/tr>

    * (asterisk)<\/p><\/td>

    File Extension<\/p><\/td>

    \u00a0C:\\MyData\\*.txt\u00a0
    \u00a0Includes\u00a0C:\\MyData\\notes.txt<\/p><\/td><\/tr>

    Folder name<\/p><\/td>

    \u00a0C:\\somepath\\*\\Data
    \u00a0Includes any file in C:\\somepath\\Archives\\Data
    \u00a0and its subfolders, and C:\\somepath\\Authorized\\Data\u00a0<\/p>

    \u00a0and its subfolders<\/p><\/td><\/tr>

    \u00a0In folder exclusions – Use multiple * with\u00a0\u00a0 folder slashes \\ to indicate multiple nested folders.<\/p><\/td>

    \u00a0C:\\Serv\\*\\*\\Backup
    \u00a0Includes any file in C:\\Serv\\Primary\\Denied\\Backup
    \u00a0and its subfolders, and C:\\Serv\\Secondary\\Allowed\\Backup
    \u00a0and its subfolders<\/p><\/td><\/tr><\/tbody><\/table>

    Wildcard<\/b><\/p><\/td>

    Where <\/b><\/p><\/td>

    Examples<\/b><\/p><\/td><\/tr>

    ? (question mark)<\/p><\/td>

    File Extension<\/p><\/td>

    \u00a0C:\\MyData\\my?.zip
    \u00a0Includes<\/b>\u00a0C:\\MyData\\my1.zip<\/p><\/td><\/tr>

    Folder name<\/p><\/td>

    \u00a0C:\\somepath\\?\\Data
    \u00a0Includes any file in C:\\somepath\\P\\Data
    \u00a0and its subfolders<\/p><\/td><\/tr>

    In folder exclusions – Use multiple * with folder slashes \\ to indicate multiple nested folders.<\/p><\/td>

    \u00a0C:\\somepath\\test0?\\Data
    \u00a0Includes any file in C:\\somepath\\test01\\Data
    \u00a0and its subfolders<\/p><\/td><\/tr><\/tbody><\/table>

    System Environment variable<\/b><\/p><\/td>

    Redirects to this<\/b><\/p><\/td><\/tr>

    %APPDATA%<\/p><\/td>

    C:\\Windows\\system32\\config\\systemprofile\\Appdata\\Roaming<\/p><\/td><\/tr>

    %APPDATA%\\Microsoft<\/p><\/td>

    C:\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\Microsoft<\/p><\/td><\/tr>

    %LOCALAPPDATA%<\/p><\/td>

    C:\\Windows\\System32\\config\\systemprofile\\AppData\\Local<\/p><\/td><\/tr>

    %ProgramData%<\/p><\/td>

    C:\\ProgramData<\/p><\/td><\/tr>

    %ProgramFiles%<\/p><\/td>

    C:\\Program Files<\/p><\/td><\/tr>

    %ProgramFiles%\\Common Files<\/p><\/td>

    C:\\Program Files\\Common Files<\/p><\/td><\/tr>

    %ProgramFiles(x86)%<\/p><\/td>

    C:\\Program Files (x86)<\/p><\/td><\/tr>

    %SystemDrive%<\/p><\/td>

    C:<\/p><\/td><\/tr>

    %SystemDrive%\\Program Files<\/p><\/td>

    C:\\Program Files<\/p><\/td><\/tr>

    %SystemRoot%<\/p><\/td>

    C:\\Windows<\/p><\/td><\/tr>

    %windir%<\/p><\/td>

    C:\\Windows<\/p><\/td><\/tr>

    %windir%\\Fonts<\/p><\/td>

    C:\\Windows\\Fonts<\/p><\/td><\/tr>

    %ALLUSERSPROFILE%<\/p><\/td>

    C:\\ProgramData<\/p><\/td><\/tr>

    %PUBLIC%<\/p><\/td>

    C:\\Users\\Public<\/p><\/td><\/tr>

    %USERPROFILE%<\/p><\/td>

    C:\\Windows\\system32\\config\\systemprofile<\/p><\/td><\/tr><\/tbody><\/table>

    Steps to create Exclusion policy<\/strong><\/p>

    Follow the below steps to create exclusion policy.<\/p>

    Login to Intune and Click on Endpoint Security\u00a0<\/strong>then Antivirus <\/strong>and now click on Create Policy <\/strong>as showing in screenshot.\u00a0<\/p>

    \"\"<\/p>

    Enter the Exclusion policy name.<\/p>

    \"\"<\/p>

    Enter the exclusions details.<\/p>

    \"\"<\/p>

    Select the group name where you want to deploy the policy.<\/p>

    \"\"<\/p>

    Now review the policy and validate that everything looks OK and click on create.<\/p>

    \"\"<\/p>

    Check the exclusion policy created.<\/p>

    \"\"<\/p>

    Open the policy and check the deployment status.<\/p>

    \"\"<\/p>

    Validate that Exclusions is applied on device.<\/p>

    Open PowerShell with admin and use the below command.<\/p>

    \u00a0$<\/i>WDAVprefs<\/i> = <\/i>Get-<\/i>MpPreference<\/i><\/p>

    \u00a0$<\/i>WDAVprefs.ExclusionExtension<\/i><\/p>

    \u00a0$<\/i>WDAVprefs.ExclusionPath<\/i><\/p><\/blockquote>

    \"\"<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    \u00a0How to create exclusion in Defender for Endpoint What is Exclusions Exclusions used to exclude Extensions, Process, and Paths from the Microsoft Defender Scans. Exclusions apply to scheduled scans,\u00a0on-demand scans, and\u00a0always-on real-time protection and monitoring. Exclusions for process-opened files only apply to real-time protection. You should always evaluate the risks that are associated with implementing […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[],"class_list":["post-30868","post","type-post","status-publish","format-standard","hentry","category-defender-for-endpoint"],"views":12,"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/comments?post=30868"}],"version-history":[{"count":27,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30868\/revisions"}],"predecessor-version":[{"id":30906,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/posts\/30868\/revisions\/30906"}],"wp:attachment":[{"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/media?parent=30868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/categories?post=30868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/endusersupports.com\/index.php\/wp-json\/wp\/v2\/tags?post=30868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}