• Install & Activate
  • Troubleshooting
BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support
  • Install & Activate
  • Troubleshooting

Common mistakes to avoid when defining exclusions (Microsoft)

/Download, Install & Active / Microsoft / Download, Install & Active / Microsoft / Microsoft Endpoint / Common mistakes to avoid when defining exclusions (Microsoft)
  • December 24, 2021
  • BEST Antivirus Staff 2
  • Microsoft / Microsoft Endpoint

Contents

  1. Excluding certain trusted items
    1. Folder locations
      1. Linux and macOS Platforms
    2. File extensions
    3. Processes
      1. Linux and macOS Platforms
  2. Using just the file name in the exclusion list
  3. Using a single exclusion list for multiple server workloads
  4. Using incorrect environment variables as wildcards in the file name and folder path or extension exclusion lists
    1. Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team
0
(0)

You can define an exclusion list for items that you don’t want Microsoft Defender Antivirus to scan. Such excluded items could contain threats that make your device vulnerable. This article describes some common mistake that you should avoid when defining exclusions.

Before defining your exclusion lists, see Recommendations for defining exclusions.

Excluding certain trusted items

Certain files, file types, folders, or processes should not be excluded from scanning even though you trust them to be not malicious.

Do not define exclusions for the folder locations, file extensions, and processes that are listed in the following sections:

  • Folder locations
  • File extensions
  • Processes

Folder locations

In general, do not define exclusions for the following folder locations:

%systemdrive%

C:

C:\

C:\*

%ProgramFiles%\Java

C:\Program Files\Java

%ProgramFiles%\Contoso\

C:\Program Files\Contoso\

%ProgramFiles(x86)%\Contoso\

C:\Program Files (x86)\Contoso\

C:\Temp

C:\Temp\

C:\Temp\*

C:\Users\

C:\Users\*

C:\Users\<UserProfileName>\AppData\Local\Temp\ Note the following exception for SharePoint: Do exclude C:\Users\ServiceAccount\AppData\Local\Temp when you use file-level antivirus protection in SharePoint.

C:\Users\<UserProfileName>\AppData\LocalLow\Temp\ Note the following exception for SharePoint: Do exclude C:\Users\Default\AppData\Local\Temp when you use file-level antivirus protection in SharePoint.

%Windir%\Prefetch

C:\Windows\Prefetch

C:\Windows\Prefetch\

C:\Windows\Prefetch\*

%Windir%\System32\Spool

C:\Windows\System32\Spool

C:\Windows\System32\CatRoot2 %Windir%\Temp

C:\Windows\Temp

C:\Windows\Temp\

C:\Windows\Temp\*

Linux and macOS Platforms

/

/bin

/sbin

/usr/lib

File extensions

In general, do not define exclusions for the following file extensions:

.7z

.bat

.bin

.cab

.cmd

.com

.cpl

.dll

.exe

.fla

.gif

.gz

.hta

.inf

.java

.jar

.job

.jpeg

.jpg

.js

.ko

.ko.gz

.msi

.ocx

.png

.ps1

.py

.rar

.reg

.scr

.sys

.tar

.tmp

.url

.vbe

.vbs

.wsf

.zip

Processes

In general, do not define exclusions for the following processes:

AcroRd32.exe

bitsadmin.exe

excel.exe

iexplore.exe

java.exe

outlook.exe

psexec.exe

powerpnt.exe

powershell.exe

schtasks.exe

svchost.exe

wmic.exe

winword.exe

wuauclt.exe

addinprocess.exe

addinprocess32.exe

addinutil.exe

bash.exe

bginfo.exe

cdb.exe

csi.exe

dbghost.exe

dbgsvc.exe

dnx.exe

dotnet.exe

fsi.exe

fsiAnyCpu.exe

kd.exe

ntkd.exe

lxssmanager.dll

msbuild.exe

mshta.exe

ntsd.exe

rcsi.exe

system.management.automation.dll

windbg.exe

Linux and macOS Platforms

bash

sh

python and python3

java

zsh

 Note

You can choose to exclude file types, such as .gif, .jpg, .jpeg, or .png if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.

Using just the file name in the exclusion list

Malware might have the same name as that of a file that you trust and want to exclude from scanning. Therefore, to avoid excluding potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude Filename.exe from scanning, use the complete path to the file, such as C:\program files\contoso\Filename.exe.

Using a single exclusion list for multiple server workloads

Do not use a single exclusion list to define exclusions for multiple server workloads. Split the exclusions for different application or service workloads into multiple exclusion lists. For example, the exclusion list for your IIS Server workload must be different from the exclusion list for your SQL Server workload.

Using incorrect environment variables as wildcards in the file name and folder path or extension exclusion lists

Microsoft Defender Antivirus Service runs in system context using the LocalSystem account, which means it gets information from the system environment variable, and not from the user environment variable. Use of environment variables as a wildcard in exclusion lists is limited to system variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. Therefore, do not use user environment variables as wildcards when adding Microsoft Defender Antivirus folder and process exclusions. See the table under System environment variables for a complete list of system environment variables.

See Use wildcards in the file name and folder path or extension exclusion lists for information on how to use wildcards in exclusion lists.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 24 times, 1 visits today)
Tagged: MicrosoftMicrosoft for Endpoint

Related Articles

  • All about Microsoft

  • Overview of Microsoft 365 Lighthouse

  • Microsoft Defender for Business (preview) – Frequently asked questions and answers

  • Get help and support for Microsoft Defender for Business (preview)

  • Manage your custom rules for firewall policies in Microsoft Defender for Business (preview)

  • Firewall in Microsoft Defender for Business (preview)

ask or enter a search term

Top Rated Posts

5 (1)

Activate code Avast on Windows PC

5 (1)

[KB5699] Set the PIN in ESET Parental Control for Android

5 (2)

Getting started (app) (ESET)

5 (1)

[KB3239] How do I uninstall or reinstall ESET Cyber Security or ESET Cyber Security Pro?

5 (2)

[KB6842] Upgrade to ESET Cyber Security and ESET Cyber Security Pro version 6.6 fails on previous versions of macOS (10.6 – 10.8)

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
© Copyright by BEST Antivirus by SSG Limited