You can define an exclusion list for items that you don’t want Microsoft Defender Antivirus to scan. Such excluded items could contain threats that make your device vulnerable. This article describes some common mistake that you should avoid when defining exclusions. Before defining your exclusion lists, see Recommendations for defining exclusions. Excluding certain trusted items Certain […]
Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. These exclusions do not appear in the standard exclusion lists that are shown in the Windows Security app. In addition to server role-defined automatic exclusions, you can add or remove custom exclusions. […]
You can exclude files that have been opened by specific processes from Microsoft Defender Antivirus scans. See Recommendations for defining exclusions before defining your exclusion lists. This article describes how to configure exclusion lists. Examples of exclusions EXAMPLES OF EXCLUSIONS Exclusion Example Any file on the machine that is opened by any process with a specific file […]
You can define exclusions for Microsoft Defender Antivirus that apply to scheduled scans, on-demand scans, and always-on, real-time protection and monitoring. Generally, you shouldn’t need to apply exclusions. If you do need to apply exclusions, you can choose from several different kinds: Exclusions based on file extensions and folder locations (described in this article) Exclusions for files that are […]
You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to scheduled scans, on-demand scans, and always-on real-time protection and monitoring. Exclusions for process-opened files only apply to real-time protection. Configure and validate exclusions To configure and validate exclusions, see the following: Configure and validate exclusions based on file name, […]
If Microsoft Defender Antivirus is configured to detect and remediate threats on your device, Microsoft Defender Antivirus quarantines suspicious files. If you are certain a quarantined file is not a threat, you can restore it. Open Windows Security. Select Virus & threat protection and then click Protection history. In the list of all recent items, filter on Quarantined Items. Select […]
Use Microsoft Intune to configure scanning options For more information, see Configure device restriction settings in Microsoft Intune and Microsoft Defender Antivirus device restriction settings for Windows 10 in Intune. Use Microsoft Endpoint Manager to configure scanning options For details on configuring Microsoft Endpoint Manager (current branch), see How to create and deploy antimalware policies: Scan settings. Use Group […]
Microsoft Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR). […]
You can run an on-demand scan on individual endpoints. These scans will start immediately, and you can define parameters for the scan, such as the location or type. When you run a scan, you can choose from among three types: Quick scan, full scan, and custom scan. In most cases, use a quick scan. A […]
After a Microsoft Defender Antivirus scan completes, whether it is an on-demand or scheduled scan, the results are recorded and you can view the results. Use Configuration Manager to review scan results See How to monitor Endpoint Protection status. Use PowerShell cmdlets to review scan results The following cmdlet will return each detection on the endpoint. If there are […]