Add or Remove Windows Defender Exclusions in Windows 10  

Page 5 of 6 FirstFirst ... 3456 LastLast
  1.    06 Oct 2017 #40

    when i click the remove button it just goes back all of the items in the screen shot are the items i want to remove
      My ComputerSystem Spec

  2. Brink's Avatar
    Posts : 33,787
    64-bit Windows 10 Pro build 18282
    Thread Starter
       06 Oct 2017 #41

    In that case it very well could be malware. It would be best to create a new thread for this in our AntiVirus, Firewalls and System Security forum area for more specialized help.
      My ComputersSystem Spec

  3.    24 Oct 2017 #42

    @Brink

    An answer to why you might exclude something from Defender scans:

    a) Legitimately: Sometimes there are train crashes when Defender examines itself
    Therefore, you might temporarily add exceptions to [folders]:
    C:\Program Files\Windows Defender
    C:\Program Files\Windows Defender Advance Threat Protection
    and there may be some other special cases, if you know what you are doing & the risks involved.

    b) You are a cunning malware writer, and you want to stop your victims from scanning your evil concoctions.

    Even if you employ (a) as a matter of course, it is advisable to check exclusions periodically (in particular after any malware managed to get through)
    I suppose it's possible the even the Defender files could be compromised, so from time to time re-enable the scans of Defender itself, and scan them. Just to be on the safe side.
    { Hint: You can set your favourite keys as 'favorites' in regedit, and use them just when you do a full scan }

    As for (b), malwares often seek to hide from Defender by registering themselves as exclusions. Naughty malwares!
    Often, but not always malwares have rather silly codified names, but sometimes the hide in plain sight as reasonable-looking things like "MySafetyScan" (please don't sue me!).

    Third-party scanners, trustworthy online scanners, are less easily fooled. But do be careful to avoid fake scanners that just bring more malwares! { I currently use freewares ESET online, Emsisoft, Malwarebytes etc - your mileage may vary. And use adware scanners. }

    There are two distinct ways in which Defender exclusions (files or folders) are registered:
    1) as direct Defender exclusions
    2) as 'Policy' exclusions (security, management)

    Both can be solved with regedit, the registry editor (be careful !! - it's a good plan to back up the registry before proceeding !!).
    {You will already know to [winkey], enter "regedit", etc, and to install regedit if you don't have it}

    The former (1) are likely to be found in this registry key { burrow down carefully, checking for accuracy as you go! }
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
    You will see the Defender settings exclusions there (the ones you see by going to Defender settings, exclusions).

    If they look like/are malware, you can delete the entries, all except '(default)'. Be careful, double check !!
    {Tip: you can use the standard ctrl-click to select one, & shift-click to select a range) Be careful, double check !! }

    The latter (2) are more puzzling, since the Defender settings will not let you remove them.
    You will see a message in RED: Some settings are managed by your organization

    Musfiquer Rhman at https://answers.microsoft.com/en-us/...f-d6b1b7e1c256 solved this by

    In Regedit > HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows Defender > Exclusions > Paths
    I have deleted all files except (default) and it solved my problem.
    That's this key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths
    A little deeper, I see that some policy keys use "policy objects" (long dll codes in curly brackets), and it may be advisable to drill down into these to make sure they are legitimate. I haven't done so yet.
    These keys, the list may not be complete:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{object}\Software\Policies\Microsoft\Windows Defender\Exclusions
    HKEY_USERS\<S-1-5- etc. user code>\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{object}\Software\Policies\Microsoft\Windows Defender\Exclusions
    HKEY_USERS\<S-1-5- etc. user code>\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{object}Machine\Software\Policies\Microsoft\Windows Defender\Exclusions
    When you're done, close regedit & reboot, then double-check everything again. And, of course, get Defender updates & run a scan.
      My ComputerSystem Spec

  4.    05 Apr 2018 #43

    Is there a way to exclude a registry entry through the exclusions mechanism?

    I have disabled MsMpEng.exe from making outbound network requests via a firewall rule (don't worry, I disable the rule once in a while to allow Defender to update itself; I just don't want it consuming my bandwidth every single day!)

    However, in every scan, Defender complains about the firewall rule, flagging it as a trojan:

    Code:
    Trojan:Win32/BlockMsav.A!reg
    
    Alert level: Severe
    Status: Quarantined
    
    Recommended action: Remove threat now.
    
    Category: Trojan
    Details: This program is dangerous and executes commands from an attacker.
    
    regkeyvalue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{---ID removed---}
    I'd prefer to tell Defender not to mess with my firewall rule, which apparently boils down to a registry entry in the end; so if there's a mechanism to exclude a registry entry itself from the claws of Defender, that would be my saviour :)

    It may be out of scope, but any other alternatives for disabling MsMpEng.exe from arbitrarily accessing the network would also be highly appreciated :)
      My ComputerSystem Spec

  5. Brink's Avatar
    Posts : 33,787
    64-bit Windows 10 Pro build 18282
    Thread Starter
       05 Apr 2018 #44

    Hello fishytuna, and welcome to Ten Forums. :)

    Does setting you network connection to be metered stop Windows Defender from automatically downloading and installing its definition updates for you?

    Set Wireless Network as Metered or Non-Metered in Windows 10 Windows 10 Tutorials

    Set Ethernet Connection as Metered or Unmetered in Windows 10 Windows 10 Tutorials
      My ComputersSystem Spec

  6.    06 Apr 2018 #45

    Thanks @Brink for the suggestion! Unfortunately I'm using a USB-tethered internet connection (which is hence treated as a wired connection by windows); AFAIK Windows doesn't allow wired connections to be marked as metered (have tried it on my own as well, with no luck; the "set as metered" switch automatically turns off as soon as I leave the connection settings page).
      My ComputerSystem Spec

  7. Brink's Avatar
    Posts : 33,787
    64-bit Windows 10 Pro build 18282
    Thread Starter
       06 Apr 2018 #46

    Even using option 2 below? You might also see if the USB tethered connection may show as something different than "Ethernet" in the registry with this option. Might also see if setting "Default" as metered may help.

    Set Ethernet Connection as Metered or Unmetered in Windows 10 Windows 10 Tutorials
      My ComputersSystem Spec

  8.    06 Apr 2018 #47

    Sorry! Missed the link for the Ethernet guide from your previous post :)
    Already tried the first option, which did not work
    Will try the second option also (as soon as I get a chance to restart my computer )
    Thanks!

    However, I'd still prefer to go by the firewall approach if possible, because that would ensure that I would never encounter an unexpected Defender data fetch, even when I have connected to a completely new (not-yet-marked-as-metered) wireless/wired network :)
      My ComputerSystem Spec


  9. Posts : 20
    windows 10 anniversary 64
       10 May 2018 #48

    fwiw, i recently got a nasty virus that took quite a bit of elbow grease to finally remove completely... during the cleaning process i inadvertently stumbled on defender's exclude paths in the registry only to discover that the virus had made its own entries into the registry paths, which caused defender to ignore the virus when i ran defender scans.... needless to say i was shocked to discover this, i didn't know it was possible for a virus to do this, especially without admin permissions... so i would recommend checking these paths from time to time, just to be safe!
      My ComputerSystem Spec

  10.    06 Oct 2018 #49

    I often install Windows 10 on my test machines and need to add exclusions to Windows Defender for some programs, so i made a .reg file that should add that to the registry, but i get a warning, that i don't have sufficient privilegies.
    Are there other ways to add exceptions to Defender or fast solutions to this without affecting the whole system, because it takes me a lot of time to do it all. ?Name:  cannot.png
Views: 53
Size:  10.5 KB
      My ComputerSystem Spec


 
Page 5 of 6 FirstFirst ... 3456 LastLast

Tutorial Categories

Add or Remove Windows Defender Exclusions in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


Related Threads
How to Turn On or Off Windows Defender Real-time Protection in Windows 10 Windows Defender helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC...
How to Create a Windows Security in Settings shortcut in Windows 10 Windows 10 provides the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively protecting your...
Solved Windows Defender in AntiVirus, Firewalls and System Security
windows defender is turned of on my computer but every time I boot my system windows defender is telling me its turned of is there a way to stop this (I am using windows 10 pro insider preview build 10074)
Read more: Microsoft updates Windows Defender to remove Superfish infection | ZDNet
Solved Windows defender off ? in AntiVirus, Firewalls and System Security
Uninstalled Panda and now windows defender is stuck off, Not clearly listed in windows features any one know which feature defender is listed as in turn windows features on or off :/ Thanks in advance, Cheers. Defender is still listed in...

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:40.
Find Us