Skip to content

Commit 57143e9

Browse files
Ruchika-mittal01Ruchika-mittal01
authored
Merge pull request #2362 from YongRhee-MSFT/docs-editor/managing-exclusions-1736358420
Update managing-exclusions.md -- Emm Walsh is reviewing
2 parents 621960b + 44b350c commit 57143e9

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

defender-endpoint/managing-exclusions.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ The following table shows which exclusion types are supported by each management
3838
| [Intune](#intune) | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: |
3939
| [MDM CSP](#mdm-csp) | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: |
4040
| [PowerShell](#powershell) | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: |
41-
| [GPO](#group-policy-object-gpo) | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: |
41+
| [GPO](#group-policy-object-gpo) | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes."::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: |
4242
| [WMI](#windows-management-instrumentation-wmi)| :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: |
4343
| [Configuration Manager](#configuration-manager)| :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/check-mark-button-2705.svg" alt-text="Yes"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: | :::image type="content" source="media/exclusions/cross-mark-274c.svg" alt-text="No"::: |
4444

@@ -51,7 +51,7 @@ Many exclusions can be managed in the [Microsoft Defender portal](https://securi
5151
| Custom antivirus exclusions | 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Configuration Management** > **Endpoint security policies** > **Windows policies**. <br/> 2. Select **Create New Policy**. <br/> 3. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/>4. Select a template and define your exclusions. Both **Microsoft Defender Antivirus exclusions** and **Microsoft Defender Antivirus** support custom antivirus exclusions. |
5252
| Attack surface reduction only exclusions | 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Configuration Management** > **Endpoint security policies** > **Windows policies**. <br/> 2. Select **Create New Policy** <br/> 3. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/> 4. Select the **Attack Surface Reduction Rules** template.<br/> 5. Scroll down to **Attack Surface Reduction Only Exclusions** and define your exclusions. |
5353
| Attack surface reduction rule per rule exclusion | 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Configuration Management** > **Endpoint security policies** > **Windows policies**. <br/> 2. Select **Create New Policy** <br/> 3. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/> 4. Select the **Attack Surface Reduction Rules** template.<br/> 5. Scroll down to the rule to create an exclusion.<br/>6. Change it from **Not configured** to `Block`,`Audit`, or `Warn`. <br/>7. Select **Add** to specify the path to be excluded. |
54-
| Controlled folder access exclusion | 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Configuration Management** > **Endpoint security policies** > **Windows policies**. <br/> 2. Select **Create New Policy** <br/> 3. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/> 4. Select the **Attack Surface Reduction Rules** template.<br/> 5. Scroll down to **Controlled Folder Access Allowed Applications** and define your exlusions. |
54+
| Controlled folder access exclusion | 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Configuration Management** > **Endpoint security policies** > **Windows policies**. <br/> 2. Select **Create New Policy** <br/> 3. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/> 4. Select the **Attack Surface Reduction Rules** template.<br/> 5. Scroll down to **Controlled Folder Access Allowed Applications** and define your exclusions. |
5555
| Automation folder exclusions | 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings** > **Endpoints** > **Rules** > **Automation folder exclusions** <br>2. Select **New Folder Exclusion** and define your exclusions. |
5656
| Automatic antivirus exclusions | Not supported in the [Microsoft Defender portal](https://security.microsoft.com). |
5757

@@ -120,10 +120,10 @@ Use `Set-MpPreference` or `Get-MpPreference` in the [Defender PowerShell Module]
120120
| -------- | -------- | -----|
121121
| Custom antivirus exclusion - Path| **Windows components** > **Microsoft Defender Antivirus** > **Exclusions** > **Path Exclusions** | See [Use Group Policy to configure folder or file extension exclusions](/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus#use-group-policy-to-configure-folder-or-file-extension-exclusions) |
122122
| Custom antivirus exclusions - Process | **Windows components** > **Microsoft Defender Antivirus** > **Exclusions** > **Process Exclusions** | See [Use Group Policy to exclude files that have been opened by specified processes from scans](/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus#use-group-policy-to-exclude-files-that-have-been-opened-by-specified-processes-from-scans) |
123-
| Attack Surface Reduction only exclusions | **Windows components** > **Microsoft Defender Antivirus** > **Microsoft Defender Exploit Guard** > **Attack surface reduction** > **Exclude files and paths from Attack surface reduction rules** | See [Group Policy](/defender-endpoint/enable-attack-surface-reduction#group-policy) |
124-
| Attack surface reduction rule per rule exclusion | Not supported |
123+
| Attack Surface Reduction only exclusions | **Windows components** > **Microsoft Defender Antivirus** > **Microsoft Defender Exploit Guard** > **Attack Surface Reduction** > **Exclude files and paths from Attack Surface Reduction rules** | See [Group Policy](/defender-endpoint/enable-attack-surface-reduction#group-policy) |
124+
| Attack surface reduction rule per rule exclusion | **Windows components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack surface reduction > Apply a list of exclusions to specific Attack Surface Reduction (ASR) rules**|See [Group Policy ](/defender-endpoint/enable-attack-surface-reduction#group-policy)|
125125
| Automatic antivirus exclusions | **Windows components** > **Microsoft Defender Antivirus** > **Exclusions** > **Enabled** | See [Use Group Policy to disable the autoexclusions list on Windows Server 2016, Windows Server 2019, and Windows Server 2022](/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus#use-group-policy-to-disable-the-auto-exclusions-list-on-windows-server-2016-windows-server-2019-and-windows-server-2022) |
126-
| Automation folder exclusions | Not supported |
126+
| Automation folder exclusions | Not supported ||
127127
| Controlled Folder Access exclusions | **Windows components** > **Microsoft Defender Antivirus** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Configure allowed applications** | See [Use group policy to allow specific apps](/defender-endpoint/customize-controlled-folders#use-group-policy-to-allow-specific-apps) |
128128

129129
### Windows Management Instrumentation (WMI)

0 commit comments

Comments
 (0)