Exclusions for MDAV and ASR rules

emmwalshh · emmwalshh · commit 65aed2a8301d · 2025-01-27T15:57:36.000Z
diff --git a/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md
@@ -3,7 +3,7 @@ title: Configure custom exclusions for Microsoft Defender Antivirus
 description: You can exclude files (including files modified by specified processes) and folders from Microsoft Defender Antivirus scans.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 09/13/2024
+ms.date: 01/27/2025
 author: emmwalshh
 ms.author: ewalsh
 ms.custom: nextgen
@@ -40,11 +40,17 @@ Custom exclusions apply to [scheduled scans](schedule-antivirus-scans.md), [on-d
 
 > [!CAUTION]
 > Use Microsoft Defender Antivirus extensions sparingly. Make sure to review the information in [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md).
+> Variables, such as %USERPROFILE% aren't interpreted in exclusion settings. We recommend using an explicit path format
 
 If you're using Microsoft Intune to manage Microsoft Defender Antivirus or Microsoft Defender for Endpoint, use the following procedures to define exclusions:
 
-- [Manage antivirus exclusions in Intune (for existing policies)](#manage-antivirus-exclusions-in-intune-for-existing-policies)
-- [Create a new antivirus policy with exclusions in Intune](#create-a-new-antivirus-policy-with-exclusions-in-intune)
+- [Configure custom exclusions for Microsoft Defender Antivirus](#configure-custom-exclusions-for-microsoft-defender-antivirus)
+  - [Configure and validate exclusions](#configure-and-validate-exclusions)
+      - [Manage antivirus exclusions in Intune (for existing policies)](#manage-antivirus-exclusions-in-intune-for-existing-policies)
+      - [Create a new antivirus policy with exclusions in Intune](#create-a-new-antivirus-policy-with-exclusions-in-intune)
+  - [Important points about exclusions](#important-points-about-exclusions)
+  - [Audit antivirus exclusions on Exchange systems](#audit-antivirus-exclusions-on-exchange-systems)
+  - [See also](#see-also)
 
 If you're using another tool, such as Configuration Manager or Group Policy, or you want more detailed information about custom exclusions, see these articles:
 
diff --git a/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md
@@ -4,7 +4,7 @@ description: Exclude files from Microsoft Defender Antivirus scans based on thei
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 11/21/2024
+ms.date: 01/27/2025
 author: emmwalshh
 ms.author: ewalsh
 ms.topic: conceptual
@@ -39,6 +39,7 @@ You can define exclusions for Microsoft Defender Antivirus that apply to [schedu
 > Microsoft Defender Antivirus exclusions do apply to some Microsoft Defender for Endpoint capabilities, such as [attack surface reduction rules](attack-surface-reduction.md). Some Microsoft Defender Antivirus exclusions are applicable to some ASR rule exclusions. See [Attack surface reduction rules reference - Microsoft Defender Antivirus exclusions and ASR rules](attack-surface-reduction-rules-reference.md#microsoft-defender-antivirus-exclusions-and-asr-rules).
 > Files that you exclude using the methods described in this article can still trigger Endpoint Detection and Response (EDR) alerts and other detections.
 > To exclude files broadly, add them to the Microsoft Defender for Endpoint [custom indicators](indicators-overview.md).
+> Variables, such as %USERPROFILE% aren't interpreted in exclusion settings. We recommend using an explicit path format.
 
 ## Before you begin
 
