For example, the exclusion list for your IIS Server workload must be different from the exclusion list for your SQL Server workload. Split the exclusions for different application or service workloads into multiple exclusion lists. Using a single exclusion list for multiple server workloadsĭo not use a single exclusion list to define exclusions for multiple server workloads. For example, if you want to exclude Filename.exe from scanning, use the complete path to the file, such as C:\program files\contoso\Filename.exe. Therefore, to avoid excluding potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. Malware might have the same name as that of a file that you trust and want to exclude from scanning. Using just the file name in the exclusion list
png if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities. You can choose to exclude file types, such as. In general, do not define exclusions for the following processes: In general, do not define exclusions for the following file extensions:
In general, do not define exclusions for the following folder locations:Ĭ:\Users\\AppData\Local\Temp\ Note the following exception for SharePoint: Do excludeĬ:\Users\ServiceAccount\AppData\Local\Temp when you use file-level antivirus protection in SharePoint.Ĭ:\Users\\AppData\LocalLow\Temp\ Note the following exception for SharePoint: Do exclude C:\Users\Default\AppData\Local\Temp when you use file-level antivirus protection in SharePoint.Ĭ:\Windows\System32\CatRoot2 %Windir%\TempĬ:\Windows\Temp\* Linux and macOS Platforms Excluding certain trusted itemsĬertain files, file types, folders, or processes should not be excluded from scanning even though you trust them to be not malicious.ĭo not define exclusions for the folder locations, file extensions, and processes that are listed in the following sections: This article describes some common mistake that you should avoid when defining exclusions.īefore defining your exclusion lists, see Recommendations for defining exclusions. Such excluded items could contain threats that make your device vulnerable. You can define an exclusion list for items that you don't want Microsoft Defender Antivirus to scan.