Windows defender exclusions how to list them ?


jimbo45

Well-known member
Pro User
VIP
Local time
3:37 PM
Posts
3,905
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Hi folks
How can I check what Windows defender exclusions are already on a system -- seems google is more and more useless these days -

It gives zillions of links to how to ADD or REMOVE windows defender exclusions but none of these posts seem to have the answer to a simple question --How can I see what is being excluded.

It's a bit like those old "Helpless desks" at large firms requesting you to send an email if you had problems with your computer -- but if your email etc wasn't working ??? !!!!

Anyway is there any way to do this.

There's something on a 13 year old's computer that WD detect as a virus / trojan.
You run take actions - delete threat

then you get a message from WD with exactly the same threat showing about 2 mins later -- so something has been excluded but I'm not a windows Guru so I've no idea how to fix it -- .

This 13 year old knows loads more about Windows than I ever will but he can't do this (not being sexist but it always seems young Boys who have these problems with machines).

If this were my machine I'd wipe the whole lot and re-install but this is far too problematic -- and most 13 year olds can't be bothered with "Boring things like timely backups".

This seems to be the "Offending thing"

RemoteAccess:MSIL/AsyncRAT.H!MTB




Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Settings, Privacy & Security, Windows Security, Open Windows Security, Virus & threat protection, Manage settings, Add or remove exclusions.

But if a threat is being detected and notified, something is NOT excluded.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
You can use the "Get-MpPreference" command in Powershell. It will give you all the current Defender settings, including exclusions

useful link to MS documentation:
Defender Module
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Dell g5 5590
    CPU
    intel 9th gen
    Memory
    8GB LOL
    Graphics Card(s)
    nvidia
    Hard Drives
    C: nVME kioxia SSD
    D: SATA toshiba HDD
    Browser
    Firefox
    Antivirus
    Defender (if it hasn't been disabled yet)
Just posted in another post,

1662643321380.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Just posted in another post,

View attachment 38688
Hi there

Not the answer to the question. Am I the only person on these boards who understands English any more -- even as a 2nd language".!!!

The question was meaning --roughly translated --there's some exclusion operating on the PC -- How do I find out what it is. !!!!!!!

As I said we can all add or delete stuff --but I want to know what's already there. !!!!!!! Is that so difficult to understand. !!!

Sorry for the rant but too many people just seem to post links without understanding what the question was.

If you are saying you can "Exclude folders e.g c:\" that really isn't an answer as some legitimate exclusions are sometimes needed -- especially in testing A/V effectiveness and it doesn't get to the core of the problem which is how do you fix the following :

After "Removing a threat" notified by WD it still sends a message for the same threat a few minutes later.".

Not trying to diss help etc -- but PLEASE READ POSTS first before suggesting solutions.

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Jeez jimbo that's where Defender shows what's excluded by it.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
As I said we can all add or delete stuff --but I want to know what's already there. !!!!!!! Is that so difficult to understand. !!!

how do you fix the following :

After "Removing a threat" notified by WD it still sends a message for the same threat a few minutes later.".
How do you imagine exclusions can be removed in a GUI without current exclusions being listed?

But the fix you need has nothing to do with any exclusion -- Look for the source of the repeated infection.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
It's funny, I add my items but still Defender warns me
 

My Computers

System One System Two

  • OS
    WiN11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom 775 System
    CPU
    Xeon E5450 3.0GHZ (OC 3.7GHZ)
    Motherboard
    ASUS PQ5-EM
    Memory
    8GB (2GBX4)
    Graphics Card(s)
    AMD R5 430 2GB
    Sound Card
    Onboard
    Monitor(s) Displays
    ASUS 24"
    Screen Resolution
    1080p
    Hard Drives
    1TB|750GB USB, 3 SSDs 2 240GB 1 128GB, 750GB HDD
    PSU
    650WATT Rosewill
    Case
    Rosewill with side Window
    Cooling
    5 Fans and a big HSK for cpu
    Keyboard
    Rosewill RGB
    Mouse
    Rosewill RGB
    Internet Speed
    AT&T 150MB DL\UP
    Browser
    FireFox
    Antivirus
    Defender
    Other Info
    I'm lucky to even be here after 6yrs from my car accident
  • Operating System
    WiN10 LTSC
    Computer type
    Laptop
    Manufacturer/Model
    Hp 8460p
    CPU
    i7 2670QM 2.20GHZ
    Motherboard
    Hp 161C
    Memory
    8GB (2X4GB) DUAL Channel
    Graphics card(s)
    Intel HD Graphics 3000
    Sound Card
    Intel high Def (basically onboard)
    Screen Resolution
    1366x768
    Hard Drives
    OS 128GB l Storage (caddy) 320GB
    PSU
    AC (IDK the watts)
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    A USB 3.0 in the Express Card Slot
Maybe @jimbo45 has lost protection history?
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Jeez jimbo that's where Defender shows what's excluded by it.
C'mon peeps -- It shows the name of the Virus or trojan but doesn't list if any exclusions that relate to it !!!.

It's not the A/V or even the infection itself but where does it sit in the wretched PC's files.

Believe me I've done enough debugging of Linux kernels so I'm not totally ignorant of how malware works but the current diagnostic of WD is very poor,

To all those " Underpaid Indian off shored consultants" why don't you get your security staff to issue a simple WD (or other security package) message -- Malware detected but exclusion xxxx allows the threat.

Can't be that difficult -- surely.

Cheers
jimbo,
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
In addition: :-)



File and folder exclusions are stored in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths

File type exclusions are stored in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions

Process exclusions are stored in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes

 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
C'mon peeps -- It shows the name of the Virus or trojan but doesn't list if any exclusions that relate to it !!!.

It's not the A/V or even the infection itself but where does it sit in the wretched PC's files.

Believe me I've done enough debugging of Linux kernels so I'm not totally ignorant of how malware works but the current diagnostic of WD is very poor,

To all those " Underpaid Indian off shored consultants" why don't you get your security staff to issue a simple WD (or other security package) message -- Malware detected but exclusion xxxx allows the threat.

Can't be that difficult -- surely.

Cheers
jimbo,

You've been given two methods to check for any exclusions. Why not use them?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
You've been given two methods to check for any exclusions. Why not use them?
Neither work.

In some later versions of Windows W11 those registry paths don't even exist any more (or the hacker has got rid of them).
If it were my own machine I'd just clean install but it's not possible in this case.

Cheers

jimbo.
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Neither work.

In some later versions of Windows W11 those paths don't even exist any more (or the hacker has got rid of them).

Cheers

jimbo.
What paths?

(Now you have a hacker?)
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
What paths?
windows defender exclusions.

Don't get me wrong -- I've never had any problems with WD --but youngsters can always corrupt any computer !!! maybe the hackers at the CIA should only employ kids of 13 years old and younger.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
What did the PowerShell command in post #3 reveal for Exclusions?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop

My Computer

System One

  • OS
    windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9510
    CPU
    11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz (16 CPUs
    Memory
    16 GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3050 Ti
    Hard Drives
    512GB Solid State Drive
    Browser
    Chrome
I believe the OP is looking for Windows default exclusions... not user defined exclusions. For example, this link shows the default exclusion for Windows Server 2016 - 2022.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
Admin permission is needed to read the Exclusions lists, which are in Sub-Keys of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions

You can export them and that also requires Admin permission:
reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions

This long overdue change was introduced by Windows 11 and now also applies to Windows 10.

I have never looked at this Registry Key on a computer that has not had any Exclusions defined. For all I know, the Key might be created when the first Exclusion is defined.
@Brink - Do you know if this might be the case?

Denis
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296

Latest Support Threads

Back
Top Bottom