This guide provides step-by-step instructions on how to add or remove exclusions for Microsoft Defender Antivirus in Windows 10 and Windows 11. This allows you to exclude known safe files, file types, directories, and processes from being scanned by Microsoft Defender, and stops them from being potentially removed, quarantined, or blocked.
What you need to know before you start
There are several methods that you can use to add or remove exclusions from Microsoft Defender Antivirus. All of these methods require that you be logged in as an administrator, and all will work on any edition (Pro, Home, Education, and Enterprise) of Windows 10 and Windows 11 where Microsoft Defender Antivirus is enabled.
You should be careful when adding exclusions, as Microsoft Defender will not scan them for malware. Broadly omitting directories from real-time or anytime scanning can leave places for malware to hide on your system. You should only exclude specific files you are certain are malware-free, and carefully consider which files and directories to exclude. For example, it would be unwise to exclude your Downloads directory, as this would make it easy to accidentally download malware that would not be detected.
There are four types of exclusions you can create:
- Files: Single files can be excluded from Microsoft Defender antivirus scans
- Folders: Whole folders and all files and folders within them can also be excluded
- Processes: Processes including apps and services can be excluded from real-time scanning
- File types: You can also specify file types that will be skipped during scans
You should regularly review your exclusions to ensure that they are still appropriate.
How to add or remove a Microsoft Defender exclusion using the Windows Security graphical interface
The easiest way to list, add, and remove exclusions from Microsoft Windows Defender is to use the Windows Security settings interface:
- Right-click on the start button and select Settings
- On Windows 10, click Updates and Security
- On Windows 11, click Privacy and security
- On both Windows 10 and Windows 11, continue by clicking Windows Security, then Open Windows Security
- Select Virus & threat protection in the Windows Security sidebar
- Scroll down to Virus & threat protection settings and click Manage settings
- Scroll to the Exclusions section, then select Add or remove exclusions
- A list of existing exclusions will be displayed
- To remove an exclusion, click on an existing exclusion, then click Remove
- Click the + Add an Exclusion button to add a new Microsoft Defender exclusion
- Select either File, Folder, File Type, or Process from the dropdown list
- If you select File or Folder, locate and select the item you wish to exclude from real-time and on-demand antivirus scans using the file explorer dialog
- If you select File Type, enter the file extension that will be excluded (including the preceding period, for example .foo)
- If you select Process, enter the name of the process that will be excluded
The selected file, folder, file type, or process will then be added to the list of exclusions.
How to add or remove Microsoft Defender exclusions using PowerShell
You can use PowerShell to script adding and removing exclusions to Microsoft Defender. This allows you to create shortcuts to temporarily enable or disable exclusions during certain tasks, or to automate the deployment of exclusions.
You will need to replace the example paths, file type extensions, and process names in these PowerShell commands.
File exclusions
To add a file exclusion to Microsoft Defender, run the following PowerShell command:
Add-MpPreference -ExclusionPath “C:\full\path\to\file.txt”
To remove a file exclusion to Microsoft Defender, run the following PowerShell command:
Remove-MpPreference -ExclusionPath “C:\full\path\to\file.txt”
Folder exclusions
To add a folder exclusion to Microsoft Defender, run the following PowerShell command:
Add-MpPreference -ExclusionPath “C:\full\path\to\folder”
To remove a folder exclusion to Microsoft Defender, run the following PowerShell command:
Remove-MpPreference -ExclusionPath “C:\full\path\to\folder”
Note that you do not need to include the trailing backslash in the path when adding folder exclusions to match those who wish to exclude.
File type exclusions
To add a file type exclusion to Microsoft Defender, run the following PowerShell command:
Add-MpPreference -ExclusionExtension “.foo”
To remove a file exclusion to Microsoft Defender, run the following PowerShell command:
Remove-MpPreference -ExclusionExtension “.foo”
Be sure to include the period character at the beginning of the extension.
Process exclusions
To add a process exclusion to Microsoft Defender, run the following PowerShell command:
Add-MpPreference -ExclusionProcess “process_name.exe”
To remove a process exclusion to Microsoft Defender, run the following PowerShell command:
Remove-MpPreference -ExclusionProcess “process_name.exe”
Listing Microsoft Defender exclusions using PowerShell
You can list existing Microsoft Defender exclusions using PowerShell with the following command:
Get-MpPreference | Select-Object -Property ExclusionPath, ExclusionExtension, ExclusionProcess
Managing Windows Defender Exclusions using the Windows Registry Editor
When you add and remove Microsoft Defender exclusions, the settings are stored in the Windows Registry. This means that you can also manage exclusions by adding and removing registry values. Open the Windows Registry Editor by right-clicking on the Start button, selecting Run, and then running the command regedit.exe.
Then navigate to one of the following registry key locations (you can copy and paste the below addresses into the address bar to save time):
- File and folder exclusions are stored at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
- File type exclusions are stored at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions
- Process exclusions are stored at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes
Exclusions can be removed by right-clicking on a registry value and then selecting Delete.
Exclusions can be added by following these steps:
- With either the Paths, Extensions, or Processes sub-key selected in the Registry Editor navigation pane, select Edit > New DWORD (32-bit) Value from the toolbar
- Rename the new DWORD value to either the full path to the file or directory, the file extension (including the period character), or the name of the process you wish to exclude from Microsoft Defender scans
- Leave the DWORD value set to 0
Why manage exclusions in Microsoft Defender Antivirus?
There are a number of common scenarios where you may want to exclude files, folders, certain file types, or specific processes from Microsoft Defender Antivirus:
- To exclude known safe files that are triggered as false positives
- Excluding very large files such as virtual machine disk images that do not need to be scanned and take significant time/resources to scan due to their size
- Omitting in-house developed software from scans that may not be recognised as safe by Microsoft Defender Antivirus
- Speeding up scans by omitting large directories where files do not change
- To prevent conflicts with other software.
Malware is constantly evolving and implementing innovative ways to avoid antivirus software. You must make sure that you are only omitting files and directories where that will not include data saved from the internet or email attachments, and that can only be written to by trusted parties. You should also only exclude trusted processes and be careful when excluding file types as this will exclude all files of that type no matter where they are located, or where they came from.
Before adding exclusions to Microsoft Defender, you should manually scan them for malware.
Adding and removing Microsoft Defender exclusions from multiple PCs in enterprise and education environments
Endpoint Security by NinjaOne gives you the tools to take full control of the security of all of your devices. You can remotely manage your antivirus, including Microsoft Defender, and granularly manage scan options, schedules, and exclusions.
FAQ
Do Microsoft Defender exclusions for files, folders, extensions, and processes apply to all users on the system?
Yes, exclusions set in Microsoft Defender apply system-wide and therefore must be configured by a user with administrator privileges.
Can network drives be excluded from Microsoft Defender antivirus?
Yes, paths to files and folders at network locations and on mapped network drives can be added as exclusions to Microsoft Defender.
Are Microsoft Defender exclusions effective immediately after they are created?
Yes, changes you make to Microsoft Defender exclusions take effect immediately and do not require a system restart.
Can I export and import Microsoft Defender exclusion lists?
No interface is provided for exporting and importing Microsoft Defender exclusions. However, you can use PowerShell commands to list exclusions, save the output to a file, and then re-import them.
