From 771d2852f62a8510e0cd8d7775b39be0d741c2a1 Mon Sep 17 00:00:00 2001
From: Dynakarp <69023488+Dynakarp@users.noreply.github.com>
Date: Sat, 27 Mar 2021 21:44:46 -0500
Subject: [PATCH 1/2] Fix invalid file extension
---
.../common-exclusion-mistakes-microsoft-defender-antivirus.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index 3108c5ea6b..fa0088f89f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -34,7 +34,7 @@ Do not define exclusions for the folder locations, file extensions, and processe
| Folder locations | File extensions | Processes |
|:--|:--|:--|
-| `%systemdrive%`
`C:`
`C:\`
`C:\*`
`%ProgramFiles%\Java`
`C:\Program Files\Java`
`%ProgramFiles%\Contoso\`
`C:\Program Files\Contoso\`
`%ProgramFiles(x86)%\Contoso\`
`C:\Program Files (x86)\Contoso\`
`C:\Temp`
`C:\Temp\`
`C:\Temp\*`
`C:\Users\`
`C:\Users\*`
`C:\Users\\AppData\Local\Temp\`
`C:\Users\\AppData\LocalLow\Temp\`
`C:\Users\\AppData\Roaming\Temp\`
`%Windir%\Prefetch`
`C:\Windows\Prefetch`
`C:\Windows\Prefetch\`
`C:\Windows\Prefetch\*`
`%Windir%\System32\Spool`
`C:\Windows\System32\Spool`
`C:\Windows\System32\CatRoot2`
`%Windir%\Temp`
`C:\Windows\Temp`
`C:\Windows\Temp\`
`C:\Windows\Temp\*` | `.7zip`
`.bat`
`.bin`
`.cab`
`.cmd`
`.com`
`.cpl`
`.dll`
`.exe`
`.fla`
`.gif`
`.gz`
`.hta`
`.inf`
`.java`
`.jar`
`.job`
`.jpeg`
`.jpg`
`.js`
`.ko`
`.ko.gz`
`.msi`
`.ocx`
`.png`
`.ps1`
`.py`
`.rar`
`.reg`
`.scr`
`.sys`
`.tar`
`.tmp`
`.url`
`.vbe`
`.vbs`
`.wsf`
`.zip` | `AcroRd32.exe`
`bitsadmin.exe`
`excel.exe`
`iexplore.exe`
`java.exe`
`outlook.exe`
`psexec.exe`
`powerpnt.exe`
`powershell.exe`
`schtasks.exe`
`svchost.exe`
`wmic.exe`
`winword.exe`
`wuauclt.exe`
`addinprocess.exe`
`addinprocess32.exe`
`addinutil.exe`
`bash.exe`
`bginfo.exe`[1]
`cdb.exe`
`csi.exe`
`dbghost.exe`
`dbgsvc.exe`
`dnx.exe`
`fsi.exe`
`fsiAnyCpu.exe`
`kd.exe`
`ntkd.exe`
`lxssmanager.dll`
`msbuild.exe`[2]
`mshta.exe`
`ntsd.exe`
`rcsi.exe`
`system.management.automation.dll`
`windbg.exe` |
+| `%systemdrive%`
`C:`
`C:\`
`C:\*`
`%ProgramFiles%\Java`
`C:\Program Files\Java`
`%ProgramFiles%\Contoso\`
`C:\Program Files\Contoso\`
`%ProgramFiles(x86)%\Contoso\`
`C:\Program Files (x86)\Contoso\`
`C:\Temp`
`C:\Temp\`
`C:\Temp\*`
`C:\Users\`
`C:\Users\*`
`C:\Users\\AppData\Local\Temp\`
`C:\Users\\AppData\LocalLow\Temp\`
`C:\Users\\AppData\Roaming\Temp\`
`%Windir%\Prefetch`
`C:\Windows\Prefetch`
`C:\Windows\Prefetch\`
`C:\Windows\Prefetch\*`
`%Windir%\System32\Spool`
`C:\Windows\System32\Spool`
`C:\Windows\System32\CatRoot2`
`%Windir%\Temp`
`C:\Windows\Temp`
`C:\Windows\Temp\`
`C:\Windows\Temp\*` | `.7z`
`.bat`
`.bin`
`.cab`
`.cmd`
`.com`
`.cpl`
`.dll`
`.exe`
`.fla`
`.gif`
`.gz`
`.hta`
`.inf`
`.java`
`.jar`
`.job`
`.jpeg`
`.jpg`
`.js`
`.ko`
`.ko.gz`
`.msi`
`.ocx`
`.png`
`.ps1`
`.py`
`.rar`
`.reg`
`.scr`
`.sys`
`.tar`
`.tmp`
`.url`
`.vbe`
`.vbs`
`.wsf`
`.zip` | `AcroRd32.exe`
`bitsadmin.exe`
`excel.exe`
`iexplore.exe`
`java.exe`
`outlook.exe`
`psexec.exe`
`powerpnt.exe`
`powershell.exe`
`schtasks.exe`
`svchost.exe`
`wmic.exe`
`winword.exe`
`wuauclt.exe`
`addinprocess.exe`
`addinprocess32.exe`
`addinutil.exe`
`bash.exe`
`bginfo.exe`[1]
`cdb.exe`
`csi.exe`
`dbghost.exe`
`dbgsvc.exe`
`dnx.exe`
`fsi.exe`
`fsiAnyCpu.exe`
`kd.exe`
`ntkd.exe`
`lxssmanager.dll`
`msbuild.exe`[2]
`mshta.exe`
`ntsd.exe`
`rcsi.exe`
`system.management.automation.dll`
`windbg.exe` |
>[!NOTE]
> You can chose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
From 7e9215ca6b8910289e7436ad40962879a75f6666 Mon Sep 17 00:00:00 2001
From: Dynakarp <69023488+Dynakarp@users.noreply.github.com>
Date: Sun, 28 Mar 2021 09:02:48 -0500
Subject: [PATCH 2/2] Update
windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
Correct a typo.
Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
.../common-exclusion-mistakes-microsoft-defender-antivirus.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index fa0088f89f..3ce1ffde39 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -36,8 +36,8 @@ Do not define exclusions for the folder locations, file extensions, and processe
|:--|:--|:--|
| `%systemdrive%`
`C:`
`C:\`
`C:\*`
`%ProgramFiles%\Java`
`C:\Program Files\Java`
`%ProgramFiles%\Contoso\`
`C:\Program Files\Contoso\`
`%ProgramFiles(x86)%\Contoso\`
`C:\Program Files (x86)\Contoso\`
`C:\Temp`
`C:\Temp\`
`C:\Temp\*`
`C:\Users\`
`C:\Users\*`
`C:\Users\\AppData\Local\Temp\`
`C:\Users\\AppData\LocalLow\Temp\`
`C:\Users\\AppData\Roaming\Temp\`
`%Windir%\Prefetch`
`C:\Windows\Prefetch`
`C:\Windows\Prefetch\`
`C:\Windows\Prefetch\*`
`%Windir%\System32\Spool`
`C:\Windows\System32\Spool`
`C:\Windows\System32\CatRoot2`
`%Windir%\Temp`
`C:\Windows\Temp`
`C:\Windows\Temp\`
`C:\Windows\Temp\*` | `.7z`
`.bat`
`.bin`
`.cab`
`.cmd`
`.com`
`.cpl`
`.dll`
`.exe`
`.fla`
`.gif`
`.gz`
`.hta`
`.inf`
`.java`
`.jar`
`.job`
`.jpeg`
`.jpg`
`.js`
`.ko`
`.ko.gz`
`.msi`
`.ocx`
`.png`
`.ps1`
`.py`
`.rar`
`.reg`
`.scr`
`.sys`
`.tar`
`.tmp`
`.url`
`.vbe`
`.vbs`
`.wsf`
`.zip` | `AcroRd32.exe`
`bitsadmin.exe`
`excel.exe`
`iexplore.exe`
`java.exe`
`outlook.exe`
`psexec.exe`
`powerpnt.exe`
`powershell.exe`
`schtasks.exe`
`svchost.exe`
`wmic.exe`
`winword.exe`
`wuauclt.exe`
`addinprocess.exe`
`addinprocess32.exe`
`addinutil.exe`
`bash.exe`
`bginfo.exe`[1]
`cdb.exe`
`csi.exe`
`dbghost.exe`
`dbgsvc.exe`
`dnx.exe`
`fsi.exe`
`fsiAnyCpu.exe`
`kd.exe`
`ntkd.exe`
`lxssmanager.dll`
`msbuild.exe`[2]
`mshta.exe`
`ntsd.exe`
`rcsi.exe`
`system.management.automation.dll`
`windbg.exe` |
->[!NOTE]
-> You can chose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
+> [!NOTE]
+> You can choose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities.
## Using just the file name in the exclusion list