deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 13307: Added new MpCmdRun procedure to check exclusions

Browse Source 
Added new MpCmdRun procedure to check exclusions
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-12-10 22:42:04 +00:00
commit 595c534e43
2 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 09/03/2018 ms.date: 12/10/2018
--- ---
# Configure and validate exclusions based on file extension and folder location # Configure and validate exclusions based on file extension and folder location
@ -264,7 +264,7 @@ The following table describes how the wildcards can be used and provides some ex
## Review the list of exclusions ## Review the list of exclusions
You can retrieve the items in the exclusion list with [Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune), [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), PowerShell, or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). You can retrieve the items in the exclusion list with [Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune), [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), MpCmdRun, PowerShell, or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
>[!IMPORTANT] >[!IMPORTANT]
>Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). >Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
@ -276,7 +276,18 @@ If you use PowerShell, you can retrieve the list in two ways:
- Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. - Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line.
- Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
**Review the list of exclusions alongside all other Windows Defender Antivirus preferences:** **Validate the exclusion list by using MpCmdRun:**
To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command:
```DOS
MpCmdRun.exe -CheckExclusion -path <path>
```
>[!NOTE]
>Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
**Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell:**
Use the following cmdlet: Use the following cmdlet:
@ -290,7 +301,7 @@ In the following example, the items contained in the `ExclusionExtension` list a
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
**Retrieve a specific exclusions list:** **Retrieve a specific exclusions list by using PowerShell:**
Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable: Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable:

20
windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 09/03/2018 ms.date: 12/10/2018
--- ---
# Configure exclusions for files opened by processes # Configure exclusions for files opened by processes
@ -147,14 +147,26 @@ Environment variables | The defined variable will be populated as a path when th
## Review the list of exclusions ## Review the list of exclusions
You can retrieve the items in the exclusion list with PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). You can retrieve the items in the exclusion list with MpCmdRun, PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/intune/device-restrictions-configure), or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
If you use PowerShell, you can retrieve the list in two ways: If you use PowerShell, you can retrieve the list in two ways:
- Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line. - Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line.
- Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line. - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
**Review the list of exclusions alongside all other Windows Defender Antivirus preferences:** **Validate the exclusion list by using MpCmdRun:**
To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command:
```DOS
MpCmdRun.exe -CheckExclusion -path <path>
```
>[!NOTE]
>Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
**Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell:**
Use the following cmdlet: Use the following cmdlet:
@ -164,7 +176,7 @@ Get-MpPreference
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus. See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
**Retrieve a specific exclusions list:** **Retrieve a specific exclusions list by using PowerShell:**
Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable: Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable: