diff --git a/windows/keep-secure/configure-exclusions-windows-defender-antivirus.md b/windows/keep-secure/configure-exclusions-windows-defender-antivirus.md index bed4fbf9c1..874d94951f 100644 --- a/windows/keep-secure/configure-exclusions-windows-defender-antivirus.md +++ b/windows/keep-secure/configure-exclusions-windows-defender-antivirus.md @@ -12,7 +12,7 @@ localizationpriority: medium author: iaanw --- -# Configure and validate file and folder exclusions in Windows Defender AV scans +# Configure and validate file, folder, and process-opened file exclusions in Windows Defender AV scans **Applies to:** @@ -33,9 +33,9 @@ author: iaanw - Microsoft Intune - Windows Defender Security Center -You can exclude certain files, folders, processes, and process-modified files from being scanned by Windows Defender Antivirus. +You can exclude certain files, folders, processes, and process-opened files from being scanned by Windows Defender Antivirus. -The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md). +The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md). Exclusions for process-opened files only aply to real-time protection. Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. @@ -48,5 +48,5 @@ Topic | Description ---|--- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) | Exclude files from Windows Defender AV scans based on their file extension, file name, or location [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) | You can exclude files from scans that have been opened by a specific process -[Configure exclusions in Windows Defender AV on Windows Servery](configure-server-exclusions-windows-defender-antivirus.md) | Windows Server 2016 includes automatic exclusions, based on the defined Server Role. You can also add custom exclusions +[Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) | Windows Server 2016 includes automatic exclusions, based on the defined Server Role. You can also add custom exclusions diff --git a/windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md index d4baacf3ec..3d78deccde 100644 --- a/windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/keep-secure/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -42,7 +42,7 @@ Exclusion | Examples | Exclusion list Any file with a specific extension | All files with the .test extension, anywhere on the machine | Extension exclusions Any file under a specific folder | All files under the c:\test\sample folder | File and folder exclusions A specific file in a specific folder | The file c:\sample\sample.test only | File and folder exclusions -A specific process | The executable file c:\test\process.exe | File and folder exclusions list +A specific process | The executable file c:\test\process.exe | File and folder exclusions This means the exclusion lists have the following characteristics: - Folder exclusions will apply to all files and folders under that folder. @@ -95,7 +95,7 @@ You can [configure how locally and globally defined exclusions lists are merged] 7. Click **OK**. -![The Group Policy setting for file and folder exclusions](images/defender/wdav-extension-exclusions.png) +![The Group Policy setting for file and folder exclusions](images/defender/wdav-path-exclusions.png) 8. Double-click the **Extension Exclusions** setting and add the exclusions: @@ -106,7 +106,7 @@ You can [configure how locally and globally defined exclusions lists are merged] 9. Click **OK**. -![The Group Policy setting for extension exclusions](images/defender/wdav-path-exclusions.png) +![The Group Policy setting for extension exclusions](images/defender/wdav-extension-exclusions.png) @@ -184,7 +184,7 @@ See [Add exclusions in the Windows Defender Security Center app](windows-defende ## Use wildcards in the file name and folder path or extension exclusion lists -You can use the asterisk **\***, question mark **?**, or environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the file name or folder path exclusion list. +You can use the asterisk \*, question mark ?, or environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the file name or folder path exclusion list. >[!IMPORTANT] >Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. @@ -196,8 +196,8 @@ The following table describes how the wildcards can be used and provides some ex Wildcard | Use | Example use | Example matches ---|---|---|--- -***** (asterisk) | Replaces any number of chararacters | | -**?** (question mark) | Replaces a single character | | +\* (asterisk) | Replaces any number of characters | | +? (question mark) | Replaces a single character | | Environment variables | The defined variable will be populated as a path when the exclusion is evaluated | | @@ -276,6 +276,6 @@ $client.DownloadFile("http://www.eicar.org/download/eicar.com.txt","c:\test.txt" - [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md) - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) -- [Configure exclusions in Windows Defender AV on Windows Servery](configure-server-exclusions-windows-defender-antivirus.md) +- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) - [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) diff --git a/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md index c8456fa9cf..48dcf3df40 100644 --- a/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md +++ b/windows/keep-secure/configure-process-opened-file-exclusions-windows-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: Configure and validate exclusions for files opened by specific processes +title: Configure exclusions for files opened by specific processes description: You can exclude files from scans if they have been opened by a specific process. keywords: process, exclusion, files, scans search.product: eADQiWindows 10XVcnh @@ -12,7 +12,7 @@ localizationpriority: medium author: iaanw --- -# Configure and validate exclusions for files opened by processes +# Configure exclusions for files opened by processes **Applies to:** @@ -40,8 +40,8 @@ This topic describes how to configure exclusion lists for the following: Exclusion | Example ---|--- -Any file on the machine that is opened by any process with a specific file name | Specifying "*test.exe*" would excude files opened by: -Any file on the machine that is opened by any process under a specific folder | Specifying "*c:\test\sample\\*" would exclude files opened by: +Any file on the machine that is opened by any process with a specific file name | Specifying "*test.exe*" would exclude files opened by: +Any file on the machine that is opened by any process under a specific folder | Specifying "*c:\test\sample\\**" would exclude files opened by: Any file on the machine that is opened by a specific process in a specific folder | Specifying "*c:\test\process.exe*" would exclude files only opened by *c:\test\process.exe* When you add a process to the process exclusion list, Windows Defender AV will not scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the [file exclusion list](configure-extension-file-exclusions-windows-defender-antivirus.md). @@ -89,7 +89,7 @@ You can [configure how locally and globally defined exclusions lists are merged] **Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans:** -Using PowerShell to add or remove exclusions for files based on the extension, location, or file name requires using a combination of three cmdlets with the `-ExclusionProcess' parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/defender). +Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess' parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/defender). The format for the cmdlets is: @@ -110,7 +110,7 @@ Remove items from the list | `Remove-MpPreference` >If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list. -For example, the following code snippet would cause Windows Defender AV scans to exclude any file that is opened by process: +For example, the following code snippet would cause Windows Defender AV scans to exclude any file that is opened by the specified process: ```PowerShell Add-MpPreference -ExclusionProcess "c:\internal\test.exe" @@ -156,14 +156,14 @@ See [Add exclusions in the Windows Defender Security Center app](windows-defende The use of wildcards in the process exclusion list is different from their use in other exclusion lists. -In particular, you cannot use the question mark **?** wilcard, and the asterisk **\*** wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list. +In particular, you cannot use the question mark ? wildcard, and the asterisk \* wildcard can only be used at the end of a complete path. You can still use environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the process exclusion list. The following table describes how the wildcards can be used in the process exclusion list: Wildcard | Use | Example use | Example matches ---|---|---|--- -**\*** (asterisk) | Replaces any number of chararacters | | -**?** (question mark) | Not available | \- | \- +\* (asterisk) | Replaces any number of characters | | +? (question mark) | Not available | \- | \- Environment variables | The defined variable will be populated as a path when the exclusion is evaluated | | @@ -212,6 +212,6 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use - [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md) - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md) -- [Configure exclusions in Windows Defender AV on Windows Servery](configure-server-exclusions-windows-defender-antivirus.md) +- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) - [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file diff --git a/windows/keep-secure/images/defender/wdav-powershell-get-exclusions-variable.png b/windows/keep-secure/images/defender/wdav-powershell-get-exclusions-variable.png index adf6c2b661..68b455b5a3 100644 Binary files a/windows/keep-secure/images/defender/wdav-powershell-get-exclusions-variable.png and b/windows/keep-secure/images/defender/wdav-powershell-get-exclusions-variable.png differ diff --git a/windows/keep-secure/troubleshoot-windows-defender-antivirus.md b/windows/keep-secure/troubleshoot-windows-defender-antivirus.md index eabca9e983..ebca8b01c8 100644 --- a/windows/keep-secure/troubleshoot-windows-defender-antivirus.md +++ b/windows/keep-secure/troubleshoot-windows-defender-antivirus.md @@ -2,7 +2,8 @@ title: Windows Defender AV event IDs and error codes description: Look up the causes and solutions for Windows Defender Antivirus event IDs and errors keywords: event, error code, siem, logging, troubleshooting, wef, windows event forwarding -ms.assetid: EE488CC1-E340-4D47-B50B-35BD23CB4D70 +search.product: eADQiWindows 10XVcnh +ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library diff --git a/windows/keep-secure/windows-defender-antivirus-in-windows-10.md b/windows/keep-secure/windows-defender-antivirus-in-windows-10.md index 243eb9a1c3..a9cdcf6735 100644 --- a/windows/keep-secure/windows-defender-antivirus-in-windows-10.md +++ b/windows/keep-secure/windows-defender-antivirus-in-windows-10.md @@ -2,7 +2,8 @@ title: Windows Defender Antivirus description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10. keywords: windows defender antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security -ms.assetid: 6A9EB85E-1F3A-40AC-9A47-F44C4A2B55E2 +search.product: eADQiWindows 10XVcnh +ms.pagetype: security ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library