mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-18 08:17:23 +00:00
Removed common mistake section
This commit is contained in:
ManikaDhiman
parent
48fc020bf4
commit
9efb1f53f6
@ -564,116 +564,6 @@ If you do not have Internet access, you can create your own EICAR test file by w
|
||||
|
||||
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
|
||||
|
||||
## Common mistakes to avoid when defining exclusions
|
||||
This section describes some common mistakes that you should avoid making when defining exclusions for Microsoft Defender Antivirus scans.
|
||||
|
||||
### Excluding certain trusted items
|
||||
If you trust a file, file type, folder, or a process, you can add that to the exclusion list for Microsoft Defender Antivirus scans. However, there are certain items that you should not exclude from scanning even though you trust them.
|
||||
|
||||
**Do not add exclusions for the following folder locations:**
|
||||
|
||||
| Folder location | Comments |
|
||||
|-----------| --------- |
|
||||
|- %systemdrive% </br>- C: </br>- C:\ </br>- C:\* | |
|
||||
|- %ProgramFiles%\Java </br>- C:\Program Files\Java | |
|
||||
|- %ProgramFiles%\Contoso\ </br>- C:\Program Files\Contoso\ | It’s common to see applications and/or services have documentation to open up the whole folder and subfolders. |
|
||||
|- %ProgramFiles(x86)%\Contoso\ </br>- C:\Program Files (x86)\Contoso\ | It’s common to see applications and/or services have documentation to open up the whole folder and subfolders. |
|
||||
|- C:\Temp </br>- C:\Temp\ </br>- C:\Temp\* | |
|
||||
|- C:\Users\ </br>- C:\Users\* | |
|
||||
|C:\Users\<UserProfileName>\AppData\Local\Temp\ | |
|
||||
|C:\Users\<UserProfileName>\AppData\LocalLow\Temp\ | |
|
||||
|C:\Users\<UserProfileName>\AppData\Roaming\Temp\ | |
|
||||
|- %Windir%\Prefetch </br>- C:\Windows\Prefetch </br>- C:\Windows\Prefetch\ </br>- C:\Windows\Prefetch\* | |
|
||||
|- %Windir%\System32\Spool </br>- C:\Windows\System32\Spool | |
|
||||
|C:\Windows\System32\CatRoot2 | |
|
||||
|- %Windir%\Temp </br>- C:\Windows\Temp </br>- C:\Windows\Temp\ </br>- C:\Windows\Temp\* | |
|
||||
|
||||
**Do not add exclusions for the following file extensions:**
|
||||
- .7zip
|
||||
- .bat
|
||||
- .bin
|
||||
- .cab
|
||||
- .cmd
|
||||
- .com
|
||||
- .cpl
|
||||
- .dll
|
||||
- .exe
|
||||
- .fla
|
||||
- .gif
|
||||
- .gz
|
||||
- .hta
|
||||
- .inf
|
||||
- .java
|
||||
- .jar
|
||||
- .job
|
||||
- .jpeg
|
||||
- .jpg
|
||||
- .js
|
||||
- .ko
|
||||
- .ko.gz
|
||||
- .msi
|
||||
- .ocx
|
||||
- .png
|
||||
- .ps1
|
||||
- .py
|
||||
- .rar
|
||||
- .reg
|
||||
- .scr
|
||||
- .sys
|
||||
- .tar
|
||||
- .tmp
|
||||
- .url
|
||||
- .vbe
|
||||
- .vbs
|
||||
- .wsf
|
||||
- .zip
|
||||
|
||||
**Do not add exclusions for the following processes:**
|
||||
- AcroRd32.exe
|
||||
- bitsadmin.exe
|
||||
- excel.exe
|
||||
- iexplore.exe
|
||||
- java.exe
|
||||
- outlook.exe
|
||||
- psexec.exe
|
||||
- powerpnt.exe
|
||||
- powershell.exe
|
||||
- schtasks.exe
|
||||
- svchost.exe
|
||||
- wmic.exe
|
||||
- winword.exe
|
||||
- wuauclt.exe
|
||||
- addinprocess.exe
|
||||
- addinprocess32.exe
|
||||
- addinutil.exe
|
||||
- bash.exe
|
||||
- bginfo.exe[1]
|
||||
- cdb.exe
|
||||
- csi.exe
|
||||
- dbghost.exe
|
||||
- dbgsvc.exe
|
||||
- dnx.exe
|
||||
- fsi.exe
|
||||
- fsiAnyCpu.exe
|
||||
- kd.exe
|
||||
- ntkd.exe
|
||||
- lxssmanager.dll
|
||||
- msbuild.exe[2]
|
||||
- mshta.exe
|
||||
- ntsd.exe
|
||||
- rcsi.exe
|
||||
- system.management.automation.dll
|
||||
- windbg.exe
|
||||
|
||||
### Using just the file name in the exclusion list
|
||||
A malware may have the same name as that of the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude **Filename.exe** from scanning, use the complete path to the file, such as **C:\program files\contoso\Filename.exe**.
|
||||
|
||||
### Using a single exclusion for multiple server workloads
|
||||
Do not add every application or service into a single exclusion. For example, do not add exclusions for IIS to your SQL server or File server exclusions. On server workloads, split different application and service workloads into multiple exclusions.
|
||||
|
||||
### Using incorrect environment variables as wildcards in the file name and folder path or extension exclusion lists
|
||||
Microsoft Defender Antivirus Service runs as a Local System account, which means it gets information from the system environment variable instead of the user environment variable. Environment variable usage as a wildcard is limited to system variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account. Therefore, do not use user environment variables when adding Microsoft Defender Antivirus folder and process exclusions. See the table under [System environment variables](#system-environment-variables) for a complete list of system account environment variables.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Configure and validate exclusions in Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user