From d29584a74782371199fed5437b6b262c9894ce5e Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 30 Apr 2019 20:03:20 -0500 Subject: [PATCH 1/8] Solving Issue #3055 --- ...xtension-file-exclusions-windows-defender-antivirus.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index 492af0b7b7..52adc53122 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -20,6 +20,10 @@ ms.date: 12/10/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>[!IMPORTANT] +> [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection) does not adhere to the Windows Defender Antivirus Exclusions settings. In other words, Windows Defender Exclusions,however they are created, are not used by ATP. + + You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. Generally, you shouldn't need to apply exclusions. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. @@ -46,9 +50,7 @@ This means the exclusion lists have the following characteristics: >[!IMPORTANT] >The use of wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work. -> >You cannot exclude mapped network drives. You must specify the actual network path. -> >Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md). @@ -57,13 +59,13 @@ The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defen >[!IMPORTANT] >Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). -> >Changes made in the Windows Security app **will not show** in the Group Policy lists. By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in case of conflicts. You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-windows-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. + ## Configure the list of exclusions based on folder name or file extension **Use Intune to configure file name, folder, or file extension exclusions:** From 95053d19546fa083f8870336ca940e30910b4f01 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 1 May 2019 11:24:52 -0500 Subject: [PATCH 2/8] Update windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md Nenonix suggestion 1 Co-Authored-By: j0rt3g4 --- ...gure-extension-file-exclusions-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index 52adc53122..493247b756 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -20,7 +20,7 @@ ms.date: 12/10/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!IMPORTANT] +> [!IMPORTANT] > [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection) does not adhere to the Windows Defender Antivirus Exclusions settings. In other words, Windows Defender Exclusions,however they are created, are not used by ATP. From ee6b88e60ca1da6944b555264933283a35cba453 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 1 May 2019 11:25:05 -0500 Subject: [PATCH 3/8] Update windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md Nenonix suggestion #2 Co-Authored-By: j0rt3g4 --- ...gure-extension-file-exclusions-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index 493247b756..f29bb4bd78 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -21,7 +21,7 @@ ms.date: 12/10/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!IMPORTANT] -> [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection) does not adhere to the Windows Defender Antivirus Exclusions settings. In other words, Windows Defender Exclusions,however they are created, are not used by ATP. +> [Windows Defender Advanced Threat Protection ](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection) does not adhere to Windows Defender Antivirus exclusion settings. This means that any Windows Defender exclusions, no matter how you created them, are not applied by Windows Defender ATP. You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. From d94154c14a160a37d6b1d670cdb9f9cb5b88518a Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 1 May 2019 11:25:24 -0500 Subject: [PATCH 4/8] Update windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md Nenonix suggestion #3 Co-Authored-By: j0rt3g4 --- ...igure-extension-file-exclusions-windows-defender-antivirus.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index f29bb4bd78..4e0ee50bfd 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -23,7 +23,6 @@ ms.date: 12/10/2018 > [!IMPORTANT] > [Windows Defender Advanced Threat Protection ](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection) does not adhere to Windows Defender Antivirus exclusion settings. This means that any Windows Defender exclusions, no matter how you created them, are not applied by Windows Defender ATP. - You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. Generally, you shouldn't need to apply exclusions. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. From ae4e3f030b3929ef801e9478c85f25d610924bb0 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Wed, 1 May 2019 11:25:46 -0500 Subject: [PATCH 5/8] Update windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md Nenonix suggestion #4 Co-Authored-By: j0rt3g4 --- ...igure-extension-file-exclusions-windows-defender-antivirus.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index 4e0ee50bfd..e2bdef688e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -64,7 +64,6 @@ By default, local changes made to the lists (by users with administrator privile You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-windows-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings. - ## Configure the list of exclusions based on folder name or file extension **Use Intune to configure file name, folder, or file extension exclusions:** From 5b2c2255ca10709f714ac3ec4557e6c93fd90f2d Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Wed, 1 May 2019 14:04:08 -0500 Subject: [PATCH 6/8] Ading lines --- ...ure-extension-file-exclusions-windows-defender-antivirus.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index e2bdef688e..fb528fe1b5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -47,8 +47,10 @@ This means the exclusion lists have the following characteristics: - Folder exclusions will apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately. - File extensions will apply to any file name with the defined extension if a path or folder is not defined. + >[!IMPORTANT] >The use of wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work. + >You cannot exclude mapped network drives. You must specify the actual network path. >Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. @@ -56,6 +58,7 @@ To exclude files opened by a specific process, see [Configure and validate exclu The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [real-time protection](configure-real-time-protection-windows-defender-antivirus.md). + >[!IMPORTANT] >Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). >Changes made in the Windows Security app **will not show** in the Group Policy lists. From 5980d15305a14680ce91918d0618ddbf822d0bab Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 1 May 2019 21:34:03 +0200 Subject: [PATCH 7/8] Add back 3 removed unrelated note lines Adding back the 3 lines you removed outside of the added note. One of the last line changes was correctly placed, but missing the > character to keep the block together. --- ...-extension-file-exclusions-windows-defender-antivirus.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index fb528fe1b5..eb2bdd0120 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -47,10 +47,10 @@ This means the exclusion lists have the following characteristics: - Folder exclusions will apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately. - File extensions will apply to any file name with the defined extension if a path or folder is not defined. - >[!IMPORTANT] +> >The use of wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work. - +> >You cannot exclude mapped network drives. You must specify the actual network path. >Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. @@ -58,9 +58,9 @@ To exclude files opened by a specific process, see [Configure and validate exclu The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [real-time protection](configure-real-time-protection-windows-defender-antivirus.md). - >[!IMPORTANT] >Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +> >Changes made in the Windows Security app **will not show** in the Group Policy lists. By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in case of conflicts. From 4535992c16391611358d5efa0d4f550ba7bdc4fc Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Wed, 1 May 2019 15:20:51 -0500 Subject: [PATCH 8/8] Lines Corrections --- ...gure-extension-file-exclusions-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md index eb2bdd0120..7e70db0e6b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md @@ -48,10 +48,10 @@ This means the exclusion lists have the following characteristics: - File extensions will apply to any file name with the defined extension if a path or folder is not defined. >[!IMPORTANT] -> >The use of wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work. > >You cannot exclude mapped network drives. You must specify the actual network path. +> >Folders that are reparse points that are created after the Windows Defender Antivirus service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target. To exclude files opened by a specific process, see [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md).