deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

more updates

Browse Source
This commit is contained in:
ManikaDhiman 2020-07-15 16:51:32 -07:00
parent 51c4e27563
commit dc0e82669b
2 changed files with 17 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md
View File

@ -199,9 +199,9 @@ The following table describes how the wildcards can be used and provides some ex
<a id="review"></a> <a id="review"></a>
### System environmental variables ### System environment variables
The following table lists and describes the system account environmental variables. The following table lists and describes the system account environment variables.
<table border="0" cellspacing="0" cellpadding="20"> <table border="0" cellspacing="0" cellpadding="20">
<thead> <thead>
@ -564,21 +564,17 @@ If you do not have Internet access, you can create your own EICAR test file by w
You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude. You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
## Common mistakes to avoid when configuring exclusion lists ## Common mistakes to avoid when defining exclusions
This section describes some common mistakes that you should avoid making when adding exclusions to Microsoft Defender Antivirus scans. This section describes some common mistakes that you should avoid making when defining exclusions for Microsoft Defender Antivirus scans.
### Excluding certain trusted items ### Excluding certain trusted items
If you trust a file, file type, folder, or a process, you can add that to the exclusion list for Microsoft Defender Antivirus scans. However, there are certain items that you should not exclude from scanning even though you trust them. If you trust a file, file type, folder, or a process, you can add that to the exclusion list for Microsoft Defender Antivirus scans. However, there are certain items that you should not exclude from scanning even though you trust them.
The following lists provide the , including: The following lists contain the items that you should not add as exclusions.
- Paths
- File extension
- Processes
### Paths not to be excluded **Do not add exclusions for the following folder locations:**
The following table provides the paths that you should not add in the exclusion list:
| File path | Comments | | Folder location | Comments |
|-----------| --------- | |-----------| --------- |
|- %systemdrive% </br>- C: </br>- C:\ </br>- C:\* | | |- %systemdrive% </br>- C: </br>- C:\ </br>- C:\* | |
|- %ProgramFiles%\Java </br>- C:\Program Files\Java | | |- %ProgramFiles%\Java </br>- C:\Program Files\Java | |
@ -594,9 +590,7 @@ The following table provides the paths that you should not add in the exclusion
|C:\Windows\System32\CatRoot2 | | |C:\Windows\System32\CatRoot2 | |
|- %Windir%\Temp </br>- C:\Windows\Temp </br>- C:\Windows\Temp\ </br>- C:\Windows\Temp\* | | |- %Windir%\Temp </br>- C:\Windows\Temp </br>- C:\Windows\Temp\ </br>- C:\Windows\Temp\* | |
### File extensions that should not be excluded **Do not add exclusions for the following file extensions:**
The following is the list of file extensions that you should not add to the exclusion list:
- .7zip - .7zip
- .bat - .bat
- .bin - .bin
@ -636,8 +630,7 @@ The following is the list of file extensions that you should not add to the excl
- .wsf - .wsf
- .zip - .zip
### Processes that should not be excluded **Do not add exclusions for the following processes:**
The following is the list of processes that should not be added to the exclusion list:
- AcroRd32.exe - AcroRd32.exe
- bitsadmin.exe - bitsadmin.exe
- excel.exe - excel.exe
@ -674,13 +667,14 @@ The following is the list of processes that should not be added to the exclusion
- system.management.automation.dll - system.management.automation.dll
- windbg.exe - windbg.exe
### Using only the file name in the exclusion list ### Using just the file name in the exclusion list
It is possible that a malware is named exactly same as the file that you trust and want to exclude from scanning. In such cases, to avoid excluding the malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude `Filename.exe` from scanning, use the complete path to the file, such as `C:\program files\contoso\Filename.exe`. It is possible that the name of a malware is same as the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude **Filename.exe** from scanning, use the complete path to the file, such as **C:\program files\contoso\Filename.exe**.
### On Server workloads, using a single exclusion for multiple exceptions ### Using a single exclusion for multiple exceptions on Server workloads
Do not include every application or service into a single exclusion. You dont want to include exceptions for IIS on your SQL server, or File Server, etc. You should split different application and service workloads into multiple exceptions.
Do not include every single application/service into just 1 exclusion. You dont want to include exceptions for IIS on your SQL server, or File Server, etc. You should split different application/service workloads to multiple exceptions.
### Using incorrect environment variables as wildcards in the file name and folder path or extension exclusion lists
Microsoft Defender Antivirus Service runs as a Local System account, which means it gets information from the "system" environment variable instead of the "user" environment variable. Therefore, you must use "system" environment variables when defining Microsoft Defender Antivirus folder or process exclusions. See the table under [System environment variables](#system-environment-variables) for a complete list of system account environment variables.
## Related topics ## Related topics

4
windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md
View File

@ -54,9 +54,9 @@ Threats | Specify threats upon which default action should not be taken when det
> [!IMPORTANT] > [!IMPORTANT]
> Microsoft Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed. > Microsoft Defender Antivirus detects and remediates files based on many factors. Sometimes, completing a remediation requires a reboot. Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed.
> </p> >
> If you are certain Microsoft Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Microsoft Defender Antivirus](restore-quarantined-files-microsoft-defender-antivirus.md). > If you are certain Microsoft Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. See [Restore quarantined files in Microsoft Defender Antivirus](restore-quarantined-files-microsoft-defender-antivirus.md).
> </p> >
> To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md). > To avoid this problem in the future, you can exclude files from the scans. See [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md).
Also see [Configure remediation-required scheduled full Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings. Also see [Configure remediation-required scheduled full Microsoft Defender Antivirus scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md#remed) for more remediation-related settings.