Digital Marketing Agency | SEO, Paid Social & PPC

Menu

How to add exceptions to Windows Defender

Share This Post

How to add exceptions to Windows Defender: When setting up a new computer, many users prefer to install as little as possible and keep the operating system clean from bloatware. While this is a smart decision, it can cause problems when crucial applications or services are removed from the system.

Many legitimate programs and tools use “protected” files that Windows Defender will detect as potentially dangerous. Suppose you have ever tried installing a VPN client on your PC without disabling Windows Defender first. In that case, the chances are that you got an alert about the software trying to delete important parts of the operating system.

Perhaps surprisingly, it is also vital to disable real-time protection if you want to run certain backup programs such as Acronis True Image or Veeam’s Backup Replication because these will automatically scan and flag anything backed up as potentially malicious.

How to add exceptions to Windows Defender

In this article, I will show you how to add exceptions to Windows Defender to ignore files or processes that belong to a certain application or service. The process is quick and easy, but it does require a fair bit of time because the software will have to restart several times during the process.

You may also like How To Prevent Windows Defender from Sending Files to Microsoft Automatically

Adding an exception in Windows Defender for a single file

  1. Open the Start menu and search for “defender.” Right-click on the search result titled “Windows Defender” and select “Open Windows Defender” from the list of options. Alternatively, you can open Control Panel, click on System and Security, then choose “Windows Defender.”
  1. Once the application is open, click on “Allowed apps” from the menu options on the left.
  1. A new window will open with a list of all apps that Windows Defender is set to monitor and protect your system against. Microsoft recommends clicking on “Add an allowed app” and manually adding each file you want to allow access to in order to prevent false positives — files incorrectly identified as malicious — but we’ll show how you can add an entire folder, so this doesn’t become a time-consuming process. Click on “Browse my computer for an app” and locate the directory where your file or files reside using File Explorer. Select it, then click Open. Note: You can also add an entire folder, but there’s one small catch: The directory structure you choose has to be contiguous. In other words, the path must not contain missing directories.
  1. After you’ve selected your files, Windows Defender will scan them and ensure they are safe. If everything checks out OK, they’ll appear in the “Allowed apps” window under “Managed apps,” meaning that Windows Defender is now monitoring them for malicious behavior. Click on “OK,” and you’re all set!

Adding an exception in Windows Defender for a Group of Files or Folders

  1. Open the Start menu and search for “defender.” Right-click on the search result for “Windows Defender” and select “Open file location.”
  1. Right-click on the Windows Defender icon, then click “Open file location” again.
  1. Right-click on the white space in that folder where you have just one or two files, then click “Properties “.
  1. Click on the button named “Exception….” It is located at the bottom of the General tab. A new window with a text box will appear offering some exceptions already drafted for your convenience :
  2. Add files or folders to this list by typing their paths directly in this box (one per line). Then press OK when done. The selected items will be added to Windows Defender’s exclusion list, and any events generated by these items will no longer trigger an alert.

You may also like Best Free Antivirus Software for Windows 10

Adding an Exception for a Group of Registry Keys

      1 . Open the Start menu and search for ” regedit .” Right-click on the search result for “regedit” and select ” Open file location .”

  1. Right-click on the Regedit icon, then click “Open file location” again.
  1. Create a new key by right-clicking in the white space where you have just one or two files, then clicking New > Key. A new text box will appear, offering some exceptions already drafted for your convenience.
  1. Add registry keys to this list by typing their paths directly in this box (one per line). Then press OK when done. The selected items will be added to Windows Defender’s exclusion list, and any events generated by these items will no longer trigger an alert.

Adding an Exception for a Group of File Extensions 

  1. Open the Start menu and search for “defender.” Right-click on the search result for “Windows Defender” and select “Open file location.”
  1. Right-click on the Windows Defender icon, then click “Open file location” again.
  1. Go into the Tools > Folder Options… . A new window with a text box will appear offering some exceptions already drafted for your convenience.
  1. Add extensions to this list by typing their filename extension one per line in this (wildcards are allowed).

False positives are an unfortunate but inevitable part of the virus-protection game. Antivirus software detects millions of items as malicious each day, forcing IT administrators to exercise judgment when deciding whether to remove a file identified as bad.

Microsoft has built its reputation on Windows Defender, providing the first line of defense against malware. It’s not uncommon for administrators to rely completely on Microsoft’s detection capabilities before investigating files further. Using only what Defender provides may result in business disruption if it incorrectly flags a file as infected—something called a false positive (FP).

The problem is that there are a lot of legitimate programs that look enough like malware that they can trip Defense+ settings that try to avoid FP scenarios. One common example is the text editor Notepad2, which was reported as malware by several different antivirus scanners when it first came out. There was no reason to blacklist this file, but some AV software did just that.

You may also like Malware Removal: Best Antivirus Software

In addition to this type of false positive from a traditional antivirus scanner, Windows Defender has a dynamic FP problem: It gets better at identifying new kinds of malware all the time. The more data it gathers about a specific virus or worm, the greater its accuracy becomes—homing in on how the code operates and what kinds of behaviors indicate malicious intent. This sounds great until you find out that many legit programs operate in ways that get them flagged initially because they look similar to known malware samples. In other words, after gathering enough data on Notepad2, Microsoft would have been able to accurately identify it as safe, while other manufacturers might not.

Keeping all of this in mind, you should understand that Windows Defender cannot be entirely trusted anymore, especially when relying on its real-time protection features. It is designed to fight specific threats and works only with the AV databases Microsoft provides. Because of this, you should always establish a backup system consisting of additional antivirus scanners running in parallel with Defender. This way, if AV software misidentifies legitimate software or fails to notice malware at all, your files will still be protected by an alternative scanner.

The best defense against false positives imposed by Windows 11 Defender is using application control policies. New capabilities introduced in System Center Configuration Manager 2007 let administrators blacklist any file from being executed unless it is authorized, even if it ends up on the exclusions list for Windows Defender.

The simple way to accomplish this is to create an application control policy that disables real-time protection for specific applications. You can do this by making a custom client device setting (for Configuration Manager 2007) with the following values:

Application Name: All files in path (put whatever executable you want to exclude here).

Executable Security:\  Exempt From Real-Time Protection (this setting effectively disables Defense+).

Exclusions:\   Exclude paths within exclusions or Allow everyone to execute all files (the latter option lets everything run but increases your risk of running into FP problems, so exercise caution).

This configuration creates an exemption to the real-time protection rule for any file that is located in the same folder as the executable you specified. If you have multiple executables, you can just repeat this process and create additional policies for each one of them.

This workaround also allows you to create exemption rules for personal folders, such as My Documents. 

You may also like Best Free Antivirus for Windows 11

To accomplish this, follow these steps:

Launch Configuration Manager (Right-click on your site server and select Create Custom Client Device Settings .) Create a custom device setting for the same application as before, but change the Application Name to All files located in any path within the following directory. In the File/Folder Path text field, specify your user profile folder (for example, c:\users\John ). The other settings should remain unchanged.

Switch to Software Updates and click Create Automatic Deployment Rule at the top of the window. Specify how often you want your policy deployed and click Next. Check This rule will apply to computers that are configured as client devices and click Next. Check the box next to This deployment requires a system restart and specify a schedule for your rule (if you don’t want it to kick in right away)—Click Next, followed by Summary. Finally, click Next again.

After creating the policy, go back into Configuration Manager and Remote Desktop Services -> Delivery Optimization. Modify your default branch by checking Define Branch offices and adding a collection that represents all of your clients. Repeat this step on a schema management node if you have one.

Now create a custom client setting for each group of machines you need to target with the previously created exemption rules. On each device configuration’s General tab, select Custom from the drop-down list at the top labeled Client devices to which this rule applies (you can use several rules per device if you want). Click Add and select the necessary groups. Then, click on the Options tab and check Only deploy software updates from the specified branch. 

Conclusion

Windows Defender is a great program for keeping your computer safe, but sometimes it can be a little too aggressive and flag programs as potential threats when they’re not. In this article, we’ll show you how to add an exception to Windows Defender so that it won’t flag specific programs as threats. This will help you avoid getting false positives and keep your computer running smoothly.

Would you like to read more about Windows Defender-related articles? If so, we invite you to take a look at our other tech topics before you leave!

Use our Internet marketing service to help you rank on the first page of SERP

Subscribe To Our Newsletter

Get updates and learn from the best

Recent Posts

More To Explore