Team: Huntress EDR
Product: Managed Defender Antivirus
Environment: Managed AV (MAV)
Summary: Managed Defender AV exclusions can be set on the account, organization, or host level. These exclusions can be paths, extensions or processes.
Creating Microsoft Defender AV Exclusions
Exclusions can be set on the account, organization, or host level (depending on inheritance settings).
To create exclusions on the account or organization level, click on "Configure" within the Managed Antivirus Status table on the Managed AV page of the Account or organization. After selecting inheritance settings (if available) you will be able to enter the exclusions.
- Path exclusions - type out the path you want to exclude (i.e., C:\ProgramName\Databasefolder)
- Extension exclusions - type the extension name of extensions you'd like to exclude from scanning (ie. .txt, .docx, etc. <-- don't exclude these)
- Process exclusions - type the full path of programs you'd like to exclude (i.e., C:\tester.exe)
The Huntress Managed AV Dashboard supports wildcards.
For more information on Path/Extension exclusions, please see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.
Account-level Exclusions:
From your Huntress Dashboard, click the MAV Shield icon, and then the green configure button to access the Exclusions tab - follow the steps as shown below.
Organizational-level Exclusions:
Navigate to the Organization you wish to set the exclusions for - then follow steps as above, as when setting Account-level exclusions.
Host-level Exclusions:
Navigate to the agent overview page of the host you wish to set exclusions for, then follow the steps below.
Comments
0 comments
Please sign in to leave a comment.