Team: Huntress Managed Endpoint Detection and Response
Product: Managed Microsoft Defender
Environment: Windows OS
Summary: Exclusions need to be removed from the Windows Security Center if "Source: Endpoint" is set in Exclusions from Antivirus Policy Status to make the agent compliant.
Exclusions set on an endpoint cannot be cleared by the Huntress agent, so if you see a "Source: Endpoint" exclusion making your agent non-compliant in Managed Microsoft Defender, you'll need to manually remove them to become compliant again.
Open up Windows Security Center (click on the start button and type "Windows Security Center")
Click on Virus & threat protection
Click on Manage Settings
Scroll down and click on Add or remove exclusions
For each exclusion you wish to remove move your mouse over the exclusion until a down arrow appears, click on that, then click the Remove button that appears
Using PowerShell:
# set exclusions to default $pathExclusions = Get-MpPreference | select ExclusionPath foreach ($exclusion in $pathExclusions) { if ($exclusion.ExclusionPath -ne $null) { Remove-MpPreference -ExclusionPath $exclusion.ExclusionPath } } $extensionExclusion = Get-MpPreference | select ExclusionExtension foreach ($exclusion in $extensionExclusion) { if ($exclusion.ExclusionExtension -ne $null) { Remove-MpPreference -ExclusionExtension $exclusion.ExclusionExtension } } $processExclusions = Get-MpPreference | select ExclusionProcess foreach ($exclusion in $processExclusions) { if ($exclusion.ExclusionProcess -ne $null) { Remove-MpPreference -ExclusionProcess $exclusion.ExclusionProcess } }