Antivirus Exclusions via Intune

From Notes_Wiki

Home > Microsoft Intune > Antivirus Exclusions via Intune


Antivirus Exclusions via Intune

Overview

Antivirus exclusions in Intune allow administrators to exclude files, folders, processes, or file types from Microsoft Defender Antivirus scans. This is useful for applications that may conflict with real-time scanning (e.g., backup tools, databases).

Prerequisites

  • Intune Administrator or Security Administrator role.
  • Windows 10/11 devices enrolled in Intune.
  • Microsoft Defender Antivirus enabled.

Steps

1. Sign in

2. Navigate to Endpoint Security

  • Go to: Endpoint security > Antivirus > Create policy.

3. Select Platform and Profile Type

  • Platform: Windows 10 and later
  • Profile type: Microsoft Defender Antivirus

4. Configure Exclusions

  • Add items to exclude:
    • File: C:\Program Files\CustomApp\app.exe
    • Folder: C:\Data\Backup\
    • Extension: .log
    • Process: backup.exe

5. Assign the Policy

  • Target required Azure AD groups (e.g., Production Servers, Developer PCs).

6. Review and Create

  • Verify exclusion list.
  • Click Create.

7. Monitor Deployment

  • Navigate: Endpoint security > Antivirus > Select Policy > Device/User status.
  • Confirm exclusions are applied successfully.

Notes

  • Exclusions should be kept minimal to avoid reducing protection.
  • Apply only when required for business-critical apps.
  • Always test in pilot groups before wide rollout.


Home > Microsoft Intune > Antivirus Exclusions via Intune