Forum Discussion
Automated Investigation Exclusions
Hi Community, i have a question about AIR exclusions folders in Defender for Endpoint. I need to test this feature to be able to provide information to customers when they need some folders which ...
try to exclude the folder using that format %userprofile%\Downloads and test your malware file again
Thanks for the answer but it didnt solve the issue. I have tested it with different three folders;
1. ordinary folder with no exclusions neither Antivirus Policy nor Automated folder exclusions
2. A folder which has been excluded via Intune Antivirus Policy
3. A folder which has been excluded via Intune Antvirus Policy and Automated Folder Exclusion(%userprofile%\Downloads)
I have extracted the malware on the folders and as i expected on the folder1, AV has detected it but then after the MDE Investigation the other two malwares has been remediated. I expected that the malware should be remediated from Folder2 because it was not excluded via Automation Folder Exclusion but for Folder3 i dont have any idea.
It must be noted that the post remediated malwares have been detected from the Windows Defender as "unwanted application".
1. ordinary folder with no exclusions neither Antivirus Policy nor Automated folder exclusions
2. A folder which has been excluded via Intune Antivirus Policy
3. A folder which has been excluded via Intune Antvirus Policy and Automated Folder Exclusion(%userprofile%\Downloads)
I have extracted the malware on the folders and as i expected on the folder1, AV has detected it but then after the MDE Investigation the other two malwares has been remediated. I expected that the malware should be remediated from Folder2 because it was not excluded via Automation Folder Exclusion but for Folder3 i dont have any idea.
It must be noted that the post remediated malwares have been detected from the Windows Defender as "unwanted application".