Forum Discussion

Vibbers's avatar
Vibbers
Copper Contributor
Feb 04, 2025
Solved

Blocking in Vulnerability Management triggers full scan in Defender.

Over that last couple of weeks our users have been complaining about their computers being slow as molasses - we observed Defender was running a full scan after every reboot.

Reviewing event logs we were eventually able to pin down the root cause - a while back we introduced a Block remediation for a vulnerable version of 7-Zip. It turned out that the driver updates delivered via Dell Command Update are internally using an older version of 7-Zip for the file extraction, and were being blocked every time the driver installation retry attempt occurred (which seems to be at every reboot...) Removing the block remediation in Vulnerability Management resolved the issue.

While having our driver updates being blocked is somewhat of a nuisance, the repeated full scans had a severe impact on our productivity. Does it even make sense for Defender to do a full scan for a detected "Enterprise Unwanted Software"? Are there options to tweak this (apparently) default behavior to skip the (full) scan for certain categories?

 

 

 

  • Turns out this was actually our third-party EDR solution that triggered the unnecessary Defender scan. 

3 Replies

  • Vibbers's avatar
    Vibbers
    Copper Contributor

    Turns out this was actually our third-party EDR solution that triggered the unnecessary Defender scan. 

    • luchete's avatar
      luchete
      Steel Contributor

      Hi Vibbers!

      Great to see you've found the issue. Would you mind leaving this thread as solved/completed?

  • luchete's avatar
    luchete
    Steel Contributor

    Hello Vibbers!

    As you've said, it doesn’t really make sense for Defender to run a full scan just because of "Enterprise Unwanted Software" detection, especially if it’s causing performance issues.

    You can adjust the scan behavior by modifying Defender’s settings to exclude certain files, folders, or categories from being scanned. To do this, you can add exclusions in Defender’s settings for files related to the Dell Command Update or the 7-Zip version causing the issue. This way, Defender will skip scanning those files and won’t trigger a full scan every time.

    In more details or steps to accomplish it: 
    To prevent Defender from running unnecessary full scans, open Windows Security and go to the Virus & Threat Protection section. In the settings, find the area for managing exclusions and add the files, folders, or processes you want to exclude from scans. By doing this, Defender will skip scanning those items, helping to avoid full scans and improving system performance.

    You can add exclusions for specific programs or files that are causing repeated scans without affecting the overall protection. Once the exclusions are set, Defender will no longer scan those items during future scans or reboots.

    I hope it gives you some more ideas on finding a solution.

    Ragards!

Resources