Forum Discussion
exclusions for USB and /etc/hosts file on Windows 10 devices
Is it possible to configure Microsoft Defender for Endpoint for a small group of Windows 10 users so they have no USB restrictions? Is it possible to configure Microsoft Defender for Endpoint so that a small groups of Windows users have the ability to edit their Windows 10 /etc/host file w/o alerting? Currently in a co-managed scenario but customer would like to migrate from SCCN to Intune in the future. Primarily use SCCM at this point.
1 Reply
- Hello Gary,
To apply an exclusion to Defender for Endpoint you should add a custom indicator like so:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-indicators
As far as I know it's not possible to add specific exclusions for removable drives at this time.
