Forum Discussion

DefenderAdmin's avatar
DefenderAdmin
Brass Contributor
Aug 10, 2023

Feature request: "file indicator blocks" also work for defender AV excluded folders

Hi!

 

We had the situation that we blocked around 50 different SHA256 hashes (Security center -> file hash  indicator - block execution) which we found out that they had numerous vulnerabilities. (RCE was possible with these kind of program versions; self written software from our company)

 

But they weren't blocked at all. After a few days, we recognized that these files were placed in folders which were either centrally (GPO) or locally excluded as defender AV folder exclusions. That must have been the reason why our file indicator (block execution) would just not work.

 

So there is the idea of the following feature request (and i think there is currently no solution for that?):

We want to be able to have the option, that e.g. file indicators which are blocking executions of certain hashes also work when the folders were excluded on clients by being "scanned" by Defender AV.

 

Greetings from a happy defender for endpoint customer

Resources