Forum Discussion

miya_13's avatar
miya_13
Copper Contributor
Sep 26, 2023

Is there any way avoiding files locking by Defender for Endpoint (mssense.exe) without excluding

We have received reports from end users of our application about an issue discussed in the link “Defender for Endpoint (mssense.exe) locking files and causing issues”. They are experiencing errors due to file write operations being locked by MsSense.exe. In their environment, this occurred with files with the “.fdss” extension.

However, when we set up a similar environment and tested it, we did not experience this with “.fdss” files but instead with “.xml” files. Yet, from the next day onwards, we no longer experienced errors due to locking in our environment.

The occurrence of errors varies even with the same write operations. Could this be resolved with just updating Endpoint? And is there any prospect that improving the reliability of our software(e.g. adding digital signatures) will prevent this from happening?

We found that excluding the file from inspection seems to resolve the error. However, as a software vendor, we would like to avoid asking our users individually to exclude files if possible.

Thank you.

  • Hi miya_13,

    Is there any way avoiding files locking by Defender for Endpoint (mssense.exe) without excluding?

    There is no known way to avoid file locking by Defender for Endpoint (mssense.exe) without excluding the files or folders. MsSense.exe is the primary process for the functions of Microsoft Defender for Endpoint outside of antimalware scanning. It is responsible for gathering information about files on the system, such as their hash and digital signature. This information is used to detect and prevent malware infections.

    Why is MsSense.exe locking files?

    MsSense.exe may lock files for a number of reasons, including:

    • To scan the file for malware.
    • To create a copy of the file for analysis.
    • To prevent the file from being modified or deleted while it is being analyzed.

    Why is MsSense.exe locking files in your customers' environments but not in yours?

    There are a number of possible reasons why MsSense.exe may be locking files in your customers' environments but not in yours. These include:

    • The files that are being locked may be different.
    • The version of Microsoft Defender for Endpoint that is installed may be different.
    • The configuration of Microsoft Defender for Endpoint may be different.
    • The environment in which Microsoft Defender for Endpoint is running may be different.

    Could this be resolved with just updating Endpoint?

    It is possible that updating Microsoft Defender for Endpoint could resolve the issue. 

    Is there any prospect that improving the reliability of our software(e.g. adding digital signatures) will prevent this from happening?

    Adding digital signatures to your software may help to reduce the likelihood of MsSense.exe locking your files. However, there is no guarantee that it will prevent it from happening altogether. MsSense.exe may still lock your files if it suspects that they are malicious, even if they have digital signatures.

    What can you do to help your customers?

    The best way to help your customers is to work with Microsoft to resolve the issue. You can open a support case with Microsoft and provide them with as much information as possible about the issue, including the following:

    • The version of Microsoft Defender for Endpoint that is installed.
    • The configuration of Microsoft Defender for Endpoint.
    • The environment in which Microsoft Defender for Endpoint is running.
    • The specific files that are being locked.
    • The errors that your customers are experiencing.

    Microsoft may be able to provide you with a fix for the issue or help you to work around it.

    In the meantime, you can also advise your customers to try the following:

    • Make sure that they are running the latest version of Microsoft Defender for Endpoint.
    • Try updating their antivirus software to the latest version.
    • Try restarting their computers.
    • Try running their applications as administrator.
    • Try excluding the files that are being locked from Microsoft Defender for Endpoint.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic (LinkedIn)

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi miya_13,

    Is there any way avoiding files locking by Defender for Endpoint (mssense.exe) without excluding?

    There is no known way to avoid file locking by Defender for Endpoint (mssense.exe) without excluding the files or folders. MsSense.exe is the primary process for the functions of Microsoft Defender for Endpoint outside of antimalware scanning. It is responsible for gathering information about files on the system, such as their hash and digital signature. This information is used to detect and prevent malware infections.

    Why is MsSense.exe locking files?

    MsSense.exe may lock files for a number of reasons, including:

    • To scan the file for malware.
    • To create a copy of the file for analysis.
    • To prevent the file from being modified or deleted while it is being analyzed.

    Why is MsSense.exe locking files in your customers' environments but not in yours?

    There are a number of possible reasons why MsSense.exe may be locking files in your customers' environments but not in yours. These include:

    • The files that are being locked may be different.
    • The version of Microsoft Defender for Endpoint that is installed may be different.
    • The configuration of Microsoft Defender for Endpoint may be different.
    • The environment in which Microsoft Defender for Endpoint is running may be different.

    Could this be resolved with just updating Endpoint?

    It is possible that updating Microsoft Defender for Endpoint could resolve the issue. 

    Is there any prospect that improving the reliability of our software(e.g. adding digital signatures) will prevent this from happening?

    Adding digital signatures to your software may help to reduce the likelihood of MsSense.exe locking your files. However, there is no guarantee that it will prevent it from happening altogether. MsSense.exe may still lock your files if it suspects that they are malicious, even if they have digital signatures.

    What can you do to help your customers?

    The best way to help your customers is to work with Microsoft to resolve the issue. You can open a support case with Microsoft and provide them with as much information as possible about the issue, including the following:

    • The version of Microsoft Defender for Endpoint that is installed.
    • The configuration of Microsoft Defender for Endpoint.
    • The environment in which Microsoft Defender for Endpoint is running.
    • The specific files that are being locked.
    • The errors that your customers are experiencing.

    Microsoft may be able to provide you with a fix for the issue or help you to work around it.

    In the meantime, you can also advise your customers to try the following:

    • Make sure that they are running the latest version of Microsoft Defender for Endpoint.
    • Try updating their antivirus software to the latest version.
    • Try restarting their computers.
    • Try running their applications as administrator.
    • Try excluding the files that are being locked from Microsoft Defender for Endpoint.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic (LinkedIn)

    • miya_13's avatar
      miya_13
      Copper Contributor

      Hi LeonPavesic.

      I understood very well the behaviors that are occurring, and the countermeasures can be taken.

      We will explain to our customers. Thank you very much for your detailed explanation!

      Best Regards.

    • AlanPBourke's avatar
      AlanPBourke
      Brass Contributor
      All

      We are having file access type issues with various customers over the past week and in all cases outside of our application MSSENSE.EXE is the only thing accessing the files. Note that we do not administer Endpoint ourselves - we are in the position of having to advise our customer's IT vendors on exclusions etc.
      I see conflicting reports on the web as to whether MSSENSE.EXE respects folder or file extension exclusions set up for the normal AV scanning, or that it is possible but Microsoft have to do it on the 365 tenant. Reading your comments here it appears that it *is* possible to set exclusions for MSSENSE.EXE.

      If so could someone give me a pointer as to where that is done so that I can advise our customers?
      • jbmartin6's avatar
        jbmartin6
        Iron Contributor
        AFAIK there is not a generally available place to create such exclusions. Others have mentioned Microsoft support either setting it for them behind the scenes or else enabling a feature in the console which is not present by default.

Resources