Forum Discussion
Solved
MSSENSE.EXE Exclusions - how and where
We are having file access type issues with various customers over the past week and in each case MSSENSE.EXE is the only thing accessing the files apart from our application. Note that we do not admi...
AlanPBourke We had a similar issue with some of our apps, you will need to open a case with support to have them put the EDR Exclusion in for you. These are separate from the AV exclusions you add in the security policies. When you do open that ticket they will ask you to run the client analyzer tool to capture what mssense is touching, without that, they will not add the exclusion. They are working on getting the feature added to where you can add your own without supports involvement, you might see if there is a private preview that support can add you into.
Do the devices only have Defender AV running or onboarded on Defender for Endpoint?
- Mostly onboarded on Defender For Endpoint but possibly some just Defender AV, thanks.
AlanPBourke how is the enrollment done? If managed through Defender portal or Intune, then it maybe possible to configure the necessary exclusions. Also, have you tried running advanced hunting queries to check for blocking policies?
- I don't have any access to do anything in terms of Intune etc. I am in the position of having to tell our customers IT vendors what to do since they can't be bothered to do it themselves.
- They would have to be MDE onboarded is mssense.exe is involved. mssense is not part of regular Defender, it is started up when device is onboarded to MDE
- Thanks. Is it possible to create exclusions for MSSENSE.EXE in that scenario ?
