Forum Discussion
AlanPBourke
Dec 07, 2023Brass Contributor
MSSENSE.EXE Exclusions - how and where
We are having file access type issues with various customers over the past week and in each case MSSENSE.EXE is the only thing accessing the files apart from our application. Note that we do not admi...
- Dec 08, 2023
AlanPBourke We had a similar issue with some of our apps, you will need to open a case with support to have them put the EDR Exclusion in for you. These are separate from the AV exclusions you add in the security policies. When you do open that ticket they will ask you to run the client analyzer tool to capture what mssense is touching, without that, they will not add the exclusion. They are working on getting the feature added to where you can add your own without supports involvement, you might see if there is a private preview that support can add you into.
jbmartin6
Dec 07, 2023Iron Contributor
They would have to be MDE onboarded is mssense.exe is involved. mssense is not part of regular Defender, it is started up when device is onboarded to MDE
AlanPBourke
Dec 07, 2023Brass Contributor
Thanks. Is it possible to create exclusions for MSSENSE.EXE in that scenario ?
- jbmartin6Dec 07, 2023Iron ContributorThe only way I know about is to contact Microsoft support about it. There isn't an option in the customer console for it.
- AlanPBourkeDec 07, 2023Brass ContributorThanks for your reply.
So as I understand it we have a situation where a Microsoft component with self-modifying behaviour can cause havoc with third party applications, but it might not cause the same havoc two days in a row or for two different customers, or it might cause a different type of havoc. If I were to set up a test environment to prove the issue it might not be replicable at all. And there's no way for the paying customer to turn this off.
Thanks Microsoft.