Forum Discussion
Solved
MSSENSE.EXE Exclusions - how and where
We are having file access type issues with various customers over the past week and in each case MSSENSE.EXE is the only thing accessing the files apart from our application. Note that we do not admi...
AlanPBourke We had a similar issue with some of our apps, you will need to open a case with support to have them put the EDR Exclusion in for you. These are separate from the AV exclusions you add in the security policies. When you do open that ticket they will ask you to run the client analyzer tool to capture what mssense is touching, without that, they will not add the exclusion. They are working on getting the feature added to where you can add your own without supports involvement, you might see if there is a private preview that support can add you into.
Mostly onboarded on Defender For Endpoint but possibly some just Defender AV, thanks.
AlanPBourke how is the enrollment done? If managed through Defender portal or Intune, then it maybe possible to configure the necessary exclusions. Also, have you tried running advanced hunting queries to check for blocking policies?
- I don't have any access to do anything in terms of Intune etc. I am in the position of having to tell our customers IT vendors what to do since they can't be bothered to do it themselves.
- It sounds like EDR exclusions are needed vs AV exclusions. A majority of the issues i've seen is that its an ASR rule causing random blocks/permission issues/access denied. Check to see what kind of audits or blocks you are getting in the ASR report or if any of the applications you are experiencing issues with are showing up.
