Forum Discussion
Whitelisting .exe files - Defender for Endpoint
Hello,
Does anyone know where you can whitelist .exe files? Or add paths in defender to be whitelisted for specific endpoints? We have software that requires the user to run the .exe file and it keeps being flagged as malware even though we know its false positive.
- Hi, are you using Intune for Endpoint Management? You need to create a group and then add the policy to it. See articles here:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-worldwide
I would highly recommend you to check first, why the software is beeing flagged as malware... Also be aware of path exclusions, as this can be a security risk.
- adiiiBrass ContributorHi, are you using Intune for Endpoint Management? You need to create a group and then add the policy to it. See articles here:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-worldwide
I would highly recommend you to check first, why the software is beeing flagged as malware... Also be aware of path exclusions, as this can be a security risk. - cyb3rmik3Iron Contributor
Bosanac89 hi,
The easiest way is to go to the alert, find the relevant details of the executable as depicted below, click on the three dots and then Manage Indicator > Add Indicator and then follow the instructions to except the executable by choosing Allow at the Action tab.
But this is hash-based whitelist which means that all of your endpoints should have the exact same executable.
Hope this helps.
If I have answered your question, please mark your post as Solved
If you like my response, please consider giving it a like