Forum Discussion

Bosanac89's avatar
Bosanac89
Copper Contributor
Nov 15, 2023
Solved

Whitelisting .exe files - Defender for Endpoint

Hello,    Does anyone know where you can whitelist .exe files? Or add paths in defender to be whitelisted for specific endpoints? We have software that requires the user to run the .exe file and it...
microsoft defender for endpoint
  • adiii's avatar
    adiii
    Nov 16, 2023
    Hi, are you using Intune for Endpoint Management? You need to create a group and then add the policy to it. See articles here:
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-worldwide

    I would highly recommend you to check first, why the software is beeing flagged as malware... Also be aware of path exclusions, as this can be a security risk.
cyb3rmik3's avatar
cyb3rmik3
MVP
Nov 16, 2023

Bosanac89 hi,

 

The easiest way is to go to the alert, find the relevant details of the executable as depicted below, click on the three dots and then Manage Indicator > Add Indicator and then follow the instructions to except the executable by choosing Allow at the Action tab.

 

 

But this is hash-based whitelist which means that all of your endpoints should have the exact same executable.

 

Hope this helps.

 

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

Resources