Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Defender ATP for Mac - Time Machine

Copper Contributor

Is anyone on here trying to use Defender ATP for Mac?  We are currently in testing, and have found that when the Real-time Protection is enabled, Time Machine backups will fail.  Time Machine on our Macs is set to backup across the LAN to a NAS, rather than to local USB drive.  The only error I get is that the backup volume could not be accessed.  Excluding the backup processes from scanning does not seem to have any effect on the problem.


If I turn off the Real-time.. everything work just fine.


Any thoughts?  Anyone from Microsoft reading these?

3 Replies

@ckmase69 We are waiting a little longer before starting our Defender ATP deployment to Mac's, however you can send some logs to them according to their resource page since it seems like you can reproduce it and send it to their feedback link.



Somewhat same here. When trying to use TimeMachine, the Mac becomes almost unusable. Mouse hangs, windows hangs. Apps get blocked. Sometimes the backup fails or stops. Sometimes it ends up finished but it would take hours instead of a few minutes.

This is especially true for ppl using TimeMachine over network. Using a locally connected disk is less problematic.

Defender may be trying to check to scan/check everything going in/out of the network mounted disk I think...

I tried excluding the process, the mounted disk, local files, etc... Nothing works. We cannot use TimeMachine with Defender ATP.

Turning off Defender fixes all of this, backups works well, very fast and no hiccups.

I'm on a Macbook Pro (16 inches 2019), running Big Sur.
I was able to get this working now with the latest version or Defender ATP for MacOS (101.19.88) and using those exclusions

Excluded folder
Path: "/Volumes/.timemachine"
Excluded folder
Path: "/Volumes/Backups of Patrick-MBP-NS"
Excluded folder
Path: "/Volumes/"

The "/Volumes/Backups of Patrick-MBP-NS" exclusion is the mounted network drive where the TM backups are stored.

Beside the network drive, I also had to exclude the localsnapshot folder and the .timemachine one.

Since this was working, I did not bother trying to troubleshooting other combinations of only one of them or which one really creates the issue.