cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Process exclusions not working for MSSense.exe

pbarnz
Copper Contributor

‎Sep 25 2023 09:34 AM - edited ‎Sep 25 2023 09:35 AM

‎Sep 25 2023 09:34 AM - edited ‎Sep 25 2023 09:35 AM

Process exclusions not working for MSSense.exe

I have an issue where builds often fail due to sharing violations caused by defender.

The sequence is:

  • link.exe (MS VC++) creates the exe file being built
  • MsSense.exe opens the exe file just built for scanning
  • mt.exe (MS VC++ manifest tool) is executed to embed a manifest in the exe being built
  • mt.exe fails to open the exe file due to a sharing violation.

I've confirmed with procmon that MsSense.exe is opening this exe file in between our link and manifest steps and causes the sharing violation.

 

I've tried adding process exclusions for link.exe and mt.exe with no change to the result. Also tried adding folder exclusions for the directory containing the source tree, also no help.

 

It appears that MsSense.exe is part of Advanced Threat Protection and that Defender exclusions do not apply to that. I've searched high and low for how to fix this problem with no luck.

 

Looking for ideas/pointers on how to add exceptions to ATP .

2,074 Views
2 Likes
6 Replies
Reply
6 Replies
dappleby300260

‎Sep 25 2023 06:58 PM

‎Sep 25 2023 06:58 PM

Re: Process exclusions not working for MSSense.exe

@pbarnz When i raised a support case on this only the product team can add exclusions for ATP. Its done for the whole tenant too and it took weeks before they finally added it.

 

Apparently there is update coming where we can add them ourselves but its still in preview (or so the engineer told me).

1 Like
Reply
XaviFCB

‎Sep 28 2023 12:37 PM

‎Sep 28 2023 12:37 PM

Re: Process exclusions not working for MSSense.exe

Same issue here. Our nightly builds are failing almost every day apparently for the same reason. In our case, it seems to fail randomly at different modules each day. Process Monitor also shows MsSense and from time to time MsMpEng accessing and locking some of the generated files.
1 Like
Reply
MichielJaspers

‎Oct 02 2023 06:01 AM

‎Oct 02 2023 06:01 AM

Re: Process exclusions not working for MSSense.exe

@pbarnz 

 

We're facing the same issue in our company. We're seeing it more often on slower machines.

A colleague suggested to use MT_EXECUTE_DELAY=1000 environment variable.

1 Like
Reply
Vinod7

‎Oct 05 2023 06:02 PM

‎Oct 05 2023 06:02 PM

Re: Process exclusions not working for MSSense.exe

Where should we set it? We also hvae the same issue
0 Likes
Reply
C00kieMonster

‎Oct 06 2023 04:29 PM

‎Oct 06 2023 04:29 PM

Re: Process exclusions not working for MSSense.exe

How are you setting your process exclusions?
I know in our case (using group policy) it turned out it was very picky about how we had the exclusions written.
You set the name to the full path to the executable you want to exclude, and then you set the data to "0". (we had no luck just using the executable by itself)

So when all is said and done, what populates into registry are REG_SZ keys where the name is the full path, and the data value shows 0. Been working for us for many months now.
1 Like
Reply
pbarnz

‎Oct 11 2023 07:35 AM

‎Oct 11 2023 07:35 AM

Re: Process exclusions not working for MSSense.exe

Setting with just the exe file name, e.g. mt.exe. Part of the problem is this is all managed centrally by our IT and for a global/shared profile, it would be problematic to specify full paths. But they did put me in "troubleshooting mode" where I could add exceptions locally for a while, and adding the full paths made no difference. It appears that Advanced Threat Protection does not use these exclusions, it is managed separately.
0 Likes
Reply