UPDATE, SEP-2023:  Please contact MS Support and ask to enable EDR Exclusions in your tenant.

The process to add EDR exclusion is not helping anyone, but wasting time and resources.

Current Process:

2019 Server

1 - Customer ID Issue - query taking longer then expected (32sec) with MDAV and MDE onboarded 2019Server. Passive mode shows no change. Uninstall MDAV, no change. Offboard machine (removes MsSense) query improves to 20sec. Install MDAV, query is the same. Onboard machine, query back to 32 secs

2 - Open "Unified Enterprise" support ticket for MDE explaining that MsSense is causing slowness and need to add an exclusion. List the exact paths and the two processes that need exclusion.

3 - MS Support: We will need you to run the MDE Client Analyzer to collect the needed logs to troubleshoot your issue.

Download MDEClientAnalyzerPreview.zip from here:

Unzip to C:\MDE
Extract contents to "C:\MDE\MDEClientAnalyzerPreview"
From an elevated CMD prompt, run: "C:\MDE\MDEClientAnalyzerPreview\MDEClientAnalyzer.cmd" -c -d -v

When completed, send us "C:\MDE\MDEClientAnalyzerPreview\MDEClientAnalyzerResult.zip"

4 - Upload logs on Friday

5 - Monday - ask for update

6 - Tuesday - ask for update

7 - Wednesday - ask for update

8 - Thursday - Jump on a call with MS support collect logs for PG group

9 - Friday - ask if PG group has update.

10 - Following Monday - ask if PG group has update. Escalate to TAM

11 - following Tue, Wed, Thur, - ask if PG group has update.

12 - following Thursday - Support provides reg key to add and wait 5 mins to test.

13 - Following Thursday - 5 sec improvement in query. ask for next steps

14 - Following, following Monday - support reports asking PG group for update.

15 - Following, following Tuesday - Support reports PG group added 4 more process EDR exclusion and one path exclusion. Now run the logging above and resubmit.

Why so many steps and log collection for a simple EDR exclusion?