When will Microsoft alllow the customer to manage EDR (MsSense) Exclusions?

Copper Contributor

UPDATE, SEP-2023:  Please contact MS Support and ask to enable EDR Exclusions in your tenant.


The process to add EDR exclusion is not helping anyone, but wasting time and resources.

Current Process:

2019 Server

1 - Customer ID Issue - query taking longer then expected (32sec) with MDAV and MDE onboarded 2019Server. Passive mode shows no change. Uninstall MDAV, no change. Offboard machine (removes MsSense) query improves to 20sec. Install MDAV, query is the same. Onboard machine, query back to 32 secs

2 - Open "Unified Enterprise" support ticket for MDE explaining that MsSense is causing slowness and need to add an exclusion. List the exact paths and the two processes that need exclusion.

3 - MS Support: We will need you to run the MDE Client Analyzer to collect the needed logs to troubleshoot your issue.

Download MDEClientAnalyzerPreview.zip from here:

Unzip to C:\MDE
Extract contents to "C:\MDE\MDEClientAnalyzerPreview"
From an elevated CMD prompt, run: "C:\MDE\MDEClientAnalyzerPreview\MDEClientAnalyzer.cmd" -c -d -v

When completed, send us "C:\MDE\MDEClientAnalyzerPreview\MDEClientAnalyzerResult.zip"

4 - Upload logs on Friday

5 - Monday - ask for update

6 - Tuesday - ask for update

7 - Wednesday - ask for update

8 - Thursday - Jump on a call with MS support collect logs for PG group

9 - Friday - ask if PG group has update.

10 - Following Monday - ask if PG group has update. Escalate to TAM

11 - following Tue, Wed, Thur, - ask if PG group has update.

12 - following Thursday - Support provides reg key to add and wait 5 mins to test.

13 - Following Thursday - 5 sec improvement in query. ask for next steps

14 - Following, following Monday - support reports asking PG group for update.

15 - Following, following Tuesday - Support reports PG group added 4 more process EDR exclusion and one path exclusion. Now run the logging above and resubmit.


Why so many steps and log collection for a simple EDR exclusion?

4 Replies

@MDEUserNot sure if you have run the Performance analyzer for Microsoft Defender Antivirus to understand what is causing the compute bottleneck?

@askvpb  We also have issues with MSSense on multiple production servers, we have to respond quickly to this (its production!) so I don't think Microsoft understand this. The delay in processing a support call to get an exclusion is not a real world solution.


Until, this is fixed we have no option but to disable MSSense which is not a great solution.



We also have issues with MSSense.. They really need to give us a way to easily add exclusion. Right now, we removed the EDR from some of our server because using the support to add exclusion is too slow (and not convenient at all).
Just had a support ticket regarding an issue with Veeam guest files restore not working when the server was onboarded with Defender ATP. After couple of weeks back and forth they finally gave me access to "EDR Exclusion" menu under Defender Endpoint in Security portal. So then I could by trial & error configure the correct exclusion to get this to work. But once the case was closed I lost access to this "EDR Exclusion" menu. This menu really needs to be made publicly available.