Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Whitelisting .exe files - Defender for Endpoint

Copper Contributor

Hello, 

 

Does anyone know where you can whitelist .exe files? Or add paths in defender to be whitelisted for specific endpoints? We have software that requires the user to run the .exe file and it keeps being flagged as malware even though we know its false positive. 

3 Replies
best response confirmed by Bosanac89 (Copper Contributor)
Solution
Hi, are you using Intune for Endpoint Management? You need to create a group and then add the policy to it. See articles here:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivir...
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-micr...

I would highly recommend you to check first, why the software is beeing flagged as malware... Also be aware of path exclusions, as this can be a security risk.

@Bosanac89 hi,

 

The easiest way is to go to the alert, find the relevant details of the executable as depicted below, click on the three dots and then Manage Indicator > Add Indicator and then follow the instructions to except the executable by choosing Allow at the Action tab.

 

cyb3rmik3_0-1700136498406.png

 

But this is hash-based whitelist which means that all of your endpoints should have the exact same executable.

 

Hope this helps.

 

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like

Thank you @adiii and @cyb3rmik3 for the information I will take a look at both suggestions.

1 best response

Accepted Solutions
best response confirmed by Bosanac89 (Copper Contributor)
Solution
Hi, are you using Intune for Endpoint Management? You need to create a group and then add the policy to it. See articles here:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivir...
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-micr...

I would highly recommend you to check first, why the software is beeing flagged as malware... Also be aware of path exclusions, as this can be a security risk.

View solution in original post