MsSenseS.exe Scanning Files/Folders. How to exclude from scanning?

%3CLINGO-SUB%20id%3D%22lingo-sub-816662%22%20slang%3D%22en-US%22%3EMsSenseS.exe%20Scanning%20Files%2FFolders.%20How%20to%20exclude%20from%20scanning%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-816662%22%20slang%3D%22en-US%22%3E%3CP%3ENeed%20to%20exclude%20file%2Ffolders%20from%20MsSenseS.exe%20scanning.%20Due%20to%20this%20sometimes%20MS%20patches%20getting%20failed%20when%20the%20patch%20size%20is%20around%201.4%20GB%20and%20resulting%20in%20%22Access%20Denied%22%20in%20CBS%20log.%20Not%20sure%20whether%20others%20facing%20the%20same%20kind%20of%20issue.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKindly%20suggest%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-818620%22%20slang%3D%22en-US%22%3ERe%3A%20MsSenseS.exe%20Scanning%20Files%2FFolders.%20How%20to%20exclude%20from%20scanning%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-818620%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F291635%22%20target%3D%22_blank%22%3E%40NotNirmal%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20refer%20to%20the%20documentation%20below%20on%20how%20to%20configure%20exclusions%20for%20the%20%3CEM%3EWindows%20Defender%20%3C%2FEM%3E%2F%26nbsp%3B%3CEM%3EMicrosoft%20Defender%20Advanced%20Threat%20Protection%3C%2FEM%3E%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-exclusions-windows-defender-antivirus%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EConfigure%20and%20validate%20exclusions%20for%20Windows%20Defender%20Antivirus%20scans%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-server-exclusions-windows-defender-antivirus%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EConfigure%20Windows%20Defender%20Antivirus%20exclusions%20on%20Windows%20Server%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3CBR%20%2F%3ELeon%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-819546%22%20slang%3D%22en-US%22%3ERe%3A%20MsSenseS.exe%20Scanning%20Files%2FFolders.%20How%20to%20exclude%20from%20scanning%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819546%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F148223%22%20target%3D%22_blank%22%3E%40Leon%20Laude%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20tried%20excluding%20the%20MsSenses.exe%20from%20scanning..%20but%20that%20didn't%20worked%20and%20i%20believe%20that%20will%20not%20work.%20This%20is%20specific%20with%20Microsoft%20Security%20Center%20where%20we%20did%20implemented%20WDATP%20in%20MMA%20Agent%20of%20configuring%20Azure%20Workspace%20ID%20and%20Proxy.%20After%20which%20the%20mentioned%20MsSenseS.exe%20is%20getting%20popped%20up%20in%20process%20and%20from%20proc%20mon%20i%20could%20see%20this%20is%20frequently%20been%20logged%20(Attached%20the%20snippnet).%20After%20removing%20the%20Azure%20workspace%20key%2C%20i%20could%20able%20to%20install%20the%20patch%20successfully%20with%20no%20access%20denied%20in%20CBS%20logs.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F128152i0A725DF15899679A%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-819601%22%20slang%3D%22en-US%22%3ERe%3A%20MsSenseS.exe%20Scanning%20Files%2FFolders.%20How%20to%20exclude%20from%20scanning%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819601%22%20slang%3D%22en-US%22%3E%3CP%3EMight%20want%20to%20reach%20out%20to%20the%20experts%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-Defender-Advanced%2Fct-p%2FMicrosoftDefenderAdvanced%22%20target%3D%22_self%22%3EMicrosoft%20Defender%20Advanced%20Threat%20Protection%3C%2FA%3Ecommunity.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-819835%22%20slang%3D%22en-US%22%3ERe%3A%20MsSenseS.exe%20Scanning%20Files%2FFolders.%20How%20to%20exclude%20from%20scanning%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-819835%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F148223%22%20target%3D%22_blank%22%3E%40Leon%20Laude%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20updated%20in%20the%20link%20provided.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Need to exclude file/folders from MsSenseS.exe scanning. Due to this sometimes MS patches getting failed when the patch size is around 1.4 GB and resulting in "Access Denied" in CBS log. Not sure whether others facing the same kind of issue. 

 

Kindly suggest 

4 Replies

Hello @NotNirmal,

 

You can refer to the documentation below on how to configure exclusions for the Windows Defender Microsoft Defender Advanced Threat Protection:

Configure and validate exclusions for Windows Defender Antivirus scans

 

Configure Windows Defender Antivirus exclusions on Windows Server

 

 

Best regards,
Leon

@Leon Laude 

 

Have tried excluding the MsSenses.exe from scanning.. but that didn't worked and i believe that will not work. This is specific with Microsoft Security Center where we did implemented WDATP in MMA Agent of configuring Azure Workspace ID and Proxy. After which the mentioned MsSenseS.exe is getting popped up in process and from proc mon i could see this is frequently been logged (Attached the snippnet). After removing the Azure workspace key, i could able to install the patch successfully with no access denied in CBS logs. 

 

clipboard_image_0.png

Might want to reach out to the experts in the Microsoft Defender Advanced Threat Protection community.

@Leon Laude 

 

Thanks for your reply.

 

Have updated in the link provided.