Occasional Contributor

THe MsMpEng.exe process is very active in our environment.

Checking with Process Monitor filtered on MsMpEng.exe i can see it is very busy scanning my ISO directory, but i have excluded that directory in real-time scanning in Defender long ago.


Why is it still scanning that directory, and i see many others i excluded it is also scanning?


Will Azure Intune rules overwrite local configurations? if so wouldn't it gray them out? I am able to set exclusions.


I have cloned the exclusions to azure -> In-tune (new portal AGAIN) ->Device Configuration profiles -> Windows Defender -> Edit -> 'Files and folders to be excluded from scans and real-time protection'.
Synced my machine.

0 results.

Now trying to add exclusion for the *.ISO extension.

Anyway to see the exclusions are being enforced?