Why is MsMpEng.exe still scanning excluded directories

%3CLINGO-SUB%20id%3D%22lingo-sub-1572436%22%20slang%3D%22en-US%22%3EWhy%20is%20MsMpEng.exe%20still%20scanning%20excluded%20directories%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572436%22%20slang%3D%22en-US%22%3E%3CP%3ETHe%20MsMpEng.exe%20process%20is%20very%20active%20in%20our%20environment.%3C%2FP%3E%3CP%3EChecking%20with%20Process%20Monitor%20filtered%20on%20MsMpEng.exe%20i%20can%20see%20it%20is%20very%20busy%20scanning%20my%20ISO%20directory%2C%20but%20i%20have%20excluded%20that%20directory%20in%20real-time%20scanning%20in%20Defender%20long%20ago.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20is%20it%20still%20scanning%20that%20directory%2C%20and%20i%20see%20many%20others%20i%20excluded%20it%20is%20also%20scanning%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20Azure%20Intune%20rules%20overwrite%20local%20configurations%3F%20if%20so%20wouldn't%20it%20gray%20them%20out%3F%20I%20am%20able%20to%20set%20exclusions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1572436%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eantiwalmare%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDefender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMsMpEng%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%2010%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1572578%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20is%20MsMpEng.exe%20still%20scanning%20excluded%20directories%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572578%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20cloned%20the%20exclusions%20to%20azure%20-%26gt%3B%20In-tune%20(new%20portal%20AGAIN)%20-%26gt%3BDevice%20Configuration%20profiles%20-%26gt%3B%20Windows%20Defender%20-%26gt%3B%20Edit%20-%26gt%3B%20'%3CSPAN%20class%3D%22tlid-translation%20translation%22%3E%3CSPAN%20class%3D%22%22%3EFiles%20and%20folders%20to%20be%20excluded%20from%20scans%20and%20real-time%20protection'.%3CBR%20%2F%3ESynced%20my%20machine.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22tlid-translation%20translation%22%3E%3CSPAN%20class%3D%22%22%3E0%20results.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22tlid-translation%20translation%22%3E%3CSPAN%20class%3D%22%22%3ENow%20trying%20to%20add%20exclusion%20for%20the%20*.ISO%20extension.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22tlid-translation%20translation%22%3E%3CSPAN%20class%3D%22%22%3EAnyway%20to%20see%20the%20exclusions%20are%20being%20enforced%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

THe MsMpEng.exe process is very active in our environment.

Checking with Process Monitor filtered on MsMpEng.exe i can see it is very busy scanning my ISO directory, but i have excluded that directory in real-time scanning in Defender long ago.

 

Why is it still scanning that directory, and i see many others i excluded it is also scanning?

 

Will Azure Intune rules overwrite local configurations? if so wouldn't it gray them out? I am able to set exclusions.

 

1 Reply

I have cloned the exclusions to azure -> In-tune (new portal AGAIN) ->Device Configuration profiles -> Windows Defender -> Edit -> 'Files and folders to be excluded from scans and real-time protection'.
Synced my machine.

0 results.

Now trying to add exclusion for the *.ISO extension.

Anyway to see the exclusions are being enforced?

 

www.000webhost.com