troubleshooting Question

Deploying windows defender exclusions

Avatar of McKnife
McKnifeFlag for Germany asked on
SecurityAnti-Virus AppsWindows 10Group Policy
12 Comments1 Solution19 ViewsLast Modified:
If you DON'T administer windows defender exclusion lists, then please DON'T answer, thank you!

I found defender to mistakenly detect a command line as virus. The command
C:\Windows\System32\vssadmin.exe delete shadows /all /quiet
gets detected as Trojan:Win32/ShadowCopyDelQuiet.A

So I'd like to create an exception. If I exclude
C:\Windows\System32\vssadmin.exe as path, it still gets detected.
If I exclude it as process, it still gets detected.
So whatever MS is thinking by detecting this, they don't let me deploy a rule to stop their scanner (up2date) detecting it! Logs get flooded and users get anxious.

So right now I am removing that command from my script.
I never had problems adding a path or process before, so I am clueless what to do about it.
Here's the log entry:
Affected items:
CmdLine: C:\Windows\System32\vssadmin.exe delete shadows /all /quiet
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 12 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros