troubleshooting Question

Deploying windows defender exclusions

Avatar of McKnife
McKnifeFlag for Germany asked on
Group PolicyAnti-Virus AppsWindows 10Security
12 Comments1 Solution20 ViewsLast Modified:
If you DON'T administer windows defender exclusion lists, then please DON'T answer, thank you!

I found defender to mistakenly detect a command line as virus. The command
C:\Windows\System32\vssadmin.exe delete shadows /all /quiet

Open in new window

gets detected as Trojan:Win32/ShadowCopyDelQuiet.A

So I'd like to create an exception. If I exclude
C:\Windows\System32\vssadmin.exe as path, it still gets detected.
If I exclude it as process, it still gets detected.
So whatever MS is thinking by detecting this, they don't let me deploy a rule to stop their scanner (up2date) detecting it! Logs get flooded and users get anxious.

So right now I am removing that command from my script.
I never had problems adding a path or process before, so I am clueless what to do about it.
Here's the log entry:
Affected items:
CmdLine: C:\Windows\System32\vssadmin.exe delete shadows /all /quiet
ASKER CERTIFIED SOLUTION
Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 1 Answer and 12 Comments.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 1 Answer and 12 Comments.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004