Microsoft Defender Exclusions via PowerShell

Applies to: Agent version10.0.47390.40

If any of your endpoints use the Microsoft Security Defender antivirus solution, and you are not centrally managing antivirus, a provided PowerShell Script will facilitate setting the necessary exclusions.  

NOTE: The following information is provided as-is without warranty, and the associated script is not supported by Veriato. It has been created for your convenience and has had limited testing, although that testing has been met with success.

A managed antivirus solution is preferable

We recommend using a centrally managed antivirus solution to simplify and streamline configuration of the exclusions, ongoing device management, and detection awareness.

Add exclusions for unmanaged Windows DefenderAdd exclusions for unmanaged Windows Defender

If endpoints use unmanaged Windows Defender (Windows Security) on Windows 10 or 11 for virus protection, we have provided a PowerShell script to facilitate adding exclusions for all temporary files, installed files, and processes that might be detected during installation. Follow these instructions for each Windows device:

  1. Download a provided .zip file. 
    Click here file-zipper to download Windows_Exclusions_Defender.zip.
    Use the .zip file and your downloaded .exe or .msi Windows Agent Installer to set exclusions and install the agent on each endpoint device. 
  2. Extract the ZIP file.
    Extraction results in 4 files. Keep all files in one folder.
  • Vision_Client_Exclusions.txt
    This text file contains the necessary WIndows Agent exclusions, one per line. In addition to the recommended folder exclusions, this list contains any folder or file that could be detected. 
  • Vision_processes.txt
    A text file that contains the processes that will be used to install the agent and the processes remaining after installation that run the agent.  
  • Vision_Client_Exclusions_Add.ps1 
    A PowerShell script that adds the folder and file exclusions from Vision_Client_Exclusions.txt and Vision_processes.txt to appropriate sections of Windows Security "Exclusions." The script also temporarily disables "real-time protection" to allow installation of the recorder agent. 
  • Vision_Client_Exclusions_Remove.ps1
    A PowerShell script that removes the recorder agent exclusions from Windows Defender.
  • Vision_Exclusions_Defender_Instructions.pdf
    These instructions.
  1. Open an administrative (elevated) command prompt.
    Navigate to the folder where the four extracted files are located.
  2. At the command prompt, enter the following: 
    powershell.exe -noprofile -executionpolicy bypass -file .\Vision_Client_Exclusions_Add.ps1 

The script adds the exclusions and temporarily disables Real-Time protection.

  1. If you wish, check the exclusions.
    Find exclusions in Windows Security > Virus & threat protection > Add or remove exclusions.
    Add Exclusions
    The exclusions may appear as File or Folder exclusions. When examining the registry location where these exclusions are stored, it doesn't appear that there is anything that differentiates file exclusions from folder exclusions.
  2. Install the Windows Agent.
    Use the Windows Agent Installer to install the agent as you normally would. Installation restarts the device. Windows Defender should re-enable its real-time protection automatically (in Windows Security, Check Virus & threat protection settings > Manage settings.) 
  3. Remove the .zip and script files.
    Be sure to remove all files you brought to the computer.

Remove exclusions from Windows DefenderRemove exclusions from Windows Defender 

To remove the exclusion, return to the endpoint with the Vision_Client_Exclusions_Defender.zip file. Extract the file and use the extracted Vision_Client_Exclusions_Remove.ps1 script to remove exclusions:

  1. Open an elevated command prompt.
    Navigate to the folder where the files are extracted.
  2. At the command prompt, enter the following:
    powershell.exe -noprofile -executionpolicy bypass -file .\Vision_Client_Exclusions_Remove.ps1

Contents of the Exclusions .txt files

The following exclusions have been tested with Microsoft Windows Defender on Windows OS 10 and 11.

 Veriato Agent Folder/File Exclusions

C:\Windows\winipbin-install\Admin.exe
C:\Windows\winipbin-install\InstallerService.exe
C:\Windows\winipbin-install\SPSetupWin.exe
C:\Windows\winipbin-install\Preinstaller.exe
C:\Windows\winipbin-install\spsetup.exe
C:\Windows\winipbin-install\spsetup64.exe
C:\Windows\SysWOW64\winipdat
C:\Windows\System32\winipdat
C:\Windows\winipbin
C:\Windows\winipbin-install
C:\Windows\winipbin-install\MSVxRsc.dll
C:\Windows\winipbin-install\SR_TmpRun.ini
C:\Windows\winipbin-install\bootstrap.exe
C:\Windows\winipbin-install\SDFMigrator.exe
C:\Windows\winipbin\SDFMigrator.exe
C:\Windows\winipbin\mrstch.exe
C:\Windows\winipbin\mxcrsc32.exe
C:\Windows\winipbin\wlcnthr.exe

 Veriato Agent Processes

mrstch.exe
mxcrsc32.exe
wlcnthr.exe
Admin.exe
SPSetupWin.exe
Preinstaller.exe
spsetup.exe
spsetup64.exe
SDFMigrator.exe

 

Updated: 07/25/2024