Microsoft Defender Exclusions via PowerShell

If endpoints use unmanaged Windows Defender (Windows Security) on Windows 10 or 11 for virus protection, we have provided a PowerShell script to facilitate adding exclusions for all temporary files, installed files, and processes that might be detected during installation. Follow these instructions for each Windows device:

1. Download a provided .zip file. 
   Click here file-zipper to download Windows_Exclusions_Defender.zip.
   Use the .zip file and your downloaded .exe or .msi Windows Agent Installer to set exclusions and install the agent on each endpoint device. 
2. Extract the ZIP file.
   Extraction results in 4 files. Keep all files in one folder.

• Vision_Client_Exclusions.txt
  This text file contains the necessary WIndows Agent exclusions, one per line. In addition to the recommended folder exclusions, this list contains any folder or file that could be detected. 
• Vision_processes.txt
  A text file that contains the processes that will be used to install the agent and the processes remaining after installation that run the agent.  
• Vision_Client_Exclusions_Add.ps1 
  A PowerShell script that adds the folder and file exclusions from Vision_Client_Exclusions.txt and Vision_processes.txt to appropriate sections of Windows Security "Exclusions." The script also temporarily disables "real-time protection" to allow installation of the recorder agent. 
• Vision_Client_Exclusions_Remove.ps1
  A PowerShell script that removes the recorder agent exclusions from Windows Defender.
• Vision_Exclusions_Defender_Instructions.pdf
  These instructions.

3. Open an administrative (elevated) command prompt.
   Navigate to the folder where the four extracted files are located.
   
4. At the command prompt, enter the following: 
   powershell.exe -noprofile -executionpolicy bypass -file .\Vision_Client_Exclusions_Add.ps1 

The script adds the exclusions and temporarily disables Real-Time protection.

5. If you wish, check the exclusions.
   Find exclusions in Windows Security > Virus & threat protection > Add or remove exclusions.
   
   The exclusions may appear as File or Folder exclusions. When examining the registry location where these exclusions are stored, it doesn't appear that there is anything that differentiates file exclusions from folder exclusions.
   
6. Install the Windows Agent.
   Use the Windows Agent Installer to install the agent as you normally would. Installation restarts the device. Windows Defender should re-enable its real-time protection automatically (in Windows Security, Check Virus & threat protection settings > Manage settings.) 
7. Remove the .zip and script files.
   Be sure to remove all files you brought to the computer.

To remove the exclusion, return to the endpoint with the Vision_Client_Exclusions_Defender.zip file. Extract the file and use the extracted Vision_Client_Exclusions_Remove.ps1 script to remove exclusions:

1. Open an elevated command prompt.
   Navigate to the folder where the files are extracted.
2. At the command prompt, enter the following:
   powershell.exe -noprofile -executionpolicy bypass -file .\Vision_Client_Exclusions_Remove.ps1