Windows Defender is incredibly useful for a free tool, providing Windows 10 users with competitive anti-virus technology and protecting against rootkits, ransomware, unwanted programs, and more. However, occasionally the program will keep flagging a file or folder that you know is safe. In these cases, it's useful to know how to exclude a folder from Windows Defender.
Before we show you how to do that, though, there are some best practices you should be aware of. Users commonly exclude folders and types of files that will compromise their security in the future.
Best practices for adding exceptions to Windows Defender
Firstly, when you add an exception to Windows Defender, you should avoid excluding your system, or C: drive, as a whole. That includes C:\, and C:\*.
You should additionally avoid excluding your Java folder in Program Files, and the following directories:
- C:\Windows\Prefetch (and other variations)
- C:\Windows\System32\Spool (and other variations)
- Temporary folders, including C:\Windows\Temp, local app data, and LocalLow.
When you want to add Windows Defender exclusions for file extensions, you should avoid the following types:
.7z, .bat, .bin, .cab, .cmd, .com, cpl, .dll, .exe,.fla, .gif, .gz, .hta, .inf. .java, .jar, .job, .jpeg, .jpg, .js, .ko, .ko.gz, .msi, .ocx, .png, .ps1, .py, .rar, .reg, .scr, .sys, .tar, .tmp, .URL, .vbe, .vbs, .wsf, .zip.
In general, you shouldn't add Windows Defender exceptions for Microsoft processes, either. Though you're right in thinking that PowerShell.exe, wmic.exe, or svchost.exe are safe in their normal form an attack could modify the file to be malicious. Excluding it would allow them to slip past your defenses.
In a similar vein, you should always add the direct path to your file in your exclusion list. Let's say you want to exclude Winbuzzer.exe from scanning.
If you manually edited your list and only defined
Winbuzzer.exe, an attacker could send you any file named Winbuzzer.exe and have it skip past your defenses.
C:\Program Files\winbuzzer\Winbuzzer.exe instead would only skip the scanning of the file in that particular folder.
With that lengthy disclaimer out of the way, let's get down to showing you how to add Windows Defender exclusions via the Windows Security app.
How to Exclude a Folder, File, Process, or File Type from Windows Defender Scans
Once you know where to look, creating and managing Windows Defender exceptions is quite easy. The more difficult part is making sure that adhere to the rules above to maintain your security.
Here's how you can add items to your Windows Defender exceptions list:
- Open Settings
Press the Start button, then click the settings cog, above the power button. Alternatively, press Windows + I.
- Click on “Update & Security” in your Settings app
- Select “Windows Security” in the sidebar and click on “Virus & threat protection”
- Press “Manage settings” under “Virus & threat protection settings”
- Click “Add or remove exclusions” under the “Exclusions” heading
- Use Windows Defender to exclude a file, folder, file type or path in Windows 10
Under the “Exclusions” heading, you'll see a big grey button labeled “Add an exclusion” click it, then press “Folder”.
Alternatively, if you want to add an exception to Windows Defender that's a file, file type, or process, click that option.
- Browse to your folder or file, click it, and press “Select Folder”
- View the excluded item in your Windows Defender Exclusions list
When you add an exclusion to Windows Security, it will show the path, followed by the type of exclusion: Folder, Process, File, or File type. If you see an addition to the list that you don't remember making, you should remove it – this could be a sign that somebody has tampered with your security.
Now that you know how to add an exception to Windows Defender, you may want to tighten your security in other ways. The following guides will show you how to enable Windows Defender Application Guard and the Hidden Adware scanner.