Windows Defender

[Erhan Karabekir]

I am a newcomer, and not an expert. Has anyone tried to exclude some folders
or files from Windows Defender scan ? I tried it but found out that Windows
Defender simply ignored the setting and proceeded to scan the files in the
'do not scan the following folders or files" window; the files I placed in
the exclusion list were Norton Internet Security and Symantec Shared, which
always classified the attempts by WD to scan its files as "unauthorized
attempt logged" and responded by "unauthorized scan stopped" message. In
short, the folder or file exclusion feature of Windows Defender does not
function. Please try it and let me know what you find out.
Erhan

 

[Guest]

It's been reported before that just giving a folder path does not work.
However it does work if you give a full path including the file name. That is
a nuisance if you are not sure precisely which file to exclude.

For NAV 2005 (I don't have NIS, but it's probably similar), you could try to
find out precisely which file to exclude by looking in the NAV reports/
activity log under Symantec Resource Protector Alerts. For example I had one
alert there: in the bottom pane it says
Agent C:\program files\Windows Defender|MSMPEng.exe
target C:\program files\Norton Antivirus\Qconsole.exe.
action: unauthorized access
reaction: unauthorized access stopped

So by putting C:\program files\Norton Antivirus\Qconsole.exe into the
exclude box in WD it should stop WD from trying to scan that file and prevent
the alert log being created in NAV.

 

[Guest]

Oops, just tried that (should have done so before posting), but NAV still
reports access attempt.
You could turn off Symantec file protection (options/miscellaneous in NAV)

However I have successfully excluded other apps from WD (ones 'not yet
classified') and WD does not give me an alert when I open those, as it did
before I excluded them, so the exclusion does work, up to a point.

 

[Guest]

Looking in my NAV log this morning I see that I have no less than 89 alerts,
all caused by the WD scan last night. There have been additionally 4 more
alerts since the scan. The alert typically reads

Time: 06/05/2006 10:04:46
Actor: C:\Program Files\Windows Defender\MsMpEng.exe (PID=1356)
Target: C:\Program Files\Common Files\Symantec Shared\NMain.exe (PID=3492)
Action: Unauthorized access
Reaction: Unauthorized access stopped

The "Actor" is always C:\Program Files\Windows Defender\MsMpEng.exe
(PID=1356) -- but there are 89 different targets, all related to NAV: no way
am I going to enter all those in an exceptions list!

It's certainly an inelegant siutation -- but I wonder, does it actually
matter very much? I assume NAV is merely protecting its own files, and
doesn't otherwise affect the WD scan?

Any thoughts?

 

[Bill Sanderson MVP]

It's certainly an inelegant siutation -- but I wonder, does it actually
matter very much? I assume NAV is merely protecting its own files, and
doesn't otherwise affect the WD scan?

Any thoughts?

That mirrors my thought.