So until now I thought the only way to add defender exclusions (non-gui) was via registry keys, and that was annoying because administrator didn't have permission to write to those keys, so had to elevate to system or trustedinstaller (or change permission to those keys, not a great idea). But now it seems there's a powershell script that does it. Was there a cmd way to do it as well? Just scoping out the topic, maybe I'll learn more Spoiler Code: Registry/CMD: REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v %SystemRoot%\system32\SppExtComObjPatcher.exe /d 0 /t "REG_DWORD" REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /f /v %SystemRoot%\system32\SppExtComObjHook.dll /d 0 /t "REG_DWORD" Powershell: powershell Add-MpPreference -ExclusionPath "%LOCALAPPDATA%\Temp\SppExtComObjHook.dll"
No real way in CMD since it's a Powershell Module, but can be used directly from a CMD file (as your example shows). There are two ways to communicate with Defender, via the EXE and via the PS Module. The Registry way is more complicated and only useful to check the exclusions made. Code: powershell Get-ItemProperty 'hklm:\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' ^| Select * -exclude PS* ^| Format-List
Some more commands to maintain Defender: Update using MMPC as source (works with WU Service disabled): Code: powershell "Update-MpSignature -UpdateSource MMPC -Verbose" Defender Scan: Code: powershell "Start-MpScan -ScanType QuickScan" powershell "Start-MpScan -ScanType FullScan" powershell "Start-MpScan -ScanPath %scanpath% -ScanType CustomScan -Verbose" List Quarantine: Code: "%programfiles%\windows defender\mpcmdrun.exe" -restore -listall Show Threats: Code: powershell "Get-MpThreat | select ThreatName,Resources,DidThreatExecute,IsActive Settings: Code: powershell Get-MpPreference powershell Set-MpPreference -DisableArchiveScanning $true -Verbose
You can use Defender Injector v1.0 https://forums.mydigitallife.net/threads/add-defender-exceptions-through-right-click.76926/
