fredag 20 april 2018

Defender exclusions using PowerShell


When installing System Center Data Protection Manager or Azure Backup Server it always comes down to the facts of excluding the real-time protection of Defender so it may not interfere with the backup/restore process of either MABS or DPM.

I always use PowerShell to script an automation regarding this and its more convenient and quicker to do it this way rather than manually.There are some main criteria that you must exclude on a DPM or MABS server, those are:

  • Default actions
  • File extensions
  • Paths
  • Processes

When and if a DPM or MABS server finds a malicious code, it should by default remove it rather than anything else. To set that option via PowerShell you simply run the following PowerShell code:

Set-MpPreference -LowThreatDefaultAction Remove
Set-MpPreference -ModerateThreatDefaultAction Remove
Set-MpPreference -HighThreatDefaultAction Remove
Set-MpPreference -SevereThreatDefaultAction Remove


The file extensions that I always exclude from the realtime scanning is the .mdf and .ldf files using the following syntax:

Add-MpPreference -ExclusionExtension .mdf
Add-MpPreference -ExclusionExtension .ldf


I also exclude the following paths:
Add-MpPreference -ExclusionPath C:\Windows\Microsoft.NET\Framework\v2.0.50727
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\bin
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\Temp\MTA
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\Temp
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\Volumes\Replica
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\Volumes\ShadowCopy
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\Volumes
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft System Center\DPM\DPM\XSD
Add-MpPreference -ExclusionPath E:\Program Files\Microsoft SQL Server\MSSQL13.DPM\MSSQL\DATA
Add-MpPreference -ExclusionPath X:\


Where the last part is the processes:
Add-MpPreference -ExclusionProcess dpmra.exe
Add-MpPreference -ExclusionProcess csc.exe


With this base you are able to create a decent PowerShell script of your own altering the paths and the volume letters.







Inga kommentarer:

Skicka en kommentar