23

I know how to exclude a file or folder (directory) from Windows Defender in Windows 10. What I'm not sure about is whether this exclusion applies to all sub directories within that directory? It seems to me like it should, but I couldn't find anything from a quick Google search that revealed the answer. Thanks!

Update
I'm hoping to get some actual documentation for this. I agree that it seems like it should, but I couldn't find definitive source for the answer, other than my own assumptions.

Nick DeVore
  • 477
  • 2
  • 4
  • 13
  • Yes; It does indeed include directories and files within an excluded directory. – Ramhound Sep 07 '16 at 14:55
  • Kinda-sorta. It appears that that when transferring files from a local drive to a remote drive, with both sources excluded, `Antimaleware Service Executable` spikes hard in little bursts slowing down the copy-operations. I'm guessing each file is being assessed as to whether or not it's in a white-listed location, so it's not scanning them but it's still slowing stuff down, just not as much as it would if it performed a scan on each file. – kayleeFrye_onDeck Apr 13 '19 at 02:15
  • The funny thing is, if they updated Windows Defender to use WinRT for that location-check, they'd only ever need to check the top-level directory node (not the files inside them) one time instead of N times and then use the WinRT data structure to iterate through all the items in that node, where N represents the amount of filesystem objects. *sigh* – kayleeFrye_onDeck Apr 13 '19 at 02:21

3 Answers3

25

Yes, excluding a directory in Defender will also exclude all files and subdirectories recursively.

RaptorFactor
  • 398
  • 3
  • 6
  • 8
    Any chance you've got a source? Experience counts :) – Nick DeVore Sep 20 '16 at 23:39
  • 13
    This is one of my personal SO/SU accounts, but I work for Microsoft on the Windows Defender team. – RaptorFactor Sep 22 '16 at 19:48
  • 4
    Well, I suppose that's good enough ;) Reminds me of Mark Adler's comment from his answer about the code he wrote http://stackoverflow.com/a/20765054/1380 – Nick DeVore Sep 22 '16 at 23:33
  • @RaptorFactor does the exclusions apply to real time scanning? Documentation says so, but some people disagree. – rollsch Sep 01 '22 at 01:33
  • 1
    @NickDeVore [Here you go](https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26): "A folder exclusion will apply to all subfolders within the folder as well." – Michael Aug 15 '23 at 17:16
17

sub directories are excluded, too. documented here: https://support.microsoft.com/en-sg/help/4028485/windows-10-add-an-exclusion-to-windows-defender-antivirus

weberjn
  • 501
  • 6
  • 8
  • That should be the accepted answer considering the reference. :) " A folder exclusion will apply to all subfolders within the folder as well." – Samuel Sep 18 '20 at 10:04
10

Yes, subdirectories are covered by exclusions. HOWEVER, exclusions only apply to scanning, not to Real-Time Protection. If Real-Time Protection is active, every loaded executable is scanned, even those loaded from an excluded directory.

RashaMatt
  • 429
  • 1
  • 5
  • 10
  • 3
    +1 to mention that it does no apply to real time protection scanning. – bebbo Aug 11 '18 at 16:55
  • 10
    The documentation says differently: "The exclusions apply to scheduled scans, on-demand scans, and always-on real-time protection and monitoring. Exclusions for process-opened files only apply to real-time protection." Source: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus – Helge Klein Oct 09 '18 at 21:28
  • 1
    In my actual experience at least one excluded directory did get scanned. I know because one of the files got flagged. – RashaMatt Oct 10 '18 at 22:07
  • 1
    Oh, so that's what's going on. Every time I compile our application, Windows Defender sits at 100% CPU usage for an hour afterwards, even without moving bytes. I added everything in Exclusions, now I know why. – Brain2000 Nov 30 '18 at 21:26
  • Is there any way to add an exclusion to real time scanning? – rollsch Sep 01 '22 at 01:32
  • From testing with EICAR (https://en.wikipedia.org/wiki/EICAR_test_file) this answer is inaccurate; Defender's real-time protection rightly ignores excluded folders, and indeed subfolders, per @weberjn's answer. As for RashaMatt's experience, it's possible that a process was running that was flagged by Defender, that happened to exist in an excluded folder. Note that processes as well as paths can be excluded, per https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide – Jimadine Feb 14 '23 at 21:18