Defender Antivirus exclusion user variables

Question

Defender Antivirus exclusion user variables

Craig Garland 336

Hi Guys,

I hope someone has an answer for this.

I am looking to exclude a folder in Defender endpoint. The issue is that I want to exclude a folder based on the login username. EG: c:\Folder\Username.

I assume that I could just you the variable %username% but it looks like this does not work. I found an article that says it is invalid, and if I run MpCmdrun -checkexclusion -path c:\Folder\Username. is not excluded.

Does anyone know how to exclude a folder based on the signed in username?

Regards

Craig

JamesTran-MSFT 37,246 Reputation points Microsoft Employee Moderator

2023-05-26T20:31:27.9166667+00:00
@Craig Garland

Thank you for your post!

I understand that you're looking to exclude a folder in Defender for endpoint based on the login username (for example - c:\Folder\Username), but when using the %username% variable the folder still isn't being excluded.

I'm not too familiar with Microsoft Defender Antivirus within Defender for endpoint, but to hopefully help point you in the right direction, instead of excluding a folder based on username have you looked into configuring exclusions based on the folder location or the specific username? For example - c:\users\* or %user001%\Desktop

Additional Links:

Configure and validate exclusions - System environment variables

Use wildcards in the file name and folder path or extension exclusion lists

If you're still having issues, I'd also recommend reaching out to the Microsoft Defender for Endpoint Community Center so the Defender for Endpoint experts can take a closer look into your issue as well.

I hope this helps!

Thank you for your time and patience throughout this issue.