windows defender apppatch exclusion

Question

could someone tell me is this exclusions list in my windows defender is normal

so when i check my windows defender exclusion list i found this folder path, i remove this folder path from my exclusions list and went on to check on my file explorer, then i found these two file :
01DCCD6F5A279CE8.sysmain.sdb & 01DCCD6F58B83654.msimain.sdb

for precaution i'm performing a full scan with my windows defender, there's no threat found

still, i feel a bit skeptical since i my self never add these exclusion list in my windows defender

Answer 1

The two files you list (01DCCD6F5A279CE8.sysmain.sdb & 01DCCD6F58B83654.msimain.sdb) are default Windows system files, they are encrypted database files that contain information about a list of Windows Installer packages that have known compatibility problems, there is no indication in your screenshots of malware on your PC and if the scan came back clear, then there is nothing further you need to do.

Answer 2

The exclusion C:\Windows\apppatch is not a default, user-visible exclusion created by Microsoft Defender Antivirus. Exclusions that appear in the Windows Security app are typically added manually by a user, script, or management policy (Intune, Group Policy, or another security product).

Key points from Defender behavior:

• Microsoft Defender Antivirus supports exclusions for specific files, folders, file types, and processes. Any folder added here is skipped by real‑time scanning for its contents.
• Exclusions only affect real‑time protection; scheduled or on‑demand scans can still detect threats unless the same path is excluded there as well.
• Adding broad folder exclusions (such as a Windows system folder) can increase risk because malware can hide there without being scanned.

Given that:

1. If C:\Windows\apppatch appears under Virus & threat protection → Manage settings → Exclusions, it was added by someone or something on the system; it is not listed as a built‑in automatic exclusion in the provided documentation.
2. Removing this exclusion, as already done, is the correct action if it was not intentionally configured.
3. After removal, running a full scan with Microsoft Defender Antivirus is appropriate. Since no threats were found, Defender currently does not detect known malware in that folder.

To stay safe:

1. Leave C:\Windows\apppatch not excluded unless an administrator or trusted IT policy explicitly requires it.
2. Periodically review the Exclusions list to ensure no unexpected folders, file types, or processes are present.
3. If the device is managed by an organization (Intune/Group Policy), check with the administrator to confirm whether any central policy is re‑adding exclusions.

---

References:

• Virus and Threat Protection in the Windows Security App
• Virus & threat protection settings
• Configure and validate exclusions based on file extension and folder location