Allow users to run an exe file

nasha mehr 76 Reputation points
2022-04-18T20:52:41.303+00:00

Hello,
There is a portable exe file that I would like to allow standard users to run it.
Unfortunately, windows defender blocks the app after the user downloads it and doesn't allow users to run it. It says it is potentially unwanted software.
In the Endpoint security -> Antivirus, I created two different policies: Microsoft Defender Antivirus and Microsoft Defender Antivirus exclusions. I excluded the path of the app ( I know when users download it, the exe file is in their download folder). However, it doesn't work.
I don't know why this happened and how I can allow standard users to run the specific file.

Moreover, it would be great if you could explain the difference between these two policies. Both of them have a section to exclude, and both of them are assigned to one group. I don't understand what the difference in their target part is?
193994-image.png

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,324 questions
0 comments
Accepted answer
  1. Crystal-MSFT 42,956 Reputation points Microsoft Vendor
    2022-04-19T01:44:41.687+00:00

    @nasha mehr , From your description, it seems the exe file is detected as a potentially unwanted application and is blocked.
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide

    To exclude files from PUA protection, we can configure the exclusions for Microsoft Defender Antivirus. If it is not working, we can validate the exclusion list. Here is a link with more details:
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide

    In fact, the CSPs for antivirus exclusion are also managed by Microsoft Defender Antivirus policy, which includes identical settings for exclusions. Settings from both policy types (Antivirus and Antivirus exclusions) are subject to policy merge, and create a super set of exclusions for applicable devices and users.
    https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-antivirus-policy#policy-merge-for-settings

    Hope it can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Jindal [MVP] 9,146 Reputation points MVP
    2022-04-18T21:58:17.143+00:00

    Hi, looks like smartsceen maybe blocking it. Instead of lowering the security, can you install the app using Company portal instead?

    0 comments