List of exclusions export

Duchemin, Dominique 2,006 Reputation points
2022-08-24T00:27:12.9+00:00

Hello,

I would like to get the list of exclusions:

Assets and Compliance > Overview > Endpoint Protection > Antimalware policies > <<Policy name>>
Right Click on the policy > Properties

I want the list of the 3 sets of exclusions for this policy, how to do this?
234254-2022-08-23-17-21-34-cm-powerscribe-exclusions-defe.png

Thanks,
Dom

Microsoft Security | Intune | Configuration Manager | Application
Microsoft Security | Intune | Configuration Manager | Other
0 comments No comments
{count} vote

Accepted answer
  1. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2022-08-24T07:33:13.837+00:00

    Hi, @Duchemin, Dominique

    You are right, I did not notice that the command Get-CMAntiMalwarePolicy only works for the "Default Client malware policy".

    Export-CMAntiMalwarePolicy works well for all policies. Thanks for your update. This difference may be by design.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    1 person found this answer helpful.
    0 comments No comments

10 additional answers

Sort by: Most helpful
  1. Garth 5,801 Reputation points
    2022-08-24T01:50:35.44+00:00

    What is wrong with copy and pasting the results?

    1 person found this answer helpful.

  2. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2022-08-24T02:24:10.65+00:00

    Hi, @Duchemin, Dominique

    Thank you for posting in Microsoft Q&A forum.

    We can use the powershell command to get the result to a txt file:

    Get-CMAntiMalwarePolicy -Id "xxxxxxxx" | Out-File -FilePath C:\temp\OUTPUT.txt  
    

    234302-1.png


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

  3. Duchemin, Dominique 2,006 Reputation points
    2022-08-24T03:47:31.79+00:00

    Hello,

    PS C:\Windows\system32> Get-ExecutionPolicy -List

        Scope ExecutionPolicy  
        ----- ---------------  
    

    MachinePolicy Undefined
    UserPolicy Undefined
    Process Undefined
    CurrentUser Bypass
    LocalMachine RemoteSigned

    I got an error:

    PS C:\Windows\system32> Get-CMAntimalwarePolicy
    Get-CMAntimalwarePolicy : This command cannot be run from the current drive. To run this command you must first connect to a Configuration
    Manager drive.
    At line:1 char:1

    • Get-CMAntimalwarePolicy
    • ~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : DeviceError: (Microsoft.Confi...timalwarePolicy:GetAntimalwarePolicy) [Get-CMAntimalwarePolicy], InvalidOpera
      tionException
    • FullyQualifiedErrorId : CommandCannotExecuteFromCurrentDrive,Microsoft.ConfigurationManagement.PowerShell.Cmdlets.EP.GetAntimalwarePo
      licy

    So I did the connection:
    234270-2022-08-23-20-45-01-ps-connection.png

    I checked the executionpolicy:

    PS C:\Windows\system32> get-executionpolicy
    AllSigned


    PS C:\Windows\system32> Set-ExecutionPolicy RemoteSigned
    Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell' is
    denied. To change the execution policy for the default (LocalMachine) scope, start Windows PowerShell with the "Run as administrator"
    option. To change the execution policy for the current user, run "Set-ExecutionPolicy -Scope CurrentUser".
    At line:1 char:1

    • Set-ExecutionPolicy RemoteSigned
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : PermissionDenied: (:) [Set-ExecutionPolicy], UnauthorizedAccessException
    • FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

    How do I get the "Run As Administrator" in the CM Console?

    Thanks,
    Dom

    0 comments No comments

  4. Duchemin, Dominique 2,006 Reputation points
    2022-08-24T04:24:29.163+00:00

    Hello,

    I found a way to get the command working
    Open PowerShell ISE > Run As Administrator (in Windows)
    Copy the ISEConnect file from the console
    Run it
    Pass the command...

    Get-CMAntiMalwarePolicy -Id "xxxxxxxx" | Out-File -FilePath C:\temp\OUTPUT.txt
    but now where do I find the ID of the Malware Policy?

    Thanks,
    Dom

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.