Hi folks
While trying to "Cleanse" a 13 year olds machine it was really hard to find out what had been excluded and what not by Windows Defender.
Anyway I came accross this useful power shell script that removes all exclusions from WD without you having to know what they are. Worked a treat and was then able to "Cleanse" the machine - as there were a couple of really deep hiden exclusions got in there by some sort of Malware -- amzing how young Boys (it's nearly always boys !!) who get malware on machines.
Note also --you have to enable scripts in Powershell ist though.
# PowerShell script to clear the ExclusionPath, ExclusionProcess, and ExclusionExtension
# associated with Windows Defender Antivirus
# Start transcript
$Logs = "C:\temp\Clear-WindowsDefenderExcl.txt"
Start-Transcript $Logs -Append -Force
# Get Windows Defender preferences
$x = Get-MpPreference
# Get exclusion path
if ($x.ExclusionPath -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionPath entries:")
foreach ($i in $x.ExclusionPath) {
Remove-MpPreference -ExclusionPath $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionPath entries deleted:", $x.ExclusionPath.Count)
}
else {
Write-Host("No ExclusionPath entries present. Skipping...")
}
# Get exclusion process
if ($x.ExclusionProcess -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionProcess entries:")
foreach ($i in $x.ExclusionProcess) {
Remove-MpPreference -ExclusionProcess $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionProcess entries deleted:", $x.ExclusionProcess.Count)
}
else {
Write-Host("No ExclusionProcess entries present. Skipping...")
}
# Get exclusion extension
if ($x.ExclusionExtension -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionExtension entries:")
foreach ($i in $x.ExclusionExtension) {
Remove-MpPreference -ExclusionExtension $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionExtension entries deleted:", $x.ExclusionExtension.Count)
}
else {
Write-Host("No ExclusionExtension entries present. Skipping...")
}
# Summary
Write-Host("================================================")
Write-Host("SUMMARY")
Write-Host($x.ExclusionPath.Count, "ExclusionPath entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionProcess entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionExtension entries deleted.")
Write-Host(($x.ExclusionPath.Count + $x.ExclusionProcess.Count + $x.ExclusionExtension.Count), "Total entries deleted")
Write-Host("")
Write-Host("Done.")
Stop-Transcript
cheers
jimbo
While trying to "Cleanse" a 13 year olds machine it was really hard to find out what had been excluded and what not by Windows Defender.
Anyway I came accross this useful power shell script that removes all exclusions from WD without you having to know what they are. Worked a treat and was then able to "Cleanse" the machine - as there were a couple of really deep hiden exclusions got in there by some sort of Malware -- amzing how young Boys (it's nearly always boys !!) who get malware on machines.
Note also --you have to enable scripts in Powershell ist though.
# PowerShell script to clear the ExclusionPath, ExclusionProcess, and ExclusionExtension
# associated with Windows Defender Antivirus
# Start transcript
$Logs = "C:\temp\Clear-WindowsDefenderExcl.txt"
Start-Transcript $Logs -Append -Force
# Get Windows Defender preferences
$x = Get-MpPreference
# Get exclusion path
if ($x.ExclusionPath -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionPath entries:")
foreach ($i in $x.ExclusionPath) {
Remove-MpPreference -ExclusionPath $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionPath entries deleted:", $x.ExclusionPath.Count)
}
else {
Write-Host("No ExclusionPath entries present. Skipping...")
}
# Get exclusion process
if ($x.ExclusionProcess -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionProcess entries:")
foreach ($i in $x.ExclusionProcess) {
Remove-MpPreference -ExclusionProcess $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionProcess entries deleted:", $x.ExclusionProcess.Count)
}
else {
Write-Host("No ExclusionProcess entries present. Skipping...")
}
# Get exclusion extension
if ($x.ExclusionExtension -ne $NULL) {
Write-Host("================================================")
Write-Host("Removing the following ExclusionExtension entries:")
foreach ($i in $x.ExclusionExtension) {
Remove-MpPreference -ExclusionExtension $i
Write-Host($i)
}
Write-Host("================================================")
Write-Host("Total ExclusionExtension entries deleted:", $x.ExclusionExtension.Count)
}
else {
Write-Host("No ExclusionExtension entries present. Skipping...")
}
# Summary
Write-Host("================================================")
Write-Host("SUMMARY")
Write-Host($x.ExclusionPath.Count, "ExclusionPath entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionProcess entries deleted.")
Write-Host($x.ExclusionProcess.Count, "ExclusionExtension entries deleted.")
Write-Host(($x.ExclusionPath.Count + $x.ExclusionProcess.Count + $x.ExclusionExtension.Count), "Total entries deleted")
Write-Host("")
Write-Host("Done.")
Stop-Transcript
cheers
jimbo
My Computer
System One
-
- OS
- Windows XP,7,10,11 Linux Arch Linux
- Computer type
- PC/Desktop
- CPU
- 2 X Intel i7
