Microsoft Defender - Suggestions / Best Practice - Exclusions

jamf-42
Valued Contributor II

The Microsoft forums seems to have little in the way of information regarding exclusions on macOS and my Google fu seems to be broken today.

Rather than re-invent the wheel, can those that have implemented Defender share any nuggets of wisdom regarding any system folders /  processes that should be excluded as part of the standard configuration config profile. 

My starter for one would be the jamf binary and /Application Support/JAMF

 

 

1 REPLY 1

AJPinto
Honored Contributor III

You will find this to be much the same case with anything Microsoft related on macOS.

 

We have not implemented MS Defender, but we have more security clients then you can shake a stick at.

It will obviously be trial and error, but I would also start with the Jamf directories and binaries. Then review any other security clients you have and exclude them as well as security clients are some of the noisiest things on macOS. Start off with the Defender client in monitor only mode, see what it wants to enforce on before you give it its teeth.