The documentation here explains the options https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-worldwide
It's basically Path, Extension or Process Name.
When you use the json file, you'll add each individual option with corresponding drop-down menus.
Take note of when choosing Path, to enable or disable the box stating if the path leads to a file or a directory.
The documentation here explains the options https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-worldwide
It's basically Path, Extension or Process Name.
When you use the json file, you'll add each individual option with corresponding drop-down menus.
Take note of when choosing Path, to enable or disable the box stating if the path leads to a file or a directory.
Thanks for your reply.
I'm familiar with the documentation you've mentioned. But I was wondering if I needed to change some lines in the JSON schema. But now I've discovered that I had to add properties under "Preference Domain Properties".
I've added "Antivirus engine". Within that property I've added "Scan Exclusions". There I can add the exclusions I want. This way of adding features when using the JSON file is not mentioned in the documentation from Microsoft for Jamf. Or…did I just not read the right documentation?
At this point I've created some exclusions and I noticed some weird behaviour. After creating some exclusions, saving the configuration profile and deploying it to a test-machine I can see the exclusions on my machine. Bu t when I add another exclusion or edit something else in the cp the weird thing is happening. After the change has been deployed to the machine the exclusions in the Endpoint client are back to default. Exactly like the screendump in my first post
When going into "Profiles" and opening that specific cp, I can see my changes, but the Defender client is not showing these exclusions. Only after a restart it will apply the new exclusions. Any thoughts?
Thanks for your reply.
I'm familiar with the documentation you've mentioned. But I was wondering if I needed to change some lines in the JSON schema. But now I've discovered that I had to add properties under "Preference Domain Properties".
I've added "Antivirus engine". Within that property I've added "Scan Exclusions". There I can add the exclusions I want. This way of adding features when using the JSON file is not mentioned in the documentation from Microsoft for Jamf. Or…did I just not read the right documentation?
At this point I've created some exclusions and I noticed some weird behaviour. After creating some exclusions, saving the configuration profile and deploying it to a test-machine I can see the exclusions on my machine. Bu t when I add another exclusion or edit something else in the cp the weird thing is happening. After the change has been deployed to the machine the exclusions in the Endpoint client are back to default. Exactly like the screendump in my first post
When going into "Profiles" and opening that specific cp, I can see my changes, but the Defender client is not showing these exclusions. Only after a restart it will apply the new exclusions. Any thoughts?
Unfortunately I can't edit my previous post. But I've found out why the default exclusions came back. During the setup with the MS documentation there was also a cp created with the .plist settings. In this plist were those default exclusions. I've removed that one and all is fine.
For now I have to find out how to disable the functionality to add exclusions by the user. At this point, my users should be able to add anything as an exclusion :-).
Would we need to set up these profiles now since the jAMF catalog has defender available for distribution?
