27

I know how to exclude a file or folder (directory) from Windows Defender in Windows 10. What I'm not sure about is whether this exclusion applies to all sub directories within that directory? It seems to me like it should, but I couldn't find anything from a quick Google search that revealed the answer. Thanks!

Update
I'm hoping to get some actual documentation for this. I agree that it seems like it should, but I couldn't find definitive source for the answer, other than my own assumptions.

Improve this question
3
  • Yes; It does indeed include directories and files within an excluded directory.
    – Ramhound
    Commented Sep 7, 2016 at 14:55
  • Kinda-sorta. It appears that that when transferring files from a local drive to a remote drive, with both sources excluded, Antimaleware Service Executable spikes hard in little bursts slowing down the copy-operations. I'm guessing each file is being assessed as to whether or not it's in a white-listed location, so it's not scanning them but it's still slowing stuff down, just not as much as it would if it performed a scan on each file.
    – kayleeFrye_onDeck
    Commented Apr 13, 2019 at 2:15
  • The funny thing is, if they updated Windows Defender to use WinRT for that location-check, they'd only ever need to check the top-level directory node (not the files inside them) one time instead of N times and then use the WinRT data structure to iterate through all the items in that node, where N represents the amount of filesystem objects. sigh
    – kayleeFrye_onDeck
    Commented Apr 13, 2019 at 2:21

3 Answers 3

Reset to default
26

Yes, excluding a directory in Defender will also exclude all files and subdirectories recursively.

Improve this answer
6
  • 10
    Any chance you've got a source? Experience counts :)
    – Nick DeVore
    Commented Sep 20, 2016 at 23:39
  • 15
    This is one of my personal SO/SU accounts, but I work for Microsoft on the Windows Defender team.
    – RaptorFactor
    Commented Sep 22, 2016 at 19:48
  • 4
    Well, I suppose that's good enough ;) Reminds me of Mark Adler's comment from his answer about the code he wrote stackoverflow.com/a/20765054/1380
    – Nick DeVore
    Commented Sep 22, 2016 at 23:33
  • @RaptorFactor does the exclusions apply to real time scanning? Documentation says so, but some people disagree.
    – rollsch
    Commented Sep 1, 2022 at 1:33
  • 1
    @NickDeVore Here you go: "A folder exclusion will apply to all subfolders within the folder as well."
    – Michael
    Commented Aug 15, 2023 at 17:16
19

sub directories are excluded, too. documented here: https://support.microsoft.com/en-sg/help/4028485/windows-10-add-an-exclusion-to-windows-defender-antivirus

Improve this answer
1
  • That should be the accepted answer considering the reference. :) " A folder exclusion will apply to all subfolders within the folder as well."
    – Samuel
    Commented Sep 18, 2020 at 10:04
11

Yes, subdirectories are covered by exclusions. HOWEVER, exclusions only apply to scanning, not to Real-Time Protection. If Real-Time Protection is active, every loaded executable is scanned, even those loaded from an excluded directory.

Improve this answer
6
  • 3
    +1 to mention that it does no apply to real time protection scanning.
    – bebbo
    Commented Aug 11, 2018 at 16:55
  • 11
    The documentation says differently: "The exclusions apply to scheduled scans, on-demand scans, and always-on real-time protection and monitoring. Exclusions for process-opened files only apply to real-time protection." Source: docs.microsoft.com/en-us/windows/security/threat-protection/…
    – Helge Klein
    Commented Oct 9, 2018 at 21:28
  • 2
    In my actual experience at least one excluded directory did get scanned. I know because one of the files got flagged.
    – RashaMatt
    Commented Oct 10, 2018 at 22:07
  • 1
    Oh, so that's what's going on. Every time I compile our application, Windows Defender sits at 100% CPU usage for an hour afterwards, even without moving bytes. I added everything in Exclusions, now I know why.
    – Brain2000
    Commented Nov 30, 2018 at 21:26
  • 2
    From testing with EICAR (en.wikipedia.org/wiki/EICAR_test_file) this answer is inaccurate; Defender's real-time protection rightly ignores excluded folders, and indeed subfolders, per @weberjn's answer. As for RashaMatt's experience, it's possible that a process was running that was flagged by Defender, that happened to exist in an excluded folder. Note that processes as well as paths can be excluded, per learn.microsoft.com/en-us/microsoft-365/security/…
    – Jimadine
    Commented Feb 14, 2023 at 21:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .