Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Adds Windows Defender exclusions for Visual Studio 2017
$userPath = $env:USERPROFILE
$pathExclusions = New-Object System.Collections.ArrayList
$processExclusions = New-Object System.Collections.ArrayList
$pathExclusions.Add('C:\Windows\Microsoft.NET') > $null
$pathExclusions.Add('C:\Windows\assembly') > $null
$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio') > $null
$pathExclusions.Add('C:\ProgramData\Microsoft\VisualStudio\Packages') > $null
$pathExclusions.Add('C:\Program Files (x86)\MSBuild') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 14.0') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 10.0') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft SDKs\NuGetPackages') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft SDKs') > $null
$processExclusions.Add('devenv.exe') > $null
$processExclusions.Add('dotnet.exe') > $null
$processExclusions.Add('msbuild.exe') > $null
$processExclusions.Add('node.exe') > $null
$processExclusions.Add('node.js') > $null
$processExclusions.Add('perfwatson2.exe') > $null
$processExclusions.Add('ServiceHub.Host.Node.x86.exe') > $null
$processExclusions.Add('vbcscompiler.exe') > $null
Write-Host "This script will create Windows Defender exclusions for common Visual Studio 2017 folders and processes."
Write-Host ""
$projectsFolder = Read-Host 'What is the path to your Projects folder? (example: c:\projects)'
Write-Host ""
Write-Host "Adding Path Exclusion: " $projectsFolder
Add-MpPreference -ExclusionPath $projectsFolder
foreach ($exclusion in $pathExclusions)
{
Write-Host "Adding Path Exclusion: " $exclusion
Add-MpPreference -ExclusionPath $exclusion
}
foreach ($exclusion in $processExclusions)
{
Write-Host "Adding Process Exclusion: " $exclusion
Add-MpPreference -ExclusionProcess $exclusion
}
Write-Host ""
Write-Host "Your Exclusions:"
$prefs = Get-MpPreference
$prefs.ExclusionPath
$prefs.ExclusionProcess
Write-Host ""
Write-Host "Enjoy faster build times and coding!"
Write-Host ""
@outbred

This comment has been minimized.

Copy link

@outbred outbred commented Oct 31, 2018

Thanks for this! I was going to write my own, so thanks for sharing and saving us all the hassle!

BTW - I added 4 more processes to exclude:

$processExclusions.Add('testhost.exe') > $null
$processExclusions.Add('datacollector.exe') > $null
$processExclusions.Add('IntelliTrace.exe') > $null
$processExclusions.Add('CodeCoverage.exe') > $null

Thanks again!

@metablaster

This comment has been minimized.

Copy link

@metablaster metablaster commented Sep 2, 2019

Note that most of process exclusions are not necessary because excluding a folder recursively excludes all sub folders and all their contents.

For Visual Studio exclusions therefore only first 14 lines are needed, the rest of the script makes no sense except project directory.
That is my setup to speed up intelisense tested and it works.

@schroederactino

This comment has been minimized.

Copy link

@schroederactino schroederactino commented Sep 9, 2019

Thank you . You're the man! Took me ages to find out that Windows Defender do sabotage my projects and builds (Access Denied to EXE and sources)! And then I found you're script.

@nibor2004

This comment has been minimized.

Copy link

@nibor2004 nibor2004 commented Sep 25, 2019

where do i add this?

@metablaster

This comment has been minimized.

Copy link

@metablaster metablaster commented Sep 25, 2019

@nibor2004 just open up Windows defender and add folders to exclusion settings according to this script.

@dknoodle

This comment has been minimized.

Copy link
Owner Author

@dknoodle dknoodle commented Sep 25, 2019

@nibor2004 It's a PowerShell script so just run the script in a PowerShell window. You will need to run PowerShell as Administrator.

@jean-neveling

This comment has been minimized.

Copy link

@jean-neveling jean-neveling commented Dec 24, 2019

Brilliant, thanks so much... major performance improvement

@robertbaker

This comment has been minimized.

Copy link

@robertbaker robertbaker commented Sep 19, 2020

The process exclusions should be an absolute path, otherwise you might as well just turn off Windows Defender Real Time Protection.

@travisterrell

This comment has been minimized.

Copy link

@travisterrell travisterrell commented Jan 26, 2021

The process exclusions should be an absolute path, otherwise you might as well just turn off Windows Defender Real Time Protection.

@robertbaker Could you please explain why this is? My logic would assume that only 1 process will match the file name, regardless of whether it has the full path. I don't doubt your statement, but if you can elaborate, it will be helpful as I wasn't able to find any real sources online to help explain to me why using the filename only would be a risk.

Update: I have a thought. If another (malicious) program names its process devenv.exe (for example), then it would effectively exclude itself from monitoring due to the process name match. Is this what you were thinking?

@metablaster

This comment has been minimized.

Copy link

@metablaster metablaster commented Jan 26, 2021

it will be helpful as I wasn't able to find any real sources online to help explain to me why using the filename only would be a risk.

Update: I have a thought. If another (malicious) program names its process devenv.exe (for example), then it would effectively exclude itself from monitoring due to the process name match. Is this what you were thinking?

@travisterrell

There is official MS documentation that confirms this, if you specify only file name (and extension) then it will match all processes with that name. (from different path locations ofc.)

exclusion based on directory is less of a risk but it depends on following:

  1. if path leads to secure locations (ex. Program Files) then it is safe because installing into this location requires privileges
  2. otherwise it is not safe because any user may copy executable to target location.

So conclusion is that specifying full path is the safest method.

@travisterrell

This comment has been minimized.

Copy link

@travisterrell travisterrell commented Jan 26, 2021

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment