Adds Windows Defender exclusions for Visual Studio 2017

Windows Defender Exclusions VS 2017.ps1

$userPath = $env:USERPROFILE
$pathExclusions = New-Object System.Collections.ArrayList
$processExclusions = New-Object System.Collections.ArrayList

$pathExclusions.Add('C:\Windows\Microsoft.NET') > $null
$pathExclusions.Add('C:\Windows\assembly') > $null
$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio') > $null
$pathExclusions.Add('C:\ProgramData\Microsoft\VisualStudio\Packages') > $null
$pathExclusions.Add('C:\Program Files (x86)\MSBuild') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 14.0') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 10.0') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft SDKs\NuGetPackages') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft SDKs') > $null

$processExclusions.Add('devenv.exe') > $null
$processExclusions.Add('dotnet.exe') > $null
$processExclusions.Add('msbuild.exe') > $null
$processExclusions.Add('node.exe') > $null
$processExclusions.Add('node.js') > $null
$processExclusions.Add('perfwatson2.exe') > $null
$processExclusions.Add('ServiceHub.Host.Node.x86.exe') > $null
$processExclusions.Add('vbcscompiler.exe') > $null

Write-Host "This script will create Windows Defender exclusions for common Visual Studio 2017 folders and processes."
Write-Host ""
$projectsFolder = Read-Host 'What is the path to your Projects folder? (example: c:\projects)'

Write-Host ""
Write-Host "Adding Path Exclusion: " $projectsFolder
Add-MpPreference -ExclusionPath $projectsFolder

foreach ($exclusion in $pathExclusions) 
{
    Write-Host "Adding Path Exclusion: " $exclusion
    Add-MpPreference -ExclusionPath $exclusion
}

foreach ($exclusion in $processExclusions)
{
    Write-Host "Adding Process Exclusion: " $exclusion
    Add-MpPreference -ExclusionProcess $exclusion
}

Write-Host ""
Write-Host "Your Exclusions:"

$prefs = Get-MpPreference
$prefs.ExclusionPath
$prefs.ExclusionProcess

Write-Host ""
Write-Host "Enjoy faster build times and coding!"
Write-Host ""

it will be helpful as I wasn't able to find any real sources online to help explain to me why using the filename only would be a risk.

Update: I have a thought. If another (malicious) program names its process devenv.exe (for example), then it would effectively exclude itself from monitoring due to the process name match. Is this what you were thinking?

@travisterrell

There is official MS documentation that confirms this, if you specify only file name (and extension) then it will match all processes with that name. (from different path locations ofc.)

exclusion based on directory is less of a risk but it depends on following:

1. if path leads to secure locations (ex. Program Files) then it is safe because installing into this location requires privileges
2. otherwise it is not safe because any user may copy executable to target location.

So conclusion is that specifying full path is the safest method.

2017.ps1/comments/[email protected]> References: [email protected]> <dknoodle/Windows Defender Exclusions VS 2017.ps1/comments/[email protected]> From: [email protected] To: dknoodle <[email protected]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--_com.boxer.email_2450223797837680"

…

----_com.boxer.email_2450223797837680 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 VGhhbmtzIGZvciBhbGwgdGhlIGluZm8hIFllcywgdGhhdCBkb2VzIG1ha2UgdG90YWwgc2Vuc2Uu IEkgd2VudCBhaGVhZCBhbmQgYWRkZWQgYWJzb2x1dGUgcGF0aHMgKGZvciBteSBtYWNoaW5lLCBh dCBsZWFzdCkgdG8gbXkgZm9yayBvZiB0aGlzLCBhcyB3ZWxsIGFzIG9taXQgYSBjb3VwbGUgb2Yg ZXhjbHVzaW9ucyB0aGlzIGhhZC4gCgoKSSdtIGdsYWQgeW91ciBwb2ludGVkIHRoYXQgb3V0IGFi b3V0IFByb2dyYW0gRmlsZXMuIEkgaGFkbid0IGNvbnNpZGVyZWQgdGhhdCB0aG9zZSBleGNsdXNp b25zIHNob3VsZCBiZSBjb21wYXJhdGl2ZWx5IHNhZmVyLiBJJ2xsIGhhdmUgdG8gcmV2aWV3IG15 IHNjcmlwdCBsYXRlciBmb3IgcmVsYXRlZCBzZWN1cml0eSBpc3N1ZXMgKGFuZCBwcm9iYWJseSBt YWtlIGFuICJ1bmRvIiBzY3JpcHQgYXMgd2VsbCwgdG8gcnVuIGJlZm9yZSBhcHBseWluZyBuZXcg Y2hhbmdlcy4pIAoKClRoYW5rcyBhZ2FpbiwgCgpUcmF2aXMgCgoKCgpPbiBKYW4gMjYsIDIwMjEg MTo1NyBQTSwgbWV0YWJsYXN0ZXIgPG5vdGlmaWNhdGlvbnNAZ2l0aHViLmNvbT4gd3JvdGU6IAoK QG1ldGFibGFzdGVyIGNvbW1lbnRlZCBvbiB0aGlzIGdpc3QuIF9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXwoKaXQgd2lsbCBiZSBoZWxwZnVsIGFzIEkgd2Fzbid0 IGFibGUgdG8gZmluZCBhbnkgcmVhbCBzb3VyY2VzIG9ubGluZSB0byBoZWxwIGV4cGxhaW4gdG8g bWUgd2h5IHVzaW5nIHRoZSBmaWxlbmFtZSBvbmx5IHdvdWxkIGJlIGEgcmlzay4KClVwZGF0ZTog SSBoYXZlIGEgdGhvdWdodC4gSWYgYW5vdGhlciAobWFsaWNpb3VzKSBwcm9ncmFtIG5hbWVzIGl0 cyBwcm9jZXNzIGRldmVudi5leGUgKGZvciBleGFtcGxlKSwgdGhlbiBpdCB3b3VsZCBlZmZlY3Rp dmVseSBleGNsdWRlIGl0c2VsZiBmcm9tIG1vbml0b3JpbmcgZHVlIHRvIHRoZSBwcm9jZXNzIG5h bWUgbWF0Y2guIElzIHRoaXMgd2hhdCB5b3Ugd2VyZSB0aGlua2luZz8KCkB0cmF2aXN0ZXJyZWxs CgpUaGVyZSBpcyBvZmZpY2lhbCBNUyBkb2N1bWVudGF0aW9uIHRoYXQgY29uZmlybXMgdGhpcywg aWYgeW91IHNwZWNpZnkgb25seSBmaWxlIG5hbWUgKGFuZCBleHRlbnNpb24pIHRoZW4gaXQgd2ls bCBtYXRjaCBhbGwgcHJvY2Vzc2VzIHdpdGggdGhhdCBuYW1lLiAoZnJvbSBkaWZmZXJlbnQgcGF0 aCBsb2NhdGlvbnMgb2ZjLikKCmV4Y2x1c2lvbiBiYXNlZCBvbiBkaXJlY3RvcnkgaXMgbGVzcyBv ZiBhIHJpc2sgYnV0IGl0IGRlcGVuZHMgb24gZm9sbG93aW5nOgoKaWYgcGF0aCBsZWFkcyB0byBz ZWN1cmUgbG9jYXRpb25zIChleC4gUHJvZ3JhbSBGaWxlcykgdGhlbiBpdCBpcyBzYWZlIGJlY2F1 c2UgaW5zdGFsbGluZyBpbnRvIHRoaXMgbG9jYXRpb24gcmVxdWlyZXMgcHJpdmlsZWdlcwoKb3Ro ZXJ3aXNlIGl0IGlzIG5vdCBzYWZlIGJlY2F1c2UgYW55IHVzZXIgbWF5IGNvcHkgZXhlY3V0YWJs ZSB0byB0YXJnZXQgbG9jYXRpb24uCgpTbyBjb25jbHVzaW9uIGlzIHRoYXQgc3BlY2lmeWluZyBm dWxsIHBhdGggaXMgdGhlIHNhZmVzdCBtZXRob2QuCgrigJQKWW91IGFyZSByZWNlaXZpbmcgdGhp cyBiZWNhdXNlIHlvdSB3ZXJlIG1lbnRpb25lZC4KUmVwbHkgdG8gdGhpcyBlbWFpbCBkaXJlY3Rs eSwgdmlldyBpdCBvbiBHaXRIdWIsIG9yIHVuc3Vic2NyaWJlLiAKCg== ----_com.boxer.email_2450223797837680 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGh0bWw+CiA8aGVhZD48L2hlYWQ+CiA8Ym9keT4KICA8ZGl2IGRpcj0ibHRyIj4KICAgVGhhbmtz IGZvciBhbGwgdGhlIGluZm8hIFllcywgdGhhdCBkb2VzIG1ha2UgdG90YWwgc2Vuc2UuIEkgd2Vu dCBhaGVhZCBhbmQgYWRkZWQgYWJzb2x1dGUgcGF0aHMgKGZvciBteSBtYWNoaW5lLCBhdCBsZWFz dCkgdG8gbXkgZm9yayBvZiB0aGlzLCBhcyB3ZWxsIGFzIG9taXQgYSBjb3VwbGUgb2YgZXhjbHVz aW9ucyB0aGlzIGhhZC4gCiAgPC9kaXY+IAogIDxicj4KICA8ZGl2IGRpcj0ibHRyIj4KICAgSSdt IGdsYWQgeW91ciBwb2ludGVkIHRoYXQgb3V0IGFib3V0IFByb2dyYW0gRmlsZXMuIEkgaGFkbid0 IGNvbnNpZGVyZWQgdGhhdCB0aG9zZSBleGNsdXNpb25zIHNob3VsZCBiZSBjb21wYXJhdGl2ZWx5 IHNhZmVyLiBJJ2xsIGhhdmUgdG8gcmV2aWV3IG15IHNjcmlwdCBsYXRlciBmb3IgcmVsYXRlZCBz ZWN1cml0eSBpc3N1ZXMgKGFuZCBwcm9iYWJseSBtYWtlIGFuICJ1bmRvIiBzY3JpcHQgYXMgd2Vs bCwgdG8gcnVuIGJlZm9yZSBhcHBseWluZyBuZXcgY2hhbmdlcy4pCiAgPC9kaXY+IAogIDxicj4K ICA8ZGl2IGRpcj0ibHRyIj4KICAgVGhhbmtzIGFnYWluLAogIDwvZGl2PiAKICA8ZGl2IGRpcj0i bHRyIj4KICAgVHJhdmlzCiAgPC9kaXY+IAogIDxicj4KICA8YnI+CiAgPGJyPgogIDxkaXYgY2xh c3M9ImJ4LWh0bWwiPiAgCiAgIDxkaXYgY2xhc3M9ImJ4LWJvZHkiPiAKICAgIDxkaXYgY2xhc3M9 InF1b3RlIj4KICAgICAgT24gSmFuIDI2LCAyMDIxIDE6NTcgUE0sIG1ldGFibGFzdGVyICZsdDtu b3RpZmljYXRpb25zQGdpdGh1Yi5jb20mZ3Q7IHdyb3RlOiAKICAgICA8YnIgdHlwZT0iYXR0cmli dXRpb24iPiAKICAgICA8YmxvY2txdW90ZSBjbGFzcz0icXVvdGUiIHN0eWxlPSJtYXJnaW46MCAw IDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xpZDtwYWRkaW5nLWxlZnQ6MWV4Ij4gCiAg ICAgIDxzdHJvbmc+QG1ldGFibGFzdGVyPC9zdHJvbmc+IGNvbW1lbnRlZCBvbiB0aGlzIGdpc3Qu IAogICAgICA8aHI+IAogICAgICA8YmxvY2txdW90ZT4gCiAgICAgICA8cD5pdCB3aWxsIGJlIGhl bHBmdWwgYXMgSSB3YXNuJ3QgYWJsZSB0byBmaW5kIGFueSByZWFsIHNvdXJjZXMgb25saW5lIHRv IGhlbHAgZXhwbGFpbiB0byBtZSB3aHkgdXNpbmcgdGhlIGZpbGVuYW1lIG9ubHkgd291bGQgYmUg YSByaXNrLjwvcD4gCiAgICAgICA8cD5VcGRhdGU6IEkgaGF2ZSBhIHRob3VnaHQuIElmIGFub3Ro ZXIgKG1hbGljaW91cykgcHJvZ3JhbSBuYW1lcyBpdHMgcHJvY2VzcyBkZXZlbnYuZXhlIChmb3Ig ZXhhbXBsZSksIHRoZW4gaXQgd291bGQgZWZmZWN0aXZlbHkgZXhjbHVkZSBpdHNlbGYgZnJvbSBt b25pdG9yaW5nIGR1ZSB0byB0aGUgcHJvY2VzcyBuYW1lIG1hdGNoLiBJcyB0aGlzIHdoYXQgeW91 IHdlcmUgdGhpbmtpbmc/PC9wPiAKICAgICAgPC9ibG9ja3F1b3RlPiAKICAgICAgPHA+PGEgY2xh c3M9InVzZXItbWVudGlvbiIgZGF0YS1ob3ZlcmNhcmQtdHlwZT0idXNlciIgZGF0YS1ob3ZlcmNh cmQtdXJsPSIvdXNlcnMvdHJhdmlzdGVycmVsbC9ob3ZlcmNhcmQiIGRhdGEtb2N0by1jbGljaz0i aG92ZXJjYXJkLWxpbmstY2xpY2siIGRhdGEtb2N0by1kaW1lbnNpb25zPSJsaW5rX3R5cGU6c2Vs ZiIgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL3RyYXZpc3RlcnJlbGwiPkB0cmF2aXN0ZXJyZWxs PC9hPjwvcD4gCiAgICAgIDxwPlRoZXJlIGlzIG9mZmljaWFsIE1TIGRvY3VtZW50YXRpb24gdGhh dCBjb25maXJtcyB0aGlzLCBpZiB5b3Ugc3BlY2lmeSBvbmx5IGZpbGUgbmFtZSAoYW5kIGV4dGVu c2lvbikgdGhlbiBpdCB3aWxsIG1hdGNoIGFsbCBwcm9jZXNzZXMgd2l0aCB0aGF0IG5hbWUuIChm cm9tIGRpZmZlcmVudCBwYXRoIGxvY2F0aW9ucyBvZmMuKTwvcD4gCiAgICAgIDxwPmV4Y2x1c2lv biBiYXNlZCBvbiBkaXJlY3RvcnkgaXMgbGVzcyBvZiBhIHJpc2sgYnV0IGl0IGRlcGVuZHMgb24g Zm9sbG93aW5nOjwvcD4gCiAgICAgIDxvbD4gCiAgICAgICA8bGk+aWYgcGF0aCBsZWFkcyB0byBz ZWN1cmUgbG9jYXRpb25zIChleC4gUHJvZ3JhbSBGaWxlcykgdGhlbiBpdCBpcyBzYWZlIGJlY2F1 c2UgaW5zdGFsbGluZyBpbnRvIHRoaXMgbG9jYXRpb24gcmVxdWlyZXMgcHJpdmlsZWdlczwvbGk+ IAogICAgICAgPGxpPm90aGVyd2lzZSBpdCBpcyBub3Qgc2FmZSBiZWNhdXNlIGFueSB1c2VyIG1h eSBjb3B5IGV4ZWN1dGFibGUgdG8gdGFyZ2V0IGxvY2F0aW9uLjwvbGk+IAogICAgICA8L29sPiAK ICAgICAgPHA+U28gY29uY2x1c2lvbiBpcyB0aGF0IHNwZWNpZnlpbmcgZnVsbCBwYXRoIGlzIHRo ZSBzYWZlc3QgbWV0aG9kLjwvcD4gCiAgICAgIDxwIHN0eWxlPSJmb250LXNpemU6c21hbGw7LXdl YmtpdC10ZXh0LXNpemUtYWRqdXN0Om5vbmU7Y29sb3I6IzY2NjsiPuKAlDxicj5Zb3UgYXJlIHJl Y2VpdmluZyB0aGlzIGJlY2F1c2UgeW91IHdlcmUgbWVudGlvbmVkLjxicj5SZXBseSB0byB0aGlz IGVtYWlsIGRpcmVjdGx5LCA8YSBocmVmPSJodHRwczovL2dpc3QuZ2l0aHViLmNvbS81YTY2Yjhi OGEzZjIyNDNmNGNhNWM4NTViMzIzY2I3YiNnaXN0Y29tbWVudC0zNjA4Njg0Ij52aWV3IGl0IG9u IEdpdEh1YjwvYT4sIG9yIDxhIGhyZWY9Imh0dHBzOi8vZ2l0aHViLmNvbS9ub3RpZmljYXRpb25z L3Vuc3Vic2NyaWJlLWF1dGgvQURNVUc1UUI3UEJINVpMS1o2QkREWkxTMzROQ1pBTkNORlNNNElU QUNXQ0EiPnVuc3Vic2NyaWJlPC9hPi48aW1nIHNyYz0iaHR0cHM6Ly9naXRodWIuY29tL25vdGlm aWNhdGlvbnMvYmVhY29uL0FETVVHNVMzUkJOMjNTMlpWVFFBV1JEUzM0TkNaQTVDTkZTTTRJVEFD V0NLWVkzUE5WV1dLM1RVTDUySFM0REZWTkRXUzQzVUlOWFcyM0xGTloyS1VZM1BOVldXSzNUVUw1 VVdKVFFBRzRJR1kuZ2lmIiBoZWlnaHQ9IjEiIHdpZHRoPSIxIiBhbHQ9IiI+PC9wPiAKICAgICAg PHNjcmlwdCB0eXBlPSJhcHBsaWNhdGlvbi9sZCtqc29uIj5bDQp7DQoiQGNvbnRleHQiOiAiaHR0 cDovL3NjaGVtYS5vcmciLA0KIkB0eXBlIjogIkVtYWlsTWVzc2FnZSIsDQoicG90ZW50aWFsQWN0 aW9uIjogew0KIkB0eXBlIjogIlZpZXdBY3Rpb24iLA0KInRhcmdldCI6ICJodHRwczovL2dpc3Qu Z2l0aHViLmNvbS81YTY2YjhiOGEzZjIyNDNmNGNhNWM4NTViMzIzY2I3YiNnaXN0Y29tbWVudC0z NjA4Njg0IiwNCiJ1cmwiOiAiaHR0cHM6Ly9naXN0LmdpdGh1Yi5jb20vNWE2NmI4YjhhM2YyMjQz ZjRjYTVjODU1YjMyM2NiN2IjZ2lzdGNvbW1lbnQtMzYwODY4NCIsDQoibmFtZSI6ICJWaWV3IEdp c3QiDQp9LA0KImRlc2NyaXB0aW9uIjogIlZpZXcgdGhpcyBHaXN0IG9uIEdpdEh1YiIsDQoicHVi bGlzaGVyIjogew0KIkB0eXBlIjogIk9yZ2FuaXphdGlvbiIsDQoibmFtZSI6ICJHaXRIdWIiLA0K InVybCI6ICJodHRwczovL2dpdGh1Yi5jb20iDQp9DQp9DQpdPC9zY3JpcHQ+IAogICAgIDwvYmxv Y2txdW90ZT4gCiAgICA8L2Rpdj4gCiAgIDwvZGl2PiAKICA8L2Rpdj4KIDwvYm9keT4KPC9odG1s Pg== ----_com.boxer.email_2450223797837680--

Additional list of executables in 2019:

$processExclusions.Add('ServiceHub.Host.Node.x64.exe') > $null
$processExclusions.Add('ServiceHub.Host.CLR.x86.exe') > $null
$processExclusions.Add('ServiceHub.Host.CLR.x64.exe') > $null
$processExclusions.Add('ServiceHub.RoslynCodeAnalysisService.exe') > $null
$processExclusions.Add('iisexpress.exe') > $null
$processExclusions.Add('Microsoft.VisualStudio.Web.Host.exe') > $null
$processExclusions.Add('ServiceHub.DataWarehouseHost.exe') > $null
$processExclusions.Add('ScriptedSandbox64.exe') > $null
$processExclusions.Add('ServiceHub.SettingsHost.exe') > $null
$processExclusions.Add('ServiceHub.IdentityHost.exe') > $null
$processExclusions.Add('conhost.exe') > $null
$processExclusions.Add('ServiceHub.VSDetouredHost.exe') > $null
$processExclusions.Add('vstest.console.exe') > $null

I'm having developers crippled by Defender, but MS do not recommend this action (see here)

I created an updated script with more warnings, updates for VS 2022, and some other developer tools. Use at your own risk. This definitely opens up a number of potential security vulnerabilities.

https://gist.github.com/dknoodle/959d6e9d399e51cc28957f85d4b4417f