This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 73%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi Community Members,
Does anyone know where would be the events to locate for Defender files and folder paths and file exclusions performed by Admins? Its an enterprise Defender solution and not home. Many Thanks.
Hi @joomla3597 , we are investigating your issue and will get back to you as soon as possible.
Best,
James
Hi @joomla3597 , you should be able to use File Integrity Monitoring for this:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview
Microsoft Defender configurations, including exclusions, are often stored in specific files. However, many settings are stored in the Windows Registry.
Common registry keys related to Microsoft Defender exclusions include:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\PathsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\PathsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\ExtensionsHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\ExtensionYou can add these to your FIM monitoring list.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James