This guide will show an administrator how to specify a file extension that will be excluded from Defender Antivirus interference on Intune joined macOS devices.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Defender macOS Extension Exclusion
- Navigate to the Configuration Profiles - Intune portal. Select the Security Essentials macOS Defender Settings configuration profile or an equivalent macOS Antivirus configuration profile.
- Scroll down to Configuration Settings and select Edit.
- Find the Scan Exclusions section and select the Add button, an entry should be generated below. Select the Edit Instance button to configure the item to be an extension exclusion. A pop-out will be generated, specify the Type as File Extension from the dropdown, supply the desired File Extension in the provided text field (include the period when providing the desired extension type). It is recommended that these are not commonly malicious file extensions – such as .dat, .dmg, etc. Select Save to finalize the File Extension exclusion addition, followed by selecting Review + save to proceed to the review section.
- From the Review section, you will be able to select the Settings dropdown to verify that the necessary exclusions are properly generating. Select Save to finalize the necessary file extension exclusion. Rule changes propagate in less than 24 hours.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.