Defender Path Exception (macOS)

This guide will show an administrator how to configure a directory path that will be excluded from Defender Antivirus interference on Intune joined macOS devices.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Defender macOS Path Exclusion

1. Navigate to the Configuration Profiles - Intune portal. Select the Security Essentials macOS Defender Settings configuration profile or an equivalent macOS Antivirus configuration profile.
   
2. Scroll down to Configuration Settings and select Edit.
   
3. Find the Scan Exclusions section and select the Add button, an entry should be generated below. Select the Edit Instance button to configure the item to be a path or directory exclusion. A pop-out will be generated, specify the Type as Path from the dropdown, make sure to also configure the radio selection below based on the desired Path you want to create the exclusion for. Supply the desired Path in the provided text field (the Path structure will vary depending on the previously specified radio selection above). It is recommended that these are not commonly used locations – such as the Downloads or Documents folder – but instead locations used by approved custom applications. Along with this, it is highly discouraged to create a path that users are aware bypasses antivirus scanning. Paths included here should not be known to the user and used for application functionality only, lest the user place a downloaded file in this known bypassed location and introduce risk to the system. Select Save to finalize the File Extension exclusion addition, followed by selecting Review + save to proceed to the review section.
   
4. From the Review section, you will be able to select the Settings dropdown to verify that the necessary exclusions are properly generating. Select Save to finalize the necessary file extension exclusion. Rule changes propagate in less than 24 hours.
   

Need Assistance?