This guide will show an administrator how to configure a process that will be excluded from Defender Antivirus interference on Intune joined macOS devices.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: Device Security
Domain: Antivirus Management
Modifies: Defender Antivirus Process Exclusions
Defender macOS Process Exclusion
- Navigate to the Configuration Profiles - Intune portal. Select the Security Essentials macOS Defender Settings configuration profile or an equivalent macOS Antivirus configuration profile.
- Scroll down to Configuration Settings and select Edit.
- Find the Scan Exclusions section and select the Add button, an entry should be generated below. Select the Edit Instance button to configure the item to be a process exclusion. A pop-out will be generated, specify the Type as File Name from the dropdown, supply the desired File Name associated with the desired process in the provided text field (specified either by the full path or file name). It is recommended that these are not commonly used processes or processes which could be used to spawn in malware. Select Save to finalize the File Extension exclusion addition, followed by selecting Review + save to proceed to the review section.
- From the Review section, you will be able to select the Settings dropdown to verify that the necessary exclusions are properly generating. Select Save to finalize the necessary file extension exclusion. Rule changes propagate in less than 24 hours.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.