Microsoft Defender is the built-in antivirus solution included with Windows 11, offering real-time protection against viruses, malware, ransomware, and other security threats. In most cases, it works quietly in the background and automatically scans apps and files to keep your PC secure. However, there are times when Defender may incorrectly identify a trusted application as a threat or interfere with software that you know is safe.
Rather than disabling Microsoft Defender entirely, Windows 11 allows you to create exclusions for specific apps, folders, files, or processes. An exclusion tells Microsoft Defender to skip scanning selected items, allowing them to run without being blocked while maintaining protection for the rest of your system. This is a much safer approach than turning off antivirus protection completely.
In this guide, you’ll learn several ways to exclude a specific app from Microsoft Defender in Windows 11, along with important security considerations and troubleshooting tips.
Why Exclude an App from Microsoft Defender?
There are several legitimate reasons to exclude an application from Defender’s scans.
- A trusted application is mistakenly detected as malicious.
- A development tool generates files that trigger antivirus alerts.
- A game experiences performance issues during real-time scanning.
- Professional software requires unrestricted access to certain files.
- You want to reduce scanning delays for large projects or databases.
- A custom business application is repeatedly flagged despite being safe.
Only exclude applications that you trust completely and have obtained from reliable sources.
Before You Add an Exclusion
Before creating an exclusion, consider the following:
- Verify the application’s source.
- Download software only from official websites.
- Scan the app with Microsoft Defender before excluding it.
- Keep Windows Security updated.
- Remove exclusions when they are no longer needed.
Adding unnecessary exclusions can reduce your computer’s overall security.
Method 1: Exclude an App Using Windows Security
This is the easiest and recommended method.
- Press Windows + I to open Settings.
- Select Privacy & security.
- Click Windows Security.
- Choose Virus & threat protection.
- Under Virus & threat protection settings, click Manage settings.
- Scroll to Exclusions.
- Select Add or remove exclusions.
- Click Add an exclusion.
- Choose one of the available options:
- File
- Folder
- File type
- Process
- Select the application or its installation folder.
- Confirm the User Account Control prompt if it appears.
Microsoft Defender will now skip scanning the selected item.
Understanding Exclusion Types
Windows Security offers multiple exclusion options. Choosing the correct one improves security.
File
Excludes only one specific executable or file.
Example:
C:\Program Files\AppName\App.exe
Folder
Excludes every file inside a folder and its subfolders.
This option is useful for development environments or large application directories.
File Type
Excludes all files with a particular extension.
For example:
.iso
.log
.tmp
Use this option carefully because it affects every file with that extension.
Process
Excludes a running process from scanning.
This is useful when a specific executable repeatedly triggers Defender during normal operation.
Method 2: Add an Exclusion Using PowerShell
Advanced users can create exclusions using PowerShell.
- Open PowerShell as Administrator.
- Run the following command:
Add-MpPreference -ExclusionPath "C:\Program Files\AppName"
To exclude a single file:
Add-MpPreference -ExclusionPath "C:\Program Files\AppName\App.exe"
To exclude a process:
Add-MpPreference -ExclusionProcess "App.exe"
The exclusion is applied immediately.
Method 3: Remove an Exclusion with PowerShell
To remove an exclusion later:
Remove-MpPreference -ExclusionPath "C:\Program Files\AppName"
For a process:
Remove-MpPreference -ExclusionProcess "App.exe"
This restores normal Defender scanning.
Method 4: View Existing Exclusions
You can review all current exclusions.
Open PowerShell as Administrator and run:
Get-MpPreference
Look for the following entries:
- ExclusionPath
- ExclusionProcess
- ExclusionExtension
Review these regularly to ensure unnecessary exclusions are removed.
Method 5: Add an Exclusion Using Group Policy
This option is available in Windows 11 Pro, Enterprise, and Education editions.
- Press Windows + R.
- Type:
gpedit.msc
- Navigate to:
Computer Configuration
→ Administrative Templates
→ Microsoft Defender Antivirus
→ Exclusions
- Configure the appropriate exclusion policy.
- Save the changes.
- Restart the computer or update Group Policy.
This method is commonly used in business environments.
Method 6: Add an Exclusion Using Windows Terminal
Windows Terminal can also execute Defender PowerShell commands.
Open Windows Terminal as Administrator.
Run:
Add-MpPreference -ExclusionProcess "App.exe"
or
Add-MpPreference -ExclusionPath "C:\Apps\MyApplication"
The commands work the same as PowerShell.
Verify the Exclusion
After adding an exclusion:
- Return to Windows Security.
- Open Virus & threat protection.
- Select Manage settings.
- Open Add or remove exclusions.
Your application should appear in the exclusion list.
You can also verify using:
Get-MpPreference
How to Remove an Exclusion
If you no longer trust an application:
- Open Windows Security.
- Go to Virus & threat protection.
- Select Manage settings.
- Open Add or remove exclusions.
- Click the exclusion.
- Select Remove.
Microsoft Defender immediately resumes scanning the application.
Is It Safe to Exclude an App?
Excluding an application should only be done when absolutely necessary.
Avoid excluding:
- Unknown software
- Cracked applications
- Pirated games
- Software from unofficial websites
- Email attachments
- Recently downloaded files that have not been verified
Instead, verify whether the detection is a false positive before adding an exclusion.
Common Problems and Solutions
Defender Still Blocks the App
Ensure you excluded the correct executable or installation folder. Some applications use multiple executable files.
Access Is Denied
Run Windows Security or PowerShell with administrator privileges.
Exclusion Disappears
Some organizations manage Defender settings using Group Policy or Microsoft Intune, which can remove local exclusions.
Performance Doesn’t Improve
The bottleneck may not be caused by Defender. Check disk usage, CPU utilization, or other background applications.
Best Practices
To maintain security while using exclusions:
- Add the smallest possible exclusion.
- Prefer excluding a single executable instead of an entire folder.
- Keep Microsoft Defender enabled.
- Update Windows regularly.
- Remove exclusions that are no longer needed.
- Periodically review your exclusion list.
These practices help balance system performance and security.
Conclusion
Microsoft Defender provides strong built-in protection for Windows 11, but trusted applications can occasionally trigger false positives or experience reduced performance because of real-time scanning. Instead of disabling antivirus protection completely, adding a targeted exclusion allows you to use specific apps without compromising the security of the rest of your system.
Windows 11 makes it easy to create exclusions through Windows Security, while advanced users and IT administrators can manage them with PowerShell, Windows Terminal, or Group Policy. Whichever method you choose, always verify that the application comes from a trusted source and limit exclusions to only those that are genuinely necessary.
By carefully managing Microsoft Defender exclusions, you can keep your PC secure while ensuring your important applications run smoothly.
Frequently Asked Questions
1. Does adding an exclusion disable Microsoft Defender?
No. It only prevents Defender from scanning the selected file, folder, process, or file type. Protection remains active for everything else.
2. Can I exclude only one application instead of an entire folder?
Yes. Choosing the File or Process exclusion option lets you exclude a single application.
3. Will exclusions affect Windows updates?
No. Windows updates continue to work normally even if you have configured Microsoft Defender exclusions.
4. Can I remove an exclusion later?
Yes. You can delete an exclusion at any time through Windows Security or by using the appropriate PowerShell command.


