Swif now runs an automatic WINDOWS_DEFENDER_EXCLUSION_CHECK on every Windows device:
How it works | Why it matters |
1. The agent queries Defender for existing process and path exclusions. 2. If any required Swif entries are missing, the agent silently adds them: • • 3. A confirmation is sent back to Swif and logged under Device Detail → Command → WINDOWS_DEFENDER_EXCLUSION_CHECK. | • Prevents Defender from flagging Swif as “Potentially Unwanted Application.” • No more manual PowerShell steps on fresh installs or upgrades. • The check reruns daily (and on every agent upgrade) to heal accidental or policy-driven changes. |
Verifying Defender exclusions
# List all Swif exclusions that the auto-check should create
Get-MpPreference | Select -Expand ExclusionProcess, ExclusionPath | Where-Object { $_ -match 'swif' }
FAQ
Question | Answer |
Will Defender real-time protection stay on? | Yes. Swif adds narrow exclusions only for its own binaries. All other scans remain active. |
What if an admin deletes the exclusions? | They will be recreated the next time WINDOWS_DEFENDER_EXCLUSION_CHECK runs (max 24 h). |
Do I need a separate GPO? | Only in locked-down environments where Defender exclusions are managed centrally. Otherwise, Swif handles it automatically. |
With automatic Defender exclusion healing in place, deploying the Swif agent on fully-protected Windows endpoints is now completely hands-off—no warnings, no quarantine, no post-install scripts.