Skip to main content

Windows Defender Auto Exclusion Rules

Updated today

Swif now runs an automatic WINDOWS_DEFENDER_EXCLUSION_CHECK on every Windows device:

How it works

Why it matters

1. The agent queries Defender for existing process and path exclusions.

2. If any required Swif entries are missing, the agent silently adds them:

C:\Program Files\Swifteam\*

C:\ProgramData\Swifteam\*

3. A confirmation is sent back to Swif and logged under Device Detail → Command → WINDOWS_DEFENDER_EXCLUSION_CHECK.

• Prevents Defender from flagging Swif as “Potentially Unwanted Application.”

• No more manual PowerShell steps on fresh installs or upgrades.

• The check reruns daily (and on every agent upgrade) to heal accidental or policy-driven changes.


Verifying Defender exclusions

# List all Swif exclusions that the auto-check should create 
Get-MpPreference | Select -Expand ExclusionProcess, ExclusionPath | Where-Object { $_ -match 'swif' }

FAQ

Question

Answer

Will Defender real-time protection stay on?

Yes. Swif adds narrow exclusions only for its own binaries. All other scans remain active.

What if an admin deletes the exclusions?

They will be recreated the next time WINDOWS_DEFENDER_EXCLUSION_CHECK runs (max 24 h).

Do I need a separate GPO?

Only in locked-down environments where Defender exclusions are managed centrally. Otherwise, Swif handles it automatically.


With automatic Defender exclusion healing in place, deploying the Swif agent on fully-protected Windows endpoints is now completely hands-off—no warnings, no quarantine, no post-install scripts.

Did this answer your question?