Useful Windows Defender exclusions to speed up development environment

If you work as a developer with tools such as Angular, Java, Node, Git etc. here are some useful exclusions to add to Windows Defender. It will speed your development computer up.
(In windows 10: search for “defender” -> “Virus & threat protection …” -> “Exclusions” -> Add or remove exclusions).

Node.js:
Process:
node.exe

Folders:
%userprofile%\AppData\Roaming\npm
%userprofile%\AppData\Local\npm-cache

Your projects/repos folder:
C:\Source

IDEs:
C:\Program Files\Microsoft Visual Studio\*
%LocalAppData%\Microsoft\VisualStudio\*
C:\Program Files\JetBrains\*

Various tools/processes:
Process: java.exe
Process: git.exe
Process: SourceTree.exe

There might be improvements depending on which type of exclusions that is most efficient. E.g. folder exclusion instead of a single exe file etc.

Warning! This means the processes, folders and files are no longer under protection. Use at own risk. 

Adding exclusions using powershell

Start powershell as administrator.
Save this powershell script as add-defender-exclusions.ps1:

Write-Host "`nAdding Windows Defender Exclusions..." -ForegroundColor DarkCyan

# ============================
# Defender Exclusions Script
# ============================

# --- Common Tools ---
Add-MpPreference -ExclusionProcess "node.exe"
Add-MpPreference -ExclusionProcess "git.exe"

# --- IDEs ---
Add-MpPreference -ExclusionProcess "devenv.exe"
Add-MpPreference -ExclusionProcess "Code.exe"

Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Visual Studio"
Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\Microsoft\VisualStudio"
Add-MpPreference -ExclusionPath "C:\Program Files\JetBrains"

# --- Packages ---
Add-MpPreference -ExclusionPath "$env:USERPROFILE\.nuget\packages"
Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\npm-cache"
Add-MpPreference -ExclusionPath "$env:USERPROFILE\AppData\Roaming\npm"
Add-MpPreference -ExclusionPath "$env:USERPROFILE\AppData\Local\npm-cache"

# ============================
# SQL Server 2025 Related
# ============================

# --- SQL Server Management Studio ---
Add-MpPreference -ExclusionProcess "Ssms.exe"

# SSMS Cache / Temp
Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\Microsoft\SQL Server Management Studio"
Add-MpPreference -ExclusionPath "$env:APPDATA\Microsoft\SQL Server Management Studio"

# --- SQL Server Engine Processes ---
Add-MpPreference -ExclusionProcess "sqlservr.exe"
Add-MpPreference -ExclusionProcess "sqlagent.exe"
Add-MpPreference -ExclusionProcess "sqlwriter.exe"

# --- SQL Server Full-Text Search ---
Add-MpPreference -ExclusionProcess "fdlauncher.exe"
Add-MpPreference -ExclusionProcess "fdhost.exe"

# --- Core SQL Paths ---
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft SQL Server"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft SQL Server"

# --- SQL Data & Logs ---
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft SQL Server\MSSQL*\MSSQL\Data"
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft SQL Server\MSSQL*\MSSQL\Log"
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft SQL Server\MSSQL*\MSSQL\Backup"

Run it:

.\add-defender-exclusions.ps1

To list existing: list-defender-exclusions.ps1:

$mp = Get-MpPreference
Write-Host "`nListing Windows Defender Exclusions" -ForegroundColor DarkCyan

Write-Host "`n=== Excluded Paths ===" -ForegroundColor Cyan
$mp.ExclusionPath |
    Sort-Object |
    ForEach-Object { Write-Host $_ }

Write-Host "`n=== Excluded Processes ===" -ForegroundColor Cyan
$mp.ExclusionProcess |
    Sort-Object |
    ForEach-Object { Write-Host $_ }

Write-Host "`n=== Excluded Extensions ===" -ForegroundColor Cyan
$mp.ExclusionExtension |
    Sort-Object |
    ForEach-Object { Write-Host $_ }

Write-Host "`n=== Excluded IP Addresses ===" -ForegroundColor Cyan
$mp.ExclusionIpAddress |
    Sort-Object |
    ForEach-Object { Write-Host $_ }

Write-Host ''

Run it:

.\list-defender-exclusions.ps1

Above is tweaked towards my development environment, e.g Win 11, .NET 10, Angular and SQL Server 2025, you might need to adjust to your unique development context.

More info regarding exclusions:

You can exclude certain files, folders, processes, and process-opened files from Windows Defender Antivirus scans. Such exclusions apply to scheduled scanson-demand scans, and always-on real-time protection and monitoring. Exclusions for process-opened files only apply to real-time protection.

When you add a process to the process exclusion list, Windows Defender Antivirus won’t scan files opened by that process, no matter where the files are located. The process itself, however, will be scanned unless it has also been added to the file exclusion list.

The process exclusions only apply to always-on real-time protection and monitoring. They don’t apply to scheduled or on-demand scans.

From: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus

Leave a Reply

Your email address will not be published. Required fields are marked *