Forum Discussion
Defender ATP Suppression Rules Still Action Files?
Hello, We have setup numerous suppression rules for various software within our environment but even though we no longer get an alert from ATP due to the rules, it still looks like it is preventi...
Suppression rules are only to suppress alerts from popping up. They do not create exclusions for MDE to stop scanning certain processes and folders. You still need exclusions for that.
- If I understand correctly there are exclusions which are being pushed via SCCM: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus#use-configuration-manager-to-configure-file-name-folder-or-file-extension-exclusions
Maybe EDR/ASR could be the root of the "problem" (blocking suspicious activity is never a problem of course 😉)?
