Steps to collect logs to create a Kernel Exclusion for Windows Defender.

• App Control Agent: All Supported Versions
• App Control Console: All Supported Versions

Due to a variety of environmental differences, a specific set of logs will be required to validate the paths/operations necessary:

1. Verify Windows Defender has all Agent Exclusions entered.
2. Collect Agent Historical logs so we can identify all processes that need exclusion
3. Open a case with Support and provide the logs

• There must be exclusions in Windows Defender before the Kernel Exclusions are added to prevent Agent instability/corruption.
• There are multiple versions of Windows Defender and Kernel Exclusions should only be added for paths that currently exist/are in use in the environment.