Fix: Cannot Delete Microsoft Defender Exclusions

When you open Windows Security → Virus and Threat Protection  → Manage Settings → Add or remove exclusions, you may be able to delete the exclusions by clicking on the “Remove” button.

Also, the Remove-MpPreference PowerShell command may not help.

Cause

The exclusion may have been added as a policy setting. The policy setting needs to be removed using the Registry Editor or the Group Policy Editor.

Resolution

To remove the exclusions (policy), follow one of these methods:

Option 1: Remove Microsoft Defender Policies

  1. Download defender-policies-remove.reg (zipped).
  2. Unzip and run the enclosed REG file. After running it, you may want to open the Registry Editor to ensure the “Windows Defender” Policies key doesn’t exist.
  3. Once done, restart Windows for the changes to take effect.

If you’re unable to apply the above registry file, launch Windows in Safe Mode and try merging the file again.

This removes all the Defender-related policies from the registry.

(For more information, see the article Microsoft Defender: “Managed by your administrator” or “Your IT administrator has limited access”)


Option 2: Delete the “Exclusions” manually

  1. Start Regedit.exe and go to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  2. Expand the “Windows Defender” key.
  3. Right-click on the “Exclusions” subkey and choose Delete.
  4. Exit the Registry Editor.
To accomplish the above using command-line, run the following command from admin Command Prompt:



reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /f

Press Enter.

Equivalent Group Policy setting

Computer Configuration → Windows Components → Microsoft Defender Antivirus → Exclusions

Set “Extension Exclusions”, “Path Exclusions”, and “Process Exclusions” to Not configured.


Option 3: Delete the “Exclusions” via Windows RE

If the exclusions can’t be removed when Windows is running, you can boot into Windows RE and delete the exclusions.

  1. From the sign-in screen in Windows 10/11, press and hold the SHIFT key on the keyboard.
  2. With the SHIFT key still pressed, click the Power button and then click Restart.
  3. In the Recovery Options menu, click Troubleshoot, and then click Advanced Options.
    windows recovery options
  4. Click Command Prompt.
  5. Find out the drive letter of your Windows installation by typing bcdedit. If Windows was installed on C:\ drive, it might be assigned D:\ in Windows RE. The output of the bcdedit command shows the Windows drive letter, as seen from Windows RE.
    Note: On my EFI-based system, the bcdedit output stated that the OS drive-letter is (E:\)

    bcdedut find windows drive letter osdevice

  6. Once you got the drive letter of your Windows installation (e.g., E:\ ), run the following commands:
    REG LOAD HKLM\S2 E:\windows\system32\config\SOFTWARE
    REG DELETE "HKLM\S2\Microsoft\Windows Defender\Exclusions" /F
    REG UNLOAD HKLM\S2

    delete defender exclusions offline

    Important: For each command, you should see the output “The operation completed successfully.


Option 4: Install Malwarebytes and set it as the default AV provider (temporarily)

  1. Install Malwarebytes from https://www.malwarebytes.com/ and run it.
  2. In the Malwarebytes Settings dialog, click “Security.”
  3. Enable “Always register Malwarebytes in the Windows Security Center” and wait 15 seconds or so. This turns off Defender real-time protection and sets Malwarebytes as the default antivirus provider.

    malwarebytes register security center

  4. Download “AdvancedRun” from Nirsoft.net, and run it.
  5. From the AdvancedRun window, start C:\Windows\Regedit.exe as TrustedInstaller. See this article for more information.
    advancedrun start regedit.exe
  6. From the Registry Editor window, delete the following key.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
  7. Close Regedit.exe
  8. Disable “Always register Malwarebytes in the Windows Security Center.”
  9. Uninstall Malwarebytes (optional).

That’s it! The Defender exclusions policies are now removed. Exit Windows RE and boot into Windows.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

1 thought on “Fix: Cannot Delete Microsoft Defender Exclusions”

  1. Thanks! My issue got resolved just by completing the first step. I had downloaded a software that seemed fine but actually contained a bunch of malware(and miner viruses). It added a bunch of script executing exclusions which I could not remove, I asked ChatGpt, it was unable to solve it, I searched on youtube, somehow no videos on this topic. But this managed to save my Laptop, thanks!

    Reply

Leave a Comment