Fix Defender Exclusion List Not Persisting After Reboot on Windows 11

You have added file, folder, or process exclusions to Microsoft Defender Antivirus on Windows 11, but after you restart the computer, the list is empty. This problem occurs when a Group Policy setting, a corrupted policy cache, or a third-party security tool overwrites the exclusion configuration during boot. This article explains the root causes and provides three tested methods to make exclusions survive a reboot.

Each method addresses a specific failure pattern. The first method checks and repairs Group Policy restrictions. The second method clears a corrupted policy cache file. The third method removes conflicting third-party security software. Follow the steps in order until the exclusion list persists.

Why Defender Exclusions Vanish After a Restart

Microsoft Defender Antivirus stores its exclusion list in two locations. The primary location is the registry key HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions. The secondary location is a binary cache file at C:\ProgramData\Microsoft\Windows Defender\PolicyCache\PolicyCache.bin. During system startup, Defender reads the policy cache first. If the cache is corrupted, or if a Group Policy object enforces a different exclusion set, Defender overwrites your manual exclusions with the policy-defined list.

Group Policy Overwrites User Exclusions

On Windows 11 Pro, Enterprise, or Education editions, a local or domain Group Policy can restrict or replace the exclusion list. The relevant policy is under Administrative Templates > Windows Components > Microsoft Defender Antivirus > Exclusions. If the policy “Configure Exclusions” is enabled with a specific list, Defender ignores any exclusions you add through the Windows Security app or PowerShell.

Corrupted Policy Cache

The PolicyCache.bin file can become corrupted after a Windows Update, a Defender definition update, or an improper shutdown. When Defender reads a corrupted cache, it cannot merge the cached exclusions with the registry-based exclusions. As a fallback, Defender resets the entire exclusion list to its default empty state.

Third-Party Security Software Interference

Some third-party antivirus programs disable Defender’s real-time protection and take over the exclusion management. These programs may delete or block changes to the Defender registry keys during startup, causing your exclusions to disappear.

Method 1: Check and Fix Group Policy Exclusion Settings

This method applies to Windows 11 Pro, Enterprise, and Education. If you use Windows 11 Home, skip to Method 2.

1. Open the Local Group Policy Editor
   Press Win + R, type gpedit.msc, and press Enter. If the command is not found, your edition does not support Group Policy.
2. Navigate to the Defender Exclusions policy folder
   Go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Exclusions.
3. Review each exclusion policy
   Double-click Configure Exclusions. If the policy is set to Enabled, Defender uses only the exclusions defined in the policy. Click Show to see the current list. If the list is empty or missing your entries, set the policy to Not Configured or Disabled. Click OK.
4. Check the other two exclusion policies
   Repeat the check for Configure Path Exclusions, Configure File Extension Exclusions, and Configure Process Exclusions. Set any enabled policy to Not Configured if it does not include your custom exclusions.
5. Apply and restart
   Close the Group Policy Editor. Open a Command Prompt as administrator and run gpupdate /force. Restart the computer and verify that your exclusions persist.

Method 2: Delete the Policy Cache File

If Group Policy is not the cause, a corrupted PolicyCache.bin is the likely culprit. Deleting this file forces Defender to rebuild the cache from the registry on the next boot.

1. Stop the Defender service
   Open an elevated PowerShell window by right-clicking Start and selecting Windows Terminal (Admin). Run the command Stop-Service WinDefend. This stops the Defender service temporarily.
2. Navigate to the PolicyCache folder
   In File Explorer, go to C:\ProgramData\Microsoft\Windows Defender\PolicyCache. The ProgramData folder is hidden by default. Type the path directly into the address bar or enable View > Show > Hidden items.
3. Delete the PolicyCache.bin file
   Right-click PolicyCache.bin and select Delete. If the file does not exist, skip this method.
4. Restart the Defender service
   Back in the elevated PowerShell window, run Start-Service WinDefend.
5. Add your exclusions again and reboot
   Open Windows Security > Virus & threat protection > Manage settings > Exclusions. Add your paths, file types, or processes. Restart the computer. Check that the exclusions are still present.

Method 3: Remove Conflicting Third-Party Security Software

Third-party antivirus programs often disable Defender components and block registry changes. Use the official removal tool from the vendor to ensure a complete uninstall.

1. Identify the installed security software
   Go to Settings > Apps > Installed apps. Look for entries such as McAfee, Norton, Bitdefender, Malwarebytes, or Avast.
2. Download the vendor’s removal tool
   Visit the support website of the installed software and download its dedicated removal utility. For example, McAfee offers the McAfee Consumer Product Removal tool (MCPR). Norton provides the Norton Remove and Reinstall tool.
3. Run the removal tool in Safe Mode
   Boot into Safe Mode by holding Shift while clicking Restart from the Start menu. Once in Safe Mode, run the removal tool and follow the on-screen prompts to remove all components.
4. Restart normally and re-enable Defender
   Restart the computer. Open Windows Security. If you see a banner saying your device is being protected by another provider, click Turn on to enable Defender. Add your exclusions.
5. Reboot and verify
   Restart the computer again. Open the exclusion list in Windows Security. Confirm that your entries are still present.

If Exclusions Still Disappear After the Main Fixes

Exclusions reset after a Windows Update

A cumulative update can sometimes reset Defender policies. After installing a Windows Update, check the Group Policy settings from Method 1 again. If the policy was re-enabled, set it to Not Configured again.

Exclusions lost after a third-party tool runs a system cleanup

Tools like CCleaner or BleachBit can delete the PolicyCache.bin file or clean registry keys. If you use such a tool, add the PolicyCache folder to its exclusion list. Alternatively, stop using registry cleaners on the Windows Defender keys.

Exclusions not applied when using PowerShell or command line

If you add exclusions via PowerShell cmdlets like Add-MpPreference -ExclusionPath, the command must be run in an elevated session. Exclusions added from a non-elevated prompt are written to the registry but are not honored by Defender. Run all exclusion commands from an elevated PowerShell window.

Manual Exclusion via Registry vs Windows Security App

Item	Registry Key (Manual)	Windows Security App
Access method	Regedit, navigate to HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions	Start > Windows Security > Virus & threat protection > Manage settings > Exclusions
Ease of use	Requires manual creation of Paths, Extensions, or Processes subkeys	Point-and-click interface with browse button for paths
Persistence when policy is active	Overwritten by Group Policy on boot	Overwritten by Group Policy on boot
Error-prone	Typing wrong path or missing backslash causes exclusion to be ignored	Less error-prone because the app validates the path

After applying the correct fix, your Defender exclusion list should survive every reboot. Start with Method 1 if you have Windows 11 Pro or higher. If the issue continues, delete the PolicyCache.bin file. Remove any third-party security software as a last resort. Use the Windows Security app for adding exclusions rather than the registry to avoid syntax mistakes.