Quick fix: Run Add-MpPreference -ExclusionProcess “C:\path\to\app.exe” in elevated PowerShell to exclude a specific executable from Defender Real-Time scanning. Confirm with Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess.

You have a build tool, a backup agent, or a developer-environment utility that triggers Defender scans on every file it writes — and that scan overhead is killing performance. Folder-level exclusions are too broad (you don’t want to skip everything that tool ever touches). Process-level exclusions tell Defender to skip files opened by this specific binary, which is exactly the right granularity.

Symptom: A specific process generates heavy Defender scanning load; folder exclusions are too broad.
Affects: Windows 11 with Microsoft Defender Antivirus enabled.
Fix time: 5 minutes.

Process exclusion vs path exclusion

Defender supports four exclusion types: Path (a folder or file, scan-time exclusion), Extension (file extension globally exempt), Process (files read or written by this process are exempt), and IpAddress (network protection exemption). Process exclusions are the right tool when you trust the binary but not necessarily everything it touches — Defender still scans the files when accessed by other processes, but the trusted process gets full speed.

This is the recommended path for build tools (msbuild, gcc), VMs (vmware-vmx.exe, qemu-system), backup agents (acrobackup.exe), and developer environments (node.exe, python.exe). The folder these processes touch may include hundreds of subfolders you don’t want to globally exempt.

Method 1: Add a process exclusion via PowerShell

Open PowerShell as Administrator.
Add the exclusion:

Add-MpPreference -ExclusionProcess “C:\Program Files\Microsoft VS Code\Code.exe”
For multiple processes at once:

Add-MpPreference -ExclusionProcess “C:\dev\node\node.exe”, “C:\Python311\python.exe”
Confirm with:

Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess

The exclusions take effect immediately — no restart needed. Defender begins skipping files that the named processes open.

Method 2: Use the GUI as a fallback

For users who prefer not to use PowerShell:

Open Windows Security → Virus & threat protection → Manage settings.
Scroll to Exclusions and click Add or remove exclusions.
Click Add an exclusion → Process.
Browse to the .exe file or type its name.
Click Open.

The GUI accepts just an EXE name (e.g., node.exe) or a full path. The name form is broader — it applies to any executable matching that name regardless of location.

Method 3: Bulk-import process exclusions from a CSV

For deploying the same exclusions across multiple machines:

Create a CSV file C:\Scripts\defender-process-exclusions.csv:

Path

C:\Program Files\Microsoft VS Code\Code.exe

C:\dev\node\node.exe

C:\Python311\python.exe
Create a PowerShell script:

$exclusions = Import-Csv C:\Scripts\defender-process-exclusions.csv

foreach ($e in $exclusions) { Add-MpPreference -ExclusionProcess $e.Path }
Run the script as Administrator on each target machine.
Or deploy via Group Policy: Computer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus → Exclusions → Process Exclusions. Add the list of process names.

The GPO path is ideal for fleet deployment. The PowerShell+CSV path works for ad-hoc scripts.

How to verify the fix worked

Run Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess — the new exclusions appear.
Open Task Manager and watch the Antimalware Service Executable (MsMpEng.exe) CPU during a heavy task by the excluded process. CPU stays low.
Run the excluded process’s typical workload (build, sync, etc.) — duration drops noticeably compared to pre-exclusion.
Open Event Viewer → Applications and Services → Microsoft → Windows → Windows Defender → Operational. No scan events for files touched by the excluded process.

If none of these work

If exclusions don’t reduce Defender CPU, check whether the process you excluded is actually the source of the load. Run Resource Monitor and confirm MsMpEng.exe is scanning paths opened by your target process. If MsMpEng is busy with files opened by a different process (Windows Search Indexer, for example), exclude that process instead. For managed devices, Group Policy or Intune exclusions can override your local additions — check Get-MpPreference | Select-Object ExclusionProcess for the active set, not just what you added.

Bottom line: Process exclusions are the right tool for trusted binaries that touch many files. Add-MpPreference -ExclusionProcess is one line. Combine with the GPO path for fleet deployment and you cover both ad-hoc and managed cases.