[
    {
        "role": "user",
        "content": "how%20do%20I%20know%20if%20there%20are%20any%20drives%20that%20won%27t%20be%20scanned%20with%20windows%20defender%20in%20windows%2011"
    },
    {
        "role": "assistant",
        "content": "Here\u2019s how you can check whether any drives are being *excluded* (i.e. not scanned) by Microsoft Defender on Windows 11\u2014and how to figure out why.\n\n---\n\n## What types of drives *might* be excluded by default\n\n- **Removable drives (USB, SD cards, etc.)** often *aren\u2019t* included in a standard full scan by default. ([makeuseof.com](https://www.makeuseof.com/microsoft-defender-scan-removable-drives/?utm_source=openai))  \n- **Dev Drives** (special developer\u2010volumes) are automatically designated *trusted* and run in a \u201cperformance mode,\u201d which reduces the scanning burden in certain cases. This means they may not be scanned in the same way standard drives are. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-antivirus-gets-performance-mode-for-dev-drives/?utm_source=openai))  \n- **Automatic or built-in exclusions**, especially on systems with server roles or certain built-in Windows features. These exclusions typically cover known system folders, virtual hard disk formats (like VHD/VHDX), and files used by server components. ([learn.microsoft.com](https://learn.microsoft.com/en-us/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?utm_source=openai))  \n\nThese default or automatic exclusions might not be visible in the usual Defender user interface. ([learn.microsoft.com](https://learn.microsoft.com/en-us/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?utm_source=openai))  \n\n---\n\n## How to see what\u2019s currently excluded\n\nTo check what drives, folders, file types, or processes Defender is set to exclude, use one or more of these methods:\n\n1. **Windows Security settings**  \n   Go to *Settings \u2192 Privacy & Security \u2192 Windows Security \u2192 Virus & Threat Protection \u2192 Manage Settings \u2192 Exclusions*. There you see the list of file paths, file types, and processes you (or your organization) have manually excluded. ([learn.microsoft.com](https://learn.microsoft.com/en-us/answers/questions/2704024/how-do-i-see-excluded-files-in-defender?utm_source=openai))\n\n2. **PowerShell**  \n   Use `Get-MpPreference` to retrieve Defender\u2019s preference settings. You can see these properties:\n   - `ExclusionPath` \u2014 paths (folders/drives) excluded  \n   - `ExclusionExtension` \u2014 file extensions excluded  \n   - `ExclusionProcess` \u2014 processes excluded  \n   \n   Example:  \n   ```powershell\n   Get-MpPreference | Select-Object -ExpandProperty ExclusionPath\n   Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess\n   ```\n   ([powershellgallery.com](https://www.powershellgallery.com/packages/PDS/0.1.392/Content/Public%5CSystem%5CGet-WinDefExcludedPath.ps1?utm_source=openai))\n\n3. **Check for Dev Drives**  \n   If you have a Dev Drive, use this in an elevated PowerShell prompt (or CMD) to see if the drive is trusted and therefore treated differently:\n   ```\n   fsutil devdrv query <drive-letter>:\n   ```\n   ([img.sauf.ca](https://img.sauf.ca/pictures/2025-10-30/0c6838766ef7bb8ba162763937ac07ed.pdf?utm_source=openai))\n\n4. **Group Policy or MDM (if in a managed environment)**  \n   Overrides can come from policies enforced by IT department (GPO, Microsoft Intune, etc.), which may enforce exclusions you can\u2019t see in the standard GUI. Use `gpedit.msc` (if you have it) or check Intune settings to see if exclusions are set there. ([windowscentral.com](https://www.windowscentral.com/how-include-external-drives-during-full-scan-windows-defender-antivirus?utm_source=openai))\n\n---\n\n## How to know *if a drive* specifically will *not* be scanned\n\nCombine the above checks\u2014here\u2019s a checklist you can go through:\n\n1. Is the drive a **standard fixed internal hard drive/SSD**, removable drive, or a Dev Drive?  \n   - Dev Drives may bypass scans partly depending on their trust state. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-antivirus-gets-performance-mode-for-dev-drives/?utm_source=openai))  \n   - External/removable drives are not included in full scans by default unless configuration is changed. ([makeuseof.com](https://www.makeuseof.com/microsoft-defender-scan-removable-drives/?utm_source=openai))\n\n2. Is the path to that drive (e.g. `D:\\` or `E:\\SomeFolder`) listed under `ExclusionPath` in Defender settings or using PowerShell? If yes, the drive (or that specific folder on it) will be skipped. ([learn.microsoft.com](https://learn.microsoft.com/en-us/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?utm_source=openai))\n\n3. Has the drive been designated a Dev Drive and *trusted*? If yes, it may fall under a performance mode, which changes how (and whether) certain scans happen. ([img.sauf.ca](https://img.sauf.ca/pictures/2025-10-30/0c6838766ef7bb8ba162763937ac07ed.pdf?utm_source=openai))\n\n4. If you are in a business/managed device scenario, check if *automatic exclusions* or role-specific exclusions are applied. Some roles or server features add exclusions by default. The user GUI might not display these built-in exclusions. ([learn.microsoft.com](https://learn.microsoft.com/en-us/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?utm_source=openai))\n\n---\n\nIf you like, I can help you walk through this on *your* machine step by step, so you can see exactly which drives are excluded. Do you want guide for that?"
    }
]