Disable: 'Extension Exclusions' This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: Scanning can impact network and device performance.

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Exclusions\Extension Exclusions (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Extensions