drop security evtx csv or registry export · detect defender exclusion additions · identify paths processes and extensions excluded from scanning · surface exclusions covering attacker tools · runs locally
registry exclusions · 5007 config changes · 4104 Add-MpPreference · 4688 execution correlation · coverage score
drop security evtx csv, defender evtx csv, or registry export