Build or compile times have doubled since the new endpoint suite went live, especially on node_modules and .git folders.

Real-time scanning on a dev workstation can touch every file write twice. For build folders an exclusion is defensible, as long as the scope stays narrow and documented.

Try this first

1. 1Confirm the impact: open PowerShell as admin, run 'Get-MpPreference | Select-Object DisableRealtimeMonitoring' and run a test build with Defender real-time briefly off. If the diff is over 30 percent, an exclusion is worth it.
2. 2Define a narrow scope: not the whole drive, only specific paths like C:\dev, %USERPROFILE%\source, or the active workspace root.
3. 3In Defender for Endpoint or Intune, add path exclusions via Endpoint security, Antivirus, exclusions profile. Locally via 'Add-MpPreference -ExclusionPath' (test only, real management is central).
4. 4Add process exclusions when tooling needs it: 'node.exe', 'tsc.exe', 'go.exe'. Process exclusions are narrower than paths and preferred.
5. 5Document what you excluded and why. A Word doc on the share with date, machine, developer, reason is enough. Otherwise nobody understands the exclusions a year later.
6. 6Compensate with scheduled scans outside hours and EDR detection, not real-time alone. Keeps the risk posture intact.

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.