Windows Defender - Add exclusion folder programmatically

After some digging I found the following folder:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths

I cannot add a key there with my user. I get the following error: Cannot create key: You do not have the requisite permissions to create a new key under Paths

However SYSTEM, WinDefend and TrustedInstaller all have Full Control. The best guess is that they have used something like DevxExec devxexec.exe /user:TrustedInstaller cmd and written the key to the registry.

Run in elevated shell (search cmd in Start menu and hit Ctrl+Shift+Enter).

powershell -Command Add-MpPreference -ExclusionPath "C:\tmp"
powershell -Command Add-MpPreference -ExclusionProcess "java.exe"
powershell -Command Add-MpPreference -ExclusionExtension ".java"

powershell -Command Remove-MpPreference -ExclusionExtension ".java"

• Add an exclusion to Windows Security
• Modifies settings for Windows Defender from PowerShell
• Removes exclusions or default actions

The correct way to do this is using the Add-MpPreference PowerShell cmdlet. Use this cmdlet to add exclusions for file name extensions, paths, and processes, and to add default actions for high, moderate, and low threats.

You can easily perform this from the elevated cmd shell in Windows 10 using the following command line:

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Windows\SysWOW64\Mpk"