Threat actors can leverage a weakness in Microsoft Defender to determine in which folders to plant malware. The knowledge of the list of scanning exceptions allows attackers to know where to store their malicious code to avoid detection.