When building C++ executables locally, Windows Defender or SmartScreen may block them with:
'...\test_policy_validator.exe' was blocked by your organization's Device Guard policy.
This is normal for unsigned executables. Each developer needs to add a Defender exclusion:
- Open Windows Security (search in Start menu)
- Go to Virus & threat protection
- Click Manage settings under "Virus & threat protection settings"
- Scroll down and click Add or remove exclusions
- Click Add an exclusion → Folder
- Browse to your project's
buildfolder:D:\CodeGeass\AIGuardian\build - Click Select Folder
Run PowerShell as Administrator:
Add-MpPreference -ExclusionPath "D:\path\to\your\AIGuardian\build"Replace the path with your actual project location.
If your team prefers code signing, each developer can run:
.\scripts\sign-executables.ps1This creates a local self-signed certificate and signs all executables. The certificate is NOT shared between developers.
After adding the exclusion, rebuild and test:
cmake --build build
cd build && ctest --output-on-failureAll tests should now run without being blocked.
- DO: Add the
build/folder to Defender exclusions in your local environment - DON'T: Commit certificates or try to share signing credentials
- DOCUMENT: If you encounter new blocking behavior, update this guide
Still blocked after adding exclusion?
- Ensure you added the folder, not individual files
- Check that the path matches your actual build directory
- Try temporarily disabling Real-time protection to verify it's a Defender issue
- Restart your terminal/IDE after adding exclusions
Get "Access Denied" when adding exclusions?
- You need local administrator privileges
- Contact your IT department if on a managed device