Group Policies

This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a definition set GUID. As an example the definition set GUID to enable test definitions is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0.

This policy setting defines threats which will be excluded from detection during network traffic inspection. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a Threat ID. As an example a Threat ID might be defined as: 2925110632. The value is not used and it is recommended that this be set to 0.

This policy setting defines processes from which outbound network traffic will not be inspected. Process names should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a process path and name. As an example a process might be defined as: “C: -> Windows -> System32 -> App. exe” . The value is not used and it is recommended that this be set to 0.

This policy setting defines a list of TCP port numbers from which network traffic inspection will be disabled. Port numbers should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a TCP port number. As an example a range might be defined as: 8080. The value is not used and it is recommended that this be set to 0.

This policy if defined will prevent network protection against exploits of known vulnerabilities from inspecting the specified IP addresses. IP addresses should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of an IP address range. As an example a range might be defined as: 157. 1. 45. 123-60. 1. 1. 1. The value is not used and it is recommended that this be set to 0.

This policy setting limits the rate at which detection events for network protection against exploits of known vulnerabilities will be logged. Logging will be limited to not more often than one event per the defined interval. The interval value is defined in minutes. The default interval is 60 minutes. If you enable this setting detection events will not be logged if there is more than one similar report (by definition GUID) in the specified number of minutes. If you disable or do not configure this setting detection events will be logged at the default rate.

This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition then that definition is “retired”. If all definitions for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates network protection will have no impact on network performance. If you enable or do not configure this setting definition retirement will be enabled. If you disable this setting definition retirement will be disabled.

This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. If you enable or do not configure this setting protocol recognition will be enabled. If you disable this setting protocol recognition will be disabled.

This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself will not be excluded. To exclude the process use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example a process might be defined as: “c: -> windows -> app. exe”. The value is not used and it is recommended that this be set to 0.

This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a path or a fully qualified resource name. As an example a path might be defined as: “c: -> Windows” to exclude all files in this directory. A fully qualified resource name might be defined as: “C: -> Windows -> App. exe”. The value is not used and it is recommended that this be set to 0.