Tag: Computer Configuration

This policy setting limits the rate at which detection events for network protection against exploits of known vulnerabilities will be logged. Logging will be limited to not more often than one event per the defined interval. The interval value is defined in minutes. The default interval is 60 minutes. If you enable this setting detection events will not be logged if there is more than one similar report (by definition GUID) in the specified number of minutes. If you disable or do not configure this setting detection events will be logged at the default rate.

This policy if defined will prevent network protection against exploits of known vulnerabilities from inspecting the specified IP addresses. IP addresses should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of an IP address range. As an example a range might be defined as: 157. 1. 45. 123-60. 1. 1. 1. The value is not used and it is recommended that this be set to 0.

This policy setting defines a list of TCP port numbers from which network traffic inspection will be disabled. Port numbers should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a TCP port number. As an example a range might be defined as: 8080. The value is not used and it is recommended that this be set to 0.

This policy setting defines processes from which outbound network traffic will not be inspected. Process names should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a process path and name. As an example a process might be defined as: “C: -> Windows -> System32 -> App. exe” . The value is not used and it is recommended that this be set to 0.

This policy setting defines threats which will be excluded from detection during network traffic inspection. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a Threat ID. As an example a Threat ID might be defined as: 2925110632. The value is not used and it is recommended that this be set to 0.

This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a definition set GUID. As an example the definition set GUID to enable test definitions is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0.

This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy. If you enable this setting the local preference setting will take priority over Group Policy. If you disable or do not configure this setting Group Policy will take priority over the local preference setting.

This policy setting defines the number of days items should be kept in the Quarantine folder before being removed. If you enable this setting items will be removed from the Quarantine folder after the number of days specified. If you disable or do not configure this setting items will be kept in the quarantine folder indefinitely and will not be automatically removed.

This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting behavior monitoring will be enabled. If you disable this setting behavior monitoring will be disabled.

This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself will not be excluded. To exclude the process use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of the path to the process image. Note that only executables can be excluded. For example a process might be defined as: “c: -> windows -> app. exe”. The value is not used and it is recommended that this be set to 0.