Tag: Computer Configuration

This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. If you enable or do not configure this setting protocol recognition will be enabled. If you disable this setting protocol recognition will be disabled.

This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition then that definition is “retired”. If all definitions for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates network protection will have no impact on network performance. If you enable or do not configure this setting definition retirement will be enabled. If you disable this setting definition retirement will be disabled.

This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example it could be used in guest virtual machines sharing a host to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time. If you enable or do not configure this setting scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time. If you disable this setting scheduled tasks will begin at the specified start time.

This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled. If you enable this setting the antimalware service will always remain running even if both antivirus and antispyware definitions are disabled. If you disable or do not configure this setting the antimalware service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted the service will be started if it is set to Automatic startup. After the service has started there will be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled the service will remain running. If both are disabled the service will be stopped.

This policy setting allows you specify a list of file types that should be excluded from scheduled custom and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of the file type extension (such as “obj” or “lib”). The value is not used and it is recommended that this be set to 0.

This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a path or a fully qualified resource name. As an example a path might be defined as: “c: -> Windows” to exclude all files in this directory. A fully qualified resource name might be defined as: “C: -> Windows -> App. exe”. The value is not used and it is recommended that this be set to 0.

This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup but may impact performance. If you enable or do not configure this setting the antimalware service will load as a normal priority task. If you disable this setting the antimalware service will load as a low priority task.