Category: At least Windows Server 2012, Windows 8 or Windows RT

This policy setting defines threats which will be excluded from detection during network traffic inspection. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a Threat ID. As an example a Threat ID might be defined as: 2925110632. The value is not used and it is recommended that this be set to 0.

This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of a definition set GUID. As an example the definition set GUID to enable test definitions is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0.

This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy. If you enable this setting the local preference setting will take priority over Group Policy. If you disable or do not configure this setting Group Policy will take priority over the local preference setting.

This policy setting defines the number of days items should be kept in the Quarantine folder before being removed. If you enable this setting items will be removed from the Quarantine folder after the number of days specified. If you disable or do not configure this setting items will be kept in the quarantine folder indefinitely and will not be automatically removed.

This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting behavior monitoring will be enabled. If you disable this setting behavior monitoring will be disabled.

This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. If you enable or do not configure this setting protocol recognition will be enabled. If you disable this setting protocol recognition will be disabled.

This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition then that definition is “retired”. If all definitions for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates network protection will have no impact on network performance. If you enable or do not configure this setting definition retirement will be enabled. If you disable this setting definition retirement will be disabled.

This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example it could be used in guest virtual machines sharing a host to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time. If you enable or do not configure this setting scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time. If you disable this setting scheduled tasks will begin at the specified start time.

This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled. If you enable this setting the antimalware service will always remain running even if both antivirus and antispyware definitions are disabled. If you disable or do not configure this setting the antimalware service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted the service will be started if it is set to Automatic startup. After the service has started there will be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled the service will remain running. If both are disabled the service will be stopped.

This policy setting allows you specify a list of file types that should be excluded from scheduled custom and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair where the name should be a string representation of the file type extension (such as “obj” or “lib”). The value is not used and it is recommended that this be set to 0.