FEP 2010 Policy – Default Settings

  • Article

Applies To: Forefront Endpoint Protection

The following tables show the policy settings for the Default Server Policy, Default Desktop Policy, and the default settings when running the New Policy Wizard for Forefront Endpoint Protection installed on Configuration Manager. The tables match the tabs of the properties of a Forefront Endpoint Protection policy.

Antimalware Settings

Section / setting Setting Default Desktop Policy Default Server Policy Standard Desktop Policy Performance-optimized policy High-security policy

Schedule scan

Schedule type and time of scan

Enabled

Not enabled

Enabled

Enabled

Enabled

Scan type

Weekly quick scan

Not applicable

Weekly quick scan

Weekly quick scan

Daily quick scan and weekly full scan

Daily scan time

Not applicable

Not applicable

Not applicable

Not applicable

2:00 AM

Weekly scan day

Sunday

Not applicable

Saturday

Saturday

Saturday

Weekly Scan time

3:00 AM

Not applicable

3:00 AM

3:00 AM

3:00 AM

Check for definition updates before starting scan

Enabled

Not applicable

Enabled

Enabled

Enabled

Scan only when the computer is not in use

Enabled

Not applicable

Enabled

Enabled

Not enabled

Randomize scheduled scan start times (within 30 minutes from scheduled time)

Enabled

Not applicable

Enabled

Enabled

Enabled

Force a scan upon restart when two or more schedule scans are missed

Not enabled

Not applicable

Not enabled

Enabled

Limit processor usage during scans to the following percentage

Enabled

Enabled

Enabled

Enabled

Not enabled

Percentage

50%

30%

50%

30%

Not applicable

Allow users on endpoint computers to configure processor usage limits for scans

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

User's control on the scan schedule

No control

No control

No control

No control

No control

Default actions

Server

Recommended action

Recommended action

Recommended action

Recommended action

Recommended action

High

Recommended action

Recommended action

Recommended action

Recommended action

Recommended action

Medium

Quarantine

Quarantine

Quarantine

Quarantine

Quarantine

Low

Allow

Allow

Allow

Allow

Allow

Real-time protection

Enable real-time protection

Enabled

Enabled

Enabled

Enabled

Enabled

Scan system files

Scan incoming and outgoing files

Scan incoming and outgoing files

Scan incoming and outgoing files

Scan incoming and outgoing files

Scan incoming and outgoing files

Scan all downloaded files and attachments

Enabled

Not enabled

Enabled

Enabled

Enabled

Use behavior monitoring

Enabled

Enabled

noteNote:
On servers with a large number of short network connections, such as file servers, there may be a performance impact when the Behavior Monitoring policy setting is enabled.

Enabled

Enabled

Enabled

Enable protection against network-based exploits

Enabled

Not enabled

noteNote:
It is recommended that you do not enable this setting on servers.

Enabled

Not enabled

Enabled

Allow users on endpoint computer to configure real-time protection settings

Not enabled

Enabled

Not enabled

Not enabled

Not enabled

Excluded files and locations

Files and locations

%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol

%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol

%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol

%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol

%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol

Excluded file types

File types

(empty)

(empty)

(empty)

(empty)

(empty)

Excluded processes

Processes

(empty)

(empty)

(empty)

(empty)

(empty)

Advanced

Scan archived files

Enabled

Enabled

Enabled

Enabled

Enabled

Scan network drives when running a full scan

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Scan removable storage devices, such as USB flash drives

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Create a system restore point before cleaning computers

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Show notification messages to users on endpoint computers when they need to perform the following actions: Run a full scan, download the latest virus and spyware definitions, download Microsoft Standalone System Sweeper

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Delete quarantine files after (number of days)

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Allow user on endpoint computers to configure quarantined delete period

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Allow user on endpoint computers to exclude file and locations, file types, and processes

Not enabled

Enabled

Not enabled

Not enabled

Not enabled

Overrides

Select the override action you want to apply when Forefront Endpoint Protection detects a threat with the following name

(empty)

(empty)

(empty)

(empty)

(empty)

Microsoft SpyNet

Join Microsoft SpyNet

Based on the setting selected during FEP server setup

Based on the setting selected during FEP server setup

Based on the setting selected during FEP server setup

Based on the setting selected during FEP server setup

Based on the setting selected during FEP server setup

Allow users on endpoint computers to change SpyNet settings

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Updates Settings

Section / setting Setting Default Desktop Policy Default Server Policy Standard Desktop Policy Performance-optimized policy High-security policy

Check for definition updates using the following interval

Every (hours)

Enabled

Enabled

Enabled

Enabled

Enabled

8

8

8

8

8

Daily at

Not enabled

Not enabled

Not enabled

Not enabled

Not enabled

Not applicable

Not applicable

Not applicable

Not applicable

Not applicable

Force a definition update when definition updates have failed for (days)

1

Not enabled

1

Not enabled

1

Clients will pull updates from the selected sources in the order specified below (from top to bottom)

Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update

Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update

Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update

Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update

Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update

Windows Firewall Settings

Section / setting Setting Default Desktop Policy Default Server Policy Standard Desktop Policy Performance-optimized policy High-security policy

Enable Host Firewall protection

Enabled

Not enabled

Enabled

Not enabled

Enabled

Domain Networks

Firewall State

On (recommended)

Not applicable

On (recommended)

Not applicable

On (recommended)

Incoming connections

Block (default)

Not applicable

Block (default)

Not applicable

Block (default)

Display notification

Yes

Not applicable

Yes

Not applicable

Yes

Private Networks

Firewall State

On (recommended)

Not applicable

On (recommended)

Not applicable

On (recommended)

Incoming connections

Block (default)

Not applicable

Block (default)

Not applicable

Block (default)

Display notification

Yes

Not applicable

Yes

Not applicable

Yes

Public Networks

Firewall State

On (recommended)

Not applicable

On (recommended)

Not applicable

On (recommended)

Incoming connections

Block (default)

Not applicable

Block (default)

Not applicable

Block (default)

Display notification

Yes

Not applicable

Yes

Not applicable

Yes