FEP 2010 Policy – Default Settings
Applies To: Forefront Endpoint Protection
The following tables show the policy settings for the Default Server Policy, Default Desktop Policy, and the default settings when running the New Policy Wizard for Forefront Endpoint Protection installed on Configuration Manager. The tables match the tabs of the properties of a Forefront Endpoint Protection policy.
Antimalware Settings
Section / setting | Setting | Default Desktop Policy | Default Server Policy | Standard Desktop Policy | Performance-optimized policy | High-security policy | |
---|---|---|---|---|---|---|---|
Schedule scan
|
Schedule type and time of scan |
Enabled |
Not enabled |
Enabled |
Enabled |
Enabled |
|
Scan type |
Weekly quick scan |
Not applicable |
Weekly quick scan |
Weekly quick scan |
Daily quick scan and weekly full scan |
||
Daily scan time |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
2:00 AM |
||
Weekly scan day |
Sunday |
Not applicable |
Saturday |
Saturday |
Saturday |
||
Weekly Scan time |
3:00 AM |
Not applicable |
3:00 AM |
3:00 AM |
3:00 AM |
||
Check for definition updates before starting scan |
Enabled |
Not applicable |
Enabled |
Enabled |
Enabled |
||
Scan only when the computer is not in use |
Enabled |
Not applicable |
Enabled |
Enabled |
Not enabled |
||
Randomize scheduled scan start times (within 30 minutes from scheduled time) |
Enabled |
Not applicable |
Enabled |
Enabled |
Enabled |
||
|
Force a scan upon restart when two or more schedule scans are missed |
Not enabled |
Not applicable |
Not enabled |
|
Enabled |
|
|
Limit processor usage during scans to the following percentage |
Enabled |
Enabled |
Enabled |
Enabled |
Not enabled |
|
Percentage |
50% |
30% |
50% |
30% |
Not applicable |
||
Allow users on endpoint computers to configure processor usage limits for scans |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
User's control on the scan schedule |
No control |
No control |
No control |
No control |
No control |
||
|
|
|
|
|
|
||
Default actions
|
Server |
Recommended action |
Recommended action |
Recommended action |
Recommended action |
Recommended action |
|
High |
Recommended action |
Recommended action |
Recommended action |
Recommended action |
Recommended action |
||
Medium |
Quarantine |
Quarantine |
Quarantine |
Quarantine |
Quarantine |
||
Low |
Allow |
Allow |
Allow |
Allow |
Allow |
||
|
|
|
|
|
|
||
Real-time protection
|
Enable real-time protection |
Enabled |
Enabled |
Enabled |
Enabled |
Enabled |
|
Scan system files |
Scan incoming and outgoing files |
Scan incoming and outgoing files |
Scan incoming and outgoing files |
Scan incoming and outgoing files |
Scan incoming and outgoing files |
||
Scan all downloaded files and attachments |
Enabled |
Not enabled |
Enabled |
Enabled |
Enabled |
||
Use behavior monitoring |
Enabled |
Enabled
|
Enabled |
Enabled |
Enabled |
||
Enable protection against network-based exploits |
Enabled |
Not enabled
|
Enabled |
Not enabled |
Enabled |
||
Allow users on endpoint computer to configure real-time protection settings |
Not enabled |
Enabled |
Not enabled |
Not enabled |
Not enabled |
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
Excluded files and locations |
Files and locations |
%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol |
%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol |
%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol |
%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol |
%windir%\SoftwareDistribution\Datastore\Datastore.edb%windir%\SoftwareDistribution\Datastore\logs\Res*.log%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb%windir%\Security\Database\*.edb%windir%\Security\Database\*.sdb%windir%\Security\Database\*.log%windir%\Security\Database\*.chk%windir%\Security\Database\*.jrs%allusersprofile%\NTuser.pol%SystemRoot%\System32\GroupPolicy\registry.pol |
|
|
|
|
|
|
|
|
|
Excluded file types |
File types |
(empty) |
(empty) |
(empty) |
(empty) |
(empty) |
|
|
|
|
|
|
|
|
|
Excluded processes |
Processes |
(empty) |
(empty) |
(empty) |
(empty) |
(empty) |
|
|
|
|
|
|
|
|
|
Advanced
|
Scan archived files |
Enabled |
Enabled |
Enabled |
Enabled |
Enabled |
|
Scan network drives when running a full scan |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
Scan removable storage devices, such as USB flash drives |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
Create a system restore point before cleaning computers |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
Show notification messages to users on endpoint computers when they need to perform the following actions: Run a full scan, download the latest virus and spyware definitions, download Microsoft Standalone System Sweeper |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
Delete quarantine files after (number of days) |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
Allow user on endpoint computers to configure quarantined delete period |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
||
Allow user on endpoint computers to exclude file and locations, file types, and processes |
Not enabled |
Enabled |
Not enabled |
Not enabled |
Not enabled |
||
|
|
|
|
|
|
||
Overrides |
Select the override action you want to apply when Forefront Endpoint Protection detects a threat with the following name |
(empty) |
(empty) |
(empty) |
(empty) |
(empty) |
|
|
|
|
|
|
|
|
|
Microsoft SpyNet |
Join Microsoft SpyNet |
Based on the setting selected during FEP server setup |
Based on the setting selected during FEP server setup |
Based on the setting selected during FEP server setup |
Based on the setting selected during FEP server setup |
Based on the setting selected during FEP server setup |
|
|
Allow users on endpoint computers to change SpyNet settings |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Updates Settings
Section / setting | Setting | Default Desktop Policy | Default Server Policy | Standard Desktop Policy | Performance-optimized policy | High-security policy |
---|---|---|---|---|---|---|
Check for definition updates using the following interval
|
Every (hours)
|
Enabled |
Enabled |
Enabled |
Enabled |
Enabled |
8 |
8 |
8 |
8 |
8 |
||
Daily at
|
Not enabled |
Not enabled |
Not enabled |
Not enabled |
Not enabled |
|
Not applicable |
Not applicable |
Not applicable |
Not applicable |
Not applicable |
||
Force a definition update when definition updates have failed for (days) |
1 |
Not enabled |
1 |
Not enabled |
1 |
|
Clients will pull updates from the selected sources in the order specified below (from top to bottom) |
Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update |
Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update |
Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update |
Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update |
Updates distributed from Configuration Manager or WSUS Updates from Microsoft Update |
Windows Firewall Settings
Section / setting | Setting | Default Desktop Policy | Default Server Policy | Standard Desktop Policy | Performance-optimized policy | High-security policy |
---|---|---|---|---|---|---|
Enable Host Firewall protection |
Enabled |
Not enabled |
Enabled |
Not enabled |
Enabled |
|
|
|
|
|
|
|
|
Domain Networks
|
Firewall State |
On (recommended) |
Not applicable |
On (recommended) |
Not applicable |
On (recommended) |
Incoming connections |
Block (default) |
Not applicable |
Block (default) |
Not applicable |
Block (default) |
|
Display notification |
Yes |
Not applicable |
Yes |
Not applicable |
Yes |
|
|
|
|
|
|
|
|
Private Networks
|
Firewall State |
On (recommended) |
Not applicable |
On (recommended) |
Not applicable |
On (recommended) |
Incoming connections |
Block (default) |
Not applicable |
Block (default) |
Not applicable |
Block (default) |
|
Display notification |
Yes |
Not applicable |
Yes |
Not applicable |
Yes |
|
|
|
|
|
|
|
|
Public Networks
|
Firewall State |
On (recommended) |
Not applicable |
On (recommended) |
Not applicable |
On (recommended) |
Incoming connections |
Block (default) |
Not applicable |
Block (default) |
Not applicable |
Block (default) |
|
Display notification |
Yes |
Not applicable |
Yes |
Not applicable |
Yes |