THE-TOOL/CMD/SCCM/SCCM_Client/source/ep_defaultpolicy.xml

<?xml version="1.0" encoding="utf-8"?>
<SecurityPolicy Name="Endpoint Protection Default Policy" Version="0" Description="This policy defines the default settings for Endpoint Protection clients running on desktop computers, and is enforced by the daily deployment for applying policies. This policy has the lowest precedence; hence, if another policy also applies to a computer, this policy is not applied to that computer." ProductVersion="3.0.0.0" IsBuiltIn="false" LastModifiedBy="" CreatedBy="" LastModificationTime="2011-04-07T16:59:56.8562554Z" CreationTime="2011-04-07T16:59:56.8609022Z" xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData">
  <PolicySection Name="FEP.AmPolicy" Disabled="false">
    <LocalGroupPolicySettings>
      <IgnoreKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware" />
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection">
        <AddValue Name="DisableRealtimeMonitoring" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableOnAccessProtection" Type="REG_DWORD">1</AddValue>
        <AddValue Name="RealTimeScanDirection" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideDisableRealTimeMonitoring" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideDisableIntrusionPreventionSystem" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideDisableOnAccessProtection" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideDisableIOAVProtection" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideDisableBehaviorMonitoring" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideRealTimeScanDirection" Type="REG_DWORD">0</AddValue>
        <AddValue Name="DisableIntrusionPreventionSystem" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableIOAVProtection" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableBehaviorMonitoring" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableScriptScanning" Type="REG_DWORD">1</AddValue>
        <AddValue Name="LocalSettingOverrideDisableScriptScanning" Type="REG_DWORD">0</AddValue>
      </AddKey>
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction">
        <AddValue Name="1" Type="REG_SZ">2</AddValue>
        <AddValue Name="2" Type="REG_SZ">2</AddValue>
        <AddValue Name="4" Type="REG_SZ">2</AddValue>
        <AddValue Name="5" Type="REG_SZ">2</AddValue>
      </AddKey>
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware">
        <AddValue Name="DisableRoutinelyTakingAction" Type="REG_DWORD">1</AddValue>
        <AddValue Name="RandomizeScheduleTaskTimes" Type="REG_DWORD">0</AddValue>
        <AddValue Name="DisableLocalAdminMerge" Type="REG_DWORD">0</AddValue>
      </AddKey>
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration">
        <AddValue Name="CustomDefaultActionToastString" Type="REG_SZ" Disabled="true"></AddValue>
        <AddValue Name="Notification_Suppress" Type="REG_DWORD">1</AddValue>
        <AddValue Name="UILockdown" Type="REG_DWORD">0</AddValue>
      </AddKey>
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Scan">
        <AddValue Name="ScheduleQuickScanTime" Type="REG_DWORD" PreviousValue="60">0</AddValue>
        <AddValue Name="ScanParameters" Type="REG_DWORD">1</AddValue>
        <AddValue Name="ScheduleTime" Type="REG_DWORD">0</AddValue>
        <AddValue Name="ScheduleDay" Type="REG_DWORD">8</AddValue>
        <AddValue Name="LocalSettingOverrideScheduleTime" Type="REG_DWORD">1</AddValue>
        <AddValue Name="LocalSettingOverrideScheduleQuickScanTime" Type="REG_DWORD">1</AddValue>
        <AddValue Name="LocalSettingOverrideScheduleDay" Type="REG_DWORD">1</AddValue>
        <AddValue Name="LocalSettingOverrideScanParameters" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableCatchupQuickScan" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableCatchupFullScan" Type="REG_DWORD">1</AddValue>
        <AddValue Name="CheckForSignaturesBeforeRunningScan" Type="REG_DWORD">0</AddValue>
        <AddValue Name="ScanOnlyIfIdle" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideAvgCPULoadFactor" Type="REG_DWORD">1</AddValue>
        <AddValue Name="AvgCPULoadFactor" Type="REG_DWORD">0</AddValue>
        <AddValue Name="DisableScanningNetworkFiles" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableScanningMappedNetworkDrivesForFullScan" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableArchiveScanning" Type="REG_DWORD">0</AddValue>
        <AddValue Name="DisableRemovableDriveScanning" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DisableHeuristics" Type="REG_DWORD">0</AddValue>
        <AddValue Name="DisableRestorePoint" Type="REG_DWORD">1</AddValue>
      </AddKey>
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Signature Updates">
        <AddValue Name="SignatureUpdateInterval" Type="REG_DWORD">1</AddValue>
        <AddValue Name="ScheduleDay" Type="REG_DWORD" Disabled="true">0</AddValue>
        <AddValue Name="ScheduleTime" Type="REG_DWORD" Disabled="true">0</AddValue>
        <AddValue Name="SignatureUpdateCatchupInterval" Type="REG_DWORD">1</AddValue>
        <AddValue Name="DefinitionUpdateFileSharesSources" Type="REG_SZ" Disabled="true"></AddValue>
        <AddValue Name="FallbackOrder" Type="REG_SZ">InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC</AddValue>
        <AddValue Name="SourceOrderOnly" Type="REG_SZ" Disabled="true">FileShares|InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC</AddValue>
      </AddKey>
      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet">
        <AddValue Name="SpyNetReporting" Type="REG_DWORD">0</AddValue>
        <AddValue Name="LocalSettingOverrideSpyNetReporting" Type="REG_DWORD">0</AddValue>
      </AddKey> 
    </LocalGroupPolicySettings>
  </PolicySection>
  <PolicySection Name="FEP.HostFirewallPolicy" Disabled="true">
    <WmiPropertySettings>
      <Namespace Name="Root\Microsoft\PolicyPlatform\WindowsFirewallConfiguration">
        <Class Name="Firewall_Profile_Domain">
          <Instance Identifier="@">
            <SetProperty Name="EnableFirewall">True</SetProperty>
            <SetProperty Name="BlockAllInboundTraffic">False</SetProperty>
            <SetProperty Name="DefaultInboundActionIsDeny">True</SetProperty>
            <SetProperty Name="DisableInboundNotifications">False</SetProperty>
          </Instance>
        </Class>
        <Class Name="Firewall_Profile_Private">
          <Instance Identifier="@">
            <SetProperty Name="EnableFirewall">True</SetProperty>
            <SetProperty Name="BlockAllInboundTraffic">False</SetProperty>
            <SetProperty Name="DefaultInboundActionIsDeny">True</SetProperty>
            <SetProperty Name="DisableInboundNotifications">False</SetProperty>
          </Instance>
        </Class>
        <Class Name="Firewall_Profile_Public">
          <Instance Identifier="@">
            <SetProperty Name="EnableFirewall">True</SetProperty>
            <SetProperty Name="BlockAllInboundTraffic">False</SetProperty>
            <SetProperty Name="DefaultInboundActionIsDeny">True</SetProperty>
            <SetProperty Name="DisableInboundNotifications">False</SetProperty>
          </Instance>
        </Class>
      </Namespace>
    </WmiPropertySettings>
  </PolicySection>
</SecurityPolicy>