The final installment in our series on registry keys for FCS is a big one – there are a lot of registry keys that can be used to control the behavior of the FCS real-time protection agent.
The following tables describe the keys (these are in addition to the ones described here and here, in the FCS Technical Reference).
For the registry keys located in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection, all data types are RED_DWORD, and by default are enabled. To disable the setting, you must create the registry key, and then set the DWORD value to 0x00000000 (0) (which sets the value to false):
How would you use these keys? Well, for example, you may have a need to prevent FCS from scanning the IE add-ins area – perhaps you are a developer working on a new add-in.
You could create an ADM file, using the following format:
CLASS MACHINECATEGORY !!FCSCategory POLICY !!AgentKeys_Name KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection" EXPLAIN !!AgentKeys_Explain VALUENAME ValuetoConfigure VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICYEND CATEGORY
[strings]FCSCategory="Microsoft Forefront Client Security"AgentKeys_Name="Configuring Real-time protection agent"AgentKeys_Explain="This setting configures the FCS antimalware real-time protection agent."
Replace the ValuetoConfigure with the actual name of the key to you want to change (from the table above).
One of our support engineers, CraigW, has already blogged about the DisableCatchupScan key here. He included a sample ADM in his article as well – so for more information about catch-up scans, take a look.