Share via

List of exclusions export

Duchemin, Dominique 2,006 Reputation points
2022-08-24T00:27:12.9+00:00

Hello,

I would like to get the list of exclusions:

Assets and Compliance > Overview > Endpoint Protection > Antimalware policies > <<Policy name>>
Right Click on the policy > Properties

I want the list of the 3 sets of exclusions for this policy, how to do this?
234254-2022-08-23-17-21-34-cm-powerscribe-exclusions-defe.png

Thanks,
Dom

Microsoft Security | Intune | Configuration Manager | Application
Microsoft Security | Intune | Configuration Manager | Other
0 comments
Accepted answer
  1. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2022-08-24T07:33:13.837+00:00

    Hi, @Duchemin, Dominique

    You are right, I did not notice that the command Get-CMAntiMalwarePolicy only works for the "Default Client malware policy".

    Export-CMAntiMalwarePolicy works well for all policies. Thanks for your update. This difference may be by design.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    1 person found this answer helpful.
    0 comments

10 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Duchemin, Dominique 2,006 Reputation points
    2022-08-24T04:38:17.223+00:00

    Hello,

    I find the Settings ID available in the colums list on the CM Console but for the first group I have an file not matching the exclusion:

    SmsProviderObjectPath : SMS_AntimalwareSettings.SettingsID=16777299
    AgentConfigurations : {202, 201, 203, ...}
    AssignmentCount : 0
    CreatedBy : ......
    DateCreated : 7/27/2022 6:12:19 PM
    DateModified : 7/27/2022 6:13:31 PM
    Description : Brain
    Enabled : False
    FeatureType : 2
    Flags : 0
    LastModifiedBy :
    Name : ISS - Server - SCEP - BrainLab
    Priority : 24
    SecuredScopeNames : {}
    SettingsID : 16777299
    Type : 1
    UniqueID : {03FD70F4-EB23-4A0A-A535-1C58BA771DAC}

    Where are the exclusions?

    Will try another one !!

    Thanks,
    Dom

    0 comments
  2. Duchemin, Dominique 2,006 Reputation points
    2022-08-24T04:45:48.24+00:00

    Hello,

    I did another try on the "Default Client malware policy" and yes for number '0' it shows the exclusions but not for the custom policies...

    234304-2022-08-23-21-56-49-ps-get-antimalwarepolicy.png

    Why?

    Thanks,
    Dom

    0 comments
  3. Duchemin, Dominique 2,006 Reputation points
    2022-08-24T05:18:05.667+00:00

    Hello,

    From the last command:
    Get-CMAntimalwarePolicy | Out-File -FilePath C:\temp\output-all.txt

    I confirmed that only the "Default Client malware policy" shows its exclusions all other policies just show their details!!!
    Any idea why this discrepancy?

    Thanks,
    Dom

    0 comments
  4. Duchemin, Dominique 2,006 Reputation points
    2022-08-24T05:33:34.253+00:00

    Hello,

    Get-CMAntiMalwarePolicy -Id "16777350" | Out-File -FilePath C:\temp\OUTPUT-Powerscribe.txt

    Is giving only:

    ========================================================

    SmsProviderObjectPath : SMS_AntimalwareSettings.SettingsID=16777350
    AgentConfigurations : {202, 201, 203, ...}
    AssignmentCount : 0
    CreatedBy : --------------
    DateCreated : 7/28/2022 7:20:32 PM
    DateModified : 7/28/2022 7:23:10 PM
    Description : Powerscribe Servers
    Enabled : False
    FeatureType : 2
    Flags : 0
    LastModifiedBy : -------------
    Name : ISS - Server - SCEP - PowerScribe
    Priority : 75
    SecuredScopeNames : {}
    SettingsID : 16777350
    Type : 1
    UniqueID : {091F18EA-F6BE-4CF9-BCFF-6C630BD527C1}

    ========================================================

    When:

    Export-CMAntiMalwarePolicy -Id "16777350" -Path "C:\temp\AMPowerscribe.xml"

    Is giving:

    ========================================================

    <SecurityPolicy Name="ISS - Server - SCEP - PowerScribe" Description="Powerscribe Servers" CreatedBy="----------------" LastModifiedBy="----------------" xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData">
    <PolicySection Name="FEP.AmPolicy" Disabled="false">
    <LocalGroupPolicySettings>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware" Disabled="false">
    <AddValue Name="DisableLocalAdminMerge" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="RandomizeScheduleTaskTimes" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="PUAProtection" Type="REG_DWORD" Disabled="false">1</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Scan" Disabled="false">
    <AddValue Name="AvgCPULoadFactor" Type="REG_DWORD" Disabled="false">20</AddValue>
    <AddValue Name="CheckForSignaturesBeforeRunningScan" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableScanningNetworkFiles" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableArchiveScanning" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableEmailScanning" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableScanningMappedNetworkDrivesForFullScan" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableRemovableDriveScanning" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableRestorePoint" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableCatchupQuickScan" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableCatchupFullScan" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideAvgCPULoadFactor" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideScanParameters" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideScheduleDay" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideScheduleQuickScanTime" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideScheduleTime" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="ScanParameters" Type="REG_DWORD" Disabled="false">2</AddValue>
    <AddValue Name="ScheduleQuickScanTime" Type="REG_DWORD" Disabled="false">120</AddValue>
    <AddValue Name="ScheduleTime" Type="REG_DWORD" Disabled="false">120</AddValue>
    <AddValue Name="ScheduleDay" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="ScanOnlyIfIdle" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisableReparsePointScanning" Type="REG_DWORD" Disabled="false">1</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Quarantine" Disabled="false">
    <AddValue Name="LocalSettingOverridePurgeItemsAfterDelay" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="PurgeItemsAfterDelay" Type="REG_DWORD" Disabled="false">30</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-time protection" Disabled="false">
    <AddValue Name="DisableRealtimeMonitoring" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="RealTimeScanDirection" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideDisableRealTimeMonitoring" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideDisableIntrusionPreventionSystem" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideDisableDisableOnAccessProtection" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideDisableIOAVProtection" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideDisableBehaviorMonitoring" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="LocalSettingOverrideRealTimeScanDirection" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableIntrusionPreventionSystem" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableIOAVProtection" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableBehaviorMonitoring" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableOnAccessProtection" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="DisableScriptScanning" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction" Disabled="false">
    <AddValue Name="5" Type="REG_DWORD" Disabled="false">2</AddValue>
    <AddValue Name="4" Type="REG_DWORD" Disabled="false">2</AddValue>
    <AddValue Name="2" Type="REG_DWORD" Disabled="false">2</AddValue>
    <AddValue Name="1" Type="REG_DWORD" Disabled="false">2</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Signature Updates" Disabled="false">
    <AddValue Name="SignatureUpdateInterval" Type="REG_DWORD" Disabled="false">8</AddValue>
    <AddValue Name="SignatureUpdateCatchupInterval" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="FallbackOrder" Type="REG_SZ" Disabled="false">AMDefinitionFallbackOrderFromCM|MicrosoftUpdateServer|InternalDefinitionUpdateServer|MMPC</AddValue>
    <AddValue Name="DefinitionUpdateFileSharesSources" Type="REG_SZ" Disabled="false">
    </AddValue>
    <AddValue Name="ScheduleDay" Type="REG_DWORD" Disabled="false">8</AddValue>
    <AddValue Name="ScheduleTime" Type="REG_DWORD" Disabled="false">120</AddValue>
    <AddValue Name="AuGracePeriod" Type="REG_DWORD" Disabled="false">4320</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Paths" Disabled="false">
    <AddValue Name="%ProgramFiles(x86)%\FireAmp\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles(x86)%\Sophos\Sophos Anti-Virus\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles(x86)%\SourceFire\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles%\FireAmp\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles%\Sophos\Sophos Anti-Virus\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles%\SourceFire\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles%\System Center Operations Manager 2007\Health Service State\Health Service Store" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%programdata%\Microsoft\Search\Data\Applications\Windows*.log" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.chk" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.cmtx" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.csv" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.edb" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.jrd" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.jrs" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.log" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.sdb" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\Security\Database*.xml" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\SoftwareDistribution\Datastore\Datastore.edb" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs*.jrs" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs*.log" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\SoftwareDistribution\Datastore\tmp.edb" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%windir%\System32\ecatservice.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles%\FireEye\xagt\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ProgramFiles(x86)%\FireEye\xagt\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%WinDir%\System32\Drivers\FeKern.sys" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%allusersprofile%\ApplicationData\FireEye\xagt\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%programdata%\FireEye\xagt\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%WinDir%\FireEye\xagtnotif.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%ALLUSERSPROFILE%\NTuser.pol" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%SystemRoot%\System32\GroupPolicy\Machine\registry.pol" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="%SystemRoot%\System32\GroupPolicy\User\registry.pol" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Documents and Settings\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Documents and Settings\All Users\Application Data\PSRecogServer\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Gateway0\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Montage\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Montage\Data\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\MontageBackups\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="c:\Nuance\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\PowerXpress2008\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files (x86)\Apache Software Foundation\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files (x86)\erl5.8.5\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files (x86)\Nuance\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files (x86)\Nuance\Speech Utility Server\psexec.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files (x86)\PostgreSQL\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files (x86)\RabbitMQ Server\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\ProgramData\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\PScribeSDK_data\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\PSWR_DATA\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Python 27\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Users\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Users\All Users\Application Data\PSRecogServer\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Windows\PSEXESVC.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Windows\system32\config\systemprofile\AppData\Local\Temp\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\windows\system32\config\systemprofile\AppData\Local\Temp\agw\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Windows\System32\LocalFileManager.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Windows\Temp\es_export\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="E:\Nuance\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\ProgramData\Nuance\" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="C:\Program Files\Nuance\" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Extensions" Disabled="false">
    <AddValue Name=".arc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".bak" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".chk" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".edb" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".log" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".adp" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".ast" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".bas" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".bd" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".cmp" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".dat" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".db" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".dic" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".dik" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".dvc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".enh" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".fac" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".grm" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".gsb" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".ind" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".ini" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".lan" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".ldf" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".lst" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".mdf" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".nvc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".par" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".per" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".pvc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".pwp" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".rec" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".rtf" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".rwr" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".sig" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".svc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".trc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".trd" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".tru" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".txt" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".usr" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".voc" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".vtd" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".wav" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".wrp" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".xml" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".dra" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".lck" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".nwv" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".ver" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".ini_dgnrenamed" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name=".voc_dgnrenamed" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Processes" Disabled="false">
    <AddValue Name="Movere.Bot2.Local.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="Movere.Bot4.Local.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="Movere.Arc4.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="Movere.Arc2.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet" Disabled="false">
    <AddValue Name="LocalSettingOverrideSpyNetReporting" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="SpyNetReporting" Type="REG_DWORD" Disabled="false">2</AddValue>
    <AddValue Name="SubmitSamplesConsent" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="LocalSettingOverrideSubmitSamplesConsent" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\MpEngine" Disabled="false">
    <AddValue Name="MpCloudBlockLevel" Type="REG_DWORD" Disabled="false">0</AddValue>
    <AddValue Name="MpBafsExtendedTimeout" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration" Disabled="false">
    <AddValue Name="Notification_Suppress" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="DisablePrivacyMode" Type="REG_DWORD" Disabled="false">1</AddValue>
    <AddValue Name="UILockdown" Type="REG_DWORD" Disabled="false">0</AddValue>
    </AddKey>
    </LocalGroupPolicySettings>
    </PolicySection>
    </SecurityPolicy>

    ========================================================

    Why this difference?

    Thanks,
    Dom

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.