Share via

System Center Endpoint Protection registry values...

Duchemin, Dominique 2,006 Reputation points
2023-10-07T00:00:06.6466667+00:00

Hello,

CCM\EPAgent\LastAppliedPolicy

I have a value

Default Client Antimalware Policy (Realtime Config) REG_WORD = 2

and on the second policy:

ISS - Servers - SCEP - 3M - Test there no (Realtime Config) listed...

What is the definitive status of the RealTime Config ?

2023-10-06_16-59-01 Realtime Config.jpg

Thanks,

Dom

Microsoft Security | Intune | Configuration Manager | Other
0 comments
Accepted answer
  1. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2023-10-11T06:02:32.6866667+00:00

    Hi, @Duchemin, Dominique

    I need to Disable Realtime Protection on some servers (about 1500+) and some desktops (about 30,000+) but not on all systems. I cannot go to the 31,500 machines one by one???

    It's easy, like we discussed in the other thread, we just need to configure the "Enable real-time protection" to "No" in the custom antimalware policy and deploy it to the server device collection and the desktop device collection.

    It will apply to the machines when the machines get the client policy.(60 minutes by default)

    It has nothing to do with the default client setting.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2023-10-09T07:55:24.2666667+00:00

    Hi, @Duchemin, Dominique

    Thank you for posting in Microsoft Q&A forum.

    The realtime config will refer to the configuration in Default Client Antimalware Policy.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments
  2. Duchemin, Dominique 2,006 Reputation points
    2023-10-10T05:19:29.6966667+00:00

    Hello @AllenLiu-MSFT

    I thought all custom policies were having highest priority than the default policy. This seems not to be true if it is the Default which is taking into account.

    I need to be sure the custom policy with the Realtime keys is the one in place ...

    Thanks,

    Dom

    0 comments
  3. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2023-10-10T08:25:28.6833333+00:00

    Hi, @Duchemin, Dominique

    All custom policies have highest priority than the default policy, that's true.

    You do not configure the Realtime Config in your custom policy, it will use the configuration in default policy. It's very similar to the Client Settings.

    0 comments
  4. Duchemin, Dominique 2,006 Reputation points
    2023-10-10T15:17:06.3766667+00:00

    Hi @AllenLiu-MSFT

    You do not configure the Realtime Config in your custom policy, it will use the configuration in default policy. It's very similar to the Client Settings."

    So this means we cannot configure the Realtime as the "Default Client Antimalware Policy" applied by DEFAULT everywhere the System Center Endpoint Protection Agent is deployed ...

    I need to Disable Realtime Protection on some servers (about 1500+) and some desktops (about 30,000+) but not on all systems. I cannot go to the 31,500 machines one by one???

    How could I do this?

    This is the "Default Client Settings" policy under Client settings

    2023-10-10_9-09-17 Default Client Policy RTP Checked.jpg

    Let me know when it will be applied to the machines?

    Thanks,

    Dom

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.