Custom Forefront Endpoint Protection 2010 (FEP) policy for a custom Configuration Manager 2007 (ConfigMgr) install with SQL 2008 on a single server

I’m currently working on deploying ConfigMgr for a client.  They’re using FEP with the default settings and it’s unmanaged.  Of course FEP is unmanaged because I’m in the process of laying down ConfigMgr for software updates, operating system deployment, and last but not least a managed FEP environment.  It’s sort of like having the carriage before the horse.  I really don’t want to get into why it’s like that but for now it is what it is.  

I was about to apply the ConfigMgr policy from the command prompt on the ConfigMgr server ( but stopped because I had a few thoughts.  I needed to do a few non-default things and the default policy wouldn’t accomplish what I needed.

1. ConfigMgr was installed on the E drive and the XML file for ConfigMgr points at %programfiles% and %programfiles(x86).  That means if the OS is on the C drive and ConfigMgr is on the E drive the default XML would not exclude ConfigMgr directories because those variables are on the C drive.

2. SQL 2008 was also installed on the E drive for ConfigMgr.

3. ConfigMgr also uses IIS so I needed IIS exclusions.

4. You can only import one XML at a time.  If you do more than one the last one will be the current settings. 

What I decided to do was to create a single XML that accomplishes my requirements.  The XML file below uses Microsoft’s antivirus exclusion recommendations for ConfigMgr 2007, SQL 2008, and IIS where ConfigMgr and SQL 2008 is installed on the E drive.  Please feel free to modify the XML to suit your needs.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s