Does anyone know how to stop FCS from warning everytime a GPO Refresh rewrites my IE Home page and Search Page?  It seems odd that FCS warns about a standard GPO configuration.

I tried to make an ADM file and apply it.  Didnt have any effect.

My ADM Attempt is here:

----------------------------------------------------------------------------------------------------------------------------------

CLASS MACHINE

CATEGORY !!FCSCategory

             POLICY !!AgentKeys_Name

                    KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection"

                    EXPLAIN !!AgentKeys_Explain

                    VALUENAME IEConfigurationAgent

                      VALUEON NUMERIC 0

                      VALUEOFF NUMERIC 1

             END POLICY

END CATEGORY

[strings]

FCSCategory="Microsoft Forefront Client Security"

AgentKeys_Name="Configuring Real-time protection agent"

AgentKeys_Explain="If enabled or set to true, the agent will watch/scan Internet Explorer configuration related resources."

----------------------------------------------------------------------------------------------------------------------------------

Added it to computer policies / policies / Administrative Templates and set the value to disabled to turn off the screening for IE config.  Applied the GPO to my machine's OU and ran GPUpdate /force a few times.  Each time still fired off FCS Warnings

Client Version:  1.5.1981.0

Engine Version: 1.1.5703.0

Antivirus definition: 1.81.258.0

Antispyware definition: 1.81.258.0

Alert Details:

Summary:

Internet Explorer Configurations change occurred.

This agent monitors end user and security related configuration changes made to Internet Explorer, including the default home page.

Detected changes:

New: http://intranet

Original: Not available

iemain (New):

HKCU@S-1-5-21-1875276754-736967864-1233803906-3097\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL

Advice:

Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Detected by:

Definition file

Checkpoint:

Internet Explorer Home Page

Category:

Configuration Change

And

Summary:

Internet Explorer Configurations change occurred.

This agent monitors end user and security related configuration changes made to Internet Explorer, including the default home page.

Detected changes:

New: http://www.google.com

Original: Not available

iemain (New):

HKCU@S-1-5-21-1875276754-736967864-1233803906-3097\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar

Advice:

Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

Detected by:

Definition file

Checkpoint:

Internet Explorer Home Page

Category:

Configuration Change

Ed Price MSFT edited Revision 46. Comment: This is really a portal, so I added that. Also added some tags.

Thank you...

Guowen Su edited Revision 53. Comment: new vulnerabilities

GREAT ARTICLE!!

Richard Mueller edited Revision 56. Comment: Removed (en-US) from title, added tag

Carsten Siemens edited Revision 57. Comment: Fixed misspelling and added tag: has comment