If one would like to exclude certain processes with Forefront Client Security (FCS) from the Scan by the anti-mark commodity engine, one does not become fuendig in the possible attitudes of a guideline in the Forefront Client Security management CONSOLE. There there is the possibility of listing paths and file extensions only unfortunately to indicate. One can deposit processes which can be excluded at present only directly in the Registry or by GPO (ADM):
For each process in addition under
HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes
new DWORD entry with the complete listing name of the process (e.g. "C:\WINDOWS\system32\Dienstname.exe") one puts on.
The value of these entries is always 0