[Microsoft Security Essentials*] LangSecRef=3021 Detect=HKCU\Software\Microsoft\Microsoft Antimalware Default=False FileKey1=%CommonAppData%\Microsoft\Microsoft Antimalware\LocalCopy|*.*|RECURSE FileKey2=%CommonAppData%\Microsoft\Microsoft Antimalware\Scans\History\Service|*.log|RECURSE FileKey3=%CommonAppData%\Microsoft\Microsoft Security Client\Support|MSSecurityClient*.log FileKey4=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy|*.*|RECURSE FileKey5=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Service|*.log|RECURSE FileKey6=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft Security Client\Support|MSSecurityClient*.log FileKey7=%CommonAppData%\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt.bak [MS AntiMalware*] LangSecRef=3025 Default=False DetectFile=%CommonAppData%\Microsoft\Microsoft antimalware Warning=This will make MS Security Essentials think it has never run a scan. FileKey1=%CommonAppData%\Microsoft\Microsoft antimalware\network inspection system\Support|*.log FileKey2=%CommonAppData%\Microsoft\Microsoft antimalware\support|*.log FileKey3=%CommonAppData%\Microsoft\Microsoft antimalware\scans\history\results\Quick|*.*|REMOVESELF FileKey4=%CommonAppData%\Microsoft\Microsoft antimalware\scans\history\results\resource|*.*|REMOVESELF FileKey5=%CommonAppData%\Microsoft\Microsoft antimalware\scans\history\results\System|*.*|REMOVESELF FileKey6=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft antimalware\network inspection system\Support|*.log FileKey7=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft antimalware\support|*.log FileKey8=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft antimalware\scans\history\results\Quick|*.*|REMOVESELF FileKey9=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft antimalware\scans\history\results\resource|*.*|REMOVESELF FileKey10=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Microsoft antimalware\scans\history\results\System|*.*|REMOVESELF [Windows Defender Definition Updates*] LangSecRef=3024 DetectOS=|6.1 Detect=HKLM\Software\Microsoft\Windows Defender Default=False FileKey1=%CommonAppData%\Microsoft\Windows Defender\Definition Updates|*.*|RECURSE FileKey2=%LocalAppData%\VirtualStore\ProgramData\Microsoft\Windows Defender\Definition Updates|*.*|RECURSE [Windows Defender More*] LangSecRef=3024 Detect=HKLM\Software\Microsoft\Windows Defender Default=False FileKey1=%CommonAppData%\Microsoft\Windows Defender\Definition Updates\Backup|*.*|RECURSE FileKey2=%CommonAppData%\Microsoft\Windows Defender\Network Inspection System\Support|*.txt FileKey3=%CommonAppData%\Microsoft\Windows Defender\Scans|*.bin;*.bin* FileKey4=%CommonAppData%\Microsoft\Windows Defender\Scans\History\Service|*.log FileKey5=%CommonAppData%\Microsoft\Windows Defender\Scans\Scans\History\CacheManager|*.*|RECURSE FileKey6=%CommonAppData%\Microsoft\Windows Defender\Support|*.*|RECURSE