System Builder Channel – Office Starter 2010 Anti-Malware

Readiness

OEMs may need to add specific registry keys provided by their anti-malware ISVs to ensure that anti-virus and anti-malware programs work correctly with Office Starter 2010, as part of the Office 2010 preload installation.

Office Starter 2010 uses Microsoft application virtualization technologies called “Click-to-Run,” which can limit accessibility by security (anti-virus or anti-malware) software programs and may generate false positives and/or prevent detection of malware code if not remediated by the OEM or security vendor.

Office Starter 2010 uses the Microsoft Click-to-Run virtualized technology that creates a Q: drive (may be R: drive on some systems) that contains all of the files, fonts, COMs embedded services, and environment variables that the application needs to run. This is a protected environment that, by default, does not allow other programs to either view or change.

One example of a software program that may need to look into the Q: drive (or R: drive) is anti-malware or anti-virus software. OEMs can allow these kind of applications to access the contents of Q: by registering a Service Inclusion registry key.

o The OEM should contact their anti-malware/anti-virus vendor in order to get the necessary service name details should they be required.

o The OEM should set up Service Inclusion by creating a REG_SZ value with the

service name of each service that needs to access the Q: drive. The name of the value does not matter. Note that you must restart the service after setting the Service Inclusion keys.

For X86 (32-bit systems), create the key under [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client\AppFS\ServiceInclusions]

For X64 (64-bit systems), create the key under [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\Client\AppFS\ServiceInclusions]

o Service Inclusions are only supported on Windows Vista® and later.

o OEMs can set up the Service Inclusion keys before or after installing the Office 2010 OEM Preinstallation Kit (OPK) during the production process.

Example: For a 32-bit OS, the service inclusion for two services called NIS and ABC (as examples) would look like this:

o [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client\

AppFS\ServiceInclusions] Service1=NIS Service2=ABC

The OEMs must verify with their ISVs what and how many services must be included.

To find out if any services need access to Office Product files on the Q: drive, please contact your anti-malware vendor.

The Microsoft application virtualization technologies do not virtualize or isolate documents created or modified by users in standard locations such as My

Documents, network shares, etc. Documents modified by Office 2010 can be accessed as they normally would with any installed application without setting up Service Inclusion. Virtualization/isolation only applies to the Office 2010 product files that use the Office Starter 2010 virtualized technology.

Customer Resources Office 2010 resources are available on the OPC at http://oem.microsoft.com/. From the left navigation bar, go to: | Products | Office Products | Office 2010 |.