Thanks for the post! Voted up.
You have lines for both 32 bit and 64 bit. For the record, which SEP version and Windows server OS were you looking at?
On the point of servers with locally-set exclusions, we used to have that open (the factory default) but that caused a problem when a user (or even an outside vendor!) would set exclusions and not even tell teh SEP admin. When the admin needed to update a CE policy, their exclusions got overwritten.
Our solution: block any client-side exclusions. If they need something, we put it into a policy if it holds up to examination.
Thanks
John