A customer got a issue with Forefront EP 2010. It was installed on their Terminal Servers, and a file was detected by Forefront. The “biggest” problem was that all users got a pop-up telling that the server needed to be restarted to remove the virus. And if one user clicked restart, it would restart, even if they do not have permissons to do this. Not what you want done without control or info to the other users logged on. The fix for this is to add a registry setting that prevents access to the user Interface of Forefront on the terminal servers. Found this is on the Microsoft forums.
HKLMSOFTWAREPoliciesMicrosoftMicrosoft AntimalwareUX Configuration
REG_DWORD – UILockdown = 1
Add this key, and the pop-up is not shown anymore.
This is the link to the forum post: http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/d28331a0-5c91-4786-9d52-e78b966f4d78