While building my new Configuration Manager server, MECM, I took screenshots of the default antimalware policy settings in the event settings in it ever got changed. The default should not be changed. A new policy should be created and deployed.

Scheduled Scans

Scan Settings

Default Actions

Real-time Protection

Exclusion Settings

Advanced

Threat Overrides

Cloud Protection Service

Security Intelligence Updates