- I personally recommend to only enable those rules which match the AV solution/vendor that is in place on the client to limit the amount of allow list entries to a minimum. Enabling all rules would only make sense for some kind of a "BYOD" network segment where users are allowed to bring laptops which do not run a corporate controlled AV solution
- The lists are based on KB articles of the AV solution/vendor and are updated manually on a regular basis. They are not explicitly tested with specific client solutions but we allow all update servers a vendor mentions assuming that all client solutions will use those update servers. Any feedback that could help improving the lists would be appreciated.