With real-time scanning consuming 100 meg of memory with softom.exe the security threat was modified to allow the end user the ability to choose if they want it on or off.
the custom variable tab in the properties of the definition has the on and off value. Setting this to the value that you want the end node to be. Then scanning will report that it is vulnerable depending on what is set there. Then the ability to remediate it to match what is set has been added as well.
Before these changes were made you had to make the change in the agent configuration and send an agent update out. Not it is just a matter of changing the custom variable and scanning and then repairing.
I wonder why your post didn't come up in my searches? AH well ... so basically if I am fine with having the real-time scans run all the time, I can remove those two ID's from my Scan bucket?
I must not have used enough 0 in the name when I posted.
You can leave them in to scan folder then you can determine what machines have the real-time on or off depending on what setting you want to have the machines use.