FWIW, my ScanPolicy is set to 3738371 on my main computer where there's no Windows installed and 0 on the one with Windows.
EFI won't show in both, I guess if not on the second one it's probably because the EFI partition is not called "EFI"... (I kept "NO NAME", as it was set by Windows)
Note that if you use OpenCore Configurator.app for setting the ScanPolicy, its labels are erroneous (and have been since forever...) as shown in the screen capture below (where I've put OC's Configuration.pdf in the background:
View attachment 561199
I've used
https://oc-scanpolicy.vercel.app/ instead for finding my adequate settings.