ThreatSeverityDefaultAction
ThreadSeverityDefaultAction configures the default action to be taken for a threat alert that Microsoft Defender takes. Microsoft Defender is an application that can prevent, remove, and quarantine malware (malicious software) and spyware.
Child Elements
| Setting | Description |
|---|---|
| Low | Specifies the default action to take for threat alert identified as Low. |
| Moderate | Specifies the default action to take for threat alert identified as Moderate. |
| High | Specifies the default action to take for threat alert identified as High. |
| Severe | Specifies the default action to take for threat alert identified as Severe. |
Valid Configuration Passes
oobeSystem
offlineServicing
specialize
Parent Hierarchy
Security-Malware-Windows-Defender | ThreatSeverityDefaultAction
Applies To
For Windows Windows Server 2016 editions, Microsoft Defender is installed with the operating system.
For Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008, Microsoft Defender is installed with the Desktop Experience Pack.
For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.
XML Example
The following XML output shows how to set the default action to be taken for a threat alert.
<ThreatSeverityDefaultAction>
<Low>2</Low>
<Moderate>2</Moderate>
<High>2</High>
<Severe>2</Severe>
</ThreatSeverityDefaultAction>