ThreatSeverityDefaultAction
Article 12/17/2020
4 contributors
Feedback
In this article
Child Elements
Valid Configuration Passes
Parent Hierarchy
Applies To
XML Example
Related topics
Show 2 more
ThreadSeverityDefaultAction
configures the default action to be taken for a threat alert that Microsoft Defender takes. Microsoft Defender is an application that can prevent, remove, and quarantine malware (malicious software) and spyware.
Expand table
Setting
Description
Low
Specifies the default action to take for threat alert identified as Low.
Moderate
Specifies the default action to take for threat alert identified as Moderate.
High
Specifies the default action to take for threat alert identified as High.
Severe
Specifies the default action to take for threat alert identified as Severe.
Valid Configuration Passes
oobeSystem
offlineServicing
specialize
Security-Malware-Windows-Defender | ThreatSeverityDefaultAction
For Windows Windows Server 2016 editions, Microsoft Defender is installed with the operating system.
For Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008, Microsoft Defender is installed with the Desktop Experience Pack.
For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender .
The following XML output shows how to set the default action to be taken for a threat alert.
<ThreatSeverityDefaultAction>
<Low>2</Low>
<Moderate>2</Moderate>
<High>2</High>
<Severe>2</Severe>
</ThreatSeverityDefaultAction>
Security-Malware-Windows-Defender