ThreatSeverityDefaultAction
ThreadSeverityDefaultAction
configures the default action to be taken for a threat alert that Microsoft Defender takes. Microsoft Defender is an application that can prevent, remove, and quarantine malware (malicious software) and spyware.
Setting | Description |
---|---|
Low | Specifies the default action to take for threat alert identified as Low. |
Moderate | Specifies the default action to take for threat alert identified as Moderate. |
High | Specifies the default action to take for threat alert identified as High. |
Severe | Specifies the default action to take for threat alert identified as Severe. |
oobeSystem
offlineServicing
specialize
Security-Malware-Windows-Defender | ThreatSeverityDefaultAction
For Windows Windows Server 2016 editions, Microsoft Defender is installed with the operating system.
For Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008, Microsoft Defender is installed with the Desktop Experience Pack.
For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.
The following XML output shows how to set the default action to be taken for a threat alert.
<ThreatSeverityDefaultAction>
<Low>2</Low>
<Moderate>2</Moderate>
<High>2</High>
<Severe>2</Severe>
</ThreatSeverityDefaultAction>