Policy

Specify threats upon which default action should not be taken when detected

Microsoft Windows

Back to ThreatsBack to main
Specify threats upon which default action should not be taken when detected
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Microsoft Defender Antivirus > Threats
Supported on
At least Windows Server 2012, Windows 8 or Windows RT

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken. Valid remediation action values are: 2 = Quarantine 3 = Remove 6 = Ignore

Internal name
Threats_ThreatIdDefaultAction
Policy ID
0aefad7a2e03
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Specify threats upon which default action should not be taken when detected
ID Threats_ThreatIdDefaultActionList
list
Path
Software\Policies\Microsoft\Windows Defender\Threats\ThreatIdDefaultAction
Value name
Threats_ThreatIdDefaultAction
Type
REG_MULTI_SZ
List: additive, explicit value
Specify threats upon which default action should not be taken when detected
Computer · Type list
Registry mapping
Path
Software\Policies\Microsoft\Windows Defender\Threats\ThreatIdDefaultAction
Value name
Threats_ThreatIdDefaultAction
Type
REG_MULTI_SZ
Details
List: additive, explicit value