Policy selection for ADMX packs

Policy overview

Key metadata and intent for this policy.

ClassComputer

CategoryWindows Components > Microsoft Defender Antivirus > Threats

Supported onAt least Windows Server 2012, Windows 8 or Windows RT

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken. Valid remediation action values are: 2 = Quarantine 3 = Remove 6 = Ignore

Internal name

Threats_ThreatIdDefaultAction

Policy ID

0aefad7a2e03

Elements

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

Element	Type	Registry mapping	Constraints & behavior
Specify threats upon which default action should not be taken when detected ID Threats_ThreatIdDefaultActionList	list	HKLM\Software\Policies\Microsoft\Windows Defender\Threats\ThreatIdDefaultAction\Threats_ThreatIdDefaultAction Type REG_MULTI_SZ	List: additive, explicit value

Other policies in this category

Explore related policies at the same level.

Computer
Specify threat alert levels at which default action should not be taken when detected
At least Windows Server 2012, Windows 8 or Windows RT