Forum Discussion
Defender/ThreatSeverityDefaultAction - what is default action if not configure?
In Defender AV settings, there are threat severity level & actions. - Microsoft define level of threat severity. I wonder what is default actions if we don't configure remediation action parameter? I try to check on all Microsoft site but not able to find any.. including Defender Policies (https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender?WT.mc_id=Portal-fx)
1 Reply
- If you don't configure a custom remediation action, the default action is determined by the Update Definition / Signature.
(Example documentation page for Severe threats):
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-threatseveritydefaultaction-severe
"NULL - Apply action based on the update definition. This is the default value."
