Table of contents
TOC
Collapse the table of content
Expand the table of content

Severe

Last Updated: 12/12/2016

Severe specifies the automatic remediation action taken for detected threats with a Severe alert level.

Values

1

Clean the detected threat.

2

Quarantine the detected threat.

3

Remove the detected threat.

6

Allow the detected threat.

8

Allow the user to determine the action to take with the detected threat.

9

Do not take any action.

10

Block the detected threat.

NULL

Apply action based on the update definition. This is the default value.

Valid Configuration Passes

oobeSystem

offlineServicing

specialize

Parent Hierarchy

Security-Malware-Windows-Defender | ThreatSeverityDefaultAction | Severe

Applies To

For Windows Windows Server 2016 editions, Windows Defender is installed with the operating system.

For Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008, Windows Defender is installed with the Desktop Experience Pack.

For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.

XML Example

The following XML output shows how to specify that Windows Defender will automatically quarantine a detected threat identified with a Severe alert level.

<Severe>2</Severe>

Security-Malware-Windows-Defender

Send comments about this topic to Microsoft

© 2017 Microsoft