Specify threats upon which default action should not be taken when detected
This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
Valid remediation action values are:
2 = Quarantine
3 = Remove
6 = Ignore
Supported on: At least Windows Vista
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\Microsoft Antimalware\Threats |
| Value Name | threats_threatiddefaultaction |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |
Specify threats upon which default action should not be taken when detected
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction |
| Value Name | {number} |
| Value Type | REG_SZ |
| Default Value |
fep2010.admx
- System
- Forefront Endpoint Protection 2010
- Client Interface
- Exclusions
- Network Inspection System Exclusions
- Network Inspection System
- Quarantine
- Real-time Protection
- Configure local setting override for monitoring file and program activity on your computer
- Configure local setting override for monitoring for incoming and outgoing file activity
- Configure local setting override for scanning all downloaded files and attachments
- Configure local setting override for turn on behavior monitoring
- Configure local setting override to turn off Intrusion Prevention System
- Configure local setting override to turn on real-time protection
- Configure monitoring for incoming and outgoing file and program activity
- Define the maximum size of downloaded files and attachments to be scanned
- Monitor file and program activity on your computer
- Scan all downloaded files and attachments
- Turn on behavior monitoring
- Turn on Information Protection Control
- Turn on network protection against exploits of known vulnerabilities
- Turn on process scanning whenever real-time protection is enabled
- Turn on raw volume write notifications
- Turn on real-time protection
- Remediation
- Reporting
- Configure time out for detections in critically failed state
- Configure time out for detections in non-critical failed state
- Configure time out for detections in recently remediated state
- Configure time out for detections requiring additional action
- Configure Watson events
- Configure Windows software trace preprocessor components
- Configure WPP tracing level
- Scan
- Allow users to pause scan
- Check for the latest virus and spyware definitions before running a scheduled scan
- Configure local setting override for maximum percentage of CPU utilization
- Configure local setting override for scheduled quick scan time
- Configure local setting override for scheduled scan time
- Configure local setting override for schedule scan day
- Configure local setting override for the scan type to use for a scheduled scan
- Create a system restore point
- Run full scan on mapped network drives
- Scan archive files
- Scan network files
- Scan packed executables
- Scan removable drives
- Specify the day of the week to run a scheduled scan
- Specify the interval to run quick scans per day
- Specify the maximum depth to scan archive files
- Specify the maximum percentage of CPU utilization during a scan
- Specify the maximum size of archive files to be scanned
- Specify the scan type to use for a scheduled scan
- Specify the time for a daily quick scan
- Specify the time of day to run a scheduled scan
- Start the scheduled scan only when computer is on but not in use
- Turn on catch-up full scan
- Turn on catch-up quick scan
- Turn on e-mail scanning
- Turn on heuristics
- Turn on removal of items from scan history folder
- Turn on reparse point scanning
- Signature Updates
- Allow definition updates from Microsoft Update
- Allow definition updates when running on battery power
- Allow notifications to disable definitions based reports to Microsoft SpyNet
- Allow real-time definition updates based on reports to Microsoft SpyNet
- Check for the latest virus and spyware definitions on startup
- Define the number of days after which a catch-up definition update is required
- Define the number of days before spyware definitions are considered out of date
- Define the number of days before virus definitions are considered out of date
- Define the order of sources for downloading definition updates
- Initiate definition update on startup
- Specify the day of the week to check for definition updates
- Specify the interval to check for definition updates
- Specify the time to check for definition updates
- Turn on scan after signature update
- SpyNet
- Threats
- Allow antimalware service to remain running always
- Allow antimalware service to startup with normal priority
- Configure local administrator merge behavior for lists
- Define addresses to bypass proxy server
- Define proxy server for connecting to the network
- Randomize scheduled task times
- Turn on routine remediation
- Turn on spyware definitions
- Turn on virus definitions
- Forefront Endpoint Protection 2010