Specify threats upon which default action should not be taken when detected

This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.

Valid remediation action values are:
2 = Quarantine
3 = Remove
6 = Ignore

Supported on: At least Windows Server 2012, Windows 8 or Windows RT

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\Threats
Value NameThreats_ThreatIdDefaultAction
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Specify threats upon which default action should not be taken when detected

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows Defender\Threats\ThreatIdDefaultAction
Value Name{number}
Value TypeREG_SZ
Default Value

windowsdefender.admx

Administrative Templates (Computers)

Administrative Templates (Users)