Applying default actions to detected items

 

Updated: April 1, 2012

Applies To: System Center 2012 Configuration Manager, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Configuration Manager SP1, System Center 2012 Endpoint Protection, Windows Intune, Forefront Endpoint Protection, System Center 2012 R2 Endpoint Protection

You can decide how you want Endpoint Protection to handle the potential threats it detects, by either applying recommended actions (recommended) or by specifying a default action for each alert level.

By defining a custom default action for each alert level, you gain more control over how the program handles detected threats. For example, if you know that all medium level threats are something you feel comfortable simply quarantining, then you can specify Quarantine for the medium alert level.

To apply default actions

  1. Click the Settings tab, and then click Default actions.

  2. Select a default action (Recommended action, Quarantine, Remove, or Allow if available). The default setting (Recommended action) means that you want Endpoint Protection to handle this alert level according to Microsoft’s recommendation.

  3. Click Save changes. If you are prompted for an administrator password or confirmation, type the password or confirm the action.

To ensure that Endpoint Protection applies these actions after it detects potential threats, select the Apply recommended actions check box.