What are recommended actions?
Updated: April 1, 2012
Applies To: System Center 2012 Configuration Manager, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Configuration Manager SP1, System Center 2012 Endpoint Protection, Windows Intune, Forefront Endpoint Protection, System Center 2012 R2 Endpoint Protection
Essentially recommended action means that you want Endpoint Protection to handle this alert level according to Microsoft’s recommendation. When Endpoint Protection detects a threat or potential threat, it takes the action specified as the Default Action in Settings. Unless you change the Default Actions associated with each alert level Endpoint Protection applies the recommended action. The recommended action is a specific action recommended by Microsoft for dealing with a specific threat or potential threat. It is associated with the definition specific to a particular threat. Usually, recommended actions are related to the detected item’s severity level: severe, high, medium, or low (see Understanding alert levels) For example, in most cases, the recommended action associated with a high-severity alert is to remove the detected threat. However, even in the case of a high-severity alert, the recommended action might be to allow the detected threat.
Tip
Unless you have a deep understanding of malware and their definitions, you should use the recommended actions to help protect your computer from threats.