Windows Defender default settings question

G

Guest

The tools menu in Windows Defender in general settings shows a default
actions category which lists high, medium and low alert items with the
following options; signature default, ignore, and remove. What is the
signature default setting and who/what determines this setting, the Defender
Software or does this require my input and if so, where do I configure the
default settings? Thanks... SEC
 
T

Tom Emmelot

Hello Steve,

i have set the Low alert items to ignore and that make a difference, had
a few things coming up all the time, but not anymore!

So play a bit with the items, but let the High on Signature default ;)

Regards >*< TOM >*<

Steve C. schreef:
 
J

Joe Faulhaber[MSFT]

The signature default is what Microsoft recommends to do with the threat.
Better text would be "Definition Recommended Action".
 
B

Bill Sanderson MVP

I have to confess to a level of skepticism about whether this set of options
will ever really make sense or be useful to the users.

The default settings are "Let Microsoft decide"--with no way for the user to
get some experience/idea of what that decision might be. We can assume
remove for a high level threat, but there's no way to look anything up.

This is kind of like the activeX prompt box "always trust"--how many folks
ever check that box? I don't, although I have absolutely no hesitation and
routinely allow every such control Microsoft provides.

The users have the choice of "ignore" or "remove". Ignore (one time) might
be better text here--since this isn't an ignore always choice. However, why
not a choice of quarantine?

I guess I'm puzzled about the envisioned scenario where a user might make a
useful choice in these boxes--to me, the useful choice is to not apply
actions after a scan, and allow the user to make them directly.

I suppose that in a corporate locked down environment, choosing remove for
all threats and making that automatic might be appropriate, but I'm finding
it hard to justify the real estate this set of choices takes up.
 
G

Guest

Thanks for the comments Bill. I mirror your thoughts on this as well.

I would hope that in the event Defender identifies malware that the software
will at the very least communicate as to the action taken using this
"signature default" option.

Stephen Cooksley
 
G

Guest

Thanks for the reply Joe. SEC

Joe Faulhaber said:
The signature default is what Microsoft recommends to do with the threat.
Better text would be "Definition Recommended Action".
Click to expand...
 
G

Guest

Hi Tom,
Thank you for the reply.

Steve Cooksley

Tom Emmelot said:
Hello Steve,

i have set the Low alert items to ignore and that make a difference, had
a few things coming up all the time, but not anymore!

So play a bit with the items, but let the High on Signature default ;)

Regards >*< TOM >*<

Steve C. schreef:
Click to expand...
 
B

Bill Sanderson MVP

When you look at a scan results page there is a default action shown for
each item--so at that point you do find out what the default action is. You
can then modify the default as desired--as I do for cases in which I want
VNC, for example, to remain installed.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Signature Default? 2
Default Actions 5
Turn off alerts 7
For $1,000,000 dollars...What is a Signature Default? 6
Trojan Detected but Ignored 1
No Alert for Action? 1
Windows Defender_Does it scan, monitor, or engage XP_SP3 at shutdo 6
configuration question on Windows Defender 4

Top