I'll give you Mike Treit (of Microsoft)'s reply on this one:
------------------------------------------------------------------------
First of all, one point of clarification: this setting simply defines the
action that is selected by default in the dropdown in the UI when you are
presented with the dialog asking you what actions you want to take. It does
not specify an action that Windows Defender will take automatically without
asking you first. Windows Defender will always ask you to make an
affirmative decision before applying actions to any threats found.
The "Signature default" option simply means that for a given threat, the
action that is selected by default in the drop-down is defined in the
signature for that threat. Typically this is based on the overall severity
(i.e., the "Alert level") of the threat.
For instance, a high severity threat will normally have a recommended action
of "Remove" and, if you have chosen the "Signature default" option, that is
what will be selected by default for that threat in the drop-down box in the
Scan Results dialog. If you have, for example, changed the default to
"Ignore" for all high severity threats, then that will be displayed instead
of the "Remove" action that is suggested in the signature definition.
Although we have the flexibility to define different recommended actions in
the signature that do not correspond directly to the "Alert level" of the
threat, for Beta 2 the breakdown is generally the following:
Threats that are "High" or "Severe" will have a recommended action of
"Remove" defined in the signature. "Remove" will be selected by default in
the Action dropdown when such a threat is found.
Threats that are "Moderate" will not have a recommended action. The dropdown
will say "Select an action" and no action will be taken until you explictly
choose one of the possible options "Ignore", "Remove", "Quarantine" or
"Always Allow"
Threats that are "Low" will have a recommended action of "Ignore" defined in
the signature. "Ignore" will be selected by default in the Action dropdown
when such a threat is found.
Typically leaving the setting at "Signature default" is a good choice, but
the setting is there so that you have the flexibility to change this
behavior if you wish.
Note that the set of actions and the behavior of the signatures may be
changed in the future, so don't consider the rules described above to be set
in stone.
Thanks
-Mike
Mark said:
In Windows Defender -> General Settings -> Default Actions -> High,
Medium,
Low Alerts. There are three choices for each of these:
1. Signature Default
2. Ignore
3. Remove
I am pretty sure I understand the Ignore and Remove choices, but what does
Signature Default mean? This is not clear, and the help instructions
don't
explain this. What happens if that is the choice and an item is found?
Can
you have it leave a pop up screen, like AntiSpyWare does now, requesting
the
user decide what should be removed or ignored?
Mike asked about this same thing on 2-15-06, and got no replies. I gather
this is a tough question. But it is very important to our users.
Thanks
------------------------------------------------------------------------------1
--
