Problem Description
*********************
Is it possible, to change the default behaviour when finding an infected file?
The files are deleted by default.
In the Windows Defender for Windows 7 there was a way to change this.
We are using the commandline utility of Windows Defender to scan drives of our customer.
When the Defender finds an infected file there should just be a message but no deletion.
Is there a way to define this behaviour (registry key, commandline parameter, etc.) ?
Suggestion
*******************
By design, Windows Defender doesn’t support change the default action on Win8. When Windows Defender find infected files, these files will be quarantined by default. They give you a chance to verify if it is dangerous for your system instead of removing it directly. In addition, you can check these files under History tab and decide whether you want to remove them or not.
What’s more, a group policy setting allows you to configure whether Windows Defender automatically takes action on all detected threats. To do this, please try:
1. Run gpedit.msc to open Local Group Policy Editor
2. Navigate to Computer Configuration/Administrative Templates/Windows Components/Windows Defender
3. Disable “Turn off Routinely Taking Actions”