MS SCEP Detection Level Threshold: Medium vs. Low

Question

I am setting up alerts for . What is the difference between Medium - Action is required and Low - Malware is active detection levels for the Malware Detection Alert in Microsoft System Center Entpoint Protection / MS SCEP?

I am assuming the Medium also triggers if malware has been moved to quarantine but not deleted and Low only triggers if malware could not be deleted by the client agent. Can somebody confirm or correct me?

I have used this source so far: https://technet.microsoft.com/en-us/library/hh508782.aspx

Jimmy Sun · Answer 1 · 2016-11-24T01:20:52.407

Yes,your understanding is partially correct.

The Medium malware detection level means the alert will be generated when you need to manually remove the malware on the computers which hasn't been deleted automatically by SCEP client (not only the malware which has been quarantined). The low level means the alert will be genertated when the malware could not be deleted and quarantined automatically by SCEP client.

In other words, the higher level includes the lower level.

MS SCEP Detection Level Threshold: Medium vs. Low

1 Answers1