You can decide how you want Microsoft Forefront Endpoint Protection 2010 to handle the potential threats it detects, by either applying recommended actions (recommended) or by specifying a default action for each alert level.
By defining a custom default action for each alert level, you gain more control over how the program handles detected threats. For example, if you know that all medium level threats are something you feel comfortable simply quarantining, then you can specify Quarantine for the medium alert level.
To apply default actions
Click the Settings tab, and then click Default actions.
Select a default action (Recommended action, Quarantine, Remove, or Allow if available). The default setting (Recommended action) means that you want Forefront Endpoint Protection to handle this alert level according to Microsoft’s recommendation.
Click Save changes. If you are prompted for an administrator password or confirmation, type the password or confirm the action.
To ensure that Forefront Endpoint Protection applies these actions after it detects potential threats, select the Apply recommended actions check box.