Create windowsDeviceMalwareState
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new windowsDeviceMalwareState object.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | DeviceManagementManagedDevices.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | DeviceManagementManagedDevices.ReadWrite.All |
HTTP Request
POST /deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
Request body
In the request body, supply a JSON representation for the windowsDeviceMalwareState object.
The following table shows the properties that are required when you create the windowsDeviceMalwareState.
Property | Type | Description |
---|---|---|
id | String | The unique Identifier. This is malware id. |
displayName | String | Malware name |
additionalInformationUrl | String | Information URL to learn more about the malware |
severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown , low , moderate , high , severe . |
executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. Possible values are: unknown , blocked , allowed , running , notRunning . |
state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown , detected , cleaned , quarantined , removed , allowed , blocked , cleanFailed , quarantineFailed , removeFailed , allowFailed , abandoned , blockFailed . |
threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active , actionFailed , manualStepsRequired , fullScanRequired , rebootRequired , remediatedWithNonCriticalFailures , quarantined , removed , cleaned , allowed , noStatusCleared . |
initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
detectionCount | Int32 | Number of times the malware is detected |
category | windowsMalwareCategory | Category of the malware. Possible values are: invalid , adware , spyware , passwordStealer , trojanDownloader , worm , backdoor , remoteAccessTrojan , trojan , emailFlooder , keylogger , dialer , monitoringSoftware , browserModifier , cookie , browserPlugin , aolExploit , nuker , securityDisabler , jokeProgram , hostileActiveXControl , softwareBundler , stealthNotifier , settingsModifier , toolBar , remoteControlSoftware , trojanFtp , potentialUnwantedSoftware , icqExploit , trojanTelnet , exploit , filesharingProgram , malwareCreationTool , remote_Control_Software , tool , trojanDenialOfService , trojanDropper , trojanMassMailer , trojanMonitoringSoftware , trojanProxyServer , virus , known , unknown , spp , behavior , vulnerability , policy , enterpriseUnwantedSoftware , ransom , hipsRule . |
Response
If successful, this method returns a 201 Created
response code and a windowsDeviceMalwareState object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState
Content-type: application/json
Content-length: 510
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"displayName": "Display Name value",
"additionalInformationUrl": "https://example.com/additionalInformationUrl/",
"severity": "low",
"catetgory": "adware",
"executionState": "blocked",
"state": "detected",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14,
"category": "adware"
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 559
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"id": "6698016c-016c-6698-6c01-98666c019866",
"displayName": "Display Name value",
"additionalInformationUrl": "https://example.com/additionalInformationUrl/",
"severity": "low",
"catetgory": "adware",
"executionState": "blocked",
"state": "detected",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14,
"category": "adware"
}