windowsDeviceMalwareState resource type
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Malware detection entity.
Methods
| Method | Return Type | Description |
|---|---|---|
| List windowsDeviceMalwareStates | windowsDeviceMalwareState collection | List properties and relationships of the windowsDeviceMalwareState objects. |
| Get windowsDeviceMalwareState | windowsDeviceMalwareState | Read properties and relationships of the windowsDeviceMalwareState object. |
| Create windowsDeviceMalwareState | windowsDeviceMalwareState | Create a new windowsDeviceMalwareState object. |
| Delete windowsDeviceMalwareState | None | Deletes a windowsDeviceMalwareState. |
| Update windowsDeviceMalwareState | windowsDeviceMalwareState | Update the properties of a windowsDeviceMalwareState object. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is malware id. |
| displayName | String | Malware name |
| additionalInformationUrl | String | Information URL to learn more about the malware |
| severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown, low, moderate, high, severe. |
| executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. Possible values are: unknown, blocked, allowed, running, notRunning. |
| state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed. |
| threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
| lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
| detectionCount | Int32 | Number of times the malware is detected |
| category | windowsMalwareCategory | Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. |
Relationships
None
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"id": "String (identifier)",
"displayName": "String",
"additionalInformationUrl": "String",
"severity": "String",
"executionState": "String",
"state": "String",
"threatState": "String",
"initialDetectionDateTime": "String (timestamp)",
"lastStateChangeDateTime": "String (timestamp)",
"detectionCount": 1024,
"category": "String"
}