windowsDeviceMalwareState resource type
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Malware detection entity.
Methods
Method | Return Type | Description |
---|---|---|
List windowsDeviceMalwareStates | windowsDeviceMalwareState collection | List properties and relationships of the windowsDeviceMalwareState objects. |
Get windowsDeviceMalwareState | windowsDeviceMalwareState | Read properties and relationships of the windowsDeviceMalwareState object. |
Create windowsDeviceMalwareState | windowsDeviceMalwareState | Create a new windowsDeviceMalwareState object. |
Delete windowsDeviceMalwareState | None | Deletes a windowsDeviceMalwareState. |
Update windowsDeviceMalwareState | windowsDeviceMalwareState | Update the properties of a windowsDeviceMalwareState object. |
Properties
Property | Type | Description |
---|---|---|
id | String | The unique Identifier. This is malware id. |
displayName | String | Malware name |
additionalInformationUrl | String | Information URL to learn more about the malware |
severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown , low , moderate , high , severe . |
executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. Possible values are: unknown , blocked , allowed , running , notRunning . |
state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown , detected , cleaned , quarantined , removed , allowed , blocked , cleanFailed , quarantineFailed , removeFailed , allowFailed , abandoned , blockFailed . |
threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active , actionFailed , manualStepsRequired , fullScanRequired , rebootRequired , remediatedWithNonCriticalFailures , quarantined , removed , cleaned , allowed , noStatusCleared . |
initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
detectionCount | Int32 | Number of times the malware is detected |
category | windowsMalwareCategory | Category of the malware. Possible values are: invalid , adware , spyware , passwordStealer , trojanDownloader , worm , backdoor , remoteAccessTrojan , trojan , emailFlooder , keylogger , dialer , monitoringSoftware , browserModifier , cookie , browserPlugin , aolExploit , nuker , securityDisabler , jokeProgram , hostileActiveXControl , softwareBundler , stealthNotifier , settingsModifier , toolBar , remoteControlSoftware , trojanFtp , potentialUnwantedSoftware , icqExploit , trojanTelnet , exploit , filesharingProgram , malwareCreationTool , remote_Control_Software , tool , trojanDenialOfService , trojanDropper , trojanMassMailer , trojanMonitoringSoftware , trojanProxyServer , virus , known , unknown , spp , behavior , vulnerability , policy , enterpriseUnwantedSoftware , ransom , hipsRule . |
Relationships
None
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"id": "String (identifier)",
"displayName": "String",
"additionalInformationUrl": "String",
"severity": "String",
"executionState": "String",
"state": "String",
"threatState": "String",
"initialDetectionDateTime": "String (timestamp)",
"lastStateChangeDateTime": "String (timestamp)",
"detectionCount": 1024,
"category": "String"
}