Update malwareStateForWindowsDevice
Article
11/30/2023
6 contributors
Feedback
In this article
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a malwareStateForWindowsDevice object.
This API is available in the following national cloud deployments .
Global service
US Government L4
US Government L5 (DOD)
China operated by 21Vianet
✅
✅
✅
✅
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
DeviceManagementManagedDevices.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
DeviceManagementManagedDevices.ReadWrite.All
HTTP Request
PATCH /deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates/{malwareStateForWindowsDeviceId}
Request body
In the request body, supply a JSON representation for the malwareStateForWindowsDevice object.
The following table shows the properties that are required when you create the malwareStateForWindowsDevice .
Property
Type
Description
id
String
The unique Identifier. This is device id.
deviceName
String
Indicates the name of the device being evaluated for malware state
executionState
windowsMalwareExecutionState
Indicates execution status of the malware. Possible values are: unknown, blocked, allowed, running, notRunning. Defaults to unknown. Possible values are: unknown
, blocked
, allowed
, running
, notRunning
.
threatState
windowsMalwareThreatState
Indicates threat status of the malware. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. defaults to noStatusCleared. Possible values are: active
, actionFailed
, manualStepsRequired
, fullScanRequired
, rebootRequired
, remediatedWithNonCriticalFailures
, quarantined
, removed
, cleaned
, allowed
, noStatusCleared
.
initialDetectionDateTime
DateTimeOffset
Initial detection datetime of the malware
lastStateChangeDateTime
DateTimeOffset
The last time this particular threat was changed
detectionCount
Int32
Indicates the number of times the malware is detected
Response
If successful, this method returns a 200 OK
response code and an updated malwareStateForWindowsDevice object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/v1.0/deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates/{malwareStateForWindowsDeviceId}
Content-type: application/json
Content-length: 334
{
"@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",
"deviceName": "Device Name value",
"executionState": "blocked",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new MalwareStateForWindowsDevice
{
OdataType = "#microsoft.graph.malwareStateForWindowsDevice",
DeviceName = "Device Name value",
ExecutionState = WindowsMalwareExecutionState.Blocked,
ThreatState = WindowsMalwareThreatState.ActionFailed,
InitialDetectionDateTime = DateTimeOffset.Parse("2016-12-31T23:57:05.3889692-08:00"),
LastStateChangeDateTime = DateTimeOffset.Parse("2016-12-31T23:59:51.0767794-08:00"),
DetectionCount = 14,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.WindowsMalwareInformation["{windowsMalwareInformation-id}"].DeviceMalwareStates["{malwareStateForWindowsDevice-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc device-management windows-malware-information device-malware-states patch --windows-malware-information-id {windowsMalwareInformation-id} --malware-state-for-windows-device-id {malwareStateForWindowsDevice-id} --body '{\
"@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",\
"deviceName": "Device Name value",\
"executionState": "blocked",\
"threatState": "actionFailed",\
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",\
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",\
"detectionCount": 14\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
import (
"context"
"time"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewMalwareStateForWindowsDevice()
deviceName := "Device Name value"
requestBody.SetDeviceName(&deviceName)
executionState := graphmodels.BLOCKED_WINDOWSMALWAREEXECUTIONSTATE
requestBody.SetExecutionState(&executionState)
threatState := graphmodels.ACTIONFAILED_WINDOWSMALWARETHREATSTATE
requestBody.SetThreatState(&threatState)
initialDetectionDateTime , err := time.Parse(time.RFC3339, "2016-12-31T23:57:05.3889692-08:00")
requestBody.SetInitialDetectionDateTime(&initialDetectionDateTime)
lastStateChangeDateTime , err := time.Parse(time.RFC3339, "2016-12-31T23:59:51.0767794-08:00")
requestBody.SetLastStateChangeDateTime(&lastStateChangeDateTime)
detectionCount := int32(14)
requestBody.SetDetectionCount(&detectionCount)
deviceMalwareStates, err := graphClient.DeviceManagement().WindowsMalwareInformation().ByWindowsMalwareInformationId("windowsMalwareInformation-id").DeviceMalwareStates().ByMalwareStateForWindowsDeviceId("malwareStateForWindowsDevice-id").Patch(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
MalwareStateForWindowsDevice malwareStateForWindowsDevice = new MalwareStateForWindowsDevice();
malwareStateForWindowsDevice.setOdataType("#microsoft.graph.malwareStateForWindowsDevice");
malwareStateForWindowsDevice.setDeviceName("Device Name value");
malwareStateForWindowsDevice.setExecutionState(WindowsMalwareExecutionState.Blocked);
malwareStateForWindowsDevice.setThreatState(WindowsMalwareThreatState.ActionFailed);
OffsetDateTime initialDetectionDateTime = OffsetDateTime.parse("2016-12-31T23:57:05.3889692-08:00");
malwareStateForWindowsDevice.setInitialDetectionDateTime(initialDetectionDateTime);
OffsetDateTime lastStateChangeDateTime = OffsetDateTime.parse("2016-12-31T23:59:51.0767794-08:00");
malwareStateForWindowsDevice.setLastStateChangeDateTime(lastStateChangeDateTime);
malwareStateForWindowsDevice.setDetectionCount(14);
MalwareStateForWindowsDevice result = graphClient.deviceManagement().windowsMalwareInformation().byWindowsMalwareInformationId("{windowsMalwareInformation-id}").deviceMalwareStates().byMalwareStateForWindowsDeviceId("{malwareStateForWindowsDevice-id}").patch(malwareStateForWindowsDevice);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const malwareStateForWindowsDevice = {
'@odata.type': '#microsoft.graph.malwareStateForWindowsDevice',
deviceName: 'Device Name value',
executionState: 'blocked',
threatState: 'actionFailed',
initialDetectionDateTime: '2016-12-31T23:57:05.3889692-08:00',
lastStateChangeDateTime: '2016-12-31T23:59:51.0767794-08:00',
detectionCount: 14
};
await client.api('/deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates/{malwareStateForWindowsDeviceId}')
.update(malwareStateForWindowsDevice);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\MalwareStateForWindowsDevice;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new MalwareStateForWindowsDevice();
$requestBody->setOdataType('#microsoft.graph.malwareStateForWindowsDevice');
$requestBody->setDeviceName('Device Name value');
$requestBody->setExecutionState(new WindowsMalwareExecutionState('blocked'));
$requestBody->setThreatState(new WindowsMalwareThreatState('actionFailed'));
$requestBody->setInitialDetectionDateTime(new \DateTime('2016-12-31T23:57:05.3889692-08:00'));
$requestBody->setLastStateChangeDateTime(new \DateTime('2016-12-31T23:59:51.0767794-08:00'));
$requestBody->setDetectionCount(14);
$result = $graphServiceClient->deviceManagement()->windowsMalwareInformation()->byWindowsMalwareInformationId('windowsMalwareInformation-id')->deviceMalwareStates()->byMalwareStateForWindowsDeviceId('malwareStateForWindowsDevice-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.DeviceManagement
$params = @{
"@odata.type" = "#microsoft.graph.malwareStateForWindowsDevice"
deviceName = "Device Name value"
executionState = "blocked"
threatState = "actionFailed"
initialDetectionDateTime = [System.DateTime]::Parse("2016-12-31T23:57:05.3889692-08:00")
lastStateChangeDateTime = [System.DateTime]::Parse("2016-12-31T23:59:51.0767794-08:00")
detectionCount = 14
}
Update-MgDeviceManagementWindowsMalwareInformationDeviceMalwareState -WindowsMalwareInformationId $windowsMalwareInformationId -MalwareStateForWindowsDeviceId $malwareStateForWindowsDeviceId -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
from msgraph import GraphServiceClient
from msgraph.generated.models.malware_state_for_windows_device import MalwareStateForWindowsDevice
graph_client = GraphServiceClient(credentials, scopes)
request_body = MalwareStateForWindowsDevice(
odata_type = "#microsoft.graph.malwareStateForWindowsDevice",
device_name = "Device Name value",
execution_state = WindowsMalwareExecutionState.Blocked,
threat_state = WindowsMalwareThreatState.ActionFailed,
initial_detection_date_time = "2016-12-31T23:57:05.3889692-08:00",
last_state_change_date_time = "2016-12-31T23:59:51.0767794-08:00",
detection_count = 14,
)
result = await graph_client.device_management.windows_malware_information.by_windows_malware_information_id('windowsMalwareInformation-id').device_malware_states.by_malware_state_for_windows_device_id('malwareStateForWindowsDevice-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 383
{
"@odata.type": "#microsoft.graph.malwareStateForWindowsDevice",
"id": "ce06da73-da73-ce06-73da-06ce73da06ce",
"deviceName": "Device Name value",
"executionState": "blocked",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14
}