Update windowsDeviceMalwareState
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a windowsDeviceMalwareState object.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementManagedDevices.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementManagedDevices.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState/{windowsDeviceMalwareStateId}
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the windowsDeviceMalwareState object.
The following table shows the properties that are required when you create the windowsDeviceMalwareState.
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is malware id. |
| displayName | String | Malware name |
| additionalInformationUrl | String | Information URL to learn more about the malware |
| severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown, low, moderate, high, severe. |
| executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. Possible values are: unknown, blocked, allowed, running, notRunning. |
| state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed. |
| threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
| lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
| detectionCount | Int32 | Number of times the malware is detected |
| category | windowsMalwareCategory | Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. |
Response
If successful, this method returns a 200 OK response code and an updated windowsDeviceMalwareState object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState/{windowsDeviceMalwareStateId}
Content-type: application/json
Content-length: 510
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"displayName": "Display Name value",
"additionalInformationUrl": "https://example.com/additionalInformationUrl/",
"severity": "low",
"catetgory": "adware",
"executionState": "blocked",
"state": "detected",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14,
"category": "adware"
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 559
{
"@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
"id": "6698016c-016c-6698-6c01-98666c019866",
"displayName": "Display Name value",
"additionalInformationUrl": "https://example.com/additionalInformationUrl/",
"severity": "low",
"catetgory": "adware",
"executionState": "blocked",
"state": "detected",
"threatState": "actionFailed",
"initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
"lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
"detectionCount": 14,
"category": "adware"
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for