Unblock-CMDetectedMalware

SYNOPSIS

Unblocks detected malware.

SYNTAX

SearchByThreatValue (Default)

Unblock-CMDetectedMalware -Threat <IResultObject> -UnblockAction <UnblockDetectedMalwareAction> [-Force]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SearchByCollectionName

Unblock-CMDetectedMalware -CollectionName <String> -UnblockAction <UnblockDetectedMalwareAction> [-Force]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SearchByThreatName

Unblock-CMDetectedMalware -ThreatName <String> -UnblockAction <UnblockDetectedMalwareAction> [-Force]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SearchByCollectionId

Unblock-CMDetectedMalware -CollectionId <String> -UnblockAction <UnblockDetectedMalwareAction> [-Force]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SearchByCollection

Unblock-CMDetectedMalware -Collection <IResultObject> [-DisableWildcardHandling] [-ForceWildcardHandling]
 [-WhatIf] [-Confirm] [<CommonParameters>]

SearchByThreatId

Unblock-CMDetectedMalware -ThreatId <String> -UnblockAction <UnblockDetectedMalwareAction> [-Force]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SearchByCollectionValue

Unblock-CMDetectedMalware -UnblockAction <UnblockDetectedMalwareAction> [-Force] [-DisableWildcardHandling]
 [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Unblock-CMDetectedMalware cmdlet unblocks malware that has been blocked from running.

EXAMPLES

Example 1: Unblock all detected malware

PS ABC:\> Unblock-CMDetectedMalware -UnblockAction AllowThreat

This command unblocks all detected malware.

Example 2: Unblock detected malware by getting a threat object

PS ABC:\> $Threat = Get-CMDetectedMalware -CollectionName "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Threat $Threat -UnblockAction AllowThreat

The first command gets the detected malware object for the collection named All Desktop and Server Clients and stores the object in the $Threat variable.

The second command unblocks the threat stored in $Threat.

Example 3: Unblock detected malware by getting a collection object

PS ABC:\> $Collection = Get-CMCollection -CollectionType Device -Name "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Collection $Collection -UnblockAction AllowThreat

The first command gets the device collection object named All Desktop and Server Clients and stores the object in the $Collection variable.

The second command unblocks the malware for the collection stored in $Collection.

PARAMETERS

-Collection

Specifies a collection object. To obtain a collection object, use the Get-CMCollection cmdlet.

Type: IResultObject
Parameter Sets: SearchByCollection
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-CollectionId

Specifies the ID of a collection.

Type: String
Parameter Sets: SearchByCollectionId
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CollectionName

Specifies the name of a collection.

Type: String
Parameter Sets: SearchByCollectionName
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-DisableWildcardHandling

DisableWildcardHandling treats wildcard characters as literal character values. Cannot be combined with ForceWildcardHandling.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Force

Forces the command to run without asking for user confirmation.

Type: SwitchParameter
Parameter Sets: SearchByThreatValue, SearchByCollectionName, SearchByThreatName, SearchByCollectionId, SearchByThreatId, SearchByCollectionValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ForceWildcardHandling

ForceWildcardHandling processes wildcard characters and may lead to unexpected behavior (not recommended). Cannot be combined with DisableWildcardHandling.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Threat

Specifies a detected malware object. To get a detected malware object, use the Get-CMDetectedMalware cmdlet.

Type: IResultObject
Parameter Sets: SearchByThreatValue
Aliases: InputObject

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-ThreatId

Specifies the ID of a threat.

Type: String
Parameter Sets: SearchByThreatId
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ThreatName

Specifies the name of a threat.

Type: String
Parameter Sets: SearchByThreatName
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-UnblockAction

Specifies the unblock action the cmdlet takes on the threat. Valid values are:

  • AllowThreat
  • RestoreOnly
  • RestoreAndAllow
Type: UnblockDetectedMalwareAction
Parameter Sets: SearchByThreatValue, SearchByCollectionName, SearchByThreatName, SearchByCollectionId, SearchByThreatId, SearchByCollectionValue
Aliases: 
Accepted values: AllowThreat, RestoreOnly, RestoreAndAllow

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

OUTPUTS

NOTES

Get-CMDetectedMalware