Unblock-CMDetectedMalware

Unblocks detected malware.

Syntax

Unblock-CMDetectedMalware
       -Collection <IResultObject>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -CollectionId <String>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-Force]
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -CollectionName <String>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-Force]
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -Threat <IResultObject>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-Force]
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -ThreatName <String>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-Force]
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -ThreatId <String>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-Force]
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -UnblockAction <UnblockDetectedMalwareAction>
       [-Force]
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Unblock-CMDetectedMalware cmdlet unblocks malware that has been blocked from running.

Examples

Example 1: Unblock all detected malware

PS ABC:\> Unblock-CMDetectedMalware -UnblockAction AllowThreat

This command unblocks all detected malware.

Example 2: Unblock detected malware by getting a threat object

PS ABC:\> $Threat = Get-CMDetectedMalware -CollectionName "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Threat $Threat -UnblockAction AllowThreat

The first command gets the detected malware object for the collection named All Desktop and Server Clients and stores the object in the $Threat variable.

The second command unblocks the threat stored in $Threat.

Example 3: Unblock detected malware by getting a collection object

PS ABC:\> $Collection = Get-CMCollection -CollectionType Device -Name "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Collection $Collection -UnblockAction AllowThreat

The first command gets the device collection object named All Desktop and Server Clients and stores the object in the $Collection variable.

The second command unblocks the malware for the collection stored in $Collection.

Required Parameters

-Collection

Specifies a collection object. To obtain a collection object, use the Get-CMCollection cmdlet.

Type:IResultObject
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-CollectionId

Specifies the ID of a collection.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CollectionName

Specifies the name of a collection.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Threat

Specifies a detected malware object. To get a detected malware object, use the Get-CMDetectedMalware cmdlet.

Type:IResultObject
Aliases:InputObject
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-ThreatId

Specifies the ID of a threat.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ThreatName

Specifies the name of a threat.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UnblockAction

Specifies the unblock action the cmdlet takes on the threat. Valid values are:

  • AllowThreat
  • RestoreOnly
  • RestoreAndAllow
Type:UnblockDetectedMalwareAction
Parameter Sets:AllowThreat, RestoreOnly, RestoreAndAllow
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DisableWildcardHandling

DisableWildcardHandling treats wildcard characters as literal character values. Cannot be combined with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForceWildcardHandling

ForceWildcardHandling processes wildcard characters and may lead to unexpected behavior (not recommended). Cannot be combined with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False