Unblock-CMDetectedMalware

Unblocks detected malware.

Syntax

Unblock-CMDetectedMalware
       [-Force]
       -Threat <IResultObject>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -Collection <IResultObject>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -CollectionId <String>
       [-Force]
       -UnblockAction <UnblockDetectedMalwareAction>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       -CollectionName <String>
       [-Force]
       -UnblockAction <UnblockDetectedMalwareAction>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       [-Force]
       -ThreatId <String>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       [-Force]
       -ThreatName <String>
       -UnblockAction <UnblockDetectedMalwareAction>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Unblock-CMDetectedMalware
       [-Force]
       -UnblockAction <UnblockDetectedMalwareAction>
       [-DisableWildcardHandling]
       [-ForceWildcardHandling]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

The Unblock-CMDetectedMalware cmdlet unblocks malware that has been blocked from running.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Unblock all detected malware

PS ABC:\> Unblock-CMDetectedMalware -UnblockAction AllowThreat

This command unblocks all detected malware.

Example 2: Unblock detected malware by getting a threat object

PS ABC:\> $Threat = Get-CMDetectedMalware -CollectionName "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Threat $Threat -UnblockAction AllowThreat

The first command gets the detected malware object for the collection named All Desktop and Server Clients and stores the object in the $Threat variable.

The second command unblocks the threat stored in $Threat.

Example 3: Unblock detected malware by getting a collection object

PS ABC:\> $Collection = Get-CMCollection -CollectionType Device -Name "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Collection $Collection -UnblockAction AllowThreat

The first command gets the device collection object named All Desktop and Server Clients and stores the object in the $Collection variable.

The second command unblocks the malware for the collection stored in $Collection.

Parameters

-Collection

Specifies a collection object. To obtain a collection object, use the Get-CMCollection cmdlet.

Type:IResultObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-CollectionId

Specifies the ID of a collection.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-CollectionName

Specifies the name of a collection.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Threat

Specifies a detected malware object. To get a detected malware object, use the Get-CMDetectedMalware cmdlet.

Type:IResultObject
Aliases:InputObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ThreatId

Specifies the ID of a threat.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ThreatName

Specifies the name of a threat.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-UnblockAction

Specifies the unblock action the cmdlet takes on the threat. Valid values are:

  • AllowThreat
  • RestoreOnly
  • RestoreAndAllow
Type:UnblockDetectedMalwareAction
Accepted values:AllowThreat, RestoreOnly, RestoreAndAllow
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object