IAntimalwareProvider2::Notify method (amsi.h)

Sends to the antimalware provider a notification of an arbitrary operation. The notification doesn't imply the request of an antivirus scan. Rather, IAntimalwareProvider2::Notify is designed to provide a quick and lightweight mechanism to communicate to the antimalware provider that an event has taken place. In general, the antimalware provider should process the notification, and return to the caller as quickly as possible.

Syntax

HRESULT Notify(
  PVOID       buffer,
  ULONG       length,
  LPCWSTR     contentName,
  LPCWSTR     appName,
  AMSI_RESULT *pResult
);

Parameters

buffer

Type: PVOID

The buffer that contains the notification data.

length

Type: ULONG

The length, in bytes, of the data to be read from buffer.

contentName

Type: LPCWSTR

The filename, URL, unique script ID, or similar of the content being scanned.

appName

Type: LPCWSTR

The name of the application sending the AMSI notification.

pResult

Type: AMSI_RESULT*

The result of the scan.

Return value

This method can return one of these values.

Return code Description
S_OK Success.
E_INVALIDARG One or more arguments is invalid.
E_NOT_VALID_STATE The object isn't initialized.

Requirements

Requirement Value
Minimum supported client Windows 10 [desktop apps only]
Minimum supported server Windows Server 2016 [desktop apps only]
Target Platform Windows
Header amsi.h

See also

IAntimalwareProvider2 interface