windowsDeviceMalwareState resource type

Namespace: microsoft.graph

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Malware detection entity.

Methods

Method Return Type Description
List windowsDeviceMalwareStates windowsDeviceMalwareState collection List properties and relationships of the windowsDeviceMalwareState objects.
Get windowsDeviceMalwareState windowsDeviceMalwareState Read properties and relationships of the windowsDeviceMalwareState object.
Create windowsDeviceMalwareState windowsDeviceMalwareState Create a new windowsDeviceMalwareState object.
Delete windowsDeviceMalwareState None Deletes a windowsDeviceMalwareState.
Update windowsDeviceMalwareState windowsDeviceMalwareState Update the properties of a windowsDeviceMalwareState object.

Properties

Property Type Description
id String The unique Identifier. This is malware id.
displayName String Malware name
additionalInformationUrl String Information URL to learn more about the malware
severity windowsMalwareSeverity Severity of the malware. Possible values are: unknown, low, moderate, high, severe.
executionState windowsMalwareExecutionState Execution status of the malware like blocked/executing etc. Possible values are: unknown, blocked, allowed, running, notRunning.
state windowsMalwareState Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed.
threatState windowsMalwareThreatState Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared.
initialDetectionDateTime DateTimeOffset Initial detection datetime of the malware
lastStateChangeDateTime DateTimeOffset The last time this particular threat was changed
detectionCount Int32 Number of times the malware is detected
category windowsMalwareCategory Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule.

Relationships

None

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
  "id": "String (identifier)",
  "displayName": "String",
  "additionalInformationUrl": "String",
  "severity": "String",
  "executionState": "String",
  "state": "String",
  "threatState": "String",
  "initialDetectionDateTime": "String (timestamp)",
  "lastStateChangeDateTime": "String (timestamp)",
  "detectionCount": 1024,
  "category": "String"
}