MSFT_MpThreat class
This is a singleton that represents the Microsoft Antimalware service infection status
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.
Syntax
class MSFT_MpThreat : BaseStatus
{
string SchemaVersion = 1.0.0.0";
sint64 ThreatID;
string ThreatName;
uint8 SeverityID;
uint8 CategoryID;
uint8 TypeID;
uint32 RollupStatus;
string Resources[];
boolean DidThreatExecute = false;
boolean IsActive = false;
};
Members
The MSFT_MpThreat class has these types of members:
Methods
The MSFT_MpThreat class has these methods.
| Method | Description |
|---|---|
| Remove | TBD |
Properties
The MSFT_MpThreat class has these properties.
-
CategoryID
-
-
Data type: uint8
-
Access type: Read-only
Category ID - Enumeration
-
INVALID (0)
-
ADWARE (1)
-
SPYWARE (2)
-
PASSWORDSTEALER (3)
-
TROJANDOWNLOADER (4)
-
WORM (5)
-
BACKDOOR (6)
-
REMOTEACCESSTROJAN (7)
-
TROJAN (8)
-
EMAILFLOODER (9)
-
KEYLOGGER (10)
-
DIALER (11)
-
MONITORINGSOFTWARE (12)
-
BROWSERMODIFIER (13)
-
COOKIE (14)
-
BROWSERPLUGIN (15)
-
AOLEXPLOIT (16)
-
NUKER (17)
-
SECURITYDISABLER (18)
-
JOKEPROGRAM (19)
-
HOSTILEACTIVEXCONTROL (20)
-
SOFTWAREBUNDLER (21)
-
STEALTHNOTIFIER (22)
-
SETTINGSMODIFIER (23)
-
TOOLBAR (24)
-
REMOTECONTROLSOFTWARE (25)
-
TROJANFTP (26)
-
POTENTIALUNWANTEDSOFTWARE (27)
-
ICQEXPLOIT (28)
-
TROJANTELNET (29)
-
FILESHARINGPROGRAM (30)
-
MALWARE_CREATION_TOOL (31)
-
REMOTE_CONTROL_SOFTWARE (32)
-
TOOL (33)
-
TROJAN_DENIALOFSERVICE (34)
-
TROJAN_DROPPER (36)
-
TROJAN_MASSMAILER (37)
-
TROJAN_MONITORINGSOFTWARE (38)
-
TROJAN_PROXYSERVER (39)
-
VIRUS (40)
-
KNOWN (42)
-
UNKNOWN (43)
-
SPP (44)
-
BEHAVIOR (45)
-
VULNERABILTIY (46)
-
POLICY (47)
-
-
DidThreatExecute
-
-
Data type: boolean
-
Access type: Read-only
Specifies if threat has executed
-
-
IsActive
-
-
Data type: boolean
-
Access type: Read-only
Specifies if the threat is active
-
-
Resources
-
-
Data type: string array
-
Access type: Read-only
List of resources affected by the threat
-
-
RollupStatus
-
-
Data type: uint32
-
Access type: Read-only
Threat Rollup Status
-
-
SchemaVersion
-
-
Data type: string
-
Access type: Read-only
The Schema Version
-
-
SeverityID
-
-
Data type: uint8
-
Access type: Read-only
Severity ID - Enumeration
-
Unknown (0)
-
Low (1)
-
Moderate (2)
-
High (3)
-
Severe (4)
-
-
ThreatID
-
-
Data type: sint64
-
Access type: Read-only
-
Qualifiers: Key
Unique Detection ID
-
-
ThreatName
-
-
Data type: string
-
Access type: Read-only
The name of the threat
-
-
TypeID
-
-
Data type: uint8
-
Access type: Read-only
Type ID - Enumeration
-
Known Bad (0)
-
Behavior (1)
-
Unknown (2)
-
Known Good (3)
-
NRI (4)
-
Requirements
| Minimum supported client |
Windows 8.1 [desktop apps only] |
| Minimum supported server |
Windows Server 2012 R2 [desktop apps only] |
| Namespace |
Root\Microsoft\Windows\Defender |
| MOF |
|
| DLL |
|