Microsoft Graph · Schema
microsoft.graph.windowsDeviceMalwareState
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.windowsDeviceMalwareState",
"title": "microsoft.graph.windowsDeviceMalwareState",
"allOf": [
{
"$ref": "#/components/schemas/microsoft.graph.entity"
},
{
"title": "windowsDeviceMalwareState",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"additionalInformationUrl": {
"type": "string",
"description": "Information URL to learn more about the malware",
"nullable": true
},
"category": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.windowsMalwareCategory"
},
{
"type": "object",
"nullable": true
}
],
"description": "Category of the malware. The possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remoteControlSoftware, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule."
},
"detectionCount": {
"maximum": 2147483647,
"minimum": -2147483648,
"type": "number",
"description": "Number of times the malware is detected",
"format": "int32",
"nullable": true
},
"displayName": {
"type": "string",
"description": "Malware name",
"nullable": true
},
"executionState": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.windowsMalwareExecutionState"
},
{
"type": "object",
"nullable": true
}
],
"description": "Execution status of the malware like blocked/executing etc. The possible values are: unknown, blocked, allowed, running, notRunning."
},
"initialDetectionDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "Initial detection datetime of the malware",
"format": "date-time",
"nullable": true
},
"lastStateChangeDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "The last time this particular threat was changed",
"format": "date-time",
"nullable": true
},
"severity": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.windowsMalwareSeverity"
},
{
"type": "object",
"nullable": true
}
],
"description": "Severity of the malware. The possible values are: unknown, low, moderate, high, severe."
},
"state": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.windowsMalwareState"
},
{
"type": "object",
"nullable": true
}
],
"description": "Current status of the malware like cleaned/quarantined/allowed etc. The possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed."
},
"threatState": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.windowsMalwareThreatState"
},
{
"type": "object",
"nullable": true
}
],
"description": "Current status of the malware like cleaned/quarantined/allowed etc. The possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared."
},
"@odata.type": {
"type": "string"
}
},
"description": "Malware detection entity."
}
],
"x-ms-discriminator-value": "#microsoft.graph.windowsDeviceMalwareState"
}