Update windowsDeviceMalwareState

Namespace: microsoft.graph

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Update the properties of a windowsDeviceMalwareState object.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	DeviceManagementManagedDevices.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	DeviceManagementManagedDevices.ReadWrite.All

HTTP Request

PATCH /deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState/{windowsDeviceMalwareStateId}

Request headers

Header	Value
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.
Accept	application/json

Request body

In the request body, supply a JSON representation for the windowsDeviceMalwareState object.

The following table shows the properties that are required when you create the windowsDeviceMalwareState.

Property	Type	Description
id	String	The unique Identifier. This is malware id.
displayName	String	Malware name
additionalInformationUrl	String	Information URL to learn more about the malware
severity	windowsMalwareSeverity	Severity of the malware. Possible values are: unknown, low, moderate, high, severe.
executionState	windowsMalwareExecutionState	Execution status of the malware like blocked/executing etc. Possible values are: unknown, blocked, allowed, running, notRunning.
state	windowsMalwareState	Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed.
threatState	windowsMalwareThreatState	Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared.
initialDetectionDateTime	DateTimeOffset	Initial detection datetime of the malware
lastStateChangeDateTime	DateTimeOffset	The last time this particular threat was changed
detectionCount	Int32	Number of times the malware is detected
category	windowsMalwareCategory	Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule.

Response

If successful, this method returns a 200 OK response code and an updated windowsDeviceMalwareState object in the response body.

Example

Request

Here is an example of the request.

HTTP

PATCH https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState/{windowsDeviceMalwareStateId}
Content-type: application/json
Content-length: 510

{
  "@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
  "displayName": "Display Name value",
  "additionalInformationUrl": "https://example.com/additionalInformationUrl/",
  "severity": "low",
  "catetgory": "adware",
  "executionState": "blocked",
  "state": "detected",
  "threatState": "actionFailed",
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
  "detectionCount": 14,
  "category": "adware"
}

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const windowsDeviceMalwareState = {
  '@odata.type': '#microsoft.graph.windowsDeviceMalwareState',
  displayName: 'Display Name value',
  additionalInformationUrl: 'https://example.com/additionalInformationUrl/',
  severity: 'low',
  catetgory: 'adware',
  executionState: 'blocked',
  state: 'detected',
  threatState: 'actionFailed',
  initialDetectionDateTime: '2016-12-31T23:57:05.3889692-08:00',
  lastStateChangeDateTime: '2016-12-31T23:59:51.0767794-08:00',
  detectionCount: 14,
  category: 'adware'
};

await client.api('/deviceManagement/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/windowsProtectionState/detectedMalwareState/{windowsDeviceMalwareStateId}')
	.update(windowsDeviceMalwareState);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 559

{
  "@odata.type": "#microsoft.graph.windowsDeviceMalwareState",
  "id": "6698016c-016c-6698-6c01-98666c019866",
  "displayName": "Display Name value",
  "additionalInformationUrl": "https://example.com/additionalInformationUrl/",
  "severity": "low",
  "catetgory": "adware",
  "executionState": "blocked",
  "state": "detected",
  "threatState": "actionFailed",
  "initialDetectionDateTime": "2016-12-31T23:57:05.3889692-08:00",
  "lastStateChangeDateTime": "2016-12-31T23:59:51.0767794-08:00",
  "detectionCount": 14,
  "category": "adware"
}