Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Returns an enumeration handle for the purpose of retrieving threats. This function can be used to open threats detected by a specific scan, all the active threats in the system, the history of threat disinfection, or all the threats present in the signature database.
Syntax
HRESULT WINAPI MpThreatOpen(
_In_ MPHANDLE hScanHandle,
_In_ MPTHREAT_SOURCE ThreatSource,
_In_ MPTHREAT_TYPE ThreatType,
_Out_ PMPHANDLE phThreatEnumHandle
);
Parameters
-
hScanHandle [in]
-
Type: MPHANDLE
Can be a handle to a completed scan operation, returned by the MpScanStart function. Alternately, this parameter can be set to the malware protection manager interface handle returned by MpManagerOpen to enumerate all active threats in the system, the history of threat disinfection, or threats from signature database.
-
ThreatSource [in]
-
Type: MPTHREAT_SOURCE
Used to control the source of threat enumeration. The possible values for this parameter are:
Value Meaning - MPTHREAT_SOURCE_SCAN
Threats that are associated with the specific scan handle. - MPTHREAT_SOURCE_ACTIVE
Threats that are currently active in the system. - MPTHREAT_SOURCE_HISTORY
Threats that are acted upon and preserved as a history. - MPTHREAT_SOURCE_QUARANTINE
Threats that are quarantined. - MPTHREAT_SOURCE_SIGNATURE
Threats that are possible to detect with the current signature database. - MPTHREAT_SOURCE_STATE
Threats that have been acted upon recently. ("Recently" is defined by a configurable internal setting.) -
ThreatType [in]
-
Type: MPTHREAT_TYPE
Used to filter enumerated threats based on the detection type. The possible values for this parameter are:
Value Meaning - MPTHREAT_TYPE_KNOWNBAD
Detection is performed based on a specific signature, emulation, or other threat detection method. - MPTHREAT_TYPE_SUSPICIOUS
Detection is performed based on behavior monitoring. - MPTHREAT_TYPE_UNKNOWN
Detection is performed based on unknown threats (unclassified). - MPTHREAT_TYPE_KNOWNGOOD
Detection is performed based on known safe threats. - MPTHREAT_TYPE_NIS
Detection is performed based on NIS threats. -
phThreatEnumHandle [out]
-
Type: PMPHANDLE
Returned threat enumeration handle which identifies the enumeration context. This handle can be used to enumerate threat information using MpThreatEnumerate. The handle must be closed with the MpHandleClose function.
Return value
Type: HRESULT
If the function succeeds the return value is S_OK.
If the function fails then the return value is a failed HRESULT code. The caller can use the MpErrorMessageFormat function to get a generic description of the error message.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows 8 [desktop apps only] |
| Minimum supported server |
Windows Server 2012 [desktop apps only] |
| Header |
|
| DLL |
|