{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/microsoft.graph.windowsDeviceMalwareState", "title": "microsoft.graph.windowsDeviceMalwareState", "allOf": [ { "$ref": "#/components/schemas/microsoft.graph.entity" }, { "title": "windowsDeviceMalwareState", "required": [ "@odata.type" ], "type": "object", "properties": { "additionalInformationUrl": { "type": "string", "description": "Information URL to learn more about the malware", "nullable": true }, "category": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.windowsMalwareCategory" }, { "type": "object", "nullable": true } ], "description": "Category of the malware. The possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remoteControlSoftware, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule." }, "detectionCount": { "maximum": 2147483647, "minimum": -2147483648, "type": "number", "description": "Number of times the malware is detected", "format": "int32", "nullable": true }, "displayName": { "type": "string", "description": "Malware name", "nullable": true }, "executionState": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.windowsMalwareExecutionState" }, { "type": "object", "nullable": true } ], "description": "Execution status of the malware like blocked/executing etc. The possible values are: unknown, blocked, allowed, running, notRunning." }, "initialDetectionDateTime": { "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$", "type": "string", "description": "Initial detection datetime of the malware", "format": "date-time", "nullable": true }, "lastStateChangeDateTime": { "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$", "type": "string", "description": "The last time this particular threat was changed", "format": "date-time", "nullable": true }, "severity": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.windowsMalwareSeverity" }, { "type": "object", "nullable": true } ], "description": "Severity of the malware. The possible values are: unknown, low, moderate, high, severe." }, "state": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.windowsMalwareState" }, { "type": "object", "nullable": true } ], "description": "Current status of the malware like cleaned/quarantined/allowed etc. The possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed." }, "threatState": { "anyOf": [ { "$ref": "#/components/schemas/microsoft.graph.windowsMalwareThreatState" }, { "type": "object", "nullable": true } ], "description": "Current status of the malware like cleaned/quarantined/allowed etc. The possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared." }, "@odata.type": { "type": "string" } }, "description": "Malware detection entity." } ], "x-ms-discriminator-value": "#microsoft.graph.windowsDeviceMalwareState" }