Learn More
Skip to main content
MSFT_MpThreatDetection class

This is a class that represents the current detailed state of a threat

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

class MSFT_MpThreatDetection : BaseStatus
{
  string   DetectionID;
  sint64   ThreatID;
  string   ProcessName;
  string   DomainUser;
  uint8    DetectionSourceTypeID;
  string   Resources[];
  DateTime InitialDetectionTime;
  DateTime LastThreatStatusChangeTime;
  DateTime RemediationTime;
  uint8    CurrentThreatExecutionStatusID;
  uint8    ThreatStatusID;
  sint32   ThreatStatusErrorCode;
  uint8    CleaningActionID;
  string   AMProductVersion = tatusID;
  boolean  ActionSuccess = false;
  Uint32   AdditionalActionsBitMask;
};

Members

The MSFT_MpThreatDetection class has these types of members:

Properties

The MSFT_MpThreatDetection class has these properties.

ActionSuccess
Data type: boolean
Access type: Read-only

Specifies if the cleaning action was successful

AdditionalActionsBitMask
Data type: Uint32
Access type: Read-only

Additional actions required to complete remediation - Enumeration

None (0)
FullScanRequired (4)
RebootRequired (8)
FullScanAndRebootRequired (12)
ManualStepsRequired (16)
FullScanAndManualStepsRequired (20)
RebootAndManualStepsRequired (24)
FullScanAndRebootAndManualStepsRequired (28)
OfflineScanRequired (32768)
FullScanAndOfflineScanRequired (32772)
RebootAndOfflineScanRequired (32776)
FullScanAndRebootAndOfflineScanRequired (32780)
ManualStepsAndOfflineScanRequired (32784)
FullScanAndManualStepsAndOfflineScanRequired (32788)
RebootAndManualStepsAndOfflineScanRequired (32792)
FullScanAndRebootAndManualStepsAndOfflineScanRequired (32796 )
AMProductVersion
Data type: string
Access type: Read-only

Product version (major, minor, build, revision)

CleaningActionID
Data type: uint8
Access type: Read-only

The cleaning action - Enumeration

CurrentThreatExecutionStatusID
Data type: uint8
Access type: Read-only

Execution Status ID - Enumeration

Unknown (0)
Blocked (1)
Allowed (2)
Executing (3)
NotExecuting (4)
DetectionID
Data type: string
Access type: Read-only
Qualifiers: Key

Unique Detection ID

DetectionSourceTypeID
Data type: uint8
Access type: Read-only

Detection Source Type ID - Enumeration

Unknown (0)
User (1)
System (2)
Real-time (3)
IOAV (4)
NRI (5)
ELAM (7)
LocalAttestation (8)
RemoteAttestation (9)
DomainUser
Data type: string
Access type: Read-only

The user who requested remediation

InitialDetectionTime
Data type: DateTime
Access type: Read-only

The initial threat detection time

LastThreatStatusChangeTime
Data type: DateTime
Access type: Read-only

The most recent time of the threat status change

ProcessName
Data type: string
Access type: Read-only

The name of the process involved

RemediationTime
Data type: DateTime
Access type: Read-only

The time of the remediation.

Resources
Data type: string array
Access type: Read-only

List of resources affected by the detection

ThreatID
Data type: sint64
Access type: Read-only
Qualifiers: Key

Unique Threat ID

ThreatStatusErrorCode
Data type: sint32
Access type: Read-only

The threat status error code

ThreatStatusID
Data type: uint8
Access type: Read-only

The Threat Status ID - Enumeration

Unknown (0)
Detected (1)
Cleaned (2)
Quarantined (3)
Removed (4)
Allowed (5)
Blocked (6)
CleanFailed (Blocked)
QuarantineFailed (102)
RemoveFailed (103)
AllowFailed (104)
Abondoned (105)
BlockedFailed (107)

Requirements

Minimum supported client

Windows 8.1 [desktop apps only]

Minimum supported server

Windows Server 2012 R2 [desktop apps only]

Namespace

Root\Microsoft\Windows\Defender

MOF
ProtectionManagement.mof

DLL
ProtectionManagement.dll