MSFT_MpEvent class

Windows Defender Event Indication Class

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

class MSFT_MpEvent
{
  uint32   CategoryDiscriminant;
  uint32   ScanNotificationsValue;
  uint32   ThreatNotificationsValue;
  uint32   SignatureNotificationsValue;
  uint32   ComputerNotificationsValue;
  DateTime NotificationTime;
  uint32   AdditionalData;
};

Members

The MSFT_MpEvent class has these types of members:

Properties

The MSFT_MpEvent class has these properties.

AdditionalData
Data type: uint32
Access type: Read-only

Additional Data. At the moment, the only use is when the CategoryDiscriminant is equal to ThreatStateNotificationsthen this value will contains the ThreatID

CategoryDiscriminant
Data type: uint32
Access type: Read-only

Category of Notification.

ComputerNotificationsValue
Data type: uint32
Access type: Read-only

Detailed Computer Notifications.

NotificationTime
Data type: DateTime
Access type: Read-only

Date and time the WMI Event was generated

ScanNotificationsValue
Data type: uint32
Access type: Read-only

Detailed Scan Notifications.

SignatureNotificationsValue
Data type: uint32
Access type: Read-only

Detailed Signature Notifications.

ThreatNotificationsValue
Data type: uint32
Access type: Read-only

Detailed Threat Notifications.

Requirements

Minimum supported client

Windows 8.1 [desktop apps only]

Minimum supported server

Windows Server 2012 R2 [desktop apps only]

Namespace

Root\Microsoft\Windows\Defender

MOF

ProtectionManagement.mof

DLL

ProtectionManagement.dll

 

 

Community Additions

ADD
Show: