Anti-Malware Configurations

Describe an Anti-Malware Configuration

get/antimalwareconfigurations/{antiMalwareID}

Describe an anti-malware configuration by ID.

Related SDK Methods:

Java

AntiMalwareConfigurationsApi.describeAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.describe_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.describeAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

antiMalwareID

required

integer <int32> \d+

The ID number of the anti-malware configuration to describe.

Example: 1

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Responses

200

successful operation

403

Not authorized to view anti-malware configurations.

404

The anti-malware configuration does not exist.

Request samples

Java
Python
JavaScript

import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.AntiMalwareConfigurationsApi;
import com.trendmicro.deepsecurity.model.AntiMalwareConfiguration;


public class DescribeAntiMalwareExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		AntiMalwareConfigurationsApi instance = new AntiMalwareConfigurationsApi();
		Integer antiMalwareID = 1;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			AntiMalwareConfiguration result = instance.describeAntiMalware(antiMalwareID, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling AntiMalwareConfigurationsApi.describeAntiMalware");
			e.printStackTrace();
		}
	}
}

Response samples

application/json

{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"ID": 0,
"cpuUsage": "low"
}

Modify an Anti-Malware Configuration

post/antimalwareconfigurations/{antiMalwareID}

Modify an anti-malware configuration by ID. Any unset elements will be left unchanged.

Related SDK Methods:

Java

AntiMalwareConfigurationsApi.modifyAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.modify_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.modifyAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

antiMalwareID

required

integer <int32> \d+

The ID number of the anti-malware configuration to modify.

Example: 1

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Request Body schema: application/json

The settings of the anti-malware configuration to modify.

alertEnabled	boolean Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert. Searchable as Boolean.
amsiScanEnabled	boolean Controls whether Windows Antimalware Scan Interface (AMSI) protection is enabled. Set to true to enable.
behaviorMonitoringEnabled	boolean Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.
cpuUsage	string Enum: "low" "medium" "high"
customRemediationActionsEnabled	boolean Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.
customScanActionsEnabled	boolean Controls whether to use custom actions. Use true to enable custom actions. Available when 'customRemediationActionsEnabled' is true.
description	string Description of the anti-malware configuration. Searchable as String.
directoriesToScan	string Specify if the scan will be peformed on all the directories or on a subset. Searchable as Choice. Enum: "all-directories" "directory-list"
directoryListID	integer <int32> ID of the directory list to scan. Set to 0 to remove any assignment. Searchable as Numeric.
documentExploitHeuristicLevel	string Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit. Searchable as Choice. Enum: "default" "default-and-agressive"
documentExploitProtection	string Scan for exploits against known critical vulnerabilities only. Searchable as Choice. Enum: "critical-only" "critical-and-heuristic"
documentExploitProtectionEnabled	boolean Controls whether to scan for known critical vulnerabilities. Use true to enable scan.
documentRecoveryEnabled	boolean Controls whether to back up ransomware-encrypted files. Set to true to back up. Searchable as Boolean.
excludedDirectoryListID	integer <int32> ID of the directory list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
excludedFileExtensionListID	integer <int32> ID of the file extension list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
excludedFileListID	integer <int32> ID of the file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
excludedProcessImageFileListID	integer <int32> ID of the process image file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
fileExtensionListID	integer <int32> ID of the file extension list to scan. Set to 0 to remove any assignment. Searchable as Numeric.
filesToScan	string Specify if scan will be performed on all files, a subset or by using IntelliScan. Searchable as Choice. Enum: "all-files" "intelliscan-file-types" "file-extension-list"
intelliTrapEnabled	boolean Controls whether IntelliTrap is enabled. Set to true to enable. Searchable as Boolean.
machineLearningEnabled	boolean Controls whether predictive machine learning is enabled. Set to true to enable. Searchable as Boolean.
memoryScanEnabled	boolean Controls whether to scan process memory for malware. Use true to enable scan. Searchable as Boolean.
microsoftOfficeEnabled	boolean Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan. Searchable as Boolean.
microsoftOfficeLayers	integer <int32> Number of Microsoft Object Linking and Embedding (OLE) Layers to scan. Searchable as Numeric.
name	string Name of the anti-malware configuration. Searchable as String.
networkDirectoriesEnabled	boolean Controls whether to scan network directories. Set to true to enable. Searchable as Boolean.
processMemoryScanAction	string The action to take when malware identified with Process Memory Scan protection is detected. Available when 'memoryScanEnabled' is true. Enum: "active-action" "pass"
realTimeScan	string Specify when to perform the real-time scan. Searchable as Choice. Enum: "read-only" "write-only" "read-write"
scanActionForAmsi	string The action to take when malware identified with AMSI protection is detected. Available when 'amsiScanEnabled' is true. Enum: "pass" "terminate"
scanActionForBehaviorMonitoring	string The action to take when suspicious activity and unauthorized changes are detected. Searchable as Choice. Available when 'behaviorMonitoringEnabled' is true. Enum: "active-action" "pass"
scanActionForCookies	string The action to take when cookies are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete"
scanActionForCVE	string The action to take when a CVE exploit is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForHeuristics	string The action to take when malware identified with heuristics are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForMachineLearning	string The action to take when malware identified with machine learning is detected. Searchable as Choice. Available when 'machineLearningEnabled' is true. Enum: "pass" "delete" "quarantine"
scanActionForOtherThreats	string The action to take when other threats are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanActionForPacker	string The action to perform when a packer is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForPossibleMalware	string The action to take when possible malware is detected. Searchable as Choice. Available when 'customRemediationActionsEnabled' is true. Enum: "active-action" "pass" "delete" "quarantine" "deny-access"
scanActionForSpyware	string The action to perform when spyware is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForTrojans	string The action to perform when a trojan is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForVirus	string The action to perform when a virus is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanCompressedEnabled	boolean Controls whether to scan compressed files. Use true to enable scan. Searchable as Boolean.
scanCompressedMaximumFiles	integer <int32> Maximum number of files to extract. Searchable as Numeric.
scanCompressedMaximumLevels	integer <int32> The maximum number of levels of compression to scan. Searchable as Numeric.
scanCompressedMaximumSize	integer <int32> Maximum size of compressed files to scan, in MB. Searchable as Numeric.
scanType	string The type of malware scan configuration. Searchable as Choice. Enum: "real-time" "on-demand"
spywareEnabled	boolean Controls whether to enable spyware/grayware protection. Set to true to enable. Searchable as Boolean.

Responses

200

successful operation

403

Not authorized to modify anti-malware configurations or the requested modification is not permitted.

404

The anti-malware configuration does not exist.

Request samples

Payload
Java
Python
JavaScript

application/json

{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"cpuUsage": "low"
}

Response samples

application/json

{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"ID": 0,
"cpuUsage": "low"
}

Delete an Anti-Malware Configuration

delete/antimalwareconfigurations/{antiMalwareID}

Delete an anti-malware configuration by ID.

Related SDK Methods:

Java

AntiMalwareConfigurationsApi.deleteAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.delete_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.deleteAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

antiMalwareID

required

integer <int32> \d+

The ID number of the anti-malware configuration to delete.

Example: 1

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Responses

200

Request is successful.

403

Not authorized to delete anti-malware configurations.

Request samples

Java
Python
JavaScript

import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.AntiMalwareConfigurationsApi;


public class DeleteAntiMalwareExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		AntiMalwareConfigurationsApi instance = new AntiMalwareConfigurationsApi();
		Integer antiMalwareID = 1;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			instance.deleteAntiMalware(antiMalwareID, apiVersion);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling AntiMalwareConfigurationsApi.deleteAntiMalware");
			e.printStackTrace();
		}
	}
}

List Anti-Malware Configurations

get/antimalwareconfigurations

Lists all anti-malware configurations.

Related SDK Methods:

Java

AntiMalwareConfigurationsApi.listAntiMalwares([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.list_anti_malwares([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.listAntiMalwares([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Responses

200

successful operation

403

Not authorized to view anti-malware configurations.

Request samples

Java
Python
JavaScript

import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.AntiMalwareConfigurationsApi;
import com.trendmicro.deepsecurity.model.AntiMalwareConfigurations;


public class ListAntiMalwaresExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		AntiMalwareConfigurationsApi instance = new AntiMalwareConfigurationsApi();
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			AntiMalwareConfigurations result = instance.listAntiMalwares(apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling AntiMalwareConfigurationsApi.listAntiMalwares");
			e.printStackTrace();
		}
	}
}

Response samples

application/json

{"antiMalwareConfigurations": [{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"ID": 0,
"cpuUsage": "low"
}
]
}

Create an Anti-Malware Configuration

post/antimalwareconfigurations

Create a new anti-malware configuration.

Related SDK Methods:

Java

AntiMalwareConfigurationsApi.createAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.create_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.createAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Request Body schema: application/json

The settings of the new anti-malware configuration.

alertEnabled	boolean Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert. Searchable as Boolean.
amsiScanEnabled	boolean Controls whether Windows Antimalware Scan Interface (AMSI) protection is enabled. Set to true to enable.
behaviorMonitoringEnabled	boolean Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.
cpuUsage	string Enum: "low" "medium" "high"
customRemediationActionsEnabled	boolean Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.
customScanActionsEnabled	boolean Controls whether to use custom actions. Use true to enable custom actions. Available when 'customRemediationActionsEnabled' is true.
description	string Description of the anti-malware configuration. Searchable as String.
directoriesToScan	string Specify if the scan will be peformed on all the directories or on a subset. Searchable as Choice. Enum: "all-directories" "directory-list"
directoryListID	integer <int32> ID of the directory list to scan. Set to 0 to remove any assignment. Searchable as Numeric.
documentExploitHeuristicLevel	string Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit. Searchable as Choice. Enum: "default" "default-and-agressive"
documentExploitProtection	string Scan for exploits against known critical vulnerabilities only. Searchable as Choice. Enum: "critical-only" "critical-and-heuristic"
documentExploitProtectionEnabled	boolean Controls whether to scan for known critical vulnerabilities. Use true to enable scan.
documentRecoveryEnabled	boolean Controls whether to back up ransomware-encrypted files. Set to true to back up. Searchable as Boolean.
excludedDirectoryListID	integer <int32> ID of the directory list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
excludedFileExtensionListID	integer <int32> ID of the file extension list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
excludedFileListID	integer <int32> ID of the file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
excludedProcessImageFileListID	integer <int32> ID of the process image file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.
fileExtensionListID	integer <int32> ID of the file extension list to scan. Set to 0 to remove any assignment. Searchable as Numeric.
filesToScan	string Specify if scan will be performed on all files, a subset or by using IntelliScan. Searchable as Choice. Enum: "all-files" "intelliscan-file-types" "file-extension-list"
intelliTrapEnabled	boolean Controls whether IntelliTrap is enabled. Set to true to enable. Searchable as Boolean.
machineLearningEnabled	boolean Controls whether predictive machine learning is enabled. Set to true to enable. Searchable as Boolean.
memoryScanEnabled	boolean Controls whether to scan process memory for malware. Use true to enable scan. Searchable as Boolean.
microsoftOfficeEnabled	boolean Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan. Searchable as Boolean.
microsoftOfficeLayers	integer <int32> Number of Microsoft Object Linking and Embedding (OLE) Layers to scan. Searchable as Numeric.
name	string Name of the anti-malware configuration. Searchable as String.
networkDirectoriesEnabled	boolean Controls whether to scan network directories. Set to true to enable. Searchable as Boolean.
processMemoryScanAction	string The action to take when malware identified with Process Memory Scan protection is detected. Available when 'memoryScanEnabled' is true. Enum: "active-action" "pass"
realTimeScan	string Specify when to perform the real-time scan. Searchable as Choice. Enum: "read-only" "write-only" "read-write"
scanActionForAmsi	string The action to take when malware identified with AMSI protection is detected. Available when 'amsiScanEnabled' is true. Enum: "pass" "terminate"
scanActionForBehaviorMonitoring	string The action to take when suspicious activity and unauthorized changes are detected. Searchable as Choice. Available when 'behaviorMonitoringEnabled' is true. Enum: "active-action" "pass"
scanActionForCookies	string The action to take when cookies are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete"
scanActionForCVE	string The action to take when a CVE exploit is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForHeuristics	string The action to take when malware identified with heuristics are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForMachineLearning	string The action to take when malware identified with machine learning is detected. Searchable as Choice. Available when 'machineLearningEnabled' is true. Enum: "pass" "delete" "quarantine"
scanActionForOtherThreats	string The action to take when other threats are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanActionForPacker	string The action to perform when a packer is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForPossibleMalware	string The action to take when possible malware is detected. Searchable as Choice. Available when 'customRemediationActionsEnabled' is true. Enum: "active-action" "pass" "delete" "quarantine" "deny-access"
scanActionForSpyware	string The action to perform when spyware is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForTrojans	string The action to perform when a trojan is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForVirus	string The action to perform when a virus is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true. Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanCompressedEnabled	boolean Controls whether to scan compressed files. Use true to enable scan. Searchable as Boolean.
scanCompressedMaximumFiles	integer <int32> Maximum number of files to extract. Searchable as Numeric.
scanCompressedMaximumLevels	integer <int32> The maximum number of levels of compression to scan. Searchable as Numeric.
scanCompressedMaximumSize	integer <int32> Maximum size of compressed files to scan, in MB. Searchable as Numeric.
scanType	string The type of malware scan configuration. Searchable as Choice. Enum: "real-time" "on-demand"
spywareEnabled	boolean Controls whether to enable spyware/grayware protection. Set to true to enable. Searchable as Boolean.

Responses

200

successful operation

403

Not authorized to create anti-malware configurations.

Request samples

Payload
Java
Python
JavaScript

application/json

{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"cpuUsage": "low"
}

Response samples

application/json

{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"ID": 0,
"cpuUsage": "low"
}

Search Anti-Malware Configurations

post/antimalwareconfigurations/search

Search for anti-malware configurations using optional filters.

Related SDK Methods:

Java

AntiMalwareConfigurationsApi.searchAntiMalwares([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.search_anti_malwares([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.searchAntiMalwares([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Request Body schema: application/json

A collection of options used to filter the search results.

maxItems	integer <int32> Limits the number of objects returned. Default 5000.
	Array of objects (searchCriteria) Array of search critiera used to filter objects. Searching with multiple criteria returns results that satisfy all of the criteria. Searching with no criteria returns all objects.
sortByObjectID	boolean If true, forces the response objects to be sorted by ID, overriding the default sort order. Default "false".

Responses

200

successful operation

403

Not authorized to view anti-malware configurations.

Request samples

Payload
Java
Python
JavaScript

application/json

{"maxItems": 0,
"searchCriteria": [{"fieldName": "string",
"booleanTest": true,
"numericTest": "less-than",
"numericValue": 0,
"numericValueList": [0
],
"stringTest": "equal",
"stringValue": "string",
"stringWildcards": true,
"choiceTest": "equal",
"choiceValue": "string",
"firstDateValue": 0,
"firstDateInclusive": true,
"lastDateValue": 0,
"lastDateInclusive": true,
"nullTest": true,
"versionTest": "less-than",
"versionValue": "string",
"idValue": 0,
"idTest": "less-than",
"idValueList": [0
]
}
],
"sortByObjectID": true
}

Response samples

application/json

{"antiMalwareConfigurations": [{"name": "string",
"description": "string",
"scanType": "real-time",
"documentExploitProtectionEnabled": true,
"documentExploitProtection": "critical-only",
"documentExploitHeuristicLevel": "default",
"machineLearningEnabled": true,
"behaviorMonitoringEnabled": true,
"documentRecoveryEnabled": true,
"intelliTrapEnabled": true,
"memoryScanEnabled": true,
"spywareEnabled": true,
"alertEnabled": true,
"directoriesToScan": "all-directories",
"directoryListID": 0,
"filesToScan": "all-files",
"fileExtensionListID": 0,
"excludedDirectoryListID": 0,
"excludedFileListID": 0,
"excludedFileExtensionListID": 0,
"excludedProcessImageFileListID": 0,
"realTimeScan": "read-only",
"scanCompressedEnabled": true,
"scanCompressedMaximumSize": 0,
"scanCompressedMaximumLevels": 0,
"scanCompressedMaximumFiles": 0,
"microsoftOfficeEnabled": true,
"microsoftOfficeLayers": 0,
"networkDirectoriesEnabled": true,
"customRemediationActionsEnabled": true,
"customScanActionsEnabled": true,
"scanActionForVirus": "pass",
"scanActionForTrojans": "pass",
"scanActionForPacker": "pass",
"scanActionForSpyware": "pass",
"scanActionForOtherThreats": "pass",
"scanActionForCookies": "pass",
"scanActionForCVE": "pass",
"scanActionForHeuristics": "pass",
"scanActionForPossibleMalware": "active-action",
"amsiScanEnabled": true,
"scanActionForBehaviorMonitoring": "active-action",
"scanActionForMachineLearning": "pass",
"scanActionForAmsi": "pass",
"processMemoryScanAction": "active-action",
"ID": 0,
"cpuUsage": "low"
}
]
}

➔ Next to Directory Lists