Anti-Malware Configurations

Describe an Anti-Malware Configuration

get/antimalwareconfigurations/{antiMalwareID}

Describe an anti-malware configuration by ID.

Related SDK Methods:
Java

AntiMalwareConfigurationsApi.describeAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.describe_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.describeAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
antiMalwareID
required
integer <int32> \d+

The ID number of the anti-malware configuration to describe.

Example: 1
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view anti-malware configurations.

404

The anti-malware configuration does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.AntiMalwareConfigurationsApi;
import com.trendmicro.deepsecurity.model.AntiMalwareConfiguration;


public class DescribeAntiMalwareExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		AntiMalwareConfigurationsApi instance = new AntiMalwareConfigurationsApi();
		Integer antiMalwareID = 1;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			AntiMalwareConfiguration result = instance.describeAntiMalware(antiMalwareID, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling AntiMalwareConfigurationsApi.describeAntiMalware");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "scanType": "real-time",
  • "documentExploitProtectionEnabled": true,
  • "documentExploitProtection": "critical-only",
  • "documentExploitHeuristicLevel": "default",
  • "machineLearningEnabled": true,
  • "behaviorMonitoringEnabled": true,
  • "documentRecoveryEnabled": true,
  • "intelliTrapEnabled": true,
  • "memoryScanEnabled": true,
  • "spywareEnabled": true,
  • "alertEnabled": true,
  • "directoriesToScan": "all-directories",
  • "directoryListID": 0,
  • "filesToScan": "all-files",
  • "fileExtensionListID": 0,
  • "excludedDirectoryListID": 0,
  • "excludedFileListID": 0,
  • "excludedFileExtensionListID": 0,
  • "excludedProcessImageFileListID": 0,
  • "realTimeScan": "read-only",
  • "scanCompressedEnabled": true,
  • "scanCompressedMaximumSize": 0,
  • "scanCompressedMaximumLevels": 0,
  • "scanCompressedMaximumFiles": 0,
  • "microsoftOfficeEnabled": true,
  • "microsoftOfficeLayers": 0,
  • "networkDirectoriesEnabled": true,
  • "customRemediationActionsEnabled": true,
  • "customScanActionsEnabled": true,
  • "scanActionForVirus": "pass",
  • "scanActionForTrojans": "pass",
  • "scanActionForPacker": "pass",
  • "scanActionForSpyware": "pass",
  • "scanActionForOtherThreats": "pass",
  • "scanActionForCookies": "pass",
  • "scanActionForCVE": "pass",
  • "scanActionForHeuristics": "pass",
  • "scanActionForPossibleMalware": "active-action",
  • "amsiScanEnabled": true,
  • "scanActionForBehaviorMonitoring": "active-action",
  • "scanActionForMachineLearning": "pass",
  • "scanActionForAmsi": "pass",
  • "processMemoryScanAction": "active-action",
  • "ID": 0,
  • "cpuUsage": "low"
}

Modify an Anti-Malware Configuration

post/antimalwareconfigurations/{antiMalwareID}

Modify an anti-malware configuration by ID. Any unset elements will be left unchanged.

Related SDK Methods:
Java

AntiMalwareConfigurationsApi.modifyAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.modify_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.modifyAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
antiMalwareID
required
integer <int32> \d+

The ID number of the anti-malware configuration to modify.

Example: 1
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the anti-malware configuration to modify.

alertEnabled
boolean

Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert. Searchable as Boolean.

amsiScanEnabled
boolean

Controls whether Windows Antimalware Scan Interface (AMSI) protection is enabled. Set to true to enable.

behaviorMonitoringEnabled
boolean

Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.

cpuUsage
string
Enum: "low" "medium" "high"
customRemediationActionsEnabled
boolean

Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.

customScanActionsEnabled
boolean

Controls whether to use custom actions. Use true to enable custom actions. Available when 'customRemediationActionsEnabled' is true.

description
string

Description of the anti-malware configuration. Searchable as String.

directoriesToScan
string

Specify if the scan will be peformed on all the directories or on a subset. Searchable as Choice.

Enum: "all-directories" "directory-list"
directoryListID
integer <int32>

ID of the directory list to scan. Set to 0 to remove any assignment. Searchable as Numeric.

documentExploitHeuristicLevel
string

Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit. Searchable as Choice.

Enum: "default" "default-and-agressive"
documentExploitProtection
string

Scan for exploits against known critical vulnerabilities only. Searchable as Choice.

Enum: "critical-only" "critical-and-heuristic"
documentExploitProtectionEnabled
boolean

Controls whether to scan for known critical vulnerabilities. Use true to enable scan.

documentRecoveryEnabled
boolean

Controls whether to back up ransomware-encrypted files. Set to true to back up. Searchable as Boolean.

excludedDirectoryListID
integer <int32>

ID of the directory list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

excludedFileExtensionListID
integer <int32>

ID of the file extension list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

excludedFileListID
integer <int32>

ID of the file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

excludedProcessImageFileListID
integer <int32>

ID of the process image file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

fileExtensionListID
integer <int32>

ID of the file extension list to scan. Set to 0 to remove any assignment. Searchable as Numeric.

filesToScan
string

Specify if scan will be performed on all files, a subset or by using IntelliScan. Searchable as Choice.

Enum: "all-files" "intelliscan-file-types" "file-extension-list"
intelliTrapEnabled
boolean

Controls whether IntelliTrap is enabled. Set to true to enable. Searchable as Boolean.

machineLearningEnabled
boolean

Controls whether predictive machine learning is enabled. Set to true to enable. Searchable as Boolean.

memoryScanEnabled
boolean

Controls whether to scan process memory for malware. Use true to enable scan. Searchable as Boolean.

microsoftOfficeEnabled
boolean

Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan. Searchable as Boolean.

microsoftOfficeLayers
integer <int32>

Number of Microsoft Object Linking and Embedding (OLE) Layers to scan. Searchable as Numeric.

name
string

Name of the anti-malware configuration. Searchable as String.

networkDirectoriesEnabled
boolean

Controls whether to scan network directories. Set to true to enable. Searchable as Boolean.

processMemoryScanAction
string

The action to take when malware identified with Process Memory Scan protection is detected. Available when 'memoryScanEnabled' is true.

Enum: "active-action" "pass"
realTimeScan
string

Specify when to perform the real-time scan. Searchable as Choice.

Enum: "read-only" "write-only" "read-write"
scanActionForAmsi
string

The action to take when malware identified with AMSI protection is detected. Available when 'amsiScanEnabled' is true.

Enum: "pass" "terminate"
scanActionForBehaviorMonitoring
string

The action to take when suspicious activity and unauthorized changes are detected. Searchable as Choice. Available when 'behaviorMonitoringEnabled' is true.

Enum: "active-action" "pass"
scanActionForCookies
string

The action to take when cookies are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete"
scanActionForCVE
string

The action to take when a CVE exploit is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForHeuristics
string

The action to take when malware identified with heuristics are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForMachineLearning
string

The action to take when malware identified with machine learning is detected. Searchable as Choice. Available when 'machineLearningEnabled' is true.

Enum: "pass" "delete" "quarantine"
scanActionForOtherThreats
string

The action to take when other threats are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanActionForPacker
string

The action to perform when a packer is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForPossibleMalware
string

The action to take when possible malware is detected. Searchable as Choice. Available when 'customRemediationActionsEnabled' is true.

Enum: "active-action" "pass" "delete" "quarantine" "deny-access"
scanActionForSpyware
string

The action to perform when spyware is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForTrojans
string

The action to perform when a trojan is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForVirus
string

The action to perform when a virus is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanCompressedEnabled
boolean

Controls whether to scan compressed files. Use true to enable scan. Searchable as Boolean.

scanCompressedMaximumFiles
integer <int32>

Maximum number of files to extract. Searchable as Numeric.

scanCompressedMaximumLevels
integer <int32>

The maximum number of levels of compression to scan. Searchable as Numeric.

scanCompressedMaximumSize
integer <int32>

Maximum size of compressed files to scan, in MB. Searchable as Numeric.

scanType
string

The type of malware scan configuration. Searchable as Choice.

Enum: "real-time" "on-demand"
spywareEnabled
boolean

Controls whether to enable spyware/grayware protection. Set to true to enable. Searchable as Boolean.

Responses
200

successful operation

403

Not authorized to modify anti-malware configurations or the requested modification is not permitted.

404

The anti-malware configuration does not exist.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "scanType": "real-time",
  • "documentExploitProtectionEnabled": true,
  • "documentExploitProtection": "critical-only",
  • "documentExploitHeuristicLevel": "default",
  • "machineLearningEnabled": true,
  • "behaviorMonitoringEnabled": true,
  • "documentRecoveryEnabled": true,
  • "intelliTrapEnabled": true,
  • "memoryScanEnabled": true,
  • "spywareEnabled": true,
  • "alertEnabled": true,
  • "directoriesToScan": "all-directories",
  • "directoryListID": 0,
  • "filesToScan": "all-files",
  • "fileExtensionListID": 0,
  • "excludedDirectoryListID": 0,
  • "excludedFileListID": 0,
  • "excludedFileExtensionListID": 0,
  • "excludedProcessImageFileListID": 0,
  • "realTimeScan": "read-only",
  • "scanCompressedEnabled": true,
  • "scanCompressedMaximumSize": 0,
  • "scanCompressedMaximumLevels": 0,
  • "scanCompressedMaximumFiles": 0,
  • "microsoftOfficeEnabled": true,
  • "microsoftOfficeLayers": 0,
  • "networkDirectoriesEnabled": true,
  • "customRemediationActionsEnabled": true,
  • "customScanActionsEnabled": true,
  • "scanActionForVirus": "pass",
  • "scanActionForTrojans": "pass",
  • "scanActionForPacker": "pass",
  • "scanActionForSpyware": "pass",
  • "scanActionForOtherThreats": "pass",
  • "scanActionForCookies": "pass",
  • "scanActionForCVE": "pass",
  • "scanActionForHeuristics": "pass",
  • "scanActionForPossibleMalware": "active-action",
  • "amsiScanEnabled": true,
  • "scanActionForBehaviorMonitoring": "active-action",
  • "scanActionForMachineLearning": "pass",
  • "scanActionForAmsi": "pass",
  • "processMemoryScanAction": "active-action",
  • "cpuUsage": "low"
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "scanType": "real-time",
  • "documentExploitProtectionEnabled": true,
  • "documentExploitProtection": "critical-only",
  • "documentExploitHeuristicLevel": "default",
  • "machineLearningEnabled": true,
  • "behaviorMonitoringEnabled": true,
  • "documentRecoveryEnabled": true,
  • "intelliTrapEnabled": true,
  • "memoryScanEnabled": true,
  • "spywareEnabled": true,
  • "alertEnabled": true,
  • "directoriesToScan": "all-directories",
  • "directoryListID": 0,
  • "filesToScan": "all-files",
  • "fileExtensionListID": 0,
  • "excludedDirectoryListID": 0,
  • "excludedFileListID": 0,
  • "excludedFileExtensionListID": 0,
  • "excludedProcessImageFileListID": 0,
  • "realTimeScan": "read-only",
  • "scanCompressedEnabled": true,
  • "scanCompressedMaximumSize": 0,
  • "scanCompressedMaximumLevels": 0,
  • "scanCompressedMaximumFiles": 0,
  • "microsoftOfficeEnabled": true,
  • "microsoftOfficeLayers": 0,
  • "networkDirectoriesEnabled": true,
  • "customRemediationActionsEnabled": true,
  • "customScanActionsEnabled": true,
  • "scanActionForVirus": "pass",
  • "scanActionForTrojans": "pass",
  • "scanActionForPacker": "pass",
  • "scanActionForSpyware": "pass",
  • "scanActionForOtherThreats": "pass",
  • "scanActionForCookies": "pass",
  • "scanActionForCVE": "pass",
  • "scanActionForHeuristics": "pass",
  • "scanActionForPossibleMalware": "active-action",
  • "amsiScanEnabled": true,
  • "scanActionForBehaviorMonitoring": "active-action",
  • "scanActionForMachineLearning": "pass",
  • "scanActionForAmsi": "pass",
  • "processMemoryScanAction": "active-action",
  • "ID": 0,
  • "cpuUsage": "low"
}

Delete an Anti-Malware Configuration

delete/antimalwareconfigurations/{antiMalwareID}

Delete an anti-malware configuration by ID.

Related SDK Methods:
Java

AntiMalwareConfigurationsApi.deleteAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.delete_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.deleteAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
antiMalwareID
required
integer <int32> \d+

The ID number of the anti-malware configuration to delete.

Example: 1
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

Request is successful.

403

Not authorized to delete anti-malware configurations.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.AntiMalwareConfigurationsApi;


public class DeleteAntiMalwareExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		AntiMalwareConfigurationsApi instance = new AntiMalwareConfigurationsApi();
		Integer antiMalwareID = 1;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			instance.deleteAntiMalware(antiMalwareID, apiVersion);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling AntiMalwareConfigurationsApi.deleteAntiMalware");
			e.printStackTrace();
		}
	}
}

List Anti-Malware Configurations

get/antimalwareconfigurations

Lists all anti-malware configurations.

Related SDK Methods:
Java

AntiMalwareConfigurationsApi.listAntiMalwares([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.list_anti_malwares([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.listAntiMalwares([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view anti-malware configurations.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.AntiMalwareConfigurationsApi;
import com.trendmicro.deepsecurity.model.AntiMalwareConfigurations;


public class ListAntiMalwaresExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		AntiMalwareConfigurationsApi instance = new AntiMalwareConfigurationsApi();
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			AntiMalwareConfigurations result = instance.listAntiMalwares(apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling AntiMalwareConfigurationsApi.listAntiMalwares");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "antiMalwareConfigurations": [
    ]
}

Create an Anti-Malware Configuration

post/antimalwareconfigurations

Create a new anti-malware configuration.

Related SDK Methods:
Java

AntiMalwareConfigurationsApi.createAntiMalware([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.create_anti_malware([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.createAntiMalware([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the new anti-malware configuration.

alertEnabled
boolean

Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert. Searchable as Boolean.

amsiScanEnabled
boolean

Controls whether Windows Antimalware Scan Interface (AMSI) protection is enabled. Set to true to enable.

behaviorMonitoringEnabled
boolean

Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.

cpuUsage
string
Enum: "low" "medium" "high"
customRemediationActionsEnabled
boolean

Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.

customScanActionsEnabled
boolean

Controls whether to use custom actions. Use true to enable custom actions. Available when 'customRemediationActionsEnabled' is true.

description
string

Description of the anti-malware configuration. Searchable as String.

directoriesToScan
string

Specify if the scan will be peformed on all the directories or on a subset. Searchable as Choice.

Enum: "all-directories" "directory-list"
directoryListID
integer <int32>

ID of the directory list to scan. Set to 0 to remove any assignment. Searchable as Numeric.

documentExploitHeuristicLevel
string

Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit. Searchable as Choice.

Enum: "default" "default-and-agressive"
documentExploitProtection
string

Scan for exploits against known critical vulnerabilities only. Searchable as Choice.

Enum: "critical-only" "critical-and-heuristic"
documentExploitProtectionEnabled
boolean

Controls whether to scan for known critical vulnerabilities. Use true to enable scan.

documentRecoveryEnabled
boolean

Controls whether to back up ransomware-encrypted files. Set to true to back up. Searchable as Boolean.

excludedDirectoryListID
integer <int32>

ID of the directory list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

excludedFileExtensionListID
integer <int32>

ID of the file extension list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

excludedFileListID
integer <int32>

ID of the file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

excludedProcessImageFileListID
integer <int32>

ID of the process image file list to exclude from the scan. Set to 0 to remove any assignment. Searchable as Numeric.

fileExtensionListID
integer <int32>

ID of the file extension list to scan. Set to 0 to remove any assignment. Searchable as Numeric.

filesToScan
string

Specify if scan will be performed on all files, a subset or by using IntelliScan. Searchable as Choice.

Enum: "all-files" "intelliscan-file-types" "file-extension-list"
intelliTrapEnabled
boolean

Controls whether IntelliTrap is enabled. Set to true to enable. Searchable as Boolean.

machineLearningEnabled
boolean

Controls whether predictive machine learning is enabled. Set to true to enable. Searchable as Boolean.

memoryScanEnabled
boolean

Controls whether to scan process memory for malware. Use true to enable scan. Searchable as Boolean.

microsoftOfficeEnabled
boolean

Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan. Searchable as Boolean.

microsoftOfficeLayers
integer <int32>

Number of Microsoft Object Linking and Embedding (OLE) Layers to scan. Searchable as Numeric.

name
string

Name of the anti-malware configuration. Searchable as String.

networkDirectoriesEnabled
boolean

Controls whether to scan network directories. Set to true to enable. Searchable as Boolean.

processMemoryScanAction
string

The action to take when malware identified with Process Memory Scan protection is detected. Available when 'memoryScanEnabled' is true.

Enum: "active-action" "pass"
realTimeScan
string

Specify when to perform the real-time scan. Searchable as Choice.

Enum: "read-only" "write-only" "read-write"
scanActionForAmsi
string

The action to take when malware identified with AMSI protection is detected. Available when 'amsiScanEnabled' is true.

Enum: "pass" "terminate"
scanActionForBehaviorMonitoring
string

The action to take when suspicious activity and unauthorized changes are detected. Searchable as Choice. Available when 'behaviorMonitoringEnabled' is true.

Enum: "active-action" "pass"
scanActionForCookies
string

The action to take when cookies are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete"
scanActionForCVE
string

The action to take when a CVE exploit is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForHeuristics
string

The action to take when malware identified with heuristics are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForMachineLearning
string

The action to take when malware identified with machine learning is detected. Searchable as Choice. Available when 'machineLearningEnabled' is true.

Enum: "pass" "delete" "quarantine"
scanActionForOtherThreats
string

The action to take when other threats are detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanActionForPacker
string

The action to perform when a packer is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForPossibleMalware
string

The action to take when possible malware is detected. Searchable as Choice. Available when 'customRemediationActionsEnabled' is true.

Enum: "active-action" "pass" "delete" "quarantine" "deny-access"
scanActionForSpyware
string

The action to perform when spyware is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForTrojans
string

The action to perform when a trojan is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "deny-access"
scanActionForVirus
string

The action to perform when a virus is detected. Searchable as Choice. Available when 'customScanActionsEnabled' is true.

Enum: "pass" "delete" "quarantine" "clean" "deny-access"
scanCompressedEnabled
boolean

Controls whether to scan compressed files. Use true to enable scan. Searchable as Boolean.

scanCompressedMaximumFiles
integer <int32>

Maximum number of files to extract. Searchable as Numeric.

scanCompressedMaximumLevels
integer <int32>

The maximum number of levels of compression to scan. Searchable as Numeric.

scanCompressedMaximumSize
integer <int32>

Maximum size of compressed files to scan, in MB. Searchable as Numeric.

scanType
string

The type of malware scan configuration. Searchable as Choice.

Enum: "real-time" "on-demand"
spywareEnabled
boolean

Controls whether to enable spyware/grayware protection. Set to true to enable. Searchable as Boolean.

Responses
200

successful operation

403

Not authorized to create anti-malware configurations.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "scanType": "real-time",
  • "documentExploitProtectionEnabled": true,
  • "documentExploitProtection": "critical-only",
  • "documentExploitHeuristicLevel": "default",
  • "machineLearningEnabled": true,
  • "behaviorMonitoringEnabled": true,
  • "documentRecoveryEnabled": true,
  • "intelliTrapEnabled": true,
  • "memoryScanEnabled": true,
  • "spywareEnabled": true,
  • "alertEnabled": true,
  • "directoriesToScan": "all-directories",
  • "directoryListID": 0,
  • "filesToScan": "all-files",
  • "fileExtensionListID": 0,
  • "excludedDirectoryListID": 0,
  • "excludedFileListID": 0,
  • "excludedFileExtensionListID": 0,
  • "excludedProcessImageFileListID": 0,
  • "realTimeScan": "read-only",
  • "scanCompressedEnabled": true,
  • "scanCompressedMaximumSize": 0,
  • "scanCompressedMaximumLevels": 0,
  • "scanCompressedMaximumFiles": 0,
  • "microsoftOfficeEnabled": true,
  • "microsoftOfficeLayers": 0,
  • "networkDirectoriesEnabled": true,
  • "customRemediationActionsEnabled": true,
  • "customScanActionsEnabled": true,
  • "scanActionForVirus": "pass",
  • "scanActionForTrojans": "pass",
  • "scanActionForPacker": "pass",
  • "scanActionForSpyware": "pass",
  • "scanActionForOtherThreats": "pass",
  • "scanActionForCookies": "pass",
  • "scanActionForCVE": "pass",
  • "scanActionForHeuristics": "pass",
  • "scanActionForPossibleMalware": "active-action",
  • "amsiScanEnabled": true,
  • "scanActionForBehaviorMonitoring": "active-action",
  • "scanActionForMachineLearning": "pass",
  • "scanActionForAmsi": "pass",
  • "processMemoryScanAction": "active-action",
  • "cpuUsage": "low"
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "scanType": "real-time",
  • "documentExploitProtectionEnabled": true,
  • "documentExploitProtection": "critical-only",
  • "documentExploitHeuristicLevel": "default",
  • "machineLearningEnabled": true,
  • "behaviorMonitoringEnabled": true,
  • "documentRecoveryEnabled": true,
  • "intelliTrapEnabled": true,
  • "memoryScanEnabled": true,
  • "spywareEnabled": true,
  • "alertEnabled": true,
  • "directoriesToScan": "all-directories",
  • "directoryListID": 0,
  • "filesToScan": "all-files",
  • "fileExtensionListID": 0,
  • "excludedDirectoryListID": 0,
  • "excludedFileListID": 0,
  • "excludedFileExtensionListID": 0,
  • "excludedProcessImageFileListID": 0,
  • "realTimeScan": "read-only",
  • "scanCompressedEnabled": true,
  • "scanCompressedMaximumSize": 0,
  • "scanCompressedMaximumLevels": 0,
  • "scanCompressedMaximumFiles": 0,
  • "microsoftOfficeEnabled": true,
  • "microsoftOfficeLayers": 0,
  • "networkDirectoriesEnabled": true,
  • "customRemediationActionsEnabled": true,
  • "customScanActionsEnabled": true,
  • "scanActionForVirus": "pass",
  • "scanActionForTrojans": "pass",
  • "scanActionForPacker": "pass",
  • "scanActionForSpyware": "pass",
  • "scanActionForOtherThreats": "pass",
  • "scanActionForCookies": "pass",
  • "scanActionForCVE": "pass",
  • "scanActionForHeuristics": "pass",
  • "scanActionForPossibleMalware": "active-action",
  • "amsiScanEnabled": true,
  • "scanActionForBehaviorMonitoring": "active-action",
  • "scanActionForMachineLearning": "pass",
  • "scanActionForAmsi": "pass",
  • "processMemoryScanAction": "active-action",
  • "ID": 0,
  • "cpuUsage": "low"
}

Search Anti-Malware Configurations

post/antimalwareconfigurations/search

Search for anti-malware configurations using optional filters.

Related SDK Methods:
Java

AntiMalwareConfigurationsApi.searchAntiMalwares([param1, param2, ...])

Python

AntiMalwareConfigurationsApi.search_anti_malwares([param1, param2, ...])

JavaScript

AntiMalwareConfigurationsApi.searchAntiMalwares([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

A collection of options used to filter the search results.

maxItems
integer <int32>

Limits the number of objects returned. Default 5000.

Array of objects (searchCriteria)

Array of search critiera used to filter objects. Searching with multiple criteria returns results that satisfy all of the criteria. Searching with no criteria returns all objects.

sortByObjectID
boolean

If true, forces the response objects to be sorted by ID, overriding the default sort order. Default "false".

Responses
200

successful operation

403

Not authorized to view anti-malware configurations.

Request samples
application/json
{
  • "maxItems": 0,
  • "searchCriteria": [
    ],
  • "sortByObjectID": true
}
Response samples
application/json
{
  • "antiMalwareConfigurations": [
    ]
}