Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Windows Defender Event Indication Class
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.
Syntax
class MSFT_MpEvent
{
  uint32   CategoryDiscriminant;
  uint32   ScanNotificationsValue;
  uint32   ThreatNotificationsValue;
  uint32   SignatureNotificationsValue;
  uint32   ComputerNotificationsValue;
  DateTime NotificationTime;
  uint32   AdditionalData;
};
Members
The MSFT_MpEvent class has these types of members:
Properties
The MSFT_MpEvent class has these properties.
- 
AdditionalData 
-  - 
Data type: uint32 
- 
Access type: Read-only 
 Additional Data. At the moment, the only use is when the CategoryDiscriminant is equal to ThreatStateNotificationsthen this value will contains the ThreatID 
- 
- 
CategoryDiscriminant 
-  - 
Data type: uint32 
- 
Access type: Read-only 
 Category of Notification. 
- 
- 
ComputerNotificationsValue 
-  - 
Data type: uint32 
- 
Access type: Read-only 
 Detailed Computer Notifications. 
- 
- 
NotificationTime 
-  - 
Data type: DateTime 
- 
Access type: Read-only 
 Date and time the WMI Event was generated 
- 
- 
ScanNotificationsValue 
-  - 
Data type: uint32 
- 
Access type: Read-only 
 Detailed Scan Notifications. 
- 
- 
SignatureNotificationsValue 
-  - 
Data type: uint32 
- 
Access type: Read-only 
 Detailed Signature Notifications. 
- 
- 
ThreatNotificationsValue 
-  - 
Data type: uint32 
- 
Access type: Read-only 
 Detailed Threat Notifications. 
- 
Requirements
| Minimum supported client | Windows 8.1 [desktop apps only] | 
| Minimum supported server | Windows Server 2012 R2 [desktop apps only] | 
| Namespace | Root\Microsoft\Windows\Defender | 
| MOF | 
 | 
| DLL | 
 |