#pragma autorecover
#pragma namespace("\\\\.\\root\\Microsoft\\Windows\\Defender")
instance of __namespace{ name="MS_804";};
#pragma namespace("\\\\.\\root\\Microsoft\\Windows\\Defender\\MS_804")

[Description("这是一个显示基本状态的抽象类。") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class BaseStatus
{
};

[Description("这是一个显示基本状态的抽象类。") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpComputerStatus : BaseStatus
{
  [Description("由 MAPS 创建的计算机 ID") : Amended ToSubclass,key] string ComputerID;
  [Description("当前的计算机状态") : Amended ToSubclass,BitValues{"CleanState", "PendingFullScan", "PendingReboot", "PendingManualSteps", "PendingOfflineScan", "CriticalFailure"} : Amended ToSubclass] uint32 ComputerState;
  [Description("产品版本(主要、次要、内部、修订)") : Amended ToSubclass] string AMProductVersion;
  [Description("服务版本(主要、次要、内部、修订)") : Amended ToSubclass] string AMServiceVersion;
  [Description("反间谍软件特征版本(主要、次要、内部、修订)") : Amended ToSubclass] string AntispywareSignatureVersion;
  [Description("反间谍软件特征期限(天) - 如果特征从未更新，则期限将显示为 65535 天") : Amended ToSubclass] uint32 AntispywareSignatureAge;
  [Description("上次更新反间谍软件的本地时间。如果此项从未更新，则此属性中将显示 null 值") : Amended ToSubclass] datetime AntispywareSignatureLastUpdated;
  [Description("防病毒软件特征版本(主要、次要、内部、修订)") : Amended ToSubclass] string AntivirusSignatureVersion;
  [Description("防病毒软件特征期限(天) - 如果特征从未更新，则期限将显示为 65535 天") : Amended ToSubclass] uint32 AntivirusSignatureAge;
  [Description("上次更新防病毒软件的本地时间 - 如果此项从未更新，则此属性中将显示 null 值") : Amended ToSubclass] datetime AntivirusSignatureLastUpdated;
  [Description("NRI 特征版本(主要、次要、内部、修订)") : Amended ToSubclass] string NISSignatureVersion;
  [Description("NRI 特征期限(以天为单位) - 如果特征从未更新，则期限将显示为 65535 天") : Amended ToSubclass] uint32 NISSignatureAge;
  [Description("上次更新 NRI 的本地时间 - 如果此项从未更新，则该属性中将显示 null 值") : Amended ToSubclass] datetime NISSignatureLastUpdated;
  [Description("上次完全扫描开始时间 - 如果此项从未更新，则此属性中将显示 null 值") : Amended ToSubclass] datetime FullScanStartTime;
  [Description("上次完全扫描结束时间 - 如果此项从未更新，则此属性中将显示 null 值") : Amended ToSubclass] datetime FullScanEndTime;
  [Description("上次完全扫描期限(天) - 如果特征从未更新，则期限将显示为 65535 天") : Amended ToSubclass] uint32 FullScanAge;
  [Description("上次扫描源") : Amended ToSubclass,Values{"未知", "用户", "系统", "实时", "IOAV"} : Amended ToSubclass] uint8 LastFullScanSource;
  [Description("实时扫描方向枚举") : Amended ToSubclass,Values{"两者", "传入", "传出"} : Amended ToSubclass] uint8 RealTimeScanDirection;
  [Description("上次快速扫描开始时间 - 如果此项从未更新，则此属性中将显示 null 值") : Amended ToSubclass] datetime QuickScanStartTime;
  [Description("上次快速扫描结束时间 - 如果此项从未更新，则此属性中将显示 null 值") : Amended ToSubclass] datetime QuickScanEndTime;
  [Description("上次快速扫描期限(天) - 如果特征从未更新，则期限将显示为 65535 天。") : Amended ToSubclass] uint32 QuickScanAge;
  [Description("上次扫描源") : Amended ToSubclass,Values{"未知", "用户", "系统", "实时", "IOAV"} : Amended ToSubclass] uint8 LastQuickScanSource;
  [Description("AM 引擎版本(主要、次要、内部、修订)") : Amended ToSubclass] string AMEngineVersion;
  [Description("如果 AM 引擎已启用") : Amended ToSubclass] boolean AMServiceEnabled;
  [Description("指定计算机是否正在监视计算机上的文件和程序活动") : Amended ToSubclass] boolean OnAccessProtectionEnabled;
  [Description("扫描所有下载的文件和附件") : Amended ToSubclass] boolean IoavProtectionEnabled;
  [Description("指定是否已启用行为监视") : Amended ToSubclass] boolean BehaviorMonitorEnabled;
  [Description("指定是否已启用防病毒保护") : Amended ToSubclass] boolean AntivirusEnabled;
  [Description("指定是否已启用反间谍软件保护") : Amended ToSubclass] boolean AntispywareEnabled;
  [Description("指定是否已启用实时保护") : Amended ToSubclass] boolean RealTimeProtectionEnabled;
  [Description("NRI 引擎版本(主要、次要、内部、修订)") : Amended ToSubclass] string NISEngineVersion;
  [Description("如果 NRI 引擎已启用") : Amended ToSubclass] boolean NISEnabled;
};

[Version("1.0") : Amended,Description("Windows Defender 事件指示类") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpEvent
{
  [Description("Category of Notification.") : Amended ToSubclass,Values{"ScanStateNotifications", "ThreatStateNotifications", "SignatureStateNotifications", "ComputerStateNotifications"} : Amended ToSubclass,key] uint32 CategoryDiscriminant;
  [Description("Detailed Scan Notifications.") : Amended ToSubclass,BitValues{"ErrorOccurred", "ScanCompleted"} : Amended ToSubclass] uint32 ScanNotificationsValue;
  [Description("Detailed Threat Notifications.") : Amended ToSubclass,BitValues{"已检测", "Abandoned", "SuccessfulRemediation", "NonCriticalFailure", "CriticalFailure"} : Amended ToSubclass] uint32 ThreatNotificationsValue;
  [Description("Detailed Signature Notifications.") : Amended ToSubclass,BitValues{"SignaturesOutOfDate"} : Amended ToSubclass] uint32 SignatureNotificationsValue;
  [Description("Detailed Computer Notifications.") : Amended ToSubclass,BitValues{"RebootRequired", "FullScanRequired", "OfflineScanRequired", "ManualStepsRequired", "ScansOutOfDate", "ComponentsChanged", "StateRecovered"} : Amended ToSubclass] uint32 ComputerNotificationsValue;
  [Description("生成 WMI 事件的日期和时间") : Amended ToSubclass] datetime NotificationTime;
  [Description("其他数据。目前仅在 CategoryDiscriminant 等于 ThreatStateNotificationsthen 的情况下使用。此值将包含 ThreatID") : Amended ToSubclass] uint32 AdditionalData;
};

[Version("1.0") : Amended,Description("Windows Defender 检测信号类") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpHeartBeat
{
};

[Version("1.0") : Amended,Description("Windows Defender Preferences Class") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpPreference
{
  [Description("由 MAPS 创建的计算机 ID") : Amended ToSubclass,key] string ComputerID;
  [Description("允许管理员指定是否应关闭服务器 SKU 的自动排除功能。") : Amended ToSubclass] boolean DisableAutoExclusions;
  [Description("允许管理员明确禁止扫描时检查列出的任何路径。") : Amended ToSubclass] string ExclusionPath[];
  [Description("允许管理员明确禁止扫描时检查列出的任何扩展。") : Amended ToSubclass] string ExclusionExtension[];
  [Description("允许管理员明确禁止扫描时检查列出的任何进程。") : Amended ToSubclass] string ExclusionProcess[];
  [Description("指示项在删除前应保留在隔离文件夹中的天数。") : Amended ToSubclass] uint32 QuarantinePurgeItemsAfterDelay;
  [Description("实时扫描方向 - 枚举") : Amended ToSubclass,Values{"两者", "传入", "传出"} : Amended ToSubclass] uint8 RealTimeScanDirection;
  [Description("指示星期几执行计划的完全扫描以完成修正。") : Amended ToSubclass,Values{"每天", "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六", "从不"} : Amended ToSubclass] uint8 RemediationScheduleDay;
  [Description("指示何时执行计划的完全扫描以完成修正。") : Amended ToSubclass] datetime RemediationScheduleTime;
  [Description("为需要其他操作的检测配置超时。") : Amended ToSubclass] uint32 ReportingAdditionalActionTimeOut;
  [Description("检测到“严重失败”状态到转换为“其他操作”或“已清除”状态的时间(分钟)。") : Amended ToSubclass] uint32 ReportingCriticalFailureTimeOut;
  [Description("检测到“失败”状态到转换为“已清除”状态的时间(分钟)。") : Amended ToSubclass] uint32 ReportingNonCriticalTimeOut;
  [Description("指定扫描期间 CPU 使用率的最大百分比。使用此策略设置，可以配置扫描期间允许的最大 CPU 使用率百分比。此设置的有效值为以整数 5 到 100 表示的百分比。值为 0 指示 CPU 使用率不应有限制。") : Amended ToSubclass] uint8 ScanAvgCPULoadFactor;
  [Description("设置后，Windows Defender 将在运行扫描前检查新签名。如果找到新签名，则将先下载并安装这些签名，然后再开始扫描。如果未找到新签名，将基于现有签名启动扫描。") : Amended ToSubclass] boolean CheckForSignaturesBeforeRunningScan;
  [Description("启用从扫描历史记录文件夹中删除项。此设置定义项在永久删除前应保留在扫描历史记录文件夹中的天数。该值表示在文件夹中保留项的天数。如果设置为零，则将永远保留项，不会将其自动删除。") : Amended ToSubclass] uint32 ScanPurgeItemsAfterDelay;
  [Description("仅当系统处于空闲状态时才运行计划的扫描。") : Amended ToSubclass] boolean ScanOnlyIfIdleEnabled;
  [Description("指定要用于计划的扫描的扫描类型。") : Amended ToSubclass,Values{"快速扫描", "完全扫描"} : Amended ToSubclass] uint8 ScanParameters;
  [Description("指定星期几运行计划的扫描。") : Amended ToSubclass,Values{"每天", "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六", "从不"} : Amended ToSubclass] uint8 ScanScheduleDay;
  [Description("指定在一天的什么时间运行计划的快速扫描。") : Amended ToSubclass] datetime ScanScheduleQuickScanTime;
  [Description("指定在一天的什么时间运行计划的扫描。") : Amended ToSubclass] datetime ScanScheduleTime;
  [Description("在紧接着首次安装后的已配置时间内中止所有服务启动的更新。") : Amended ToSubclass] uint32 SignatureFirstAuGracePeriod;
  [Description("重写 CheckForSignatureBeforeRunningScan。如果签名在此时间内已成功更新，则中止所有服务启动的更新。时间以分钟为单位。") : Amended ToSubclass] uint32 SignatureAuGracePeriod;
  [Description("定义用于下载定义更新的文件共享。使用此设置，可以配置用于下载定义更新的 UNC 文件共享源。将按指定的顺序联系源。应以竖线分隔的、枚举定义更新源的字符串形式输入此设置的值。例如: {\\unc1 | \\unc2 }。默认情况下，该列表为空。") : Amended ToSubclass] string SignatureDefinitionUpdateFileSharesSources;
  [Description("如果设置为 true，则 AM 服务在启动时将不会启动定义更新(无论引擎是否存在)。") : Amended ToSubclass] boolean SignatureDisableUpdateOnStartupWithoutEngine;
  [Description("定义用于下载定义更新的源的顺序。使用此设置，可以定义应联系不同定义更新源的顺序。应以竖线分隔的、枚举定义更新源的字符串形式按顺序输入此设置的值。可能的值包括: 'InternalDefinitionUpdateServer'、'MicrosoftUpdateServer'、'MMPC'、'FileShares' ") : Amended ToSubclass] string SignatureFallbackOrder;
  [Description("指示星期几进行签名更新。如果设置为零(0x0)，则会每天进行签名更新。") : Amended ToSubclass,Values{"每天", "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六", "从不"} : Amended ToSubclass] uint8 SignatureScheduleDay;
  [Description("指定签名更新检查发生的时间。默认情况下，会在计划的扫描开始之前检查签名。") : Amended ToSubclass] datetime SignatureScheduleTime;
  [Description("定义天数，更新签名将保证在该天数后提供。可以使用 SignatureUpdateLastChecked。0 = 无更新；1 = 1 天；2 = 2 天，等等。") : Amended ToSubclass] uint32 SignatureUpdateCatchupInterval;
  [Description("时间值以更新检查间隔的小时数表示。有效值范围为 1(每小时)到 24(每天一次)。") : Amended ToSubclass] uint32 SignatureUpdateInterval;
  [Description("加入 Microsoft MAPS。") : Amended ToSubclass,Values{"已禁用", "基本", "Advanced"} : Amended ToSubclass] uint8 MAPSReporting;
  [Description("Consent for sample submission.") : Amended ToSubclass,Values{"无", "Always", "从不"} : Amended ToSubclass] uint8 SubmitSamplesConsent;
  [Description("禁用隐私模式。") : Amended ToSubclass] boolean DisablePrivacyMode;
  [Description("使用此设置，可以允许或禁止随机选择计划的扫描开始时间和计划的定义更新开始时间。此设置用于分散扫描对资源的影响。例如，可以在共享主机的来宾虚拟机中使用此设置，以防止多个来宾虚拟机同时执行占用大量磁盘空间的操作。") : Amended ToSubclass] boolean RandomizeScheduleTaskTimes;
  [Description("禁用行为监视。") : Amended ToSubclass] boolean DisableBehaviorMonitoring;
  [Description("禁用入侵防护系统。") : Amended ToSubclass] boolean DisableIntrusionPreventionSystem;
  [Description("禁用 IOAV 保护。") : Amended ToSubclass] boolean DisableIOAVProtection;
  [Description("禁用实时监视。") : Amended ToSubclass] boolean DisableRealtimeMonitoring;
  [Description("禁用脚本扫描。") : Amended ToSubclass] boolean DisableScriptScanning;
  [Description("禁用存档扫描。") : Amended ToSubclass] boolean DisableArchiveScanning;
  [Description("禁用更新完全扫描。更新扫描是指由于错过了计划的定期扫描而启动的扫描。通常，这些计划的扫描是由于计算机在计划的时间处于关闭状态而错过的。") : Amended ToSubclass] boolean DisableCatchupFullScan;
  [Description("禁用更新快速扫描。更新扫描是指由于错过了计划的定期扫描而启动的扫描。通常，这些计划的扫描是由于计算机在计划的时间处于关闭状态而错过的。") : Amended ToSubclass] boolean DisableCatchupQuickScan;
  [Description("禁用电子邮件扫描。") : Amended ToSubclass] boolean DisableEmailScanning;
  [Description("禁用可移动驱动器扫描。") : Amended ToSubclass] boolean DisableRemovableDriveScanning;
  [Description("禁用还原点。") : Amended ToSubclass] boolean DisableRestorePoint;
  [Description("禁止在已映射的网络驱动器上运行完全扫描。") : Amended ToSubclass] boolean DisableScanningMappedNetworkDrivesForFullScan;
  [Description("禁止扫描网络文件。") : Amended ToSubclass] boolean DisableScanningNetworkFiles;
  [Description("启用 UI 锁定模式。") : Amended ToSubclass] boolean UILockdown;
  [Description("威胁 ID，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 中 ID 的相同顺序指定 ThreatIDDefaultAction_Actions 中的操作") : Amended ToSubclass] sint64 ThreatIDDefaultAction_Ids[];
  [Description("威胁的默认操作，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 属性中指定的相应 ID 顺序指定这些操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 ThreatIDDefaultAction_Actions[];
  [Description("未知威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 UnknownThreatDefaultAction;
  [Description("严重性为“低”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 LowThreatDefaultAction;
  [Description("严重性为“中等”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 ModerateThreatDefaultAction;
  [Description("严重性为“高”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 HighThreatDefaultAction;
  [Description("严重性为“严重”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 SevereThreatDefaultAction;
  [Description("指定 PUA (可能有害的应用程序)防护模式。") : Amended ToSubclass,Values{"已禁用", "已启用", "审核模式"} : Amended ToSubclass] uint8 PUAProtection;
  [Description("禁用“首次看到时阻止”。") : Amended ToSubclass] boolean DisableBlockAtFirstSeen;
  uint32 Set([In,Description("允许管理员指定是否应关闭服务器 SKU 的自动排除功能。") : Amended ToSubclass] boolean DisableAutoExclusions,[In,Description("允许管理员明确禁止扫描时检查列出的任何路径。") : Amended ToSubclass] string ExclusionPath[],[In,Description("允许管理员明确禁止扫描时检查列出的任何扩展。") : Amended ToSubclass] string ExclusionExtension[],[In,Description("允许管理员明确禁止扫描时检查列出的任何进程。") : Amended ToSubclass] string ExclusionProcess[],[In,Description("指示项在删除前应保留在隔离文件夹中的天数。") : Amended ToSubclass] uint32 QuarantinePurgeItemsAfterDelay,[In,Description("实时扫描方向 - 枚举") : Amended ToSubclass,Values{"两者", "传入", "传出"} : Amended ToSubclass] uint8 RealTimeScanDirection,[In,Description("指示星期几执行计划的完全扫描以完成修正。") : Amended ToSubclass,Values{"每天", "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六", "从不"} : Amended ToSubclass] uint8 RemediationScheduleDay,[In,Description("指示何时执行计划的完全扫描以完成修正。") : Amended ToSubclass] datetime RemediationScheduleTime,[In,Description("为需要其他操作的检测配置超时。") : Amended ToSubclass] uint32 ReportingAdditionalActionTimeOut,[In,Description("检测到“严重失败”状态到转换为“其他操作”或“已清除”状态的时间(分钟)。") : Amended ToSubclass] uint32 ReportingCriticalFailureTimeOut,[In,Description("检测到“失败”状态到转换为“已清除”状态的时间(分钟)。") : Amended ToSubclass] uint32 ReportingNonCriticalTimeOut,[In,Description("指定扫描期间 CPU 使用率的最大百分比。使用此策略设置，可以配置扫描期间允许的最大 CPU 使用率百分比。此设置的有效值为以整数 5 到 100 表示的百分比。值为 0 指示 CPU 使用率不应有限制。") : Amended ToSubclass] uint8 ScanAvgCPULoadFactor,[In,Description("设置后，Windows Defender 将在运行扫描前检查新签名。如果找到新签名，则将先下载并安装这些签名，然后再开始扫描。如果未找到新签名，将基于现有签名启动扫描。") : Amended ToSubclass] boolean CheckForSignaturesBeforeRunningScan,[In,Description("启用从扫描历史记录文件夹中删除项。此设置定义项在永久删除前应保留在扫描历史记录文件夹中的天数。该值表示在文件夹中保留项的天数。如果设置为零，则将永远保留项，不会将其自动删除。") : Amended ToSubclass] uint32 ScanPurgeItemsAfterDelay,[In,Description("仅当系统处于空闲状态时才运行计划的扫描。") : Amended ToSubclass] boolean ScanOnlyIfIdleEnabled,[In,Description("指定要用于计划的扫描的扫描类型。") : Amended ToSubclass,Values{"快速扫描", "完全扫描"} : Amended ToSubclass] uint8 ScanParameters,[In,Description("指定星期几运行计划的扫描。") : Amended ToSubclass,Values{"每天", "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六", "从不"} : Amended ToSubclass] uint8 ScanScheduleDay,[In,Description("指定在一天的什么时间运行计划的快速扫描。") : Amended ToSubclass] datetime ScanScheduleQuickScanTime,[In,Description("指定在一天的什么时间运行计划的扫描。") : Amended ToSubclass] datetime ScanScheduleTime,[In,Description("在紧接着首次安装后的已配置时间内中止所有服务启动的更新。") : Amended ToSubclass] uint32 SignatureFirstAuGracePeriod,[In,Description("重写 CheckForSignatureBeforeRunningScan。如果签名在此时间内已成功更新，则中止所有服务启动的更新。时间以分钟为单位。") : Amended ToSubclass] uint32 SignatureAuGracePeriod,[In,Description("定义用于下载定义更新的文件共享。使用此设置，可以配置用于下载定义更新的 UNC 文件共享源。将按指定的顺序联系源。应以竖线分隔的、枚举定义更新源的字符串形式输入此设置的值。例如: {\\unc1 | \\unc2 }。默认情况下，该列表为空。") : Amended ToSubclass] string SignatureDefinitionUpdateFileSharesSources,[In,Description("如果设置为 true，则 AM 服务在启动时将不会启动定义更新(无论引擎是否存在)。") : Amended ToSubclass] boolean SignatureDisableUpdateOnStartupWithoutEngine,[In,Description("Define the order of sources for downloading definition updates This setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: 'InternalDefinitionUpdateServer'  'MicrosoftUpdateServer'  'MMPC'  'FileShares' ") : Amended ToSubclass] string SignatureFallbackOrder,[In,Description("Indicates the day of the week in which signature updates occur. If set to zero then signature update occurs daily.") : Amended ToSubclass,Values{"每天", "星期日", "星期一", "星期二", "星期三", "星期四", "星期五", "星期六", "从不"} : Amended ToSubclass] uint8 SignatureScheduleDay,[In,Description("指定签名更新检查发生的时间。默认情况下，会在计划的扫描开始之前检查签名。") : Amended ToSubclass] datetime SignatureScheduleTime,[In,Description("定义在多少天后确保提供更新签名。可以使用 SignatureUpdateLastChecked。0 = 无更新，1 = 1 天，2 = 2 天，等等。") : Amended ToSubclass] uint32 SignatureUpdateCatchupInterval,[In,Description("时间值以更新检查间隔的小时数表示。有效值范围为 1(每小时)到 24(每天一次)。") : Amended ToSubclass] uint32 SignatureUpdateInterval,[In,Description("加入 Microsoft MAPS。") : Amended ToSubclass,Values{"已禁用", "基本", "Advanced"} : Amended ToSubclass] uint8 MAPSReporting,[In,Description("Consent for sample submission.") : Amended ToSubclass,Values{"无", "Always", "从不"} : Amended ToSubclass] uint8 SubmitSamplesConsent,[Description("禁用隐私模式。") : Amended ToSubclass,in] boolean DisablePrivacyMode,[In,Description("使用此设置，可以允许或禁止随机选择计划的扫描开始时间和计划的定义更新开始时间。此设置用于分散扫描对资源的影响。例如，可以在共享主机的来宾虚拟机中使用此设置，以防止多个来宾虚拟机同时执行占用大量磁盘空间的操作。") : Amended ToSubclass] boolean RandomizeScheduleTaskTimes,[In,Description("禁用行为监视。") : Amended ToSubclass] boolean DisableBehaviorMonitoring,[In,Description("禁用入侵防护系统。") : Amended ToSubclass] boolean DisableIntrusionPreventionSystem,[In,Description("禁用 IOAV 保护。") : Amended ToSubclass] boolean DisableIOAVProtection,[In,Description("禁用实时监视。") : Amended ToSubclass] boolean DisableRealtimeMonitoring,[In,Description("禁用脚本扫描。") : Amended ToSubclass] boolean DisableScriptScanning,[In,Description("禁用存档扫描。") : Amended ToSubclass] boolean DisableArchiveScanning,[In,Description("禁用更新完全扫描。更新扫描是指由于错过了计划的定期扫描而启动的扫描。通常，这些计划的扫描是由于计算机在计划的时间处于关闭状态而错过的。") : Amended ToSubclass] boolean DisableCatchupFullScan,[In,Description("禁用更新快速扫描。更新扫描是指由于错过了计划的定期扫描而启动的扫描。通常，这些计划的扫描是由于计算机在计划的时间处于关闭状态而错过的。") : Amended ToSubclass] boolean DisableCatchupQuickScan,[In,Description("禁用电子邮件扫描。") : Amended ToSubclass] boolean DisableEmailScanning,[In,Description("禁用可移动驱动器扫描。") : Amended ToSubclass] boolean DisableRemovableDriveScanning,[In,Description("禁用还原点。") : Amended ToSubclass] boolean DisableRestorePoint,[In,Description("禁止在已映射的网络驱动器上运行完全扫描。") : Amended ToSubclass] boolean DisableScanningMappedNetworkDrivesForFullScan,[In,Description("禁止扫描网络文件。") : Amended ToSubclass] boolean DisableScanningNetworkFiles,[In,Description("启用 UI 锁定模式。") : Amended ToSubclass] boolean UILockdown,[In,Description("威胁 ID，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 中 ID 的相同顺序指定 ThreatIDDefaultAction_Actions 中的操作") : Amended ToSubclass] sint64 ThreatIDDefaultAction_Ids[],[In,Description("威胁的默认操作，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 属性中指定的相应 ID 顺序指定这些操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 ThreatIDDefaultAction_Actions[],[In,Description("未知威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 UnknownThreatDefaultAction,[In,Description("严重性为“低”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 LowThreatDefaultAction,[In,Description("严重性为“中等”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 ModerateThreatDefaultAction,[In,Description("严重性为“高”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 HighThreatDefaultAction,[In,Description("严重性为“严重”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 SevereThreatDefaultAction,[In,Description("指定 PUA (可能有害的应用程序)防护模式。") : Amended ToSubclass,Values{"已禁用", "已启用", "审核模式"} : Amended ToSubclass] uint8 PUAProtection,[In,Description("禁用“首次看到时阻止”。") : Amended ToSubclass] boolean DisableBlockAtFirstSeen,[In,Description("默认情况下，此 cmdlet 需获得用户确认。如果指定 -Force，则不进行默认情况下所需的用户确认。") : Amended ToSubclass] boolean Force);
  uint32 Remove([In,Description("允许管理员明确禁止扫描时检查列出的任何路径。") : Amended ToSubclass] string ExclusionPath[],[In,Description("允许管理员明确禁止扫描时检查列出的任何扩展。") : Amended ToSubclass] string ExclusionExtension[],[In,Description("允许管理员明确禁止扫描时检查列出的任何进程。") : Amended ToSubclass] string ExclusionProcess[],[In,Description("威胁 ID，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 中 ID 的相同顺序指定 ThreatIDDefaultAction_Actions 中的操作") : Amended ToSubclass] sint64 ThreatIDDefaultAction_Ids[],[In,Description("未知威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] boolean UnknownThreatDefaultAction,[In,Description("严重性为“低”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] boolean LowThreatDefaultAction,[In,Description("严重性为“中等”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] boolean ModerateThreatDefaultAction,[In,Description("严重性为“高”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] boolean HighThreatDefaultAction,[In,Description("严重性为“严重”的威胁的默认操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] boolean SevereThreatDefaultAction,[In,Description("默认情况下，此 cmdlet 需获得用户确认。如果指定 -Force，则不进行默认情况下所需的用户确认。") : Amended ToSubclass] boolean Force);
  uint32 Add([In,Description("允许管理员明确禁止扫描时检查列出的任何路径。") : Amended ToSubclass] string ExclusionPath[],[In,Description("允许管理员明确禁止扫描时检查列出的任何扩展。") : Amended ToSubclass] string ExclusionExtension[],[In,Description("允许管理员明确禁止扫描时检查列出的任何进程。") : Amended ToSubclass] string ExclusionProcess[],[In,Description("威胁 ID，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 中 ID 的相同顺序指定 ThreatIDDefaultAction_Actions 中的操作") : Amended ToSubclass] sint64 ThreatIDDefaultAction_Ids[],[In,Description("威胁的默认操作，检测到这些威胁时，不应对其执行默认操作。需要以 ThreatIDDefaultAction_Ids 属性中指定的相应 ID 顺序指定这些操作。") : Amended ToSubclass,Values{"清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 ThreatIDDefaultAction_Actions[],[In,Description("默认情况下，此 cmdlet 需获得用户确认。如果指定 -Force，则不进行默认情况下所需的用户确认。") : Amended ToSubclass] boolean Force);
};

[Version("1.0") : Amended,Description("The Windows Defender Scan Class") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpScan
{
};

[Version("1.0") : Amended,Description("The Windows Defender Signature Class") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpSignature
{
};

[Description("这是一个表示 Microsoft 反恶意软件服务感染状态的 Singleton") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpThreat : BaseStatus
{
  [Description("架构版本") : Amended ToSubclass] string SchemaVersion;
  [Description("唯一的检测 ID") : Amended ToSubclass,key] sint64 ThreatID;
  [Description("威胁的名称") : Amended ToSubclass] string ThreatName;
  [Description("严重性 ID - 枚举") : Amended ToSubclass,Values{"未知", "低", "中", "高", "严重"} : Amended ToSubclass] uint8 SeverityID;
  [Description("类别 ID - 枚举") : Amended ToSubclass,Values{"INVALID", "ADWARE", "SPYWARE", "PASSWORDSTEALER", "TROJANDOWNLOADER", "WORM", "BACKDOOR", "REMOTEACCESSTROJAN", "TROJAN", "EMAILFLOODER", "KEYLOGGER", "DIALER", "MONITORINGSOFTWARE", "BROWSERMODIFIER", "COOKIE", "BROWSERPLUGIN", "AOLEXPLOIT", "NUKER", "SECURITYDISABLER", "JOKEPROGRAM", "HOSTILEACTIVEXCONTROL", "SOFTWAREBUNDLER", "STEALTHNOTIFIER", "SETTINGSMODIFIER", "TOOLBAR", "REMOTECONTROLSOFTWARE", "TROJANFTP", "POTENTIALUNWANTEDSOFTWARE", "ICQEXPLOIT", "TROJANTELNET", "FILESHARINGPROGRAM", "MALWARE_CREATION_TOOL", "REMOTE_CONTROL_SOFTWARE", "TOOL", "TROJAN_DENIALOFSERVICE", "TROJAN_DROPPER", "TROJAN_MASSMAILER", "TROJAN_MONITORINGSOFTWARE", "TROJAN_PROXYSERVER", "VIRUS", "KNOWN", "UNKNOWN", "SPP", "BEHAVIOR", "VULNERABILTIY", "POLICY"} : Amended ToSubclass] uint8 CategoryID;
  [Description("类型 ID - 枚举") : Amended ToSubclass,Values{"已知错误", "行为", "未知", "已知正确", "NRI"} : Amended ToSubclass] uint8 TypeID;
  [Description("威胁汇总状态") : Amended ToSubclass,BitValues{"ThreatClean", "RebootRequired", "OfflineScanRequired", "ManualStepsRequired", "FullScanRequired", "ReinfectionLoop", "Executed"} : Amended ToSubclass] uint32 RollupStatus;
  [Description("受威胁影响的资源的列表") : Amended ToSubclass] string Resources[];
  [Description("指定是否已执行威胁") : Amended ToSubclass] boolean DidThreatExecute;
  [Description("指定威胁是否处于活动状态") : Amended ToSubclass] boolean IsActive;
};

[Description("此类表示已识别威胁的目录") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpThreatCatalog : BaseStatus
{
  [Description("唯一的检测 ID") : Amended ToSubclass,key] sint64 ThreatID;
  [Description("威胁的名称") : Amended ToSubclass] string ThreatName;
  [Description("严重性 ID - 枚举") : Amended ToSubclass,Values{"未知", "低", "中", "高", "严重"} : Amended ToSubclass] uint8 SeverityID;
  [Description("类别 ID - 枚举") : Amended ToSubclass,Values{"INVALID", "ADWARE", "SPYWARE", "PASSWORDSTEALER", "TROJANDOWNLOADER", "WORM", "BACKDOOR", "REMOTEACCESSTROJAN", "TROJAN", "EMAILFLOODER", "KEYLOGGER", "DIALER", "MONITORINGSOFTWARE", "BROWSERMODIFIER", "COOKIE", "BROWSERPLUGIN", "AOLEXPLOIT", "NUKER", "SECURITYDISABLER", "JOKEPROGRAM", "HOSTILEACTIVEXCONTROL", "SOFTWAREBUNDLER", "STEALTHNOTIFIER", "SETTINGSMODIFIER", "TOOLBAR", "REMOTECONTROLSOFTWARE", "TROJANFTP", "POTENTIALUNWANTEDSOFTWARE", "ICQEXPLOIT", "TROJANTELNET", "FILESHARINGPROGRAM", "MALWARE_CREATION_TOOL", "REMOTE_CONTROL_SOFTWARE", "TOOL", "TROJAN_DENIALOFSERVICE", "TROJAN_DROPPER", "TROJAN_MASSMAILER", "TROJAN_MONITORINGSOFTWARE", "TROJAN_PROXYSERVER", "VIRUS", "KNOWN", "UNKNOWN", "SPP", "BEHAVIOR", "VULNERABILTIY", "POLICY"} : Amended ToSubclass] uint8 CategoryID;
  [Description("类型 ID - 枚举") : Amended ToSubclass,Values{"已知错误", "行为", "未知", "已知正确", "NRI"} : Amended ToSubclass] uint8 TypeID;
};

[Description("这是一个表示威胁的当前详细状态的类") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpThreatDetection : BaseStatus
{
  [Description("唯一的检测 ID") : Amended ToSubclass,key] string DetectionID;
  [Description("唯一的威胁 ID") : Amended ToSubclass,key] sint64 ThreatID;
  [Description("所涉及的进程的名称") : Amended ToSubclass] string ProcessName;
  [Description("请求了修正的用户") : Amended ToSubclass] string DomainUser;
  [Description("检测源类型 ID - 枚举") : Amended ToSubclass,Values{"未知", "用户", "系统", "实时", "IOAV", "NRI", "ELAM", "LocalAttestation", "RemoteAttestation"} : Amended ToSubclass] uint8 DetectionSourceTypeID;
  [Description("受检测影响的资源列表") : Amended ToSubclass] string Resources[];
  [Description("初始威胁检测时间") : Amended ToSubclass] datetime InitialDetectionTime;
  [Description("威胁状态的最新更改时间") : Amended ToSubclass] datetime LastThreatStatusChangeTime;
  [Description("修复的时间。") : Amended ToSubclass] datetime RemediationTime;
  [Description("执行状态 ID - 枚举") : Amended ToSubclass,Values{"未知", "已阻止", "已允许", "Executing", "NotExecuting"} : Amended ToSubclass] uint8 CurrentThreatExecutionStatusID;
  [Description("威胁状态 ID - 枚举") : Amended ToSubclass,Values{"未知", "已检测", "已清理", "已隔离", "已删除", "已允许", "已阻止", "CleanFailed", "QuarantineFailed", "RemoveFailed", "AllowFailed", "Abandoned", "BlockedFailed"} : Amended ToSubclass] uint8 ThreatStatusID;
  [Description("威胁状态错误代码") : Amended ToSubclass] sint32 ThreatStatusErrorCode;
  [Description("清除操作 - 枚举") : Amended ToSubclass,BitValues{"未知", "清除", "隔离", "删除", "允许", "UserDefined", "NoAction", "Block"} : Amended ToSubclass] uint8 CleaningActionID;
  [Description("产品版本(主要、次要、内部、修订)") : Amended ToSubclass] string AMProductVersion;
  [Description("指定清除操作是否成功") : Amended ToSubclass] boolean ActionSuccess;
  [Description("需要执行其他操作才能完成修正 - 枚举") : Amended ToSubclass,Values{"无", "FullScanRequired", "RebootRequired", "FullScanAndRebootRequired", "ManualStepsRequired", "FullScanAndManualStepsRequired", "RebootAndManualStepsRequired", "FullScanAndRebootAndManualStepsRequired", "OfflineScanRequired", "FullScanAndOfflineScanRequired", "RebootAndOfflineScanRequired", "FullScanAndRebootAndOfflineScanRequired", "ManualStepsAndOfflineScanRequired", "FullScanAndManualStepsAndOfflineScanRequired", "RebootAndManualStepsAndOfflineScanRequired", "FullScanAndRebootAndManualStepsAndOfflineScanRequired"} : Amended ToSubclass] uint32 AdditionalActionsBitMask;
};

[Version("1.0") : Amended,Description("Windows Defender WDO 扫描类") : Amended ToSubclass,AMENDMENT, LOCALE("MS_804")] 
class MSFT_MpWDOScan
{
};