问题
I am using Windows Defender Function to scan folder.
First I opened windows defender manager using MpManagerOpen. Next I started scanning using MpScanStart function. And then, I enumerated all threats using MpThreatOpen function.
My goal is how to remove these threats using Windows Defender Function.
At MSDN there is no threat remove function.
After googling i found MpCleanStart function but i don't know how to use.
Please help me.
Thank you for you help.
This is my code.
MPHANDLE w_handle = NULL;
MPHANDLE w_scan_handle = NULL;
MPHANDLE w_threat_handle = NULL;
HRESULT w_result = S_OK;
MPSCAN_TYPE w_type = MPSCAN_TYPE_RESOURCE;
MPSCAN_RESOURCES w_scan_resource = {0};
MPRESOURCE_INFO w_resource_info[1] = {0};
LPWSTR w_err_msg = NULL;
MPCALLBACK_DATA w_callback_data;
PMPTHREAT_INFO w_threat_info_list = NULL;
// Open
w_result = MpManagerOpen(0, &w_handle);
if (w_result != S_OK)
{
goto L_EXIT;
}
// Scan
w_resource_info[0].Path = L"N:\\";
w_resource_info[0].Scheme = L"folder";
w_resource_info[0].Class = 0;
w_scan_resource.dwResourceCount = 1;
w_scan_resource.pResourceList = w_resource_info;
w_result = MpScanStart(w_handle, w_type, 0, (PMPSCAN_RESOURCES)&w_scan_resource, NULL, &w_scan_handle);
if (w_result != S_OK)
{
MpErrorMessageFormat(w_handle, w_result, &w_err_msg);
goto L_EXIT;
}
// Threat Open
w_result = MpThreatOpen(w_scan_handle, MPTHREAT_SOURCE_SCAN, MPTHREAT_TYPE_KNOWNBAD, &w_threat_handle);
if (w_result != S_OK)
{
MpErrorMessageFormat(w_handle, w_result, &w_err_msg);
goto L_EXIT;
}
// Threat Enum
while (TRUE)
{
w_result = MpThreatEnumerate(w_threat_handle, &w_threat_info_list);
if (w_result != S_OK)
{
break;
}
}
// Remove Threat
L_EXIT:
if (w_handle)
{
MpHandleClose(w_handle);
}
if (w_scan_handle)
{
MpHandleClose(w_scan_handle);
}
if (w_err_msg)
{
MpFreeMemory(w_err_msg);
}
return w_result;
来源:https://stackoverflow.com/questions/64061445/how-can-i-remove-threat-using-windows-defender-functions