How can i remove threat using Windows Defender Functions

谁说胖子不能爱 提交于 2020-12-07 05:18:28

问题


I am using Windows Defender Function to scan folder.

First I opened windows defender manager using MpManagerOpen. Next I started scanning using MpScanStart function. And then, I enumerated all threats using MpThreatOpen function.

My goal is how to remove these threats using Windows Defender Function.

At MSDN there is no threat remove function.

After googling i found MpCleanStart function but i don't know how to use.

Please help me.

Thank you for you help.

This is my code.

    MPHANDLE        w_handle = NULL;
    MPHANDLE        w_scan_handle = NULL;
    MPHANDLE        w_threat_handle = NULL;
    HRESULT         w_result = S_OK;    
    MPSCAN_TYPE     w_type = MPSCAN_TYPE_RESOURCE;
    MPSCAN_RESOURCES w_scan_resource = {0};
    MPRESOURCE_INFO w_resource_info[1] = {0};
    LPWSTR          w_err_msg = NULL;
    MPCALLBACK_DATA w_callback_data;
    PMPTHREAT_INFO  w_threat_info_list = NULL;

    // Open
    w_result = MpManagerOpen(0, &w_handle);
    if (w_result != S_OK)
    {
        goto L_EXIT;
    }

    // Scan
    w_resource_info[0].Path = L"N:\\";
    w_resource_info[0].Scheme = L"folder";
    w_resource_info[0].Class = 0;

    w_scan_resource.dwResourceCount = 1;
    w_scan_resource.pResourceList = w_resource_info;    
    
    w_result = MpScanStart(w_handle, w_type, 0, (PMPSCAN_RESOURCES)&w_scan_resource, NULL, &w_scan_handle);
    if (w_result != S_OK)
    {
        MpErrorMessageFormat(w_handle, w_result, &w_err_msg);
        goto L_EXIT;
    }
    
    // Threat Open
    w_result = MpThreatOpen(w_scan_handle, MPTHREAT_SOURCE_SCAN, MPTHREAT_TYPE_KNOWNBAD, &w_threat_handle);
    if (w_result != S_OK)
    {
        MpErrorMessageFormat(w_handle, w_result, &w_err_msg);
        goto L_EXIT;
    }

    // Threat Enum
    while (TRUE)
    {
        w_result = MpThreatEnumerate(w_threat_handle, &w_threat_info_list);
        if (w_result != S_OK)
        {
            break;
        }
    }
    

    // Remove Threat


L_EXIT:
    if (w_handle)
    {
        MpHandleClose(w_handle);
    }

    if (w_scan_handle)
    {
        MpHandleClose(w_scan_handle);
    }

    if (w_err_msg)
    {
        MpFreeMemory(w_err_msg);
    }
    return w_result;

来源:https://stackoverflow.com/questions/64061445/how-can-i-remove-threat-using-windows-defender-functions

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!