/*++ Copyright (c) Microsoft Corporation. All rights reserved. Module Name: mpclient.h Abstract: Master include file for WD client interface. --*/ #pragma once #ifndef _MPCLIENT_ #define _MPCLIENT_ typedef HANDLE *PMPHANDLE; typedef HANDLE MPHANDLE; typedef ULONG MPTHREAT_ID; typedef ULONG MPRESOURCE_CLASS; #define MP_RESOURCE_CLASS_UNKNOWN 0 #define MP_RESOURCE_CLASS_CONCRETE 0x0001 #define MP_RESOURCE_CLASS_LATENT 0x0002 #define MP_RESOURCE_CLASS_SAMPLE_FILE 0x0004 #define MP_RESOURCE_CLASS_SHARED 0x0100 #ifdef __midl #define FAR #define MP_MIDL_STRING [string, unique] #else #define MP_MIDL_STRING #endif // __midl typedef struct tagMPCOMPONENT_VERSION { ULONGLONG Version; ULARGE_INTEGER UpdateTime; } MPCOMPONENT_VERSION, *PMPCOMPONENT_VERSION; typedef struct tagMPVERSION_INFO { MPCOMPONENT_VERSION Product; MPCOMPONENT_VERSION Service; MPCOMPONENT_VERSION FileSystemFilter; MPCOMPONENT_VERSION Engine; MPCOMPONENT_VERSION ASSignature; MPCOMPONENT_VERSION AVSignature; MPCOMPONENT_VERSION NISEngine; MPCOMPONENT_VERSION NISSignature; MPCOMPONENT_VERSION Reserved[4]; } MPVERSION_INFO, *PMPVERSION_INFO; typedef enum tagMPTHREAT_TYPE { MPTHREAT_TYPE_KNOWNBAD = 0, MPTHREAT_TYPE_BEHAVIOR = 1, MPTHREAT_TYPE_UNKNOWN = 2, MPTHREAT_TYPE_KNOWNGOOD = 3, MPTHREAT_TYPE_NIS = 4, MPTHREAT_TYPE_MAXVALUE = 4 } MPTHREAT_TYPE, *PMPTHREAT_TYPE; typedef enum tagMPTHREAT_SEVERITY { MP_THREAT_SEVERITY_UNKNOWN = 0, MP_THREAT_SEVERITY_LOW = 1, MP_THREAT_SEVERITY_MODERATE = 2, MP_THREAT_SEVERITY_HIGH = 4, MP_THREAT_SEVERITY_SEVERE = 5, MP_THREAT_SEVERITY_MAXVALUE = 5 } MPTHREAT_SEVERITY, *PMPTHREAT_SEVERITY; typedef enum tagMPTHREAT_CATEGORY { MP_THREAT_CATEGORY_INVALID = 0, MP_THREAT_CATEGORY_ADWARE = 1, MP_THREAT_CATEGORY_SPYWARE = 2, MP_THREAT_CATEGORY_PASSWORDSTEALER = 3, MP_THREAT_CATEGORY_TROJANDOWNLOADER = 4, MP_THREAT_CATEGORY_WORM = 5, MP_THREAT_CATEGORY_BACKDOOR = 6, MP_THREAT_CATEGORY_REMOTEACCESSTROJAN = 7, MP_THREAT_CATEGORY_TROJAN = 8, MP_THREAT_CATEGORY_EMAILFLOODER = 9, MP_THREAT_CATEGORY_KEYLOGGER = 10, MP_THREAT_CATEGORY_DIALER = 11, MP_THREAT_CATEGORY_MONITORINGSOFTWARE = 12, MP_THREAT_CATEGORY_BROWSERMODIFIER = 13, MP_THREAT_CATEGORY_COOKIE = 14, MP_THREAT_CATEGORY_BROWSERPLUGIN = 15, MP_THREAT_CATEGORY_AOLEXPLOIT = 16, MP_THREAT_CATEGORY_NUKER = 17, MP_THREAT_CATEGORY_SECURITYDISABLER = 18, MP_THREAT_CATEGORY_JOKEPROGRAM = 19, MP_THREAT_CATEGORY_HOSTILEACTIVEXCONTROL = 20, MP_THREAT_CATEGORY_SOFTWAREBUNDLER = 21, MP_THREAT_CATEGORY_STEALTHNOTIFIER = 22, MP_THREAT_CATEGORY_SETTINGSMODIFIER = 23, MP_THREAT_CATEGORY_TOOLBAR = 24, MP_THREAT_CATEGORY_REMOTECONTROLSOFTWARE = 25, MP_THREAT_CATEGORY_TROJANFTP = 26, MP_THREAT_CATEGORY_POTENTIALUNWANTEDSOFTWARE = 27, MP_THREAT_CATEGORY_ICQEXPLOIT = 28, MP_THREAT_CATEGORY_TROJANTELNET = 29, MP_THREAT_CATEGORY_EXPLOIT = 30, MP_THREAT_CATEGORY_FILESHARINGPROGRAM = 31, MP_THREAT_CATEGORY_MALWARE_CREATION_TOOL = 32, MP_THREAT_CATEGORY_REMOTE_CONTROL_SOFTWARE = 33, MP_THREAT_CATEGORY_TOOL = 34, MP_THREAT_CATEGORY_TROJAN_DENIALOFSERVICE = 36, MP_THREAT_CATEGORY_TROJAN_DROPPER = 37, MP_THREAT_CATEGORY_TROJAN_MASSMAILER = 38, MP_THREAT_CATEGORY_TROJAN_MONITORINGSOFTWARE = 39, MP_THREAT_CATEGORY_TROJAN_PROXYSERVER = 40, MP_THREAT_CATEGORY_VIRUS = 42, MP_THREAT_CATEGORY_KNOWN = 43, MP_THREAT_CATEGORY_UNKNOWN = 44, MP_THREAT_CATEGORY_SPP = 45, MP_THREAT_CATEGORY_BEHAVIOR = 46, MP_THREAT_CATEGORY_VULNERABILTIY = 47, MP_THREAT_CATEGORY_POLICY = 48, MP_THREAT_CATEGORY_EUS = 49, MP_THREAT_CATEGORY_RANSOM = 50 } MPTHREAT_CATEGORY, *PMPTHREAT_CATEGORY; typedef enum tagMPTHREAT_STATUS { MP_THREAT_STATUS_UNKNOWN = 0, MP_THREAT_STATUS_DETECTED = 1, MP_THREAT_STATUS_CLEANED = 2, MP_THREAT_STATUS_QUARANTINED = 3, MP_THREAT_STATUS_REMOVED = 4, MP_THREAT_STATUS_ALLOWED = 5, MP_THREAT_STATUS_BLOCKED = 6, MP_THREAT_STATUS_CLEAN_FAILED = 102, MP_THREAT_STATUS_QUARANTINE_FAILED = 103, MP_THREAT_STATUS_REMOVE_FAILED = 104, MP_THREAT_STATUS_ALLOW_FAILED = 105, MP_THREAT_STATUS_ABANDONED = 106, MP_THREAT_STATUS_BLOCK_FAILED = 107 } MPTHREAT_STATUS, *PMPTHREAT_STATUS; typedef enum tagMPTHREAT_ACTION { MP_THREAT_ACTION_UNKNOWN = 0, MP_THREAT_ACTION_CLEAN = 1, MP_THREAT_ACTION_QUARANTINE = 2, MP_THREAT_ACTION_REMOVE = 3, MP_THREAT_ACTION_ALLOW = 6, MP_THREAT_ACTION_USERDEFINED = 8, MP_THREAT_ACTION_NOACTION = 9, MP_THREAT_ACTION_BLOCK = 10, MP_THREAT_ACTION_MAX_VALUE = 10 } MPTHREAT_ACTION, *PMPTHREAT_ACTION; typedef enum tagMPSTATUS_FLAG { MP_STATUS_FLAG_NONE = 0, MP_STATUS_FLAG_SERVICE_UNAVAILABLE = 1 << 0, MP_STATUS_FLAG_MPENGINE_UNAVAILABLE = 1 << 1, MP_STATUS_FLAG_THREAT_FULLSCAN_REQUIRED = 1 << 2, MP_STATUS_FLAG_THREAT_REBOOT_REQUIRED = 1 << 3, MP_STATUS_FLAG_THREAT_MANUAL_STEPS_REQUIRED = 1 << 4, MP_STATUS_FLAG_DUE_AV_SIGNATURE = 1 << 5, MP_STATUS_FLAG_DUE_AS_SIGNATURE = 1 << 6, MP_STATUS_FLAG_DUE_QUICK_SCAN = 1 << 7, MP_STATUS_FLAG_DUE_FULL_SCAN = 1 << 8, MP_STATUS_FLAG_INPROGRESS_SYSTEM_SCAN = 1 << 9, MP_STATUS_FLAG_INPROGRESS_ROUTINE_CLEANING = 1 << 10, MP_STATUS_FLAG_DUE_SAMPLES = 1 << 11, MP_STATUS_FLAG_EVALUATION_MODE = 1 << 12, MP_STATUS_FLAG_NONGENUINE = 1 << 13, MP_STATUS_FLAG_PRODUCT_EXPIRED = 1 << 14, MP_STATUS_FLAG_THREAT_CALLISTO_REQUIRED = 1 << 15, MP_STATUS_FLAG_SERVICE_ON_SYSTEM_SHUTDOWN = 1 << 16, MP_STATUS_FLAG_SERVICE_CRITICAL_FAILURE = 1 << 17, MP_STATUS_FLAG_SERVICE_NON_CRITICAL_FAILURE = 1 << 18, MP_STATUS_FLAG_HEALTH_INITIALIZED = 1 << 19, MP_STATUS_FLAG_DUE_PLATFORM_UPDATE = 1 << 20, MP_STATUS_FLAG_INPROGRESS_PLATFORM_UPDATE = 1 << 21, MP_STATUS_FLAG_PLATFORM_ABOUT_TO_BE_OUTDATED = 1 << 22, MP_STATUS_FLAG_END_OF_LIFE = 1 << 23, MP_STATUS_FLAG_MAX = 1 << 23, MP_STATUS_FLAG_ALL = (1 << 24) - 1 } MPSTATUS_FLAG, *PMPSTATUS_FLAG; typedef struct tagMPRESOURCE_INFO { MP_MIDL_STRING LPWSTR Scheme; MP_MIDL_STRING LPWSTR Path; MPRESOURCE_CLASS Class; } MPRESOURCE_INFO, *PMPRESOURCE_INFO; typedef enum tagMPTHREAT_DETECTION { MP_THREAT_DETECTION_CONCRETE = 0, MP_THREAT_DETECTION_HEURISTIC = 1, MP_THREAT_DETECTION_GENERIC = 2, MP_THREAT_DETECTION_SUSPICIOUS = 4, MP_THREAT_DETECTION_FASTPATH = 8 } MPTHREAT_DETECTION, *PMPTHREAT_DETECTION; typedef enum tagMPEXECUTION_STATUS { MP_EXECUTION_STATUS_UNKNOWN = 0, MP_EXECUTION_STATUS_BLOCKED = 1, MP_EXECUTION_STATUS_ALLOWED = 2, MP_EXECUTION_STATUS_EXECUTING = 3, MP_EXECUTION_STATUS_NOT_EXECUTING = 4 } MPEXECUTION_STATUS, *PMPEXECUTION_STATUS; typedef enum tagMP_FASTPATH_TYPE { MP_FASTPATH_UNKNOWN = 0, MP_FASTPATH_VDM = 1, MP_FASTPATH_DISABLED = 2 } MP_FASTPATH_TYPE, *PMP_FASTPATH_TYPE; typedef enum tagMP_HASH_TYPE { MP_HASH_TYPE_NONE = 0, MP_HASH_TYPE_CRC32 = 2, MP_HASH_TYPE_MD5 = 4, MP_HASH_TYPE_SHA1 = 8, MP_HASH_TYPE_SHA256 = 16 } MP_HASH_TYPE, *PMP_HASH_TYPE; typedef struct tagMPTHREAT_INFOEX_UNUSED { DWORD dwNone; } MPTHREAT_INFOEX_UNUSED, *PMPTHREAT_INFOEX_UNUSED; typedef struct tagMPTHREAT_INFOEX_BEHAVIOR { ULARGE_INTEGER SignatureID; ULONGLONG EngineVersion; ULONGLONG ASDeltaSignatureVersion; ULONGLONG AVDeltaSignatureVersion; MP_HASH_TYPE HashType; DWORD FidelityValue; MP_MIDL_STRING LPWSTR HashValue; MP_MIDL_STRING LPWSTR TargetFileName; MP_MIDL_STRING LPWSTR TargetFileHash; } MPTHREAT_INFOEX_BEHAVIOR, *PMPTHREAT_INFOEX_BEHAVIOR; typedef struct tagMPTHREAT_INFOEX_NIS { MP_MIDL_STRING LPWSTR SourceIP; MP_MIDL_STRING LPWSTR DestinationIP; DWORD dwSourceport; DWORD dwDestinationport; MP_MIDL_STRING LPWSTR Protocol; MP_MIDL_STRING LPWSTR Link; } MPTHREAT_INFOEX_NIS, *PMPTHREAT_INFOEX_NIS; typedef enum tagMPDETECTION_STATE { MPDETECTION_STATE_UNKNOWN = 0, MPDETECTION_STATE_ACTIVE = 1, MPDETECTION_STATE_FINISHED = 2, MPDETECTION_STATE_ADDITIONAL_ACTIONS = 3, MPDETECTION_STATE_FAILED = 4, MPDETECTION_STATE_CRITICALLY_FAILED = 5, MPDETECTION_STATE_CLEARED = 6 } MPDETECTION_STATE, *PMPDETECTION_STATE; typedef enum tagMPSOURCE { MPSOURCE_UNKNOWN = 0, MPSOURCE_USER = 1, MPSOURCE_SYSTEM = 2, MPSOURCE_REALTIME = 3, MPSOURCE_IOAV = 4, MPSOURCE_NIS = 5, MPSOURCE_BHO = 6, MPSOURCE_IEPROTECT = 6, MPSOURCE_ELAM = 7, MPSOURCE_LOCAL_ATTESTATION = 8, MPSOURCE_REMOTE_ATTESTATION = 9, MPSOURCE_AMSI = 10, MP_SOURCE_MAXVALUE = 10 } MPSOURCE, *PMPSOURCE; typedef enum tagMPDETECTION_ORIGIN { MPDETECTION_ORIGIN_UNKNOWN = 0, MPDETECTION_ORIGIN_LOCAL_MACHINE = 1 << 0, MPDETECTION_ORIGIN_NETWORKSHARE = 1 << 1, MPDETECTION_ORIGIN_INTERNET = 1 << 2, MPDETECTION_ORIGIN_OUTBOUND = 1 << 3, MPDETECTION_ORIGIN_INBOUND = 1 << 4 } MPDETECTION_ORIGIN, *PMPDETECTION_ORIGIN; typedef enum tagMPRESOLVED_REASON { MPRESOLVED_REASON_UNKNOWN = 0, MPRESOLVED_REASON_FULL_SCAN = 1, MPRESOLVED_REASON_TIMED_OUT = 2 } MPRESOLVED_REASON, *PMPRESOLVED_REASON; typedef enum tagMPTHREAD_SOURCE { MPTHREAT_SOURCE_SCAN = 0, MPTHREAT_SOURCE_ACTIVE = 1, MPTHREAT_SOURCE_HISTORY = 2, MPTHREAT_SOURCE_QUARANTINE = 3, MPTHREAT_SOURCE_SIGNATURE = 4, MPTHREAT_SOURCE_STATE = 5, MPTHREAT_SOURCE_MAXVALUE = 5 } MPTHREAT_SOURCE, *PMPTHREAT_SOURCE; typedef struct tagMPTHREAT_INFO { MPTHREAT_ID ThreatID; GUID DetectionID; MP_MIDL_STRING LPWSTR Name; MPTHREAT_TYPE ThreatType; MPTHREAT_SEVERITY ThreatCriticality; MPTHREAT_CATEGORY ThreatCategory; DWORD ThreatShortDescriptionID; DWORD ThreatAdviseDescriptionID; MPTHREAT_STATUS ThreatStatus; DWORD SuggestedActionCount; MPTHREAT_ACTION SuggestedActionArray[ANYSIZE_ARRAY]; DWORD ResourceCount; PMPRESOURCE_INFO *ResourceList[ANYSIZE_ARRAY]; ULARGE_INTEGER ThreatStatusTime; HRESULT ThreatStatusCode; MPTHREAT_DETECTION ThreatDetection; GUID QuarantineGuid; MPEXECUTION_STATUS ExecutionStatus; union { PMPTHREAT_INFOEX_UNUSED pKnownBad; PMPTHREAT_INFOEX_BEHAVIOR pBehavior; PMPTHREAT_INFOEX_UNUSED pUnknown; PMPTHREAT_INFOEX_UNUSED pKnownGood; PMPTHREAT_INFOEX_NIS pNis; } Data; MPDETECTION_STATE State; MP_MIDL_STRING LPWSTR DetectionUser; MPSOURCE DetectionSource; MP_MIDL_STRING LPWSTR ProcessName; MPDETECTION_ORIGIN DetectionOrigin; DWORD reserved1; ULARGE_INTEGER DetectionTime; MPEXECUTION_STATUS PreExecutionStatus; ULARGE_INTEGER RemediationTime; MPEXECUTION_STATUS PostExecutionStatus; BOOL CriticalFailure; DWORD NonCriticalReason; MP_MIDL_STRING LPWSTR RemediationUser; DWORD RemediationResourceCount; PMPRESOURCE_INFO RemediationResourceList[ANYSIZE_ARRAY]; BOOL FailureResolved; MPRESOLVED_REASON ResolvedReason; DWORD AdditionalActions; DWORD ResolvedActions; DWORD dwThreatStatusFlag; } MPTHREAT_INFO, *PMPTHREAT_INFO; typedef struct tagMPTHREAT_LOCALIZED_INFO { MPTHREAT_ID ThreatID; MP_MIDL_STRING LPWSTR CategoryName; MP_MIDL_STRING LPWSTR CategoryDescription; MP_MIDL_STRING LPWSTR SeverityName; MP_MIDL_STRING LPWSTR SeverityDescription; MP_MIDL_STRING LPWSTR ShortDescription; MP_MIDL_STRING LPWSTR DefaultActionName; MP_MIDL_STRING LPWSTR Advice; MP_MIDL_STRING LPWSTR ThreatUrl; } MPTHREAT_LOCALIZED_INFO, *PMPTHREAT_LOCALIZED_INFO; typedef struct tagMPTHREAT_STATS { UINT ThreatCount; UINT SuspiciousThreatCount; UINT Reserved[4]; } MPTHREAT_STATS, *PMPTHREAT_STATS; typedef struct tagMPTHREAT_DATA { MPTHREAT_ID ThreatID; DWORD dwSessionID; MPTHREAT_ACTION ThreatAction; DWORD dwStatus; } MPTHREAT_DATA, *PMPTHREAT_DATA; typedef enum tagMP_PERSISTENCE_LIMIT_TYPE { MP_PERSISTENCE_UNKNOWN = 0, MP_PERSISTENCE_NO_LIMIT = 1, MP_PERSISTENCE_DURATION = 2, MP_PERSISTENCE_VDM_VERSION = 3, MP_PERSISTENCE_TIMESTAMP = 4, MP_PERSISTENCE_FORCED = 5 } MP_PERSISTENCE_LIMIT_TYPE, *PMP_PERSISTENCE_LIMIT_TYPE; typedef enum tagMPSCAN_TYPE { MPSCAN_TYPE_UNKNOWN = 0, MPSCAN_TYPE_QUICK = 1, MPSCAN_TYPE_FULL = 2, MPSCAN_TYPE_RESOURCE = 3, MPSCAN_TYPE_MAXVALUE = 3 } MPSCAN_TYPE, *PMPSCAN_TYPE; typedef struct tagMPSCAN_RESOURCES { DWORD dwResourceCount; PMPRESOURCE_INFO pResourceList; } MPSCAN_RESOURCES, *PMPSCAN_RESOURCES; typedef enum tagMPNOTIFY { MPNOTIFY_NONE, MPNOTIFY_CALL_START, MPNOTIFY_CALL_COMPLETE, MPNOTIFY_INTERNAL_FAILURE, MPNOTIFY_STATUS_SERVICE_START, MPNOTIFY_STATUS_SERVICE_RUNNING, MPNOTIFY_STATUS_SERVICE_STOP, MPNOTIFY_STATUS_COMPONENT, MPNOTIFY_STATUS_CHANGE, MPNOTIFY_STATUS_COMPONENT_CONFIGURATION, MPNOTIFY_STATUS_EXPIRATION_CHANGE, MPNOTIFY_STATUS_OFFLINE_SCAN_CHANGE, MPNOTIFY_SCAN_START, MPNOTIFY_SCAN_PAUSED, MPNOTIFY_SCAN_RESUMED, MPNOTIFY_SCAN_CANCEL, MPNOTIFY_SCAN_COMPLETE, MPNOTIFY_SCAN_PROGRESS, MPNOTIFY_SCAN_ERROR, MPNOTIFY_SCAN_INFECTED, MPNOTIFY_SCAN_MEMORYSTART, MPNOTIFY_SCAN_MEMORYCOMPLETE, MPNOTIFY_SCAN_SFC_BUILD_START, MPNOTIFY_SCAN_SFC_BUILD_COMPLETE, MPNOTIFY_SCAN_FASTPATH_START, MPNOTIFY_SCAN_FASTPATH_COMPLETE, MPNOTIFY_SCAN_FASTPATH_PROGRESS, MPNOTIFY_CLEAN_START, MPNOTIFY_CLEAN_COMPLETE, MPNOTIFY_CLEAN_RESTOREPOINT_START, MPNOTIFY_CLEAN_RESTOREPOINT_SUCCEEDED, MPNOTIFY_CLEAN_RESTOREPOINT_FAILED, MPNOTIFY_CLEAN_THREAT_START, MPNOTIFY_CLEAN_THREAT_SUCCEEDED, MPNOTIFY_CLEAN_THREAT_FAILED, MPNOTIFY_CLEAN_RESOURCE_SUCCEEDED, MPNOTIFY_CLEAN_RESOURCE_FAILED, MPNOTIFY_CLEAN_THREAT_COMPLETE, MPNOTIFY_PRECHECK_START, MPNOTIFY_PRECHECK_COMPLETE, MPNOTIFY_PRECHECK_RESOURCE_BLOCKED, MPNOTIFY_THREAT_DETECTED, MPNOTIFY_THREAT_MODIFIED, MPNOTIFY_THREAT_CLEAN_SUCCEEDED, MPNOTIFY_THREAT_CLEAN_FAILED, MPNOTIFY_THREAT_ABANDONED, MPNOTIFY_THREAT_CLEAN_EVENT_START, MPNOTIFY_THREAT_CLEAN_EVENT_COMPLETE, MPNOTIFY_SIGUPDATE_START, MPNOTIFY_SIGUPDATE_SEARCH_START, MPNOTIFY_SIGUPDATE_SEARCH_COMPLETE, MPNOTIFY_SIGUPDATE_SOFTWARE_UPDATE_AVAILABLE, MPNOTIFY_SIGUPDATE_DOWNLOAD_START, MPNOTIFY_SIGUPDATE_DOWNLOAD_PROGRESS, MPNOTIFY_SIGUPDATE_DOWNLOAD_COMPLETE, MPNOTIFY_SIGUPDATE_INSTALL_START, MPNOTIFY_SIGUPDATE_INSTALL_PROGRESS, MPNOTIFY_SIGUPDATE_INSTALL_COMPLETE, MPNOTIFY_SIGUPDATE_REBOOT_REQUIRED, MPNOTIFY_SIGUPDATE_REQUEST_PROCESSED, MPNOTIFY_SIGUPDATE_COMPLETE, MPNOTIFY_SAMPLE_START, MPNOTIFY_SAMPLE_COMPLETE, MPNOTIFY_SAMPLE_ITEM_START, MPNOTIFY_SAMPLE_ITEM_SUCCEEDED, MPNOTIFY_SAMPLE_ITEM_FAILED, MPNOTIFY_RESERVED_DATA, MPNOTIFY_FASTPATH_SIG_ADDED, MPNOTIFY_FASTPATH_SIG_REMOVED, MPNOTIFY_NIS_PRIVATE, MPNOTIFY_HEALTH_CHANGE, MPNOTIFY_HEALTH_RECOVERY, MPNOTIFY_HEALTH_START, MPNOTIFY_ENDOFLIFE_CHANGE, MPNOTIFY_MALWARETOAST_DATA } MPNOTIFY, *PMPNOTIFY; typedef enum tagMPCALLBACK_TYPE { MPCALLBACK_UNKNOWN = 0, MPCALLBACK_STATUS = 1, MPCALLBACK_THREAT = 2, MPCALLBACK_SCAN = 3, MPCALLBACK_CLEAN = 4, MPCALLBACK_PRECHECK = 5, MPCALLBACK_SIGUPDATE = 6, MPCALLBACK_SAMPLE = 7, MPCALLBACK_RESERVED = 8, MPCALLBACK_CONFIGURATION_NOTIFICATION = 9, MPCALLBACK_FASTPATH = 10, MPCALLBACK_PRODUCT_EXPIRATION = 11, MPCALLBACK_NIS_PRIVATE = 12, MPCALLBACK_HEALTH = 13, MPCALLBACK_ENDOFLIFE = 14, MPCALLBACK_MALWARETOAST = 15, MPCALLBACK_MAXVALUE = 15 } MPCALLBACK_TYPE, *PMPCALLBACK_TYPE; typedef enum tagMPCOMPONENT_ID { MPCOMPONENT_AS_SIGNATURE = 0, MPCOMPONENT_AV_SIGNATURE = 1, MPCOMPONENT_REALTIME_MONITOR = 2, MPCOMPONENT_ONACCESS_PROTECTION = 3, MPCOMPONENT_IOAV_PROTECTION = 4, MPCOMPONENT_BEHAVIOR_MONITOR = 5, MPCOMPONENT_AUTO_SCAN = 6, MPCOMPONENT_AUTO_SIGUPDATE = 7, MPCOMPONENT_IPC = 8, MPCOMPONENT_NIS = 9, MPCOMPONENT_ELAM = 10, MPCOMPONENT_MAXVALUE = 10 } MPCOMPONENT_ID, *PMPCOMPONENT_ID; typedef struct tagMPSTATUS_DATAEX_UNUSED { DWORD dwNone; } MPSTATUS_DATAEX_UNUSED, *PMPSTATUS_DATAEX_UNUSED; typedef struct tagMPSTATUS_DATA { MPCOMPONENT_ID ComponentID; BOOL fEnable; union { PMPSTATUS_DATAEX_UNUSED p1; PMPSTATUS_DATAEX_UNUSED p2; PMPSTATUS_DATAEX_UNUSED p3; PMPSTATUS_DATAEX_UNUSED p4; PMPSTATUS_DATAEX_UNUSED p5; PMPSTATUS_DATAEX_UNUSED p6; PMPSTATUS_DATAEX_UNUSED p7; PMPSTATUS_DATAEX_UNUSED p8; PMPSTATUS_DATAEX_UNUSED p9; PMPSTATUS_DATAEX_UNUSED pa; PMPSTATUS_DATAEX_UNUSED pb; } ComponentStatus; } MPSTATUS_DATA, *PMPSTATUS_DATA; typedef struct tagMPRESOURCE_STATS { DWORD PPMProgress; UINT64 ProcessCount; UINT64 FileCount; UINT64 FileBytesCount; UINT64 RegKeyCount; UINT64 Reserved[4]; } MPRESOURCE_STATS, *PMPRESOURCE_STATS; typedef struct tagMPSCAN_DATA { MPSCAN_TYPE ScanType; PMPRESOURCE_INFO ResourceInfo; MPRESOURCE_STATS ResourceStats; MPTHREAT_STATS ThreatStats; } MPSCAN_DATA, *PMPSCAN_DATA; typedef struct tagMPCLEAN_DATA { MPTHREAT_ID ThreatID; MPTHREAT_ACTION ThreatAction; DWORD dwStatus; PMPRESOURCE_INFO ResourceInfo; } MPCLEAN_DATA, *PMPCLEAN_DATA; typedef struct tagMPCLEAN_PRECHECK_DATA { PMPRESOURCE_INFO BlockedResourceInfo; PMPRESOURCE_INFO BlockingResourceInfo; } MPCLEAN_PRECHECK_DATA, *PMPCLEAN_PRECHECK_DATA; typedef struct tagMPSIGUPDATE_DATA { DWORD dwPercentComplete; DWORD dwTotalUpdates; DWORD dwCurrentUpdateIndex; ULONG eType; ULONG Stage; MP_MIDL_STRING LPWSTR Path; } MPSIGUPDATE_DATA, *PMPSIGUPDATE_DATA; typedef struct tagMPSAMPLE_DATA { DWORD dwSampleIndex; } MPSAMPLE_DATA, *PMPSAMPLE_DATA; typedef struct tagMPRESERVED_DATA { DWORD cbReservedData; BYTE *pbReservedData; } MPRESERVED_DATA, *PMPRESERVED_DATA; typedef struct tagMPCONFIGURATION_DATA { MP_MIDL_STRING LPWSTR ConfigurationName; DWORD DataType; DWORD PreviousDataSize; BYTE *pPreviousData; DWORD CurrentDataSize; BYTE *pCurrentData; } MPCONFIGURATION_DATA, *PMPCONFIGURATION_DATA; typedef enum tagMP_SIGNATURE_TYPE { MP_SIGNATURE_ANTIMALWARE = 0, MP_SIGNATURE_ANTIVIRUS = 1, MP_SIGNATURE_ANTISPYWARE = 2, MP_SIGNATURE_NIS = 3, MP_SIGNATURE_TYPES_MAXVALUE = 3 } MP_SIGNATURE_TYPE, *PMP_SIGNATURE_TYPE; typedef enum tagMP_REMOVAL_REASON { MP_REMOVAL_UNKNOWN = 0, MP_REMOVAL_MANUAL = 1, MP_REMOVAL_AUTOMATIC = 2 } MP_REMOVAL_REASON, *PMP_REMOVAL_REASON; typedef struct tagMPFASTPATH_DATA { MP_SIGNATURE_TYPE SignatureType; MP_FASTPATH_TYPE FastPathSignatureType; MP_MIDL_STRING LPWSTR FastPathSignatureVersion; ULARGE_INTEGER CompilationTimestamp; MP_PERSISTENCE_LIMIT_TYPE PersistenceType; MP_MIDL_STRING LPWSTR PersistenceValue; MP_MIDL_STRING LPWSTR PersistencePath; MP_REMOVAL_REASON Reason; } MPFASTPATH_DATA, *PMPFASTPATH_DATA; typedef enum tagMP_EXPIRE_REASON { MP_EXPIRED_UNKNOWN = 0, MP_EXPIRED_EVAL = 1, MP_EXPIRED_WAT = 2 } MP_EXPIRE_REASON, *PMP_EXPIRE_REASON; typedef enum tagMP_EXPIRE_STATE_REPORT { MP_EXPIRE_STATE_REPORT_UNKNOWN = 0, MP_EXPIRE_STATE_REPORT_VALID = 1, MP_EXPIRE_STATE_REPORT_WARNING = 2, MP_EXPIRE_STATE_REPORT_EXPIRED = 3 } MP_EXPIRE_STATE_REPORT, *PMP_EXPIRE_STATE_REPORT; typedef struct tagMPEXPIRATION_DATA { MP_EXPIRE_REASON Reason; MP_EXPIRE_STATE_REPORT State; } MPEXPIRATION_DATA, *PMPEXPIRATION_DATA; typedef struct tagMPNIS_PRIVATE_DATA { DWORD dwNotificationType; DWORD cbDataSize; BYTE *pbData; } MPNIS_PRIVATE_DATA, *PMPNIS_PRIVATE_DATA; typedef struct tagMPHEALTH_DATA { DWORD dwNotificationType; DWORD dwNotificationFlag; } MPHEALTH_DATA, *PMPHEALTH_DATA; typedef struct tagMPENDOFLIFE_DATA { FILETIME ftSignatureExpiry; FILETIME ftPlatformExpiry; BOOL fAdminControlled; BOOL fEndOfLifeImpendingOrPast; } MPENDOFLIFE_DATA, *PMPENDOFLIFE_DATA; typedef struct tagMPMALWARETOAST_DATA { DWORD dwThreatId; MP_MIDL_STRING LPWSTR pszThreatName; } MPMALWARETOAST_DATA, *PMPMALWARETOAST_DATA; typedef struct tagMPCALLBACK_DATA { MPNOTIFY Notify; HRESULT hResult; ULARGE_INTEGER TimeStamp; MPCALLBACK_TYPE Type; union { PMPSTATUS_DATA pStatusData; PMPSCAN_DATA pScanData; PMPCLEAN_DATA pCleanData; PMPCLEAN_PRECHECK_DATA pPrecheckData; PMPTHREAT_DATA pThreatData; PMPSIGUPDATE_DATA pSigUpdateData; PMPSAMPLE_DATA pSampleData; PMPRESERVED_DATA pReservedData; PMPCONFIGURATION_DATA pConfigurationData; PMPFASTPATH_DATA pFastPathData; PMPEXPIRATION_DATA pExpirationData; PMPNIS_PRIVATE_DATA pNISPrivateData; PMPHEALTH_DATA pHealthData; PMPENDOFLIFE_DATA pEndOfLifeData; PMPMALWARETOAST_DATA pMalwareToastData; } Data; } MPCALLBACK_DATA, *PMPCALLBACK_DATA; typedef enum tagMPCONTROL { MPCONTROL_ABORT = 0, MPCONTROL_PAUSE = 1, MPCONTROL_RESUME = 2 } MPCONTROL, *PMCONTROL; typedef HRESULT(WINAPI *pfnWDStatus)( _Out_ BOOL* pfEnabled); typedef HRESULT(WINAPI *pfnMpManagerOpen)( _In_ DWORD dwReserved, _Out_ PMPHANDLE phMpHandle); typedef HRESULT(WINAPI *pfnMpHandleClose)( _In_ MPHANDLE hMpHandle); typedef void (WINAPI *pfnMpFreeMemory)( _In_ PVOID pMemory); typedef HRESULT(WINAPI *pfnMpManagerVersionQuery)( _In_ MPHANDLE hMpHandle, _Out_ PMPVERSION_INFO pVersionInfo); typedef HRESULT(WINAPI *pfnMpErrorMessageFormat)( _In_ MPHANDLE hMpHandle, _In_ HRESULT hrError, _Out_ LPWSTR *pwszErrorDesc); typedef HRESULT(WINAPI *pfnMpThreatEnumerate)( _In_ MPHANDLE hThreatEnumHandle, _Out_ PMPTHREAT_INFO *ppThreatInfo); typedef HRESULT(WINAPI *pfnMpThreatOpen)( _In_ MPHANDLE hScanHandle, _In_ MPTHREAT_SOURCE ThreatSource, _In_ MPTHREAT_TYPE ThreatType, _Out_ PMPHANDLE phThreatEnumHandle); typedef HRESULT(WINAPI *pfnMpThreatQuery)( _In_ MPHANDLE hMpHandle, _In_ MPTHREAT_ID ThreatID, _Out_ PMPTHREAT_INFO *ppThreatInfo, _Out_opt_ PMPTHREAT_LOCALIZED_INFO *ppThreatLocalizedInfo); typedef HRESULT(WINAPI *pfnMpScanStart)( _In_ MPHANDLE hMpHandle, _In_ MPSCAN_TYPE ScanType, _In_ DWORD dwScanOptions, _In_opt_ PMPSCAN_RESOURCES pScanResources, _In_opt_ PMPCALLBACK_DATA pCallbackInfo, _Out_ PMPHANDLE phScanHandle); typedef HRESULT(WINAPI *pfnMpScanControl)( _In_ MPHANDLE hScanHandle, _In_ MPCONTROL ScanControl); #endif // !_MPCLIENT_