MZ@ !L!This program cannot be run in DOS mode. $<թRթRթRԩRPԩRRichթRPEL! | /@ y.rdatap@@.rsrc z@@W T.rdataT.rdata$zzzdbg .rsrc$01$0u.rsrc$020H (@Xp   0 H `x ! 8 P ` p             0 @ P ` p    $% *@17h9 ;$=>BVDZDG4xNlU0gnH y~$T$MUIoo-L=?6Amjp MUI en-US5This is an abstract class that shows the base status.Computer ID created by MAPSThe current computer state CleanStatePendingFullScan PendingRebootPendingManualStepsPendingOfflineScanCriticalFailure/Product version (major, minor, build, revision)/Service version (major, minor, build, revision)AThe Antispyware Signature version (major, minor, build, revision)kAntispyware Signature age in days - if signatures have never been updated you will see an age of 65535 daysiAntispyware Last updated local time. If this has never updated you will see a null value in this property?The Antivirus Signature version (major, minor, build, revision)PAhAntivirus Signature age in days- if signatures have never been updated you will see an age of 65535 dayshAntivirus Last updated local time - If this has never updated you will see a null value in this property9The NRI Signature version (major, minor, build, revision)bNRI Signature age in days- if signatures have never been updated you will see an age of 65535 daysbNRI Last updated local time - If this has never updated you will see a null value in this propertycTime of last Full Scan start - If this has never updated you will see a null value in this propertyaTime of last Full Scan end - If this has never updated you will see a null value in this propertycLast full scan age in days- if signatures have never been updated you will see an age of 65535 daysLast scan sourceUnknownUserSystem Real-timeIOAV$Real-time scan direction enumerationBothIncoming OutcomingdTime of last Quick Scan start - If this has never updated you will see a null value in this propertybTime of last Quick Scan end - If this has never updated you will see a null value in this propertyeLast quick scan age in days- if signatures have never been updated you will see an age of 65535 days.5The AM Engine version (major, minor, build, revision)If the AM Engine is enabledWSpecifies whether the computer is monitoring file and program activity on your computer)Scan all downloaded files and attachments0Specifies whether behavior monitoring is enabled1Specifies whether Antivirus protection is enabled3Specifies whether Antispyware protection is enabled1Specifies whether real-time protection is enabled2NRI Engine version (major, minor, build, revision)If the NRI Engine is enabledThe Schema VersionPAUnique Detection IDThe name of the threatSeverity ID - EnumerationLowModerateHighSevereCategory ID - EnumerationINVALIDADWARESPYWAREPASSWORDSTEALERTROJANDOWNLOADERWORMBACKDOORREMOTEACCESSTROJANPATROJAN EMAILFLOODER KEYLOGGERDIALERMONITORINGSOFTWAREBROWSERMODIFIERCOOKIE BROWSERPLUGIN AOLEXPLOITNUKERSECURITYDISABLER JOKEPROGRAMHOSTILEACTIVEXCONTROLSOFTWAREBUNDLERSTEALTHNOTIFIERSETTINGSMODIFIERTOOLBARREMOTECONTROLSOFTWARE TROJANFTPPOTENTIALUNWANTEDSOFTWARE ICQEXPLOIT TROJANTELNETFILESHARINGPROGRAMMALWARE_CREATION_TOOLREMOTE_CONTROL_SOFTWARETOOLTROJAN_DENIALOFSERVICETROJAN_DROPPERTROJAN_MASSMAILERTROJAN_MONITORINGSOFTWARETROJAN_PROXYSERVERVIRUSPAKNOWNUNKNOWNSPPBEHAVIOR VULNERABILTIYPOLICYType ID - Enumeration Known BadBehavior Known GoodNRIThreat Rollup Status ThreatCleanRebootRequiredOfflineScanRequiredManualStepsRequiredFullScanRequiredReinfectionLoopExecuted(List of resources affected by the threat Specifies if threat has executed!Specifies if the threat is activeVThis is a singleton that represents the Microsoft Antimalware service infection status7This class represents the catalog of recognized threatsUnique Threat ID The name of the process involved"The user who requested remediation&Detection Source Type ID - EnumerationELAMLocalAttestationRemoteAttestation+List of resources affected by the detectionPA!The initial threat detection time0The most recent time of the threat status changeThe time of the remediation.!Execution Status ID - EnumerationBlockedAllowed Executing NotExecuting"The Threat Status ID - EnumerationDetectedCleaned QuarantinedRemoved CleanFailedQuarantineFailed RemoveFailedPA AllowFailed Abandoned BlockedFailedThe threat status error code!The cleaning action - EnumerationClean QuarantineRemoveAllow UserDefinedNoActionBlock/Specifies if the cleaning action was successfulAAdditional actions required to complete remediation - EnumerationNoneFullScanAndRebootRequiredPAFullScanAndManualStepsRequiredRebootAndManualStepsRequired'FullScanAndRebootAndManualStepsRequiredFullScanAndOfflineScanRequiredRebootAndOfflineScanRequired'FullScanAndRebootAndOfflineScanRequired!ManualStepsAndOfflineScanRequired,FullScanAndManualStepsAndOfflineScanRequired*RebootAndManualStepsAndOfflineScanRequired5FullScanAndRebootAndManualStepsAndOfflineScanRequiredFThis is a class that represents the current detailed state of a threathAllows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.[Allows an administrator to explicitly disable a scan from checking any of the paths listed.`Allows an administrator to explicitly disable a scan from checking any of the extensions listed._Allows an administrator to explicitly disable a scan from checking any of the processes listed.TIndicates how many days items should kept in Quarantine folder before being removed.&Real-time scan direction - EnumerationZIndicates what day of the week to perform the scheduled full scan to complete remediation. Every DaySundayMondayTuesday WednesdayThursdayFridaySaturdayNeverOIndicates what time to perform the scheduled full scan to complete remediation.=Configure timeout for detections requiring additional action.zTime in minutes for a detection in the 'critically failed' state to move to either 'additional action' or 'cleared' state.UTime in minutes for a detection in the 'failed' state to move to the 'cleared' state.OSpecify the maximum percentage of CPU utilization during a scan. This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization.When set, Windows Defender will check for new signatures before running a scan. If new signatures are found they will be downloaded and installed before the scan begins. If no new signatures are found, the scan will start based on the existing signatures.CTurn on removal of items from scan history folder. This setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed.+Run scheduled scans only if system is idle.2Specify the scan type to use for a scheduled scan. Quick Scan Full Scan4Specify the day of the week to run a scheduled scan.6Specify the time of day to run a scheduled quick scan.0Specify the time of day to run a scheduled scan.eAborts any service-initiated update immediately after first install by the configured amount of time.Overrides CheckForSignatureBeforeRunningScan. Aborts any service-initiated update if signature was updated successfully within this amount of time. Time in minutes.wDefines the file shares for downloading definition updates. setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: {\unc1 | \unc2 }. The list is empty by default.When set to true, AM Service will not initiate definition update on start-up, regardless of whether an Engine is present or not.Define the order of sources for downloading definition updates. This setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: 'InternalDefinitionUpdateServer' 'MicrosoftUpdateServer' 'MMPC' 'FileShares' xIndicates the day of the week in which signature updates occur. If set to zero (0x0) then signature update occurs daily.|Specifies the time at which signature update check happens. By default the signatures are checked before the scheduled scan.PADefines the number of days after which a catch-up signature is warranted. Works with SignatureUpdateLastChecked. 0 = no catch-up; 1 = 1 day; 2 = 2 days, etc.The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).Join Microsoft MAPS.DisabledBasicAdvancedConsent for sample submission.AlwaysDisable the privacy mode.This setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.Disable behavior monitoring.$Disable intrusion prevention system.Disable IOAV protection.Disable real-time monitoring.Disable script scanning.Disable archive scanning.PADisable catch-up full scan. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.Disable catch-up quick scan. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.Disable email scanning.!Disable removable drive scanning.Disables restore point.3Disable running full scan on mapped network drives. Disables scanning network files.Enable UI Lockdown mode.The Ids of threats upon which default action should not be taken when detected. The actions in ThreatIDDefaultAction_Actions need to be specified in the same order as the Ids in ThreatIDDefaultAction_IdsDefault actions for threats upon which default action should not be taken when detected. The actions need to be in the same order as their respective Ids specified in the ThreatIDDefaultAction_Ids property.#Default action for unknown threats.(Default action for low severity threats.-Default action for moderate severity threats.)Default action for high severity threats.+Default action for severe severity threats.>Specify PUA(Potentially Unwanted Application) protection mode.Enabled AuditModeDisable block at first seen.Define the order of sources for downloading definition updates This setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: 'InternalDefinitionUpdateServer' 'MicrosoftUpdateServer' 'MMPC' 'FileShares' rIndicates the day of the week in which signature updates occur. If set to zero then signature update occurs daily.Defines the number of days after which a catch-up signature is warranted. Works with SignatureUpdateLastChecked. 0 = no catch-up, 1 = 1 day, 2 = 2 days, etc.Disable privacy mode.A user confirmation is sought by default by this cmdlet. If -Force is specified, the default confirmation is not sought from the user.1.0"Windows Defender Preferences ClassThe Windows Defender Scan Class$The Windows Defender Signature ClassCategory of Notification.ScanStateNotificationsThreatStateNotificationsSignatureStateNotificationsPAComputerStateNotificationsDetailed Scan Notifications. ErrorOccurred ScanCompletedDetailed Threat Notifications.SuccessfulRemediationNonCriticalFailure!Detailed Signature Notifications.SignaturesOutOfDate Detailed Computer Notifications.ScansOutOfDateComponentsChangedStateRecovered)Date and time the WMI Event was generatedAdditional Data. At the moment, the only use is when the CategoryDiscriminant is equal to ThreatStateNotificationsthen this value will contains the ThreatID'Windows Defender Event Indication Class#The Windows Defender WDO Scan Class%The Windows Defender Heart Beat Class%1!s! is scanning your PCBThis might take some time, depending on the type of scan selected. Scan was completed successfully.7Errors were encountered when attempted to scan your PC. Custom Scan Full Scan Quick Scan %1!s! %2!s!&Updating virus and spyware definitionsW%1!s! updates your virus and spyware definitions automatically to help protect your PC.@Virus and spyware definitions update was completed successfully.?Virus and spyware definitions update was completed with errors.Virus and spyware definitions2Operation failed with the following error: 0x%1!x!:ScanPath parameter is required when running a custom scan./A scan is already in progress on this computer.MVirus and spyware definitions update is already in progress on this computer.@Items detected as potentially harmful are already being cleaned.AThere are currently no active detected items on your PC to clean.WErrors were encountered while attempted to clean items detected as potentially harmful.gA ThreatIDDefaultAction_Actions value should be specified for each ThreatIDDefaultAction_Ids parameter.:Failed to get default action for threat id. Error: 0x%1!x!TOperation failed with the following error: 0x%1!x!. Operation: %2!s!. Target: %3!s!.EYou don't have enough permissions to perform the requested operation.BErrors were encountered when attempted to run WDO scan on your PC. There was an error %1 in the %2 WMI provider instance retrieval methods.%0 There was an error %1 in the %2 WMI provider static method.%0 There was an error %1 in the %2 WMI provider FireEvent method.%0 |There was an error %1 when attempted to register for %2 WMI provider notifications from all the active computer sessions. Only notifications from the current session will be received.%0 There was an error %1 when attempted to create event monitoring thread for %2 WMI provider.%0 There was an error %1 when attempted to register %2 WMI provider for monitoring antimalware notifications.%0 4VS_VERSION_INFO 98 98?FStringFileInfo"040904B0LCompanyNameMicrosoft Corporationr%FileDescriptionProtection Management WMIv2 Providern'FileVersion4.10.14393.0 (rs1_release.160715-1616)JInternalNameProtectionManagement.LegalCopyright Microsoft Corporation. All rights reserved.bOriginalFilenameProtectionManagement.dll.muij%ProductNameMicrosoft Windows Operating System> ProductVersion4.10.14393.0DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDx

Windows NT KPTV 6.2 build 9200 (Windows Server 2012 Datacenter Edition) i586