Edit

Share via

Unblock-CMDetectedMalware

Module:
ConfigurationManager Module

Unblocks detected malware.

Syntax

SearchByThreatValue (Default) 

Unblock-CMDetectedMalware
    -Threat <IResultObject>
    -UnblockAction <UnblockDetectedMalwareAction>
    [-Force]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SearchByCollection 

Unblock-CMDetectedMalware
    -Collection <IResultObject>
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SearchByCollectionId 

Unblock-CMDetectedMalware
    -CollectionId <String>
    -UnblockAction <UnblockDetectedMalwareAction>
    [-Force]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SearchByCollectionName 

Unblock-CMDetectedMalware
    -CollectionName <String>
    -UnblockAction <UnblockDetectedMalwareAction>
    [-Force]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SearchByThreatId 

Unblock-CMDetectedMalware
    -ThreatId <String>
    -UnblockAction <UnblockDetectedMalwareAction>
    [-Force]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SearchByThreatName 

Unblock-CMDetectedMalware
    -ThreatName <String>
    -UnblockAction <UnblockDetectedMalwareAction>
    [-Force]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SearchByCollectionValue 

Unblock-CMDetectedMalware
    -UnblockAction <UnblockDetectedMalwareAction>
    [-Force]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Unblock-CMDetectedMalware cmdlet unblocks malware that has been blocked from running.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Unblock all detected malware

PS ABC:\> Unblock-CMDetectedMalware -UnblockAction AllowThreat

This command unblocks all detected malware.

Example 2: Unblock detected malware by getting a threat object

PS ABC:\> $Threat = Get-CMDetectedMalware -CollectionName "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Threat $Threat -UnblockAction AllowThreat

The first command gets the detected malware object for the collection named All Desktop and Server Clients and stores the object in the $Threat variable.

The second command unblocks the threat stored in $Threat.

Example 3: Unblock detected malware by getting a collection object

PS ABC:\> $Collection = Get-CMCollection -CollectionType Device -Name "All Desktop and Server Clients"
PS ABC:\> Unblock-CMDetectedMalware -Collection $Collection -UnblockAction AllowThreat

The first command gets the device collection object named All Desktop and Server Clients and stores the object in the $Collection variable.

The second command unblocks the malware for the collection stored in $Collection.

Parameters

-Collection

Specifies a collection object. To obtain a collection object, use the Get-CMCollection cmdlet.

Parameter properties

Type:IResultObject
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SearchByCollection
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-CollectionId

Specifies the ID of a collection.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SearchByCollectionId
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-CollectionName

Specifies the name of a collection.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SearchByCollectionName
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Force

Forces the command to run without asking for user confirmation.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SearchByThreatValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByCollectionId
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByCollectionName
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByThreatId
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByThreatName
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByCollectionValue
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Threat

Specifies a detected malware object. To get a detected malware object, use the Get-CMDetectedMalware cmdlet.

Parameter properties

Type:IResultObject
Default value:None
Supports wildcards:False
DontShow:False
Aliases:InputObject

Parameter sets

SearchByThreatValue
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-ThreatId

Specifies the ID of a threat.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SearchByThreatId
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ThreatName

Specifies the name of a threat.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

SearchByThreatName
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-UnblockAction

Specifies the unblock action the cmdlet takes on the threat. Valid values are:

  • AllowThreat
  • RestoreOnly
  • RestoreAndAllow

Parameter properties

Type:UnblockDetectedMalwareAction
Default value:None
Accepted values:AllowThreat, RestoreOnly, RestoreAndAllow
Supports wildcards:False
DontShow:False

Parameter sets

SearchByThreatValue
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByCollectionId
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByCollectionName
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByThreatId
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByThreatName
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
SearchByCollectionValue
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Parameter properties

Type:SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object