List Managed Antivirus Quarantine

Service name: list_mav_quarantine

https://SERVER/api/?apikey=yourAPIkey&service=list_mav_quarantine

&required_parameters=required_parameters

[&optional_parameters=optional_parameters]

Lists the contents of Managed Antivirus (MAV) quarantine. The items parameter controls whether to include CURRENT (default), PREVIOUS or ALL items.

Parameters

Default

0

0

CURRENT

2

Example Service Call =list_mav_quarantine

https://SERVER/api/?apikey=yourAPIkey&service=list_mav_quarantine&deviceid=DEVICEID&items=ITEMS&v=VERSION

Example Response

VIPRE engine: the following example response displays data for scans on a device running the Managed Antivirus VIPRE engine.

<?xml version="1.0" ?>

<result created="2013-10-09T10:55:41+01:00" host="SERVER" status="OK">

<quarantined_item>

<quarantine_id>[unique id for the quarantine item]</quarantine_id>

<scan_start>[start date and time of scan which quarantined this item]</scan_start>

<scan_end>[end date and time of scan which quarantined this item]</scan_end>

<guid>[unique quarantine identifier on the device]</guid>

<threat_name>[name of threat]</threat>

<threat_category>[category of threat]</category>

<status>

[if current item, one of: QUARANTINED, RELEASE_PENDING, DELETE_PENDING, FAILED_TO_RELEASE, FAILED_TO_DELETE]

[if previous item, one of: RELEASED, DELETED]

</status>

<scan_type>[one of: QUICK, DEEP, ACTIVE, CUSTOM]</scan_type>

<traces>

 <trace>

 <type>[see list_mav_scans trace types]</type>

 <description>[description of what has been quarantined]</description>

 </trace>

[...more trace entries if they exist...]

</traces>

</quarantined_item>

    [...more quarantined_item entries if they exist...]

</result>

Field Descriptions

A result element containing zero or more entries (quarantined_item elements in XML), each quarantined_item having:

description

Unique id for the quarantined item

For the Bitdefender engine the value is the same as the guid field below

Start time of scan

For the VIPRE engine the time is in UTC.

For the Bitdefender engine this field may be blank (Bitdefender can not always link quarantine items with scans) if it is provided the time will be in agent local time.

End time of scan

For the VIPRE engine the time is in UTC.

For the Bitdefender engine this field may be blank (Bitdefender can not always link quarantine items with scans) if it is provided the time will be in agent local time.

Unique identifier on the device for this quarantine item

For the Bitdefender engine the value is an integer rather than a true 'GUID' and is the same as the quarantine_id field above. The value returned can however be passed into the 'guids' parameter of the mav_quarantine_release or mav_quarantine_remove services.

Name of threat

Category of threat

Note: the threat category names can differ between the VIPRE and Bitdefender engines

Quarantine item status, one of

Scan type, one of:

For the Bitdefender engine this field may be blank (Bitdefender can not always link quarantine items with scans). If a value is present it will be one of:

List of threats, each threat having:

Note: for the Bitdefender engine each quarantined item will always have exactly one trace element.

Managed Antivirus engine where this data originates from, either VIPRE or Bitdefender (field only present where v>1)

https://SERVER/api/?apikey=yourAPIkey&service=list_devices_at_client&clientid=CLIENTID&devicetype=server

https://SERVER/api/?apikey=yourAPIkey&service=list_servers&siteid=SITEID

https://SERVER/api/?apikey=yourAPIkey&service=list_workstations&siteid=SITEID