List Managed Antivirus Quarantine

Base URL

https://{SERVER}/api/?apikey={yourAPIkey}&service=list_mav_quarantine

Description

Lists the contents of Managed Antivirus (MAV) quarantine. The **items **parameter controls whether to include CURRENT (default), PREVIOUS or ALL items.

Parameters

Required parameters

Add required parameters immediately after the base URL.

https://{SERVER}/api/?apikey={yourAPIkey}&service=list_mav_quarantine&required_parameters={parameter-value}

Parameter	Description	Type	Options	Default
deviceid	The deviceid must be a valid device id.	integer	0	0

Optional parameters

Add optional parameters after the required parameters in the base URL.

https://{SERVER}/api/?apikey={yourAPIkey}&service=list_mav_quarantine&required_parameters={parameter-value}&optional_parameters={parameter-value}

Parameter	Description	Type	Options	Default
describe	Optional. Returns a description of the entered call, the available parameters, an example of its output, and returned fields with descriptions.	boolean	true	0
items	Controls whether to include CURRENT, PREVIOUS or ALL items.	string	CURRENT PREVIOUS ALL	current
v	Managed Antivirus engine version 1 VIPRE engine 2 Bitdefender engine From Dashboard 2019.08.13 this call defaults to version 2 (Bitdefender).	integer	1 2	2

Determine parameter values

Use the following associated service calls to determine parameter values.

Parameter	Call	URL Format
deviceid	list_devices_at_client	`https://{SERVER}/api/?apikey=yourAPIkey&service=list_devices_at_client&clientid=CLIENTID&devicetype=server`
	list_servers	`https://{SERVER}/api/?apikey=yourAPIkey&service=list_servers&siteid=SITEID`
	list_workstations	`https://{SERVER}/api/?apikey=yourAPIkey&service=list_workstations&siteid=SITEID`
siteid	list_sites	`https://{SERVER}/api/?apikey=yourAPIkey&service=list_sites&clientid=CLIENTID`
clientid	list_clients	`https://{SERVER}/api/?apikey=yourAPIkey&service=list_clients`

Examples

List the contents of the MAV quarantine

https://{SERVER}/api/?apikey={yourAPIkey}&service=list_mav_quarantine&deviceid=DEVICEID&items=ITEMS&v=VERSION

Example response

<?xml version="1.0" ?>
<result created="2013-10-09T10:55:41+01:00" host="SERVER" status="OK">
  <quarantined_item>
    <quarantine_id>[unique id for the quarantine item]</quarantine_id>
    <scan_start>[start date and time of scan which quarantined this item]</scan_start>
    <scan_end>[end date and time of scan which quarantined this item]</scan_end>
    <guid>[unique quarantine identifier on the device]</guid>
    <threat_name>[name of threat]</threat_name>
    <threat_category>[category of threat]</threat_category>
    <status>
      [if current item, one of: QUARANTINED, RELEASE_PENDING, DELETE_PENDING, FAILED_TO_RELEASE, FAILED_TO_DELETE]
      [if previous item, one of: RELEASED, DELETED]
    </status>
    <scan_type>[one of: QUICK, DEEP, ACTIVE, CUSTOM]</scan_type>
    <traces>
      <trace>
        <type>[see list_mav_scans trace types]</type>
        <description>[description of what has been quarantined]</description>
      </trace>
      [...more trace entries if they exist...]
    </traces>
  </quarantined_item>
  [...more quarantined_item entries if they exist...]
</result>

Returned fields

A result element containing zero or more entries (quarantined_item elements in XML), each quarantined_item having:

Field	Description
quarantine_id	Unique id for the quarantined item For the Bitdefender engine the value is the same as the guid field below
scan_start	Start time of scan For the VIPRE engine the time is in UTC. For the Bitdefender engine this field may be blank (Bitdefender can not always link quarantine items with scans) if it is provided the time will be in agent local time.
scan_end	End time of scan For the VIPRE engine the time is in UTC. For the Bitdefender engine this field may be blank (Bitdefender can not always link quarantine items with scans) if it is provided the time will be in agent local time.
guid	Unique identifier on the device for this quarantine item For the Bitdefender engine the value is an integer rather than a true 'GUID' and is the same as the quarantine_id field above. The value returned can however be passed into the 'guids' parameter of the mav_quarantine_release or mav_quarantine_remove services.
threat_name	Name of threat
threat_category	Category of threat Note: the threat category names can differ between the VIPRE and Bitdefender engines
status	Quarantine item status, one of VIPRE Engine QUARANTINED RELEASE_PENDING RELEASED DELETE_PENDING DELETED REPORTED FAILED_TO_QUARANTINE FAILED_TO_RELEASE FAILED_TO_DELETE Bitdefender Engine Quarantined Deleted Restored
scan_type	Scan type, one of: VIPRE Engine QUICK DEEP ACTIVE CUSTOM For the Bitdefender engine this field may be blank (Bitdefender can not always link quarantine items with scans). If a value is present it will be one of: Bitdefender Engine Active Protection Quick Deep Custom Behavioral IDS
traces	List of threats, each threat having: type Trace type, one of: VIPRE Engine COOKIE DLL_EXPORT PROCESS SYSTEM_DLL REGISTRY_ENTRY EXPORT FILE MASTER_BOOT_RECORD FOLDER ROOTKIT ARCHIVE SYSTEM_MODULE PROCESS_MODULE HOOK DEVICE_DRIVER UNKNOWN For the Bitdefender engine this field may be blank, but if a value is present it will be one of: Bitdefender Engine File Http Cookie POP3 SMTP Process Boot Sector Registry ADS Stream description Trace description strings, could be: a filename a registry key with value a reference to a process etc Note: for the Bitdefender engine each quarantined item will always have exactly one trace element.
engine	Managed Antivirus engine where this data originates from, either VIPRE or Bitdefender (field only present where v>1)