locked
Windows Defender API to scan a directory for malwares RRS feed

  • Question

  • Using Windows Defender API , I'm trying to do a scan for malwares on a folder. 

    Following The documentation I wrote the code:

    MPRESOURCE_INFO ResourceInfo = { 0 };
    MPSCAN_RESOURCES ScanResource = { 0 };
    PMPRESOURCE_INFO ResourceInfoArray = NULL;

    ...

    ResourceInfo.Scheme = L"dir";
    ResourceInfo.Path = L"C:\\temp";
    ResourceInfo.Class = 0;

    // ResourceInfoArray was Allocated before

    *ResourceInfoArray = ResourceInfo;

    ScanResource.dwResourceCount = 1;
    ScanResource.pResourceList = ResourceInfoArray;

    // Opened hMpManager before using MpScanStart

    hRetval = MpScanStart(hMpManager, MPSCAN_TYPE_RESOURCE, 0, &ScanResource, NULL, &ScanHnadle);

    From which I get an error message: "An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. "

    However If I change the ResourceInfo definition to:

    ResourceInfo.Scheme = L"file";
    ResourceInfo.Path = L"C:\\temp\\MyFile.exe";
    ResourceInfo.Class = 0;

    It works great, detecting the file in the right way.

    On the bottom line - the code works for files, but doesn't work for directories.

    Does anyone know what am I doing wrong with the directory search?

    Tuesday, April 25, 2017 10:18 AM