An asterisk * in the title indicates the field is mandatory.
If a field has a default value, it is shown in the Description column.
If the field type is an array, the Field Name has a .[n] suffix, where n is the array index placeholder.
Object and array field names are listed to provide context. If a field belongs to an object or an array, the full field name is shown in dot separated notation.

Title		Description	Details
UpdateFrequency *		The UpdateFrequency parameter specifies the frequency interval in minutes to check for malware scanning engine updates. Valid input for this parameter is an integer between 1 and 38880 (27 days). The default value is 60 (one hour). The locations to check for updates are specified by the PrimaryUpdatePath and SecondaryUpdatePath parameters.	Field Name: UpdateFrequency Type: Integer
WhenCreatedUTC *			Field Name: WhenCreatedUTC Type: String Format: date-time
OrganizationId *			Field Name: OrganizationId Type: String
ForceRescan *		The ForceRescan parameter specifies that messages should be scanned by the malware agent, even if the message was already scanned by Exchange Online Protection. Valid input for this parameter is $true or $false. The default value is $false.	Field Name: ForceRescan Type: Boolean
ScanTimeout *		The ScanTimeout parameter specifies the timeout interval in seconds for messages that can't be scanned by the malware filter. Valid input for this parameter is an integer between 10 and 900. The default value is 300 (5 minutes).	Field Name: ScanTimeout Type: Integer
PSShowComputerName			Field Name: PSShowComputerName Type: Boolean
MinimumSuccessfulEngineScans *		This parameter is reserved for internal Microsoft use.	Field Name: MinimumSuccessfulEngineScans Type: Integer
	ObjectClass		Field Name: ObjectClass.[n] Type: Array
UpdateTimeout *		The UpdateTimeout parameter specifies the timeout interval in seconds to use when checking for malware scanning engine updates. Valid input for this parameter is an integer between 60 and 300. The default value is 150 seconds (2.5 minutes). If the location specified by the PrimaryUpdatePath parameter is unavailable for the time period specified by the UpdateTimeout parameter value, the location specified by the SecondaryUpdatePath parameter is used.	Field Name: UpdateTimeout Type: Integer
PSComputerName			Field Name: PSComputerName Type: String
DeferWaitTime *		The DeferWaitTime parameter specifies the time period in minutes to increase the interval to resubmit messages for malware filtering in an effort to reduce the workload on the server. For example, the first retry after the original failed scan occurs after the interval specified by the DeferWaitTime parameter. The second retry after the first retry occurs after two times the value of the DeferWaitTime parameter. The third retry after the second retry occurs after three times the value of the DeferWaitTime parameter, and so on. The maximum number of retries is controlled by the DeferAttempts parameter. Valid input for this parameter is an integer between 0 and 15. The default value is 5. This means the first resubmit occurs 5 minutes after the original failed scan, the second retry occurs 10 minutes after the first retry, the third retry occurs 15 minutes after the second retry, and so on. The value 0 means messages are resubmitted for malware filtering after any failed scanning attempts without any delay.	Field Name: DeferWaitTime Type: Integer
Identity *		The Identity parameter specifies the server where you want to view the anti-malware settings. You can use any value that uniquely identifies the server. For example: Name FQDN Distinguished name (DN) Exchange Legacy DN	Field Name: Identity Type: String
DistinguishedName *			Field Name: DistinguishedName Type: String
OriginatingServer *			Field Name: OriginatingServer Type: String
Name *			Field Name: Name Type: String
Fqdn *			Field Name: Fqdn Type: String
PrimaryUpdatePath *		The PrimaryUpdatePath parameter specifies where to download malware scanning engine updates. The default value is http://forefrontdl.microsoft.com/server/scanengineupdate. The location specified by the PrimaryUpdatePath parameter is always tried first.	Field Name: PrimaryUpdatePath Type: String
WhenCreated *			Field Name: WhenCreated Type: String Format: date-time
BypassFiltering *		The BypassFiltering parameter temporarily bypasses malware filtering without disabling the Malware agent on the server. The Malware agent is still active, and the agent is still called for every message, but no malware filtering is actually performed. This allows you to temporarily disable and then enable malware filtering on the server without disrupting mail flow by restarting the Microsoft Exchange Transport service. Valid input for this parameter is $true or $false. The default value is $false.	Field Name: BypassFiltering Type: Boolean
ExchangeVersion *			Field Name: ExchangeVersion Type: String
SecondaryUpdatePath *		The SecondaryUpdatePath parameter specifies an alternate download location for malware scanning engine updates. The default values is blank ($null). This means no alternate download location is specified. The alternate download location is used when the location specified by the PrimaryUpdatePath parameter is unavailable for the time period specified by the UpdateTimeout parameter. On the next malware scanning engine update, the location specified by the PrimaryUpdate path parameter is tried first.	Field Name: SecondaryUpdatePath Type: String
IsValid *			Field Name: IsValid Type: Boolean
DeferAttempts *		The DeferAttempts parameter specifies the maximum number of times to defer a message that can't be scanned by the Malware agent. Valid input for this parameter is an integer between 1 and 5. The default value is 3. After the maximum number of deferrals is reached, the action taken by the Malware agent depends on the error. For scan timeouts and engine errors, the action is to fail the message and return a non-delivery report (NDR) to the sender immediately after the last defer attempt. For all other errors, the message is retried for up to 48 hours, with each retry attempt taking place one hour longer than the last one. For example, starting after the last defer attempt, the first retry attempt will occur in 1 hour, the next retry attempt will occur 2 hours after that, the next retry attempt will occur 3 hours after the second retry attempt, and so on for up to 48 hours. After 48 hours have elapsed, the action is to fail the message and return a non-delivery report (NDR) to the sender.	Field Name: DeferAttempts Type: Integer
WhenChanged *			Field Name: WhenChanged Type: String Format: date-time
WhenChangedUTC *			Field Name: WhenChangedUTC Type: String Format: date-time
ScanErrorAction *		The ScanErrorAction parameter specifies the action to take when a message can't be scanned by the malware filter. Valid values for this parameter are Block or Allow. The default value is Block.	Field Name: ScanErrorAction Type: String
ObjectState *			Field Name: ObjectState Type: String
RunspaceId			Field Name: RunspaceId Type: String
Guid *			Field Name: Guid Type: String
ObjectCategory *			Field Name: ObjectCategory Type: String

Model: device/exchange/MalwareFilteringServer

Model Details: device/exchange/MalwareFilteringServer