New SystemInsights sample, update Antimalware sample

AmsiProvider: Fix return value of Scan method.
Use AMSI_RESULT_NOT_DETECTED to allow other
providers to scan it.

Samples/AmsiProvider/AmsiProvider.cpp

@@ -184,7 +184,8 @@ HRESULT SampleAmsiProvider::Scan(_In_ IAmsiStream* stream, _Out_ AMSI_RESULT* re
 
     TraceLoggingWrite(g_traceLoggingProvider, "Scan End", TraceLoggingValue(requestNumber));
 
-    *result = AMSI_RESULT_CLEAN;
+    // AMSI_RESULT_NOT_DETECTED means "We did not detect a problem but let other providers scan it, too."
+    *result = AMSI_RESULT_NOT_DETECTED;
     return S_OK;
 }
 

Samples/SystemInsights/README.md

@@ -0,0 +1,37 @@
+# System Insights sample capability
+
+This sample demonstrates how to write a capability in [System Insights](https://aka.ms/systeminsights). This sample demonstrates how to:
+
+- Specify capability metadata, such as the version, publisher, and description.
+- Register the data sources to collect and persist locally.
+- Make a prediction by reading the data sources that System Insights has collected and persisted. 
+- Return prediction results to System Insights.
+- Cancel a prediction.
+
+## Related topics
+
+[System Insights overview](https://aka.ms/systeminsights)
+
+[Adding and developing capabilities](https://aka.ms/systeminsights-addcapabilities)
+
+## Operating system requirements
+**Server:** Windows Server Insider Preview build 17723 and later
+
+## Build the sample
+1. Start Microsoft Visual Studio and select **File** > **Open** > **Project/Solution**.
+2. Open **SampleCapability.sln**, a Visual Studio Solution file.
+3. Press F7 or use **Build** > **Build Solution** to build the sample. 
+
+## Run the sample
+After you've created the capability library, you need to add the capability to System Insights.
+1. Confirm you're running the a version of Windows Server which has the System Insights feature installed.
+    - This sample requires Windows Server Insider Preview build 17723 or later.
+2. Copy the capability library onto the server. 
+3. Add the capability using the **Add-InsightsCapability** cmdlet:
+
+```PowerShell
+Add-InsightsCapability -Name "Sample capability" -Library "C:\SampleCapability.dll"
+```
+4. Invoke the capability using the **Invoke-InsightsCapability** cmdlet. Note that System Insights may not have collected any data yet if you invoke the capability immediately after adding it.
+
+

Samples/SystemInsights/cs/Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("SampleCapability")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("SampleCapability")]
+[assembly: AssemblyCopyright("Copyright ©  2018")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("ee69abb9-fbae-4724-919a-8387b7f582ee")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

Samples/SystemInsights/cs/SampleCapability.csproj

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Release</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">amd64</Platform>
+    <ProjectGuid>{EE69ABB9-FBAE-4724-919A-8387B7F582EE}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>SampleCapability</RootNamespace>
+    <AssemblyName>SampleCapability</AssemblyName>
+    <TargetFrameworkVersion>v4.7.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <PlatformTarget>x64</PlatformTarget>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>bin\x64\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+    <OutputPath>bin\x64\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.SystemInsights.Capability, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.WindowsServer.SystemInsights.10.0.17723.1000-180720-1452.rs5-release.amd64fre\lib\net47\Microsoft.SystemInsights.Capability.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.SystemInsights.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.WindowsServer.SystemInsights.10.0.17723.1000-180720-1452.rs5-release.amd64fre\lib\net47\Microsoft.SystemInsights.Common.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="SampleInsightsCapability.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="packages.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

Samples/SystemInsights/cs/SampleCapability.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.27703.2042
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SampleCapability", "SampleCapability.csproj", "{EE69ABB9-FBAE-4724-919A-8387B7F582EE}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{EE69ABB9-FBAE-4724-919A-8387B7F582EE}.Debug|x64.ActiveCfg = Debug|x64
+		{EE69ABB9-FBAE-4724-919A-8387B7F582EE}.Debug|x64.Build.0 = Debug|x64
+		{EE69ABB9-FBAE-4724-919A-8387B7F582EE}.Release|x64.ActiveCfg = Release|x64
+		{EE69ABB9-FBAE-4724-919A-8387B7F582EE}.Release|x64.Build.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {30ABC7DA-93C2-419B-A351-EFC20A9E9FD4}
+	EndGlobalSection
+EndGlobal