Home
  •  

EnginesOutOfDateE

EnginesOutOfDateE_2_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

This event checks the last updated time for the engines that have been enabled for updates.

If none of the engines enabled for updates have been updated in a week, an error event is generated.

 
Causes
  1. Network Throughput issues
  2. Low bandwidth
  3. Issues with Rapid Update Server
  4. The A/V vendor has not provided updates in a week (very unlikely)
 
Resolutions
  1. Make sure the HTTP proxy is configured properly.
  2. Make sure that there are no network issues.
  3. Make sure that the UNC configuration settings are appropriate.
 
© 2006 Microsoft Corporation, all rights reserved.

Element properties:

TargetFSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation
CategoryEventCollection
EnabledTrue
Event_ID7007
Event SourceMicrosoft Forefront Security
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
EnginesOutOfDateE
Event LogApplication
CommentMom2005ID='{2A9C58BA-3F6F-4B6D-9E3F-7E4B2C60320F}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="EnginesOutOfDateE_2_Rule" Comment="Mom2005ID='{2A9C58BA-3F6F-4B6D-9E3F-7E4B2C60320F}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>7007</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Microsoft Forefront Security</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="EnginesOutOfDateE_2_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters/>

      <Suppression/>

      <Custom1>Microsoft Forefront Server Security</Custom1>

      <Custom2/>

      <Custom3>EngineUpdateFailure</Custom3>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>