MECM Malware Outbreak Monitor - MECM.MalwareOutBreak.EPAlertState.Monitor (UnitMonitor)

MECM.MalwareOutBreak.EPAlertState.Monitor (UnitMonitor)

This monitor forwards the Configuration Manager malware outbreak alert to the Configuration Manager console.

Knowledge Base article:

Summary

Configuration Manager generates an alert when it detects that the percentage of devices infected with malware in a specific collection exceeds the preset threshold.

To change the alert threshold

Open the Configuration Manager console.
Navigate to the collection and open its properties.
In the properties dialog, click the Alert tab.
Modify the Malware outbreak threshold.

Causes

Configuration Manager detected that multiple devices in a collection are infected with malware.

Resolutions

Check the Endpoint Protection dashboard and reports in the Configuration Manager console for detailed information about the devices and the detected malware.
Remove the malware.

Element properties:

Target

MECM.AlertMalwareOutbreak

Parent Monitor

System.Health.ConfigurationState

Category

Custom

Enabled

False

Alert Generate

True

Alert Severity

MatchMonitorHealth

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

MECM.EPAlertState.MT

Remotable

True

Accessibility

Public

Alert Message

MECM Malware outbreak detected on devices

The number of devices that are infected with malware in the collection is over the malware outbreak threshold. Check the Configuration Manager console for details.

RunAs

Default

Source Code:

<UnitMonitor ID="MECM.MalwareOutBreak.EPAlertState.Monitor" Accessibility="Public" Enabled="false" Target="MECM.AlertMalwareOutbreak" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="MECM.EPAlertState.MT" ConfirmDelivery="true"> <Category>Custom</Category> <AlertSettings AlertMessage="MECM.MalwareOutBreak.EPAlertState.Monitor.AlertMessage"> <AlertOnState>Warning</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>MatchMonitorHealth</AlertSeverity> </AlertSettings> <OperationalStates> <OperationalState ID="UIGeneratedOpStateId8c574989e65a4716ba644c45c1bb6d12" MonitorTypeStateID="Good" HealthState="Success"/> <OperationalState ID="UIGeneratedOpStateId7f3f32f712d546e3bfab79576eca2eb7" MonitorTypeStateID="Warning" HealthState="Warning"/> <OperationalState ID="UIGeneratedOpStateId0e55b9e6856542118df8882925d7f35c" MonitorTypeStateID="Error" HealthState="Error"/> </OperationalStates> <Configuration> <TypeId>$Target/Property[Type="MECM.AlertBaseClass"]/TypeId$</TypeId> <TypeInstanceId>$Target/Property[Type="MECM.AlertBaseClass"]/TypeInstanceId$</TypeInstanceId> <IntervalSeconds>900</IntervalSeconds> <ProviderLocation>$Target/Host/Property[Type="MECM.SiteServer"]/ProviderLocation$</ProviderLocation> <SiteCode>$Target/Host/Property[Type="MECM.Server"]/SiteCode$</SiteCode> </Configuration> </UnitMonitor>