MECM Multiple Malware Detection Monitor - MECM.MultipleMalwareDetection.EPAlertState.Monitor (UnitMonitor)

MECM.MultipleMalwareDetection.EPAlertState.Monitor (UnitMonitor)

This monitor forwards the Configuration Manager multiple malware detection alert to the Configuration Manager console.

Knowledge Base article:

Summary

Configuration Manager generates an alert when it detects that within a specified time interval, the number of malware types that are found on a device exceeds the Multiple malware detection threshold.

To change the alert threshold

Open the Configuration Manager console.
Navigate to the collection and open its properties.
In the properties dialog, click the Alert tab.
Modify the Multiple malware outbreak threshold.

Causes

Configuration Manager detected that the number of malware types on a device exceed the Multiple malware detection threshold

Resolutions

Check the Endpoint Protection dashboard and reports in the Configuration Manager console for detailed information about the devices and the detected malware.
Remove the malware.

Element properties:

Target

MECM.AlertMultipleMalwareDetection

Parent Monitor

System.Health.ConfigurationState

Category

Custom

Enabled

False

Alert Generate

True

Alert Severity

MatchMonitorHealth

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

MECM.EPAlertState.MT

Remotable

True

Accessibility

Public

Alert Message

MECM Multiple malware infections detected on devices

The number of malware types detected on the device in the collection exceeds the multiple malware threshold. Check Configuration Manager console for details.

RunAs

Default

Source Code:

<UnitMonitor ID="MECM.MultipleMalwareDetection.EPAlertState.Monitor" Accessibility="Public" Enabled="false" Target="MECM.AlertMultipleMalwareDetection" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="MECM.EPAlertState.MT" ConfirmDelivery="true"> <Category>Custom</Category> <AlertSettings AlertMessage="MECM.MultipleMalwareDetection.EPAlertState.Monitor.AlertMessage"> <AlertOnState>Warning</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>MatchMonitorHealth</AlertSeverity> </AlertSettings> <OperationalStates> <OperationalState ID="UIGeneratedOpStateIdb367706842774d63a99f698b110d3177" MonitorTypeStateID="Good" HealthState="Success"/> <OperationalState ID="UIGeneratedOpStateId1b4789d8240b4645aac7bc231b46353f" MonitorTypeStateID="Warning" HealthState="Warning"/> <OperationalState ID="UIGeneratedOpStateIdcad04264ebff4364a286fb2212e571da" MonitorTypeStateID="Error" HealthState="Error"/> </OperationalStates> <Configuration> <TypeId>$Target/Property[Type="MECM.AlertBaseClass"]/TypeId$</TypeId> <TypeInstanceId>$Target/Property[Type="MECM.AlertBaseClass"]/TypeInstanceId$</TypeInstanceId> <IntervalSeconds>900</IntervalSeconds> <ProviderLocation>$Target/Host/Property[Type="MECM.SiteServer"]/ProviderLocation$</ProviderLocation> <SiteCode>$Target/Host/Property[Type="MECM.Server"]/SiteCode$</SiteCode> </Configuration> </UnitMonitor>