Home
  •  

Antimalware Engine

Microsoft.FEP.ProtectedServer.AMStatus.Monitor (UnitMonitor)

This monitor tracks the health of the antimalware client and service.

Knowledge Base article:

Summary

It is recommended that the antimalware service is running at all times.

Configuration

The monitor reports a Critical state when the antimalware service in the client machine is not running or not responsive, or when the antimalware engine is not working properly.

Causes

There are cases in which malware activity disables the antimalware service. It is recommended that you investigate the root cause of the failure.

Resolutions

Attempt to restart the antimalware engine on the computer. After the antimalware service is running, it is recommended to rescan the computer for threats.

External

http://go.microsoft.com/fwlink/?LinkId=204703.

Element properties:

TargetMicrosoft.FEP.ProtectedServer
Parent MonitorMicrosoft.FEP.ProtectedServer.FEP.Aggregate.Monitor
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.FEP.SecurityVulnerability.AMEngineMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Antimalware Engine Malfunction
The antimalware service is not running, or the antimalware engine is corrupted. To restart the service, run the recovery task in Health Explorer.

Client version: {0}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.FEP.ProtectedServer.AMStatus.Monitor" Accessibility="Public" Enabled="true" Target="FEPLibrary!Microsoft.FEP.ProtectedServer" ParentMonitorID="Microsoft.FEP.ProtectedServer.FEP.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="FEPLibrary!Microsoft.FEP.SecurityVulnerability.AMEngineMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.FEP.ProtectedServer.AMStatus.Monitor.Alert">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="FEPLibrary!Microsoft.FEP.ProtectedServer"]/ClientVer$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="RunningID" MonitorTypeStateID="Enabled" HealthState="Success"/>

    <OperationalState ID="StoppedID" MonitorTypeStateID="Disabled" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <DelayTime>20</DelayTime>

  </Configuration>

</UnitMonitor>