此监视器跟踪失败的恶意软件清除操作。
此监视器跟踪失败的恶意软件清除操作。 如果客户端报告它未能清除恶意软件,则此监视器将报告“严重”状态。
建议使用默认配置保持此警报为打开状态。
按照警报说明进行操作。 可能要求您启动完全扫描,重新启动计算机,运行脱机扫描工具或执行手动步骤。
Target | Microsoft.FEP.ProtectedServer | ||
Parent Monitor | Microsoft.FEP.ProtectedServer.FEP.Aggregate.Monitor | ||
Category | SecurityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.FEP.SecurityRootCause.MalwareActivity.ActiveMalwareMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.FEP.ProtectedServer.ActiveMalware.Monitor" Accessibility="Public" Enabled="true" Target="FEPLibrary!Microsoft.FEP.ProtectedServer" ParentMonitorID="Microsoft.FEP.ProtectedServer.FEP.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="FEPLibrary!Microsoft.FEP.SecurityRootCause.MalwareActivity.ActiveMalwareMonitorType" ConfirmDelivery="true">
<Category>SecurityHealth</Category>
<AlertSettings AlertMessage="Microsoft.FEP.ProtectedServer.ActiveMalware.Monitor.Alert">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='CriticallyFailedThreatName']$</AlertParameter1>
<AlertParameter2>$Data/Context/Property[@Name='CriticallyFailedDetectionTime']$</AlertParameter2>
<AlertParameter3>$Data/Context/Property[@Name='CriticallyFailedSeverity']$</AlertParameter3>
<AlertParameter4>$Data/Context/Property[@Name='CriticallyFailedCategory']$</AlertParameter4>
<AlertParameter5>$Data/Context/Property[@Name='CriticallyFailedFWLink']$</AlertParameter5>
<AlertParameter6>$Data/Context/Property[@Name='CriticallyFailedPath']$</AlertParameter6>
<AlertParameter7>$Data/Context/Property[@Name='CriticallyFailedAdditionalActions']$</AlertParameter7>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="NoMalware" MonitorTypeStateID="NoMalware" HealthState="Success"/>
<OperationalState ID="ActiveMalware" MonitorTypeStateID="ActiveMalware" HealthState="Error"/>
</OperationalStates>
<Configuration>
<TimeoutSeconds>600</TimeoutSeconds>
</Configuration>
</UnitMonitor>