Home
  •  

Antimalware Definitions

Microsoft.FEP.ProtectedServer.AntimalwareDefinitions.Monitor (UnitMonitor)

This monitor detects whether there is a valid definitions file. If the definitions file is missing or corrupt, the monitor will enter a Critical state.

Knowledge Base article:

Summary

Up-to-date definitions help ensure that the computer is protected against the most recent malware threats.

Causes

The most common cause is a missing definitions file after a client installation that failed to update properly.

Resolutions

Verify that WSUS is running and that the client computer has connectivity to Windows Update. Then, update antimalware definitions on the client computer.

Element properties:

TargetMicrosoft.FEP.ProtectedServer
Parent MonitorMicrosoft.FEP.ProtectedServer.FEP.Aggregate.Monitor
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.FEP.SecurityVulnerability.AntimalwareDefinitions.MonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Definitions Not Present
The definitions file used by the Forefront Endpoint Protection client on '{0}' is not present and may have been removed.

Definition update method: {1}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.FEP.ProtectedServer.AntimalwareDefinitions.Monitor" Accessibility="Public" Enabled="true" Target="FEPLibrary!Microsoft.FEP.ProtectedServer" ParentMonitorID="Microsoft.FEP.ProtectedServer.FEP.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="FEPLibrary!Microsoft.FEP.SecurityVulnerability.AntimalwareDefinitions.MonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.FEP.ProtectedServer.AntimalwareDefinitions.Monitor.Alert">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="System!System.Entity"]/DisplayName$</AlertParameter1>

      <AlertParameter2>$Target/Property[Type="FEPLibrary!Microsoft.FEP.ProtectedServer"]/SigsDownloadLocation$</AlertParameter2>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="ExistsID" MonitorTypeStateID="Healthy" HealthState="Success"/>

    <OperationalState ID="RemovedID" MonitorTypeStateID="Critical" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <DelayTime>20</DelayTime>

  </Configuration>

</UnitMonitor>