This monitor detects a malware outbreak.
This monitor detects a malware outbreak of both cleaned and active infections when they occur on more than 5% (by default) of the total number of computers.
An alert will result when more than 5% of the total number of computers are infected within a 60 minute timeframe. This is configurable by overriding the monitor.
It is recommended that you investigate the root cause of this behavior.
| Target | Microsoft.FEP.SecurityRootCause.MalwareActivity |
| Parent Monitor | Microsoft.FEP.MalwareOutbreak.FEP.Aggregate.Monitor |
| Category | Custom |
| Enabled | True |
| Alert Generate | False |
| Alert Auto Resolve | True |
| Monitor Type | Microsoft.FEP.SecurityRootCause.MalwareActivity.OutbreakMonitorType |
| Remotable | True |
| Accessibility | Public |
| RunAs | Default |
Home
ENU <UnitMonitor ID="Microsoft.FEP.SecurityRootCause.MalwareActivity.OutbreakMonitor" Accessibility="Public" Enabled="true" Target="FEPLibrary!Microsoft.FEP.SecurityRootCause.MalwareActivity" ParentMonitorID="Microsoft.FEP.MalwareOutbreak.FEP.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="FEPLibrary!Microsoft.FEP.SecurityRootCause.MalwareActivity.OutbreakMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<OperationalStates>
<OperationalState ID="MalwareActivityDetectedID" MonitorTypeStateID="MalwareActivityDetected" HealthState="Error"/>
<OperationalState ID="TimerResetID" MonitorTypeStateID="TimerReset" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<TimerWaitInSeconds>3600</TimerWaitInSeconds>
</Configuration>
</UnitMonitor>