此监视器检测恶意软件爆发。
当已清除和活动的感染出现在超过总数 5%(默认)的计算机上时,此监视器将检测到这两类恶意软件爆发。
如果在 60 分钟的时间范围内有超过总数 5% 的计算机受到感染,则将生成一条警报。 可通过重写监视器对此进行配置。
建议您调查此行为的根本原因。
Target | Microsoft.FEP.SecurityRootCause.MalwareActivity |
Parent Monitor | Microsoft.FEP.MalwareOutbreak.FEP.Aggregate.Monitor |
Category | Custom |
Enabled | True |
Alert Generate | False |
Alert Auto Resolve | True |
Monitor Type | Microsoft.FEP.SecurityRootCause.MalwareActivity.OutbreakMonitorType |
Remotable | True |
Accessibility | Public |
RunAs | Default |
<UnitMonitor ID="Microsoft.FEP.SecurityRootCause.MalwareActivity.OutbreakMonitor" Accessibility="Public" Enabled="true" Target="FEPLibrary!Microsoft.FEP.SecurityRootCause.MalwareActivity" ParentMonitorID="Microsoft.FEP.MalwareOutbreak.FEP.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="FEPLibrary!Microsoft.FEP.SecurityRootCause.MalwareActivity.OutbreakMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<OperationalStates>
<OperationalState ID="MalwareActivityDetectedID" MonitorTypeStateID="MalwareActivityDetected" HealthState="Error"/>
<OperationalState ID="TimerResetID" MonitorTypeStateID="TimerReset" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<TimerWaitInSeconds>3600</TimerWaitInSeconds>
</Configuration>
</UnitMonitor>