This monitor tracks whether additional actions must be performed after malware has been blocked and removed from a computer.
Some types of malware may require additional actions to confirm their complete removal from the computer.
It is advised to keep this alert turned on with the default configuration.
Follow the alert description. You may be required to launch a full scan, run an offline scan tool, perform manual steps, or restart the computer. You can restart a computer by using a recovery task in Health Explorer.
Target | Microsoft.FEP.SecurityRootCause.MalwareActivity |
Parent Monitor | System.Health.SecurityState |
Algorithm | WorstOf |
Source Monitor | Microsoft.FEP.ProtectedServer.PendingAdditionalActions.Monitor |
Relationship | Microsoft.FEP.MalwareActivityReferencesProtectedServer |
Category | Custom |
Enabled | True |
Alert Generate | False |
Alert Auto Resolve | False |
Remotable | True |
Accessibility | Public |
<DependencyMonitor ID="Microsoft.FEP.SecurityRootCause.MalwareActivity.PendingAdditionalActions.Monitor" Accessibility="Public" Enabled="true" Target="FEPLibrary!Microsoft.FEP.SecurityRootCause.MalwareActivity" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" RelationshipType="FEPLibrary!Microsoft.FEP.MalwareActivityReferencesProtectedServer" MemberMonitor="Microsoft.FEP.ProtectedServer.PendingAdditionalActions.Monitor">
<Category>Custom</Category>
<Algorithm>WorstOf</Algorithm>
<MemberUnAvailable>Error</MemberUnAvailable>
</DependencyMonitor>