當惡意程式碼檢查篩選器需要用於累積內容的磁碟總空間超過可用的磁碟空間時,此規則會產生警示。
惡意程式碼檢查篩選器為了累積惡意程式碼檢查的內容而用盡磁碟總空間。
嘗試進行的阻絕服務 (DoS) 攻擊可能會因為惡意程式碼檢查而過度使用磁碟空間。
如果是合法流量,請考慮釋出更多磁碟空間,以便將累積資料夾重新定位到包含更多可用空間的磁碟機,或更換成更大的磁碟。
Target | Microsoft.Forefront.TMG.WebProxy.ServerComponent |
Category | EventCollection |
Enabled | True |
Alert Generate | False |
Remotable | True |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Forefront.TMG.Rule.AlertGenerate.DS | Default |
WA | WriteAction | Microsoft.Forefront.TMG.Rule.AlertGenerate.WA | Default |
<Rule ID="Microsoft.Forefront.TMG.The_amount_of_disk_space_that_the_Malware_Inspection_Filter_needs_for_the_accumulation_of_content_exceeded_the_available_disk_space.Rule" Enabled="true" Target="Microsoft.Forefront.TMG.WebProxy.ServerComponent" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.DS">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<EventsPattern>^(23460)$</EventsPattern>
<EventType>1</EventType>
<SourcePattern>Microsoft Forefront TMG Web Proxy</SourcePattern>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Microsoft.Forefront.TMG.Rule.AlertGenerate.WA">
<AlertMessageId>$MPElement[Name="Microsoft.Forefront.TMG.The_amount_of_disk_space_that_the_Malware_Inspection_Filter_needs_for_the_accumulation_of_content_exceeded_the_available_disk_space.AlertMessage"]$</AlertMessageId>
<DomainName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/DomainDnsName$</DomainName>
<Priority>1</Priority>
<Severity>2</Severity>
</WriteAction>
</WriteActions>
</Rule>