Home
  •  

Antimalware Service Monitor

Microsoft.SCEP.Linux.AMService.Monitor (UnitMonitor)

This monitor tracks the health of the Linux Antimalware Service.

Knowledge Base article:

Summary

It is recommended that the antimalware service is running at all times.

Configuration

The monitor reports a Critical state when the antimalware service in the client machine is not running or not responsive, or when the antimalware engine is not working properly.

Causes

There are cases in which malware activity disables the antimalware service. It is recommended that you investigate the root cause of the failure.

Resolutions

Access the computer and launch System Center Endpoint Protection application. Look for errors and follow on screen instructions. As an alternative try to start/restart the antimalware service. If that fails too, try uninstalling and re-installing the System Center Endpoint Protection client on the computer.

Element properties:

TargetMicrosoft.SCEP.Linux.ProtectedServer
Parent MonitorMicrosoft.SCEP.Linux.ProtectedServer.Agregate.Monitor
CategorySecurityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Unix.WSMan.Process.Status.MonitorType
RemotableTrue
AccessibilityPublic
Alert Message
System Center Endpoint Protection Antimalware Service is down
System Center Endpoint Protection Antimalware Service is either stopped or down.

Computer name: {0}
Client version: {1}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.SCEP.Linux.AMService.Monitor" Accessibility="Public" Enabled="true" Target="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServer" ParentMonitorID="Microsoft.SCEP.Linux.ProtectedServer.Agregate.Monitor" Remotable="true" Priority="Normal" TypeID="Unix!Microsoft.Unix.WSMan.Process.Status.MonitorType" ConfirmDelivery="true">

  <Category>SecurityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.SCEP.Linux.AMService.Monitor_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServer"]/ComputerId$</AlertParameter1>

      <AlertParameter2>$Target/Property[Type="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServer"]/ClientVer$</AlertParameter2>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateId6a454f8e500c4bccb56b8d0ba5d3f3e7" MonitorTypeStateID="Running" HealthState="Success"/>

    <OperationalState ID="UIGeneratedOpStateId80425feabe0e4d0f8a8892827693bc76" MonitorTypeStateID="NotRunning" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <TargetSystem>$Target/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/NetworkName$</TargetSystem>

    <ProcessName>scep_daemon</ProcessName>

    <Interval>300</Interval>

  </Configuration>

</UnitMonitor>