Home
  •  

惡意軟體防護引擎監視器

Microsoft.SCEP.Linux.AMStatus.Monitor (UnitMonitor)

此監視器會追蹤 Linux 惡意軟體防護引擎的狀態。

Knowledge Base article:

摘要

建議您讓惡意軟體防護隨時保持啟用的狀態。

配置

當惡意軟體防護為停用狀態時,監視器會報告發生「警告」狀態。

原因

在某些情況下,惡意軟體活動會停用惡意軟體防護。建議您調查失敗的根本原因。

解決方法

您可以 使用 Operations Manager 中的內建工作、變更佈署原則或變更用戶端電腦的本機配置, 以啟用惡意軟體防護。

Element properties:

TargetMicrosoft.SCEP.Linux.ProtectedServer
Parent MonitorMicrosoft.SCEP.Linux.ProtectedServer.Agregate.Monitor
CategorySecurityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.SCEP.Linux.RTPStatus.MonitorType
RemotableTrue
AccessibilityPublic
Alert Message
已停用惡意軟體防護
System Center Endpoint Protection 用戶端偵測到 '{0}' 上的惡意軟體防護已停用。

如果停用惡意軟體防護是此電腦需要的原則,建議您覆寫「惡意軟體防護」監視器。
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.SCEP.Linux.AMStatus.Monitor" Accessibility="Public" Enabled="true" Target="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServer" ParentMonitorID="Microsoft.SCEP.Linux.ProtectedServer.Agregate.Monitor" Remotable="true" Priority="Normal" TypeID="SCEPLinuxLibrary!Microsoft.SCEP.Linux.RTPStatus.MonitorType" ConfirmDelivery="true">

  <Category>SecurityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.SCEP.Linux.AMStatus.Monitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Target/Property[Type="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServer"]/ComputerId$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateIda3c1eb15c14c489ba0c7364da3eb885a" MonitorTypeStateID="Enabled" HealthState="Success"/>

    <OperationalState ID="UIGeneratedOpStateId17986c9025454955a27a2056bca90046" MonitorTypeStateID="Disabled" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <Host>$Target/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/NetworkName$</Host>

    <LogFile>/var/log/scep/eventlog_scom.dat</LogFile>

    <RegExpFilter>^event=av,.*$</RegExpFilter>

    <WildcardHealthy>event=av, date=*, status=enabled;</WildcardHealthy>

    <WildcardCritical>event=av, date=*, status=disabled;</WildcardCritical>

  </Configuration>

</UnitMonitor>