此監視器會偵測任何惡意軟體的活動,包含已清除和作用中的惡意軟體。
當單一電腦上發生感染時,此監視器會針對已清除與作用中的感染偵測惡意軟體爆發。
在 60 分鐘的時間範圍內,單一電腦上若發生任何惡意軟體的偵測,系統將會產生警告。您可藉由覆寫監視器進行配置。
建議您調查此行為的根本原因。
Target | Microsoft.SCEP.Linux.MalwareActivity |
Parent Monitor | Microsoft.SCEP.Linux.MalwareOutbreak.Aggregate.Monitor |
Category | SecurityHealth |
Enabled | True |
Alert Generate | False |
Alert Auto Resolve | True |
Monitor Type | Microsoft.SCEP.Linux.MalwareOutbreak.MonitorType |
Remotable | True |
Accessibility | Public |
RunAs | Default |
<UnitMonitor ID="Microsoft.SCEP.Linux.MalwareActivity.Outbreak.Monitor" Accessibility="Public" Enabled="true" Target="SCEPLinuxLibrary!Microsoft.SCEP.Linux.MalwareActivity" ParentMonitorID="Microsoft.SCEP.Linux.MalwareOutbreak.Aggregate.Monitor" Remotable="true" Priority="Normal" TypeID="SCEPLinuxLibrary!Microsoft.SCEP.Linux.MalwareOutbreak.MonitorType" ConfirmDelivery="true">
<Category>SecurityHealth</Category>
<OperationalStates>
<OperationalState ID="UIGeneratedOpStateIdd601ceed50dd4e0988ee1f7252e61402" MonitorTypeStateID="MalwareActivityDetected" HealthState="Error"/>
<OperationalState ID="UIGeneratedOpStateId0d9765e99c8c4194b1269c3c68069dde" MonitorTypeStateID="TimerReset" HealthState="Success"/>
</OperationalStates>
<Configuration>
<TimerWaitInSeconds>3600</TimerWaitInSeconds>
<Host>$Target/Host/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/NetworkName$</Host>
<LogFile>/var/log/scep/eventlog_scom.dat</LogFile>
<RegExpFilter>^event=malware, .*status=(clean|infected).*$</RegExpFilter>
</Configuration>
</UnitMonitor>