This monitor detects a malware outbreak.
This monitor detects a malware outbreak of both cleaned and active infections when they occur on more than 5% (by default) of the total number of computers.
An alert will result when more than 5% of the total number of computers are infected within a 60 minute timeframe. This is configurable by overriding the monitor.
It is recommended that you investigate the root cause of this behavior.
Target | Microsoft.SCEP.Linux.ProtectedServerWatcher | ||
Parent Monitor | System.Health.SecurityState | ||
Algorithm | Percentage | ||
Algorithm Parameter | 95 | ||
Source Monitor | Microsoft.SCEP.Linux.MalwareActivity.Outbreak.Monitor | ||
Relationship | Microsoft.SCEP.Linux.ProtectedServersWatcherContainsMalwareActivity | ||
Category | SecurityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | False | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
|
<DependencyMonitor ID="Microsoft.SCEP.Linux.ProtectedServersWatcher.MalwareOutbreak.Monitor" Accessibility="Public" Enabled="true" Target="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServerWatcher" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" RelationshipType="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServersWatcherContainsMalwareActivity" MemberMonitor="Microsoft.SCEP.Linux.MalwareActivity.Outbreak.Monitor">
<Category>SecurityHealth</Category>
<AlertSettings AlertMessage="Microsoft.SCEP.Linux.ProtectedServersWatcher.MalwareOutbreak.Monitor_AlertMessageResourceID">
<AlertOnState>Error</AlertOnState>
<AutoResolve>false</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
</AlertSettings>
<Algorithm>Percentage</Algorithm>
<AlgorithmParameter>95</AlgorithmParameter>
</DependencyMonitor>