Malware Outbreak - Microsoft.SCEP.Linux.ProtectedServersWatcher.MalwareOutbreak.Monitor (DependencyMonitor)

Microsoft.SCEP.Linux.ProtectedServersWatcher.MalwareOutbreak.Monitor (DependencyMonitor)

This monitor detects a malware outbreak.

Knowledge Base article:

Summary

This monitor detects a malware outbreak of both cleaned and active infections when they occur on more than 5% (by default) of the total number of computers.

Configuration

An alert will result when more than 5% of the total number of computers are infected within a 60 minute timeframe. This is configurable by overriding the monitor.

Resolutions

It is recommended that you investigate the root cause of this behavior.

Element properties:

Target

Microsoft.SCEP.Linux.ProtectedServerWatcher

Parent Monitor

System.Health.SecurityState

Algorithm

Percentage

Algorithm Parameter

Source Monitor

Microsoft.SCEP.Linux.MalwareActivity.Outbreak.Monitor

Relationship

Microsoft.SCEP.Linux.ProtectedServersWatcherContainsMalwareActivity

Category

SecurityHealth

Enabled

True

Alert Generate

True

Alert Severity

MatchMonitorHealth

Alert Priority

Normal

Alert Auto Resolve

False

Remotable

True

Accessibility

Public

Alert Message

Malware Outbreak

System Center Endpoint Protection has detected active malware on more than 5\% of your computers.
It is possible that malware is propagating on your computers. In order to help protect clients, it is suggested that all clients should be updated to use the latest definitions.
If you need to change the number of active threats that trigger this alert, override the relevant parameter in this monitor.

Source Code:

<DependencyMonitor ID="Microsoft.SCEP.Linux.ProtectedServersWatcher.MalwareOutbreak.Monitor" Accessibility="Public" Enabled="true" Target="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServerWatcher" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" RelationshipType="SCEPLinuxLibrary!Microsoft.SCEP.Linux.ProtectedServersWatcherContainsMalwareActivity" MemberMonitor="Microsoft.SCEP.Linux.MalwareActivity.Outbreak.Monitor"> <Category>SecurityHealth</Category> <AlertSettings AlertMessage="Microsoft.SCEP.Linux.ProtectedServersWatcher.MalwareOutbreak.Monitor_AlertMessageResourceID"> <AlertOnState>Error</AlertOnState> <AutoResolve>false</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>MatchMonitorHealth</AlertSeverity> </AlertSettings> <Algorithm>Percentage</Algorithm> <AlgorithmParameter>95</AlgorithmParameter> </DependencyMonitor>