Malware Detection Monitor - Microsoft.SystemCenter2012.ConfigurationManager.MalwareDetectionMonitor (UnitMonitor)

Microsoft.SystemCenter2012.ConfigurationManager.MalwareDetectionMonitor (UnitMonitor)

This monitor forwards the Configuration Manager malware detection alert to the Configuration Manager console.

Knowledge Base article:

Summary

Configuration Manager generates an alert when it detects a malware on a single device in a collection.

Causes

Configuration Manager detected a malware on a device.

Resolutions

Check the Endpoint Protection dashboard and reports in the Configuration Manager console for detailed information about the device and the detected malware.
Remove the malware.

Element properties:

Target

Microsoft.SystemCenter2012.ConfigurationManager.AlertMalwareDetection

Parent Monitor

System.Health.ConfigurationState

Category

Custom

Enabled

False

Alert Generate

True

Alert Severity

MatchMonitorHealth

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

Microsoft.SystemCenter2012.ConfigurationManager.EPAlertStateMonitor

Remotable

True

Accessibility

Public

Alert Message

Malware detected on the device

Malware is detected on a device in the collection. Check the Configuration Manager console for details.

RunAs

Default

Comment

SIV:FEP0001

Source Code:

<UnitMonitor ID="Microsoft.SystemCenter2012.ConfigurationManager.MalwareDetectionMonitor" Comment="SIV:FEP0001" Accessibility="Public" Enabled="false" Target="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertMalwareDetection" ParentMonitorID="SystemHealth!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.SystemCenter2012.ConfigurationManager.EPAlertStateMonitor" ConfirmDelivery="true"> <Category>Custom</Category> <AlertSettings AlertMessage="Microsoft.SystemCenter2012.ConfigurationManager.MalwareDetectionMonitor_AlertMessageResourceID"> <AlertOnState>Warning</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>MatchMonitorHealth</AlertSeverity> </AlertSettings> <OperationalStates> <OperationalState ID="UIGeneratedOpStateId0e75f5fe70ce4196ad696a4e8bbb4798" MonitorTypeStateID="Good" HealthState="Success"/> <OperationalState ID="UIGeneratedOpStateId19ee88c616d247beb8f56be5e438632c" MonitorTypeStateID="Warning" HealthState="Warning"/> <OperationalState ID="UIGeneratedOpStateIdb3ee5d749b0d4c1ea7000960c353d983" MonitorTypeStateID="Error" HealthState="Error"/> </OperationalStates> <Configuration> <TypeId>$Target/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertBaseClass"]/TypeId$</TypeId> <TypeInstanceId>$Target/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertBaseClass"]/TypeInstanceId$</TypeInstanceId> <IntervalSeconds>900</IntervalSeconds> <ProviderLocation>$Target/Host/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.SiteServer"]/ProviderLocation$</ProviderLocation> <SiteCode>$Target/Host/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.Server"]/SiteCode$</SiteCode> </Configuration> </UnitMonitor>