此监视器将 Configuration Manager 恶意软件爆发警报转发到 Configuration Manager 控制台。
Configuration Manager 会在检测到特定集合中感染恶意软件的设备的百分比超过目前阈值时生成警报。
更改警报阈值
打开 Configuration Manager 控制台。
导航到集合,并打开其属性。
在“属性”对话框中,单击“警报”选项卡。
修改恶意软件爆发阈值。
Configuration Manager 检测到集合中的多个设备感染了恶意软件。
检查 Endpoint Protection 仪表板以及 Configuration Manager 控制台中的报告,以获取有关设备和已检测到的恶意软件的详细信息。
删除恶意软件。
Target | Microsoft.SystemCenter2012.ConfigurationManager.AlertMalwareOutbreak | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | Custom | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.SystemCenter2012.ConfigurationManager.EPAlertStateMonitor | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default | ||
Comment | SIV:FEP0002 |
<UnitMonitor ID="Microsoft.SystemCenter2012.ConfigurationManager.MalwareOutBreakMonitor" Comment="SIV:FEP0002" Accessibility="Public" Enabled="false" Target="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertMalwareOutbreak" ParentMonitorID="SystemHealth!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.SystemCenter2012.ConfigurationManager.EPAlertStateMonitor" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="Microsoft.SystemCenter2012.ConfigurationManager.MalwareOutBreakMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="UIGeneratedOpStateId8c574989e65a4716ba644c45c1bb6d12" MonitorTypeStateID="Good" HealthState="Success"/>
<OperationalState ID="UIGeneratedOpStateId7f3f32f712d546e3bfab79576eca2eb7" MonitorTypeStateID="Warning" HealthState="Warning"/>
<OperationalState ID="UIGeneratedOpStateId0e55b9e6856542118df8882925d7f35c" MonitorTypeStateID="Error" HealthState="Error"/>
</OperationalStates>
<Configuration>
<TypeId>$Target/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertBaseClass"]/TypeId$</TypeId>
<TypeInstanceId>$Target/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertBaseClass"]/TypeInstanceId$</TypeInstanceId>
<IntervalSeconds>900</IntervalSeconds>
<ProviderLocation>$Target/Host/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.SiteServer"]/ProviderLocation$</ProviderLocation>
<SiteCode>$Target/Host/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.Server"]/SiteCode$</SiteCode>
</Configuration>
</UnitMonitor>