Home
  •  

多恶意软件检测监视器

Microsoft.SystemCenter2012.ConfigurationManager.MultipleMalwareDetectionMonitor (UnitMonitor)

此监视器将 Configuration Manager 多恶意软件检测警报转发到 Configuration Manager 控制台。

Knowledge Base article:

摘要

Configuration Manager 在检测到指定时间间隔内在设备上找到的恶意软件类型的数量超过多恶意软件检测阈值时会生成警报。

更改警报阈值

原因

解决方法

Element properties:

TargetMicrosoft.SystemCenter2012.ConfigurationManager.AlertMultipleMalwareDetection
Parent MonitorSystem.Health.ConfigurationState
CategoryCustom
EnabledFalse
Alert GenerateTrue
Alert SeverityMatchMonitorHealth
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.SystemCenter2012.ConfigurationManager.EPAlertStateMonitor
RemotableTrue
AccessibilityPublic
Alert Message
在设备上检测到多恶意软件感染
集合中设备上检测到的恶意软件类型的数目超过了多恶意软件阈值。 请检查 Configuration Manager 控制台以获取详细信息。
RunAsDefault
CommentSIV:FEP0004

Source Code:

<UnitMonitor ID="Microsoft.SystemCenter2012.ConfigurationManager.MultipleMalwareDetectionMonitor" Comment="SIV:FEP0004" Accessibility="Public" Enabled="false" Target="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertMultipleMalwareDetection" ParentMonitorID="SystemHealth!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.SystemCenter2012.ConfigurationManager.EPAlertStateMonitor" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.SystemCenter2012.ConfigurationManager.MultipleMalwareDetectionMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>MatchMonitorHealth</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateIdb367706842774d63a99f698b110d3177" MonitorTypeStateID="Good" HealthState="Success"/>

    <OperationalState ID="UIGeneratedOpStateId1b4789d8240b4645aac7bc231b46353f" MonitorTypeStateID="Warning" HealthState="Warning"/>

    <OperationalState ID="UIGeneratedOpStateIdcad04264ebff4364a286fb2212e571da" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <TypeId>$Target/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertBaseClass"]/TypeId$</TypeId>

    <TypeInstanceId>$Target/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.AlertBaseClass"]/TypeInstanceId$</TypeInstanceId>

    <IntervalSeconds>900</IntervalSeconds>

    <ProviderLocation>$Target/Host/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.SiteServer"]/ProviderLocation$</ProviderLocation>

    <SiteCode>$Target/Host/Property[Type="SCCM!Microsoft.SystemCenter2012.ConfigurationManager.Server"]/SiteCode$</SiteCode>

  </Configuration>

</UnitMonitor>