RealtimeEnginesInitialized

RealTimeEnginesIntialized_5_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

This event checks if the engines selected for scanning have been initialized when the realtime scan job is enabled. If not, it will generate an error event.

 
Causes

The cause for the error event could be that the engine subfolder has been deleted.

 
Resolutions
  1. Make sure the HTTP proxy is configured properly
  2. Make sure that there are no network issues
  3. Make sure that the UNC configuration settings are appropriate
 
© 2006 Microsoft Corporation, all rights reserved.

Element properties:

TargetFSMPack2007_FSE.Forefront_Security_for_Exchange_Server___Mailbox__Public_Folder_Installation
CategoryEventCollection
EnabledTrue
Event_ID7011
Event SourceMicrosoft Forefront Security
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
RealtimeEnginesInitialized
Event LogApplication
CommentMom2005ID='{B0572049-8205-404E-976C-04F3BDBA6846}';MOM2005ComputerGroupID={FDF940D4-932E-42EF-9BE3-0613D4273C8D}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="RealTimeEnginesIntialized_5_Rule" Comment="Mom2005ID='{B0572049-8205-404E-976C-04F3BDBA6846}';MOM2005ComputerGroupID={FDF940D4-932E-42EF-9BE3-0613D4273C8D}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___Mailbox__Public_Folder_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>7011</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Microsoft Forefront Security</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="RealTimeEnginesIntialized_5_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters/>
<Suppression/>
<Custom1>Microsoft Forefront Server Security</Custom1>
<Custom2>Forefront Security for Exchange Server</Custom2>
<Custom3>ScanJobFailure</Custom3>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>