ScanRealtimeAbortE

ScanRealtimeAbortE_3_Rule (Rule)

Knowledge Base article:

Resumen

Este evento se produce cuando se anula el trabajo de detección en tiempo real.

Causas

La detección ha agotado el tiempo de espera.

Soluciones

Normalmente, la recuperación de la anulación de un trabajo de detección en tiempo real es automática, pero se recomienda comprobar que el sistema funcione correctamente.

Element properties:

TargetFSMPack2007_FSE.Forefront_Security_for_Exchange_Server___Hub_Transport__Mailbox__Public_Folder_Installation
CategoryCustom
EnabledTrue
Event_ID5066
Event SourceFSEVsapi
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
ScanRealtimeAbortE
Event LogApplication
CommentMom2005ID='{5F3C6805-B126-48F3-B8AA-71F6BE1E9995}';MOM2005ComputerGroupID={E5B12036-BF17-41E6-9649-E18D61E71190}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="ScanRealtimeAbortE_3_Rule" Comment="Mom2005ID='{5F3C6805-B126-48F3-B8AA-71F6BE1E9995}';MOM2005ComputerGroupID={E5B12036-BF17-41E6-9649-E18D61E71190}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___Hub_Transport__Mailbox__Public_Folder_Installation" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Custom</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>5066</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>FSEVsapi</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="ScanRealtimeAbortE_3_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters/>
<Suppression/>
<Custom1>Microsoft Forefront Server Security</Custom1>
<Custom2>Forefront Security for Exchange Server</Custom2>
<Custom3>ScanJobFailure</Custom3>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>