ScanRealtimeEngineMapE

ScanRealtimeEngineMapE_5_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

The Realtime Scan Job Process has generated an error while attempting to load the Forefront Server Security filter engine.

 
Causes

Damaged or inaccessible Forefront Server Security filter engine.

 
Resolutions

Reinstall Forefront Server Security.

 
© 2006 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.ForeFront.Exchange.Forefront_Security_for_Exchange_Server___Mailbox__Public_Folder_Installation
CategoryEventCollection
EnabledTrue
Event_ID5030
Event SourceFSCRealtimeScanner
Alert GenerateTrue
Alert SeverityError
Alert PriorityLow
RemotableTrue
Alert Message
ScanRealtimeEngineMapE

$Data/EventDescription$
Event LogApplication
CommentMom2005ID='{CF3226BE-E6BA-4CFA-A7A4-D2616CAC0B19}';MOM2005ComputerGroupID={FDF940D4-932E-42EF-9BE3-0613D4273C8D}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="ScanRealtimeEngineMapE_5_Rule" Target="Microsoft.ForeFront.Exchange.Forefront_Security_for_Exchange_Server___Mailbox__Public_Folder_Installation" Enabled="true" ConfirmDelivery="true" Comment="Mom2005ID='{CF3226BE-E6BA-4CFA-A7A4-D2616CAC0B19}';MOM2005ComputerGroupID={FDF940D4-932E-42EF-9BE3-0613D4273C8D}">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>5030</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>FSCRealtimeScanner</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">
<AlertGeneration>
<GenerateAlert>true</GenerateAlert>
<Owner/>
<Description>
$Data/EventDescription$
</Description>
<AlertLevel>50</AlertLevel>
<ResolutionState/>
<Source>
$Data/PublisherName$
</Source>
<Name>ScanRealtimeEngineMapE</Name>
<CustomFields>
<CustomField>Microsoft Forefront Server Security</CustomField>
<CustomField>Forefront Security For Exchange Server</CustomField>
<CustomField>ScanJobFailure</CustomField>
<CustomField/>
<CustomField/>
</CustomFields>
</AlertGeneration>
<InvokerType>0</InvokerType>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>