ScanRealtimeProcessPollE

ScanRealtimeProcessPollE_1_Rule (Rule)

Knowledge Base article:

Element properties:

Member Modules:

Source Code:

<Rule ID="ScanRealtimeProcessPollE_1_Rule" Target="Microsoft.ForeFront.SharePoint.Forefront_Security_for_SharePoint_Installation" Enabled="true" ConfirmDelivery="false" Comment="Mom2005ID='{4FFFF926-A0A2-433F-B2FF-1F99D979DE50}';MOM2005ComputerGroupID={5E34E22D-A892-4026-A670-EB628BE392D5}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_E74DC4FD_18BC_487B_AC25_AC9C85CC03BE_" Comment="{E74DC4FD-18BC-487B-AC25-AC9C85CC03BE}" TypeID="SystemLibrary!System.Scheduler">

      <Scheduler>

        <SimpleReccuringSchedule>

          <Interval Unit="Seconds">600</Interval>

        </SimpleReccuringSchedule>

        <ExcludeDates/>

      </Scheduler>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="ScriptResponse1" TypeID="Forefront_SP_Process_Checker">

      <AlertGeneration>

        <GenerateAlert>false</GenerateAlert>

        <Owner/>

        <Description>

            $Data/EventDescription$

          </Description>

        <AlertLevel>50</AlertLevel>

        <ResolutionState/>

        <Source>

            $Data/PublisherName$

          </Source>

        <Name>ScanRealtimeProcessPollE</Name>

      </AlertGeneration>

      <InvokerType>0</InvokerType>

      <Parameters>

        <Process>FSCRealtimeScanner.exe</Process>

        <TextLog>true</TextLog>

      </Parameters>

    </WriteAction>

  </WriteActions>

</Rule>