ScanRealtimeProcessPollE
ScanRealtimeProcessPollE_1_Rule (Rule)
Knowledge Base article: Element properties: Member Modules:
Source Code: <Rule ID="ScanRealtimeProcessPollE_1_Rule" Target="Microsoft.ForeFront.SharePoint.Forefront_Security_for_SharePoint_Installation" Enabled="true" ConfirmDelivery="false" Comment="Mom2005ID='{4FFFF926-A0A2-433F-B2FF-1F99D979DE50}';MOM2005ComputerGroupID={5E34E22D-A892-4026-A670-EB628BE392D5}">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_E74DC4FD_18BC_487B_AC25_AC9C85CC03BE_" Comment="{E74DC4FD-18BC-487B-AC25-AC9C85CC03BE}" TypeID="SystemLibrary!System.Scheduler">
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit="Seconds">600</Interval>
</SimpleReccuringSchedule>
<ExcludeDates/>
</Scheduler>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="ScriptResponse1" TypeID="Forefront_SP_Process_Checker">
<AlertGeneration>
<GenerateAlert>false</GenerateAlert>
<Owner/>
<Description>
$Data/EventDescription$
</Description>
<AlertLevel>50</AlertLevel>
<ResolutionState/>
<Source>
$Data/PublisherName$
</Source>
<Name>ScanRealtimeProcessPollE</Name>
</AlertGeneration>
<InvokerType>0</InvokerType>
<Parameters>
<Process>FSCRealtimeScanner.exe</Process>
<TextLog>true</TextLog>
</Parameters>
</WriteAction>
</WriteActions>
</Rule>