Home
  •  

ScanningStatistics

ScanningStatistics_2_Rule (Rule)

Knowledge Base article:

摘要

此事件會檢查過去一小時內受感染的郵件百分比,以指出組織中是否有病毒爆發。

如果過去一小時內所接收的全部郵件中,有超過 X% 的郵件受到感染,則系統會產生錯誤事件。根據預設 X 為 50。您可於 Statistics.config 檔案中自訂該數值。您可以執行 [設定統計閾值百分比] 工作來設定此閾值百分比。

原因

病毒爆發

缺乏可用的簽章更新

解決方式

Element properties:

TargetFSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation
CategoryEventCollection
EnabledTrue
Event_ID7032
Event SourceStatisticsManager
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
ScanningStatistics
Event LogApplication
CommentMom2005ID='{BB0F8A88-B5C7-477F-B0A5-8B1D2CAEA994}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="ScanningStatistics_2_Rule" Comment="Mom2005ID='{BB0F8A88-B5C7-477F-B0A5-8B1D2CAEA994}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>7032</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>StatisticsManager</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertName/>

      <AlertDescription/>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="ScanningStatistics_2_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters/>

      <Suppression/>

      <Custom1>Microsoft Forefront Server Security</Custom1>

      <Custom2>Forefront Security for Exchange Server</Custom2>

      <Custom3>ScanJobFailure</Custom3>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>