Este evento verifica a porcentagem de mensagens infectadas nos últimos 60 minutos para indicar se há um ataque de vírus na organização.
Se mais de X% do total de mensagens recebidas nos últimos 60 minutos estiverem infectados, será gerado um evento de erro. Por padrão, X é igual a 50. Esse valor pode ser personalizado no arquivo Statistics.config. Você pode executar a tarefa “Definir Porcentagem Limite da Estatística” para definir esse limite.
Ataque de vírus
Falta de disponibilidade de atualizações de assinatura
Verifique se os mecanismos estão habilitados para receber atualizações
Verifique se os mecanismos estão sendo atualizados com êxito
Selecione outro conjunto de mecanismos
| Target | FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event_ID | 7032 | ||
| Event Source | StatisticsManager | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Application | ||
| Comment | Mom2005ID='{BB0F8A88-B5C7-477F-B0A5-8B1D2CAEA994}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790} |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| _F6DA1507_12AF_11D3_AB21_00A0C98620CE_ | DataSource | Microsoft.Windows.EventProvider | Default |
| GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
Home
PTB <Rule ID="ScanningStatistics_2_Rule" Comment="Mom2005ID='{BB0F8A88-B5C7-477F-B0A5-8B1D2CAEA994}';MOM2005ComputerGroupID={868E5B4E-34B8-4B10-9055-C4074AF41790}" Enabled="true" Target="FSMPack2007_FSE.Forefront_Security_for_Exchange_Server___All_Servers_Installation" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>7032</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>StatisticsManager</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="HealthLibrary!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="ScanningStatistics_2_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters/>
<Suppression/>
<Custom1>Microsoft Forefront Server Security</Custom1>
<Custom2>Forefront Security for Exchange Server</Custom2>
<Custom3>ScanJobFailure</Custom3>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>