Working with alert resolution states

Applies To: Forefront Client Security

MOM supports alert resolution states, including custom states and automatic resolution of alerts.

Default and custom alert resolution states

By default, MOM includes the following alert resolution states:

• New

• Acknowledged

• Level 1: Assigned to helpdesk or local support

• Level 2: Assigned to subject matter expert

• Level 3: Requires scheduled maintenance

• Level 4: Assigned to external group or vendor

• Resolved

Using the MOM Administrator console, you can configure custom alert resolution states.

Automatic alert resolution

By default, MOM automatically marks alerts as resolved. This occurs at a configurable length of time after the event causing the alert is generated. The length of time varies per alert severity.

Managed computers that are out of contact with the Client Security collection server for several days could have events that would cause an error or warning alert, but because of the default automatic resolution settings, you may never see the alerts in the MOM Operator console or on the Client Security dashboard.

For example, a user takes home an important portable computer that is assigned to alert level 5. At home, the user turns off Client Security, which would raise a "Protection Turned Off" alert if the computer could connect to the Client Security collection server. By the time the portable computer is again on your organization's network, the event generated by turning off protection is older than the automatic resolution setting for the alert and MOM resolves the alert, which prevents it from appearing on the Client Security dashboard or in the MOM Operator console.