About alerts
Applies To: Forefront Client Security
Using the MOM alert feature, Client Security issues many types of alerts. You can view Client Security alerts in several ways, as described in Viewing alerts.
Each alert notifies you of a threat or other issue and contains information about the threat or issue, often with links to additional information, such as relevant Client Security reports and entries in the Microsoft Malicious Software Encyclopedia.
Alert levels
Alert levels indicate the sensitivity of alerting. At higher alert levels, you can receive alerts for less critical issues.
Client Security uses the following alert levels (from highest to lowest severity):
Alert level 5—This level results in the highest number of alerts. Alerts at this level pertain to executive and management computers, critical data servers and assets, and critical operations servers that require high availability or contain crucial data.
Alert level 4—This level results in a high number of alerts. Alerts at this level pertain to high-priority operational servers, data servers, or important computers.
Alert level 3—This level is the default setting and results in a moderate number of alerts. Alerts at this level pertain to high-priority computers.
Alert level 2—This level results in a low number of alerts. Alerts at this level pertain to typical user computers.
Alert level 1—This level results in the lowest number of alerts. Only global outbreaks and flooding detection cause an alert at this level. Alerts at this level pertain to computers that contain less critical data. For example, you might set this level for a policy covering a set of computers that is very large, that is not critical, or that gets infected often without requiring immediate response.
"Malware Outbreak" alerts have a unique alert level, called a global alert. A global outbreak alert is caused by malware alerts, regardless of the alert level of the policies protecting the affected computers. For more information about "Malware Outbreak" alerts, see Managing "Malware Outbreak" alerts.
Unissued alerts
To reduce the number of alerts, Client Security does not issue alerts for certain combinations of alert types and levels. For example, if Client Security detects malware and responds successfully and the affected computer is at alert level 2, Client Security does not issue a "Computer Infected - Successful Response" alert. However, if the computer is at alert level 5, an alert would be issued.
The following table describes whether Client Security issues alerts for the listed alert types and levels.
Alert | Level 5 | Level 4 | Level 3 | Level 2 | Level 1 | Global |
---|---|---|---|---|---|---|
Computer Infected - Failed Response |
Yes |
Yes |
Yes |
No |
No |
Not applicable |
Computer Infected - Successful Response |
Yes |
Yes |
No |
No |
No |
Not applicable |
Malware On Network - Failed Response |
Yes |
Yes |
Yes |
Yes |
No |
Not applicable |
Malware On Network - Successful Response |
Yes |
Yes |
Yes |
No |
No |
Not applicable |
Protection Turned Off |
Yes |
No |
No |
No |
No |
Not applicable |
Re-Infected Computer |
Yes |
Yes |
Yes |
Yes |
No |
Not applicable |
Scanning Failed |
Yes |
Yes |
Yes |
No |
No |
Not applicable |
Security State Assessment Failed |
Yes |
Yes |
Yes |
No |
No |
Not applicable |
Service Update Failed |
Yes |
Yes |
Yes |
No |
No |
Not applicable |
Definition Update Failed |
Yes |
Yes |
Yes |
No |
No |
Not applicable |
Very Infected Computer |
Yes |
Yes |
Yes |
Yes |
No |
Not applicable |
Malware Outbreak - RTP |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Malware Outbreak - Scan |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Flooding Machine Detected |
Yes |
Yes |
Yes |
Yes |
Yes |
Not applicable |