About Rules

  • Article

Applies To: Forefront Endpoint Protection

A rule collects data from various sources and then stores that data in the Operations and Data Warehouse databases. The collected data is then made available for reporting purposes. The FEP Security Management Pack rules not only collect data, they can also generate alerts. The FEP Security Management Pack contains the following rules:

  • Generate Cleaned Malware Alert Rule

  • Generate Repeated Infection Alert Rule

  • Collect Security Events Rule

To locate rule details in the Operations console

  1. Open the Operations console.

  2. Click the Authoring section.

  3. Expand Authoring, expand Management Pack Objects, and then click Rules. There may be multiple management packs imported to Operations Manager. Click the Management Pack column heading to sort the rules by management pack.

  4. Double-click a rule to view. On the General tab, the Rule Name field lists the rule name.

  5. Click the Configuration tab, and then in the Data sources area, click View. The information will vary, depending on the type of rule. The information may be a schedule or an interval. Rules that collect performance data obtain the data from Performance counters. As such, the minimum and maximum values are specific to the counter rather than the rule. To view the parameters that you can configure by using overrides, continue to the next step in this procedure.

  6. In the Properties dialog box for the rule, click the Overrides tab.

  7. In the Override one or more parameters of this rule through overrides section, click Override.

  8. Select For all objects of type. Override Properties displays the parameters and values that you can configure.