Incidents reported

 

Applies to: Forefront Protection for Exchange

The following table lists and describes the various incidents that Microsoft Forefront Protection 2010 for Exchange Server (FPE) reports that are not specifically malware detections or filter matches. You can use settings in the Forefront Protection 2010 for Exchange Server Administrator Console to control the associated actions that are taken.

Note

Unless stated otherwise, the configurable FPE setting that controls each reported incident resides in the Global Settings - Advanced Options pane of the Forefront Protection 2010 for Exchange Server Administrator Console. (Click Policy Management, and then under Global Settings, click Advanced Options.)

Reported incident FPE setting Action

CorruptedCompressedFile

Delete corrupted compressed files

FPE has deleted a corrupted compressed file.

Note that a Container Removed description may be added to this incident.

CorruptedCompressedUuencodedFile

Delete corrupted UUEncoded files

FPE has deleted a corrupted compressed UUEncoded file.

EncryptedCompressedFile

Delete encrypted compressed files

FPE has deleted an encrypted compressed file.

EngineLoopingError

Engine error action

FPE has deleted a file causing a scan engine to be caught in a read/write loop while scanning or attempting to clean a file.

ExceededRealtimeTimeout

Scanning timeout (seconds)

This setting appears on the Antimalware - Mailbox Realtime pane.

FPE has stopped a realtime scanning process because it exceeded the maximum allowable scan time.

ExceededTransportTimeout

Scanning timeout (seconds)

This setting appears on the Antimalware - Hub Transport pane. (If you are using an Edge Transport server, Edge Transport appears instead of Hub Transport.)

FPE has stopped a transport scanning process because it exceeded the maximum allowable scan time.

ExceedinglyCompressedSize

Maximum container file size

FPE has deleted a container file because its compressed size is too small relative to its uncompressed size.

Note that a Container Removed description may be added to this incident.

ExceedinglyInfected

Maximum container file infections

FPE has deleted a container file because it exceeded the maximum number of infections.

ExceedinglyNested

Maximum nested attachments

FPE has deleted a file because it exceeded the maximum nested attachment limit.

FragmentedMessage

Delete partial SMTP messages

A fragmented SMTP message has been deleted.

LargeInfectedContainerFile

Maximum container file size

FPE has deleted a file because it exceeded the maximum container size that it attempts to clean or repair.

LargeUncompressedFileSize

Maximum uncompressed file size

FPE has deleted a container file because it exceeded the maximum file size.

Note that a Container Removed description may be added to this incident.

ScanTimeExceeded

Maximum container scan time (seconds)

This setting is not under Global Settings – Advanced Options but is instead configurable per scan job.

FPE has deleted a container file because it exceeded the maximum scan time.

UnReadableCompressedFile

Delete corrupted compressed files

FPE has deleted a compressed file that it could not read.

UnwritableCompressedFile

Delete corrupted compressed files

FPE has deleted a compressed file to which it cannot write (for example, during a cleaning operation).

See Also

Concepts

Viewing and managing incidents