Security Management Pack Monitors

Article
05/11/2011

Applies To: Forefront Endpoint Protection

Forefront Endpoint Protection 2010 Security Management Pack Monitors

The following table shows the available monitors in the Forefront Endpoint Protection 2010 Security Management Pack. For more information about FEP Security Management Pack monitors, see About Monitors.

Monitor name	Monitor description	Generates alerts	Disabled by default
Real-Time Protection	This monitor tracks the state of antimalware real-time protection.	Yes	No
Windows Firewall	This monitor detects the Windows Firewall state.	Yes	Yes
Antimalware Engine	This monitor tracks the health of the antimalware client and service.	Yes	No
Antimalware Definitions	This monitor detects whether there is a valid definitions file. If the definitions file is missing or corrupt, the monitor will enter a Critical state.	Yes	No
Antimalware Definitions Age	This monitor detects whether the definition file is out of date. If the definition file is older than three days, the monitor will enter a Warning state. If the definition is older than five days, the monitor will enter a Critical state.	Yes	No
Additional Actions Pending	This monitor tracks whether additional actions must be performed after malware has been blocked and removed from a computer.	Yes	No
Vulnerability Protection	This monitor detects computers that have real-time protection turned off and, additionally, have not performed a scan in the past three days.	No	No
Malware Outbreak	This monitor detects a malware outbreak of both cleaned and active infections when they occur on more than 5% (by default) of the total number of computers in a time period of one hour (by default).	Yes	No
Deployment Failure	This monitor tracks Forefront Endpoint Protection client installation failures and detects computers that require a restart in order to complete the installation.	Yes	No
Active Malware	This monitor tracks failed malware cleanup operations.	Yes	No