About events
Applies To: Forefront Client Security
Client Security records many types of events from several different sources. Using the MOM Operator console, you can view events and their sources; however, three to four days after MOM receives the events, it deletes the event from the collection database. After this occurs, the event is no longer available in the MOM Operator console.
Client Security copies event data to the reporting database. When events are no longer available in the MOM Operator console, you can use reports such as Alerts History to view alerts older than three days, including the associated event data.
Event sources
The following table describes the sources of the events logged by Client Security.
| Source | Description |
|---|---|
FcsSas |
SSA scan event logged by a Client Security agent |
FCSAM |
Malware scan event logged by a Client Security agent |
Microsoft Forefront Client Security |
Client Security Management console event logged by the Client Security management server |