Viewing alerts

Applies To: Forefront Client Security

You can access information about alerts in several ways:

• From the MOM Operator console

• From the reporting server Web console

• From the Client Security console

It is recommended that you review active alerts in the MOM Operator console, in which more information about resolving alerts is available.

Many alerts include links to Client Security reports that are relevant to the threat or issue addressed by the alert. Links in alerts are to current reports, based on data in the collection database, which contains data for the past three days. If you click a link in an alert that is older than three days, there may be no data available in the report. To access the data, view the corresponding historical report. For example, if the Computer Detail report does not present the data to which the alert refers, use the Computer Detail History report.

Viewing alerts in the MOM Operator console

To view alerts in the MOM Operator console

1. On the Client Security management server or collection server, open the MOM Operator console. By default, the view selected is Alerts.

   Note

   From the Client Security console, you can click alert notifications to open the Client Security alert view in the MOM Operator console.

2. Under Alert Views, expand the All: Alert Views tree, expand Microsoft Forefront Client Security, and then click Alerts. This alert view shows Client Security–specific alerts only.

3. In the upper half of the details pane, select the alert you want to view.

4. In the lower half of the details pane, click the Properties tab and read about the alert. Use any URL on the Properties tab to learn more.

   To read general information about how to resolve this type of alert, click the Product Knowledge tab and read the information presented there.

   To view the events that triggered the alert, click the Events tab. If the alert is more than three days old, the events are not available because MOM has removed them from the collection database. However, they are still available in the reporting database. You can use the Alerts History report to view alerts older than three days, including the associated events.

Accessing alerts from the Client Security console

To access alerts from the Client Security console

1. On the Client Security management server, open the Client Security console.

2. Access alert information in one of the following ways:

   • In the Notifications section, notifications about alerts appear. You can click an alert notification to open the MOM Operator console and view alerts.

   • In the charts, under Computers Per Issue, the Alerts detected value represents how many active alerts there are. You can click the link to access the Computer Having Alert Issues report.

   • In the Summary Reports section, you can click the Alerts Summary link to view the Alerts Summary report.

Using reports about alerts

To use reports about alerts

1. Access Client Security reports. For assistance with viewing reports, see Viewing and printing reports.

2. Use the following reports:

   • Alert Detail and Alert Detail History reports—These reports show current and historical alerts, and list the computers for which Client Security raised the alerts.

   • Alerts Summary and Alerts History reports—These reports show current and historical trends in alerts, and group alerts by severity or policy.

   In both reports, you can expand the groupings and access Alert Detail History reports to view details about individual alerts.