Chapter 6: Using the Incidents Log


Gilt für: Forefront Security for SharePoint

Letzte Änderung des Themas: 2008-02-20

Forefront Security for SharePoint provides a variety of reports designed to help administrators analyze the state and performance statistics of Forefront Security for SharePoint. These include the Incidents Log, a database (Incidents.mdb) that stores a record of all files in which viruses were detected and all files trapped by filters.

For more information about the Incidents Log, refer to “SharePoint Reporting and Statistics” in the Forefront Security for SharePoint User Guide.

In this chapter

Using the Incidents Log

To view the Incidents Log

To sort the Incidents Log

To filter the Incidents Log

To export Incidents Log data to a file

To manage the size of the Incidents Log

This Incidents Log stores the following information for each incident:


Field Description


Date and time of the incident.


Action taken by Forefront Security for SharePoint.


Name of the scan job that reported the incident.


Name of the folder where the file was found.


Name of the virus or file that matched a file filter or content filter.


Type of incidents that occurred: Virus or File Filter. Each is followed by either the name of the virus detected or the name of the filter that triggered the event.

Author’s Name 

Name of the author of the document.

Author E-Mail

E-mail address of the document’s author.

Last Modified By

Name of the last user to modify the document.

Modified User E-Mail

E-mail address of the last user to modify the document.

Forefront Security for SharePoint reports the last four fields as N/A for Realtime Scan Jobs because it does not have access to this information during a real-time scan.

  1. Under REPORT, click Incidents.

  2. Scroll right to see all the data about each incident.

  1. In the Incidents work pane, click a column heading (Time, Name, and so on) to sort data based on that column.

  2. Click Save to have your settings take effect.

A filter only affects what you view on the screen; it does not modify the contents of the database.

  1. In the Incidents work pane, check the Filtering box.

  2. Select a value for Field from the list, and choose the filter criteria to the right.

  3. Click Save to apply each filter.

To remove the filter and restore the full Incidents Log, clear the Filtering box, and then click Save.

You can export Quarantine data to a formatted text file or a delimited text file (for use in a spreadsheet). If you are using a filter on the Incidents Log, Forefront Security for SharePoint exports only the data set you have filtered.

  1. In the Incidents work pane, click Export.

  2. In the Save box, select a destination and either the Formatted Text or Delimited Text format.

  3. Click Save.

The Incidents Log can grow very large, which can affect performance. To manage its size, you can specify a number of days after which Forefront Security for SharePoint will purge all records from the database older than the number of days you have specified. You can set a separate value for each database.

  1. In the Incidents work pane, check the Purge box.

  2. Select how many days you want to keep Incidents Log data.

  3. Click Save for the new setting to take effect.

    When the time comes for Forefront Security for SharePoint to purge the Incidents Log, you will be asked to confirm the deletion.

When Forefront Security for SharePoint clears a very large Incidents Log, the deletion process can take a long time.