About alerts

Published: December 16, 2009

Applies To: Forefront Client Security

Using the MOM alert feature, Client Security issues many types of alerts. You can view Client Security alerts in several ways, as described in Viewing alerts.

Each alert notifies you of a threat or other issue and contains information about the threat or issue, often with links to additional information, such as relevant Client Security reports and entries in the Microsoft Malicious Software Encyclopedia.

Alert levels

Alert levels indicate the sensitivity of alerting. At higher alert levels, you can receive alerts for less critical issues.

Client Security uses the following alert levels (from highest to lowest severity):

  • Alert level 5—This level results in the highest number of alerts. Alerts at this level pertain to executive and management computers, critical data servers and assets, and critical operations servers that require high availability or contain crucial data.

  • Alert level 4—This level results in a high number of alerts. Alerts at this level pertain to high-priority operational servers, data servers, or important computers.

  • Alert level 3—This level is the default setting and results in a moderate number of alerts. Alerts at this level pertain to high-priority computers.

  • Alert level 2—This level results in a low number of alerts. Alerts at this level pertain to typical user computers.

  • Alert level 1—This level results in the lowest number of alerts. Only global outbreaks and flooding detection cause an alert at this level. Alerts at this level pertain to computers that contain less critical data. For example, you might set this level for a policy covering a set of computers that is very large, that is not critical, or that gets infected often without requiring immediate response.

"Malware Outbreak" alerts have a unique alert level, called a global alert. A global outbreak alert is caused by malware alerts, regardless of the alert level of the policies protecting the affected computers. For more information about "Malware Outbreak" alerts, see Managing "Malware Outbreak" alerts.

Unissued alerts

To reduce the number of alerts, Client Security does not issue alerts for certain combinations of alert types and levels. For example, if Client Security detects malware and responds successfully and the affected computer is at alert level 2, Client Security does not issue a "Computer Infected - Successful Response" alert. However, if the computer is at alert level 5, an alert would be issued.

The following table describes whether Client Security issues alerts for the listed alert types and levels.

 

Alert Level 5 Level 4 Level 3 Level 2 Level 1 Global

Computer Infected - Failed Response

Yes

Yes

Yes

No

No

Not applicable

Computer Infected - Successful Response

Yes

Yes

No

No

No

Not applicable

Malware On Network - Failed Response

Yes

Yes

Yes

Yes

No

Not applicable

Malware On Network - Successful Response

Yes

Yes

Yes

No

No

Not applicable

Protection Turned Off

Yes

No

No

No

No

Not applicable

Re-Infected Computer

Yes

Yes

Yes

Yes

No

Not applicable

Scanning Failed

Yes

Yes

Yes

No

No

Not applicable

Security State Assessment Failed

Yes

Yes

Yes

No

No

Not applicable

Service Update Failed

Yes

Yes

Yes

No

No

Not applicable

Definition Update Failed

Yes

Yes

Yes

No

No

Not applicable

Very Infected Computer

Yes

Yes

Yes

Yes

No

Not applicable

Malware Outbreak - RTP

Yes

Yes

Yes

Yes

Yes

Yes

Malware Outbreak - Scan

Yes

Yes

Yes

Yes

Yes

Yes

Flooding Machine Detected

Yes

Yes

Yes

Yes

Yes

Not applicable

Show: