Viewing and managing incidents


Applies to: Forefront Protection for Exchange

Topic Last Modified: 2010-05-13

Tracking incidents enables administrators to view and analyze the performance of Forefront Protection 2010 for Exchange Server (FPE) operations. When FPE reports incidents, you are assured that FPE is successfully detecting malware and employing filters.

The incidents database contains records of all malware (for example, viruses and spyware) and filter matches that FPE has detected. You can also optionally track spam (content filter) incidents. The incidents database keeps a record of what was caught by FPE and provides information about how and where the incident occurred.

The incidents database contains all of the information collected by FPE, and you can use this information in order to do the following:

  • Assess FPE performance

  • Consider what configurations may need tweaking

  • Look in-depth at certain trends and user activities

There is no hard limit for the incidents database size. The incidents database includes all incident item metadata as well as all quarantined item metadata (that is, database records representing items that have been quarantined, not the actual quarantined items). Therefore, you must monitor your hard disk drive space because the database can grow to fill the available space. For more information about reducing the size of the incidents database, see "Reducing the size of the incidents database" in Managing incidents.