Key monitoring scenarios
Applies to: Forefront Protection 2010 for SharePoint
The Microsoft Forefront Server Protection Management Pack for Microsoft System Center Operations Manager 2007 (Operations Manager 2007) proactively monitors the "health" of your Forefront agent-managed systems by looking at events. Events are logged when transitions occur from one state to another. Health is indicated by a color code:
Green (healthy) – everything is functioning properly and performing well. Green events do not trigger alerts. The symbol is a green check mark within a circle.
Yellow (warning) – performance is poor or a problem is impairing non-critical functionality. Yellow events trigger warning alerts. The symbol is a "!" within a yellow triangle.
Red (unhealthy) – critical functionality has been lost. Red events trigger error alerts. The symbol is a white "x" within a red circle.
Problem types
These are the various problem types that the Microsoft Forefront Server Protection Management Pack tracks. For more information about monitored events, see Appendix: Monitors and overrides for management packs.
Engines
These are the monitored engine conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
Antimalware Engines Update Enabled |
The engines selected to be used for the scan jobs are enabled for updating. |
The engines selected to be used for the scan jobs are not all enabled for updating. |
Not applicable. |
Antimalware Engines Update Success Rate |
All engines enabled for updating were successfully updated. |
At least half of the engines enabled for updating were successfully updated. |
Less than half of the engines enabled for updating were successfully updated. |
Antimalware Engines Last Update Time |
All engines enabled for updating were successfully updated within the last five days. |
Some of the engines enabled for updating were not updated within the last five days. |
None of the engines enabled for updating were updated within the last five days. |
SharePoint hook
These are the monitored SharePoint hook conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
SharePoint hook state |
The w3wp service is running and the Forefront VSAPI library is registered. |
Not applicable. |
The agent failed to register or is not enabled. |
Scan Jobs
These are the monitored scan job conditions. There are separate events for realtime and scheduled scans.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
Realtime scan job |
The Realtime scan job is enabled. |
The Realtime scan job is not scanning all files. |
The Realtime scan job is disabled. |
Realtime scan process state |
The scanning processes are running. |
Some processes did not restart after a timeout or exception. |
No scanning processes restarted after a timeout or exception. |
Scan filter engine loaded (for realtime and scheduled scans) |
The engine that handles filtering loaded correctly. |
Not applicable. |
The engine that handles filtering did not load correctly. |
Scheduled or on-demand scan loaded |
The scheduled scan or the on-demand scan loaded correctly. |
Not applicable. |
The scheduled scan or the on-demand scan did not load correctly. |
Scheduled or on-demand scan termination |
The scheduled scan or the on-demand scan executed within the allowed time. |
Not applicable. |
The scheduled scan or the on-demand scan exceeded the allowed time limit. |
Realtime scan engines have been initialized |
The engines selected for the realtime scan have been initialized. |
Not applicable. |
The selected scanning engines were not initialized when the realtime scan was enabled. |
Scheduled scan engines have been initialized |
The engines selected for the scheduled scan have been initialized. |
Not applicable. |
The selected scanning engines were not initialized when the scheduled scan was enabled. |
Services
These are the monitored services conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
FSCController service |
The FSCController service is running. |
Not applicable. |
The FSCController service has stopped. |
Eventing service |
The Eventing service is running. |
Not applicable. |
The Eventing service has stopped. |
FSSPController service |
The FSSPController service is running. |
Not applicable. |
The FSSPController service has stopped. |
License
These are the monitored license conditions.
Monitored Event |
Success (green) |
Warning (yellow) |
Error (red) |
License state |
The Forefront Protection 2010 for SharePoint is licensed. |
The Forefront Protection 2010 for SharePoint license will expire soon. |
The Forefront Protection 2010 for SharePoint license has expired. |