Configuring "Re-Infected Computer" alert parameters

Applies To: Forefront Client Security

The single parameter you can configure for detecting re-infection is how many occurrences of the same malware trigger an alert. The default is three infections by the same malware within three days. It is recommended that you use the default parameter value; however, consider changing the default parameter when you want to permit more re-infections on a computer before an alert is issued.

Using the MOM Administrator console, you can configure the parameter.

To change the "Re-Infected Computer" alert threshold

  1. On the collection server, open the MOM Administrator console, expand the Microsoft Operations Manager tree, click Management Packs, click Rule Groups, click Microsoft Forefront Client Security, click Host Alerts, click Alert Level X, and then click Event Rules.

  2. Double-click Re-infected Computer Parameters - Alert Level X.

  3. Click the Responses tab, and then under Response, double-click the entry.

  4. Under Script parameters, double-click Event Count Threshold.

  5. In the Value box, type the number of infection occurrences that should trigger a re-infection alert (if the infections occur within three days).

  6. Click OK three times, and then right-click the Management Packs node and select Commit Configuration Change. MOM implements the changes you made.