如何监视 Endpoint Protection 状态How to monitor Endpoint Protection status

适用范围: Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

可以使用“监视” 工作区中的“安全性” 下的“Endpoint Protection 状态” 节点,“资产和符合性” 工作区中的“Endpoint Protection” 节点以及使用报表,在 Microsoft Configuration Manager 层次结构中监视 Endpoint Protection。You can monitor Endpoint Protection in your Microsoft Configuration Manager hierarchy by using the Endpoint Protection Status node under Security in the Monitoring workspace, the Endpoint Protection node in the Assets and Compliance workspace, and by using reports.

如何使用“Endpoint Protection 状态”节点监视 Endpoint ProtectionHow to Monitor Endpoint Protection by Using the Endpoint Protection Status Node

  1. 在 Configuration Manager 控制台中,单击“监视” 。In the Configuration Manager console, click Monitoring.

  2. 在“监视” 工作区中,展开“安全性” ,然后单击“Endpoint Protection 状态” 。In the Monitoring workspace, expand Security and then click Endpoint Protection Status.

  3. 集合 列表中,选择想要查看状态信息的集合。In the Collection list, select the collection for which you want to view status information.

    重要

    集合是在以下情况下可供选择:Collections are available for selection in the following cases:

    • 当你在“<集合名称>属性” 对话框的“警报” 选项卡上选择“在 Endpoint Protection 仪表板中查看此集合” 时。When you select View this collection in the Endpoint Protection dashboard on the Alerts tab of the <collection name>Properties dialog box.
      • 当你部署 Endpoint Protection 反恶意软件策略应用到集合。When you deploy an Endpoint Protection antimalware policy to the collection.
      • 如果先启用然后部署 Endpoint Protection 到集合的客户端设置。When you enable and deploy Endpoint Protection client settings to the collection.
  4. 查看中显示的信息 安全状态操作状态 部分。Review the information that is displayed in the Security State and Operational State sections. 您可以单击以创建临时集合中的任何状态链接 设备 中的节点 资产和符合性 工作区。You can click any status link to create a temporary collection in the Devices node in the Assets and Compliance workspace. 此临时集合包含具有所选状态的计算机。The temporary collection contains the computers with the selected status.

    重要

    “Endpoint Protection 状态” 节点中显示的信息基于上次从 Configuration Manager 数据库汇总的数据,可能不是最新的。Information that is displayed in the Endpoint Protection Status node is based on the last data that was summarized from the Configuration Manager database and might not be current. 如果想要检索最新数据,则在“主页” 选项卡上,单击“运行摘要” ,或单击“计划摘要” 以调整摘要间隔。If you want to retrieve the latest data, on the Home tab, click Run Summarization, or click Schedule Summarization to adjust the summarization interval.

如何在“资产和符合性”工作区中监视 Endpoint ProtectionHow to Monitor Endpoint Protection in the Assets and Compliance Workspace

  1. 在 Configuration Manager 控制台中,单击“资产和符合性” 。In the Configuration Manager console, click Assets and Compliance.

  2. 资产和符合性 工作区中,执行以下操作之一:In the Assets and Compliance workspace, perform one of the following actions:

    • 单击 设备Click Devices. 设备 列表,选择一台计算机,然后单击 恶意软件详细信息 选项卡。In the Devices list, select a computer, and then click the Malware Detail tab.

    • 单击 设备集合Click Device Collections. 设备集合 列表中,选择包含您想要监视的计算机的集合,然后在 主页 选项卡上,在 集合 组中,单击 显示成员In the Device Collections list, select the collection that contains the computer you want to monitor and then, on the Home tab, in the Collection group, click Show Members.

  3. 在 <集合名称> 列表中,选择一台计算机,然后单击“恶意软件详细信息” 选项卡。In the <collection name> list, select a computer, and then click the Malware Detail tab.

如何使用报表监视 Endpoint ProtectionHow to Monitor Endpoint Protection by Using Reports

使用以下报表可帮助查看有关层次结构中的 Endpoint Protection 的信息。Use the following reports to help you view information about Endpoint Protection in your hierarchy. 你还可以使用这些报表来帮助针对任何 Endpoint Protection 问题进行故障排除。You can also use these reports to help troubleshoot any Endpoint Protection problems. 有关如何在 Configuration Manager 中配置报表的详细信息,请参阅报表简介日志文件For more information about how to configure reporting in Configuration Manager, see Introduction to reporting and Log files. Endpoint Protection 报表处于 Endpoint Protection 文件夹中。The Endpoint Protection reports are in the Endpoint Protection folder.

报告名称Report name 说明Description
反恶意软件活动报告Antimalware Activity Report 显示指定集合的反恶意软件活动的概述。Displays an overview of antimalware activity for a specified collection.
受感染的计算机Infected Computers 显示在其检测到指定的威胁的计算机的列表。Displays a list of computers on which a specified threat is detected.
通过威胁的前几名用户Top Users By Threats 显示具有最多的检测到的威胁的用户列表。Displays a list of users with the most number of detected threats.
用户威胁列表User Threat List 显示已找到指定的用户帐户的威胁的列表。Displays a list of threats that were found for a specified user account.

恶意软件警报级别Malware Alert Levels

使用下表来标识可能会显示在报表中或显示在 Configuration Manager 控制台中的不同 Endpoint Protection 警报级别。Use the following table to identify the different Endpoint Protection alert levels that might be displayed in reports, or in the Configuration Manager console.

警报级别Alert level 说明Description
已失败Failed Endpoint Protection 未能修正恶意软件。Endpoint Protection failed to remediate the malware. 检查有关错误的详细信息日志。Check your logs for details of the error.

注意: 有关 Configuration Manager 和 Endpoint Protection 日志文件的列表,请参阅日志文件主题中的“Endpoint Protection”部分。Note: For a list of Configuration Manager and Endpoint Protection log files, see the "Endpoint Protection" section in the Log files topic.
已删除Removed Endpoint Protection 已成功删除了恶意软件。Endpoint Protection successfully removed the malware.
已隔离Quarantined Endpoint Protection 已将恶意软件移动到一个安全位置,并已阻止其运行,直到你将其删除或允许其运行。Endpoint Protection moved the malware to a secure location and prevented it from running until you remove it or allow it to run.
已清理Cleaned 恶意软件已清理受感染的文件中。The malware was cleaned from the infected file.
允许Allowed 管理用户选择允许包含要运行的恶意软件的软件。An administrative user selected to allow the software that contains the malware to run.
不执行任何操作No Action Endpoint Protection 对恶意软件不执行任何操作。Endpoint Protection took no action on the malware. 如果重新启动计算机后检测到恶意软件和不能再检测到恶意软件 ; 这可能会发生例如,如果映射的网络驱动器上检测到的恶意软件是不重新连接时在计算机重新启动。This might occur if the computer is restarted after malware is detected and the malware is no longer detected; for instance, if a mapped network drive on which malware is detected is not reconnected when the computer restarts.
已阻止Blocked Endpoint Protection 已阻止恶意软件运行。Endpoint Protection blocked the malware from running. 这可能是如果发现计算机上的进程是包含恶意软件。This might occur if a process on the computer is found to contain malware.