You can monitor your Microsoft Forefront Protection 2010 for SharePoint (FPSP) environment by viewing statistics and health monitoring reports. In the Forefront Protection 2010 for SharePoint Administrator Console, click Monitoring and under Server Security Views, click Dashboard.

In the Server Security Views - Dashboard pane, you can view the following information:

Monitoring the health of your system

You can monitor the health of FPSP by viewing the health monitors at the top of the Dashboard. There are four types of health monitors:

  • Scan Jobs—Monitors the current state of your scan jobs.

  • Services—Monitors the current state of FPSP services.

  • Engines—Monitors the current state of your scan engines.

  • Licensing—Monitors the current state of your FPSP license.

Viewing health item details

Each of the monitors has an associated Show details link. To see the underlying details, click Show details. This displays summary icons and underlying details.

The summary icons are as follows:

  • Healthy—A green circle with a check mark. This indicates good health and that no action is required.

  • Warning—A yellow triangle with an exclamation mark. This indicates a less than ideal situation that likely bears close monitoring.

  • Error—A red circle with an "X". This indicates an error that may require fixing.

  • Unknown—A gray shield. This indicates that FPSP has not yet reached the scheduled health check interval, is not able to determine the current health, or that the item is not defined for your system. An event is generated as soon as FPSP determines the health status.

The underlying details are as follows:

  • Health Point—Tells you what is being monitored, for example Realtime scan SP processes.

  • Last Refresh—Tells you the last time the health point was checked.

  • Message—Tells you the current status of the health point being monitored, including information about any problems that the monitor encountered.

Note:
If FPSP either has not yet reached the scheduled health check interval or was not able to determine the current health of the health point, there is no message. A message is generated as soon as FPSP determines the health status.

About the health points

Note:
To ensure that you are viewing the most current data, under the Actions section, you can click Refresh

These are the scan job health points that FPSP monitors:

Health Point Meaning

Selected realtime engine initialization

Monitors whether all engines selected for the realtime scan have been initialized.

Realtime scan SP

Monitors whether the realtime scan has been enabled.

Realtime scan SP processes

Monitors whether the realtime scan processes are running normally.

SharePoint service hooked

Monitors whether the SharePoint service is running and the Forefront VSAPI Library is registered.

Scheduled scan SP processes

Monitors whether the scheduled scan processes are running normally.

Selected SP scheduled engine initialization

Monitors whether all engines selected for the scheduled scan have been initialized

These are the services health points that FPSP monitors:

Health Point Meaning

Available disk space

Monitors the amount of disk space remaining.

Eventing service

Monitors whether the eventing service is functioning.

E-mail pickup service

Monitors whether the mail pickup service is functioning.

FPSP controller service

Monitors the FPSP controller service.

These are the engines health points that FPSP monitors:

Health Point Meaning

All engine updates enabled

Monitors whether the engines that were selected for updating were successfully updated.

Selected engines updated

Monitors whether the engines that were selected for scan jobs were also selected for updates.

Selected engines update period

Monitors whether the engines that were selected for updating were updated recently.

This is the licensing health point that FPSP monitors:

Health Point Meaning

License status

Monitors whether your license is still valid, is nearing expiration, or has expired.

Viewing engine summary information

You can monitor engine summary information for FPSP by viewing the Engines health monitor, and then selecting Engine Summary.

In the Engine Summary dialog box, you can view the following information about engine and definition updates:

  • Engine—The scan engine, for example Microsoft Antimalware Engine.

  • In Use—Indicates whether the engine is in use with a scan job.

  • Updates Enabled—Indicates whether updating is enabled (Yes) or disabled (No) for the engine.

  • Engine Version—The version of the engine.

  • Definition Version—The version of the malware definition files currently in use by the engine. (This data may not be available for every engine.)

  • Last Update—The date and time of the last successful or failed update of the engine or definition files. Failed updates appear in red text.

  • Last Check—The date and time of the last check made for a new engine or definition update.

Note:
You can sort any of the columns alphabetically by clicking the column's heading. For information about changing how the engine and definition files are updated, see Configuring engine and definition updates.

Customizing the Dashboard view

You can customize which items appear on the Server Security Views – Dashboard pane.

To customize the Dashboard view
  1. In the Actions section, click Control Gallery.

  2. In the Control Gallery dialog box, select which items you want to appear on the Server Security Views – Dashboard pane. A check mark next to the item indicates that it is displayed; no check mark indicates that it is hidden (you can also click the red X box, associated with each item, to remove it from the view).

    By default, the Scheduled Scan Summary, On-Demand Scan Summary, Health Monitors, and Realtime Scan Summary are displayed.

  3. Click Exit to close the Control Gallery dialog box.

Monitoring performance by viewing statistics

You can monitor the performance of FPSP by viewing the statistics on the Dashboard. If you need the statistics broken down further, you can view detailed malware statistics and detailed filtering statistics.

Viewing detailed malware statistics

To see statistics about files with malware, click Monitoring and under Server Security Views, click Malware Details. In the Server Security Views - Malware Details pane, the details are broken out by scan job type: realtime, on-demand, and scheduled. You can sort any of the columns by clicking its heading. To ensure that you are viewing the most current data, under the Actions section, you can click Refresh.

The following details are given:

  • Files detected—The total number of files that contained malware.

  • Files blocked—The total number of malicious files that were blocked. This data is only for realtime scans.

  • Files cleaned—The total number of malicious files that were cleaned due to malware detections.

  • Files deleted—The total number of files that were replaced with deletion text due to malware detections. This data is only for scheduled and on-demand scans.

  • Files skipped (detected only)—The total number of malicious files that were detected and logged as containing malware, but with no other action taken.

  • Files quarantined—The total number of malicious files that were quarantined due to malware detections.

Viewing detailed filtering statistics

To see statistics about files that matched filters, click Monitoring and under Server Security Views, click Filtering Details. In the Server Security Views - Filtering Details pane, the details for file filter matches and keyword filter matches are broken out by scan job type: realtime, on-demand, and scheduled. You can sort any of the columns by clicking its heading. To ensure that you are viewing the most current data, under the Actions section, you can click Refresh.

The following details are given:

  • Files detected—The total number of files that matched filters.

  • Files blocked—The total number of files blocked due to filter matches. This data only applies to realtime scans.

  • Files deleted—The total number of files deleted and replaced with deletion text due to filter matches. This data only applies to scheduled and on-demand scans.

  • Files skipped (detected only)—The total number of files detected and logged due to filter matches, with no other action taken.

  • Files quarantined—The total number of filtered files quarantined due to filter matches.

Resetting statistics data

You can reset malware and filtering statistics in order to begin a fresh count.

  • In the Server Security Views - Malware Details pane or in the Server Security Views - Filtering Details pane, in the Actions section, click the action to Clear Realtime Scan Statistics, Clear Scheduled Scan Statistics, or Clear On-Demand Scan Statistics. Regardless of which pane you are in, this clears the statistics for both malware and filtering.

    Clicking these actions clears all malware and filtering data for the selected scan job. Depending on which Action option you selected, the statistics for the Dashboard and the associated details reports (Malware Details and Filtering Details) are reset to zero.

  • To reset all statistics (malware and filtering) for all scan jobs, in the Server Security Views - Dashboard pane, in the Actions section, click the action to Clear All Statistics.