You can monitor your Microsoft Forefront Protection 2010 for SharePoint (FPSP) environment by viewing statistics and health monitoring reports. In the Forefront Protection 2010 for SharePoint Administrator Console, click Monitoring and under Server Security Views, click Dashboard.
In the Server Security Views - Dashboard pane, you can view the following information:
- The name of the computer running
SharePoint.
- Health monitors. You can monitor the health
of your scan jobs, services, engines, and licensing.
- Summary performance monitors. For each scan
job type, there is a pie chart showing the number of scanned files
that contained malware and the number of scanned files that matched
each filter type (file and keyword). The total number of files
scanned is also listed along with the date and time that the data
was last refreshed.
Monitoring the health of your system
You can monitor the health of FPSP by viewing the health monitors at the top of the Dashboard. There are four types of health monitors:
- Scan Jobs—Monitors the current state
of your scan jobs.
- Services—Monitors the current state of
FPSP services.
- Engines—Monitors the current state of
your scan engines.
- Licensing—Monitors the current state
of your FPSP license.
Viewing health item details
Each of the monitors has an associated Show details link. To see the underlying details, click Show details. This displays summary icons and underlying details.
The summary icons are as follows:
- Healthy—A green circle with a check
mark. This indicates good health and that no action is
required.
- Warning—A yellow triangle with an
exclamation mark. This indicates a less than ideal situation that
likely bears close monitoring.
- Error—A red circle with an "X". This
indicates an error that may require fixing.
- Unknown—A gray shield. This indicates
that FPSP has not yet reached the scheduled health check interval,
is not able to determine the current health, or that the item is
not defined for your system. An event is generated as soon as FPSP
determines the health status.
The underlying details are as follows:
- Health Point—Tells you what is being
monitored, for example Realtime scan SP processes.
- Last Refresh—Tells you the last time
the health point was checked.
- Message—Tells you the current status
of the health point being monitored, including information about
any problems that the monitor encountered.
 Note: |
|---|
| If FPSP either has not yet reached the scheduled health check interval or was not able to determine the current health of the health point, there is no message. A message is generated as soon as FPSP determines the health status. |
About the health points
| Note: |
|---|
| To ensure that you are viewing the most current data, under the Actions section, you can click Refresh |
These are the scan job health points that FPSP monitors:
| Health Point | Meaning |
|---|---|
|
Selected realtime engine initialization |
Monitors whether all engines selected for the realtime scan have been initialized. |
|
Realtime scan SP |
Monitors whether the realtime scan has been enabled. |
|
Realtime scan SP processes |
Monitors whether the realtime scan processes are running normally. |
|
SharePoint service hooked |
Monitors whether the SharePoint service is running and the Forefront VSAPI Library is registered. |
|
Scheduled scan SP processes |
Monitors whether the scheduled scan processes are running normally. |
|
Selected SP scheduled engine initialization |
Monitors whether all engines selected for the scheduled scan have been initialized |
These are the services health points that FPSP monitors:
| Health Point | Meaning |
|---|---|
|
Available disk space |
Monitors the amount of disk space remaining. |
|
Eventing service |
Monitors whether the eventing service is functioning. |
|
E-mail pickup service |
Monitors whether the mail pickup service is functioning. |
|
FPSP controller service |
Monitors the FPSP controller service. |
These are the engines health points that FPSP monitors:
| Health Point | Meaning |
|---|---|
|
All engine updates enabled |
Monitors whether the engines that were selected for updating were successfully updated. |
|
Selected engines updated |
Monitors whether the engines that were selected for scan jobs were also selected for updates. |
|
Selected engines update period |
Monitors whether the engines that were selected for updating were updated recently. |
This is the licensing health point that FPSP monitors:
| Health Point | Meaning |
|---|---|
|
License status |
Monitors whether your license is still valid, is nearing expiration, or has expired. |
Viewing engine summary information
You can monitor engine summary information for FPSP by viewing the Engines health monitor, and then selecting Engine Summary.
In the Engine Summary dialog box, you can view the following information about engine and definition updates:
- Engine—The scan engine, for example
Microsoft Antimalware Engine.
- In Use—Indicates whether the engine is
in use with a scan job.
- Updates Enabled—Indicates whether
updating is enabled (Yes) or disabled (No) for the
engine.
- Engine Version—The version of the
engine.
- Definition Version—The version of the
malware definition files currently in use by the engine. (This data
may not be available for every engine.)
- Last Update—The date and time of the
last successful or failed update of the engine or definition files.
Failed updates appear in red text.
- Last Check—The date and time of the
last check made for a new engine or definition update.
| Note: |
|---|
| You can sort any of the columns alphabetically by clicking the column's heading. For information about changing how the engine and definition files are updated, see Configuring engine and definition updates. |
Customizing the Dashboard view
You can customize which items appear on the Server Security Views – Dashboard pane.
To customize the Dashboard view-
In the Actions section, click Control Gallery.
-
In the Control Gallery dialog box, select which items you want to appear on the Server Security Views – Dashboard pane. A check mark next to the item indicates that it is displayed; no check mark indicates that it is hidden (you can also click the red X box, associated with each item, to remove it from the view).
By default, the Scheduled Scan Summary, On-Demand Scan Summary, Health Monitors, and Realtime Scan Summary are displayed.
-
Click Exit to close the Control Gallery dialog box.
Monitoring performance by viewing statistics
You can monitor the performance of FPSP by viewing the statistics on the Dashboard. If you need the statistics broken down further, you can view detailed malware statistics and detailed filtering statistics.
Viewing detailed malware statistics
To see statistics about files with malware, click Monitoring and under Server Security Views, click Malware Details. In the Server Security Views - Malware Details pane, the details are broken out by scan job type: realtime, on-demand, and scheduled. You can sort any of the columns by clicking its heading. To ensure that you are viewing the most current data, under the Actions section, you can click Refresh.
The following details are given:
- Files detected—The total number of
files that contained malware.
- Files blocked—The total number of
malicious files that were blocked. This data is only for realtime
scans.
- Files cleaned—The total number of
malicious files that were cleaned due to malware detections.
- Files deleted—The total number of
files that were replaced with deletion text due to malware
detections. This data is only for scheduled and on-demand
scans.
- Files skipped (detected only)—The
total number of malicious files that were detected and logged as
containing malware, but with no other action taken.
- Files quarantined—The total number of
malicious files that were quarantined due to malware
detections.
Viewing detailed filtering statistics
To see statistics about files that matched filters, click Monitoring and under Server Security Views, click Filtering Details. In the Server Security Views - Filtering Details pane, the details for file filter matches and keyword filter matches are broken out by scan job type: realtime, on-demand, and scheduled. You can sort any of the columns by clicking its heading. To ensure that you are viewing the most current data, under the Actions section, you can click Refresh.
The following details are given:
- Files detected—The total number of files that matched
filters.
- Files blocked—The total number of files blocked due to
filter matches. This data only applies to realtime scans.
- Files deleted—The total number of files deleted and
replaced with deletion text due to filter matches. This data only
applies to scheduled and on-demand scans.
- Files skipped (detected only)—The total number of files
detected and logged due to filter matches, with no other action
taken.
- Files quarantined—The total number of filtered files
quarantined due to filter matches.
Resetting statistics data
You can reset malware and filtering statistics in order to begin a fresh count.
- In the Server Security Views - Malware
Details pane or in the Server Security Views - Filtering
Details pane, in the Actions section, click the action
to Clear Realtime Scan Statistics, Clear Scheduled Scan
Statistics, or Clear On-Demand Scan Statistics.
Regardless of which pane you are in, this clears the statistics for
both malware and filtering.
Clicking these actions clears all malware and filtering data for the selected scan job. Depending on which Action option you selected, the statistics for the Dashboard and the associated details reports (Malware Details and Filtering Details) are reset to zero.
- To reset all statistics (malware and
filtering) for all scan jobs, in the Server Security Views -
Dashboard pane, in the Actions section, click the action to
Clear All Statistics.