Kaseya Community

MsMpSvc

This question is answered

Hi,

New to Kaseya (day 3) and am beginning to get the hang of the layout & features. However, I do have one internal system which keeps alerting with this message:

SNMP Device: N/A

Monitor Set: AV - Microsoft SE-FEP Services {Severity3}

Type: Service

Log Object Name: MsMpSvc

Agent Alarm Time: 8:42:17 am 21-Feb-18

Event Time: 4:42:17 pm 21-Feb-18 UTC

Log Value: Service Does Not Exist

Alarm Operator: N/A

Alarm Threshold: N/A

Alarm Duration: N/A

Ticket ID: no ticket assigned

The service seems to be related to Microsoft Essentials, which is not installed. How do I turn this off?

Verified Answer
  • The monitor set assigned has a service in it that doesn't exist on the machine.  You need to tick the box in the monitor set to "Enable Matching".  Then it should not alarm on a service that isn't present.

All Replies
  • hi

    Check the following path in your VSA to confirm if the Monitor set has been applied to the machine, Monitor Module > Agent Monitoring > Assign Monitoring > select the machine > click on Clear button. Removing this will cause to no longer look for those alerts. If the issue continues, create a support ticket via helpdesk.kaseya.com so support can take a look at your VSA.

  • The monitor set assigned has a service in it that doesn't exist on the machine.  You need to tick the box in the monitor set to "Enable Matching".  Then it should not alarm on a service that isn't present.

  • So, I did what you suggested and nothing appeared to happen. Since I wanted to remove the alert from all endpoints I selected them all and clicked on "Clear All." Now, no matter what view I use it shows no Monitor Set for any endpoint. Did I just remove all monitoring alerts from all machines? If so, how do I fix it?

  • save image

    I assume you're speaking of here. Unfortunately, I don't see anything that says "Enable Matching," nor am I able to tick the box next to the monitor. This is also true of all other monitors. I must be missing something, or I fubar'd something (see above).

  • Yes you did clear all of them.  

    If you have a policy set that was setting the monitors, you can go into policy management and try "Clearing overrides" or "Reprocess policies"  to get them back.  

  • Spending a lot of time in Kaseya University reading & watching outdated videos. It's helping, but it's a slow process while I continue to do other work. I do appreciate the help.

    So, I was able to get the original monitors back, which then filled my mailbox with alerts from all endpoints for this issue. That was fun. I went to the monitor sets as you suggested, but have been unable to make any changes to them. I can see it under Security, but don't see any way to modify it. Must be the master set. Do I need to build a complete monitor set under myMonitorSets, or start from scratch?

    This is the only place where I can make any changes, at all I can do is either rename it or delete it. Don't want to do that as it appears to be a master set. Back to the University tomorrow.

    save image

  • I posted a reply, but apparently it needs moderator approval and hasn't shown up yet. Did I violate something?

  • A little more time in the University helped me understand the trigger. Thanks, Jo, for getting me on track!