Share via


Keyword substitution macros

 

Applies to: Forefront Protection 2010 for SharePoint

Microsoft Forefront Protection 2010 for SharePoint (FPSP) provides keyword substitution macros that you can use in the deletion text and in the various fields of a notification (Cc, Bcc, Subject, and Message body). These macros obtain and display information from an item in which an infection was found or an item that matched a filter. You can use multiple keyword substitution macros.

Note

When configuring notifications, macros can be used to fill in useful information about the file being processed and the server doing the processing. Since notifications can be sent outside your organization, when enabling or customizing notifications, it is recommended that you do not use any macros that could expose any information you do not want disclosed.

Keyword substitution macros are surrounded by leading and trailing percent signs (%). To display the percent sign itself as part of the deletion text or in a notification field, use consecutive percent signs (%%).

The following are examples of the use of keyword-substitution macros:

  • The subject line of a malware notification could contain the name of the malware. In the Subject field, use the %Malware% keyword substitution macro. For example:

A file is infected with the %Malware% malware.

  • The message body of a notification e-mail to the Virus Administrator could contain keyword substitution macros to inform the recipient of all aspects of an incident. For example:

The %MalwareEngines% scan engines detected the %Malware% malware in a file called %File%, authored by %AuthorName% and last modified by %LastModifiedBy%. The malware was detected by the %ScanJob% scan job, on the %Server% server, and the item was %State%.

Note

In Windows PowerShell, macros are used in the same way. However, the entire text string must be surrounded by quotation marks and each group of one or more macro names must be surrounded by apostrophes. For example:
Set-FsspNotification Administrator Event virus To VirAdmin@contoso.com Subject "Malware found" Body "The '%MalwareEngines%' scan engines detected the '%Malware%' malware in a file called '%File%', authored by '%AuthorName%' and last modified by '%LastModifiedBy%'. The malware was detected by the '%ScanJob%' scan job, on the '%Server%' server, and the item was '%State%'." Enabled $true

The following table contains the FPSP keyword substitution macros.

Macro Description

%AuthorEmail%

The e-mail address of the author of the file. This information is only available with the scheduled and on-demand scan jobs.

%AuthorName%

The name of the author of the file. This information is only available with the scheduled and on-demand scan jobs.

%Company%

The name of your organization, as found in the registry.

%File%

The name of the file in which the virus was detected or that matched a filter.

%Filter%

The name of the filter that detected the item.

%Folder%

The workspace and subfolders where the virus was found.

%LastModifiedBy%

The name of the last user to modify the file. This information is only available with the scheduled and on-demand scan jobs.

%Malware%

The name of the malicious software (malware), as reported by the file scanner.

%ModifiedUserEmail%

The e-mail address of the last user to modify the file. This information is only available with the scheduled and on-demand scan jobs.

%ScanJob%

The name of the scan job that scanned the file or performed the filtering operation.

%Server%

The name of the server that found the infection or performed the filtering operation.

%State%

The disposition of the detected item (Deleted, Cleaned, Removed, or Skipped).

%MalwareEngines%

A list of all the scan engines that detected the malware.

%UserName%

The name of the user who uploaded or downloaded the file. This information is only available with the realtime scan job.

See Also

Concepts

Configuring the realtime scan
Configuring the scheduled scan
Configuring the on-demand scan
Editing deletion text for file filters
Configuring e-mail notifications