Microsoft System Center Advisor Advanced Threat Analytics events
The MP Microsoft System Center Advisor Advanced Threat Analytics events seems to try to collect events from the Microsoft ATA event log on all your servers, but that event log only exists on the ATA center and GW servers. Result is unhealth SCOM management Group and event ID 26005 is logged in the OpsMgr event log saying The Windows Event Log Provider was unable to open the Microsoft ATA event log on computer <computer name> for reading.
As a workaround you can create an override to stop these events.
A future update to the agent will fix this issue.
Martin Ehrnst commented
any News on when this will be fixed?