Settings Reference
The following tables list the settings that are available in the API with a description. Setting names are prefixed with platform or the name of the associated protection module. Suffixes can indicate the nature of the setting. For example, the Enabled suffix indicates a Boolean value.
For information about how to configure settings see the following sections:
- [Configure policy and default policy settings](../create-and-configure-policies/#settings)
- [Configure Computers to Override Policies](../configure-computers-to-override-policies)
- [Configure Deep Security Manager System Settings](../configure-deep-security-manager-system-settings)
Default policy, policy, and computer settings
The following table lists the settings that are included in default policy settings, policy settings, and computer settings. Note that these settings are included only in
DefaultPolicySettings:
- activityMonitoringSettingState
- antiMalwareSettingState
- applicationControlSettingState
- firewallSettingState
- integrityMonitoringSettingState
- intrusionPreventionSettingState
- logInspectionSettingState
- sapSettingState
- webReputationSettingState
| Setting | Description |
|---|---|
| Activity Monitoring Settings | |
| activityMonitoringSettingActivityEnabled | Sensor Activity Enabled |
| activityMonitoringSettingIndicatorEnabled | Sensor Indicator Enabled |
| activityMonitoringSettingState (Default policy settings only) | Activity Monitoring State |
| activityMonitoringSettingSyslogConfigId | Activity Monitoring Configuration |
| Anti-Malware Settings | |
| antiMalwareSettingBehaviorMonitoringScanExclusionList | Scan Exclusions for Suspicious Activity/Unauthorized Change |
| antiMalwareSettingCombinedModeProtectionSource | Anti-Malware |
| antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled | Submit files identified as suspicious by Document Exploit Protection scanning to Deep Discovery Analyzer |
| antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled | Use Apex Central's Suspicious Object List |
| antiMalwareSettingDocumentExploitProtectionRuleExceptions | Allowed Advanced Threat Detection Rules |
| antiMalwareSettingFileHashEnabled | Calculate Hash values of all anti-malware events (at least SHA1 by default) |
| antiMalwareSettingFileHashMd5Enabled | MD5 |
| antiMalwareSettingFileHashSha256Enabled | SHA256 |
| antiMalwareSettingFileHashSizeMaxMbytes | Skip hash values calculation if file size is large than (64MB~512MB) |
| antiMalwareSettingIdentifiedFilesSpaceMaxMbytes | Maximum disk space used to store identified files |
| antiMalwareSettingMalwareScanMultithreadedProcessingEnabled | Use multithreaded processing for Malware scans (if available) |
| antiMalwareSettingNsxSecurityTaggingEnabled | Anti-Malware NSX Security Tagging State |
| antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled | Anti-Malware NSX Only Tag on Failure to Remediate |
| antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled | Anti-Malware NSX Remove Tag |
| antiMalwareSettingNsxSecurityTaggingValue | Anti-Malware NSX Security Tag |
| antiMalwareSettingPredictiveMachineLearningExceptions | Predictive Machine Learning Exclusion List |
| antiMalwareSettingScanCacheOnDemandConfigId | Anti-Malware On Demand Scan Cache Configuration |
| antiMalwareSettingScanCacheRealTimeConfigId | Anti-Malware Real-Time Scan Cache Configuration |
| antiMalwareSettingScanFileSizeMaxMbytes | Maximum file size to scan |
| antiMalwareSettingSmartProtectionGlobalServerEnabled | Use Global Smart Protection Service for Smart Scan |
| antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled | Use Proxy when accessing Smart Protection Service for Smart Scan |
| antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal | When off domain, connect to global Smart Protection Service. (Windows only) |
| antiMalwareSettingSmartProtectionLocalServerUrls | Local Smart Protection Servers for Smart Scan |
| antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled | Warn if connection to Smart Protection Server is lost |
| antiMalwareSettingSmartScanState | Smart Scan State |
| antiMalwareSettingSpywareApprovedList | Allowed Spyware/Grayware |
| antiMalwareSettingState (Default policy settings only) | Anti-Malware State |
| antiMalwareSettingSyslogConfigId | Anti-Malware Syslog Configuration |
| antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax | Max On-Demand Malware Scan Cache Entries |
| antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax | Max Real-Time Malware Scan Cache Entries |
| Application Control Settings | |
| applicationControlSettingExecutionEnforcementLevel | Enforcement: |
| applicationControlSettingRulesetMode | Ruleset mode: |
| applicationControlSettingSharedRulesetId | Shared Application Control Ruleset |
| applicationControlSettingState (Default policy settings only) | Application Control State |
| applicationControlSettingSyslogConfigId | Application Control Syslog Configuration |
| Firewall Settings | |
| firewallSettingAntiEvasionCheckEvasiveRetransmit | Evasive Retransmit |
| firewallSettingAntiEvasionCheckFinNoConnection | FIN packet out of connection |
| firewallSettingAntiEvasionCheckFragmentedPackets | Fragmented Packets |
| firewallSettingAntiEvasionCheckOutNoConnection | Outgoing packet out of connection |
| firewallSettingAntiEvasionCheckPaws | Invalid TCP Timestamps |
| firewallSettingAntiEvasionCheckRstNoConnection | RST packet out of connection |
| firewallSettingAntiEvasionCheckTcpChecksum | TCP Checksum |
| firewallSettingAntiEvasionCheckTcpCongestionFlags | TCP Congestion Flags |
| firewallSettingAntiEvasionCheckTcpPawsZero | Timestamp PAWS Zero Allowed |
| firewallSettingAntiEvasionCheckTcpRstFinFlags | TCP Rst Fin Flags |
| firewallSettingAntiEvasionCheckTcpSplitHandshake | TCP Split Handshake |
| firewallSettingAntiEvasionCheckTcpSynFinFlags | TCP Syn Fin Flags |
| firewallSettingAntiEvasionCheckTcpSynRstFlags | TCP Syn Rst Flags |
| firewallSettingAntiEvasionCheckTcpSynWithData | TCP Syn with Data |
| firewallSettingAntiEvasionCheckTcpUrgentFlags | TCP Urgent Flags |
| firewallSettingAntiEvasionCheckTcpZeroFlags | TCP Zero Flags |
| firewallSettingAntiEvasionSecurityPosture | Anti-Evasion Posture |
| firewallSettingAntiEvasionTcpPawsWindowPolicy | TCP Timestamp PAWS Window |
| firewallSettingCombinedModeProtectionSource | Firewall |
| firewallSettingConfigPackageExceedsAlertMaxEnabled | Advanced - Generate an Alert when Agent configuration package exceeds maximum size |
| firewallSettingEngineOptionAckTimeout | ACK Storm Timeout |
| firewallSettingEngineOptionAllowNullIpEnabled | Allow Null IP |
| firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled | Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier |
| firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled | Advanced - Block IPv6 on Agents and Appliances verions 9 and later |
| firewallSettingEngineOptionBlockSameSrcDstIpEnabled | Block Same Src-Dest IP Address |
| firewallSettingEngineOptionBootStartTimeout | Boot Start Timeout |
| firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled | Bypass Cisco WAAS Connections |
| firewallSettingEngineOptionCloseTimeout | CLOSED Timeout |
| firewallSettingEngineOptionCloseWaitTimeout | CLOSE_WAIT Timeout |
| firewallSettingEngineOptionClosingTimeout | CLOSING Timeout |
| firewallSettingEngineOptionColdStartTimeout | Cold Start Timeout |
| firewallSettingEngineOptionConnectionCleanupTimeout | Connection Cleanup Timeout |
| firewallSettingEngineOptionConnectionsCleanupMax | Maximum Connections per Cleanup |
| firewallSettingEngineOptionConnectionsNumIcmpMax | Maximum ICMP Connections |
| firewallSettingEngineOptionConnectionsNumTcpMax | Maximum TCP Connections |
| firewallSettingEngineOptionConnectionsNumUdpMax | Maximum UDP Connections |
| firewallSettingEngineOptionDebugModeEnabled | Enable Debug Mode |
| firewallSettingEngineOptionDebugPacketNumMax | Number of Packets to retain in Debug Mode |
| firewallSettingEngineOptionDisconnectTimeout | DISCONNECT Timeout |
| firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled | Drop 6to4 Bogon Addresses |
| firewallSettingEngineOptionDropEvasiveRetransmitEnabled | Drop Evasive Retransmit |
| firewallSettingEngineOptionDropIpZeroPayloadEnabled | Drop IP Packet with Zero Payload |
| firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled | Drop IPv6 Bogon Addresses |
| firewallSettingEngineOptionDropIpv6ExtType0Enabled | Drop IPv6 Extension Type 0 |
| firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled | Drop IPv6 Fragments Lower Than minimum MTU |
| firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled | Drop IPv6 Reserved Addresses |
| firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled | Drop IPv6 Site Local Addresses |
| firewallSettingEngineOptionDropTeredoAnomaliesEnabled | Drop Teredo Anomalies |
| firewallSettingEngineOptionDropUnknownSslProtocolEnabled | Drop Unknown SSL Protocol |
| firewallSettingEngineOptionErrorTimeout | ERROR Timeout |
| firewallSettingEngineOptionEstablishedTimeout | ESTABLISHED Timeout |
| firewallSettingEngineOptionEventNodesMax | Number of Event Nodes |
| firewallSettingEngineOptionFilterIpv4Tunnels | Filter IPv4 Tunnels |
| firewallSettingEngineOptionFilterIpv6Tunnels | Filter IPv6 Tunnels |
| firewallSettingEngineOptionFinWait1Timeout | FIN_WAIT1 Timeout |
| firewallSettingEngineOptionForceAllowDhcpDns | Force Allow DHCP DNS |
| firewallSettingEngineOptionForceAllowIcmpType3Code4 | Force Allow ICMP type3 code4 |
| firewallSettingEngineOptionFragmentOffsetMin | Minimum Fragment Offset |
| firewallSettingEngineOptionFragmentSizeMin | Minimum Fragment Size |
| firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled | Generate Connection Events for ICMP |
| firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled | Generate Connection Events for TCP |
| firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled | Generate Connection Events for UDP |
| firewallSettingEngineOptionIcmpTimeout | ICMP Timeout |
| firewallSettingEngineOptionIgnoreStatusCode0 | Ignore Status Code |
| firewallSettingEngineOptionIgnoreStatusCode1 | Ignore Status Code |
| firewallSettingEngineOptionIgnoreStatusCode2 | Ignore Status Code |
| firewallSettingEngineOptionLastAckTimeout | LAST_ACK Timeout |
| firewallSettingEngineOptionLogAllPacketDataEnabled | Log All Packet Data |
| firewallSettingEngineOptionLogEventsPerSecondMax | Maximum Events Per Second |
| firewallSettingEngineOptionLogOnePacketPeriod | Period for Log only one packet within period |
| firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled | Log only one packet within period |
| firewallSettingEngineOptionLogPacketLengthMax | Maximum data size to store when packet data is captured |
| firewallSettingEngineOptionLoggingPolicy | Advanced Logging Policy |
| firewallSettingEngineOptionSilentTcpConnectionDropEnabled | Silent TCP Connection Drop |
| firewallSettingEngineOptionSslSessionSize | SSL Session Size |
| firewallSettingEngineOptionSslSessionTime | SSL Session Time |
| firewallSettingEngineOptionStrictTerodoPortCheckEnabled | Strict Teredo Port Check |
| firewallSettingEngineOptionSynRcvdTimeout | SYN_RCVD Timeout |
| firewallSettingEngineOptionSynSentTimeout | SYN_SENT Timeout |
| firewallSettingEngineOptionTcpMssLimit | TCP MSS Limit |
| firewallSettingEngineOptionTunnelDepthMax | Maximum Tunnel Depth |
| firewallSettingEngineOptionTunnelDepthMaxExceededAction | Action if Maximum Tunnel Depth Exceeded |
| firewallSettingEngineOptionUdpTimeout | UDP Timeout |
| firewallSettingEngineOptionVerifyTcpChecksumEnabled | Verify TCP Checksum |
| firewallSettingEngineOptionsEnabled | Use custom driver settings |
| firewallSettingEventLogFileCachedEntriesLifeTime | Cache Lifetime |
| firewallSettingEventLogFileCachedEntriesNum | Cache Size |
| firewallSettingEventLogFileCachedEntriesStaleTime | Cache Stale time |
| firewallSettingEventLogFileIgnoreSourceIpListId | Do not record events with source IP of |
| firewallSettingEventLogFileRetainNum | Number of event log files to retain (on Agent/Appliance) |
| firewallSettingEventLogFileSizeMax | Maximum size of the event log files (on Agent/Appliance) |
| firewallSettingEventsOutOfAllowedPolicyEnabled | Generate Firewall Events for packets that are 'Out Of Allowed Policy' |
| firewallSettingFailureResponseEngineSystem | Network Engine System Failure |
| firewallSettingFailureResponsePacketSanityCheck | Network Packet Sanity Check Failure |
| firewallSettingInterfaceIsolationEnabled | Enable Interface Isolation |
| firewallSettingInterfaceLimitOneActiveEnabled | Limit to one active interface |
| firewallSettingInterfacePatterns | Interface Patterns |
| firewallSettingNetworkEngineMode | Network Engine Mode |
| firewallSettingReconnaissanceBlockFingerprintProbeDuration | Computer OS Fingerprint Probe - Block Traffic |
| firewallSettingReconnaissanceBlockNetworkOrPortScanDuration | Network or Port Scan - Block Traffic |
| firewallSettingReconnaissanceBlockTcpNullScanDuration | TCP Null Scan - Block Traffic |
| firewallSettingReconnaissanceBlockTcpSynFinScanDuration | TCP SYNFIN Scan - Block Traffic |
| firewallSettingReconnaissanceBlockTcpXmasAttackDuration | TCP Xmas Scan - Block Traffic |
| firewallSettingReconnaissanceDetectFingerprintProbeEnabled | Computer OS Fingerprint Probe - Enabled |
| firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled | Network or Port Scan - Enabled |
| firewallSettingReconnaissanceDetectTcpNullScanEnabled | TCP Null Scan - Enabled |
| firewallSettingReconnaissanceDetectTcpSynFinScanEnabled | TCP SYNFIN Scan - Enabled |
| firewallSettingReconnaissanceDetectTcpXmasAttackEnabled | TCP Xmas Scan - Enabled |
| firewallSettingReconnaissanceEnabled | Reconnaissance Scan Detection - Enabled |
| firewallSettingReconnaissanceExcludeIpListId | Reconnaissance Scan Detection - Do not perform detection on traffic coming from |
| firewallSettingReconnaissanceIncludeIpListId | Reconnaissance Scan Detection - Computers/Networks on which to perform detection |
| firewallSettingReconnaissanceNotifyFingerprintProbeEnabled | Computer OS Fingerprint Probe - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled | Network or Port Scan - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyTcpNullScanEnabled | TCP Null Scan - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled | TCP SYNFIN Scan - Notify DSM Immediately |
| firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled | TCP Xmas Scan - Notify DSM Immediately |
| firewallSettingState (Default policy settings only) | Firewall State |
| firewallSettingSyslogConfigId | Firewall and Intrusion Prevention Syslog Configuration |
| firewallSettingVirtualAndContainerNetworkScanEnabled | Scan container network traffic |
| Integrity Monitoring Settings | |
| integrityMonitoringSettingAutoApplyRecommendationsEnabled | Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during Recommendation Scans |
| integrityMonitoringSettingCombinedModeProtectionSource | Integrity Monitoring |
| integrityMonitoringSettingContentHashAlgorithm | Integrity Monitoring Hash Algorithm |
| integrityMonitoringSettingCpuUsageLevel | Integrity Monitoring CPU Usage Level: |
| integrityMonitoringSettingRealtimeEnabled | Real Time |
| integrityMonitoringSettingScanCacheConfigId | Integrity Scan Cache Configuration: |
| integrityMonitoringSettingState (Default policy settings only) | Integrity Monitoring State |
| integrityMonitoringSettingSyslogConfigId | Integrity Monitoring Syslog Configuration |
| integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax | Max Integrity Monitoring Scan Cache Entries |
| Intrusion Prevention Settings | |
| intrusionPreventionSettingAutoApplyRecommendationsEnabled | Automatically implement Recommendations |
| intrusionPreventionSettingCombinedModeProtectionSource | Intrusion Prevention |
| intrusionPreventionSettingEngineOptionFragmentedIpKeepMax | Maximum number of fragmented IP packets to keep |
| intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled | Send ICMP to indicate fragmented packet timeout exceeded |
| intrusionPreventionSettingEngineOptionFragmentedIpTimeout | Fragment Timeout |
| intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled | Bypass MAC addresses that don't belong to host |
| intrusionPreventionSettingEngineOptionsEnabled | Use custom driver settings |
| intrusionPreventionSettingLogDataRuleFirstMatchEnabled | Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period) |
| intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel | Detect Mode |
| intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel | Prevent Mode |
| intrusionPreventionSettingState (Default policy settings only) | Intrusion Prevention State |
| intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled | Scan container network traffic |
| Log Inspection Settings | |
| logInspectionSettingAutoApplyRecommendationsEnabled | Automatically assign/unassign recommended Log Inspection Rules to Computer during Recommendation Scans |
| logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin | Send Agent/Appliance events to syslog when they equal or exceed the following severity level |
| logInspectionSettingSeverityClippingAgentEventStoreLevelMin | Store events at the Agent/Appliance for later retrieval by DSM when they equal or exceed the following severity level |
| logInspectionSettingState (Default policy settings only) | Log Inspection State |
| logInspectionSettingSyslogConfigId | Log Inspection Syslog Configuration |
| Platform Settings | |
| platformSettingAgentCommunicationsDirection | Direction of Deep Security Manager to Agent/Appliance communication |
| platformSettingAgentEventsSendInterval | Period between sending of events |
| platformSettingAgentSelfProtectionEnabled | Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent |
| platformSettingAgentSelfProtectionPassword | Password |
| platformSettingAgentSelfProtectionPasswordEnabled | Local override requires password |
| platformSettingAutoAssignNewIntrusionPreventionRulesEnabled | Automatically assign new Intrusion Prevention Rules as required by updated Application Types and Intrusion Prevention Rule dependencies |
| platformSettingAutoUpdateAntiMalwareEngineEnabled | Automatically update anti-malware engine |
| platformSettingCombinedModeNetworkGroupProtectionSource | Network Combined Mode Affinity |
| platformSettingEnvironmentVariableOverrides | Environment Variable Overrides |
| platformSettingHeartbeatInactiveVmOfflineAlertEnabled | Raise Offline Errors For Inactive Virtual Machines |
| platformSettingHeartbeatInterval | Heartbeat Interval |
| platformSettingHeartbeatLocalTimeShiftAlertThreshold | Maximum change (in minutes) of the local system time on the computer between heartbeats before an alert is raised |
| platformSettingHeartbeatMissedAlertThreshold | Number of Heartbeats that can be missed before an alert is raised |
| platformSettingInactiveAgentCleanupOverrideEnabled | Prevent this computer from being deleted if Inactive Agent Cleanup is enabled: |
| platformSettingNotificationsSuppressPopupsEnabled | Suppress all pop-up notifications on host |
| platformSettingRecommendationOngoingScansInterval | Ongoing Scan Interval |
| platformSettingRelayState | Relay State |
| platformSettingScanCacheConcurrencyMax | Max Concurrent Scans |
| platformSettingScanOpenPortListId | Ports to scan |
| platformSettingSmartProtectionAntiMalwareGlobalServerProxyId | Use Proxy when accessing Smart Protection Service for Smart Scan |
| platformSettingSmartProtectionGlobalServerEnabled | Use Global Service for Census |
| platformSettingSmartProtectionGlobalServerProxyId | Use Proxy when accessing Global Service for Census |
| platformSettingSmartProtectionGlobalServerUseProxyEnabled | Use Proxy when accessing Global Service for Census |
| platformSettingTroubleshootingLoggingLevel | Logging Level |
| SAP Settings | |
| sapSettingState (Default policy settings only) | Configuration |
| Web Reputation Settings | |
| webReputationSettingAlertingEnabled | Alert |
| webReputationSettingAllowedUrlDomains | Allowed Domain URLs |
| webReputationSettingAllowedUrls | Allowed Page URLs |
| webReputationSettingBlockedUrlDomains | Blocked Domain URLs |
| webReputationSettingBlockedUrlKeywords | Blocked Keywords |
| webReputationSettingBlockedUrls | Blocked Page URLs |
| webReputationSettingBlockingPageLink | Blocked Page Link |
| webReputationSettingCombinedModeProtectionSource | Web Reputation |
| webReputationSettingMonitorPortListId | Ports to monitor |
| webReputationSettingSecurityBlockUntestedPagesEnabled | Block Untested Pages |
| webReputationSettingSecurityLevel | Security Level |
| webReputationSettingSmartProtectionGlobalServerUseProxyEnabled | Use Proxy when accessing Smart Protection Service for Web Reputation |
| webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal | When off domain, connect to global Smart Protection Service. (Windows only) |
| webReputationSettingSmartProtectionLocalServerEnabled | Use Local Smart Protection Server for Web Reputation Service |
| webReputationSettingSmartProtectionLocalServerUrls | Local Smart Protection Servers for Web Reputation |
| webReputationSettingSmartProtectionServerConnectionLostWarningEnabled | Warn if connection to Smart Protection Server is lost |
| webReputationSettingSmartProtectionWebReputationGlobalServerProxyId | Use Proxy when accessing Smart Protection Service for Web Reputation |
| webReputationSettingState (Default policy settings only) | Web Reputation State |
| webReputationSettingSyslogConfigId | Web Reputation Syslog Configuration |
System settings
| Setting | Description |
|---|---|
| Anti-Malware Settings | |
| antiMalwareSettingEventEmailBodyTemplate | Email Template |
| antiMalwareSettingEventEmailEnabled | Anti-Malware Email Notifications Enabled |
| antiMalwareSettingEventEmailRecipients | Email Recipients |
| antiMalwareSettingEventEmailSubject | Email Subject Text |
| antiMalwareSettingRetainEventDuration | Automatically delete Anti-Malware Events older than |
| Application Control Settings | |
| applicationControlSettingRetainEventDuration | Automatically delete Application Control Events older than |
| applicationControlSettingServeRulesetsFromRelaysEnabled | Serve application control rulesets from relays |
| Firewall Settings | |
| firewallSettingEventRankSeverityDeny | Deny |
| firewallSettingEventRankSeverityLogOnly | Log Only |
| firewallSettingEventRankSeverityPacketRejection | Packet Rejection |
| firewallSettingGlobalStatefulConfigId | Global Firewall Stateful Configuration |
| firewallSettingInternetConnectivityTestExpectedContentRegex | Regular Expression for returned content used to confirm Connectivity |
| firewallSettingInternetConnectivityTestInterval | Test Interval |
| firewallSettingInternetConnectivityTestUrl | URL for testing Internet Connectivity Status |
| firewallSettingIntranetConnectivityTestExpectedContentRegex | Regular Expression for returned content used to confirm Intranet Connectivity |
| firewallSettingIntranetConnectivityTestUrl | URL for testing Intranet Connectivity Status |
| firewallSettingRetainEventDuration | Automatically delete Firewall Events older than |
| Integrity Monitoring Settings | |
| integrityMonitoringSettingEventRankSeverityCritical | Critical |
| integrityMonitoringSettingEventRankSeverityHigh | High |
| integrityMonitoringSettingEventRankSeverityLow | Low |
| integrityMonitoringSettingEventRankSeverityMedium | Medium |
| integrityMonitoringSettingRetainEventDuration | Automatically delete Integrity Monitoring Events older than |
| Intrusion Prevention Settings | |
| intrusionPreventionSettingEventRankSeverityFilterCritical | Critical |
| intrusionPreventionSettingEventRankSeverityFilterError | Error |
| intrusionPreventionSettingEventRankSeverityFilterHigh | High |
| intrusionPreventionSettingEventRankSeverityFilterLow | Low |
| intrusionPreventionSettingEventRankSeverityFilterMedium | Medium |
| intrusionPreventionSettingRetainEventDuration | Automatically delete Intrusion Prevention Events older than |
| Log Inspection Settings | |
| logInspectionSettingEventRankSeverityCritical | Critical |
| logInspectionSettingEventRankSeverityHigh | High |
| logInspectionSettingEventRankSeverityLow | Low |
| logInspectionSettingEventRankSeverityMedium | Medium |
| logInspectionSettingRetainEventDuration | Automatically delete Log Inspection Events older than |
| Platform Settings | |
| platformSettingActiveSessionsMax | Number of concurrent sessions allowed per User |
| platformSettingActiveSessionsMaxExceededAction | Action when concurrent session limit is exceeded |
| platformSettingAgentInitiatedActivationDuplicateHostnameMode | If a computer with the same name already exists |
| platformSettingAgentInitiatedActivationEnabled | Allow Agent-Initiated Activation |
| platformSettingAgentInitiatedActivationPolicyId | Policy to assign (if Policy not assigned by activation script): |
| platformSettingAgentInitiatedActivationReactivateClonedEnabled | Reactivate cloned Agents |
| platformSettingAgentInitiatedActivationReactivateUnknownEnabled | Reactivate unknown Agents |
| platformSettingAgentInitiatedActivationSpecifyHostnameEnabled | Allow Agent to specify hostname |
| platformSettingAgentInitiatedActivationToken | Agent activation token: |
| platformSettingAgentInitiatedActivationWithinIpListId | Agent-Initiated Activation IP List |
| platformSettingAgentlessVcloudProtectionEnabled | Allow Appliance protection of vCloud VMs |
| platformSettingAlertAgentUpdatePendingThreshold | Length of time an Update can be pending before raising an Alert |
| platformSettingAlertDefaultEmailAddress | Alert Email Address - The email address to which all alert emails should be sent |
| platformSettingAllowPacketDataCaptureInNetworkEvents | Allow packet data capture in network events |
| platformSettingApiSoapWebServiceEnabled | SOAP web service API Enabled |
| platformSettingApiStatusMonitoringEnabled | Status Monitoring API Enabled |
| platformSettingAwsExternalIdRetrievalEnabled | Enable retrieval and viewing of AWS External ID |
| platformSettingAwsManagerIdentityAccessKey | Access Key - The Access Key of an AWS User used for the manager identity |
| platformSettingAwsManagerIdentitySecretKey | Secret Key - The Secret Access Key of an AWS User used for the manager identity |
| platformSettingAwsManagerIdentityUseInstanceRoleEnabled | Use Instance Role |
| platformSettingAzureSsoCertificate | Azure resource provider certificate for SSO |
| platformSettingCaptureEncryptedTrafficEnabled | Allow packet data capture on encrypted traffic (SSL) |
| platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey | API Key |
| platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl | Server URL (ex: "https://[server]/webapp") |
| platformSettingConnectedThreatDefenseControlManagerProxyId | Use Proxy when accessing Apex Central |
| platformSettingConnectedThreatDefenseControlManagerSourceOption | Suspicious Object List Source |
| platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled | Compare objects against Suspicious Object List |
| platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled | When accessing Apex Central, use proxy: |
| platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled | Use default server settings |
| platformSettingContentSecurityPolicy | Content security policy |
| platformSettingContentSecurityPolicyReportOnlyEnabled | Report only |
| platformSettingDdanAutoSubmissionEnabled | Enable automatic file submission |
| platformSettingDdanManualSourceApiKey | API Key |
| platformSettingDdanManualSourceServerUrl | Server URL (ex: "https://[server]/") |
| platformSettingDdanProxyId | Use Proxy when accessing Deep Discovery Analyzer |
| platformSettingDdanSourceOption | Deep Discovery Analyzer Source |
| platformSettingDdanSubmissionEnabled | Enable submission of suspicious files to Deep Discovery Analyzer |
| platformSettingDdanUseProxyEnabled | When accessing Deep Discovery Analyzer, use proxy: |
| platformSettingDemoModeEnabled | Demo Mode Enabled |
| platformSettingEventForwardingSnsAccessKey | Access Key - The Access Key of an AWS User with access to the SNS Topic |
| platformSettingEventForwardingSnsAdvancedConfigEnabled | Amazon SNS Advanced Configuration |
| platformSettingEventForwardingSnsConfigJson | Amazon SNS Configuration |
| platformSettingEventForwardingSnsEnabled | Publish Events to Amazon Simple Notification Service |
| platformSettingEventForwardingSnsSecretKey | Secret Key - The Secret Key of an AWS User with access to the SNS Topic |
| platformSettingEventForwardingSnsTopicArn | SNS Topic ARN |
| platformSettingExportedDiagnosticPackageLocale | Exported Diagnostic Package Language |
| platformSettingExportedFileCharacterEncoding | Exported file Character Encoding |
| platformSettingHttpPublicKeyPinPolicy | HTTP public key pin policy |
| platformSettingHttpPublicKeyPinPolicyReportOnlyEnabled | Report only |
| platformSettingHttpStrictTransportEnabled | Enable HTTP Strict Transport Security |
| platformSettingInactiveAgentCleanupDuration | Delete Agents that have been inactive for: |
| platformSettingInactiveAgentCleanupEnabled | Delete Agents that have been inactive for: |
| platformSettingLinuxUpgradeOnActivationEnabled | Automatically upgrade Linux agents on activation |
| platformSettingLoadBalancerHeartbeatAddress | Load Balancer Heartbeat Hostname |
| platformSettingLoadBalancerHeartbeatPort | Load Balancer Heartbeat Port |
| platformSettingLoadBalancerManagerAddress | Load Balancer Manager Hostname |
| platformSettingLoadBalancerManagerPort | Load Balancer Manager Port |
| platformSettingLoadBalancerRelayAddress | Load Balancer Relay Hostname |
| platformSettingLoadBalancerRelayPort | Load Balancer Relay Port |
| platformSettingLogoBinaryImageImg | Logo Bytes |
| platformSettingManagedDetectResponseCompanyGuid | Company GUID |
| platformSettingManagedDetectResponseEnabled | Enable the MDR service |
| platformSettingManagedDetectResponseProxyId | Use Proxy when accessing MDR server |
| platformSettingManagedDetectResponseServerUrl | Server URL (ex: "https://[server]/") |
| platformSettingManagedDetectResponseServiceToken | Data Source GUID |
| platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled | Use default server settings |
| platformSettingManagedDetectResponseUseProxyEnabled | When accessing MDR server, use proxy: |
| platformSettingNewTenantDownloadSecurityUpdateEnabled | Enable the automatic download of Security Updates on new Tenants |
| platformSettingPrimaryTenantAllowTenantAddVmwareVcenterEnabled | Allow Tenants to add VMware vCenters |
| platformSettingPrimaryTenantAllowTenantConfigureForgotPasswordEnabled | Show the "Forgot Password?" option |
| platformSettingPrimaryTenantAllowTenantConfigureRememberMeOptionEnabled | Show the "Remember Account Name and Username" option |
| platformSettingPrimaryTenantAllowTenantConfigureSiemEnabled | Allow Tenants to configure independent Event Forwarding SIEM settings |
| platformSettingPrimaryTenantAllowTenantConfigureSnmpEnabled | Allow Tenants to configure SNMP settings |
| platformSettingPrimaryTenantAllowTenantConfigureSnsEnabled | Allow Tenants to configure SNS settings |
| platformSettingPrimaryTenantAllowTenantControlImpersonationEnabled | Allow Tenants to control access from the Primary Tenant |
| platformSettingPrimaryTenantAllowTenantDatabaseState | Primary Database Server State |
| platformSettingPrimaryTenantAllowTenantRunComputerDiscoveryEnabled | Allow Tenants to run "Computer Discovery" (directly and as a Scheduled Task) |
| platformSettingPrimaryTenantAllowTenantRunPortScanEnabled | Allow Tenants to run "Port Scan" (directly and as a Scheduled Task) |
| platformSettingPrimaryTenantAllowTenantSyncWithCloudAccountEnabled | Allow Tenants to add with Cloud Accounts |
| platformSettingPrimaryTenantAllowTenantSynchronizeLdapDirectoriesEnabled | Allow Tenants to synchronize with LDAP Directories |
| platformSettingPrimaryTenantAllowTenantUseDefaultRelayGroupEnabled | Allow Tenants to use the Relays in my "Default Relay Group" |
| platformSettingPrimaryTenantAllowTenantUseScheduledRunScriptTaskEnabled | Allow Tenants to use the "Run Script" Scheduled Task |
| platformSettingPrimaryTenantLockAndHideTenantDataPrivacyOptionEnabled | Data Privacy options on the "Agents" Tab |
| platformSettingPrimaryTenantLockAndHideTenantSmtpTabEnabled | All options on the "SMTP" Tab |
| platformSettingPrimaryTenantLockAndHideTenantStorageTabEnabled | All options on the "Storage" Tab |
| platformSettingPrimaryTenantShareConnectedThreatDefensesEnabled | Allow Tenants to use the Primary Tenant's Trend Micro Apex Central and Deep Discovery Analyzer Server settings. |
| platformSettingPrimaryTenantShareManagedDetectResponsesEnabled | Allow Tenants to use Primary Tenant's Managed Detection and Response settings. |
| platformSettingProductUsageDataCollectionEnabled | Enable Product Usage Data Collection |
| platformSettingProxyAgentUpdateProxyId | Primary Security Update Proxy used by Agents, Appliances, and Relays: |
| platformSettingProxyManagerCloudProxyId | Deep Security Manager (Cloud Accounts - HTTP Protocol Only): |
| platformSettingProxyManagerUpdateProxyId | Deep Security Manager (Software Updates, CSSS, News Updates, Product Registration and Licensing): |
| platformSettingRecommendationCpuUsageLevel | CPU Usage Level |
| platformSettingRecommendationOngoingScansEnabled | Perform ongoing Recommendation Scans |
| platformSettingRetainAgentInstallersPerPlatformMax | Number of older software versions to keep per platform |
| platformSettingRetainCountersDuration | Automatically delete Counters older than |
| platformSettingRetainSecurityUpdatesMax | Number of older Rule Updates to keep |
| platformSettingRetainServerLogDuration | Automatically delete Server Logs older than |
| platformSettingRetainSystemEventDuration | Automatically delete System Events older than |
| platformSettingSamlIdentityProviderCertificateExpiryWarningDays | Warn when a SAML identity provider certificate will expire within (days) |
| platformSettingSamlRetainInactiveExternalAdministratorsDuration | Automatically delete inactive identity provider users after (days) |
| platformSettingSamlServiceProviderCertificate | SAML Service Provider Certificate |
| platformSettingSamlServiceProviderCertificateExpiryWarningDays | Warn when the Deep Security Manager SAML Service Provider certificate will expire within (days) |
| platformSettingSamlServiceProviderEntityId | Entity ID |
| platformSettingSamlServiceProviderName | Service Name |
| platformSettingSamlServiceProviderPrivateKey | SAML Service Provider Private Key |
| platformSettingSignInPageMessage | Text |
| platformSettingSmartProtectionFeedbackBandwidthMaxKbytes | Maximum bandwidth: |
| platformSettingSmartProtectionFeedbackEnabled | Enable Trend Micro Smart Feedback (recommended) |
| platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled | Send suspicious file signatures along with feedback |
| platformSettingSmartProtectionFeedbackIndustryType | Your industry (optional): |
| platformSettingSmartProtectionFeedbackInterval | Feedback Interval (min) |
| platformSettingSmartProtectionFeedbackThreatDetectionsThreshold | Feedback Interval by threats |
| platformSettingSmtpBounceEmailAddress | "Bounce" email address (optional) - The email address to which delivery failure notifications should be sent |
| platformSettingSmtpFromEmailAddress | "From" email address - The email address from which outgoing emails should be sent |
| platformSettingSmtpPassword | SMTP password |
| platformSettingSmtpRequiresAuthenticationEnabled | Mail server requires authentication |
| platformSettingSmtpServerAddress | SMTP mail server address (optionally include :port) |
| platformSettingSmtpStartTlsEnabled | STARTTLS |
| platformSettingSmtpUsername | SMTP username |
| platformSettingSyslogConfigId | Forward System Events to a remote computer (via Syslog) using configuration |
| platformSettingSystemEventForwardingSnmpAddress | Hostname or IP address to which events should be sent |
| platformSettingSystemEventForwardingSnmpEnabled | Forward System Events to a remote computer (via SNMP) |
| platformSettingSystemEventForwardingSnmpPort | UDP port to which events should be sent |
| platformSettingTenantAllowImpersonationByPrimaryTenantEnabled | Allow Primary Tenant access to my Deep Security Environment |
| platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled | Automatically revoke Primary Tenant access after |
| platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout | Automatically revoke Primary Tenant access after |
| platformSettingTenantProtectionUsageMonitoringComputerId1 | Computer Identifier 1 |
| platformSettingTenantProtectionUsageMonitoringComputerId2 | Computer Identifier 2 |
| platformSettingTenantProtectionUsageMonitoringComputerId3 | Computer Identifier 3 |
| platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled | Use the Primary Tenant Relay Group as my Default Relay Group |
| platformSettingTrendMicroXdrApiKey | API Key |
| platformSettingTrendMicroXdrApiServerUrl | API Server URL |
| platformSettingTrendMicroXdrApiUser | API User |
| platformSettingTrendMicroXdrCommonLogReceiverUrl | Common Log Receiver URL |
| platformSettingTrendMicroXdrCompanyId | Company ID |
| platformSettingTrendMicroXdrEnabled | Forward activity data to Trend Micro XDR data lake |
| platformSettingTrendMicroXdrIdentityProviderApiUrl | Service Platform Identity Provider API URL |
| platformSettingTrendMicroXdrLogServerUrl | Log Server URL |
| platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled | Allow Agents/Appliances to download security updates directly from Primary Security Update Source if Relays are not accessible |
| platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled | Allow Agents/Appliances to download security updates when Deep Security Manager is not accessible |
| platformSettingUpdateAgentSoftwareUseDownloadCenterOnMissingDeepSecurityManagerEnabled | Allow Relays to download software updates from Trend Micro Download Center when Deep Security Manager is not accessible |
| platformSettingUpdateApplianceDefaultAgentVersion | Upon deployment, update Deep Security Virtual Appliances to |
| platformSettingUpdateHostnameOnIpChangeEnabled | Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery |
| platformSettingUpdateImportedSoftwareAutoDownloadEnabled | Automatically download updates to imported software |
| platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled | Download Patterns for all Regions |
| platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled | Allow supported 8.0 and 9.0 Agents to be updated |
| platformSettingUpdateRulesPolicyAutoApplyEnabled | Automatically apply Rule Updates to Policies |
| platformSettingUpdateSecurityPrimarySourceMode | Relay Update Source |
| platformSettingUpdateSecurityPrimarySourceUrl | URL |
| platformSettingUpdateSoftwareAlternateUpdateServerUrls | Alternate Software Update Web Server(s) |
| platformSettingUserEnforceTermsAndConditionsEnabled | User must agree to the terms and conditions |
| platformSettingUserEnforceTermsAndConditionsMessage | List of Terms And Conditions |
| platformSettingUserEnforceTermsAndConditionsTitle | Text |
| platformSettingUserHideUnlicensedModulesEnabled | Hide unlicensed Protection Modules for new Users |
| platformSettingUserPasswordExpiry | User password expires |
| platformSettingUserPasswordExpirySendEmailEnabled | Send email when a user's password is about to expire |
| platformSettingUserPasswordLengthMin | User password minimum length |
| platformSettingUserPasswordRequireLettersAndNumbersEnabled | User password requires both letters and numbers |
| platformSettingUserPasswordRequireMixedCaseEnabled | User password requires both upper and lower case characters |
| platformSettingUserPasswordRequireNotSameAsUsernameEnabled | User password cannot match username or username spelled backward |
| platformSettingUserPasswordRequireSpecialCharactersEnabled | User password requires non-alphanumeric characters |
| platformSettingUserSessionDurationMax | Maximum session duration |
| platformSettingUserSessionIdleTimeout | Session idle timeout |
| platformSettingUserSignInAttemptsAllowedNumber | Number of incorrect sign-in attempts allowed (before lock out) |
| platformSettingVmwareNsxManagerNode | Manager Node for NSX communication |
| platformSettingWhoisUrl | Whois URL - The full URL to a Whois lookup with the IP represented as [IP] |
| platformSettingWindowsUpgradeOnActivationEnabled | Automatically upgrade Windows agents on activation |
| Web Reputation Settings | |
| webReputationSettingEventRankRiskBlockedByAdministratorRank | Blocked By Administrator |
| webReputationSettingEventRankRiskDangerous | Dangerous |
| webReputationSettingEventRankRiskHighlySuspicious | Highly Suspicious |
| webReputationSettingEventRankRiskSuspicious | Suspicious |
| webReputationSettingEventRankRiskUntested | Untested |
| webReputationSettingRetainEventDuration | Automatically delete Web Reputation Events older than |