Migrate policies to Workload Security

If you are currently using Deep Security, you can follow the instructions in this article to migrate Deep Security 12 policies to Trend Micro Cloud One - Workload Security.

For more information about migrating to Workload Security, see the migration article in the Deep Security 20 help.


  1. Check that you're running a version of Deep Security that supports policy migration:
    • Deep Security Manager 12.0 LTS Update 17 (12.0.501) or later
    • Deep Security Manager 12 FR 2020-04-29 (12.5.855) or later
  2. If you haven't done so already, sign up for Trend Micro Cloud One.

You can then Migrate policies.

Migrate policies

  1. Export the policy to an XML file. In the Deep Security Manager policies tree, select the policy and select Export > Export Selected to XML (For Import).

    When you export a policy to XML, child policies may be included in the exported package. Application Control settings are not migrated. Network-dependent objects and settings (proxy settings, syslog configurations, and so on) may not be migrated.

  2. Compress the XML file to a gzip file and encode the gzip file to Base64 string:

    On Mac:

    cat {Policy_File.xml} | gzip | base64 > {Policy_File.txt}

    On Linux (RedHat / CentOS / Ubuntu / Debian):

    cat {Policy_File.xml} | gzip | base64 -w 0 > {Policy_File.txt}

    On Windows:

    There is no official support for the gzip command on Windows.

    You can install 7-Zip for gzip compress, and then use the following command to transfer the gzip file to Base64 string.

    certutil -encodehex -f {Policy_File.xml.gz} {Policy_File.txt} 0x40000001

  3. Follow the API document to create a policy import task, which will migrate the policies to your Workload Security account.

    Importing the policies using the Workload Security console is not currently supported.

  4. The policy import task imports the policy that you exported from Deep Security Manager and its child policies. If you want to migrate other policies, export them and create multiple policy import tasks.

Check the migration state

Follow the API document to check the policy import task state.

Status Description

A policy migration task to Workload Security has been requested.

The policy migration task has been accepted by Deep Security Manager, but hasn't started to migrate the policies.

In Progress Policies are being migrated to Workload Security.
Complete Policies have been migrated successfully to Workload Security.

Policies have failed to migrate to Workload Security for some reason.

Please check the Troubleshooting section.


If the status is "Failed":

  • If the error code is 100, the Deep Security Manager version is not supported.
  • If the error code is 20x, check your policy XML file and encode the policy again.
  • For any other errors, please contact Trend Micro support.