Deep Security notifier

The Deep Security notifier is a Windows taskbar application that communicates the state of the Deep Security Agent and Deep Security Relay to client machines. The notifier displays popup user notifications in the taskbar notification area when the Deep Security Agent blocks malware or prevents access to malicious web pages.

The notifier has a small footprint on the client machine, requiring less than 1MB of disk space and 1MB of memory. When the notifier is running, the notifier icon () appears in the taskbar. The notifier is automatically installed by default with the Deep Security Agent on Windows computers. Use the Administration > Updates > Software > Local page to import the latest version for distribution and upgrades.

On computers running a relay-enabled agent, the notifier displays the components that are being distributed to agents or appliances, not which components are in effect on the local computer.

A standalone version of the notifier can be downloaded and installed on virtual machines that are receiving protection from a Deep Security Virtual Appliance. See Deploy Deep Security notifier.

On VMs protected by a virtual appliance, the anti-malware module must be licensed and enabled on the VM for the Deep Security Notifier to display information.

How the notifier works

When malware is detected or a malicious site is blocked, the Deep Security Agent sends a message to the notifier, which displays a popup message in the notification area of the taskbar.

If malware is detected, the notification area displays a pop-up message similar to the following:

If the user clicks on the message, a dialog with detailed information about anti-malware events is displayed:

When a malicious web page is blocked, the notification area displays a pop-up message similar to the following:

If the user clicks on the message, a dialog with detailed information about web reputation events is displayed:

The notifier also provides a console utility for viewing the current protection status and component information, including pattern versions. The console utility allows the user to turn on and off the popup notifications and access detailed event information.

You can also turn off pop-up notifications for certain computers or for computers that are assigned a particular policy by going to the Deep Security Manager Computer/Policy editor > Settings > General and settings Suppress all pop-up notifications on host to Yes. The messages still appear as alerts or events in Deep Security Manager.

When the notifier is running on a computer hosting Deep Security Relay, the notifier's display shows the components being distributed by the relay and not the components that in effect on the computer.

When the notifier is running on a computer hosting Deep Security Scanner, the notifier shows that the scanner feature is enabled and the computer cannot be a relay.

Trigger a manual scan on Windows OS

If an agent is enabled to trigger a manual scan in the notifier application, the notifier console includes a panel titled Scan. The notifier uses the scan configuration assigned from the Computer editor or the Policy editor, in the editor's Anti-Malware tab, in the General horizontal tab, in the Manual Scan section. For details, see Create or edit a malware scan configuration.

A scan cannot be triggered:

  • When the agent is being upgraded.
  • When there is an ongoing server-side scan already taking place.
  • If the scan configuration is empty.

To start a manual scan by the agent on Windows OS:

  1. In the Scan panel, click Scan.
  2. Select the folders to scan and click Scan:
    • For a Full Scan, select This PC to start a scan of all files.
    • For a Custom Scan, select one or more files or folders to start a scan.

Once the scan is completed, the Scan Result displays the number of detected malware items. To view details of these items, click View Events in the notifier's Advanced panel.

An ongoing scan is halted if it has been triggered on a computer that is not available. For example, the user logs out of the computer after the scan has been started.

To start a manual scan by the agent on Linux OS, execute the following command:

/opt/ds_agent/dsa_scan --target "<target_scan_folder_path>"