System events
To view system events, go to Events & Reports > Events.
To configure system events, go to the Administration > System Settings > System Events tab. On this tab you can set whether to record individual events and whether to forward them to a SIEM server. If you select Record, then the event is saved to the database. If you deselect Record, then the event won't appear under the Events & Reports tab (or anywhere in Deep Security Manager) and it won't be forwarded either.
Depending on whether it's a system configuration change or security incident, each log will appear in either the System Events sub-menu, or the sub-menu corresponding to the event's protection module, such as Anti-Malware Events.
These events sometimes also appear in the Status column on Computers.
ID | Severity | Event | Description or Solution |
0 | Error | Unknown Error | |
100 | Info | Deep Security Manager Started | |
101 | Info | License Changed | |
107 | Info | Rule Update Downloaded and Applied | |
108 | Info | Script Executed | |
109 | Error | Script Execution Failed | |
110 | Info | System Events Exported | |
111 | Info | Firewall Events Exported | |
112 | Info | Intrusion Prevention Events Exported | |
115 | Info | Rule Update Downloaded | |
116 | Info | Rule Update Applied | |
117 | Info | Deep Security Manager Shutdown | |
118 | Warning | Deep Security Manager Offline | |
119 | Info | Deep Security Manager Back Online | |
120 | Error | Heartbeat Server Failed | The server within Deep Security Manager that listens for incoming agent heartbeats did not start. Check that the manager's incoming heartbeat port number is not in use by another application on the server. Once the port is free, the manager's heartbeat server should bind to it, and this error should be fixed. |
121 | Error | Scheduler Failed | |
122 | Error | Manager Message Thread Failed | An internal thread has failed. There is no resolution for this error. If it persists, please contact customer support. |
123 | Info | Deep Security Manager Forced Shutdown | |
124 | Info | Rule Update Deleted | |
130 | Info | Credentials Generated | |
140 | Info | Discover Computers | |
141 | Warning | Discover Computers Failed | |
142 | Info | Discover Computers Requested | |
143 | Info | Discover Computers Canceled | |
150 | Info | System Settings Saved | |
151 | Info | Software Added | |
152 | Info | Software Deleted | |
153 | Info | Software Updated | |
154 | Info | Software Exported | |
156 | Error | Agent Installer Digital Signature Verification Failed |
'<agent>.zip' has been deleted because the digital signature verification failed. The failure indicates that the file may have been tampered with. Details: <detailed_message> Please contact Trend Micro support for more help. See Check digital signatures on software packages for details. |
160 | Info | Authentication Failed | |
161 | Info | Rule Update Exported | |
162 | Info | Log Inspection Events Exported | |
163 | Info | Anti-Malware Event Exported | |
164 | Info | Security Update Successful | |
165 | Error | Security Update Failed | |
169 | Error | Manual Security Update Failed | |
170 | Error | Manager Available Disk Space Too Low | The manager does not have enough free disk space to function and will shut down. |
171 | Info | Anti-Malware Spyware Item Exported | |
172 | Info | Web Reputation Events Exported | |
173 | Info | Anti-Malware Identified Files List Exported | |
174 | Info | Anti-Malware Unauthorized Change Targeted Item Exported | |
175 | Info | Creating Heap Dump | |
176 | Info | Heap Dump Created | |
177 | Error | Failed to create Heap Dump | |
180 | Info | Alert Type Updated | |
190 | Info | Alert Started | |
191 | Info | Alert Changed | |
192 | Info | Alert Ended | |
197 | Info | Alert Emails Sent | |
198 | Warning | Alert Emails Failed | An alert email could not be sent. |
199 | Error | Alert Processing Failed | The current alert status could be inaccurate because an alert was not completely processed. If the problem persists, contact your support provider. |
247 | Warning | Agent Integrity Check Failed | |
248 | Info | Software Update: Disable Relay Requested | |
249 | Info | Software Update: Enable Relay Requested | |
250 | Info | Computer Created | |
251 | Info | Computer Deleted | |
252 | Info | Computer Updated | |
253 | Info | Policy Assigned to Computer | |
254 | Info | Computer Moved | |
255 | Info | Activation Requested | |
256 | Info | Send Policy Requested | |
257 | Info | Locked | |
258 | Info | Unlocked | |
259 | Info | Deactivation Requested | |
260 | Info | Scan for Open Ports | |
261 | Warning | Scan for Open Ports Failed | |
262 | Info | Scan for Open Ports Requested | |
263 | Info | Scan for Open Ports Canceled | |
264 | Info | Agent Software Upgrade Requested | |
265 | Info | Agent Software Upgrade Cancelled | |
266 | Info | Warnings/Errors Cleared | |
267 | Info | Check Status Requested | |
268 | Info | Get Events Requested | |
269 | Info | Computer Added to Cloud Connector | |
270 | Error | Computer Creation Failed | |
271 | Info | Agent Software Upgrade Timed Out | |
272 | Info | Appliance Software Upgrade Timed Out | |
273 | Info | Security Update: Security Update Check and Download Requested | |
274 | Info | Security Update: Security Update Rollback Requested | |
275 | Warning | Duplicate Computer | |
276 | Info | Update: Summary Information | |
277 | Info | Upgrade on Activation Skipped | The agent was eligible for an automatic upgrade, but the upgrade did not occur. For more information, see Automatically upgrade agents on activation. |
278 | Info | Software Update: Reboot to Complete Agent Software Upgrade | |
280 | Info | Computers Exported | |
281 | Info | Computers Imported | |
287 | Info | Relay Group Assigned to Computer | |
290 | Info | Group Added | |
291 | Info | Group Removed | |
292 | Info | Group Updated | |
293 | Info | Interface Renamed | |
294 | Info | Computer Bridge Renamed | |
295 | Info | Interface Deleted | |
297 | Info | Recommendation Scan Requested | |
298 | Info | Recommendations Cleared | |
299 | Info | Asset Value Assigned to Computer | |
300 | Info | Recommendation Scan Completed | |
301 | Info | Agent Software Deployment Requested | |
302 | Info | Agent Software Removal Requested | |
303 | Info | Computer Renamed | |
304 | Info | Computer Moved To Datacenter | The virtual machine (VM) was placed in its root data center folder because Deep Security Manager couldn't determine the VM's parent folder due to a permission issue. To have the VM appear in the correct folder in Deep Security Manager, check the permissions of the VM on the vCenter server. |
305 | Info | Scan for Integrity Requested | |
306 | Info | Rebuild Baseline Requested | |
307 | Info | Cancel Update Requested | |
308 | Info | Integrity Monitoring Rule Compile Issue | |
309 | Info | Integrity Monitoring Rule Compile Issue Resolved | |
310 | Info | Directory Added | |
311 | Info | Directory Removed | |
312 | Info | Directory Updated | |
321 | Info | Directory Synchronization Finished | |
322 | Error | Directory Synchronization Failed | |
323 | Info | Directory Synchronization Requested | |
326 | Info | User Synchronization Finished | Synchronization of the user accounts with Microsoft Active Directory has completed. |
327 | Error | User Synchronization Failed | |
330 | Info | SSL Configuration Created | |
331 | Info | SSL Configuration Deleted | |
332 | Info | SSL Configuration Updated | |
333 | Info | Host Merge Finished | |
334 | Error | Host Merge Failed | |
338 | Warning | Directory Synchronization Limit Exceeded | Reached the limit of total group members for Active Directory synchronization. Skipping any remaining members. Consider adjusting the limit in the system setting. |
350 | Info | Policy Created | |
351 | Info | Policy Deleted | |
352 | Info | Policy Updated | |
353 | Info | Policies Exported | |
354 | Info | Policies Imported | |
355 | Info | Scan for Recommendations Canceled | |
356 | Error | Secure Boot Public Key Not Enrolled |
This error can occur if the public key required to check the signature on the Trend Micro kernel module is not successfully enrolled on the agent computer. For details, see Configure Linux Secure Boot for agents. |
357 | Error | Secure Boot 'On' Not Supported |
Deep Security Agent does not support this OS with Secure Boot enabled. For details, see Configure Linux Secure Boot for agents. |
360 | Info | VMware vCenter Added | |
361 | Info | VMware vCenter Removed | |
362 | Info | VMware vCenter Updated | |
363 | Info | VMware vCenter Synchronization | |
364 | Info | VMware vCenter Synchronization Finished | |
365 | Error | VMware vCenter Synchronization Failed | |
366 | Info | VMware vCenter Synchronization Requested | |
367 | Info | VMware vCenter Synchronization Cancelled | |
368 | Warning | Interfaces Out of Sync | Interfaces reported by the Deep Security Virtual Appliance are different than the interfaces reported by the vCenter. This can typically be resolved by rebooting the VM. |
369 | Info | Interfaces in Sync | |
370 | Info | Filter Driver Installed | |
371 | Info | Filter Driver Removed | The VMware ESXi server has been restored to the state it was in before the filter driver software was installed. |
372 | Info | Filter Driver Upgraded | |
373 | Info | Virtual Appliance Deployed | |
374 | Info | Virtual Appliance Upgraded | |
375 | Warning | Virtual Appliance Upgrade Failed | |
376 | Warning | Virtual Machine Moved to Unprotected ESXi | |
377 | Info | Virtual Machine Moved to Protected ESXi | |
378 | Warning | Virtual Machine unprotected after move to another ESXi | A VM was moved to an ESXi where there is no Deep Security Virtual Appliance. |
379 | Info | Virtual Machine unprotected after move to another ESXi Resolved | |
380 | Error | Filter Driver Offline | The filter driver on an ESXi server is offline. Use the VMware vCenter console to troubleshoot problems with the hypervisor and the ESXi. |
381 | Info | Filter Driver Back Online | |
382 | Info | Filter Driver Upgrade Requested | |
383 | Info | Appliance Upgrade Requested | |
384 | Warning | Prepare ESXi Failed | |
385 | Warning | Filter Driver Upgrade Failed | |
386 | Warning | Removal of Filter Driver from ESXi Failed | |
387 | Error | Connection to Filter Driver Failure | |
388 | Info | Connection to Filter Driver Success | |
389 | Error | Multiple Activated Appliances Detected | |
390 | Info | Multiple Activated Appliances Detected Resolved | |
391 | Error | Network Settings Out of Sync With vCenter Global Settings | |
392 | Info | Network Settings in Sync With vCenter Global Settings | |
393 | Error | Anti-Malware Engine Offline | The anti-malware protection module is not functioning. This is probably because the VMware environment does not meet the requirements. See System requirements. |
394 | Info | Anti-Malware Engine Back Online | |
395 | Error | Virtual Appliance is Incompatible With Filter Driver | |
396 | Info | Virtual Appliance is Incompatible With Filter Driver Resolved | |
397 | Warning | VMware NSX Callback Authentication Failed | |
398 | Error | VMware Tools Not Installed | |
399 | Info | VMware Tools Not Installed Resolved | |
410 | Info | Firewall Rule Created | |
411 | Info | Firewall Rule Deleted | |
412 | Info | Firewall Rule Updated | |
413 | Info | Firewall Rule Exported | |
414 | Info | Firewall Rule Imported | |
420 | Info | Firewall Stateful Configuration Created | |
421 | Info | Firewall Stateful Configuration Deleted | |
422 | Info | Firewall Stateful Configuration Updated | |
423 | Info | Firewall Stateful Configuration Exported | |
424 | Info | Firewall Stateful Configuration Imported | |
460 | Info | Application Type Created | An administrator configured a new IPS network application definition. |
461 | Info | Application Type Deleted | An administrator removed an IPS network application definition. |
462 | Info | Application Type Updated | An administrator changed an existing IPS network application definition. |
463 | Info | Application Type Exported | An administrator downloaded an IPS network application definition. |
464 | Info | Application Type Imported | An administrator uploaded an IPS network application definition. |
470 | Info | Intrusion Prevention Rule Created | |
471 | Info | Intrusion Prevention Rule Deleted | |
472 | Info | Intrusion Prevention Rule Updated | |
473 | Info | Intrusion Prevention Rule Exported | |
474 | Info | Intrusion Prevention Rule Imported | |
480 | Info | Integrity Monitoring Rule Created | |
481 | Info | Integrity Monitoring Rule Deleted | |
482 | Info | Integrity Monitoring Rule Updated | |
483 | Info | Integrity Monitoring Rule Exported | |
484 | Info | Integrity Monitoring Rule Imported | |
490 | Info | Log Inspection Rule Created | |
491 | Info | Log Inspection Rule Deleted | |
492 | Info | Log Inspection Rule Updated | |
493 | Info | Log Inspection Rule Exported | |
494 | Info | Log Inspection Rule Imported | |
495 | Info | Log Inspection Decoder Created | |
496 | Info | Log Inspection Decoder Deleted | |
497 | Info | Log Inspection Decoder Updated | |
498 | Info | Log Inspection Decoder Exported | |
499 | Info | Log Inspection Decoder Imported | |
505 | Info | Context Created | |
506 | Info | Context Deleted | |
507 | Info | Context Updated | |
508 | Info | Context Exported | |
509 | Info | Context Imported | |
510 | Info | IP List Created | |
511 | Info | IP List Deleted | |
512 | Info | IP List Updated | |
513 | Info | IP List Exported | |
514 | Info | IP List Imported | |
520 | Info | Port List Created | |
521 | Info | Port List Deleted | |
522 | Info | Port List Updated | |
523 | Info | Port List Exported | |
524 | Info | Port List Imported | |
525 | Info | Scan Cache Configuration Created | |
526 | Info | Scan Cache Configuration Exported | |
527 | Info | Scan Cache Configuration Updated | |
530 | Info | MAC List Created | |
531 | Info | MAC List Deleted | |
532 | Info | MAC List Updated | |
533 | Info | MAC List Exported | |
534 | Info | MAC List Imported | |
540 | Info | Proxy Created | |
541 | Info | Proxy Deleted | |
542 | Info | Proxy Updated | |
543 | Info | Proxy Exported | |
544 | Info | Proxy Imported | |
550 | Info | Schedule Created | |
551 | Info | Schedule Deleted | |
552 | Info | Schedule Updated | |
553 | Info | Schedule Exported | |
554 | Info | Schedule Imported | |
560 | Info | Scheduled Task Created | |
561 | Info | Scheduled Task Deleted | |
562 | Info | Scheduled Task Updated | |
563 | Info | Scheduled Task Manually Executed | |
564 | Info | Scheduled Task Started | |
567 | Info | Sending Outstanding Alert Summary | |
568 | Warning | Failed To Send Outstanding Alert Summary | |
569 | Warning | Email Failed | An e-mail notification could not be sent. |
570 | Info | Sending Report | |
571 | Warning | Failed To Send Report | |
572 | Error | Invalid Report Jar | |
573 | Info | Asset Value Created | |
574 | Info | Asset Value Deleted | |
575 | Info | Asset Value Updated | |
576 | Error | Report Uninstall Failed | |
577 | Error | Report Uninstalled | |
578 | Warning | Integrity Monitoring Rules Require Configuration | |
580 | Warning | Application Type Port List Misconfiguration | |
581 | Warning | Application Type Port List Misconfiguration Resolved | |
582 | Warning | Intrusion Prevention Rules Require Configuration | |
583 | Info | Intrusion Prevention Rules Require Configuration Resolved | |
584 | Warning | Application Types Require Configuration | IPS rules require network application definitions, and cannot correctly scan traffic until you define them. |
585 | Info | Integrity Monitoring Rules Require Configuration Resolved | |
586 | Warning | Log Inspection Rules Require Configuration | |
587 | Info | Log Inspection Rules Require Configuration Resolved | |
588 | Warning | Log Inspection Rules Require Log Files | |
589 | Info | Log Inspection Rules Require Log Files Resolved | |
590 | Warning | Scheduled Task Unknown Type | |
591 | Info | Relay Group Created | |
592 | Info | Relay Group Updated | |
593 | Info | Relay Group Deleted | |
594 | Info | Event-Based Task Created | |
595 | Info | Event-Based Task Deleted | |
596 | Info | Event-Based Task Updated | |
597 | Info | Event-Based Task Triggered | |
600 | Info | User Signed In | |
601 | Info | User Signed Out | |
602 | Info | User Timed Out | |
603 | Info | User Locked Out | |
604 | Info | User Unlocked | |
605 | Info | User Session Terminated | |
608 | Error | User Session Validation Failed | Deep Security Manager could not confirm that a session was initiated after successful authentication. The user will be redirected to the login page, and asked to re-authenticate. This could be normal if the authenticated session list was cleared. |
609 | Error | User Made Invalid Request | Deep Security Manager received invalid request to access audit data (events). Access was denied. |
610 | Info | User Session Validated | |
611 | Info | User Viewed Firewall Event | |
613 | Info | User Viewed Intrusion Prevention Event | |
615 | Info | User Viewed System Event | |
616 | Info | User Viewed Integrity Monitoring Event | |
617 | Info | User Viewed Log Inspection Event | |
618 | Info | User Viewed Identified File Detail | |
619 | Info | User Viewed Anti-Malware Event | |
620 | Info | User Viewed Web Reputation Event | |
621 | Info | User Signed In As Tenant | |
622 | Info | Access from Primary Tenant Enabled | |
623 | Info | Access from Primary Tenant Disabled | |
624 | Info | Access from Primary Tenant Allowed | |
625 | Info | Access from Primary Tenant Revoked | |
626 | Info | Access from Primary Tenant Expired | |
630 | Info | Syslog Configuration Created | |
631 | Info | Syslog Configuration Deleted | |
632 | Info | Syslog Configuration Updated | |
633 | Info | Syslog Configuration Exported | |
634 | Info | Syslog Configuration Imported | |
650 | Info | User Created | |
651 | Info | User Deleted | |
652 | Info | User Updated | |
653 | Info | User Password Set | |
656 | Info | API Key Created | |
657 | Info | API Key Deleted | |
658 | Info | API Key Updated | |
660 | Info | Role Created | |
661 | Info | Role Deleted | |
662 | Info | Role Updated | |
670 | Info | Contact Created | |
671 | Info | Contact Deleted | |
672 | Info | Contact Updated | |
673 | Info | API Key Locked Out | |
674 | Info | API Key Unlocked | |
675 | Error | API Key Session Validation Failed | |
678 | Info | API Key Expired | |
680 | Info | Created master encryption key | For details, see the masterkey parameter. |
681 | Info | Exported master encryption key | For details, see the masterkey parameter. |
682 | Info | Imported master encryption key | For details, see the masterkey parameter. |
690 | Info | Microservice API Key Created | |
691 | Info | Microservice API Key Deleted | |
692 | Info | Microservice API Key Updated | |
693 | Info | Microservice API Key Locked Out | |
694 | Info | Microservice API Key Unlocked | |
695 | Error | Microservice API Key Session Validation Failed | |
696 | Info | Microservice API Key Expired | |
701 | Error | Agent Software Installation Failed | |
702 | Info | Credentials Generated | |
703 | Error | Credential Generation Failed | |
704 | Info | Activated | |
705 | Error | Activation Failed | This can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override. |
706 | Info | Software Update: Agent Software Upgraded | |
707 | Warning | Software Update: Agent Software Upgrade Failed | Refer to the event details for more information about why the upgrade was not successful. |
708 | Info | Deactivated | |
709 | Error | Deactivation Failed | |
710 | Info | Events Retrieved | |
711 | Info | Agent Software Deployed | |
712 | Error | Agent Software Deployment Failed | This can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override. |
713 | Info | Agent Software Removed | |
714 | Error | Agent Software Removal Failed |
This can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override. |
715 | Info | Agent/Appliance Version Changed | |
716 | Info | Reactivation Attempted by Unknown Agent | An agent that is currently unknown to the Deep Security Manager has attempted reactivation. This usually happens when a computer was deleted from Deep Security Manager without first removing the agent on the computer. For more information, see the 'Reactivation Attempted by Unknown Agent' section in Agent settings. |
720 | Info | Policy Sent | Agent/Appliance updated. |
721 | Error | Send Policy Failed | |
722 | Warning | Get Interfaces Failed | |
723 | Info | Get Interfaces Failure Resolved | |
724 | Warning | Insufficient Disk Space | An agent detected low disk space. Free space on the computer. See Warning: Insufficient disk space. |
725 | Warning | Events Suppressed | |
726 | Warning | Get Agent/Appliance Events Failed | Manager was unable to retrieve Events from Agent/Appliance. This error does not mean that the data was lost on the Agent/Appliance. This error is normally caused by a network interruption while events are being transferred. Clear the error and run a Check Status to retry the operation. |
727 | Info | Get Agent/Appliance Events Failure Resolved | |
728 | Error | Get Events Failed | Manager was unable to retrieve audit data from Agent/Appliance. This error does not mean that the data was lost on the Agent/Appliance. This error is usually caused by a network interruption while events are being transferred. Clear the error and run Get Events Now to retry the operation. |
729 | Info | Get Events Failure Resolved | |
730 | Error | Offline | Manager cannot communicate with Computer. Usually, however, the offline Agent is still protecting the computer with its last configured settings. See Computer and Agent/Appliance Status and Offline agent. |
731 | Info | Back Online | |
732 | Error | Firewall Engine Offline | The Firewall Engine is offline and traffic is flowing unfiltered. This is normally due to an error during installation or verification of the driver on the computer's OS platform. Check the status of the network driver at the computer to ensure it is properly loaded. |
733 | Info | Firewall Engine Back Online | |
734 | Warning | Computer Clock Change | A clock change has occurred on the Computer which exceeds the maximum allowed specified in Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General > Heartbeat area. Investigate what has caused the clock change on the computer. |
735 | Warning | Misconfiguration Detected | The Agent's configuration does not match the configuration indicated in the Manager's records. This is typically because of a recent backup restoration of the Manager or the Agent. Unanticipated misconfiguration warnings should be investigated. |
736 | Info | Check Status Failure Resolved | |
737 | Error | Check Status Failed | See Error: Check Status Failed. |
738 | Error | Intrusion Prevention Engine Offline | The Intrusion Prevention Engine is offline and traffic is flowing unfiltered. This is normally due to an error during installation or verification of the driver on the computer's OS platform. Check the status of the network driver at the computer to ensure it is properly loaded. |
739 | Info | Intrusion Prevention Engine Back Online | |
740 | Error | Agent/Appliance Error | |
741 | Warning | Abnormal Restart Detected | |
742 | Warning | Communications Problem | The Agent is having problems communicating its status to Manager. It usually indicates network or load congestion in the Agent --> Manager direction. Further investigation is warranted if the situation persists |
743 | Info | Communications Problem Resolved | |
745 | Warning | Events Truncated | |
748 | Error | Log Inspection Engine Offline | |
749 | Info | Log Inspection Engine Back Online | |
755 | Info | Deep Security Manager Version Compatibility Resolved | |
756 | Warning | Deep Security Manager Upgrade Recommended (Incompatible Security Update(s)) |
Each security module rule (such as Firewall, Anti-Malware, and the others) has a specific minimum Deep Security Manager version that's required in order for the rule to run. Your current Deep Security Manager version is less than the rule's minimum supported version. Upgrade your Deep Security Manager to clear the warning and run the rule. |
760 | Info | Agent/Appliance Version Compatibility Resolved | |
761 | Warning | Agent/Appliance Upgrade Recommended | |
762 | Warning | Agent/Appliance Upgrade Required |
Your current Deep Security Agent or Deep Security Virtual Appliance version is less than the Deep Security Manager's minimum supported version. Upgrade your Agent/Appliance. |
763 | Error | Incompatible Agent/Appliance Version |
Your current Deep Security Manager version is less than the Deep Security Agent or Deep Security Virtual Appliance's minimum supported version. Upgrade your manager. |
764 | Warning | Agent/Appliance Upgrade Recommended (Incompatible Security Updates) |
Each security module rule (such as Firewall, Anti-Malware, and others) has a specific minimum Deep Security Agent or Deep Security Virtual Appliance version required for the rule to run. Your current Deep Security Agent or Deep Security Virtual Appliance version is less than the rule's minimum supported version. Upgrade your Deep Security Agent or Deep Security Virtual Appliance to clear the warning and run the rule. |
765 | Error | Computer Reboot Required | |
766 | Warning | Network Engine Mode Configuration Incompatibility | |
767 | Warning | Network Engine Mode Version Incompatibility | |
768 | Warning | Network Engine Mode Incompatibility Resolved | |
770 | Warning | Agent/Appliance Heartbeat Rejected | |
771 | Warning | Contact by Unrecognized Client | See Troubleshoot event ID 771 "Contact by Unrecognized Client". |
780 | Info | Recommendation Scan Failure Resolved | |
781 | Warning | Recommendation Scan Failure | See Troubleshooting: Recommendation Scan Failure. |
782 | Info | Rebuild Baseline Failure Resolved | |
783 | Warning | Rebuild Baseline Failure | |
784 | Info | Security Update: Security Update Check and Download Successful | |
785 | Warning | Security Update: Security Update Check and Download Failed | |
786 | Info | Scan For Change Failure Resolved | |
787 | Warning | Scan For Change Failure | |
790 | Info | Agent-Initiated Activation Requested | |
791 | Warning | Agent-Initiated Activation Failure | |
792 | Info | Manual Malware Scan Failure Resolved | |
793 | Warning | Manual Malware Scan Failure | A Malware Scan has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. See also Anti-Malware scan failures and cancellations. |
794 | Info | Scheduled Malware Scan Failure Resolved | |
795 | Warning | Scheduled Malware Scan Failure | A scheduled Malware Scan has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. See also Anti-Malware scan failures and cancellations. |
796 | Warning | Scheduled Malware Scan Task has been Missed | This occurs when a scheduled Malware Scan is initiated on a computer when a previous scan is still pending. This typically indicates that Malware Scans are being scheduled too frequently. |
797 | Info | Malware Scan Cancellation Failure Resolved | |
798 | Warning | Malware Scan Cancellation Failure | A Malware Scan cancellation has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. |
799 | Warning | Malware Scan Stalled | A Malware Scan has stalled. Use the VMware vCenter console to check the status of the VM on which the scan stalled. |
800 | Info | Alert Dismissed | |
801 | Info | Error Dismissed | |
803 | Warning | Agent Configuration Package too Large | |
804 | Error | Intrusion Prevention Rule Compiler Failed | |
805 | Error | Intrusion Prevention Rules Failed to Compile | |
806 | Error | Intrusion Prevention Rules Failed to Compile | |
850 | Warning | Reconnaissance Detected: Computer OS Fingerprint Probe | See Warning: Reconnaissance Detected |
851 | Warning | Reconnaissance Detected: Network or Port Scan | See Warning: Reconnaissance Detected |
852 | Warning | Reconnaissance Detected: TCP Null Scan | See Warning: Reconnaissance Detected |
853 | Warning | Reconnaissance Detected: TCP SYNFIN Scan | See Warning: Reconnaissance Detected |
854 | Warning | Reconnaissance Detected: TCP Xmas Scan | See Warning: Reconnaissance Detected |
900 | Info | Deep Security Manager Audit Started | |
901 | Info | Deep Security Manager Audit Shutdown | |
902 | Info | Deep Security Manager Installed | |
904 | Info | Diagnostic Logging Enabled | |
905 | Info | Diagnostic Logging Completed | |
906 | Info | Java Flight Recorder Enabled | Java Flight Recorder has been enabled with parameters values specified in the event description. |
907 | Info | Java Flight Recorder Completed | Java Flight Recorder recording session completed. |
910 | Info | Diagnostic Package Generated | |
911 | Info | Diagnostic Package Exported | |
914 | Info | Identified File Deletion Succeeded | |
915 | Info | Identified File Deletion Failed | |
916 | Info | Identified File Download Succeeded | |
917 | Info | Identified File Download Failed | |
918 | Info | Identified File Administration Utility Download Succeeded | |
919 | Info | Identified File Not Found | |
924 | Warning | File cannot be analyzed or quarantined (VM maximum disk space used to store identified files exceeded) | The Anti-Malware module was unable to analyze or quarantine a file because the VM maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab. |
925 | Warning | File cannot be analyzed or quarantined (maximum disk space used to store identified files exceeded) | The Anti-Malware module was unable to analyze or quarantine a file because the maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab. |
926 | Warning | Smart Protection Server Disconnected for Smart Scan | See Troubleshoot "Smart Protection Server disconnected" errors. |
927 | Info | Smart Protection Server Connected for Smart Scan | |
928 | Info | Identified File Restoration Succeeded | |
929 | Warning | Identified File Restoration Failed | |
930 | Info | Certificate Accepted | |
931 | Info | Certificate Deleted | |
932 | Warning | Smart Protection Server Disconnected for Web Reputation | See Troubleshoot "Smart Protection Server disconnected" errors. |
933 | Info | Smart Protection Server Connected for Web Reputation | |
934 | Info | Software Update: Anti-Malware Windows Platform Update Successful | |
935 | Error | Software Update: Anti-Malware Windows Platform Update Failed | See Anti-Malware Windows platform update failed |
936 | Info | Submission of identified file to Deep Discovery Analyzer succeeded | |
937 | Info | Submission of identified file to Deep Discovery Analyzer failed | |
938 | Info | Identified File Submission Queued | |
940 | Info | Auto-Tag Rule Created | |
941 | Info | Auto-Tag Rule Deleted | |
942 | Info | Auto-Tag Rule Updated | |
943 | Info | Tag Deleted | |
944 | Info | Tag Created | |
945 | Warning | Census, Good File Reputation, and Predictive Machine Learning Service Disconnected | |
946 | Info | Census, Good File Reputation, and Predictive Machine Learning Service Connected | |
947 | Info | FIPS Mode Enabled | |
948 | Info | FIPS Mode Disabled | |
949 | Warning | Computer reboot is required to complete the Deep Security Agent installation with Windows installer | A computer reboot is required to complete the Deep Security Agent installation with Windows installer. |
950 | Warning | A computer reboot is required to enable Deep Security Agent protection | A computer reboot is required to disable Windows Defender and enable Deep Security Agent protection. |
970 | Info | Command Line Utility Started | |
978 | Info | Command Line Utility Failed | |
979 | Info | Command Line Utility Shutdown | Deep Security Manager was manually stopped. |
990 | Info | Manager Node Added | |
991 | Info | Manager Node Decommissioned | |
992 | Info | Manager Node Updated | |
995 | Info | Connection to the Certified Safe Software Service has been restored | |
996 | Warning | Unable to connect to the Certified Safe Software Service | |
997 | Error | Tagging Error | |
998 | Error | System Event Notification Error | |
999 | Error | Internal Software Error | |
1101 | Error | Plug-in Installation Failed | |
1102 | Info | Plug-in Installed | |
1103 | Error | Plug-in Upgrade Failed | |
1104 | Info | Plug-in Upgraded | |
1105 | Error | Plug-in Start Failed | |
1106 | Error | Plug-in Uninstall Failed | |
1107 | Info | Plug-in Uninstalled | |
1108 | Info | Plug-in Started | |
1109 | Info | Plug-in Stopped | |
1110 | Error | Software Package Not Found | Agent software package was not found or a newer package is required. |
1111 | Info | Software Package Found | |
1112 | Error | Kernel Unsupported | The Linux driver cannot be installed because your computer may have been upgraded to an unsupported kernel. For more information, see Linux kernel compatibility. |
1204 | Info | Identified file download requested | The download request has been sent. Please check for event ID 1209 for the latest update. Files that are "Ready for download" will be available for 24 hours. |
1205 | Info | Identified file download request failed | The download request could not be sent successfully. |
1208 | Info | Identified file download request timeout | The download request has timeout due to reaching the 2-day limit. |
1209 | Info | Identified file is ready for download | Identified file is ready for download. Please download the file within 24 hours. |
1500 | Info | Malware Scan Configuration Created | |
1501 | Info | Malware Scan Configuration Deleted | |
1502 | Info | Malware Scan Configuration Updated | |
1503 | Info | Malware Scan Configuration Exported | |
1504 | Info | Malware Scan Configuration Imported | |
1505 | Info | Directory List Created | |
1506 | Info | Directory List Deleted | |
1507 | Info | Directory List Updated | |
1508 | Info | Directory List Exported | |
1509 | Info | Directory List Imported | |
1510 | Info | File Extension List Created | |
1511 | Info | File Extension List Deleted | |
1512 | Info | File Extension List Updated | |
1513 | Info | File Extension List Exported | |
1514 | Info | File Extension List Imported | |
1515 | Info | File List Created | |
1516 | Info | File List Deleted | |
1517 | Info | File List Updated | |
1518 | Info | File List Exported | |
1519 | Info | File List Imported | |
1520 | Info | Manual Malware Scan Pending | |
1521 | Info | Manual Malware Scan Started | |
1522 | Info | Manual Malware Scan Completed | |
1523 | Info | Scheduled Malware Scan Started | |
1524 | Info | Scheduled Malware Scan Completed | |
1525 | Info | Manual Malware Scan Cancellation In Progress | |
1526 | Info | Manual Malware Scan Cancellation | This event can have several causes. See Anti-Malware scan failures and cancellations. |
1527 | Info | Scheduled Malware Scan Cancellation In Progress | |
1528 | Info | Scheduled Malware Scan Cancellation | This event can have several causes. See Anti-Malware scan failures and cancellations. |
1529 | Info | Manual Malware Scan Paused | |
1530 | Info | Manual Malware Scan Resumed | |
1531 | Info | Scheduled Malware Scan Paused | |
1532 | Info | Scheduled Malware Scan Resumed | |
1533 | Info | A computer reboot is required to complete an Anti-Malware cleanup or restoration task | A computer reboot is required to complete an Anti-Malware cleanup or restoration task. |
1534 | Error | Computer reboot required for Anti-Malware protection | |
1535 | Info | Anti-Malware cleanup task must be performed manually | |
1536 | Info | Quick Malware Scan Pending | |
1537 | Info | Quick Malware Scan Started | |
1538 | Info | Quick Malware Scan Completed | |
1539 | Info | Quick Malware Scan Cancellation In Progress | |
1540 | Info | Quick Malware Scan Cancellation |
This event can have several causes. See Anti-Malware scan failures and cancellations. |
1541 | Info | Quick Malware Scan Paused | |
1542 | Info | Quick Malware Scan Failure Resolved | |
1543 | Warning | Quick Malware Scan Failure | |
1544 | Info | Quick Malware Scan Resumed | |
1545 | Info | Files could not be scanned for malware | Anti-malware could not scan a file because its file path exceeded the maximum number of characters. Maximum file path length varies by OS and file system. To prevent this problem, try moving the file to a directory path and file name with fewer characters. |
1546 | Info | Files could not be scanned for malware | Anti-malware could not scan a file because its location exceeded the maximum directory depth. To prevent this problem, try reducing the number of layers of nested directories. |
1547 | Info | Scheduled Malware Scan Task has been cancelled | |
1550 | Info | Web Reputation Settings Updated | |
1551 | Info | Malware Scan Configuration Updated | |
1552 | Info | Integrity Configuration Updated | |
1553 | Info | Log Inspection Configuration Updated | |
1554 | Info | Firewall Stateful Configuration Updated | |
1555 | Info | Intrusion Prevention Configuration Updated | |
1556 | Info | Anti-Malware scan exclusion setting update | |
1600 | Info | Relay Group Update Requested | |
1601 | Info | Relay Group Update Success | |
1602 | Error | Relay Group Update Failed | |
1603 | Info | Security Update: Security Update Rollback Success | |
1604 | Warning | Security Update: Security Update Rollback Failure | |
1605 | Info | Successfully send file back up command to host | |
1606 | Warning | Failed to send file back up command to host | |
1607 | Info | Successfully back up file | |
1608 | Error | Failed to back up file | |
1650 | Warning | Anti-Malware protection is not enabled or is out of date | |
1651 | Info | Anti-Malware module is ready | |
1660 | Info | Rebuild Baseline Started | |
1661 | Info | Rebuild Baseline Paused | |
1662 | Info | Rebuild Baseline Resumed | |
1663 | Warning | Rebuild Baseline Failure | |
1664 | Warning | Rebuild Baseline Stalled | |
1665 | Info | Rebuild Baseline Completed | |
1666 | Info | Scan for Integrity Started | |
1667 | Info | Scan for Integrity Paused | |
1668 | Info | Scan for Integrity Resumed | |
1669 | Warning | Scan for Integrity Failure | |
1670 | Warning | Scan for Integrity Stalled | |
1671 | Info | Scan for Integrity Completed | |
1675 | Error | Integrity Monitoring Engine Offline | |
1676 | Info | Integrity Monitoring Engine Back Online | |
1677 | Error | Trusted Platform Module Error | |
1678 | Info | Trusted Platform Module Register Values Loaded | |
1679 | Warning | Trusted Platform Module Register Values Changed | |
1680 | Info | Trusted Platform Module Checking Disabled | |
1681 | Info | Trusted Platform Module Information Unreliable | |
1700 | Info | No Agent Detected | |
1800 | Error | Deep Security Protection Module Failure | |
1801 | Info | Deep Security Protection Module Back to Normal | |
1900 | Info | Cloud Account Added | |
1901 | Info | Cloud Account Removed | |
1902 | Info | Cloud Account Updated | |
1904 | Info | Cloud Account Synchronization Finished | |
1905 | Error | Cloud Account Synchronization Failed | |
1906 | Info | Cloud Account Synchronization Requested | |
1907 | Info | Cloud account Synchronization Cancelled | |
1908 | Info | AWS Account Synchronization Requested | |
1909 | Info | AWS Account Synchronization Finished | |
1910 | Error | AWS Account Synchronization Failed | |
1911 | Info | AWS Account Added | |
1912 | Info | AWS Account Removed | |
1913 | Info | AWS Account Updated | |
1914 | Info | Azure Account Added | |
1915 | Info | Azure Account Removed | |
1916 | Info | Azure Account Updated | |
1917 | Info | Azure Account Synchronization Finished | |
1918 | Error | Azure Account Synchronization Failed | |
1919 | Info | Azure Account Synchronization Requested | |
1920 | Warning | Azure Account Synchronization Completed but with Errors | |
1921 | Info | vCloud Account Added | |
1922 | Info | vCloud Account Removed | |
1923 | Info | vCloud Account Updated | |
1924 | Info | vCloud Account Synchronization Finished | |
1925 | Error | vCloud Account Synchronization Failed | |
1926 | Info | vCloud Account Synchronization Requested | |
1927 | Info | Upgrade Connector to AWS Account Requested | |
1928 | Warning | AWS Account Update Failed | |
1929 | Info | Upgrade Connector to AWS Account Finished | |
1930 | Info | AWS Account Migration Requested | |
1931 | Info | AWS Account Migration In Progress | |
1932 | Info | AWS Account Migration Complete | |
1933 | Warning | AWS Account Migration Failed | |
1934 | Info | GCP Account Migration Requested | |
1935 | Info | GCP Account Migration In Progress | |
1936 | Info | GCP Account Migration Complete | |
1937 | Warning | GCP Account Migration Failed | |
1938 | Info | Azure Account Migration Requested | |
1939 | Info | Azure Account Migration In Progress | |
1940 | Info | Azure Account Migration Complete | |
1941 | Warning | Azure Account Migration Failed | |
1950 | Info | Tenant Created | |
1951 | Info | Tenant Deleted | |
1952 | Info | Tenant Updated | |
1953 | Info | Tenant Database Server Created | |
1954 | Info | Tenant Database Server Deleted | |
1955 | Info | Tenant Database Server Updated | |
1956 | Info | Tenant Exported | |
1957 | Error | Tenant Initialization Failure | |
1958 | Info | Tenant Features Updated | |
2000 | Info | Scan Cache Configuration Object Added | |
2001 | Info | Scan Cache Configuration Object Removed | |
2002 | Info | Scan Cache Configuration Object Updated | |
2100 | Info | Deep Security as a Service Subscription Started | |
2101 | Info | Deep Security as a Service Subscription Canceled | |
2102 | Info | Cleverbridge Quantity Updated | |
2103 | Warning | Cleverbridge Quantity Not Updated | |
2104 | Info | Cleverbridge Quantity Reset | |
2105 | Warning | Cleverbridge Quantity Not Reset | |
2106 | Info | Cleverbridge Billing Date Set | |
2107 | Warning | Cleverbridge Billing Date Not Set | |
2108 | Info | Deep Security as a Service Subscription Payment Received | |
2109 | Warning | Deep Security as a Service Subscription Payment Not Received | |
2110 | Info | Cleverbridge Notification Received | |
2111 | Info | Deep Security as a Service Subscription Deactivated | |
2112 | Info | Account Balance Reset | |
2113 | Info | Agent Installation Requested | |
2114 | Info | AWS Billing Job Started | |
2115 | Info | AWS Billing Job Completed | |
2116 | Error | AWS Billing failure | Deep Security Manager sent a billing usage record to AWS using the AWS SDK, which the SDK returned with an exception. If the problem persists, contact your support provider. |
2117 | Info | Entitlement Created | |
2118 | Info | Entitlement Updated | |
2119 | Error | Agent Activation Prevented Due to AWS Metering Billing Usage Data Submission Failure | |
2120 | Error | AWS Billing failure | Deep Security Manager encountered an error while executing an AWS billing job. If the problem persists, contact your support provider. |
2123 | Error | Azure Marketplace Billing Job Failed | The job used to send host usage statistics to Azure Marketplace for consumption-based billing failed. See the description in the event for details about the error that caused this event. |
2126 | Error | Event Storage Settings Publish Job Failed | |
2200 | Info | Software Update: Anti-Malware Module Installation Started | |
2201 | Info | Software Update: Anti-Malware Module Installation Successful | This event is also triggered by installing Application Control or Integrity Monitoring because they share the same framework as Anti-Malware. |
2202 | Warning | Software Update: Anti-Malware Module Installation Failed | |
2203 | Info | Software Update: Anti-Malware Module Download Successful | |
2204 | Info | Security Update: Pattern Update on Agents/Appliances Successful | |
2205 | Warning | Security Update: Pattern Update on Agents/Appliances Failed | |
2206 | Info | Security Update: Pattern Update on Agents/Appliances Skipped | |
2207 | Warning | Submission to Sandbox Analysis daily quota reached | |
2209 | Warning | Anti-Malware Engine with Basic Functions | Anti-Malware engine has only basic functions available. See Anti-Malware Engine has only Basic Functions for details. |
2210 | Info | Required Host Permission Is Allowed: Anti-Malware | |
2211 | Error | Host Permission Required: Anti-Malware | |
2300 | Info | Software Update: Web Reputation Module Installation Started | |
2301 | Info | Software Update: Web Reputation Module Installation Successful | |
2302 | Warning | Software Update: Web Reputation Module Installation Failed | |
2303 | Info | Software Update: Web Reputation Download Successful | |
2304 | Error | Web Reputation Engine Offline | |
2305 | Info | Web Reputation Engine Back Online | |
2306 | Warning | Web Reputation Engine Working With Limited Functionality | |
2307 | Info | Web Reputation Engine Back Online on all Interfaces | |
2308 | Warning | Web Reputation Engine Disabled | |
2309 | Info | Web Reputation Engine Enabled | |
2400 | Info | Software Update: Firewall Module Installation Started | |
2401 | Info | Software Update: Firewall Module Installation Successful | |
2402 | Warning | Software Update: Firewall Module Installation Failed | |
2403 | Info | Software Update: Firewall Module Download Successful | |
2404 | Warning | Firewall Engine Working With Limited Functionality | |
2405 | Info | Firewall Engine Back Online on all Interfaces | |
2406 | Warning | Firewall Engine Disabled | |
2407 | Info | Firewall Engine Enabled | |
2500 | Info | Software Update: Intrusion Prevention Module Installation Started | |
2501 | Info | Software Update: Intrusion Prevention Module Installation Successful | |
2502 | Warning | Software Update: Intrusion Prevention Module Installation Failed | |
2503 | Info | Software Update: Intrusion Prevention Module Download Successful | |
2504 | Warning | Intrusion Prevention Engine Working With Limited Functionality | |
2505 | Info | Intrusion Prevention Engine Back Online on all Interfaces | |
2506 | Warning | Intrusion Prevention Engine Disabled | |
2507 | Info | Intrusion Prevention Engine Enabled | |
2600 | Info | Software Update: Integrity Monitoring Module Installation Started | |
2601 | Info | Software Update: Integrity Monitoring Module Installation Successful | |
2602 | Warning | Software Update: Integrity Monitoring Module Installation Failed | |
2603 | Info | Software Update: Integrity Monitoring Module Download Successful | |
2604 | Info | A computer reboot is required to complete Integrity Monitoring protection | |
2605 | Info | Manager has requested that agent sends Integrity Monitoring baseline in events | |
2606 | Info | Agent will send Integrity Monitoring baseline in events | |
2700 | Info | Software Update: Log Inspection Module Installation Started | |
2701 | Info | Software Update: Log Inspection Module Installation Successful | |
2702 | Warning | Software Update: Log Inspection Module Installation Failed | |
2703 | Info | Software Update: Log Inspection Module Download Successful | |
2800 | Info | Software Update: Software Automatically Downloaded | |
2801 | Error | Software Update: Unable to retrieve Download Center inventory | |
2802 | Error | Software Update: Unable to download software from Download Center | |
2803 | Info | Online Help Update Started | |
2804 | Info | Online Help Update Ended | |
2805 | Info | Online Help Update Success | |
2806 | Warning | Online Help Update Failed | |
2900 | Info | Software Update: Relay Module Installation Started | |
2901 | Info | Software Update: Relay Module Installation Successful | |
2902 | Warning | Software Update: Relay Module Installation Failed | |
2903 | Info | Software Update: Relay Module Download Successful | |
2904 | Info | VMware NSX Synchronization Finished | |
2905 | Error | VMware NSX Synchronization Failed | |
2906 | Info | Agent Self-Protection enabled | Agent self-protection was enabled via the Deep Security Manager. |
2907 | Info | Agent Self-Protection disabled | |
2908 | Info | Agent Self-Protection enabled | Agent self-protection was enabled via the command line on the Deep Security Agent. |
2909 | Info | Agent Self-Protection disabled | |
2915 | Info | Data migration complete | |
2916 | Warning | Data migration finished with error | |
2920 | Info | Querying report from DDAn Finished | |
2921 | Error | Querying report from DDAn Failed | |
2922 | Info | Submission to Deep Discovery Analyzer processed | |
2923 | Error | File submission to Deep Discovery Analyzer Failed | |
2924 | Info | Security Update: Suspicious Object Check and Update Successful | |
2925 | Error | Security Update: Suspicious Object Check and Update Failed | |
2926 | Warning | Submission to Deep Discovery Analyzer queued | |
2930 | Info | File back up pending | |
2931 | Info | Smart Folder Added | |
2932 | Info | Smart Folder Removed | |
2933 | Info | Smart Folder Updated | |
2934 | Error | Failed to send Amazon SNS message | |
2935 | Info | System resumed sending SNS messages | |
2937 | Info | SAML Identity Provider Created | |
2938 | Info | SAML Identity Provider Updated | |
2939 | Info | SAML Identity Provider Deleted | |
2940 | Info | SAML Service Provider Updated | |
2941 | Error | Failed to Update News | The event is not available in Deep Security Manager version 20.0.313 (20 LTS Update 2021-01-18) and later |
2942 | Info | Performance Profile Created | |
2943 | Info | Performance Profile Updated | |
2944 | Info | Performance Profile Deleted | |
2945 | Info | System Upgrade Started | |
2946 | Info | System Update Succeeded | |
2947 | Error | System Upgrade Failed | |
2948 | Info | Manager Node Upgrade Started | |
2949 | Info | Manager Node Update Succeeded | |
2950 | Error | Manager Node Upgrade Failed | A node in a multi-node environment failed to upgrade. |
2951 | Error | Failed to send TIC message |
Managed Detection and Response events failed to send. |
2952 | Info | System resumed sending TIC messages | |
2953 | Info | Inactive Agent Cleanup Completed Successfully | Inactive agent cleanup removed computers that have been offline and inactive for a specified period of time. For more information on inactive agent cleanup, see Automate offline computer removal with inactive agent cleanup. |
2954 | Warning | Dropped events recorded in the future | |
2955 | Info | The public CA chain was imported (via the dsm_c command) | |
2656 | Info | The public CA chain was deleted (via the dsm_c command) | |
2957 | Info | The manager's certificate authority cert was renewed (happens automatically, by default every 10 yrs) | |
2958 | Info | The default TLS certificate was renewed (happens automatically, by default every 2 yrs) | |
2960 | Info | Appliance (SVM) Upgrade Requested | Deep Security Manager has received the upgrade request. |
2961 | Info | Appliance (SVM) Upgrade Started | Deep Security Manager is processing the upgrade. |
2962 | Info | Appliance (SVM) Upgrade Canceled | The appliance SVM is not available so the upgrade cannot be done. See the description of the system event for the reason. |
2963 | Info | Appliance (SVM) Upgraded | The appliance SVM is upgraded to the new version and is activated successfully. All guest VMs are auto-activated three minutes after the appliance activation. |
2964 | Warning | Appliance (SVM) Upgrade Failed | Deep Security Manager encountered one or more errors and failed the upgrade process. For details, see Troubleshooting the 'Appliance (SVM) Upgrade Failed' system event. |
2965 | Error | Appliance (SVM) Upgraded but Not Ready |
The appliance SVM was upgraded to the newer version but has not yet been activated, or the appliance SVM was activated but your guest VMs have not yet been auto-activated. See the description of the system event for details. You may need to confirm the appliance deployment and manually trigger activation of the appliance or guest VMs. |
2969 | Info | Scheduled Task Skipped | |
2970 | Info | GCP Account Added |
GCP Account: <GCPaccountname> successfully added. For details, see Add a Google Cloud Platform account. |
2971 | Info | GCP Account Removed |
GCP Account: <GCPaccountname> successfully removed. For details, see Remove a GCP account. |
2972 | Info | GCP Account Updated |
GCP Account: <GCPaccountname> successfully updated. For details, see Add a Google Cloud Platform account. |
2973 | Info | GCP Account Synchronization Finished |
Synchronize computers completed for GCP Account: <GCPaccountname> For details, see Synchronize a GCP account. |
2974 | Error | GCP Account Synchronization Failed |
Deep Security Manager was unable to synchronize computers with GCP Account: <GCPaccountname> <detailed_message> For example: Root URL is not valid For details, see Synchronize a GCP account. |
2975 | Info | GCP Account Synchronization Requested |
A request has been made to synchronize computers with GCP Account: <GCPaccountname> For details, see Synchronize a GCP account. |
2976 | Warning | GCP Account Synchronization Completed but with Errors |
The GCP Account <GCPaccountname> synchronization operation completed, but information for the following hosts or groups could not be updated with following message: <detailed_message> For example: Project <GCPprojectname>: 403 Required 'compute.machineTypes.list' permission for 'projects/<GCPprojectname>' For details, see Synchronize a GCP account. |
2990 | Info | XDR Service Registered | |
2991 | Info | XDR Service Deleted | |
2992 | Warning | VMware NSX Policy Configuration Conflict |
Deep Security Manager has detected that the following NSX-T groups are using different security policies for Endpoint Protection and Network Introspection (E-W): Go to NSX-T and reconfigure the group to use the same security policy. For details, see Method 3: Synchronize your Deep Security policies to NSX-T 3.x. |
2993 | Warning | XDR Certificate Expired | |
2994 | Warning | XDR Product Connector Missing | |
2995 | Info | XDR Certificate Updated | |
2996 | Warning | XDR Certificate Update Failed | |
2997 | Warning | Get Host GUID Failed | |
2998 | Warning | Invalid Host GUID | |
3000 | Info | Software Update: SAP Module Installation Started | |
3001 | Info | Software Update: SAP Module Installation Successful | |
3002 | Error | Software Update: SAP Module Installation Failed | |
3003 | Info | Software Update: SAP Module Download Successful | |
3004 | Info | SAP VSA is installed | |
3005 | Error | SAP VSA is not installed | |
3006 | Info | SAP VSA is up-to-date | |
3007 | Info | SAP VSA is not up-to-date | |
3008 | Info | SAP: Anti-Malware module is ready | |
3009 | Error | SAP: Anti-Malware module is not ready | |
3050 | Info | Software Update: ICAP Scanner Installation Started | |
3051 | Info | Software Update: ICAP Scanner Installation Successful | |
3052 | Warning | Software Update: ICAP Scanner Installation Failed | |
3053 | Info | Software Update: ICAP Scanner Download Successful | |
3100 | Info | Software Update: Container Control Module Installation Started | |
3101 | Info | Software Update: Container Control Module Installation Successful | |
3102 | Warning | Software Update: Container Control Module Installation Failed | |
3103 | Info | Software Update: Container Control Module Download Successful | |
3104 | Info | Container Control: Authorization Plugin Installation Successful | |
3105 | Error | Container Control: Authorization Plugin Installation Failed | |
3106 | Info | Container Control: Authorization Plugin Connected to Docker | |
3107 | Error | Container Control: Authorization Plugin Connection to Docker Failed | |
3108 | Info | Container Control: Authorization Plugin Configuration Sent Successfully | |
3109 | Error | Container Control: Authorization Plugin Failed to Send Configuration | |
3110 | Error | Container Control: Authorization Plugin Parse Request Failed | |
3111 | Info | User Viewed Container Control Event | |
3112 | Info | Container Control Security Events Exported | |
3113 | Info | Registry Scanner Created | |
3114 | Info | Registry Scanner Deleted | |
3115 | Info | Registry Scanner Updated | |
3116 | Error | Registry Scanner Disconnected | |
3200 | Info | A computer reboot is required to complete the installation of Activity Monitoring | |
3201 | Error | Activity Monitoring Engine Offline | The Activity Monitoring engine is offline. See Activity Monitoring Engine offline for details. |
3202 | Info | Activity Monitoring Engine Back Online | |
3203 | Warning | Activity Monitoring Engine with Basic Functions | Activity Monitoring engine has only basic functions available. See Activity Monitoring Engine has only basic functions for details. |
3300 | Info | Computer Added to vCenter Account | |
3301 | Warning | Duplicate Hosts with Same Virtual UUID Found | Cannot move the standalone host to vCenter (<vCenter's name>). Deep Security found the following hosts with same virtual UUID (<The UUID>): <Hosts> |
3400 | Info | Device Control USB device created. | |
3401 | Info | Device Control USB device updated. | |
3402 | Info | Device Control USB device deleted. | |
3403 | Error | Device Control engine offline | The Device Control Engine is offline, so device policies may not be working and may not being applied. This is normally due to an error during engine initializing or the platform being offline (the platform is sometimes called the Anti-Malware Solution Platform, or AMSP, and sometimes called the Trend Micro Solution Platform). Check the status of the platform at the computer. |
3404 | Info | Device Control engine back online. | |
3405 | Info | Device Control event exported. | |
3406 | Info | User viewed Device Control event. | |
3500 | Info | Service Gateway Added | |
3501 | Info | Service Gateway Removed | |
3502 | Info | Service Gateway Updated | |
3600 | Info | Threat Intelligence Status Publish Job Started | |
3601 | Info | Threat Intelligence Status Publish Job Completed | |
3602 | Error | Threat Intelligence Status Publish Job Failed | |
7000 | Info | Application Control Security Events Exported | An administrator downloaded application control event logs in CSV format. |
7007 | Info | User Viewed Application Control Event | An administrator dismissed an application control alert. This is normal unless your system has been compromised by an intruder that has gained an administrator login. |
7008 | Error | Application Control Engine Offline | An agent's application control engine failed to come online. This could happen if you have enabled application control on a computer whose kernel is not supported. |
7009 | Info | Application Control Engine Online Again | An agent's application control engine restarted. |
7010 | Info | Application Control Configuration Updated | Deep Security Manager updated the application control settings on an agent. |
7011 | Info | Software Update: Application Control Module Installation Started | The agent received a policy from Deep Security Manager where application control was selected, but detected that it did not have the application control engine installed or needed to update it, so it began to download it. This is normal when you enable application control on a computer for the first time, or when it has been disabled while application control engine updates were released. |
7012 | Info | Software Update: Application Control Module Installation Successful | The agent installed the application control engine. The application control engine is also used by the integrity monitoring feature. |
7013 | Error | Software Update: Application Control Module Installation Failed | The agent could not install the application control engine. This is not normal. |
7014 | Info | Software Update: Application Control Module Download Successful | The agent finished downloading the application control engine. |
7015 | Info | Application Control Ruleset Rules Updated | The legacy REST API was used to allow or block software. This message does not occur when administrators perform the same action in the GUI. |
7020 | Info | Application Control Inventory Retrieved | The legacy REST API uploaded a computer's initial allow rules to Deep Security Manager. |
7021 | Info | Application Control Inventory Scan Started | The application control engine was enabled, and the agent detected that it did not have any allow rules for that computer, so it began to build initial rules based on the currently installed software. This is normal when you enable application control for the first time. This message does not occur when you use the legacy REST API to replace the allow rules. |
7022 | Info | Application Control Inventory Scan Completed | The agent finished building the initial allow rules for that computer. After this, any new software that is detected which is not in the allow or block rules will, if configured, cause and alert. |
7023 | Error | Application Control Inventory Scan Failed | The agent could not build the initial allow rules for that computer. This is not normal. |
7024 | Info | Application Control Software Changes Detected | An administrator allowed or blocked software in the Actions tab, or changed a rule by clicking Change rule in an application control log message. This message does not occur when you use the legacy REST API to replace the allow rules. |
7025 | Info | Application Control Inventory Scan Requested | You manually forced application control to delete the current rules and rebuild them based on the currently installed software. This could be normal if you needed to change many rules at the same time. |
7026 | Info | Application Control Maintenance Mode Start Requested | Either an administrator sent or the legacy REST API received the command to enable maintenance mode. |
7027 | Info | Application Control Maintenance Mode Stop Requested | Either an administrator sent or the legacy REST API received the command to disable maintenance mode. |
7028 | Info | Application Control Maintenance Mode Started | Maintenance mode was enabled. While enabled, the agent automatically adds updated or newly installed software to its allow rules, indicating that you know and want to allow the software update. The agent continues to apply block rules during this time. |
7029 | Info | Application Control Maintenance Mode Stopped | Maintenance mode was disabled. Once maintenance mode is stopped, all new or changed software will be considered "unrecognized" until you specifically allow or block it. |
7030 | Info | Application Control Inventory Scan Cancelled | The agent began to build the initial allow rules, but an administrator canceled the process. |
7031 | Error | Sending Application Control Ruleset Failed | An agent could not download a shared ruleset for application control. This can occur if network connectivity is interrupted (such as a firewall or proxy between the agent and relay), or if there isn't enough free disk space on the agent. |
7032 | Info | Sending Application Control Ruleset Succeeded | An agent downloaded a shared ruleset for application control. This normally occurs whenever an administrator or the legacy REST API allows or blocks software, or when a different shared ruleset is applied. |
7033 | Info | Application Control Ruleset Created | The legacy REST API was used to create an application control ruleset. This message does not occur when administrators perform the same action in the GUI. |
7034 | Info | Application Control Ruleset Updated | The legacy REST API was used to allow or block software via an application control ruleset. This message does not occur when administrators perform the same action in the GUI. |
7035 | Info | Application Control Ruleset Deleted | The legacy REST API was used to delete an application control ruleset. This message does not occur when administrators perform the same action in the GUI. |
7036 | Info | Application Control Maintenance Mode Reset Duration Requested | An administrator changed the time period for when maintenance mode is active. |
7037 | Error | Newly applied ruleset will block some running processes on restart | An administrator applied a new ruleset, but some of the currently running processes exist in block rules. Application control will not terminate the processes, but the next time you reboot or restart those services, depending on your configuration, it will either alert you or block them. If the processes are not authorized, you should terminate them manually. If they are authorized, but are missing from the ruleset, you should add them to the ruleset. |
7038 | Error | Unresolved software change limit reached | Software changes detected on the file system exceeded the maximum amount. Application control will continue to enforce existing rules, but will not record any more changes, and it will stop displaying any of that computer's software changes. You must resolve and prevent excessive software change. |
7040 | Error | Incompatible Application Control Ruleset | An application control ruleset could not be assigned to one or more computers because the ruleset is not supported by the installed version of the agent. Typically, the problem is that a hash-based ruleset (which is compatible only with Deep Security Agent 11.0 or newer) has been assigned to an older Deep Security Agent. Deep Security Agent 10.x supports only file-based rulesets. (For details, see Differences in how Deep Security Agent 10 and 11 compare files.) To fix this issue, upgrade the Deep Security Agent to version 11.0 or newer. Alternatively, if you are using local rulesets, reset application control for the agent. Or if you are using a shared ruleset, use a shared ruleset that was created with Deep Security 10.x until all agents using the shared ruleset are upgraded to Deep Security Agent 11.0 or newer. |
7041 | Info | Application Control Ruleset Upgraded | An application control ruleset was upgraded from a file-based ruleset to a hash-based ruleset. For details, see Differences in how Deep Security Agent 10 and 11 compare files. |
7042 | Info | Application Control Software Inventory Deleted | |
7043 | Info | A computer reboot is required to complete Application Control protection | |
7044 | Info | Sending Application Control Ruleset | The Manager is sending Application Control rulesets to the remote agent. |
7045 | Error | Failed to send Application Control Ruleset | The Manager failed to send the Application Control rulesets to the remote agent. |
7046 | Info | Application Control Trust Rule Created | |
7047 | Info | Application Control Trust Rule Updated | |
7048 | Info | Application Control Trust Rule Deleted | |
7049 | Info | Application Control Trust Ruleset Created | |
7050 | Info | Application Control Trust Ruleset Updated | |
7051 | Info | Application Control Trust Ruleset Deleted | |
9100 | Info | Move Requested | |
9101 | Info | Moving | |
9102 | Warning | Move Failed | See Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection. |
9103 | Warning | Move Failed (No Response) | See Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection. |
9104 | Warning | Move Failed (Failed to activate) | See Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection. |
9105 | Info | Move Complete | |
9106 | Error | Move Failed (Unmanaged) | See Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection. |
9107 | Info | Workload Security Link Created | |
9108 | Info | Workload Security Link Updated | |
9109 | Info | Workload Security Link Deleted | |
9200 | Warning | Submission to Sandbox Analysis daily quota reached | |
9201 | Info | Sandbox as a Service Registered | |
9202 | Info | Sandbox as a Service Registration Updated | |
9203 | Warning | Sandbox as a Service Registration Update Failed | |
9204 | Info | Sandbox as a Service Deleted | |
9300 | Warning | Trend Micro LightWeight Filter Driver has been disabled | |
9301 | Info | Trend Micro LightWeight Filter Driver has been restarted | |
9302 | Info | All Trend Micro LightWeight Filter Drivers have been restarted successfully | |
9303 | Warning | Trend Micro LightWeight Filter Driver failed to bind on all network interfaces | |
10001 | Info | AWS Billing Usage Data Submission Success | |
10002 | Error | AWS Billing Usage Data Submission Failure | |
10003 | Info | AWS Marketplace Billing Usage Data CSV Exported | |
10004 | Error | Agent Activation Prevented Due to AWS Marketplace Billing Usage Data Submission Failure | |
11000 | Error | Failed to send data to Vision One Big Table | |
11001 | Info | Resumption of sending data to Vision One Big Table |