Agent settings

Agent settings are located on Administration > System Settings > Agents.

You can automate Agent-related system setting changes using the Deep Security API. For examples, see the Configure Policy, Computer, and System Settings guide in the Deep Security Automation Center.

Agent-initiated activation

For more information on configuring agent-initiated activation, see Activate and protect agents using agent-initiated activation and communication.

Allow Agent-Initiated Activation

  • For Any Computers: Any computers, whether they are already listed on the Deep Security Manager's Computers page or not.
  • For Existing Computers: Only computers already listed on the Computers page.
  • For Computers on the following IP List: Only computers whose IP address has a match on the specified IP List.

Policy to assign (if Policy not assigned by activation script): The security policy to assign to the computer if no policy has been specified in the activation script.

If an event-based task exists which assigns policies to computers where activation is agent-initiated, the policy specified in the event-based task will override the policy assigned here or in the activation script.

Allow Agent to specify hostname: Select this option to allow the agent to specify the hostname by providing it to the Deep Security Manager during the agent activation process.

If a computer with the same name already exists: If a computer, VMware virtual machine, AWS instance, or Azure VM with the same Agent GUID or certificate is already listed on the Computers page, you can configure the Deep Security Manager to take the following actions:

  • Do not allow activation: The computer object will not be activated.
  • Activate a new Computer with the same name: The Deep Security Manager will create a new computer object with a new name.
  • Re-activate the existing Computer: The existing computer object will be re-activated.

Reactivate cloned Agents: When a new computer (computer, VMware virtual machine, AWS instance, or Azure VM) that is running an already activated Deep Security Agent sends a heartbeat to the Deep Security Manager, the Deep Security Manager will recognize it as a clone. It will be reactivated as a new computer without the policies or rules of the original computer .

Reactivate unknown Agents: Select this setting to allow activated computers that were deleted from Deep Security Manager to reactivate if they reconnect.

This setting is often enabled together with Inactive Agent Cleanup to ensure that certain computers can still reconnect if they are deleted. To learn more, see Automate offline computer removal with inactive agent cleanup.

When a removed computer reconnects, it will not have a policy, and will be added as a new computer. Any direct links to the computer will be removed from the Deep Security Manager event data.

Agent Upgrade

If your environment includes Deep Security Agent installed on Linux computers, you can select Automatically upgrade agents on activation. When this option is selected and the agent is activated (or reactivated) on a Linux computer, the agent will be upgraded to the latest software version that's compatible with Deep Security as a Service.

For more information, see Automatically upgrade agents on activation.

Inactive Agent Cleanup

If your Deep Security deployment has a large number of offline computers not communicating with the Deep Security Manager that no longer need to be managed, you can automatically remove them with inactive agent cleanup.

Delete Agents that have been inactive for: The period that a computer must be inactive for before being removed.

For more information on configuring inactive agent cleanup, see Automate offline computer removal with inactive agent cleanup.