Agent settings are located on Administration > System Settings > Agents.
You can automate Agent-related system setting changes using the Deep Security API. For examples, see the Configure Policy, Computer, and System Settings guide in the Deep Security Automation Center.
Allow Agent-Initiated Activation
- For Any Computers: Any computers, whether they are already listed on the Deep Security Manager's Computers page or not.
- For Existing Computers: Only computers already listed on the Computers page.
- For Computers on the following IP List: Only computers whose IP address has a match on the specified IP List.
Policy to assign (if Policy not assigned by activation script): The security policy to assign to the computer if no policy has been specified in the activation script.
Allow Agent to specify hostname: Select this option to allow the agent to specify the hostname by providing it to the Deep Security Manager during the agent activation process.
If a computer with the same name already exists: If a computer, VMware virtual machine, AWS instance, or Azure VM with the same Agent GUID or certificate is already listed on the Computers page, you can configure the Deep Security Manager to take the following actions:
- Do not allow activation: The computer object will not be activated.
- Activate a new Computer with the same name: The Deep Security Manager will create a new computer object with a new name.
- Re-activate the existing Computer: The existing computer object will be re-activated.
Reactivate cloned Agents: When a new computer (computer, VMware virtual machine, AWS instance, or Azure VM) that is running an already activated Deep Security Agent sends a heartbeat to the Deep Security Manager, the Deep Security Manager will recognize it as a clone. It will be reactivated as a new computer without the policies or rules of the original computer .
This setting is often enabled together with Inactive Agent Cleanup to ensure that certain computers can still reconnect if they are deleted. To learn more, see Automate offline computer removal with inactive agent cleanup.
When a removed computer reconnects, it will not have a policy, and will be added as a new computer. Any direct links to the computer will be removed from the Deep Security Manager event data.
If your environment includes Deep Security Agent installed on Linux computers, you can select Automatically upgrade agents on activation. When this option is selected and the agent is activated (or reactivated) on a Linux computer, the agent will be upgraded to the latest software version that's compatible with
For more information, see Automatically upgrade agents on activation.
If your Deep Security deployment has a large number of offline computers not communicating with the Deep Security Manager that no longer need to be managed, you can automatically remove them with inactive agent cleanup.
Delete Agents that have been inactive for: The period that a computer must be inactive for before being removed.
For more information on configuring inactive agent cleanup, see Automate offline computer removal with inactive agent cleanup.