Manage and monitor computers
To manage and monitor the computers on your network, on Deep Security Manager, go to Computers. This page regularly refreshes itself to display the most current information. (You can modify the refresh rate on a per-user basis. Go to Administration > User Management > Users and then double-click on a user account to open its Properties window. On the Settings tab, in the Refresh Rate section, modify the page refresh rate.)
- Ordinary Computer
- Deep Security Relay (a computer with a Relay-enabled Agent)
- Deep Security Scanner (a computer with a Scanner-enabled Agent)
Additional computer icons for vSphere environments (not available for Deep Security as a Service):
- ESXi server
- Virtual computer (a virtual machine managed by VMware vCenter)
- Virtual computer (started)
- Virtual computer (stopped)
- Virtual computer (suspended)
- Virtual computer (with Relay enabled)
- Virtual computer (started, Relay enabled)
- Virtual computer (stopped, Relay enabled)
- Virtual computer (suspended, Relay enabled)
- Virtual computer (Scanner enabled)
- Virtual computer (started, Scanner enabled)
- Virtual computer (stopped, Scanner enabled)
- Virtual computer (suspended, Scanner enabled)
- Virtual Appliance
- Virtual Appliance (started)
- Virtual Appliance (stopped)
- Virtual Appliance (suspended)
Clicking the Preview icon () next to a listed computer expands a display area beneath it. The information displayed in the preview depends on the type of computer.
The preview pane for an ordinary computer displays the presence of an Agent, its status, and the status of the Protection Modules. (Note that the Log Inspection module is off and the plug-in is not installed.)
The preview pane for a Deep Security Relay displays its status, the number of Security Update components it has available for distribution, and the status of the Protection modules provided by its embedded Deep Security Agent.
Deep Security Scanner
The preview pane for a Deep Security Scanner displays the presence of an agent or combined mode (agent and appliance), its status, the status of the protection modules, and the scanner status (SAP).
Does not apply to Deep Security as a Service
The preview pane for an ESXi server displays its status and the version number of the ESXi software. In the Guests area are displayed the presence of a Deep Security Virtual Appliance, and the virtual machines running on this host.
Does not apply to Deep Security as a Service
The preview pane for a Virtual Appliance displays its status and the version number of the Appliance. In the Protected Guests On area the protected virtual machines are displayed.
Virtual Machine with Agentless Protection
Does not apply to Deep Security as a Service
The preview pane for a virtual machine displays whether it is being protected by a Virtual Appliance, an in-guest Agent, or both. It displays details about the components running on the virtual machine.
Adding Computers to the Manager
For more detailed instructions on adding computers to the Deep Security Manager see Add computers.
Define a New Computer
Clicking New in the toolbar displays a computer creation wizard. Type the hostname or IP address of the new computer and optionally select a Policy to be applied to the new computer from the list. Clicking Next will tell the Manager to find the computer on the network.
- If the computer you specified is not found, the Manager will still create an entry for it in the Computers page, but you will have to ensure that the Manager can reach this computer and that the Agent is installed and activated. Then you can apply the appropriate Policy to it.
- If the computer is found but no Agent is identified, the Manager will create an entry for the computer on the Computers page. You will have to install an Agent on the computer and activate it.
- If the computer is found and an Agent is detected, the Manager will create an entry in the Computers page. As soon as you exit the wizard (by clicking Finish), the Manager will activate the Agent on the computer and apply the Policy you selected.
Clicking Discover in the toolbar displays the Discover Computers dialog. During discovery, the Manager searches the network for any visible computers that are not already listed. When a new computer is found, the Manager attempts to detect whether an Agent is present. When discovery is complete, the Manager displays all the computers it has detected and displays their status in the Status column. After discovery operations, a computer can be in one of the following states:
- Discovered (No Agent
/Appliance): The computer has been detected but no agent/applianceThe Deep Securty Agent and Deep Security Virtual Appliance are the components that enforce the Deep Security policies that you have defined. Agents are deployed directly on a computer. Appliances are used in VMware vSphere environments to provide agentless protection. They are not available with Deep Security as a Service. is present. The computer may also be in this state if an agent /applianceis installed but has been previously activated and is configured for agent /applianceinitiated communications. Because of the one-way communication from the agent /appliance, the manager will not know the status of the agent /appliance. In this case, you will have to deactivate the agent /applianceon the computer and reactivate it from the manager.
- Discovered (Activation Required): The agent is installed and listening for communication from the manager, but has not been activated. This status may also indicate that the agent
/applianceis installed and listening, and has been activated, but is not yet being managed by the manager. This could occur if this manager was at one point managing the agent /appliance, but the agent /appliance's public certificate is no longer in the manager's database. This may be the case if the if the computer was removed from the manager and then discovered again. To begin managing the agent /applianceon this computer, right-click the computer and select "Activate/Reactivate". Once reactivated, the status will change to "Online".
- Discovered (Deactivation Required): The agent
/applianceis installed and listening, but it has already been activated by another manager. In this case the agent /appliancemust be deactivated prior to activation by this manager.
- Discovered (Unknown): The computer has been detected but the presence or absence of an agent
/appliancecannot be ascertained.
Add Active Directory
Deep Security Manager can connect to and synchronize with a Microsoft Active Directory. For detailed instructions on importing a list of computers from an Active Directory, see Add computer groups from Microsoft Active Directory.
Add VMware vCenter
Does not apply to Deep Security as a Service
Deep Security Manager supports a tight integration with VMware vCenter and ESXi server. You can import the organizational and operational information from vCenter and ESXi nodes and allow detailed application of security to an enterprise's VMware infrastructure. For detailed instructions on importing virtual computers from a VMware system, see Add a VMware vCenter.
Add AWS Account
Deep Security can connect to and manage AWS instances. For details, see Add AWS Cloud accounts.
Add Azure Account
Deep Security can connect to and manage Microsoft Azure VMs. For details, see Add a Microsoft Azure cloud account to Deep Security.
Add vCloud Account
Deep Security can connect to and manage VMware vCloud virtual machines. For details, see Add virtual machines hosted on VMware vCloud.
Search for a Computer
Use the Search textbox to search for a particular computer among already discovered (i.e. listed) computers. For more sophisticated search options, use the "Advanced Search" option below it.
Advanced Search functions (searches are not case sensitive):
- Contains: The entry in the selected column contains the search string
- Does Not Contain: The entry in the selected column does not contain the search string
- Equals: The entry in the selected column exactly matches the search string
- Does Not Equal: The entry in the selected column does not exactly match the search string
- In: The entry in the selected column exactly matches one of the comma-separated search string entries
- Not In: The entry in the selected column does not exactly match any of the comma-separated search string entries
Export Selected Computers
Export your Computers list to an XML or CSV file. You may wish to do this to backup your computer information, integrate it with other reporting systems, or if you are migrating computers to another Deep Security Manager. (This will save you the trouble of re-discovering and scanning computers from the new Manager.)
Activate/reactivate the agent
/appliance on a computer
When a computer is unmanaged the agent
- No Agent
/Appliance: Indicates there is no agent /appliancerunning or listening on the default port. The "No Agent /Appliance" status can also mean that an agent /applianceis installed and running but is working with another Manager and communications are configured as "Agent /ApplianceInitiated", and so the agent /applianceis not listening for this Manager. (If you wish to correct the latter situation, you will have to deactivate the Agent from the computer).
- Activation Required: The agent
/applianceis installed and listening, and is ready to be activated by the Manager.
- Reactivation Required: The agent
/applianceis installed and listening and is waiting to be reactivated by the Manager.
- Deactivation Required: The agent
/applianceis installed and listening, but has already been activated by another Manager.
- Unknown: The computer has been imported (as part of an imported Computers list) without state information, or has been added by way of an LDAP directory discovery process.
After a successful activation, the Agent
Check the Status of a Computer
This command checks the status of a computer without performing a scan or activation attempt.
Deactivate the Agent
/Appliance on a Computer
You may want to transfer control of a computer from one
Deep Security Manager installation to another. If so, the Agent
Send an Updated Policy to a Computer
When you use
Deep Security Manager to change the configuration of an Agent
Download a Security Update
This command downloads the latest Security Update from the configured Relay to the Agent
Roll back Security Update
This command rolls back the latest Security Update for the Agent
Override the normal event retrieval schedule (usually every heartbeat) and retrieve the Event logs from the computer(s) now.
Use this command to clear all warnings and errors for the computer. This command is useful in these situations:
- If the Agent for the computer has been reset locally
- If the computer has been removed from the network before you had a chance to deactivate or delete it from the list of computers
Upgrade the Agent
/Appliance Software on a Computer
To upgrade an Agent or Appliance, you first need to import a newer version of the Agent or Appliance software package into the Deep Security Manager. You can import an Agent or Appliance software package from the Trend Micro Download Center (as described below) or you can manually import the software to the Manager from a local directory (see Local Software).
- Go to Administration > Updates > Software > Download Center. This page lists all of the software packages available on the Trend Micro Download Center. Packages that you have already imported into Deep Security Manager have a green checkmark
()in the Imported column. They are also listed on the Administration > Updates > Software > Local tab. Packages that are out-of-date have ()in the Imported column.
- To update a package that is out of date, right-click the package name and click Import.
Once a package has been imported, you can use it to upgrade one or more Agents
To upgrade the Agent
- On the Computers page, right-click the computers whose Agents or Appliances you wish to upgrade and select Actions > Upgrade Agent
- If there are no installers of an appropriate platform and version (the version must be higher than the Agent
/Appliance's) the following message will be displayed: "There are no authenticated Agent /ApplianceSoftware Install Programs available for the selected computer(s) platform or version. Please add an appropriate Agent /ApplianceSoftware Install Program using the Download Center orLocal panel in Administration > Updates > Software before upgrading the Deep Security Agents /Appliances." Otherwise, the Upgrade Agent /ApplianceSoftware dialog appears. In that dialog box, select the version of the Agent /Appliancethat you want to install and specify when the upgrade will occur. You can choose to upgrade the Agent /Appliancenow, or select Use a Schedule for Upgrade and specify the time window when the upgrade will be performed. If you choose to use a schedule, the manager will upgrade the agent to the specified version once; it does not continue to upgrade the agent to future versions.
Scan for Recommendations
Deep Security Manager can scan computers and then make recommendations for Security Rules. The results of a Recommendation Scan can be seen in the computer's Details window in the various Rules pages. See the documentation for the Computer Details window for more information.
Clear Rule recommendations resulting from a Recommendation Scan on this computer. This will also remove the computer from those listed in an Alert produced as a result of a Recommendation Scan.
Full Scan for Malware
Performs a Full Malware Scan on the selected computers. The actions taken by a Full Scan depend on the Malware Manual Scan Configuration in effect on this computer. See Malware Scan Configurations for more information.
Quick Scan for Malware
Scans critical system areas for currently active threats. Quick Scan will look for currently active malware but it will not perform deep file scans to look for dormant or stored infected files. On larger drives it is significantly faster than a Full Scan.
Scan Computers for Open Ports
Scan for Open Ports performs a port scan on all selected computers and checks the Agent installed on the computer to determine whether its state is either "Deactivation Required", "Activation Required", "Agent Reactivate Required", or "Online". (The scan operation, by default, scans ports 1-1024. This range can be changed in Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General.)
Cancel any Currently Executing Port Scans
If you have initiated a set of port scans to a large number of computers and / or over a large range of ports and the scan is taking too long, use this option to cancel the scans.
Scan for Integrity
Integrity Monitoring tracks changes to a computer's system and files. It does by creating a baseline and then performing periodic scans to compare the current state of the computer to the baseline. For more information see the documentation for the Integrity Monitoring page.
Rebuild Integrity Baseline
Rebuild a baseline for Integrity Monitoring on this computer.
Move a Computer to a Computer Group
To move a computer to new computer group, right-click the computer and choose Actions > Move to Group
Assign a Policy to a Computer
This opens a window with a list allowing you to assign a Policy to the computer. The name of the Policy assigned to the computer will appear in the Policy column on the Computers page.
Assign an Asset Value
Asset values allow you to sort computers and events by importance. The various Security Rules have a severity value. When rules are triggered on a computer, the severity values of the rules are multiplied by the asset value of the computer. This value is used to rank events in order of importance. For more information see Administration > System Settings > Ranking.
Assign a Relay Group
To select a Relay Group for this computer to Download Updates from, right-click the computer and choose Actions > Assign a Relay Group.
Delete a Computer
If you delete a computer, all information pertaining to that computer is deleted along with it. If you re-discover the computer, you will have to re-assign a Policy and whatever rules were assigned previously.
Examine Events Associated with a Computer
Examine system and security-related Events associated with the computer.
Add a New Computer Group
Creating computer groups is useful from an organizational point of view and it speeds up the process of applying and managing Policies. Right-click the computer group under which you want to create the new computer group and select Add Group.
Add Computers and Computer Groups Imported from a Microsoft Active Directory structure
Discover computers by importing from an LDAP directory (such as Microsoft Active Directory). Computers are imported, and synchronized according to the structure in the directory. For more information, see Adding Computers.
Remove a Group
You can only remove a computer group if it contains no computers and has no sub-groups.
Move Computers from the Current Group to Another
You can move a computer from one computer group to another but keep in mind that Policies are applied at the computer level, not the computer group level. Moving a computer from one computer group to another has no effect on the Policy assigned to that computer.
View or Edit the Properties of a Computer Group
The properties of groups include their name and description.