Install Deep Security Manager silently

Topics:

Before you begin

Make sure you have completed all pre-installation tasks in Install Deep Security Manager.

Run a silent install on Windows

To initiate a silent install on Windows, open a command prompt in the same directory as the install package and run:

Manager-Windows-<Version>.x64.exe -q -console -Dinstall4j.language=<ISO code> -varfile <PropertiesFile>

For details on the parameters and variables in the above command, see Silent install parameters.

Run a silent install on Linux

Before executing this command, grant execution permission to the installation package.

To initiate a silent install on Linux, use the command line to go to the same directory as the install package and run:

Manager-Linux-<Version>.x64.sh -q -console -Dinstall4j.language=<ISO code> -varfile <PropertiesFile>

For details on the parameters and variables in the above command, see Silent install parameters.

Silent install parameters

-q forces the installer to execute in unattended (silent) mode.

-console forces messages to appear in the console (stdout).

-Dinstall4j.language=<ISO code> lets you override the default installation language (English) if other languages are available. Specify a language using standard ISO language identifiers:

  • Japanese: ja
  • Simplified Chinese: zh_CN

-varfile <PropertiesFile> , where <PropertiesFile> is the full path to standard Java properties file with entries for the various settings you can apply during a Deep Security Manager install. Each property is identified by its equivalent GUI screen and setting in the Windows Deep Security Manager installation. For example, the Deep Security Manager address on the "Address and Ports" screen is specified as:

AddressAndPortsScreen.ManagerAddress=

Most of the properties in this file have acceptable defaults and may be omitted.

For a complete description of available settings, see Deep Security settings in the properties file.

-t runs an installer readiness check rather than a regular install.

Sample installation output

The following is a sample output from a successful install, followed by an example output from a failed install (invalid license). The [Error] tag in the trace indicates a failure.

Successful install

Stopping Trend Micro Deep Security Manager Service...
Checking for previous versions of Trend Micro Deep Security Manager...
Upgrade Verification Screen settings accepted...
The installation directory has been set to C:\Program Files\Trend Micro\Deep Security Manager.
Database Screen settings accepted...
License Screen settings accepted...
Address And Ports Screen settings accepted...
Credentials Screen settings accepted...
Security Update Screen settings accepted...
Software Update Screen settings accepted...
Smart Protection Network Screen settings accepted...
All settings accepted, ready to execute...
Extracting files ...
Setting Up...
Connecting to the Database...
Creating the Database Schema...
Creating MasterAdmin Account...
Recording Settings...
Creating Temporary Directory...
Installing Reports...
Installing Modules and Plug-ins...
Creating Help System...
Validating and Applying Activation Codes...
Configure Localizable Settings...
Setting Default Password Policy...
Creating Scheduled Tasks...
Creating Asset Importance Entries...
Creating Auditor Role...
Optimizing...
Importing Software Packages...
Configuring Relay For Install...
Importing Performance Profiles...
Recording Installation...
Clearing Sessions...
Creating Properties File...
Creating Shortcut...
Configuring SSL...
Configuring Service...
Configuring Java Security...
Configuring Java Logging...
Cleaning Up...
Starting Deep Security Manager...
Finishing installation ...

Failed install

This example shows the output generated when the properties file contains an invalid license string:

Stopping Trend Micro Deep Security Manager Service...
Detecting previous versions of Trend Micro Deep Security Manager...
Upgrade Verification Screen settings accepted...
Database Screen settings accepted...
Database Options Screen settings accepted...
[ERROR] The license code you have entered is invalid.
[ERROR] License Screen settings rejected...
Rolling back changes...

Deep Security settings in the properties file

The format of each entry in the settings property file is:

<Screen Name>.<Property Name>=<Property Value>

The settings properties file has required and optional values.

If you enter an invalid value for optional properties, the installer will use the default value instead.

Required Settings

LicenseScreen

Property Possible Values Default Value
LicenseScreen.License.-1 <activation code for all modules> <none>

OR

Property Possible Values Default Value
LicenseScreen.License.0 <activation code for Anti-Malware> <none>
LicenseScreen.License.1 <activation code for Firewall/DPI> <none>
LicenseScreen.License.2 <activation code for Integrity Monitoring> <none>
LicenseScreen.License.3 <activation code for Log Inspection> <none>

CredentialsScreen

Property Possible Values Default Value
CredentialsScreen.Administrator.Username <username for the master administrator> <none>
CredentialsScreen.Administrator.Password <password for the master administrator> <none>

Optional Settings

LanguageScreen

Property Possible Values Default Value Notes
sys.languageId en_US
ja
en_US
  • "en_US" indicates English.
  • "ja" indicates Japanese.

UpgradeVerificationScreen

This screen determines what happens if an existing installation is detected.

This setting is not referenced unless an existing installation is detected.
Property Possible Values Default Value
UpgradeVerificationScreen.Overwrite
  • True
  • False
False

A True value results in a fresh install with all data in the existing database being discarded. A False value provides the option to repair the existing installation.

If you set this value to True, it will overwrite any existing data in the database. It will do this without any further prompts.

OldDataMigrationScreen

This screen defines the number of days of data to keep. When this setting is 0, all historical data will be kept, but this may increase the amount of time the upgrade will take. During the data migration, the silent install will show the percentage of records migrated at 10% intervals.

This setting is not referenced unless an existing installation is detected and it requires a data migration to upgrade the database schema.
Property Possible Values Default Value
OldDataMigrationScreen.HistoricalDays <integer> 0

DatabaseScreen

This screen defines the database type and optionally the parameters needed to access certain database types.

In the interactive install, you can click Advanced to define the instance name and domain of a Microsoft SQL server. This appears in a dialog. Because the unattended install does not support dialogs, these arguments are included in the DatabaseScreen settings below.
Property Possible Values Default Value Notes
DatabaseScreen.DatabaseType
  • Microsoft SQL Server
  • Oracle
  • PostgreSQL
Microsoft SQL Server None
DatabaseScreen.Hostname
  • <database hostname or IP address>
  • Current host name
Current host name

None

You can specify the port in this entry using the format <hostname>:<port>. Example: example:123

DatabaseScreen.DatabaseName <string> dsm
DatabaseScreen.Transport
  • Named Pipes
  • TCP
Named Pipes Required for SQL Server only
DatabaseScreen.Username <database username> <none> Username used by the manager to authenticate to the database server. Must match an existing database account. Note that the Deep Security Manager database permissions will correspond to this user's permissions. For example, if you choose a database account with read-only privileges, the Deep Security Manager will not be able to write to the database. Mandatory for Microsoft SQL Server and Oracle.
DatabaseScreen.Password <database password> <none> Password used by the manager to authenticate to the database server. Mandatory for Microsoft SQL Server and Oracle.
DatabaseScreen.SQLServer.Instance <string> <none> Used only with Microsoft SQL Server, which supports multiple instances on a single server or processor. Only one instance can be the default instance and any others are named instances. If the Deep Security Manager database instance is not the default, enter the name of the instance here. The value must match an existing instance or be left blank to indicate the default instance.
DatabaseScreen.SQLServer.Domain <string> <none> Used only with Microsoft SQL Server. This is the Windows domain used when authenticating to the SQL Server. The DatabaseScreen.Username and DatabaseScreen.Password described above are only valid within the appropriate domain.
DatabaseScreen.SQLServer.UseDefaultCollation
  • True
  • False
False Used only with Microsoft SQL Server. Collation determines how strings are sorted and compared. If the value is "False", Deep Security will use Latin1_General_CS_AS for collation on text-type columns. If the value is "True", Deep Security will use the collation method specified by your SQL Server database. For additional information on collation, refer to your SQL Server documentation.

AddressAndPortsScreen

This screen defines the hostname, URL, or IP address of this computer and defines port numbers for the manager. In the interactive installer, this screen also supports connecting a new manager node to an existing database, but this option is not supported in the unattended install.

Property Possible Values Default Value Notes
AddressAndPortsScreen.ManagerAddress <manager hostname, URL or IP address> <current host name> None
AddressAndPortsScreen.ManagerPort <port number> 4119 See Port numbers, URLs, and IP addresses.
AddressAndPortsScreen.HeartbeatPort <port number> 4120 See Port numbers, URLs, and IP addresses.
AddressAndPortsScreen.NewNode
  • True
  • False
False True indicates that the current install is a new node. If the installer finds existing data in the database, it will add this installation as a new node. (Multi-node setup is always a silent install.) Note: The "New Node" installation information about the existing database to be provided via the DatabaseScreen properties.

CredentialsScreen

Property Possible Values Default Value Notes
CredentialsScreen.UseStrongPasswords
  • True
  • False
False True causes Deep Security Manager to enforce strong passwords.

MasterKeyConfigurationScreen

Property Possible Values Default Value Notes
MasterKeyConfigurationScreen.KeyConfigType
  • Do not configure
  • Local Key
  • KMS
Do not configure

If configured, the installer will use KMS or the local key secret to generate a custom master key. If not configured, a hard-coded seed is used instead. See also masterkey.

Instead, you must run masterkey commands after the installer.

MasterKeyConfigurationScreen.ARN <AWS ARN> <none> The Amazon Resource Name (ARN) of the KMS key. Only used if MasterKeyConfigurationScreen.KeyConfigType is KMS.
MasterKeyConfigurationScreen.LocalKey <string> <none> The value that you want to use when the installer configures the local environment variable LOCAL_KEY_SECRET. Only used if MasterKeyConfigurationScreen.KeyConfigType is Local Key.

SecurityUpdateScreen

Property Possible Values Default Value Notes
SecurityUpdateScreen.UpdateComponents
  • True
  • False
True True will tell the Deep Security Manager to create a scheduled task to automatically check for security updates. The scheduled task will run when installation is complete.
SecurityUpdateScreen.Proxy
  • True
  • False
False True will cause Deep Security Manager to use a proxy to connect to the Internet to download security updates from Trend Micro.
SecurityUpdateScreen.ProxyType
  • HTTP
  • SOCKS4
  • SOCKS5
<none> The protocol used by the proxy.
SecurityUpdateScreen.ProxyAddress <valid IPv4 or IPv6 address or hostname> <none> None
SecurityUpdateScreen.ProxyPort <proxy port> <none> See Port numbers, URLs, and IP addresses.
SecurityUpdateScreen.ProxyAuthentication
  • True
  • False
False True indicates that the proxy requires authentication credentials.
SecurityUpdateScreen.ProxyUsername <string> <none> None
SecurityUpdateScreen.ProxyPassword <string> <none> None

SoftwareUpdateScreen

Property Possible Values Default Value Notes
SoftwareUpdateScreen.UpdateSoftware
  • True
  • False
True True will tell Deep Security Manager to create a scheduled task to automatically check for software updates. The scheduled task will run when installation is complete.
SoftwareUpdateScreen.Proxy
  • True
  • False
False True will cause Deep Security Manager to use a proxy to connect to the Internet to download software updates from Trend Micro.
SoftwareUpdateScreen.ProxyType
  • HTTP
  • SOCKS4
  • SOCKS5
<none> The protocol used by the proxy.
SoftwareUpdateScreen.ProxyAddress <valid IPv4 or IPv6 address or hostname> <none> None.
SoftwareUpdateScreen.ProxyPort <integer> <none> See Port numbers, URLs, and IP addresses.
SoftwareUpdateScreen.ProxyAuthentication
  • True
  • False
False True indicates that the proxy requires authentication credentials.
SoftwareUpdateScreen.ProxyUsername <string> <none> None
SoftwareUpdateScreen.ProxyPassword <string> <none> None

SmartProtectionNetworkScreen

This screen defines whether you want to enable Trend Micro Smart Feedback and optionally your industry.

Property Possible Values Default Value Notes
SmartProtectionNetworkScreen.EnableFeedback
  • True
  • False
False True enables Trend Micro Smart Feedback.
SmartProtectionNetworkScreen.IndustryType
  • Not specified
  • Banking
  • Communications and media
  • Education
  • Energy
  • Fast-moving consumer goods (FMCG)
  • Financial
  • Food and beverage
  • Government
  • Healthcare
  • Insurance
  • Manufacturing
  • Materials
  • Media
  • Oil and gas
  • Real estate
  • Retail
  • Technology
  • Telecommunications
  • Transportation
  • Utilities
  • Other
<none> If a value is not entered, it has the same result as Not specified.

RelayScreen

This screen defines whether you want to install the Deep Security Relay on the same computer as Deep Security Manager.

Property Possible Values Default Value Notes
RelayScreen.Install
  • True
  • False
False

True installs the Deep Security Relay on the Deep Security Manager computer.

False does not install the Deep Security Relay on the Deep Security Manager (silent install), or shows a screen asking you whether you want to install the relay (regular install).

Sample properties file

This is an example of the content of a typical properties file:

AddressAndPortsScreen.ManagerAddress=10.xxx.xxx.xxx
AddressAndPortsScreen.NewNode=True
UpgradeVerificationScreen.Overwrite=False
LicenseScreen.License.-1=XY-ABCD-ABCDE-ABCDE-ABCDE-ABCDE-ABCDE
DatabaseScreen.DatabaseType=Microsoft SQL Server
DatabaseScreen.Hostname=10.xxx.xxx.xxx
DatabaseScreen.Transport=TCP
DatabaseScreen.DatabaseName=XE
DatabaseScreen.Username=DSM
DatabaseScreen.Password=xxxxxxx
AddressAndPortsScreen.ManagerPort=4119
AddressAndPortsScreen.HeartbeatPort=4120
CredentialsScreen.Administrator.Username=masteradmin
CredentialsScreen.Administrator.Password=xxxxxxxx
CredentialsScreen.UseStrongPasswords=False
SecurityUpdateScreen.UpdateComponents=True
SecurityUpdateScreen.Proxy=False
SecurityUpdateScreen.ProxyType=
SecurityUpdateScreen.ProxyAddress=
SecurityUpdateScreen.ProxyPort=
SecurityUpdateScreen.ProxyAuthentication=False
SecurityUpdateScreen.ProxyUsername=
SecurityUpdateScreen.ProxyPassword=
SoftwareUpdateScreen.UpdateSoftware=True
SoftwareUpdateScreen.Proxy=False
SoftwareUpdateScreen.ProxyType=
SoftwareUpdateScreen.ProxyAddress=
SoftwareUpdateScreen.ProxyPort=
SoftwareUpdateScreen.ProxyAuthentication=False
SoftwareUpdateScreen.ProxyUsername=
SoftwareUpdateScreen.ProxyPassword=
RelayScreen.Install=True
SmartProtectionNetworkScreen.EnableFeedback=False