System events

To view system events, go to Events & Reports > Events.

To configure system events, go to the Administration > System Settings > System Events tab. On this tab you can set whether to record individual events and whether to forward them to a SIEM server. If you select Record, then the event is saved to the database. If you deselect Record, then the event won't appear under the Events & Reports tab (or anywhere in Deep Security Manager) and it won't be forwarded either.

Depending on whether it's a system configuration change or security incident, each log will appear in either the System Events sub-menu, or the sub-menu corresponding to the event's protection module, such as Anti-Malware Events.

These events sometimes also appear in the Status column on Computers.

ID Severity Event Description or Solution
0 Error Unknown Error
100 Info Deep Security Manager Started
101 Info License Changed
102 Info Trend Micro Deep Security Customer Account Changed
103 Warning Check For Updates Failed
104 Warning Automatic Software Download Failed
105 Warning Scheduled Rule Update Download and Apply Failed
106 Info Scheduled Rule Update Downloaded and Applied
107 Info Rule Update Downloaded and Applied
108 Info Script Executed
109 Error Script Execution Failed
110 Info System Events Exported
111 Info Firewall Events Exported
112 Info Intrusion Prevention Events Exported
113 Warning Scheduled Rule Update Download Failed
114 Info Scheduled Rule Update Downloaded
115 Info Rule Update Downloaded
116 Info Rule Update Applied
117 Info Deep Security Manager Shutdown
118 Warning Deep Security Manager Offline
119 Info Deep Security Manager Back Online
120 Error Heartbeat Server Failed The server within Deep Security Manager that listens for incoming agent heartbeats did not start. Check that the manager's incoming heartbeat port number is not in use by another application on the server. Once the port is free, the manager's heartbeat server should bind to it, and this error should be fixed.
121 Error Scheduler Failed
122 Error Manager Message Thread Failed An internal thread has failed. There is no resolution for this error. If it persists, please contact customer support.
123 Info Deep Security Manager Forced Shutdown
124 Info Rule Update Deleted
130 Info Credentials Generated
131 Warning Credential Generation Failed
140 Info Discover Computers
141 Warning Discover Computers Failed
142 Info Discover Computers Requested
143 Info Discover Computers Canceled
150 Info System Settings Saved
151 Info Software Added
152 Info Software Deleted
153 Info Software Updated
154 Info Software Exported
155 Info Software Platforms Changed
156 Error Agent Installer Digital Signature Verification Failed

'<agent>.zip' has been deleted because the digital signature verification failed. The failure indicates that the file may have been tampered with. Details:

<detailed_message>

Please contact Trend Micro support for more help.

See Check digital signatures on software packages for details.

160 Info Authentication Failed
161 Info Rule Update Exported
162 Info Log Inspection Events Exported
163 Info Anti-Malware Event Exported
164 Info Security Update Successful
165 Error Security Update Failed
166 Info Check for New Software Success
167 Error Check for New Software Failed
168 Info Manual Security Update Successful
169 Error Manual Security Update Failed
170 Error Manager Available Disk Space Too Low The manager does not have enough free disk space to function and will shut down. Either expand the disk space or delete unused files to free some disk space, then Restart the Deep Security Manager.
171 Info Anti-Malware Spyware Item Exported
172 Info Web Reputation Events Exported
173 Info Anti-Malware Identified Files List Exported
174 Info Anti-Malware Unauthorized Change Targeted Item Exported  
180 Info Alert Type Updated
190 Info Alert Started
191 Info Alert Changed
192 Info Alert Ended
197 Info Alert Emails Sent
198 Warning Alert Emails Failed An alert email could not be sent. Verify that your SMTP settings are correct.
199 Error Alert Processing Failed The current alert status could be inaccurate because an alert was not completely processed. If the problem persists, contact your support provider.
248 Info Software Update: Disable Relay Requested
249 Info Software Update: Enable Relay Requested
250 Info Computer Created
251 Info Computer Deleted
252 Info Computer Updated
253 Info Policy Assigned to Computer
254 Info Computer Moved
255 Info Activation Requested
256 Info Send Policy Requested
257 Info Locked
258 Info Unlocked
259 Info Deactivation Requested
260 Info Scan for Open Ports
261 Warning Scan for Open Ports Failed
262 Info Scan for Open Ports Requested
263 Info Scan for Open Ports Canceled
264 Info Agent Software Upgrade Requested
265 Info Agent Software Upgrade Cancelled
266 Info Warnings/Errors Cleared
267 Info Check Status Requested
268 Info Get Events Requested
269 Info Computer Added to Cloud Connector
270 Error Computer Creation Failed
271 Info Agent Software Upgrade Timed Out
272 Info Appliance Software Upgrade Timed Out
273 Info Security Update: Security Update Check and Download Requested
274 Info Security Update: Security Update Rollback Requested
275 Warning Duplicate Computer
276 Info Update: Summary Information
277 Info Upgrade on Activation Skipped The agent was eligible for an automatic upgrade, but the upgrade did not occur. For more information, see Automatically upgrade agents on activation.
278 Info Software Update: Reboot to Complete Agent Software Upgrade  
280 Info Computers Exported
281 Info Computers Imported
286 Info Computer Log Exported
287 Info Relay Group Assigned to Computer
290 Info Group Added
291 Info Group Removed
292 Info Group Updated
293 Info Interface Renamed
294 Info Computer Bridge Renamed
295 Info Interface Deleted
296 Info Interface IP Deleted
297 Info Recommendation Scan Requested
298 Info Recommendations Cleared
299 Info Asset Value Assigned to Computer
300 Info Recommendation Scan Completed
301 Info Agent Software Deployment Requested
302 Info Agent Software Removal Requested
303 Info Computer Renamed
304 Info Computer Moved To Datacenter The virtual machine (VM) was placed in its root data center folder because Deep Security Manager couldn't determine the VM's parent folder due to a permission issue. To have the VM appear in the correct folder in Deep Security Manager, check the permissions of the VM on the vCenter server.
305 Info Scan for Integrity Requested
306 Info Rebuild Baseline Requested
307 Info Cancel Update Requested
308 Info Integrity Monitoring Rule Compile Issue
309 Info Integrity Monitoring Rule Compile Issue Resolved
310 Info Directory Added
311 Info Directory Removed
312 Info Directory Updated
320 Info Directory Synchronization
321 Info Directory Synchronization Finished
322 Error Directory Synchronization Failed
323 Info Directory Synchronization Requested
324 Info Directory Synchronization Cancelled
325 Info User Synchronization Synchronization of the user accounts with Microsoft Active Directory has been started.
326 Info User Synchronization Finished Synchronization of the user accounts with Microsoft Active Directory has completed.
327 Error User Synchronization Failed
328 Info User Synchronization Requested
329 Info User Synchronization Cancelled
330 Info SSL Configuration Created
331 Info SSL Configuration Deleted
332 Info SSL Configuration Updated
333 Info Host Merge Finished  
334 Error Host Merge Failed  
350 Info Policy Created
351 Info Policy Deleted
352 Info Policy Updated
353 Info Policies Exported
354 Info Policies Imported
355 Info Scan for Recommendations Canceled
356 Error Secure Boot Public Key Not Enrolled

This error can occur if the public key required to check the signature on the Trend Micro kernel module is not successfully enrolled on the agent computer.

For details, see Linux Secure Boot support for agents.

357 Error Secure Boot 'On' Not Supported

Deep Security Agent does not support this OS with Secure Boot enabled.

For details, see Linux Secure Boot support for agents.

360 Info VMware vCenter Added
361 Info VMware vCenter Removed
362 Info VMware vCenter Updated
363 Info VMware vCenter Synchronization
364 Info VMware vCenter Synchronization Finished
365 Error VMware vCenter Synchronization Failed
366 Info VMware vCenter Synchronization Requested
367 Info VMware vCenter Synchronization Cancelled
368 Warning Interfaces Out of Sync Interfaces reported by the Deep Security Virtual Appliance are different than the interfaces reported by the vCenter. This can typically be resolved by rebooting the VM.
369 Info Interfaces in Sync
370 Info Filter Driver Installed
371 Info Filter Driver Removed The VMware ESXi server has been restored to the state it was in before the filter driver software was installed.
372 Info Filter Driver Upgraded
373 Info Virtual Appliance Deployed
374 Info Virtual Appliance Upgraded
375 Warning Virtual Appliance Upgrade Failed
376 Warning Virtual Machine Moved to Unprotected ESXi
377 Info Virtual Machine Moved to Protected ESXi
378 Warning Virtual Machine unprotected after move to another ESXi A VM was moved to an ESXi where there is no Deep Security Virtual Appliance.
379 Info Virtual Machine unprotected after move to another ESXi Resolved
380 Error Filter Driver Offline The filter driver on an ESXi server is offline. Use the VMware vCenter console to troubleshoot problems with the hypervisor and the ESXi.
381 Info Filter Driver Back Online
382 Info Filter Driver Upgrade Requested
383 Info Appliance Upgrade Requested
384 Warning Prepare ESXi Failed
385 Warning Filter Driver Upgrade Failed
386 Warning Removal of Filter Driver from ESXi Failed
387 Error Connection to Filter Driver Failure
388 Info Connection to Filter Driver Success
389 Error Multiple Activated Appliances Detected
390 Info Multiple Activated Appliances Detected Resolved
391 Error Network Settings Out of Sync With vCenter Global Settings
392 Info Network Settings in Sync With vCenter Global Settings
393 Error Anti-Malware Engine Offline The anti-malware protection module is not functioning. This is probably because the VMware environment does not meet the requirements. See System requirements.
394 Info Anti-Malware Engine Back Online
395 Error Virtual Appliance is Incompatible With Filter Driver
396 Info Virtual Appliance is Incompatible With Filter Driver Resolved
397 Warning VMware NSX Callback Authentication Failed
398 Error VMware Tools Not Installed
399 Info VMware Tools Not Installed Resolved
410 Info Firewall Rule Created
411 Info Firewall Rule Deleted
412 Info Firewall Rule Updated
413 Info Firewall Rule Exported
414 Info Firewall Rule Imported
420 Info Firewall Stateful Configuration Created
421 Info Firewall Stateful Configuration Deleted
422 Info Firewall Stateful Configuration Updated
423 Info Firewall Stateful Configuration Exported
424 Info Firewall Stateful Configuration Imported
460 Info Application Type Created An administrator configured a new IPS network application definition.
461 Info Application Type Deleted An administrator removed an IPS network application definition.
462 Info Application Type Updated An administrator changed an existing IPS network application definition.
463 Info Application Type Exported An administrator downloaded an IPS network application definition.
464 Info Application Type Imported An administrator uploaded an IPS network application definition.
470 Info Intrusion Prevention Rule Created
471 Info Intrusion Prevention Rule Deleted
472 Info Intrusion Prevention Rule Updated
473 Info Intrusion Prevention Rule Exported
474 Info Intrusion Prevention Rule Imported
480 Info Integrity Monitoring Rule Created
481 Info Integrity Monitoring Rule Deleted
482 Info Integrity Monitoring Rule Updated
483 Info Integrity Monitoring Rule Exported
484 Info Integrity Monitoring Rule Imported
490 Info Log Inspection Rule Created
491 Info Log Inspection Rule Deleted
492 Info Log Inspection Rule Updated
493 Info Log Inspection Rule Exported
494 Info Log Inspection Rule Imported
495 Info Log Inspection Decoder Created
496 Info Log Inspection Decoder Deleted
497 Info Log Inspection Decoder Updated
498 Info Log Inspection Decoder Exported
499 Info Log Inspection Decoder Imported
505 Info Context Created
506 Info Context Deleted
507 Info Context Updated
508 Info Context Exported
509 Info Context Imported
510 Info IP List Created
511 Info IP List Deleted
512 Info IP List Updated
513 Info IP List Exported
514 Info IP List Imported
520 Info Port List Created
521 Info Port List Deleted
522 Info Port List Updated
523 Info Port List Exported
524 Info Port List Imported
525 Info Scan Cache Configuration Created
526 Info Scan Cache Configuration Exported
527 Info Scan Cache Configuration Updated  
530 Info MAC List Created
531 Info MAC List Deleted
532 Info MAC List Updated
533 Info MAC List Exported
534 Info MAC List Imported
540 Info Proxy Created
541 Info Proxy Deleted
542 Info Proxy Updated
543 Info Proxy Exported
544 Info Proxy Imported
550 Info Schedule Created
551 Info Schedule Deleted
552 Info Schedule Updated
553 Info Schedule Exported
554 Info Schedule Imported
560 Info Scheduled Task Created
561 Info Scheduled Task Deleted
562 Info Scheduled Task Updated
563 Info Scheduled Task Manually Executed
564 Info Scheduled Task Started
565 Info Backup Finished
566 Error Backup Failed
567 Info Sending Outstanding Alert Summary
568 Warning Failed To Send Outstanding Alert Summary
569 Warning Email Failed An e-mail notification could not be sent. Verify that your SMTP settings are correct.
570 Info Sending Report
571 Warning Failed To Send Report
572 Error Invalid Report Jar
573 Info Asset Value Created
574 Info Asset Value Deleted
575 Info Asset Value Updated
576 Error Report Uninstall Failed
577 Error Report Uninstalled
578 Warning Integrity Monitoring Rules Require Configuration  
580 Warning Application Type Port List Misconfiguration
581 Warning Application Type Port List Misconfiguration Resolved
582 Warning Intrusion Prevention Rules Require Configuration
583 Info Intrusion Prevention Rules Require Configuration Resolved
584 Warning Application Types Require Configuration IPS rules require network application definitions, and cannot correctly scan traffic until you define them.
585 Info Integrity Monitoring Rules Require Configuration Resolved
586 Warning Log Inspection Rules Require Configuration
587 Info Log Inspection Rules Require Configuration Resolved
588 Warning Log Inspection Rules Require Log Files
589 Info Log Inspection Rules Require Log Files Resolved
590 Warning Scheduled Task Unknown Type
591 Info Relay Group Created
592 Info Relay Group Updated
593 Info Relay Group Deleted
594 Info Event-Based Task Created
595 Info Event-Based Task Deleted
596 Info Event-Based Task Updated
597 Info Event-Based Task Triggered
600 Info User Signed In
601 Info User Signed Out
602 Info User Timed Out
603 Info User Locked Out
604 Info User Unlocked
605 Info User Session Terminated  
608 Error User Session Validation Failed Deep Security Manager could not confirm that a session was initiated after successful authentication. The user will be redirected to the login page, and asked to re-authenticate. This could be normal if the authenticated session list was cleared.
609 Error User Made Invalid Request Deep Security Manager received invalid request to access audit data (events). Access was denied.
610 Info User Session Validated
611 Info User Viewed Firewall Event
613 Info User Viewed Intrusion Prevention Event
615 Info User Viewed System Event
616 Info User Viewed Integrity Monitoring Event
617 Info User Viewed Log Inspection Event
618 Info User Viewed Identified File Detail
619 Info User Viewed Anti-Malware Event
620 Info User Viewed Web Reputation Event
621 Info User Signed In As Tenant
622 Info Access from Primary Tenant Enabled
623 Info Access from Primary Tenant Disabled
624 Info Access from Primary Tenant Allowed
625 Info Access from Primary Tenant Revoked
626 Info Access from Primary Tenant Expired
630 Info Syslog Configuration Created  
631 Info Syslog Configuration Deleted  
632 Info Syslog Configuration Updated  
633 Info Syslog Configuration Exported  
634 Info Syslog Configuration Imported  
650 Info User Created
651 Info User Deleted
652 Info User Updated
653 Info User Password Set
656 Info API Key Created  
657 Info API Key Deleted  
658 Info API Key Updated  
660 Info Role Created
661 Info Role Deleted
662 Info Role Updated
663 Info Roles Imported
664 Info Roles Exported
670 Info Contact Created
671 Info Contact Deleted
672 Info Contact Updated
673 Info API Key Locked Out  
674 Info API Key Unlocked  
675 Error API Key Session Validation Failed  
676 Error API Key Made Invalid Request  
678 Info API Key Expired  
680 Info Created master encryption key For details, see the masterkey parameter.
681 Info Exported master encryption key For details, see the masterkey parameter.
682 Info Imported master encryption key For details, see the masterkey parameter.
700 Info Agent Software Installed
701 Error Agent Software Installation Failed
702 Info Credentials Generated
703 Error Credential Generation Failed
704 Info Activated
705 Error Activation Failed This can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editorClosed To open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
706 Info Software Update: Agent Software Upgraded
707 Warning Software Update: Agent Software Upgrade Failed Refer to the event details for more information about why the upgrade was not successful.
708 Info Deactivated
709 Error Deactivation Failed
710 Info Events Retrieved
711 Info Agent Software Deployed
712 Error Agent Software Deployment Failed This can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editorClosed To open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
713 Info Agent Software Removed
714 Error Agent Software Removal Failed

This can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editorClosed To open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.

715 Info Agent/Appliance Version Changed
716 Info Reactivation Attempted by Unknown Agent An agent that is currently unknown to the Deep Security Manager has attempted reactivation. This usually happens when a computer was deleted from Deep Security Manager without first removing the agent on the computer. For more information, see the 'Reactivation Attempted by Unknown Agent' section in Agent settings.
720 Info Policy Sent Agent/Appliance updated.
721 Error Send Policy Failed
722 Warning Get Interfaces Failed
723 Info Get Interfaces Failure Resolved
724 Warning Insufficient Disk Space An agent detected low disk space. Free space on the computer. See Warning: Insufficient disk space.
725 Warning Events Suppressed
726 Warning Get Agent/Appliance Events Failed Manager was unable to retrieve Events from Agent/Appliance. This error does not mean that the data was lost on the Agent/Appliance. This error is normally caused by a network interruption while events are being transferred. Clear the error and run a "Check Status" to retry the operation.
727 Info Get Agent/Appliance Events Failure Resolved
728 Error Get Events Failed Manager was unable to retrieve audit data from Agent/Appliance. This error does not mean that the data was lost on the Agent/Appliance. This error is normally caused by a network interruption while events are being transferred. Clear the error and run a "Get Events Now" to retry the operation.
729 Info Get Events Failure Resolved
730 Error Offline Manager cannot communicate with Computer. Usually, however, the offline Agent is still protecting the computer with its last configured settings. See Computer and Agent/Appliance Status and "Offline" agent.
731 Info Back Online
732 Error Firewall Engine Offline The Firewall Engine is offline and traffic is flowing unfiltered. This is normally due to an error during installation or verification of the driver on the computer's OS platform. Check the status of the network driver at the computer to ensure it is properly loaded.
733 Info Firewall Engine Back Online
734 Warning Computer Clock Change A clock change has occurred on the Computer which exceeds the maximum allowed specified in Computer or Policy editorClosed You can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General > Heartbeat area. Investigate what has caused the clock change on the computer.
735 Warning Misconfiguration Detected The Agent's configuration does not match the configuration indicated in the Manager's records. This is typically because of a recent backup restoration of the Manager or the Agent. Unanticipated misconfiguration warnings should be investigated.
736 Info Check Status Failure Resolved
737 Error Check Status Failed See Error: Check Status Failed.
738 Error Intrusion Prevention Engine Offline The Intrusion Prevention Engine is offline and traffic is flowing unfiltered. This is normally due to an error during installation or verification of the driver on the computer's OS platform. Check the status of the network driver at the computer to ensure it is properly loaded.
739 Info Intrusion Prevention Engine Back Online
740 Error Agent/Appliance Error
741 Warning Abnormal Restart Detected
742 Warning Communications Problem The Agent is having problems communicating its status to Manager. It usually indicates network or load congestion in the Agent --> Manager direction. Further investigation is warranted if the situation persists
743 Info Communications Problem Resolved
745 Warning Events Truncated
748 Error Log Inspection Engine Offline
749 Info Log Inspection Engine Back Online
750 Warning Last Automatic Retry
755 Info Deep Security Manager Version Compatibility Resolved
756 Warning Deep Security Manager Upgrade Recommended (Incompatible Security Update(s))

Each security module rule (such as Firewall, Anti-Malware, and the others) has a specific minimum Deep Security Manager version that's required in order for the rule to run.

Your current Deep Security Manager version is less than the rule's minimum supported version. Upgrade your Deep Security Manager to clear the warning and run the rule.

760 Info Agent/Appliance Version Compatibility Resolved
761 Warning Agent/Appliance Upgrade Recommended
762 Warning Agent/Appliance Upgrade Required

Your current Deep Security Agent or Deep Security Virtual Appliance version is less than the Deep Security Manager's minimum supported version. Upgrade your Agent/Appliance.

763 Error Incompatible Agent/Appliance Version

Your current Deep Security Manager version is less than the Deep Security Agent or Deep Security Virtual Appliance's minimum supported version. Upgrade your manager.

764 Warning Agent/Appliance Upgrade Recommended (Incompatible Security Update(s))

Each security module rule (such as Firewall, Anti-Malware, and the others) has a specific minimum Deep Security Agent or Deep Security Virtual Appliance version that's required in order for the rule to run.

Your current Deep Security Agent or Deep Security Virtual Appliance version is less than the rule's minimum supported version. Upgrade your Deep Security Agent or Deep Security Virtual Appliance to clear the warning and run the rule.

765 Error Computer Reboot Required
766 Warning Network Engine Mode Configuration Incompatibility
767 Warning Network Engine Mode Version Incompatibility
768 Warning Network Engine Mode Incompatibility Resolved
770 Warning Agent/Appliance Heartbeat Rejected
771 Warning Contact by Unrecognized Client See Troubleshoot event ID 771 "Contact by Unrecognized Client".
780 Info Recommendation Scan Failure Resolved
781 Warning Recommendation Scan Failure See Troubleshooting: Recommendation Scan Failure.
782 Info Rebuild Baseline Failure Resolved
783 Warning Rebuild Baseline Failure
784 Info Security Update: Security Update Check and Download Successful
785 Warning Security Update: Security Update Check and Download Failed
786 Info Scan For Change Failure Resolved
787 Warning Scan For Change Failure
790 Info Agent-Initiated Activation Requested
791 Warning Agent-Initiated Activation Failure
792 Info Manual Malware Scan Failure Resolved
793 Warning Manual Malware Scan Failure A Malware Scan has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. See also Anti-Malware scan failures and cancellations.
794 Info Scheduled Malware Scan Failure Resolved
795 Warning Scheduled Malware Scan Failure A scheduled Malware Scan has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. See also Anti-Malware scan failures and cancellations.
796 Warning Scheduled Malware Scan Task has been Missed This occurs when a scheduled Malware Scan is initiated on a computer when a previous scan is still pending. This typically indicates that Malware Scans are being scheduled too frequently.
797 Info Malware Scan Cancellation Failure Resolved
798 Warning Malware Scan Cancellation Failure A Malware Scan cancellation has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed.
799 Warning Malware Scan Stalled A Malware Scan has stalled. Use the VMware vCenter console to check the status of the VM on which the scan stalled.
800 Info Alert Dismissed
801 Info Error Dismissed
803 Warning Agent Configuration Package too Large  
804 Error Intrusion Prevention Rule Compiler Failed  
805 Error Intrusion Prevention Rules Failed to Compile  
806 Error Intrusion Prevention Rules Failed to Compile  
850 Warning Reconnaissance Detected: Computer OS Fingerprint Probe See Warning: Reconnaissance Detected
851 Warning Reconnaissance Detected: Network or Port Scan See Warning: Reconnaissance Detected
852 Warning Reconnaissance Detected: TCP Null Scan See Warning: Reconnaissance Detected
853 Warning Reconnaissance Detected: TCP SYNFIN Scan See Warning: Reconnaissance Detected
854 Warning Reconnaissance Detected: TCP Xmas Scan See Warning: Reconnaissance Detected
900 Info Deep Security Manager Audit Started
901 Info Deep Security Manager Audit Shutdown
902 Info Deep Security Manager Installed
903 Warning License Related Configuration Change
904 Info Diagnostic Logging Enabled  
905 Info Diagnostic Logging Completed  
910 Info Diagnostic Package Generated
911 Info Diagnostic Package Exported
912 Info Diagnostic Package Uploaded
913 Error Automatic Diagnostic Package Error
914 Info Identified File Deletion Succeeded
915 Info Identified File Deletion Failed
916 Info Identified File Download Succeeded
917 Info Identified File Download Failed
918 Info Identified File Administration Utility Download Succeeded
919 Info Identified File Not Found
920 Info Usage Information Generated
921 Info Usage Information Package Exported
922 Info Usage Information Package Uploaded
923 Error Usage Information Package Error
924 Warning File cannot be analyzed or quarantined (VM maximum disk space used to store identified files exceeded) The Anti-Malware module was unable to analyze or quarantine a file because the VM maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab.
925 Warning File cannot be analyzed or quarantined (maximum disk space used to store identified files exceeded) The Anti-Malware module was unable to analyze or quarantine a file because the maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab.
926 Warning Smart Protection Server Disconnected for Smart Scan See Troubleshoot "Smart Protection Server disconnected" errors.
927 Info Smart Protection Server Connected for Smart Scan
928 Info Identified File Restoration Succeeded
929 Warning Identified File Restoration Failed
930 Info Certificate Accepted
931 Info Certificate Deleted
932 Warning Smart Protection Server Disconnected for Web Reputation See Troubleshoot "Smart Protection Server disconnected" errors.
933 Info Smart Protection Server Connected for Web Reputation
934 Info Software Update: Anti-Malware Windows Platform Update Successful
935 Error Software Update: Anti-Malware Windows Platform Update Failed See Anti-Malware Windows platform update failed
936 Info Submission of identified file to Deep Discovery Analyzer succeeded
937 Info Submission of identified file to Deep Discovery Analyzer failed
938 Info Identified File Submission Queued  
940 Info Auto-Tag Rule Created
941 Info Auto-Tag Rule Deleted
942 Info Auto-Tag Rule Updated
943 Info Tag Deleted
944 Info Tag Created
945 Warning Census, Good File Reputation, and Predictive Machine Learning Service Disconnected  
946 Info Census, Good File Reputation, and Predictive Machine Learning Service Connected  
947 Info FIPS Mode Enabled  
948 Info FIPS Mode Disabled  
970 Info Command Line Utility Started
978 Info Command Line Utility Failed
979 Info Command Line Utility Shutdown Deep Security Manager was manually stopped.
980 Info System Information Exported
990 Info Manager Node Added
991 Info Manager Node Decommissioned
992 Info Manager Node Updated
995 Info Connection to the Certified Safe Software Service has been restored
996 Warning Unable to connect to the Certified Safe Software Service
997 Error Tagging Error
998 Error System Event Notification Error
999 Error Internal Software Error
1101 Error Plug-in Installation Failed
1102 Info Plug-in Installed
1103 Error Plug-in Upgrade Failed
1104 Info Plug-in Upgraded
1105 Error Plug-in Start Failed
1106 Error Plug-in Uninstall Failed
1107 Info Plug-in Uninstalled
1108 Info Plug-in Started
1109 Info Plug-in Stopped
1111 Info Software Package Found
1112 Error Kernel Unsupported The Linux driver cannot be installed because your computer may have been upgraded to an unsupported kernel. For more information, see Deep Security Agent Linux kernel support.
1500 Info Malware Scan Configuration Created
1501 Info Malware Scan Configuration Deleted
1502 Info Malware Scan Configuration Updated
1503 Info Malware Scan Configuration Exported
1504 Info Malware Scan Configuration Imported
1505 Info Directory List Created
1506 Info Directory List Deleted
1507 Info Directory List Updated
1508 Info Directory List Exported
1509 Info Directory List Imported
1510 Info File Extension List Created
1511 Info File Extension List Deleted
1512 Info File Extension List Updated
1513 Info File Extension List Exported
1514 Info File Extension List Imported
1515 Info File List Created
1516 Info File List Deleted
1517 Info File List Updated
1518 Info File List Exported
1519 Info File List Imported
1520 Info Manual Malware Scan Pending
1521 Info Manual Malware Scan Started
1522 Info Manual Malware Scan Completed
1523 Info Scheduled Malware Scan Started
1524 Info Scheduled Malware Scan Completed
1525 Info Manual Malware Scan Cancellation In Progress
1526 Info Manual Malware Scan Cancellation This event can have several causes. See Anti-Malware scan failures and cancellations.
1527 Info Scheduled Malware Scan Cancellation In Progress
1528 Info Scheduled Malware Scan Cancellation This event can have several causes. See Anti-Malware scan failures and cancellations.
1529 Info Manual Malware Scan Paused
1530 Info Manual Malware Scan Resumed
1531 Info Scheduled Malware Scan Paused
1532 Info Scheduled Malware Scan Resumed
1533 Info Computer reboot required for Anti-Malware cleanup task
1534 Error Computer reboot required for Anti-Malware protection
1535 Info Anti-Malware cleanup task must be performed manually  
1536 Info Quick Malware Scan Pending
1537 Info Quick Malware Scan Started
1538 Info Quick Malware Scan Completed
1539 Info Quick Malware Scan Cancellation In Progress
1540 Info Quick Malware Scan Cancellation

This event can have several causes. See Anti-Malware scan failures and cancellations.

1541 Info Quick Malware Scan Paused
1542 Info Quick Malware Scan Failure Resolved
1543 Warning Quick Malware Scan Failure

See Anti-Malware scan failures and cancellations.

1544 Info Quick Malware Scan Resumed
1545 Info Files could not be scanned for malware Anti-malware could not scan a file because its file path exceeded the maximum number of characters. Maximum file path length varies by OS and file system. To prevent this problem, try moving the file to a directory path and file name with fewer characters.
1546 Info Files could not be scanned for malware Anti-malware could not scan a file because its location exceeded the maximum directory depth. To prevent this problem, try reducing the number of layers of nested directories.
1547 Info Scheduled Malware Scan Task has been cancelled  
1550 Info Web Reputation Settings Updated
1551 Info Malware Scan Configuration Updated
1552 Info Integrity Configuration Updated
1553 Info Log Inspection Configuration Updated
1554 Info Firewall Stateful Configuration Updated
1555 Info Intrusion Prevention Configuration Updated
1600 Info Relay Group Update Requested
1601 Info Relay Group Update Success
1602 Error Relay Group Update Failed
1603 Info Security Update: Security Update Rollback Success
1604 Warning Security Update: Security Update Rollback Failure
1605 Info Successfully send file back up command to host  
1606 Warning Failed to send file back up command to host  
1607 Info Successfully back up file  
1608 Error Failed to back up file  
1650 Warning Anti-Malware protection is not enabled or is out of date
1651 Info Anti-Malware module is ready
1660 Info Rebuild Baseline Started
1661 Info Rebuild Baseline Paused
1662 Info Rebuild Baseline Resumed
1663 Warning Rebuild Baseline Failure
1664 Warning Rebuild Baseline Stalled
1665 Info Rebuild Baseline Completed
1666 Info Scan for Integrity Started
1667 Info Scan for Integrity Paused
1668 Info Scan for Integrity Resumed
1669 Warning Scan for Integrity Failure
1670 Warning Scan for Integrity Stalled
1671 Info Scan for Integrity Completed
1675 Error Integrity Monitoring Engine Offline
1676 Info Integrity Monitoring Engine Back Online
1677 Error Trusted Platform Module Error
1678 Info Trusted Platform Module Register Values Loaded
1679 Warning Trusted Platform Module Register Values Changed
1680 Info Trusted Platform Module Checking Disabled
1681 Info Trusted Platform Module Information Unreliable
1700 Info No Agent Detected
1800 Error Deep Security Protection Module Failure
1801 Info Deep Security Protection Module Back to Normal  
1900 Info Cloud Account Added
1901 Info Cloud Account Removed
1902 Info Cloud Account Updated
1903 Info Cloud Account Synchronization In Progress
1904 Info Cloud Account Synchronization Finished
1905 Error Cloud Account Synchronization Failed
1906 Info Cloud Account Synchronization Requested
1907 Info Cloud account Synchronization Cancelled
1908 Info AWS Account Synchronization Requested  
1909 Info AWS Account Synchronization Finished  
1910 Error AWS Account Synchronization Failed  
1911 Info AWS Account Added  
1912 Info AWS Account Removed  
1913 Info AWS Account Updated  
1914 Info Azure Account Added  
1915 Info Azure Account Removed  
1916 Info Azure Account Updated  
1917 Info Azure Account Synchronization Finished  
1918 Error Azure Account Synchronization Failed  
1919 Info Azure Account Synchronization Requested  
1920 Warning Azure Account Synchronization Completed but with Errors  
1921 Info vCloud Account Added  
1922 Info vCloud Account Removed  
1923 Info vCloud Account Updated  
1924 Info vCloud Account Synchronization Finished  
1925 Error vCloud Account Synchronization Failed  
1926 Info vCloud Account Synchronization Requested  
1927 Info Upgrade Connector to AWS Account Requested  
1928 Warning AWS Account Update Failed  
1929 Info Upgrade Connector to AWS Account Finished  
1950 Info Tenant Created
1951 Info Tenant Deleted
1952 Info Tenant Updated
1953 Info Tenant Database Server Created
1954 Info Tenant Database Server Deleted
1955 Info Tenant Database Server Updated
1956 Info Tenant Exported  
1957 Error Tenant Initialization Failure
1958 Info Tenant Features Updated
2000 Info Scan Cache Configuration Object Added
2001 Info Scan Cache Configuration Object Removed
2002 Info Scan Cache Configuration Object Updated
2100 Info Deep Security as a Service Subscription Started  
2101 Info Deep Security as a Service Subscription Canceled  
2102 Info Cleverbridge Quantity Updated  
2103 Warning Cleverbridge Quantity Not Updated  
2104 Info Cleverbridge Quantity Reset  
2105 Warning Cleverbridge Quantity Not Reset  
2106 Info Cleverbridge Billing Date Set  
2107 Warning Cleverbridge Billing Date Not Set  
2108 Info Deep Security as a Service Subscription Payment Received  
2109 Warning Deep Security as a Service Subscription Payment Not Received  
2110 Info Cleverbridge Notification Received  
2111 Info Deep Security as a Service Subscription Deactivated  
2112 Info Account Balance Reset  
2113 Info Agent Installation Requested  
2114 Info AWS Billing Job Started  
2115 Info AWS Billing Job Completed  
2116 Error AWS Billing failure Deep Security Manager sent a billing usage record to AWS using the AWS SDK, which the SDK returned with an exception. If the problem persists, contact your support provider.
2117 Info Entitlement Created  
2118 Info Entitlement Updated  
2119 Error Agent Activation Prevented Due to AWS Metering Billing Usage Data Submission Failure  
2120 Error AWS Billing failure Deep Security Manager encountered an error while executing an AWS billing job. If the problem persists, contact your support provider.
2200 Info Software Update: Anti-Malware Module Installation Started
2201 Info Software Update: Anti-Malware Module Installation Successful This event is also triggered by installing Application Control or Integrity Monitoring because they share the same framework as Anti-Malware.
2202 Warning Software Update: Anti-Malware Module Installation Failed
2203 Info Software Update: Anti-Malware Module Download Successful
2204 Info Security Update: Pattern Update on Agents/Appliances Successful
2205 Warning Security Update: Pattern Update on Agents/Appliances Failed
2206 Info Security Update: Pattern Update on Agents/Appliances Skipped  
2300 Info Software Update: Web Reputation Module Installation Started
2301 Info Software Update: Web Reputation Module Installation Successful
2302 Warning Software Update: Web Reputation Module Installation Failed
2303 Info Software Update: Web Reputation Download Successful
2400 Info Software Update: Firewall Module Installation Started
2401 Info Software Update: Firewall Module Installation Successful
2402 Warning Software Update: Firewall Module Installation Failed
2403 Info Software Update: Firewall Module Download Successful
2500 Info Software Update: Intrusion Prevention Module Installation Started
2501 Info Software Update: Intrusion Prevention Module Installation Successful
2502 Warning Software Update: Intrusion Prevention Module Installation Failed
2503 Info Software Update: Intrusion Prevention Module Download Successful
2600 Info Software Update: Integrity Monitoring Module Installation Started
2601 Info Software Update: Integrity Monitoring Module Installation Successful
2602 Warning Software Update: Integrity Monitoring Module Installation Failed
2603 Info Software Update: Integrity Monitoring Module Download Successful
2700 Info Software Update: Log Inspection Module Installation Started
2701 Info Software Update: Log Inspection Module Installation Successful
2702 Warning Software Update: Log Inspection Module Installation Failed
2703 Info Software Update: Log Inspection Module Download Successful
2800 Info Software Update: Software Automatically Downloaded
2801 Error Software Update: Unable to retrieve Download Center inventory
2802 Error Software Update: Unable to download software from Download Center
2803 Info Online Help Update Started
2804 Info Online Help Update Ended
2805 Info Online Help Update Success
2806 Warning Online Help Update Failed
2900 Info Software Update: Relay Module Installation Started
2901 Info Software Update: Relay Module Installation Successful
2902 Warning Software Update: Relay Module Installation Failed
2903 Info Software Update: Relay Module Download Successful
2904 Info VMware NSX Synchronization Finished
2905 Error VMware NSX Synchronization Failed
2906 Info Agent Self-Protection enabled Agent self-protection was enabled via the Deep Security Manager.
2907 Info Agent Self-Protection disabled  
2908 Info Agent Self-Protection enabled Agent self-protection was enabled via the command line on the Deep Security Agent.
2909 Info Agent Self-Protection disabled  
2915 Info Data migration complete  
2916 Warning Data migration finished with error  
2920 Info Querying report from DDAn Finished
2921 Error Querying report from DDAn Failed
2922 Info Submission to Deep Discovery Analyzer processed  
2923 Error File submission to Deep Discovery Analyzer Failed  
2924 Info Security Update: Suspicious Object Check and Update Successful  
2925 Error Security Update: Suspicious Object Check and Update Failed  
2926 Warning Submission to Deep Discovery Analyzer queued  
2930 Info File back up pending  
2931 Info Smart Folder Added  
2932 Info Smart Folder Removed  
2933 Info Smart Folder Updated  
2934 Error Failed to send Amazon SNS message  
2935 Info System resumed sending SNS messages  
2936 Info Inactive User Deleted  
2937 Info SAML Identity Provider Created  
2938 Info SAML Identity Provider Updated  
2939 Info SAML Identity Provider Deleted  
2940 Info SAML Service Provider Updated  
2941 Error Failed to Update News  
2942 Info Performance Profile Created  
2943 Info Performance Profile Updated  
2944 Info Performance Profile Deleted  
2945 Info System Upgrade Started  
2946 Info System Update Succeeded  
2947 Error System Upgrade Failed  
2948 Info Manager Node Upgrade Started  
2949 Info Manager Node Update Succeeded  
2950 Error Manager Node Upgrade Failed A node in a multi-node environment failed to upgrade.
2951 Error Failed to send TIC message

Managed Detection and Response events failed to send.

2952 Info System resumed sending TIC messages  
2953 Info Inactive Agent Cleanup Completed Successfully Inactive agent cleanup removed computers that have been offline and inactive for a specified period of time. For more information on inactive agent cleanup, see Automate offline computer removal with inactive agent cleanup.
2954 Warning Dropped events recorded in the future  
2960 Info Appliance (SVM) Upgrade Requested Deep Security Manager has received the upgrade request.
2961 Info Appliance (SVM) Upgrade Started Deep Security Manager is processing the upgrade.
2962 Info Appliance (SVM) Upgrade Canceled The appliance SVM is not available so the upgrade cannot be done. See the description of the system event for the reason.
2963 Info Appliance (SVM) Upgraded The appliance SVM is upgraded to the new version and is activated successfully. All guest VMs are auto-activated three minutes after the appliance activation.
2964 Warning Appliance (SVM) Upgrade Failed Deep Security Manager encountered one or more errors and failed the upgrade process. For details, see Troubleshooting the 'Appliance (SVM) Upgrade Failed' system event.
2965 Error Appliance (SVM) Upgraded but Not Ready

The appliance SVM was upgraded to the newer version but has not yet been activated, or the appliance SVM was activated but your guest VMs have not yet been auto-activated. See the description of the system event for details. You may need to confirm the appliance deployment and manually trigger activation of the appliance or guest VMs.

2970 Info GCP Account Added

GCP Account: <GCPaccountname> successfully added.

For details, see Add a Google Cloud Platform account.

2971 Info GCP Account Removed

GCP Account: <GCPaccountname> successfully removed.

For details, see Remove a GCP account.

2972 Info GCP Account Updated

GCP Account: <GCPaccountname> successfully updated.

For details, see Add a Google Cloud Platform account.

2973 Info GCP Account Synchronization Finished

Synchronize computers completed for GCP Account: <GCPaccountname>

For details, see Synchronize a GCP account.

2974 Error GCP Account Synchronization Failed

Deep Security Manager was unable to synchronize computers with GCP Account: <GCPaccountname>

<detailed_message>

For example: 

Root URL is not valid

For details, see Synchronize a GCP account.

2975 Info GCP Account Synchronization Requested

A request has been made to synchronize computers with GCP Account: <GCPaccountname>

For details, see Synchronize a GCP account.

2976 Warning GCP Account Synchronization Completed but with Errors

The GCP Account <GCPaccountname> synchronization operation completed, but information for the following hosts or groups could not be updated with following message:

<detailed_message>

For example: 

Project <GCPprojectname>: 403 Required 'compute.machineTypes.list' permission for 'projects/<GCPprojectname>'

For details, see Synchronize a GCP account.

2992 Warning VMware NSX Policy Configuration Conflict

Deep Security Manager has detected that the following NSX-T groups are using different security policies for Endpoint Protection and Network Introspection (E-W):

<group_names>

Go to NSX-T and reconfigure the group to use the same security policy.

For details, see Method 3: Synchronize your Deep Security policies to NSX-T 3.x.

3000 Info Software Update: SAP Module Installation Started
3001 Info Software Update: SAP Module Installation Successful
3002 Error Software Update: SAP Module Installation Failed
3003 Info Software Update: SAP Module Download Successful
3004 Info SAP VSA is installed
3005 Error SAP VSA is not installed
3006 Info SAP VSA is up-to-date
3007 Info SAP VSA is not up-to-date
3008 Info SAP: Anti-Malware module is ready  
3009 Error SAP: Anti-Malware module is not ready  
7000 Info Application Control Security Events Exported An administrator downloaded application control event logs in CSV format.
7007 Info User Viewed Application Control Event An administrator dismissed an application control alert. This is normal unless your system has been compromised by an intruder that has gained an administrator login.
7008 Error Application Control Engine Offline An agent's application control engine failed to come online. This could happen if you have enabled application control on a computer whose kernel is not supported.
7009 Info Application Control Engine Online Again An agent's application control engine restarted.
7010 Info Application Control Configuration Updated Deep Security Manager updated the application control settings on an agent.
7011 Info Software Update: Application Control Module Installation Started The agent received a policy from Deep Security Manager where application control was selected, but detected that it did not have the application control engine installed or needed to update it, so it began to download it. This is normal when you enable application control on a computer for the first time, or when it has been disabled while application control engine updates were released.
7012 Info Software Update: Application Control Module Installation Successful The agent installed the application control engine. The application control engine is also used by the integrity monitoring feature.
7013 Error Software Update: Application Control Module Installation Failed The agent could not install the application control engine. This is not normal.
7014 Info Software Update: Application Control Module Download Successful The agent finished downloading the application control engine.
7015 Info Application Control Ruleset Rules Updated The legacy REST API was used to allow or block software. This message does not occur when administrators perform the same action in the GUI.
7020 Info Application Control Inventory Retrieved The legacy REST API uploaded a computer's initial allow rules to Deep Security Manager.
7021 Info Application Control Inventory Scan Started The application control engine was enabled, and the agent detected that it did not have any allow rules for that computer, so it began to build initial rules based on the currently installed software. This is normal when you enable application control for the first time. This message does not occur when you use the legacy REST API to replace the allow rules.
7022 Info Application Control Inventory Scan Completed The agent finished building the initial allow rules for that computer. After this, any new software that is detected which is not in the allow or block rules will, if configured, cause and alert.
7023 Error Application Control Inventory Scan Failed The agent could not build the initial allow rules for that computer. This is not normal.
7024 Info Application Control Software Changes Detected An administrator allowed or blocked software in the Actions tab, or changed a rule by clicking Change rule in an application control log message. This message does not occur when you use the legacy REST API to replace the allow rules.
7025 Info Application Control Inventory Scan Requested You manually forced application control to delete the current rules and rebuild them based on the currently installed software. This could be normal if you needed to change many rules at the same time.
7026 Info Application Control Maintenance Mode Start Requested Either an administrator sent or the legacy REST API received the command to enable maintenance mode.
7027 Info Application Control Maintenance Mode Stop Requested Either an administrator sent or the legacy REST API received the command to disable maintenance mode.
7028 Info Application Control Maintenance Mode Started Maintenance mode was enabled. While enabled, the agent automatically adds updated or newly installed software to its allow rules, indicating that you know and want to allow the software update. The agent continues to apply block rules during this time.
7029 Info Application Control Maintenance Mode Stopped Maintenance mode was disabled. Once maintenance mode is stopped, all new or changed software will be considered "unrecognized" until you specifically allow or block it.
7030 Info Application Control Inventory Scan Cancelled The agent began to build the initial allow rules, but an administrator canceled the process.
7031 Error Sending Application Control Ruleset Failed An agent could not download a shared ruleset for application control. This can occur if network connectivity is interrupted (such as a firewall or proxy between the agent and relay), or if there isn't enough free disk space on the agent.
7032 Info Sending Application Control Ruleset Succeeded An agent downloaded a shared ruleset for application control. This normally occurs whenever an administrator or the legacy REST API allows or blocks software, or when a different shared ruleset is applied.
7033 Info Application Control Ruleset Created The legacy REST API was used to create an application control ruleset. This message does not occur when administrators perform the same action in the GUI.
7034 Info Application Control Ruleset Updated The legacy REST API was used to allow or block software via an application control ruleset. This message does not occur when administrators perform the same action in the GUI.
7035 Info Application Control Ruleset Deleted The legacy REST API was used to delete an application control ruleset. This message does not occur when administrators perform the same action in the GUI.
7036 Info Application Control Maintenance Mode Reset Duration Requested An administrator changed the time period for when maintenance mode is active.
7037 Error Newly applied ruleset will block some running processes on restart An administrator applied a new ruleset, but some of the currently running processes exist in block rules. Application control will not terminate the processes, but the next time you reboot or restart those services, depending on your configuration, it will either alert you or block them. If the processes are not authorized, you should terminate them manually. If they are authorized, but are missing from the ruleset, you should add them to the ruleset.
7038 Error Unresolved software change limit reached Software changes detected on the file system exceeded the maximum amount. Application control will continue to enforce existing rules, but will not record any more changes, and it will stop displaying any of that computer's software changes. You must resolve and prevent excessive software change.
7040 Error Incompatible Application Control Ruleset An application control ruleset could not be assigned to one or more computers because the ruleset is not supported by the installed version of the agent. Typically, the problem is that a hash-based ruleset (which is compatible only with Deep Security Agent 11.0 or newer) has been assigned to an older Deep Security Agent. Deep Security Agent 10.x supports only file-based rulesets. (For details, see Differences in how Deep Security Agent 10 and 11 compare files.) To fix this issue, upgrade the Deep Security Agent to version 11.0 or newer. Alternatively, if you are using local rulesets, reset application control for the agent. Or if you are using a shared ruleset, use a shared ruleset that was created with Deep Security 10.x until all agents using the shared ruleset are upgraded to Deep Security Agent 11.0 or newer.
7041 Info Application Control Ruleset Upgraded An application control ruleset was upgraded from a file-based ruleset to a hash-based ruleset. (For details, see Differences in how Deep Security Agent 10 and 11 compare files.)
7042 Info Application Control Software Inventory Deleted