Administrators can change the location and deletion schedule of the forensic folder, and the maximum size of files that agents upload by modifying Trend Micro Apex One’s INI files.
WARNING
WARNING
Changing the location of the forensic folder after logging Data Loss Prevention incidents can cause a disconnect between the database data and the location of existing forensic files. Trend Micro recommends manually migrating any existing forensic files to the new forensic folder after modifying the forensic folder location.
The following table outlines the server settings available in the <Server installation folder>\PCCSRV\Private\ofcserver.ini file located on the Trend Micro Apex One server.

Forensic Folder Server Settings in PCCSRV\Private\ofcserver.ini

Objective
INI Setting
Values
Enabling the user-defined forensic folder location
[INI_IDLP_SECTION]
EnableUserDefinedUploadFolder
0: Disable (default)
1: Enable
Configuring the user-defined forensic folder location
[INI_IDLP_SECTION]
UserDefinedUploadFolder
Note
Note
  • Administrators must enable the EnableUserDefinedUploadFolder setting before Data Loss Prevention applies this setting.
  • The default location of the forensic folder is:
    <Server installation folder>\PCCSRV\Private\DLPForensicData
  • The user-defined forensic folder location must be a physical drive (internal or external) on the server machine. Trend Micro Apex One does not support mapping a network drive location.
Default value: <Please replace this value with customer defined folder path. For example: C:\VolumeData\OfficeScanDlpForensicData>
User-defined value: Must be the physical location of a drive on the server machine
Enabling the purging of forensic data files
[INI_IDLP_SECTION]
ForensicDataPurgeEnable
0: Disable
1: Enable (default)
Configuring the time frequency of the forensic data file purge check
[INI_IDLP_SECTION]
ForensicDataPurgeCheckFrequency
Note
Note
  • Administrators must enable the ForensicDataPurgeEnable setting before Trend Micro Apex One applies this setting.
  • Trend Micro Apex One only deletes data files that have passed the expiry date specified in the ForensicDataExpiredPeriodInDays setting.
1: Monthly, on the first day of the month at 00:00
2: Weekly (default), every Sunday at 00:00
3: Daily, every day at 00:00
4: Hourly, every hour at HH:00
Configuring the length of time to store forensic data files on the server
[INI_IDLP_SECTION]
ForensicDataExpiredPeriodInDays
Default value (in days): 180
Minimum value: 1
Maximum value: 3650
Configuring the time frequency of the forensic file disk space check
[INI_SERVER_DISK_THRESHOLD]
MonitorFrequencyInSecond
Note
Note
If the available disk space in the forensic data folder is less than the value configured for the InformUploadOnDiskFreeSpaceInGb setting, Trend Micro Apex One records an event log on the web console.
Default value (in seconds): 5
Configuring the upload frequency of the forensic file disk space check
[INI_SERVER_DISK_THRESHOLD]
IsapiCheckCountInRequest
Note
Note
If the available disk space in the forensic data folder is less than the value configured for the InformUploadOnDiskFreeSpaceInGb setting, Trend Micro Apex One records an event log on the web console.
Default value (in number of files): 200
Configuring the minimum disk space value that triggers a limited disk space notification
[INI_SERVER_DISK_THRESHOLD]
InformUploadOnDiskFreeSpaceInGb
Note
Note
If the available disk space in the forensic data folder is less than the value configured, Trend Micro Apex One records an event log on the web console.
Default value (in GB): 10
Configuring the minimum space available to upload forensic data files from agents
[INI_SERVER_DISK_THRESHOLD]
RejectUploadOnDiskFreeSpaceInGb
Note
Note
If the available disk space in the forensic data folder is less than the value configured, agents do not upload forensic data files to the server and Trend Micro Apex One records an event log on the web console.
Default value (in GB): 1
The following table outlines the Security Agent settings available in the <Server installation folder>\PCCSRV\ofcscan.ini file located on the Trend Micro Apex One server.

Forensic File Agent Settings in PCCSRV\ofcscan.ini

Objective
INI Setting
Values
Enabling the uploading of forensic data files to the server
UploadForensicDataEnable
0: Disable
1: Enable (default)
Configuring the maximum size of files that the Security Agent uploads to the server
UploadForensicDataSizeLimitInMb
Note
Note
The Security Agent only sends files that are less than this size to the server.
Default value (in MB): 10
Minimum value: 1
Maximum value: 20
Configuring the length of time to store forensic data files on the Security Agent
ForensicDataKeepDays
Note
Note
The Security Agent deletes forensic data files that have passed the expiry date specified once per day based on the previous day's purge time.
Default value (in days): 180
Minimum value: 1
Maximum value: 3650
Configuring the frequency in which the Security Agent checks for server connectivity
ForensicDataDelayUploadFrequenceInMinutes
Note
Note
Security Agents that are unable to upload forensic files to the server automatically try to resend the files using the specified time interval.
Default value (in minutes): 5
Minimum value: 5
Maximum value: 60