Deep Security notifier

The Deep Security notifier is a Windows taskbar application that communicates the state of the Deep Security Agent and Deep Security Relay to client machines. The notifier displays popup user notifications in the taskbar notification area when the Deep Security Agent blocks malware or prevents access to malicious web pages.

The notifier has a small footprint on the client machine, requiring less than 1MB of disk space and 1MB of memory. When the notifier is running, the notifier icon ( icon_agent=c3906fd7-b8a3-48d3-b566-e09a9b0fc3d9.png

) appears in the taskbar. The notifier is automatically installed by default with the Deep Security Agent on Windows computers. Use the Administration > Updates > Software > Local page to import the latest version for distribution and upgrades.

On computers running a relay-enabled agent, the notifier displays the components that are being distributed to agents or appliances, not which components are in effect on the local computer.

How the notifier works

When malware is detected or a malicious site is blocked, the Deep Security Agent sends a message to the notifier, which displays a popup message in the notification area of the taskbar.

If malware is detected, the notification area displays a pop-up message similar to the following:

notifier_bubble_malware_detected=0ac32a34-c598-44eb-92bd-4e34d09e423c.png

If the user clicks on the message, a dialog with detailed information about anti-malware events is displayed:

notifier_am_events=188eb5f4-dcd1-4f83-a9cf-5f93e674dfbb.png

When a malicious web page is blocked, the notification area displays a pop-up message similar to the following:

notifier_bubble_web_pages_blocked=b48b4687-564e-4c30-8e89-12b3df8059be.png

If the user clicks on the message, a dialog with detailed information about web reputation events is displayed:

notifier_web_reputation_events=e1fa2e7d-805a-4aea-8d28-87b8ce9f0d1e.png

The notifier also provides a console utility for viewing the current protection status and component information, including pattern versions. The console utility allows the user to turn on and off the popup notifications and access detailed event information.

notifier_ui=4789a020-b0c5-4275-91c0-99e69e1ee4de.png

You can also turn off pop-up notifications for certain computers or for computers that are assigned a particular policy by going to the Deep Security Manager Computer/Policy editor > Settings > General and settings Suppress all pop-up notifications on host to Yes. The messages still appear as alerts or events in Deep Security Manager.

When the notifier is running on a computer hosting Deep Security Relay, the notifier's display shows the components being distributed by the relay and not the components that in effect on the computer.

notifier_relay_ui=b68a5aab-7e53-49c1-ac33-6a4d4ce779fb.png

Trigger a manual scan on Windows OS

If an agent is enabled to trigger a manual scan in the notifier application, the notifier console includes a panel titled Scan. The notifier uses the scan configuration assigned from the Computer editor or the Policy editor, in the editor's Anti-Malware tab, in the General horizontal tab, in the Manual Scan section. For details, see Create or edit a malware scan configuration.

A scan cannot be triggered:

When the agent is being upgraded.
When there is an ongoing server-side scan already taking place.
If the scan configuration is empty.

To start a manual scan by the agent on Windows OS:

In the Scan panel, click Scan.
Select the folders to scan and click Scan:
- For a Full Scan, select This PC to start a scan of all files.
- For a Custom Scan, select one or more files or folders to start a scan.

Once the scan is completed, the Scan Result displays the number of detected malware items. To view details of these items, click View Events in the notifier's Advanced panel.

An ongoing scan is halted if it has been triggered on a computer that is not available. For example, the user logs out of the computer after the scan has been started.