A computer reboot is required to enable Deep Security Agent protection

Critical

Yes

The agent software upgrade was successful, but a computer reboot is required to disable Windows Defender and enable Deep Security Agent protection.

A Deep Security Relay cannot download security components

Critical

No

A Deep Security Relay can't successfully download security components. This might be due to network connectivity issues or misconfigurations in Deep Security Manager under Administration > System Settings > Updates. Check your network configurations (for example, the proxy settings of the relay group) and System Settings, and then manually initiate an update on the relay using the Download Security Update option on the Administration > Updates > Software page.

Abnormal Restart Detected

Warning

Yes

An abnormal restart has been detected on the computer. This condition may be caused by a variety of conditions. If the agent/appliance is suspected as the root cause then the diagnostics package (located in the Support section of the Computer Details dialog) should be invoked.

This alert indicates that the Deep Security Agent service was restarted abnormally. You can safely dismiss this alert, or, if the alert reoccurs, create a diagnostics package and open a case with Technical Support.

Activation Failed

Critical

No

This may indicate a problem with the agent/appliance, but it also can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editor > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.

Agent configuration package too large

Warning

Yes

This is usually caused by too many firewall and intrusion prevention rules being assigned. Run a recommendation scan on the computer to determine if any rules can be safely unassigned.

Agent Heartbeat Public Server Certificate Expired

Critical

No

The public server certificate used for TLS on the agent heartbeat port has expired. New agents may not be able to activate until the certificate is updated.

Agent Heartbeat Public Server Certificate Expires Soon

Warning

No

The public server certificate used for TLS on the agent heartbeat port will expire soon. Renew soon to prevent any disruption to agent communication.

Agent Installation Failed

Critical

Yes

The agent failed to install successfully on one or more computers. Those computers are currently unprotected. You must reboot the computers which will automatically restart the agent install program.

This may indicate a problem with the agent/appliance, but it also can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editor > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.

Agent Upgrade Recommended (Incompatible with Appliance)

Warning

No

Deep Security Manager has detected a computer with a version of the agent that is not compatible with the appliance. The appliance will always filter network traffic in this configuration resulting in redundant protection. (Deprecated in 9.5)

Agent/Appliance Upgrade Recommended

Warning

No

The Deep Security Manager has detected an older agent/appliance version on the computer that does not support all available features. An upgrade of the agent/appliance software is recommended. (Deprecated in 9.5)

Agent/ApplianceUpgrade Recommended (Incompatible Security Update(s))

Warning

No

Deep Security Manager has detected a computer with a version of the agent/appliance that is not compatible with one or more security updates assigned to it. An upgrade of the agent/appliance software is recommended.

Agent/ApplianceUpgrade Recommended (New Version Available)

Warning

No

Deep Security Manager has detected one or more computers with a version of the agent/appliance that is older than the latest version imported into the manager. An upgrade of the agent/appliance software is recommended.

Agent/Appliance Upgrade Required

Warning

No

Deep Security Manager has detected a computer with a version of the agent/appliance that is not compatible with this version of the manager. An upgrade of the agent/appliance software is required.

An update to the Rules is available

Warning

No

Updated rules have been downloaded but not applied to your policies. To apply the rules, go to Administration > Updates > Security and in the Rule Updates column, click Apply Rules to Policies.

Anti-Malware Alert

Warning

Yes

A malware scan configuration that is configured for alerting has raised an event on one or more computers.

Anti-Malware Component Failure

Critical

Yes

An anti-malware component failed on one or more computers. See the event descriptions on the individual computers for specific details.

Anti-Malware Component Update Failed

Warning

No

One or more agent or relay failed to update anti-malware components. See the affected computers for more information.

Anti-Malware Engine Offline

Critical

No

The agent or appliance has reported that the anti-malware engine is not responding. Please check the system events for the computer to determine the cause of the failure.

Anti-malware module maximum disk space used to store identified files exceeded

Warning

Yes

The Anti-Malware module was unable to analyze or quarantine a file because the maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab.

Anti-Malware protection is absent or out of date

Warning

No

The agent on this computer has not received its initial anti-malware protection package, or its anti-malware protection is out of date. Make sure a relay is available and that the agent has been properly configured to communicate with it. To configure relays and other update options, go to Administration > System Settings > Updates.

API Key Locked Out

Warning

No

API Keys can be locked out manually, or by repeated failed validation attempts.

Application Control Engine Offline

Critical

No

The agent has reported that the Application Control engine failed to initialize. Please check the system events for the computer to determine the cause of the failure.

Application Control Ruleset is incompatible with agent version

Critical

No

An application control ruleset could not be assigned to one or more computers because the ruleset is not supported by the installed version of the agent. Typically, the problem is that a hash-based ruleset (which is compatible only with Deep Security Agent 11.0 or newer) has been assigned to an older Deep Security Agent. Deep Security Agent 10.x supports only file-based rulesets. (For details, see Differences in how Deep Security Agent 10.x and 11.x compare files.) To fix this issue, upgrade the Deep Security Agent to version 11.0 or newer. Alternatively, if you are using local rulesets, reset application control for the agent. Or if you are using a shared ruleset, use a shared ruleset that was created with Deep Security 10.x until all agents using the shared ruleset are upgraded to Deep Security Agent 11.0 or newer.

Application Type Misconfiguration

Warning

No

Misconfiguration of application types may prevent proper security coverage.

Application Type Recommendation

Warning

Yes

Deep Security Manager has determined that a computer should be assigned an application type. This could be because an agent was installed on a new computer and vulnerable applications were detected, or because a new vulnerability has been discovered in an installed application that was previously thought to be safe. To assign the application type to the computer, open the 'Computer Details' dialog box, click on 'Intrusion Prevention Rules', and assign the application type.

Azure Account Not Authorized to Read Resources Information

Critical

No

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application is not authorized to read resources. Please verify that the Reader role has been assigned to the application.

Azure Account Password Invalid

Critical

No

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application password is invalid.

Azure Account Secret Expired

Critical

No

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application secret key has expired.

Microsoft Entra ID Application Not Found

Critical

No

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application is not found. The application possibly has been removed from Microsoft Entra ID.

Microsoft Entra ID Application Certificate expired

Critical

No

The Microsoft Entra ID application cannot sync the cloud data because the application certificate has expired. Renew the Azure Application certificate.

Microsoft Entra ID Application Certificate expires soon

Warning

No

The Microsoft Entra ID application certificate will expire soon. Renew the Azure Application certificate.

Microsoft Entra ID Application Need Renew

Critical

No

The Microsoft Entra ID application can not sync the cloud data now. Maybe the application password is expired or the application is deleted. Please renew the application via Computers > Properties (right click on the target group) > Renew Application Now.

Azure Key Pair Expired

Critical

No

The key pair for Azure service(s) has expired. You can remove this alert by updating your key pair on the Azure service's property page.

Azure Key Pair Expires Soon

Warning

No

The key pair for Azure service(s) will expire soon. You can remove this alert by updating your key pair on the Azure service's property page.

Azure Subscription Not Found

Critical

No

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Subscription cannot be found.

Census, Good File Reputation, and Predictive Machine Learning Service Disconnected

Warning

Yes

Disconnected from Census, Good File Reputation, and Predictive Machine Learning Service. Please see the event details below for possible solutions.

Refer to Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected for troubleshooting tips.

Certified Safe Software Service Offline

Warning

No

A Deep Security Manager node cannot connect to the Trend Micro Certified Safe Software Service to perform file signature comparisons for the integrity monitoring module. A locally cached database will be used until connectivity is restored. Make sure the manager node has internet connectivity and that proxy settings (if any) are correct.

Clock Change Detected

Warning

Yes

A clock change has been detected on the computer. Unexpected clock changes may indicate a problem on the computer and should be investigated before the alert is dismissed.

Cloud Computer Not Managed as Part of Cloud Account

Warning

Yes

An agent was activated on one or more computers belonging to a cloud account that is not synchronized with Deep Security. Click the link in the 'Action' field above to add the cloud account to Deep Security. The computer(s) will be moved into the account, and may be billed at a lower hourly rate.

Communications Problem Detected

Warning

Yes

A communications problem has been detected on the computer. Communications problems indicate that the computer cannot initiate communication with the Deep Security Manager(s) because of network configuration or load reasons. Please check the system events in addition to verifying communications can be established to the Deep Security Manager(s) from the computer. The cause of the issue should be investigated before the alert is dismissed.

Computer Not Receiving Updates

Warning

No

These computer(s) have stopped receiving updates. Manual intervention may be required.

Computer Reboot Required

Critical

Yes

The agent software upgrade was successful, but the computer must be rebooted for the install to be completed. The computer(s) should be manually updated before the alert is dismissed.

Computer Reboot Required for Anti-Malware Protection

Critical

No

The anti-malware protection on the agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

Computer Reboot Required for Application Control Protection

Critical

No

The Application Control protection on Agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

Computer Reboot Required for Integrity Monitoring Protection

Critical

No

The Integrity Monitoring protection on Agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

Configuration Required

Warning

No

One or more computers are using a policy that defines multiple interface types where not all interfaces have been mapped.

Connection to Filter Driver Failure

Critical

No

An appliance has reported a failure connecting to the filter driver. This may indicate a configuration issue with the filter driver running on the ESXi or with the appliance. The appliance must be able to connect to the filter driver in order to protect guests. The cause of the issue should be investigated and resolved.

CPU Critical Threshold Exceeded

Critical

No

The CPU critical threshold has been exceeded.

CPU Warning Threshold Exceeded

Warning

No

The CPU warning threshold has been exceeded.

Critical database error while creating new table partitions during maintenance job

Critical

No

A critical error occurred during routine database maintenance. During maintenance, new partitions are added to partitioned tables to accommodate new data. During the most recent maintenance job, errors occurred, meaning that some tables are missing future partitions. New data that would ordinarily be written to those partitions may be lost.

Please contact your support provider immediately for assistance in resolving this issue. (To facilitate the process, try to have server logs ready, which can be found at the root of DSM directory)

Duplicate Computer Detected

Warning

Yes

A duplicate computer has been activated or imported. Please remove the duplicate computer and reactivate the original computer if necessary.

Duplicate Unique Identifiers Detected

Warning

No

Duplicate UUIDs have been detected. Please remove the duplicate UUID.

Empty Relay Group Assigned

Critical

No

These computers have been assigned an empty relay group. Assign a different relay group to the computers or add relays to the empty relay group(s).

Events Suppressed

Warning

Yes

The agent/appliance encountered an unexpectedly high volume of events. As a result, one or more events were not recorded (suppressed) to prevent a potential denial of service. Check the firewall events to determine the cause of the suppression.

Events Truncated

Warning

Yes

Some events were lost because the data file grew too large for the agent/appliance to store. This may have been caused by an unexpected increase in the number of events being generated, or the inability of the agent/appliance to send the data to the Deep Security Manager. For more information, see the properties of the "Events Truncated" system event on the computer.

Execution of Software Blocked

Warning

Yes

Execution of software was blocked on one or more computers. See the Application Control Events on the following computers for more information.

Failed to Send SNS Message

Critical

No

The Deep Security Manager was unable to forward messages to Amazon SNS

Failed to Send Syslog Message

Warning

No

The Deep Security Manager was unable to forward messages to one or more Syslog Servers.

Files could not be scanned for malware

Warning

No

Files could not be scanned for malware because the file path exceeded the maximum file path length limit or the directory depth exceeded the maximum directory depth limit. Please check the system events for the computer to determine the reason.

Firewall Engine Offline

Critical

No

The agent/appliance has reported that the firewall engine is offline. Please check the status of the engine on the agent/appliance.

Firewall Rule Alert

Warning

Yes

A firewall rule that is selected for alerting has been encountered on one or more computers.

Firewall Rule Recommendation

Warning

Yes

Deep Security Manager has determined that a computer on your network should be assigned a firewall rule. This could be because an agent was installed on a new computer and vulnerable applications were detected, or because a new vulnerability has been discovered in an installed application that was previously thought to be safe. To assign the firewall rule to the computer, open the 'Computer Details' dialog box, click on the 'Firewall Rules' node, and assign the firewall rule.

Heartbeat Server Failed

Warning

No

The heartbeat server failed to start properly. This may be due to a port number conflict. Agents/appliances will not be able to contact the manager until this problem is resolved. To resolve this problem ensure that another service is not using the port number reserved for use by the heartbeat server and Restart the Deep Security Manager service. If you do not wish to use the heartbeat you can turn this alert off in the Alert Configuration section.

Incompatible Agent/Appliance Version

Error

No

Deep Security Manager has detected a more recent agent/appliance version on the computer that is not compatible with this version of the manager. An upgrade of the manager software is recommended.

Insufficient Disk Space

Warning

Yes

The agent/appliance has reported that it was forced to delete an old log file to free up disk space for a new log file. Please immediately free up disk space to prevent loss of intrusion prevention, firewall and agent/appliance events. See Warning: Insufficient disk space.

Integrity Monitoring Engine Offline

Critical

No

The agent/appliance has reported that the integrity monitoring engine is not responding. Please check the system events for the computer to determine the cause of the failure.

Integrity Monitoring information collection has been delayed

Warning

No

The rate at which integrity monitoring information is collected has been temporarily delayed due to an increased amount of integrity monitoring data. During this time the baseline and integrity event views may not be current for some computers. This alert will be dismissed automatically once integrity monitoring data is no longer being delayed.

Integrity Monitoring Rule Alert

Warning

Yes

An integrity monitoring rule that is selected for alerting has been encountered on one or more computers.

Integrity Monitoring Rule Compilation Error

Critical

No

An error was encountered compiling an integrity monitoring rule on a computer. This may result in the integrity monitoring rule not operating as expected.

Integrity Monitoring Rule Recommendation

Warning

Yes

Deep Security Manager has determined that a computer on your network should be assigned an integrity monitoring rule. To assign the integrity monitoring rule to the computer, open the 'Computer Details' dialog box, click on the 'Integrity Monitoring > Integrity Monitoring Rules' node, and assign the integrity monitoring rule.

Integrity Monitoring Rule Requires Configuration

Warning

No

An integrity monitoring rule that requires configuration before use has been assigned to one or more computers. This rule will not be sent to the computer(s). Open the integrity monitoring rule properties and select the Configuration tab for more information.

Integrity Monitoring Trusted Platform Module Not Enabled

Warning

Yes

Trusted platform module not enabled. Please ensure the hardware is installed and the BIOS setting is correct.

Integrity Monitoring Trusted Platform Module Register Value Changed

Warning

Yes

Trusted platform module register value changed. If you have not modified the ESXi hypervisor configuration this may represent an attack.

Intrusion Prevention Engine Offline

Critical

No

The agent/appliance has reported that the intrusion prevention engine is offline. Please check the status of the engine on the agent/appliance.

Intrusion Prevention Rule Alert

Warning

Yes

An intrusion prevention rule that is selected for alerting has been encountered on one or more computers.

Intrusion Prevention Rule Compilation Failed

Critical

Yes

This is usually caused by a misconfigured IPS Rule. The Rule name can be found in the Event's Properties window. To resolve this issue, identify the Rule and unassign it or contact Trend Micro Support for assistance.

Intrusion Prevention Rule Requires Configuration

Warning

No

An intrusion prevention rule that requires configuration before use has been assigned to one or more computers. This rule will not be sent to the computer(s). Open the intrusion prevention rule properties and select the Configuration tab for more information.

Invalid System Settings Detected

Critical

No

The Deep Security Manager detected invalid values for one or more system settings.

Legacy Agent Software Detected

Warning

Yes

We have detected software whose version is less than 9.5, and is no longer supported. Please import the latest software to replace it.

For details, see Get Deep Security Agent software.

Log Inspection Engine Offline

Critical

No

The agent/appliance has reported that the log inspection engine has failed to initialize. Please check the system events for the computer to determine the cause of the failure.

Log Inspection Rule Alert

Warning

Yes

A log inspection rule that is selected for alerting has been encountered on one or more computers.

Log Inspection Rule Recommendation

Warning

Yes

Deep Security Manager has determined that a computer on your network should be assigned a log inspection rule. To assign the log inspection rule to the computer, open the 'Computer Details' dialog box, click on the 'Log Inspection > Log Inspection Rules' node, and assign the log inspection rule.

Log Inspection Rule Requires Configuration

Warning

No

A log inspection rule that requires configuration before use has been assigned to one or more computers. This rule will not be sent to the computer(s). Open the Log Inspection Rule properties and select the Configuration tab for more information.

Low Disk Space

Warning

No

A Deep Security Manager Node has less than 10% remaining disk space. Please free space by deleting old or unnecessary files, or add more storage capacity.

Maintenance Mode On

Warning

No

Maintenance mode is currently active for application control on one or more computers. While this mode is active, application control continues to enforce block rules (if you selected Block unrecognized software until it is explicitly allowed), but will allow software updates, and automatically add them to the inventory part of the ruleset. When the software update is finished for each computer, disable maintenance mode so that unauthorized software is not accidentally added to the ruleset.

Manager Offline

Warning

No

A Deep Security Manager node is offline. It is possible the computer has a hardware or software problem, or has simply lost network connectivity. Please check the status of the manager's computer.

Manager Time Out of Sync

Critical

No

The clock on each manager node must be synchronized with the clock on the database. If the clocks are too far out of sync (more than 30 seconds) the manager node will not perform its tasks correctly. Synchronize the clock on your manager node with the clock on the database.

Memory Critical Threshold Exceeded

Critical

No

The memory critical threshold has been exceeded.

Memory Warning Threshold Exceeded

Warning

No

The memory warning threshold has been exceeded.

Move Failed

Warning

Yes

Computer was not moved to Trend Cloud One - Endpoint & Workload Security due to a connectivity issue.

Before trying the move again:

Move Failed: No response

Warning

Yes

Computer was not moved to Trend Cloud One - Endpoint & Workload Security because the move request timed out.

If using manager-initiated activation, there was no response from the agent after the manager initiated the command.

If using agent-initiated activation, there was no heartbeat from the agent.

Check the agent status and try the move again.

Move Failed: Failed to activate

Warning

Yes

The move to Trend Cloud One - Endpoint & Workload Security failed due to an activation issue and was rolled back.

Before trying the move again:

Move Failed: Unmanaged

Critical

Yes

The move to Trend Cloud One - Endpoint & Workload Security failed due to an activation issue and the move could not be rolled back. The computer is in an unmanaged state.

To troubleshoot this issue:

Before trying the move again:

Network Engine Mode Incompatibility

Warning

No

Setting Network Engine Mode to Tap is only available on agent versions 5.2 or later. Review and update the agent's configuration or upgrade the agent to resolve the incompatibility.

New Pattern Update is Downloaded and Available

Warning

No

New patterns are available as part of a security update. The patterns have been downloaded to Deep Security but have not yet been applied to your computers. To apply the update to your computers, go to the Administration > Updates > Security page.

New Rule Update is Downloaded and Available

Warning

No

New rules are available as part of a security update. The rules have been downloaded to Deep Security but have not yet been applied to policies and sent to your computers. To apply the update and send the updated policies to your computers, go to the Administration > Updates > Security page.

Newer Version of Deep Security Manager is Available

Warning

No

A new version of the Deep Security Manager is available. Download the latest version from the Trend Micro Download Center at http://downloadcenter.trendmicro.com/

Newer Versions of Software Available

Warning

No

New software is available. Software can be downloaded from the Download Center.

Number of Computers exceeds database limit

Warning

No

The number of activated computers has exceeded the recommended limit for an embedded database. Performance will degrade rapidly if more computers are added and it is strongly suggested that another database option (Oracle or SQL Server) be considered at this point. Please contact Trend Micro for more information on upgrading your database.

Protection Module Licensing Expired

Warning

Yes

The protection module license has expired.

Protection Module Licensing Expires Soon

Warning

No

The protection module licensing will expire soon. You can remove this alert by changing your license on the Administration > Licenses page.

Recommendation

Warning

Yes

Deep Security Manager has determined that the security configuration of one of your computers should be updated. To see what changes are recommended, open the Computer editor and look through the module pages for warnings of unresolved recommendations. In the Assigned Rules area, click Assign/Unassign to display the list of available rules and then filter them using the "Show Recommended for Assignment" viewing filter option. (Select "Show Recommended for Unassignment" to display rules that can safely be unassigned.)

Reconnaissance Detected: Computer OS Fingerprint Probe

Warning

Yes

The agent or appliance detected an attempt to identify the computer operating system via a "fingerprint" probe. Such activity is often a precursor to an attack that targets specific vulnerabilities. Check the computer's events to see the details of the probe and see Warning: Reconnaissance Detected.

Reconnaissance Detected: Network or Port Scan

Warning

Yes

The agent or appliance detected network activity typical of a network or port scan. Such activity is often a precursor to an attack that targets specific vulnerabilities. Check the computer's events to see the details of the probe and see Warning: Reconnaissance Detected.

Reconnaissance Detected: TCP Null Scan

Warning

Yes

The agent or appliance detected a TCP "Null" scan. Such activity is often a precursor to an attack that targets specific vulnerabilities. Check the computer's events to see the details of the probe and see Warning: Reconnaissance Detected.

Reconnaissance Detected: TCP SYNFIN Scan

Warning

Yes

The agent or appliance detected a TCP "SYNFIN" scan. Such activity is often a precursor to an attack that targets specific vulnerabilities. Check the computer's events to see the details of the probe and see Warning: Reconnaissance Detected.

Reconnaissance Detected: TCP Xmas Scan

Warning

Yes

The agent or appliance detected a TCP "Xmas" scan. Such activity is often a precursor to an attack that targets specific vulnerabilities. Check the computer's events to see the details of the probe and see Warning: Reconnaissance Detected.

Relay Upgrade Required For Agent Integrity Check

Warning

No

To enable Agent Integrity Check, please upgrade relay.

SAML Identity Provider Certificate expired

Critical

No

One or more SAML Identity Provider Certificate(s) expired.

SAML Identity Provider Certificate expires soon

Warning

No

One or more SAML Identity Provider Certificate(s) will expire soon.

SAML Service Certificate expired

Critical

No

SAML Service Provider Certifcate expired.

SAML Service Certificate expires soon

Warning

No

SAML Service Provider Certificate expires soon.

Scheduled Malware Scan Missed

Warning

No

Scheduled malware scan tasks were initiated on computers that already had pending scan tasks. This may indicate a scanning frequency that is too high. Consider lowering the scanning frequency, or selecting fewer computers to scan during each scheduled scan job.

Send Policy Failed

Critical

No

Inability to send policy may indicate a problem with the agent/appliance. Please check the affected computers.

Smart Protection Server Connection Failed

Warning

Yes

Failed to connect to a Smart Protection Server. This could be due to a configuration issue, or due to network connectivity.

Software Changes Detected

Warning

No

During ongoing file system monitoring, application control detected that new software had been installed, and it did not match any configured allow or block rule. If your system administrators did not install the software, and no other users have permissions to install software, this could indicate a security compromise. If the software tries to launch, depending on your lockdown configuration at that time, it may or may not be allowed to execute.

Software Package Not Found

Critical

No

An agent software package is required for the proper operation of one or more virtual appliance(s). Please import a Red Hat Enterprise Linux 6 (64 bit) agent software package with the correct version for each appliance. If the required version is not available then please import the latest package and upgrade the appliance to match.

Software Updates Available for Import

Warning

No

New software is available. To import new software to Deep Security, go to Administration > Updates > Software > Download Center.

Unable to communicate

Critical

No

Deep Security Manager has been unable to query the agent/appliance for its status within the configured period. Please check your network configuration and the affected computer's connectivity.

Unable to Upgrade the Agent Software

Warning

Yes

Deep Security Manager was unable to upgrade the agent software on the computer.

This may indicate a problem with the agent/appliance, but it also can occur if agent self-protection is enabled. On the Deep Security Manager, go to Computer editor > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.

Unresolved software change limit reached

Critical

No

Software changes detected on the file system exceeded the maximum amount. Application control will continue to enforce existing rules, but will not record any more changes, and it will stop displaying any of that computer's software changes. You must resolve and prevent excessive software change.

Upgrade of the Deep Security Manager Software Recommended (Incompatible Security Update(s))

Warning

No

Deep Security Manager has detected a computer that is using security updates that are not compatible with the current version of Deep Security Manager. An upgrade of Deep Security Manager software is recommended.

User Locked Out

Warning

No

Users can be locked out manually, by repeated incorrect sign-in attempts, if their password expires, or if they have been imported but not yet unlocked.

User Password Expires Soon

Warning

No

The password expiry setting is enabled and one or more users have passwords that will expire within the next 7 days.

Virtual Appliance is Incompatible With Filter Driver

Warning

No

The appliance is incompatible with the filter driver. Please ensure both are upgraded to their latest versions.

Virtual Machine Interfaces Out of Sync

Warning

No

One or more of the virtual machines monitored by a Deep Security Virtual Appliance has reported that its interfaces are out of sync with the filter driver. This means that the appliance may not be properly monitoring the virtual machine's interfaces. The virtual machine may require manual intervention such as a configuration change, or a restart, to correct the issue.

Virtual Machine Moved to Unprotected ESXi Server

Warning

Yes

A virtual machine was moved to an ESXi Server that does not have an activated Deep Security Virtual Appliance.

Virtual Machine Unprotected after move to another ESXi

Warning

Yes

A virtual machine that was appliance-protected has been unprotected during or after it was moved to another ESXi. This may be due to an appliance reboot or power off during the move, or it may indicate a configuration issue. The cause of the issue should be investigated before the alert is dismissed.

VMware Tools Not Installed

Critical

Yes

A protected virtual machine in an NSX environment does not have VMware Tools installed. VMware Tools is required to protect virtual machines in an NSX environment.

Web Reputation Event Alert

Warning

Yes

A web reputation event has been encountered on one or more computers that are selected for alerting.

WorkSpaces Disabled for AWS Account

Warning

Yes

An agent was activated on one or more Amazon WorkSpaces but WorkSpaces are not enabled for your AWS account. To enable WorkSpaces, click 'Edit AWS Account' above, and select the 'Include Amazon WorkSpaces' check box. Your WorkSpace(s) will be moved into the WorkSpaces folder of the AWS account.