web
You’re offline. This is a read only version of the page.
close

Online Help Center
  • Search
  • Support
    • For Home
    • For Business
  • English (US)
    • Bahasa Indonesia (Indonesian)
    • Dansk (Danish)
    • Deutsch (German)
    • English (Australia)
    • English (US)
    • Español (Spanish)
    • Français (French)
    • Français Canadien
      (Canadian French)
    • Italiano (Italian)
    • Nederlands (Dutch)
    • Norsk (Norwegian)
    • Polski (Polish)
    • Português - Brasil
      (Portuguese - Brazil)
    • Português - Portugal
      (Portuguese - Portugal)
    • Svenska (Swedish)
    • ภาษาไทย (Thai)
    • Tiếng Việt (Vietnamese)
    • Türkçe (Turkish)
    • Čeština (Czech)
    • Ελληνικά (Greek)
    • Български (Bulgarian)
    • Русский (Russian)
    • עברית (Hebrew)
    • اللغة العربية (Arabic)
    • 日本語 (Japanese)
    • 简体中文
      (Simplified Chinese)
    • 繁體中文
      (Traditional Chinese)
    • 繁體中文 HK
      (Traditional Chinese)
    • 한국어 (Korean)
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More Yes, I agree
  • Online Help Center
  • Security for the Hybrid Cloud
  • ...
    Deep SecurityDeep Security 20 Long-Term SupportUser GuideAdd computers
  • Add AWS instances
  • Manage an AWS account external ID
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
  • About Deep Security
    • Deep Security 20 release strategy and lifecycle policy
    • Deep Security life cycle dates
      • Deep Security LTS lifecycle dates
      • Deep Security FR life cycle dates
    • About the Deep Security components
    • About the Deep Security protection modules
  • About this release
    • What's new?
      • What's new in Deep Security Manager?
      • What's new in Deep Security Agent?
      • What's new in Deep Security Virtual Appliance?
  • Compatibility
    • System requirements
    • Agent requirements
      • Agent platform compatibility
      • Linux kernel compatibility
      • Linux file system compatibility
      • Linux systemd support
      • Linux Secure Boot support
      • SELinux support
      • Supported features by platform
    • Sizing
      • Deep Security Manager performance features
    • Port numbers, URLs, and IP addresses
  • Get Started
    • Check digital signatures on software packages
    • Deploy Deep Security Manager
      • Prepare a database
        • Database requirements
        • Install a database server
        • Configure the database
      • Run a readiness check
      • Install Deep Security Manager
      • Install Deep Security Manager silently
      • Add activation codes
      • Set up multi-tenancy
        • Set up a multi-tenant environment
        • Multi-tenant settings
      • Set up multiple nodes
        • Install Deep Security Manager on multiple nodes
        • View active Deep Security Manager nodes
    • Deploy Deep Security Relay
    • Deploy Deep Security Agent
      • Get Deep Security Agent software
      • Configure Linux Secure Boot for agents
      • Install the agent
      • Install the agent on Amazon EC2 and WorkSpaces
      • Install the agent on an AMI or WorkSpace bundle
      • Install the agent on Azure VMs
      • Install the agent on Google Cloud Platform VMs
      • Install the agent on VMware vCloud
      • Activate the agent
      • Common issues when installing or updating the agent
    • Deploy Deep Security Virtual Appliance
      • Protection for VMware environments
      • Choose agentless vs. combined mode protection
      • Before deploying the appliance
      • Configure VMware DRS
      • Deploy the appliance (NSX-T 3.x)
        • Import the appliance
        • Prepare Fabric settings
        • Add vCenter to Deep Security Manager
        • Install the appliance on NSX-T 3.x
        • Create a group for protection
        • Configure east-west security
        • Configure Endpoint Protection
        • Configure activation
        • Next steps (how to add new VMs)
      • Deploy the appliance (NSX-V)
      • Deploy the appliance in a vCloud environment
      • Automated policy management in NSX environments
      • Synchronize Deep Security policies with NSX
      • Configure DPDK mode
      • Configure NSX security tags
      • Configure the appliance OVF location
      • Deep Security Virtual Appliance memory allocation
      • Start or stop the appliance
    • Deploy Deep Security notifier
  • User Guide
    • Add computers
      • About adding computers
      • Add local network computers
      • Add Active Directory computers
      • Add AWS instances
        • About adding AWS accounts
        • Add an AWS account using a manager instance role
        • Add an AWS account using an access key
        • Add an AWS account using a cross-account role
        • Add Amazon WorkSpaces
        • Manage an AWS account
        • Manage an AWS account external ID
        • Manage AWS regions
        • Protect an account running in AWS Outposts
      • Add Azure instances
        • Create an Azure application for Deep Security
        • Add a Microsoft Azure account to Deep Security
        • Why should I upgrade to the new Azure Resource Manager connection functionality?
      • Add GCP instances
        • Create a Google Cloud Platform service account
        • Add a Google Cloud Platform account
      • Add VMWare VMs
        • Add a VMware vCenter
        • Add virtual machines hosted on VMware vCloud
        • Change IP address or FQDN of NSX Manager
        • Add an ESXi to a protected NSX cluster
      • Control CPU usage
      • Migrate to the new cloud connector functionality
      • Protect Docker containers
      • Protect OpenShift containers
    • Configure policies
      • Create policies
      • Policies, inheritance, and overrides
      • Manage and run recommendation scans
      • Detect and configure the interfaces available on a computer
      • Overview section of the computer editor
      • Overview section of the policy editor
      • Network engine settings
      • User mode solution
      • Define rules, lists, and other common objects used by policies
        • About common objects
        • Create a firewall rule
        • Configure intrusion prevention rules
        • Create an Integrity Monitoring rule
        • Define a Log Inspection rule for use in policies
        • Create a list of directories for use in policies
        • Create a list of file extensions for use in policies
        • Create a list of files for use in policies
        • Create a list of IP addresses for use in policies
        • Create a list of ports for use in policies
        • Create a list of MAC addresses for use in policies
        • Define contexts for use in policies
        • Define stateful firewall configurations
        • Define a schedule that you can apply to rules
    • Configure protection modules
      • Configure Anti-Malware
        • About Anti-Malware
        • Set up Anti-Malware
          • Enable and configure anti-malware
          • Configure malware scans and exclusions
          • Performance tips for anti-malware
          • Coexistence of Deep Security Agent with Microsoft Defender Antivirus
          • Virtual Appliance Scan Caching
        • Detect emerging threats using Predictive Machine Learning
        • Detect emerging threats using Threat Intelligence
        • Enhanced anti-malware and ransomware scanning with behavior monitoring
        • Smart Protection in Deep Security
        • Handle malware
          • View and restore identified malware
          • Configure advanced exploit exceptions
          • Increase debug logging for anti-malware in protected Linux instances
      • Configure Web Reputation
      • Configure Intrusion Prevention (IPS)
        • About Intrusion Prevention
        • Set up Intrusion Prevention
        • Configure intrusion prevention rules
        • Configure an SQL injection prevention rule
        • Application types
        • Inspect TLS traffic
        • TLS inspection support
        • Configure anti-evasion settings
        • Performance tips for intrusion prevention
      • Configure Firewall
        • About Firewall
        • Set up the Deep Security firewall
        • Create a firewall rule
        • Allow trusted traffic to bypass the firewall
        • Firewall rule actions and priorities
        • Firewall settings
        • Firewall settings with Oracle RAC
        • Define stateful firewall configurations
        • Scan for open ports
        • Container Firewall rules
      • Configure Device Control
      • Configure Integrity Monitoring
        • About Integrity Monitoring
        • Set up Integrity Monitoring
        • Create an Integrity Monitoring rule
        • Integrity Monitoring rules language
          • About the Integrity Monitoring rules language
          • DirectorySet
          • FileSet
          • GroupSet
          • InstalledSoftwareSet
          • PortSet
          • ProcessSet
          • RegistryKeySet
          • RegistryValueSet
          • ServiceSet
          • UserSet
          • WQLSet
        • Virtual Appliance Scan Caching
      • Configure Log Inspection
        • About Log Inspection
        • Set up Log Inspection
        • Define a Log Inspection rule for use in policies
      • Configure Application Control
        • About Application Control
        • Set up Application Control
        • Verify that Application Control is enabled
        • Monitor Application Control events
        • View and change Application Control rulesets
        • Application Control Trust Entities
        • Reset Application Control after too much software change
        • Use the API to create shared and global rulesets
    • Configure events and alerts
      • About Deep Security event logging
      • Log and event storage best practices
      • Anti-Malware scan failures and cancellations
      • Apply tags to identify and group events
      • Reduce the number of logged events
      • Rank events to quantify their importance
      • Forward events to a Syslog or SIEM server
        • Forward Deep Security events to a Syslog or SIEM server
        • Syslog message formats
        • Configure Red Hat Enterprise Linux to receive event logs
      • Access events with Amazon SNS
        • Set up Amazon SNS
        • SNS configuration in JSON format
        • Events in JSON format
      • Forward system events to a remote computer via SNMP
      • Configure alerts
      • Configure SMTP settings for email notifications
      • Generate reports about alerts and other activity
      • About attack reports
      • Lists of events and alerts
        • Predefined alerts
        • Agent events
        • System events
        • Application Control events
        • Anti-malware events
        • Device Control events
        • Firewall events
        • Intrusion prevention events
        • Integrity monitoring events
        • Log inspection events
        • Web reputation events
      • Troubleshoot common events, alerts, and errors
        • Why am I seeing firewall events when the firewall module is off?
        • Troubleshoot event ID 771 "Contact by Unrecognized Client"
        • Troubleshoot "Smart Protection Server disconnected" errors
        • Error: Activation Failed
        • Error: Agent version not supported
        • Error: Anti-Malware Engine Offline
        • Error: Device Control Engine Offline
        • Error: Check Status Failed
        • Error: Installation of Feature 'dpi' failed: Not available: Filter
        • Error: Integrity Monitoring Engine Offline and other errors occur after activating a virtual machine
        • Error: Interface out of sync
        • Error: Intrusion Prevention Rule Compilation Failed
        • Error: Log Inspection Rules Require Log Files
        • Error: Module installation failed (Linux)
        • Error: There are one or more application type conflicts on this computer
        • Error: Unable to connect to the cloud account
        • Error: Unable to resolve instance hostname
        • Alert: Integrity Monitoring information collection has been delayed
        • Alert: Manager Time Out of Sync
        • Alert: The memory warning threshold of Manager Node has been exceeded
        • Event: Max TCP connections
        • Warning: Anti-Malware Engine has only Basic Functions
        • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Warning: Insufficient disk space
        • Warning: Reconnaissance Detected
    • Configure proxies
      • Configure proxies
      • Proxy settings
    • Configure relays
      • How relays work
      • Deploy additional relays
      • Remove relay functionality from an agent
    • Manage agents (protected computers)
      • Computer and agent statuses
      • Configure agent version control
      • Configure teamed NICs
      • Agent-manager communication
      • Configure agents that have no internet access
      • Activate and protect agents using agent-initiated activation and communication
      • Automatically upgrade agents on activation
      • Using Deep Security with iptables
      • Enable or disable agent self-protection on Windows
      • Enable or disable agent self-protection on Linux
      • Are offline agents still protected by Deep Security?
      • Automate offline computer removal with inactive agent cleanup
      • Agent settings
      • User mode solution
      • Deep Security notifier
    • Manage users
      • Add and manage users
      • Define roles for users
      • Add users who can only receive reports
      • Create an API key for a user
      • Unlock a locked out user name
      • Implement SAML single sign-on (SSO)
        • About SAML single sign-on (SSO)
        • Configure SAML single sign-on
        • Configure SAML single sign-on with Microsoft Entra ID
    • Manage the database
      • General database maintenance
      • Maintain PostgreSQL
      • Maintain Microsoft SQL Server Express
      • Migrate Microsoft SQL Server Express to Enterprise
      • Back up and restore your database
    • Navigate and customize Deep Security Manager
      • Customize the dashboard
      • Group computers dynamically with smart folders
      • Customize advanced system settings
    • Harden Deep Security
      • About Deep Security hardening
      • Protect Deep Security Manager with an agent
      • Protect Deep Security Agent
      • Replace the Deep Security Manager TLS certificate
      • Update the load balancer's certificate
      • Encrypt communication between the Deep Security Manager and the database
      • Change the Deep Security Manager database password
      • Configure HTTP security headers
      • Upgrade the Deep Security cryptographic algorithm
      • Enforce user password rules
      • Set up multi-factor authentication
      • Manage trusted certificates
      • SSL implementation and credential provisioning
      • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
    • Upgrade Deep Security
      • About upgrades
      • Apply security updates
      • Disable emails for New Pattern Update alerts
      • Use a web server to distribute software updates
      • Upgrade Deep Security Manager
      • Upgrade Deep Security Relay
      • Upgrade Deep Security Agent
      • Upgrade Deep Security Virtual Appliance
        • Check if new appliance software is available
        • Before upgrading the appliance
        • Upgrade the appliance
      • Upgrade the database
      • Error: The installer could not establish a secure connection to the database server
      • Upgrade the NSX license for more Deep Security features
      • Migrate an agentless solution from NSX-V to NSX-T
    • Uninstall Deep Security
      • Uninstall Deep Security
      • Uninstall Deep Security from your NSX environment
    • Configure Deep Security Manager memory usage
    • Restart the Deep Security Manager
    • Check your license information
    • Upgrade Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection
      • Upgrade to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate policies to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate common objects to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate cloud accounts to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection
    • Migrate Deep Security to Trend Cloud One - Endpoint & Workload Security
      • Migrate to Trend Cloud One - Endpoint & Workload Security
      • Migrate policies to Trend Cloud One - Endpoint & Workload Security
      • Migrate common objects to Trend Cloud One - Endpoint & Workload Security
      • Migrate cloud accounts to Trend Cloud One - Endpoint & Workload Security
      • Migrate agents to Trend Cloud One - Endpoint & Workload Security
  • DevOps, automation, and APIs
    • About DevOps, automation, and APIs
    • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
    • Command-line basics
    • Use the Deep Security API to automate tasks
    • Schedule Deep Security to perform tasks
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
    • AWS Auto Scaling and Deep Security
    • Azure virtual machine scale sets and Deep Security
    • GCP auto scaling and Deep Security
    • Use deployment scripts to add and protect computers
    • URL format for download of the agent
    • Automatically assign policies using cloud provider tags/labels
  • Trust and compliance
    • About compliance
    • Agent package integrity check
    • Meet PCI DSS requirements with Deep Security
    • Common Criteria configuration
    • GDPR
    • FIPS 140 support
    • Bypass vulnerability management scan traffic in Deep Security
    • Use TLS 1.2 with Deep Security
    • Enable TLS 1.2 strong cipher suites
    • Legal disclosures
      • Privacy and personal data collection disclosure
      • Deep Security Product Usage Data Collection
      • Legal disclaimer
  • Integrations
    • Integrate with AWS Control Tower
    • Integrate with AWS Systems Manager Distributor
    • Integrate with SAP NetWeaver
    • Integrate with Trend Vision One
      • Integrate with Trend Vision One (XDR)
      • Integrate with Trend Vision One Service Gateway
  • FAQs
    • Why does my Windows machine lose network connectivity when I turn on protection?
    • How do I get news about Deep Security?
    • How does agent protection work for Solaris zones?
    • How do I protect AWS GovCloud (US) instances?
    • How do I protect Azure Government instances?
    • How does Deep Security Agent use the Amazon Instance Metadata Service?
    • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
    • Why can't I add my Azure server using the Azure cloud connector?
    • Why can't I view all of the VMs in an Azure subscription in Deep Security?
    • Deep Security coverage of Log4j vulnerability
  • Troubleshooting
    • Offline agent
    • High CPU usage
    • Diagnose problems with agent deployment (Windows)
    • "Anti-Malware Driver Offline" status with VMware
    • Anti-Malware Windows platform update failed
    • Performance issues on an agentless virtual machine
    • Security update connectivity
    • SQL Server domain authentication problems
    • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
    • Create a diagnostic package
    • Increase verbose diagnostic package process memory
    • Removal of older software versions
    • Troubleshoot SELinux alerts
    • Troubleshoot Azure code signing
    • Network Engine Status (Windows OS)
  • PDFs
    • Deep Security Administration Guide
    • Deep Security Best Practice Guide
Manage an AWS account external ID
Note
Note
The AWS account external ID is only used when adding an AWS account using a cross-account role.
Topics:
  • What is the external ID?
  • Configure the external ID
  • Update the external ID
  • Retrieve the external ID
  • Disable retrieval of the external ID

What is the external ID?

Along with the cross-account role ARN, the external ID is used to grant access from one AWS role to another. The external ID is provided by a third-party service that wants to assume the role of your account. If you trust that service to act on your behalf, you add that external ID to your cross-account role. In this case, Deep Security is the third-party service that is providing an external ID to you, in order to act on behalf of your AWS account. Deep Security uses this access to synchronize information from your AWS account and maintain an up-to-date record of your resources. For details, see this AWS document: How to Use External ID When Granting Access to Your AWS Resources.
Notes:
  • The external ID is only used when adding an AWS account using a cross-account role.
  • The same external ID is used for all AWS accounts added using cross-account roles. There is one ID per tenant.

Configure the external ID

Configuring the external ID is one step in a larger process of adding a cross-account role. See Add an AWS account using a cross-account role for details.

Update the external ID

If you previously added an AWS account using cross-account role, you might have specified a user-defined external ID. To better align with AWS best-practices, Trend Micro recommends switching to the manager-defined external ID.
Note
Note
AWS accounts that were previously added with a user-defined external ID will continue to function as normal.

Determine whether you're using a user- or manager-defined external ID

If you're not sure whether you're currently using a user- or manager-defined external ID, follow the procedure below to find out.
  1. Log in to Deep Security Manager.
  2. Click Computers.
  3. Right-click the AWS account that was added using a cross-account role and select Properties.
  4. If an Update link appears next to the external ID, it means that a user-defined external ID is currently in use and should be updated. If an Update link does not appear, it's because the manager-defined external ID is currently in use, and no action is necessary.
  5. Repeat this procedure for each account that has been added to the manager using a cross-account role.

Update the external ID through the manager

  1. If you have not already done so, log in to Deep Security Manager, right-click the AWS account you want to update, and select Properties.
  2. Click the Update link that appears next to the external ID. The Update link disappears.
  3. Note the external ID. You'll need it in the next step to configure the cross-account role.
  4. Log in to the AWS account whose external ID you just updated. Update the cross-account role's IAM policy by replacing the old external ID with the new one.
  5. Back on the properties window, click Apply to apply changes.
    Your account's user-defined external ID has now been updated to the manager-defined one.
  6. Repeat this procedure for each account that has been added to the manager using a cross-account role.

Update the external ID through the Deep Security API

  1. If you don't already have the new manager-defined external ID, call the /api/awsconnectorsettings endpoint to retrieve it (the ExternalId parameter).
  2. Log in to the AWS account where the cross-account role was configured. Update the cross-account role's IAM policy by replacing the old external ID with the new one. Repeat this step for each account that has been added to the manager using a cross-account role.
  3. Using the /api/awsconnectors endpoint, perform an Update action on the account you are updating, with its CrossAccountRoleARN parameter set to the same role ARN as it is currently. Do not provide an external ID in the request object.
    Your account's user-defined external ID has now been updated to the manager-defined one.

Retrieve the external ID

There are a few ways to retrieve the external ID for use with cross-accounts.

Through the 'add account' wizard

  • See Add an AWS account using a cross-account role which includes a sub-section on how to retrieve the external ID through the wizard.

Through the Deep Security API

  • Call the /api/awsconnectorsettings endpoint to retrieve it (the ExternalId parameter).

Disable retrieval of the external ID

You might want to disable the ability to view and retrieve the external ID in the manager to prevent unauthorized access to it. You can retrieve the ID once, store it in a safe place like your secrets manager, and then disable the retrieval for everyone else.
Note
Note
Retrieval can be enabled again at any time.
To disable retrieval:
  1. Log in to Deep Security Manager.
  2. Click Administration at the top.
  3. In the main pane, click the Security tab.
  4. Deselect Enable retrieval and viewing of AWS external ID.
  5. Click Save.
Tip
Tip
You can also use roles to prevent access to the external ID. For details, see Define roles for users.
Was this article helpful?
Online Help Center
Support
For Home For Business
Privacy Notice
© 2025 Trend Micro Incorporated. All rights reserved.
Table of Contents
  • About Deep Security
    • Deep Security 20 release strategy and lifecycle policy
    • Deep Security life cycle dates
      • Deep Security LTS lifecycle dates
      • Deep Security FR life cycle dates
    • About the Deep Security components
    • About the Deep Security protection modules
  • About this release
    • What's new?
      • What's new in Deep Security Manager?
      • What's new in Deep Security Agent?
      • What's new in Deep Security Virtual Appliance?
  • Compatibility
    • System requirements
    • Agent requirements
      • Agent platform compatibility
      • Linux kernel compatibility
      • Linux file system compatibility
      • Linux systemd support
      • Linux Secure Boot support
      • SELinux support
      • Supported features by platform
    • Sizing
      • Deep Security Manager performance features
    • Port numbers, URLs, and IP addresses
  • Get Started
    • Check digital signatures on software packages
    • Deploy Deep Security Manager
      • Prepare a database
        • Database requirements
        • Install a database server
        • Configure the database
      • Run a readiness check
      • Install Deep Security Manager
      • Install Deep Security Manager silently
      • Add activation codes
      • Set up multi-tenancy
        • Set up a multi-tenant environment
        • Multi-tenant settings
      • Set up multiple nodes
        • Install Deep Security Manager on multiple nodes
        • View active Deep Security Manager nodes
    • Deploy Deep Security Relay
    • Deploy Deep Security Agent
      • Get Deep Security Agent software
      • Configure Linux Secure Boot for agents
      • Install the agent
      • Install the agent on Amazon EC2 and WorkSpaces
      • Install the agent on an AMI or WorkSpace bundle
      • Install the agent on Azure VMs
      • Install the agent on Google Cloud Platform VMs
      • Install the agent on VMware vCloud
      • Activate the agent
      • Common issues when installing or updating the agent
    • Deploy Deep Security Virtual Appliance
      • Protection for VMware environments
      • Choose agentless vs. combined mode protection
      • Before deploying the appliance
      • Configure VMware DRS
      • Deploy the appliance (NSX-T 3.x)
        • Import the appliance
        • Prepare Fabric settings
        • Add vCenter to Deep Security Manager
        • Install the appliance on NSX-T 3.x
        • Create a group for protection
        • Configure east-west security
        • Configure Endpoint Protection
        • Configure activation
        • Next steps (how to add new VMs)
      • Deploy the appliance (NSX-V)
      • Deploy the appliance in a vCloud environment
      • Automated policy management in NSX environments
      • Synchronize Deep Security policies with NSX
      • Configure DPDK mode
      • Configure NSX security tags
      • Configure the appliance OVF location
      • Deep Security Virtual Appliance memory allocation
      • Start or stop the appliance
    • Deploy Deep Security notifier
  • User Guide
    • Add computers
      • About adding computers
      • Add local network computers
      • Add Active Directory computers
      • Add AWS instances
        • About adding AWS accounts
        • Add an AWS account using a manager instance role
        • Add an AWS account using an access key
        • Add an AWS account using a cross-account role
        • Add Amazon WorkSpaces
        • Manage an AWS account
        • Manage an AWS account external ID
        • Manage AWS regions
        • Protect an account running in AWS Outposts
      • Add Azure instances
        • Create an Azure application for Deep Security
        • Add a Microsoft Azure account to Deep Security
        • Why should I upgrade to the new Azure Resource Manager connection functionality?
      • Add GCP instances
        • Create a Google Cloud Platform service account
        • Add a Google Cloud Platform account
      • Add VMWare VMs
        • Add a VMware vCenter
        • Add virtual machines hosted on VMware vCloud
        • Change IP address or FQDN of NSX Manager
        • Add an ESXi to a protected NSX cluster
      • Control CPU usage
      • Migrate to the new cloud connector functionality
      • Protect Docker containers
      • Protect OpenShift containers
    • Configure policies
      • Create policies
      • Policies, inheritance, and overrides
      • Manage and run recommendation scans
      • Detect and configure the interfaces available on a computer
      • Overview section of the computer editor
      • Overview section of the policy editor
      • Network engine settings
      • User mode solution
      • Define rules, lists, and other common objects used by policies
        • About common objects
        • Create a firewall rule
        • Configure intrusion prevention rules
        • Create an Integrity Monitoring rule
        • Define a Log Inspection rule for use in policies
        • Create a list of directories for use in policies
        • Create a list of file extensions for use in policies
        • Create a list of files for use in policies
        • Create a list of IP addresses for use in policies
        • Create a list of ports for use in policies
        • Create a list of MAC addresses for use in policies
        • Define contexts for use in policies
        • Define stateful firewall configurations
        • Define a schedule that you can apply to rules
    • Configure protection modules
      • Configure Anti-Malware
        • About Anti-Malware
        • Set up Anti-Malware
          • Enable and configure anti-malware
          • Configure malware scans and exclusions
          • Performance tips for anti-malware
          • Coexistence of Deep Security Agent with Microsoft Defender Antivirus
          • Virtual Appliance Scan Caching
        • Detect emerging threats using Predictive Machine Learning
        • Detect emerging threats using Threat Intelligence
        • Enhanced anti-malware and ransomware scanning with behavior monitoring
        • Smart Protection in Deep Security
        • Handle malware
          • View and restore identified malware
          • Configure advanced exploit exceptions
          • Increase debug logging for anti-malware in protected Linux instances
      • Configure Web Reputation
      • Configure Intrusion Prevention (IPS)
        • About Intrusion Prevention
        • Set up Intrusion Prevention
        • Configure intrusion prevention rules
        • Configure an SQL injection prevention rule
        • Application types
        • Inspect TLS traffic
        • TLS inspection support
        • Configure anti-evasion settings
        • Performance tips for intrusion prevention
      • Configure Firewall
        • About Firewall
        • Set up the Deep Security firewall
        • Create a firewall rule
        • Allow trusted traffic to bypass the firewall
        • Firewall rule actions and priorities
        • Firewall settings
        • Firewall settings with Oracle RAC
        • Define stateful firewall configurations
        • Scan for open ports
        • Container Firewall rules
      • Configure Device Control
      • Configure Integrity Monitoring
        • About Integrity Monitoring
        • Set up Integrity Monitoring
        • Create an Integrity Monitoring rule
        • Integrity Monitoring rules language
          • About the Integrity Monitoring rules language
          • DirectorySet
          • FileSet
          • GroupSet
          • InstalledSoftwareSet
          • PortSet
          • ProcessSet
          • RegistryKeySet
          • RegistryValueSet
          • ServiceSet
          • UserSet
          • WQLSet
        • Virtual Appliance Scan Caching
      • Configure Log Inspection
        • About Log Inspection
        • Set up Log Inspection
        • Define a Log Inspection rule for use in policies
      • Configure Application Control
        • About Application Control
        • Set up Application Control
        • Verify that Application Control is enabled
        • Monitor Application Control events
        • View and change Application Control rulesets
        • Application Control Trust Entities
        • Reset Application Control after too much software change
        • Use the API to create shared and global rulesets
    • Configure events and alerts
      • About Deep Security event logging
      • Log and event storage best practices
      • Anti-Malware scan failures and cancellations
      • Apply tags to identify and group events
      • Reduce the number of logged events
      • Rank events to quantify their importance
      • Forward events to a Syslog or SIEM server
        • Forward Deep Security events to a Syslog or SIEM server
        • Syslog message formats
        • Configure Red Hat Enterprise Linux to receive event logs
      • Access events with Amazon SNS
        • Set up Amazon SNS
        • SNS configuration in JSON format
        • Events in JSON format
      • Forward system events to a remote computer via SNMP
      • Configure alerts
      • Configure SMTP settings for email notifications
      • Generate reports about alerts and other activity
      • About attack reports
      • Lists of events and alerts
        • Predefined alerts
        • Agent events
        • System events
        • Application Control events
        • Anti-malware events
        • Device Control events
        • Firewall events
        • Intrusion prevention events
        • Integrity monitoring events
        • Log inspection events
        • Web reputation events
      • Troubleshoot common events, alerts, and errors
        • Why am I seeing firewall events when the firewall module is off?
        • Troubleshoot event ID 771 "Contact by Unrecognized Client"
        • Troubleshoot "Smart Protection Server disconnected" errors
        • Error: Activation Failed
        • Error: Agent version not supported
        • Error: Anti-Malware Engine Offline
        • Error: Device Control Engine Offline
        • Error: Check Status Failed
        • Error: Installation of Feature 'dpi' failed: Not available: Filter
        • Error: Integrity Monitoring Engine Offline and other errors occur after activating a virtual machine
        • Error: Interface out of sync
        • Error: Intrusion Prevention Rule Compilation Failed
        • Error: Log Inspection Rules Require Log Files
        • Error: Module installation failed (Linux)
        • Error: There are one or more application type conflicts on this computer
        • Error: Unable to connect to the cloud account
        • Error: Unable to resolve instance hostname
        • Alert: Integrity Monitoring information collection has been delayed
        • Alert: Manager Time Out of Sync
        • Alert: The memory warning threshold of Manager Node has been exceeded
        • Event: Max TCP connections
        • Warning: Anti-Malware Engine has only Basic Functions
        • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Warning: Insufficient disk space
        • Warning: Reconnaissance Detected
    • Configure proxies
      • Configure proxies
      • Proxy settings
    • Configure relays
      • How relays work
      • Deploy additional relays
      • Remove relay functionality from an agent
    • Manage agents (protected computers)
      • Computer and agent statuses
      • Configure agent version control
      • Configure teamed NICs
      • Agent-manager communication
      • Configure agents that have no internet access
      • Activate and protect agents using agent-initiated activation and communication
      • Automatically upgrade agents on activation
      • Using Deep Security with iptables
      • Enable or disable agent self-protection on Windows
      • Enable or disable agent self-protection on Linux
      • Are offline agents still protected by Deep Security?
      • Automate offline computer removal with inactive agent cleanup
      • Agent settings
      • User mode solution
      • Deep Security notifier
    • Manage users
      • Add and manage users
      • Define roles for users
      • Add users who can only receive reports
      • Create an API key for a user
      • Unlock a locked out user name
      • Implement SAML single sign-on (SSO)
        • About SAML single sign-on (SSO)
        • Configure SAML single sign-on
        • Configure SAML single sign-on with Microsoft Entra ID
    • Manage the database
      • General database maintenance
      • Maintain PostgreSQL
      • Maintain Microsoft SQL Server Express
      • Migrate Microsoft SQL Server Express to Enterprise
      • Back up and restore your database
    • Navigate and customize Deep Security Manager
      • Customize the dashboard
      • Group computers dynamically with smart folders
      • Customize advanced system settings
    • Harden Deep Security
      • About Deep Security hardening
      • Protect Deep Security Manager with an agent
      • Protect Deep Security Agent
      • Replace the Deep Security Manager TLS certificate
      • Update the load balancer's certificate
      • Encrypt communication between the Deep Security Manager and the database
      • Change the Deep Security Manager database password
      • Configure HTTP security headers
      • Upgrade the Deep Security cryptographic algorithm
      • Enforce user password rules
      • Set up multi-factor authentication
      • Manage trusted certificates
      • SSL implementation and credential provisioning
      • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
    • Upgrade Deep Security
      • About upgrades
      • Apply security updates
      • Disable emails for New Pattern Update alerts
      • Use a web server to distribute software updates
      • Upgrade Deep Security Manager
      • Upgrade Deep Security Relay
      • Upgrade Deep Security Agent
      • Upgrade Deep Security Virtual Appliance
        • Check if new appliance software is available
        • Before upgrading the appliance
        • Upgrade the appliance
      • Upgrade the database
      • Error: The installer could not establish a secure connection to the database server
      • Upgrade the NSX license for more Deep Security features
      • Migrate an agentless solution from NSX-V to NSX-T
    • Uninstall Deep Security
      • Uninstall Deep Security
      • Uninstall Deep Security from your NSX environment
    • Configure Deep Security Manager memory usage
    • Restart the Deep Security Manager
    • Check your license information
    • Upgrade Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection
      • Upgrade to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate policies to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate common objects to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate cloud accounts to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection
    • Migrate Deep Security to Trend Cloud One - Endpoint & Workload Security
      • Migrate to Trend Cloud One - Endpoint & Workload Security
      • Migrate policies to Trend Cloud One - Endpoint & Workload Security
      • Migrate common objects to Trend Cloud One - Endpoint & Workload Security
      • Migrate cloud accounts to Trend Cloud One - Endpoint & Workload Security
      • Migrate agents to Trend Cloud One - Endpoint & Workload Security
  • DevOps, automation, and APIs
    • About DevOps, automation, and APIs
    • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
    • Command-line basics
    • Use the Deep Security API to automate tasks
    • Schedule Deep Security to perform tasks
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
    • AWS Auto Scaling and Deep Security
    • Azure virtual machine scale sets and Deep Security
    • GCP auto scaling and Deep Security
    • Use deployment scripts to add and protect computers
    • URL format for download of the agent
    • Automatically assign policies using cloud provider tags/labels
  • Trust and compliance
    • About compliance
    • Agent package integrity check
    • Meet PCI DSS requirements with Deep Security
    • Common Criteria configuration
    • GDPR
    • FIPS 140 support
    • Bypass vulnerability management scan traffic in Deep Security
    • Use TLS 1.2 with Deep Security
    • Enable TLS 1.2 strong cipher suites
    • Legal disclosures
      • Privacy and personal data collection disclosure
      • Deep Security Product Usage Data Collection
      • Legal disclaimer
  • Integrations
    • Integrate with AWS Control Tower
    • Integrate with AWS Systems Manager Distributor
    • Integrate with SAP NetWeaver
    • Integrate with Trend Vision One
      • Integrate with Trend Vision One (XDR)
      • Integrate with Trend Vision One Service Gateway
  • FAQs
    • Why does my Windows machine lose network connectivity when I turn on protection?
    • How do I get news about Deep Security?
    • How does agent protection work for Solaris zones?
    • How do I protect AWS GovCloud (US) instances?
    • How do I protect Azure Government instances?
    • How does Deep Security Agent use the Amazon Instance Metadata Service?
    • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
    • Why can't I add my Azure server using the Azure cloud connector?
    • Why can't I view all of the VMs in an Azure subscription in Deep Security?
    • Deep Security coverage of Log4j vulnerability
  • Troubleshooting
    • Offline agent
    • High CPU usage
    • Diagnose problems with agent deployment (Windows)
    • "Anti-Malware Driver Offline" status with VMware
    • Anti-Malware Windows platform update failed
    • Performance issues on an agentless virtual machine
    • Security update connectivity
    • SQL Server domain authentication problems
    • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
    • Create a diagnostic package
    • Increase verbose diagnostic package process memory
    • Removal of older software versions
    • Troubleshoot SELinux alerts
    • Troubleshoot Azure code signing
    • Network Engine Status (Windows OS)
  • PDFs
    • Deep Security Administration Guide
    • Deep Security Best Practice Guide
Close