Topics:

Before you begin

Make sure you have completed all pre-installation tasks in Install Deep Security Manager.

Run a silent install on Windows

To initiate a silent install on Windows, open a command prompt in the same directory as the install package and run:
Manager-Windows-<Version>.x64.exe -q -console -Dinstall4j.language=<ISO code> -varfile <PropertiesFile>
For details on the parameters and variables in the above command, see Silent install parameters.

Run a silent install on Linux

Note
Note
Before executing this command, grant execution permission to the installation package.
To initiate a silent install on Linux, use the command line to go to the same directory as the install package and run:
Manager-Linux-<Version>.x64.sh -q -console -Dinstall4j.language=<ISO code> -varfile <PropertiesFile>
For details on the parameters and variables in the above command, see Silent install parameters.

Silent install parameters

-q forces the installer to execute in unattended (silent) mode.
-console forces messages to appear in the console (stdout).
-Dinstall4j.language=<ISO code> lets you override the default installation language (English) if other languages are available. Specify a language using standard ISO language identifiers:
  • Japanese: ja
  • Simplified Chinese: zh_CN
-varfile <PropertiesFile> , where <PropertiesFile> is the full path to standard Java properties file with entries for the various settings you can apply during a Deep Security Manager install. Each property is identified by its equivalent GUI screen and setting in the Windows Deep Security Manager installation. For example, the Deep Security Manager address on the "Address and Ports" screen is specified as:
AddressAndPortsScreen.ManagerAddress=
Most of the properties in this file have acceptable defaults and may be omitted.
For a complete description of available settings, see Deep Security settings in the properties file.
-t runs an installer readiness check rather than a regular install.

Sample installation output

The following is a sample output from a successful install, followed by an example output from a failed install (invalid license). The [Error] tag in the trace indicates a failure.

Successful install

Stopping Trend Micro Deep Security Manager Service...
Finishing installation ...

Failed install

This example shows the output generated when the properties file contains an invalid license string:
Stopping Trend Micro Deep Security Manager Service...
Rolling back changes...

Deep Security settings in the properties file

The format of each entry in the settings property file is:
<Screen Name>.<Property Name>=<Property Value>
The settings properties file has required and optional values.
Note
Note
If you enter an invalid value for optional properties, the installer will use the default value instead.

Required Settings

LicenseScreen

Property
Possible Values
Default Value
LicenseScreen.License.-1
<activation code for all modules>
<none>
OR
Property
Possible Values
Default Value
LicenseScreen.License.0
<activation code for Anti-Malware>
<none>
LicenseScreen.License.1
<activation code for Firewall/DPI>
<none>
LicenseScreen.License.2
<activation code for Integrity Monitoring>
<none>
LicenseScreen.License.3
<activation code for Log Inspection>
<none>

CredentialsScreen

Property
Possible Values
Default Value
CredentialsScreen.Administrator.Username
<username for the master administrator>
<none>
CredentialsScreen.Administrator.Password
<password for the master administrator>
<none>

Optional Settings

LanguageScreen

Property
Possible Values
Default Value
Notes
sys.languageId
en_US ja
en_US
  • "en_US" indicates English.
  • "ja" indicates Japanese.

UpgradeVerificationScreen

This screen determines what happens if an existing installation is detected.
Note
Note
This setting is not referenced unless an existing installation is detected.
Property
Possible Values
Default Value
UpgradeVerificationScreen.Overwrite
  • True
  • False
False
A True value results in a fresh install with all data in the existing database being discarded. A False value provides the option to repair the existing installation.
WARNING
WARNING
If you set this value to True, it will overwrite any existing data in the database. It will do this without any further prompts.

OldDataMigrationScreen

This screen defines the number of days of data to keep. When this setting is 0, all historical data will be kept, but this may increase the amount of time the upgrade will take. During the data migration, the silent install will show the percentage of records migrated at 10% intervals.
Note
Note
This setting is not referenced unless an existing installation is detected and it requires a data migration to upgrade the database schema.
Property
Possible Values
Default Value
OldDataMigrationScreen.HistoricalDays
<integer>
0

DatabaseScreen

This screen defines the database type and optionally the parameters needed to access certain database types.
Note
Note
In the interactive install, you can click Advanced to define the instance name and domain of a Microsoft SQL server. This appears in a dialog. Because the unattended install does not support dialogs, these arguments are included in the DatabaseScreen settings below.
Property
Possible Values
Default Value
Notes
DatabaseScreen.DatabaseType
  • Microsoft SQL Server
  • Oracle
  • PostgreSQL
Microsoft SQL Server
None
DatabaseScreen.Hostname
  • <database hostname or IP address>
  • Current host name
Current host name
None
You can specify the port in this entry using the format <hostname>:<port>. Example: example:123
DatabaseScreen.DatabaseName
<string>
dsm
DatabaseScreen.Transport
  • Named Pipes
  • TCP
Named Pipes
Required for SQL Server only
DatabaseScreen.Username
<database username>
<none>
Username used by the manager to authenticate to the database server. Must match an existing database account. Note that the Deep Security Manager database permissions will correspond to this user's permissions. For example, if you choose a database account with read-only privileges, the Deep Security Manager will not be able to write to the database. Mandatory for Microsoft SQL Server and Oracle.
DatabaseScreen.Password
<database password>
<none>
Password used by the manager to authenticate to the database server. Mandatory for Microsoft SQL Server and Oracle.
DatabaseScreen.SQLServer.Instance
<string>
<none>
Used only with Microsoft SQL Server, which supports multiple instances on a single server or processor. Only one instance can be the default instance and any others are named instances. If the Deep Security Manager database instance is not the default, enter the name of the instance here. The value must match an existing instance or be left blank to indicate the default instance.
DatabaseScreen.SQLServer.Domain
<string>
<none>
Used only with Microsoft SQL Server. This is the Windows domain used when authenticating to the SQL Server. The DatabaseScreen.Username and DatabaseScreen.Password described above are only valid within the appropriate domain.
DatabaseScreen.SQLServer.UseDefaultCollation
  • True
  • False
False
Used only with Microsoft SQL Server. Collation determines how strings are sorted and compared. If the value is "False", Deep Security will use Latin1_General_CS_AS for collation on text-type columns. If the value is "True", Deep Security will use the collation method specified by your SQL Server database. For additional information on collation, refer to your SQL Server documentation.

AddressAndPortsScreen

This screen defines the hostname, URL, or IP address of this computer and defines port numbers for the manager. In the interactive installer, this screen also supports connecting a new manager node to an existing database, but this option is not supported in the unattended install.
Property
Possible Values
Default Value
Notes
AddressAndPortsScreen.ManagerAddress
<manager hostname, URL or IP address>
<current host name>
None
AddressAndPortsScreen.ManagerPort
<port number>
4119
See Port numbers.
AddressAndPortsScreen.HeartbeatPort
<port number>
4120
See Port numbers.
AddressAndPortsScreen.NewNode
  • True
  • False
False
True indicates that the current install is a new node. If the installer finds existing data in the database, it will add this installation as a new node. (Multi-node setup is always a silent install.) Note: The "New Node" installation information about the existing database to be provided via the DatabaseScreen properties.

CredentialsScreen

Property
Possible Values
Default Value
Notes
CredentialsScreen.UseStrongPasswords
  • True
  • False
False
True causes Deep Security Manager to enforce strong passwords.

MasterKeyConfigurationScreen

Property
Possible Values
Default Value
Notes
MasterKeyConfigurationScreen.KeyConfigType
  • Do not configure
  • Local Key
  • KMS
Do not configure
If configured, the installer will use KMS or the local key secret to generate a custom master key. If not configured, a hard-coded seed is used instead. See also masterkey.
Instead, you must run masterkey commands after the installer.
MasterKeyConfigurationScreen.ARN
<AWS ARN>
<none>
The Amazon Resource Name (ARN) of the KMS key. Only used if MasterKeyConfigurationScreen.KeyConfigType is KMS.
MasterKeyConfigurationScreen.LocalKey
<string>
<none>
The value that you want to use when the installer configures the local environment variable LOCAL_KEY_SECRET. Only used if MasterKeyConfigurationScreen.KeyConfigType is Local Key.

SecurityUpdateScreen

Property
Possible Values
Default Value
Notes
SecurityUpdateScreen.UpdateComponents
  • True
  • False
True
True will tell the Deep Security Manager to create a scheduled task to automatically check for security updates. The scheduled task will run when installation is complete.
SecurityUpdateScreen.Proxy
  • True
  • False
False
True will cause Deep Security Manager to use a proxy to connect to the Internet to download security updates from Trend Micro.
SecurityUpdateScreen.ProxyType
  • HTTP
  • SOCKS4
  • SOCKS5
<none>
The protocol used by the proxy.
SecurityUpdateScreen.ProxyAddress
<valid IPv4 or IPv6 address or hostname>
<none>
None
SecurityUpdateScreen.ProxyPort
<proxy port>
<none>
See Port numbers.
SecurityUpdateScreen.ProxyAuthentication
  • True
  • False
False
True indicates that the proxy requires authentication credentials.
SecurityUpdateScreen.ProxyUsername
<string>
<none>
None
SecurityUpdateScreen.ProxyPassword
<string>
<none>
None

SoftwareUpdateScreen

Property
Possible Values
Default Value
Notes
SoftwareUpdateScreen.UpdateSoftware
  • True
  • False
True
True will tell Deep Security Manager to create a scheduled task to automatically check for software updates. The scheduled task will run when installation is complete.
SoftwareUpdateScreen.Proxy
  • True
  • False
False
True will cause Deep Security Manager to use a proxy to connect to the Internet to download software updates from Trend Micro.
SoftwareUpdateScreen.ProxyType
  • HTTP
  • SOCKS4
  • SOCKS5
<none>
The protocol used by the proxy.
SoftwareUpdateScreen.ProxyAddress
<valid IPv4 or IPv6 address or hostname>
<none>
None.
SoftwareUpdateScreen.ProxyPort
<integer>
<none>
See Port numbers.
SoftwareUpdateScreen.ProxyAuthentication
  • True
  • False
False
True indicates that the proxy requires authentication credentials.
SoftwareUpdateScreen.ProxyUsername
<string>
<none>
None
SoftwareUpdateScreen.ProxyPassword
<string>
<none>
None

SmartProtectionNetworkScreen

This screen defines whether you want to enable Trend Micro Smart Feedback and optionally your industry.
Property
Possible Values
Default Value
Notes
SmartProtectionNetworkScreen.EnableFeedback
  • True
  • False
False
True enables Trend Micro Smart Feedback.
SmartProtectionNetworkScreen.IndustryType
  • Not specified
  • Banking
  • Communications and media
  • Education
  • Energy
  • Fast-moving consumer goods (FMCG)
  • Financial
  • Food and beverage
  • Government
  • Healthcare
  • Insurance
  • Manufacturing
  • Materials
  • Media
  • Oil and gas
  • Real estate
  • Retail
  • Technology
  • Telecommunications
  • Transportation
  • Utilities
  • Other
<none>
If a value is not entered, it has the same result as Not specified.

RelayScreen

This screen defines whether you want to install the Deep Security Relay on the same computer as Deep Security Manager.
Property
Possible Values
Default Value
Notes
RelayScreen.Install
  • True
  • False
False
True installs the Deep Security Relay on the Deep Security Manager computer.
False does not install the Deep Security Relay on the Deep Security Manager (silent install), or shows a screen asking you whether you want to install the relay (regular install).

This is an example of the content of a typical properties file:
AddressAndPortsScreen.ManagerAddress=10.xxx.xxx.xxx
SmartProtectionNetworkScreen.EnableFeedback=False