Last Updated: 1/22/2020 12:11:38 AM
Name |
Type |
Description |
Length |
|---|---|---|---|
policy.application_control.application_control_enabled |
integer |
Enable Application Control |
1 = true; 0 = false |
policy.application_control.enable_alert_msg |
integer |
Enable alert messages |
1 = true; 0 = false |
policy.application_control.app_pattern_timestamp |
integer |
The timestamp of the latest pattern update |
|
policy.application_control.category[].allow_mode |
integer |
Block all the APPs in the APP list(Always 0) |
|
policy.application_control.category[].id |
integer |
ID of the Application Control category |
|
policy.application_control.category[].block_new_apps |
integer |
Block new applications added to the specified category |
1 = block; 0=pass |
policy.application_control.category[].apps[] |
integer |
ID of the APP |
|
policy.application_control.block[].note |
String |
Note of the folder to be blocked |
|
policy.application_control.block[].folder |
String |
Folder blocked by Application Control |
|
policy.approvals.approved[].id |
integer |
Application or file ID in the Spyware/Grayware Approved List |
e.g., 11679 |
policy.approvals.approved[].name |
string |
Application or file name in the Spyware/Grayware Approved List |
e.g., ADW_AADB |
policy.approved_blocked_url.approved.urls[] |
string |
URL to be added to the Approved URL List |
e.g., "http://www.trendmicro.com/*" |
policy.approved_blocked_url.blocked.blocked_urls[] |
string |
URL to be added to the Blocked URL List |
e.g., "http://www.blocked.com/*" |
policy.approved_blocked_url.enabled |
integer |
Customize Approved/Blocked URLs permission for this group (Windows) |
1 = true; 0 = false |
policy.behavior_monitoring.approved_list[] |
string |
Application to be added to the Approved Program List (not monitored by Behavior Monitoring) |
e.g., "C:\Program Files\MSN Messenger\MSVS.exe" |
policy.behavior_monitoring.bhvs.behaviors[].action |
integer |
Configured action for a triggered Event Monitoring event |
0 = Always allow, 1 = Ask when necessary, 2 = Always block |
policy.behavior_monitoring.bhvs.behaviors[].enabled |
integer |
Enabled status of an Event Monitoring event |
1 = true; 0 = false |
policy.behavior_monitoring.bhvs.behaviors[].event |
integer |
Event Monitoring event ID |
1=New Startup Program 2=Hosts File Modification 3=Program Library Injection 4=New Internet Explorer Plugin 5=Internet Explorer Setting Modification 6=Shell Modification 7=New Service 8=Security Policy Modification 9=Firewall Policy Modification 10=System File Modification 11=Duplicated System File 14=System Process Notification 16=Suspicious Behavior |
policy.behavior_monitoring.bhvs.behaviors[].msg.description |
string |
Description of the Event Monitoring event |
e.g., Many malicious programs... |
policy.behavior_monitoring.bhvs.behaviors[].msg.event |
integer |
Event Monitoring eventID |
Refer to policy.behavior_monitoring.bhvs.behaviors[].event |
policy.behavior_monitoring.bhvs.behaviors[].msg.name |
string |
Event Monitoring event name |
e.g., Duplicated System File |
policy.behavior_monitoring.bhvs.behaviors[].msg.popup_templ |
string |
The popup message for the Event Monitoring event |
e.g., $PIMAGE$ ($PID$) is attempting... |
policy.behavior_monitoring.bhvs.behaviors[].risk |
integer |
Risk level |
0: High; 1: Medium; 2: Low |
policy.behavior_monitoring.block_list[] |
string |
Application to be added to the Blocked Program List (never allowed to execute) |
e.g., "C:\Program Files\MSN Messenger\MSVS.exe" |
policy.behavior_monitoring.enable_adc |
integer |
Enable document protection against unauthorized encryption or modification (Ransomware Protection) |
1 = true; 0 = false |
policy.behavior_monitoring.enable_dre |
integer |
Automatically back up and restore files modified by suspicious programs(Ransomware Protection) |
1 = true; 0 = false |
policy.behavior_monitoring.enable_exploit_shield |
integer |
Terminate programs that exhibit abnormal behavior associated with exploit attacks |
1 = true; 0 = false |
policy.behavior_monitoring.enable_intuit |
integer |
Enable Intuit QuickBooks protection |
1 = true; 0 = false |
policy.behavior_monitoring.enable_pem |
integer |
Enable Event Monitoring |
1 = true; 0 = false |
policy.behavior_monitoring.enable_srp |
integer |
Enable blocking of processes commonly associated with ransomware(Ransomware Protection) |
1 = true; 0 = false |
policy.behavior_monitoring.enable_umh |
integer |
Enable program inspection to detect and block compromised executable files(Ransomware Protection) |
1 = true; 0 = false |
policy.behavior_monitoring.enabled |
integer |
Enable Behavior Monitoring (Windows) |
1 = true; 0 = false |
policy.behavior_monitoring.enable_alert_msg |
integer |
Enable alert messages |
1 = true; 0 = false |
policy.behavior_monitoring.locale |
string |
Locale |
e.g., en-us |
policy.behavior_monitoring.td.enable_td |
integer |
Enable Malware Behavior Blocking for known and potential threats |
1 = true; 0 = false |
policy.behavior_monitoring.td.td_mode |
integer |
Types of threats that Malware Behavior Monitoring can detect |
0 = Known threats, 1 = Known and potential threats |
policy.client_privileges.additional_service.bm.enable_bm_on_desktops |
integer |
Enable Behavior Monitoring on desktops |
1 = true; 0 = false |
policy.client_privileges.additional_service.bm.enable_bm_on_servers |
integer |
Enable Behavior Monitoring on servers |
1 = true; 0 = false |
policy.client_privileges.additional_service.bm.enable_dlp_on_desktops |
integer |
Enable Data Loss Prevention on desktops |
1 = true; 0 = false |
policy.client_privileges.additional_service.bm.enable_dlp_on_servers |
integer |
Enable Data Loss Prevention on servers |
1 = true; 0 = false |
policy.client_privileges.behavior_monitoring.display_tab |
integer |
Display the Behavior Monitoring tab on Security Agents and allow users to customize the lists |
1 = true; 0 = false |
policy.client_privileges.client_security.degree |
integer |
Select High or Normal security level for Security Agents (High: Restrict access privileges to Client/Server Security Agent files and registries, Normal: Retain normal access privileges to Client/Server Security Agentfiles and registries) |
1 = High, 0 = Normal |
policy.client_privileges.firewall.display_tab |
integer |
Display the Firewall setting in the drop-down list of the Security Protection tab on Security Agents |
1 = true; 0 = false |
policy.client_privileges.firewall.enable_switching |
integer |
Allow users to enable/disable the firewall |
1 = true; 0 = false |
policy.client_privileges.mail_scan.allow_configure |
integer |
Allow usersto configure real-time scan for POP3 mail |
1 = true; 0 = false |
policy.client_privileges.scan_settings.allow_enable_scheduled_scan |
integer |
Allow users to enable/disable Scheduled Scan |
1 = true; 0 = false |
policy.client_privileges.scan_settings.allow_postpone_scheduled_scan |
integer |
Allow users to postponse Scheduled Scan |
e.g., 0 |
policy.client_privileges.scan_settings.allow_stop_scheduled_scan |
integer |
Allow usersto skip and stop Scheduled Scan |
1 = true; 0 = false |
policy.client_privileges.scan_settings.display_manual_scan_tab |
integer |
Allow usersto modify Manual Scan settings |
1 = true; 0 = false |
policy.client_privileges.scan_settings.display_realtime_scan_tab |
integer |
Allow usersto modify Real-time Scan settings |
1 = true; 0 = false |
policy.client_privileges.scan_settings.display_scheduled_scan_tab |
intege |
For internal use only |
|
policy.client_privileges.scan_settings.enable_scheduled_scan_warning |
integer |
For internal use only |
|
policy.client_privileges.update_settings.disable_upgrade |
integer |
Allow usersto disable regular Security Agent upgrade and hotfix deployment |
1 = true; 0 = false |
policy.client_privileges.url_filtering.continue_browsing |
integer |
Allow usersto continue browsing to a restricted URL until the computer is restarted |
1 = true; 0 = false |
policy.client_privileges.wtp.allow_edit_approved_url_list |
integer |
Grant usersthe privilege to edit the Approved URL List |
1 = true; 0 = false |
policy.client_privileges.wtp.continue_browsing |
integer |
Allow usersto continue browsing to a malicious URL until the computer is restarted |
1 = true; 0 = false |
policy.client_privileges.agent_alerts.display_tab |
integer |
Allow windows client to configure agent alerts |
1 = true; 0 = false |
policy.device_control.dac_item[].action |
integer |
policy.device_control.dac_item is a list forfivesettings: whether to allow or block the AutoRun function {"action": 2, "enabled": 0, "event": 5} = Block the autorun function on USB storage devices, {"action": 0, "enabled": 0, "event": 5} = Otherwise; Select the permissions for USB devices. {"action": 0, "enabled": 0, "event": 1} = Full access, {"action": 2, "enabled": 0, "event": 1} = List device content only, {"action": 4, "enabled": 0, "event": 1} = Read, {"action": 5, "enabled": 0, "event": 1} = Modify, {"action": 6, "enabled": 0, "event": 1} = Read and Execute" Select the permissions for CD/DVD. {"action": 0, "enabled": 0, "event": 2} = Full access, {"action": 2, "enabled": 0, "event": 2} = List device content only, {"action": 4, "enabled": 0, "event": 2} = Read, {"action": 5, "enabled": 0, "event": 2} = Modify, {"action": 6, "enabled": 0, "event": 2} = Read and Execute", {"action": 10000, "enabled": 0, "event": 2} = Block Select the permissions for Floppy Disk. {"action": 0, "enabled": 0, "event": 3} = Full access, {"action": 2, "enabled": 0, "event": 3} = List device content only, {"action": 4, "enabled": 0, "event": 3} = Read, {"action": 5, "enabled": 0, "event": 3} = Modify, {"action": 6, "enabled": 0, "event": 3} = Read and Execute", {"action": 10000, "enabled": 0, "event": 3} = Block Select the permissions for Network Driver. {"action": 0, "enabled": 0, "event": 4} = Full access, {"action": 2, "enabled": 0, "event": 4} = List device content only, {"action": 4, "enabled": 0, "event": 4} = Read, {"action": 5, "enabled": 0, "event": 4} = Modify, {"action": 6, "enabled": 0, "event": 4} = Read and Execute", {"action": 10000, "enabled": 0, "event": 4} = Block |
DEPRECATED |
policy.device_control.dac_item[].enabled |
integer |
As above |
DEPRECATED |
policy.device_control.dac_item[].event |
integer |
As above |
DEPRECATED |
policy.device_control.usb_operation |
integer |
Allowed usb devices operation: 0: Full access, 2 : List device content only , 4: Read, 5: Modify, 6: Read and Execute |
|
policy.device_control.enable_alert_msg |
integer |
Display alerts on devices |
1 = true; 0 = false |
policy.device_control.exception_list[].item |
string |
Add a program to the exception list |
e.g., "C:\ex1.exe" |
policy.device_control.exception_list[].type |
integer |
As above |
|
policy.device_control.dc_rules.usb_autorun |
string |
Device control rule for USB autorun |
"allow" or "block" |
policy.device_control.dc_rules.usb_storage |
string |
Device control rule for USB storage |
"allow" or "modify" or "read_execute" or "read" or "list_device_content_only" or "block" |
policy.device_control.dc_rules.cd_dvd |
string |
Device control rule for CD/DVD |
"allow" or "modify" or "read_execute" or "read" or "list_device_content_only" or "block" |
policy.device_control.dc_rules.network_drives |
string |
Device control rule for network drives |
"allow" or "modify" or "read_execute" or "read" or "list_device_content_only" |
policy.device_control.dc_rules.mobile_device_storage |
string |
Device control rule for mobile storage |
"allow" or "read" or "block" |
policy.device_control.dc_rules.print_screen_key |
string |
Device control rule for print screen key |
"allow" or "block" |
policy.device_control.dc_rules.infrared_devices |
string |
Device control rule for infrared devices |
"allow" or "block" |
policy.device_control.dc_rules.modems |
string |
Device control rule for modems |
"allow" or "block" |
policy.device_control.dc_rules.ieee_1394_interface |
string |
Device control rule for IEEE 1394 interface |
"allow" or "block" |
policy.device_control.dc_rules.com_lpt_ports |
string |
Device control rule for COM and LPT ports |
"allow" or "block" |
policy.device_control.dc_rules.wireless_nics |
string |
Device control rule for wireless NICs |
"allow" or "block" |
policy.device_control.dc_rules.bluetooth_adapters |
string |
Device control rule for bluetooth adaptors |
"allow" or "block" |
policy.device_control.dc_rules.imaging_devices |
string |
Device control rule for imaging devices |
"allow" or "block" |
policy.dlp.enabled |
integer |
Enable Data Loss Prevention (Windows) |
1 = true; 0 = false |
policy.dlp.enable_alert_msg |
Integer |
Enable alert messages |
1 = true; 0 = false |
policy.dlp.exception.compressed_file_scanning.compressed_layers |
integer |
Except when compressed layers of a compressed file is over limit |
1-20 (default 10) |
policy.dlp.exception.compressed_file_scanning.decompressed_file_size |
integer |
Except when the file size of a decompressed file is over limit |
1-512 (default 128) [MB] |
policy.dlp.exception.compressed_file_scanning.scan_file_number |
integer |
Except when the file number of a compressed file is over limit |
1-5000 (default 2000) |
policy.dlp.exception.non_monitored_channel[].note |
String |
Note of the exception channel |
HTTP, HTTPS, FTP, and SMB |
policy.dlp.exception.non_monitored_channel[].targets |
String |
Target of the exception channel |
|
policy.dlp.exception.non_monitored_channel[].port |
String |
Port of the exception channel |
IP, Hostname or FQDN |
policy.dlp.non_monitored_email_domain[].note |
String |
Note of the email exception channel |
|
policy.dlp.non_monitored_email_domain[].domain |
String |
Domain of the email exception channel |
|
policy.dlp.exception.non_monitored_email_domain[].using_ms_server |
Integer |
Use Microsoft Exchange Server |
1 = true; 0=false |
policy.dlp.exception.non_monitored_removable_storage_device[].model |
String |
The model of the removable storage |
Info would be displayed in Device List Tool |
policy.dlp.exception.non_monitored_removable_storage_device[].vendor |
String |
The vendor of the removable storage |
Info would be displayed in Device List Tool |
policy.dlp.exception.non_monitored_removable_storage_device[].searial_id |
String |
The serial id of the removable storage |
Info would be displayed in Device List Tool |
policy.dlp.rules.description |
String |
Description of the rule |
256 |
policy.dlp.rules.enabled |
Integer |
Enable the rule |
1 = true; 0 = false |
policy.dlp.rules.rule_name |
String |
Rule name |
64 |
policy.dlp.rules.only_enable_outside_lan |
Integer |
Monitors data transmitted to any target outside the Local Area Network (LAN) |
1 = true; 0 = false |
policy.dlp.rules.action |
Integer |
Log and take the specified action after detecting sensitive data transmitted through a selected channel |
1 = block; 0=pass |
policy.dlp.rules.default_templates.template_id |
String |
ID of the template |
UUID |
policy.dlp.rules.channel.enable_ptop |
Integer |
Data Loss Prevention monitors peer-to-peer applications |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_http |
Integer |
Data Loss Prevention monitors HTTP |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_smb |
Integer |
Data Loss Prevention monitors SMB |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_pgp_encryption |
Integer |
Data Loss Prevention monitors GPG encryption |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_webmail |
Integer |
Data Loss Prevention monitors Web mail |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_printer |
Integer |
Data Loss Prevention monitors printer |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_https |
Integer |
Data Loss Prevention monitors HTTPS |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_ftp |
Integer |
Data Loss Prevention monitors FTP |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_cd_dvd |
Integer |
Data Loss Prevention monitors CD/DVD |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_email_clients |
Integer |
Data Loss Prevention monitors E-mail client |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_windows_clipboard |
Integer |
Data Loss Prevention monitors Windows clipboard |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_removable_storage |
Integer |
Data Loss Prevention monitors removeable storage |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_active_sync |
Integer |
Data Loss Prevention monitors Synchronization software |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_im_app |
Integer |
Data Loss Prevention monitors IM applications |
1 = true; 0 = false |
policy.dlp.rules.channel.enable_cloud_storage_service |
Integer |
Data Loss Prevention monitors Cloud storage services |
1 = true; 0 = false |
policy.firewall.enable_alert_msg |
integer |
Enable alert message |
1 = true; 0 = false |
policy.firewall.enable_ids |
integer |
Enable Intrusion Detection System |
1 = true; 0 = false |
policy.firewall.enabled |
integer |
Enable firewall (Windows) |
1 = true; 0 = false |
policy.firewall.exceptions[].allow |
integer |
policy.firewall.exceptions is a list of firewall exceptions in order. allow is firewall exception action |
1 = Allow, 0 = Block |
policy.firewall.exceptions[].inbound |
integer |
Inbound traffic |
1 = true; 0 = false |
policy.firewall.exceptions[].ip_selection.ip_range.from |
string |
Start of IP range |
|
policy.firewall.exceptions[].ip_selection.ip_range.to |
string |
End of IP range |
|
policy.firewall.exceptions[].ip_selection.method |
integer |
Method of identifying clients |
1 = All IP addresses, 2 = Single IP, 3 = IP range |
policy.firewall.exceptions[].ip_selection.single_ip |
string |
The IP address of a particular client applied for the exception |
|
policy.firewall.exceptions[].name |
string |
Firewall exception name. |
A unique name for the exception. |
policy.firewall.exceptions[].outbound |
integer |
Outbound traffic |
1 = true; 0 = false |
policy.firewall.exceptions[].port_selection.method |
integer |
Method of identifying clients |
1 = All ports, 2 = Range, 3 = Specified ports |
policy.firewall.exceptions[].port_selection.port_range.from |
integer |
Start of port range |
|
policy.firewall.exceptions[].port_selection.port_range.to |
integer |
End of port range |
|
policy.firewall.exceptions[].port_selection.specific_ports[] |
integer |
Specified port |
e.g., 80 |
policy.firewall.exceptions[].protocol |
integer |
Traffic protocol |
0 = All, 1 = TCP/UDP, 2 = TCP, 3 = UDP, 4 = ICMP |
policy.firewall.level |
integer |
Firewall security level |
1 = High, 2 = Medium, 3 = Low |
policy.firewall.mode |
integer |
Firewall mode |
0 = Simple mode, 1 = Advanced mode |
policy.machine_learning.action_for_file |
integer |
Decide the action when a file is detected |
0 = quarantine; 1 = log only |
policy.machine_learning.action_for_process |
integer |
Decide the action when a process is detected |
0 = terminate; 1 = log only |
policy.machine_learning.file_enabled |
integer |
Enable file detection |
1 = enabled; 0 = disabled |
policy.machine_learning.machine_learning_enabled |
integer |
Enable machine learning |
1 = enabled; 0 = disabled |
policy.machine_learning.process_enabled |
integer |
Enable process detection |
1 = enabled; 0 = disabled |
policy.machine_learning.enable_alert_msg |
integer |
Enable alert messages |
1 = enabled; 0 = disabled |
policy.mail_scan.enable_realtime_scan |
integer |
Scan POP3 messages |
1 = true; 0 = false |
policy.mail_scan.enable_toolbar |
integer |
For internal use only |
e.g., 0 |
policy.manual_scan.settings.action.action_info[].first_action |
integer |
Action for threat |
For Virus Detections: 0 = Pass, 1 = Rename, 2 = Quarantine, 3 = Clean, 4 = Delete; For Spyware/Grayware Detections: 0 = Deny Access, 3 = Clean |
policy.manual_scan.settings.action.action_info[].second_action |
integer |
Action for uncleanable threat |
0 = Pass, 1 = Rename, 2 = Quarantine, 4 = Delete |
policy.manual_scan.settings.action.action_info[].threat |
integer |
Type of thread |
For Virus Detections: 0 = Joke, 1 = Worm/Trojans, 2 = Virus, 3 = Test virus, 4 = Packer, 5 = Probable virus/malware, , 99 = Other threats, 100 = Perform the same action for all detected threats, 6: Spyware/Grayware Detections |
policy.manual_scan.settings.action.backup_before_clean |
integer |
Backup detected file before cleaning |
1 = true; 0 = false |
policy.manual_scan.settings.action.scan_speed |
integer |
The period of time WFBS-SVC waits between scanning each file affects CPU usage. (High: scan files one after another without pausing, Medium: pause between file scans if CPU consumption is higher than 50%, and do not pause if 50% or lower, Low: pause between file scans if CPU consumption is higher than 20%, and do not pause if 20% or lower)" |
0 = High, 1= Medium, 2 = Low |
policy.manual_scan.settings.action.virus_detection_method |
integer |
Method for virus detections |
0 = ActiveAction, 1 = Perform the same action for all detected threats, 2 = Customized action for the following detected threats |
policy.manual_scan.settings.target.advanced.scan_boot |
integer |
Scan boot area |
1 = true; 0 = false |
policy.manual_scan.settings.target.advanced.scan_bottrap |
integer |
Enable IntelliTrap (for antivirus) |
1 = true; 0 = false |
policy.manual_scan.settings.target.compress_layer_limit |
integer |
The number of layers of compressed files to scan |
|
policy.manual_scan.settings.target.exclusion.default_extensions |
string |
A list for selecting the extension to exclude from the scan |
e.g., '"",ACCDB,ACE' |
policy.manual_scan.settings.target.exclusion.enabled |
integer |
Enable Exclusions |
1 = true; 0 = false |
policy.manual_scan.settings.target.exclusion.exclude_extensions[] |
string |
File extension to exclude from the scan |
e.g., "JPG" |
policy.manual_scan.settings.target.exclusion.exclude_files[] |
string |
File to exclude from the scan |
e.g., "c:\\temp\\excldir\\ExcludeDoc.hlp" |
policy.manual_scan.settings.target.exclusion.exclude_folders[] |
string |
Directory to exclude from the scan |
e.g., "c:\\temp\\ExcludeDir" |
policy.manual_scan.settings.target.exclusion.exclude_trend_product |
integer |
Exclude the directories where Trend Micro products are installed |
1 = true; 0 = false |
policy.manual_scan.settings.target.method |
integer |
Method of identifying files to scan |
0 = All scannable files, 1 = IntelliScan, 2 = Scan files with the extensions defined in policy.manual_scan.settings.target.scan_extension_list |
policy.manual_scan.settings.target.scan_compressed |
integer |
Scan compressed files (for antivirus) |
1 = true; 0 = false |
policy.manual_scan.settings.target.scan_extension_list[] |
string |
file extension should be scanned |
e.g., "EXE" |
policy.manual_scan.settings.target.scan_network_folder |
integer |
Scan mapped drives and shared folders on the network (for antivirus) |
1 = true; 0 = false |
policy.realtime_scan.enabled |
integer |
Wether to enable real-time Antivirus/Anti-spyware (Windows) |
1 = true; 0 = false |
policy.realtime_scan.settings.action.action_info[].first_action |
integer |
Action for threat |
For Virus Detections: 0 = Pass, 1 = Rename, 2 = Quarantine, 3 = Clean, 4 = Delete; For Spyware/Grayware Detections: 0 = Deny Access, 3 = Clean |
policy.realtime_scan.settings.action.action_info[].second_action |
integer |
Action for uncleanable threat |
0 = Pass, 1 = Rename, 2 = Quarantine, 4 = Delete |
policy.realtime_scan.settings.action.action_info[].threat |
integer |
Type of thread |
For Virus Detections: 0 = Joke, 1 = Worm/Trojans, 2 = Virus, 3 = Test virus, 4 = Packer, 5 = Probable virus/malware, , 99 = Other threats, 100 = Perform the same action for all detected threats, 6: Spyware/Grayware Detections |
policy.realtime_scan.settings.action.backup_before_clean |
integer |
Backup detected file before cleaning |
1 = true; 0 = false |
policy.realtime_scan.settings.action.display_spyware_alert_msg |
integer |
Display an alert message on the device when a spyware is detected |
1 = true; 0 = false |
policy.realtime_scan.settings.action.display_virus_alert_msg |
integer |
Display an alert message on the device when a virus is detected |
1 = true; 0 = false |
policy.realtime_scan.settings.action.virus_detection_method |
integer |
Method for virus detections |
0 = ActiveAction, 1 = Perform the same action for all detected threats, 2 = Customized action for the following detected threats |
policy.realtime_scan.settings.target.advanced.enable_memory_scan |
integer |
Quarantine malware variants detected in memory |
1 = true; 0 = false |
policy.realtime_scan.settings.target.advanced.scan_bottrap |
integer |
Enable IntelliTrap (for antivirus) |
1 = true; 0 = false |
policy.realtime_scan.settings.target.advanced.scan_floppy |
integer |
Scan floppy drive system shutdown (for antivirus) |
1 = true; 0 = false |
policy.realtime_scan.settings.target.compress_layer_limit |
integer |
The number of layers of compressed files to scan |
|
policy.realtime_scan.settings.target.condition |
integer |
Condition of identifying files to scan |
0 = Scan files being created, modified, or retrieved, 1= Scan files being retrieved, 3 = Scan files being created or modified |
policy.realtime_scan.settings.target.exclusion.default_extensions |
string |
A list for selecting the extension to exclude from the scan |
e.g., '",ACCDB,ACE' |
policy.realtime_scan.settings.target.exclusion.enabled |
integer |
Enable Exclusions |
1 = true; 0 = false |
policy.realtime_scan.settings.target.exclusion.exclude_extensions[] |
string |
file extension to exclude from the scan |
e.g., "JPG" |
policy.realtime_scan.settings.target.exclusion.exclude_files[] |
string |
File to exclude from the scan |
e.g., "c:\\temp\\excldir\\ExcludeDoc.hlp" |
policy.realtime_scan.settings.target.exclusion.exclude_folders[] |
string |
Directory to exclude from the scan |
e.g., "c:\\temp\\ExcludeDir" |
policy.realtime_scan.settings.target.exclusion.exclude_trend_product |
integer |
Exclude the directories where Trend Micro products are installed |
1 = true; 0 = false |
policy.realtime_scan.settings.target.method |
integer |
Method of identifying files to scan |
0 = All scannable files, 1 = IntelliScan, 2 = Scan files with the extensions defined in policy.realtime_scan.settings.target.scan_extension_list |
policy.realtime_scan.settings.target.scan_compressed |
integer |
Scan compressed files (for antivirus) |
1 = true; 0 = false |
policy.realtime_scan.settings.target.scan_extension_list[] |
string |
File extension to scan |
e.g., "EXE" |
policy.realtime_scan.settings.target.scan_network_folder |
integer |
Scan mapped drives and shared folders on the network (for antivirus) |
1 = true; 0 = false |
policy.scan_mode.mode |
integer |
Scan method (Windows) |
0 = Smart Scan, 1 = Conventional Scan |
policy.schedule.daily_hour |
integer |
The hour of the day Scheduled Scan runs |
1 to 24 |
policy.schedule.daily_min |
integer |
The minute of the hour Scheduled Scan runs |
0 to 60 |
policy.schedule.enabled |
integer |
Enable Scheduled Scan |
1 = true; 0 = false |
policy.schedule.frequency |
integer |
Frequency of scheduled Scan |
1 = Monthly, 2 = Weekly, 3 = Daily |
policy.schedule.monthly_data |
integer |
The day of the week Scheduled Scan runs |
1 to 31 |
policy.schedule.weekly_data |
integer |
The day of the month Scheduled Scan runs |
0 = Sun, 1 = Mon, 2 = Tue, 3 =Wed, 4 = Thu, 5 = Fri, 6 = Sat |
policy.scheduled_scan.settings.action.action_info[].first_action |
integer |
Action for threat |
For Virus Detections: 0 = Pass, 1 = Rename, 2 = Quarantine, 3 = Clean, 4 = Delete; For Spyware/Grayware Detections: 0 = Deny Access, 3 = Clean |
policy.scheduled_scan.settings.action.action_info[].second_action |
integer |
Action for uncleanable threat |
0 = Pass, 1 = Rename, 2 = Quarantine, 4 = Delete |
policy.scheduled_scan.settings.action.action_info[].threat |
integer |
Type of thread |
For Virus Detections: 0 = Joke, 1 = Worm/Trojans, 2 = Virus, 3 = Test virus, 4 = Packer, 5 = Probable virus/malware, , 99 = Other threats, 100 = Perform the same action for all detected threats, 6: Spyware/Grayware Detections |
policy.scheduled_scan.settings.action.backup_before_clean |
integer |
Backup detected file before cleaning |
1 = true; 0 = false |
policy.scheduled_scan.settings.action.display_spyware_alert_msg |
integer |
Display an alert message on the device when a spyware is detected |
1 = true; 0 = false |
policy.scheduled_scan.settings.action.display_virus_alert_msg |
integer |
Display an alert message on the device when a virus is detected |
1 = true; 0 = false |
policy.scheduled_scan.settings.action.scan_speed |
integer |
The period of time WFBS-SVC waits between scanning each file affects CPU usage. (High: scan files one after another without pausing, Medium: pause between file scans if CPU consumption is higher than 50%, and do not pause if 50% or lower, Low: pause between file scans if CPU consumption is higher than 20%, and do not pause if 20% or lower)" |
0 = High, 1= Medium, 2 = Low |
policy.scheduled_scan.settings.action.virus_detection_method |
integer |
Method for virus detections |
0 = ActiveAction, 1 = Perform the same action for all detected threats, 2 = Customized action for the following detected threats |
policy.scheduled_scan.settings.target.advanced.scan_boot |
integer |
Scan boot area |
1 = true; 0 = false |
policy.scheduled_scan.settings.target.advanced.scan_bottrap |
integer |
Enable IntelliTrap (for antivirus) |
1 = true; 0 = false |
policy.scheduled_scan.settings.target.compress_layer_limit |
integer |
The number of layers of compressed files to scan |
|
policy.scheduled_scan.settings.target.exclusion.default_extensions |
string |
A list for selecting the extension to exclude from the scan |
e.g., '",ACCDB,ACE"' |
policy.scheduled_scan.settings.target.exclusion.enabled |
integer |
Enable Exclusions |
1 = true; 0 = false |
policy.scheduled_scan.settings.target.exclusion.exclude_extensions[] |
string |
File extension to exclude from the scan |
e.g., "JPG" |
policy.scheduled_scan.settings.target.exclusion.exclude_files[] |
string |
File to exclude from the scan |
e.g., "c:\\temp\\excldir\\ExcludeDoc.hlp" |
policy.scheduled_scan.settings.target.exclusion.exclude_folders[] |
string |
Directory to exclude from the scan |
e.g., "c:\\temp\\ExcludeDir" |
policy.scheduled_scan.settings.target.exclusion.exclude_trend_product |
integer |
Exclude the directories where Trend Micro products are installed |
1 = true; 0 = false |
policy.scheduled_scan.settings.target.method |
integer |
Method of identifying files to scan |
0 = All scannable files, 1 = IntelliScan, 2 = Scan files with the extensions defined in policy.scheduled_scan.settings.target.scan_extension_list |
policy.scheduled_scan.settings.target.scan_compressed |
integer |
Scan compressed files (for antivirus) |
1 = true; 0 = false |
policy.scheduled_scan.settings.target.scan_extension_list[] |
string |
File extension to scan |
e.g., "EXE" |
policy.ts_toolbar.enable_keystroke_encryption |
integer |
For internal use |
|
policy.ts_toolbar.enable_page_rating |
integer |
For internal use |
|
policy.ts_toolbar.enable_wifi_advisor |
integer |
For internal use |
|
policy.url_filtering.business_hours_2.time_slots[] |
integer |
Alternative way to specify the business hours |
|
policy.url_filtering.business_hours_2.type |
integer |
Alternative way to specify the business hours |
0 = all day, 1 = week day, 2 = from 9:00 to 18:00 every week day, 3 = specified |
policy.url_filtering.enabled |
integer |
Enable URL Filtering (Windows) |
1 = true; 0 = false |
policy.url_filtering.filter_rules.categories[].rules[].enable_business_hour |
integer |
Enable filter rule in business hours |
1 = true; 0 = false |
policy.url_filtering.filter_rules.categories[].rules[].enable_leisure_hour |
integer |
Enable filter rule in leisure hours |
1 = true; 0 = false |
policy.url_filtering.filter_rules.categories[].rules[].rule_id |
integer |
Filter rule of the sepcified URL category |
- Adult category: 1= Adult/Mature Content, 3 = Pornography, 4 = Sex Education, 5 = Intimate Apparel/Swimsuit, 6 = Nudity, 8 = Alcohol Tobacco, 9 = Illegal/Questionable, 10 = Tasteless, 11 = Gambling, 14 = Violence/Hate/Racism, 15 = Weapons, 16 = Abortion, 25 = Illegal Drugs, 26 = Marijuana; - Business category: 21 = Business/Economy, 31 = Financial Services, 32 = Brokerages/Trading, 45 = Job Search/Careers, 58 = Shopping, 59 = Auctions, 60 = Real Estate; - Communications and Search category: 24 = Internet Telephony, 39 = Proxy Avoidance and Anonymizers, 40 = Search Engines/Portals, 41 = Internet Infrastructure, 42 = Blogs/Web Communications, 50 = Social Networking, 51 = Chat/Instant Messaging, 52 = Email, 53 = Newsgroups, 89 = Web Hosting; - General category: 17 = Dynamic DNS, 27 = Education, 34 = Government/Legal, 35 = Military, 36 = Politics, 37 = Health, 38 = Computers/Internet, 46 = News/Media, 48 = Translators/Cached Pages, 49 = Reference, 67 = Vehicles, 90 = Unrated, 96 = Miscellaneous; - Internet Security category: 28 = Insecure IoT, 73 = Potentially Malicious Software, 74 = Spyware, 75 = Phishing, 76 = Spam, 77 = Adware, 78 = Malware Accomplice, 79 = Disease Vector, 82 = Coin Miners, 86 = Made for AdSense, 88 = Web Advertisement, 91 = C&C Server, 92 = Malicious Domain, 93 = New Domain, 94 = Scam; 95 = Ransomware; - Lifestyle category: 18 = Recreation/Hobbies, 19 = Arts, 20 = Entertainment, 22 = Cult/Occult, 29 = Cultural Institutions, 30 = Activist Groups, 33 = Games, 44 = Alternative Journals, 47 = Personals/Dating, 54 = Religion, 55 = Personal Sites, 61 = Society/Lifestyle, 63 = Gun Clubs/Hunting, 64 = Restaurants/Food, 65 = Sports, 66 = Travel, 68 = Humor, 87 = For Kids; - Network Bandwidth category: 23 = Internet Radio and TV, 43 = Photo Searches, 56 = Sharing Services, 57 = Peer-to-Peer, 69 = Streaming Media/MP3, 70 = Ringtones/Mobile Phone Downloads, 71 = Software Downloads, 72 = Pay to Surf |
policy.url_filtering.filter_rules.categories[].uc_type |
integer |
URL category |
1 = Adult, 2 = Business, 3 = Communications and Search, 4= General, 5 = Internet Security, 6 = Lifestyle, 7 = Network Bandwidth |
policy.url_filtering.level |
integer |
filter Strength of URL Filtering |
1 = High, 2 = Medium, 3 = Low, 4 = Custom |
policy.url_filtering.enable_http2_alert_msg |
integer |
Enable alert messages for http2 alerts (default ON) |
1 = true; 0 = false |
policy.url_filtering.enable_alert_msg |
integer |
Enable alert messages |
1 = true; 0 = false |
policy.wtp.enable_bes |
integer |
Block pages containing malicious script |
1 = true; 0 = false |
policy.wtp.enabled |
integer |
Enable Web Reputation (Windows) |
1 = true; 0 = false |
policy.wtp.enable_http2_alert_msg |
integer |
Enable alert messages for http2 alerts (default ON) |
1 = true; 0 = false |
policy.wtp.enable_alert_msg |
integer |
Enable alert messages |
1 = true; 0 = false |
policy.wtp.level |
integer |
Security level of Web Reputation |
1 = Low, 2 = Medium, 3 = High |
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |
||
None |
None |