The following tables list the settings that are available in the API with a description.
Setting names are prefixed with
platform or the name of the associated protection module. Suffixes can indicate the nature
of the setting. For example, the Enabled suffix indicates a Boolean value. |
Tip
For information about how to configure settings see the following sections:
|
Default policy, policy, and computer settings
 |
NoteThe following table lists the settings that are included in default policy settings,
policy settings, and computer settings. Note that these settings are included only
in
DefaultPolicySettings:
|
|
Setting
|
Description
|
|
Anti-Malware Settings
|
|
|
antiMalwareSettingBehaviorMonitoringScanExclusionList
|
Scan Exclusions for Suspicious Activity/Unauthorized Change
|
|
antiMalwareSettingCombinedModeProtectionSource
|
Anti-Malware
|
|
antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled
|
Submit files identified as suspicious by Document Exploit Protection scanning to Deep
Discovery Analyzer
|
|
antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled
|
Use Apex Central's Suspicious Object List
|
|
antiMalwareSettingDocumentExploitProtectionRuleExceptions
|
Allowed Advanced Threat Detection Rules
|
|
antiMalwareSettingFileHashEnabled
|
Calculate Hash values of all anti-malware events (at least SHA1 by default)
|
|
antiMalwareSettingFileHashMd5Enabled
|
MD5
|
|
antiMalwareSettingFileHashSha256Enabled
|
SHA256
|
|
antiMalwareSettingFileHashSizeMaxMbytes
|
Skip hash values calculation if file size is large than (64MB~512MB)
|
|
antiMalwareSettingIdentifiedFilesSpaceMaxMbytes
|
Maximum disk space used to store identified files
|
|
antiMalwareSettingMalwareScanMultithreadedProcessingEnabled
|
Use multithreaded processing for Malware scans (if available)
|
|
antiMalwareSettingNsxSecurityTaggingEnabled
|
Anti-Malware NSX Security Tagging State
|
|
antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled
|
Anti-Malware NSX Only Tag on Failure to Remediate
|
|
antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled
|
Anti-Malware NSX Remove Tag
|
|
antiMalwareSettingNsxSecurityTaggingValue
|
Anti-Malware NSX Security Tag
|
|
antiMalwareSettingPredictiveMachineLearningExceptions
|
Predictive Machine Learning Exclusion List
|
|
antiMalwareSettingScanCacheOnDemandConfigId
|
Anti-Malware On Demand Scan Cache Configuration
|
|
antiMalwareSettingScanCacheRealTimeConfigId
|
Anti-Malware Real-Time Scan Cache Configuration
|
|
antiMalwareSettingScanFileSizeMaxMbytes
|
Maximum file size to scan
|
|
antiMalwareSettingSmartProtectionGlobalServerEnabled
|
Use Global Smart Protection Service for Smart Scan
|
|
antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled
|
Use Proxy when accessing Smart Protection Service for Smart Scan
|
|
antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal
|
When off domain, connect to global Smart Protection Service. (Windows only)
|
|
antiMalwareSettingSmartProtectionLocalServerUrls
|
Local Smart Protection Servers for Smart Scan
|
|
antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled
|
Warn if connection to Smart Protection Server is lost
|
|
antiMalwareSettingSmartScanState
|
Smart Scan State
|
|
antiMalwareSettingSpywareApprovedList
|
Allowed Spyware/Grayware
|
|
antiMalwareSettingState (Default policy settings only)
|
Anti-Malware State
|
|
antiMalwareSettingSyslogConfigId
|
Anti-Malware Syslog Configuration
|
|
antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax
|
Max On-Demand Malware Scan Cache Entries
|
|
antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax
|
Max Real-Time Malware Scan Cache Entries
|
|
Application Control Settings
|
|
|
applicationControlSettingExecutionEnforcementLevel
|
Enforcement:
|
|
applicationControlSettingRulesetMode
|
Ruleset mode:
|
|
applicationControlSettingSharedRulesetId
|
Shared Application Control Ruleset
|
|
applicationControlSettingState (Default policy settings only)
|
Application Control State
|
|
applicationControlSettingSyslogConfigId
|
Application Control Syslog Configuration
|
|
Firewall Settings
|
|
|
firewallSettingAntiEvasionCheckEvasiveRetransmit
|
Evasive Retransmit
|
|
firewallSettingAntiEvasionCheckFinNoConnection
|
FIN packet out of connection
|
|
firewallSettingAntiEvasionCheckFragmentedPackets
|
Fragmented Packets
|
|
firewallSettingAntiEvasionCheckOutNoConnection
|
Outgoing packet out of connection
|
|
firewallSettingAntiEvasionCheckPaws
|
Invalid TCP Timestamps
|
|
firewallSettingAntiEvasionCheckRstNoConnection
|
RST packet out of connection
|
|
firewallSettingAntiEvasionCheckTcpChecksum
|
TCP Checksum
|
|
firewallSettingAntiEvasionCheckTcpCongestionFlags
|
TCP Congestion Flags
|
|
firewallSettingAntiEvasionCheckTcpPawsZero
|
Timestamp PAWS Zero Allowed
|
|
firewallSettingAntiEvasionCheckTcpRstFinFlags
|
TCP Rst Fin Flags
|
|
firewallSettingAntiEvasionCheckTcpSplitHandshake
|
TCP Split Handshake
|
|
firewallSettingAntiEvasionCheckTcpSynFinFlags
|
TCP Syn Fin Flags
|
|
firewallSettingAntiEvasionCheckTcpSynRstFlags
|
TCP Syn Rst Flags
|
|
firewallSettingAntiEvasionCheckTcpSynWithData
|
TCP Syn with Data
|
|
firewallSettingAntiEvasionCheckTcpUrgentFlags
|
TCP Urgent Flags
|
|
firewallSettingAntiEvasionCheckTcpZeroFlags
|
TCP Zero Flags
|
|
firewallSettingAntiEvasionSecurityPosture
|
Anti-Evasion Posture
|
|
firewallSettingAntiEvasionTcpPawsWindowPolicy
|
TCP Timestamp PAWS Window
|
|
firewallSettingCombinedModeProtectionSource
|
Firewall
|
|
firewallSettingConfigPackageExceedsAlertMaxEnabled
|
Advanced - Generate an Alert when Agent configuration package exceeds maximum size
|
|
firewallSettingEngineOptionAckTimeout
|
ACK Storm Timeout
|
|
firewallSettingEngineOptionAllowNullIpEnabled
|
Allow Null IP
|
|
firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled
|
Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier
|
|
firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled
|
Advanced - Block IPv6 on Agents and Appliances verions 9 and later
|
|
firewallSettingEngineOptionBlockSameSrcDstIpEnabled
|
Block Same Src-Dest IP Address
|
|
firewallSettingEngineOptionBootStartTimeout
|
Boot Start Timeout
|
|
firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled
|
Bypass Cisco WAAS Connections
|
|
firewallSettingEngineOptionCloseTimeout
|
CLOSED Timeout
|
|
firewallSettingEngineOptionCloseWaitTimeout
|
CLOSE_WAIT Timeout
|
|
firewallSettingEngineOptionClosingTimeout
|
CLOSING Timeout
|
|
firewallSettingEngineOptionColdStartTimeout
|
Cold Start Timeout
|
|
firewallSettingEngineOptionConnectionCleanupTimeout
|
Connection Cleanup Timeout
|
|
firewallSettingEngineOptionConnectionsCleanupMax
|
Maximum Connections per Cleanup
|
|
firewallSettingEngineOptionConnectionsNumIcmpMax
|
Maximum ICMP Connections
|
|
firewallSettingEngineOptionConnectionsNumTcpMax
|
Maximum TCP Connections
|
|
firewallSettingEngineOptionConnectionsNumUdpMax
|
Maximum UDP Connections
|
|
firewallSettingEngineOptionDebugModeEnabled
|
Enable Debug Mode
|
|
firewallSettingEngineOptionDebugPacketNumMax
|
Number of Packets to retain in Debug Mode
|
|
firewallSettingEngineOptionDisconnectTimeout
|
DISCONNECT Timeout
|
|
firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled
|
Drop 6to4 Bogon Addresses
|
|
firewallSettingEngineOptionDropEvasiveRetransmitEnabled
|
Drop Evasive Retransmit
|
|
firewallSettingEngineOptionDropIpZeroPayloadEnabled
|
Drop IP Packet with Zero Payload
|
|
firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled
|
Drop IPv6 Bogon Addresses
|
|
firewallSettingEngineOptionDropIpv6ExtType0Enabled
|
Drop IPv6 Extension Type 0
|
|
firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled
|
Drop IPv6 Fragments Lower Than minimum MTU
|
|
firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled
|
Drop IPv6 Reserved Addresses
|
|
firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled
|
Drop IPv6 Site Local Addresses
|
|
firewallSettingEngineOptionDropTeredoAnomaliesEnabled
|
Drop Teredo Anomalies
|
|
firewallSettingEngineOptionDropUnknownSslProtocolEnabled
|
Drop Unknown SSL Protocol
|
|
firewallSettingEngineOptionErrorTimeout
|
ERROR Timeout
|
|
firewallSettingEngineOptionEstablishedTimeout
|
ESTABLISHED Timeout
|
|
firewallSettingEngineOptionEventNodesMax
|
Number of Event Nodes
|
|
firewallSettingEngineOptionFilterIpv4Tunnels
|
Filter IPv4 Tunnels
|
|
firewallSettingEngineOptionFilterIpv6Tunnels
|
Filter IPv6 Tunnels
|
|
firewallSettingEngineOptionFinWait1Timeout
|
FIN_WAIT1 Timeout
|
|
firewallSettingEngineOptionForceAllowDhcpDns
|
Force Allow DHCP DNS
|
|
firewallSettingEngineOptionForceAllowIcmpType3Code4
|
Force Allow ICMP type3 code4
|
|
firewallSettingEngineOptionFragmentOffsetMin
|
Minimum Fragment Offset
|
|
firewallSettingEngineOptionFragmentSizeMin
|
Minimum Fragment Size
|
|
firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled
|
Generate Connection Events for ICMP
|
|
firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled
|
Generate Connection Events for TCP
|
|
firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled
|
Generate Connection Events for UDP
|
|
firewallSettingEngineOptionIcmpTimeout
|
ICMP Timeout
|
|
firewallSettingEngineOptionIgnoreStatusCode0
|
Ignore Status Code
|
|
firewallSettingEngineOptionIgnoreStatusCode1
|
Ignore Status Code
|
|
firewallSettingEngineOptionIgnoreStatusCode2
|
Ignore Status Code
|
|
firewallSettingEngineOptionLastAckTimeout
|
LAST_ACK Timeout
|
|
firewallSettingEngineOptionLogAllPacketDataEnabled
|
Log All Packet Data
|
|
firewallSettingEngineOptionLogEventsPerSecondMax
|
Maximum Events Per Second
|
|
firewallSettingEngineOptionLogOnePacketPeriod
|
Period for Log only one packet within period
|
|
firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled
|
Log only one packet within period
|
|
firewallSettingEngineOptionLogPacketLengthMax
|
Maximum data size to store when packet data is captured
|
|
firewallSettingEngineOptionLoggingPolicy
|
Advanced Logging Policy
|
|
firewallSettingEngineOptionSilentTcpConnectionDropEnabled
|
Silent TCP Connection Drop
|
|
firewallSettingEngineOptionSslSessionSize
|
SSL Session Size
|
|
firewallSettingEngineOptionSslSessionTime
|
SSL Session Time
|
|
firewallSettingEngineOptionStrictTerodoPortCheckEnabled
|
Strict Teredo Port Check
|
|
firewallSettingEngineOptionSynRcvdTimeout
|
SYN_RCVD Timeout
|
|
firewallSettingEngineOptionSynSentTimeout
|
SYN_SENT Timeout
|
|
firewallSettingEngineOptionTcpMssLimit
|
TCP MSS Limit
|
|
firewallSettingEngineOptionTunnelDepthMax
|
Maximum Tunnel Depth
|
|
firewallSettingEngineOptionTunnelDepthMaxExceededAction
|
Action if Maximum Tunnel Depth Exceeded
|
|
firewallSettingEngineOptionUdpTimeout
|
UDP Timeout
|
|
firewallSettingEngineOptionVerifyTcpChecksumEnabled
|
Verify TCP Checksum
|
|
firewallSettingEngineOptionsEnabled
|
Use custom driver settings
|
|
firewallSettingEventLogFileCachedEntriesLifeTime
|
Cache Lifetime
|
|
firewallSettingEventLogFileCachedEntriesNum
|
Cache Size
|
|
firewallSettingEventLogFileCachedEntriesStaleTime
|
Cache Stale time
|
|
firewallSettingEventLogFileIgnoreSourceIpListId
|
Do not record events with source IP of
|
|
firewallSettingEventLogFileRetainNum
|
Number of event log files to retain (on Agent/Appliance)
|
|
firewallSettingEventLogFileSizeMax
|
Maximum size of the event log files (on Agent/Appliance)
|
|
firewallSettingEventsOutOfAllowedPolicyEnabled
|
Generate Firewall Events for packets that are 'Out Of Allowed Policy'
|
|
firewallSettingFailureResponseEngineSystem
|
Network Engine System Failure
|
|
firewallSettingFailureResponsePacketSanityCheck
|
Network Packet Sanity Check Failure
|
|
firewallSettingInterfaceIsolationEnabled
|
Enable Interface Isolation
|
|
firewallSettingInterfaceLimitOneActiveEnabled
|
Limit to one active interface
|
|
firewallSettingInterfacePatterns
|
Interface Patterns
|
|
firewallSettingNetworkEngineMode
|
Network Engine Mode
|
|
firewallSettingReconnaissanceBlockFingerprintProbeDuration
|
Computer OS Fingerprint Probe - Block Traffic
|
|
firewallSettingReconnaissanceBlockNetworkOrPortScanDuration
|
Network or Port Scan - Block Traffic
|
|
firewallSettingReconnaissanceBlockTcpNullScanDuration
|
TCP Null Scan - Block Traffic
|
|
firewallSettingReconnaissanceBlockTcpSynFinScanDuration
|
TCP SYNFIN Scan - Block Traffic
|
|
firewallSettingReconnaissanceBlockTcpXmasAttackDuration
|
TCP Xmas Scan - Block Traffic
|
|
firewallSettingReconnaissanceDetectFingerprintProbeEnabled
|
Computer OS Fingerprint Probe - Enabled
|
|
firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled
|
Network or Port Scan - Enabled
|
|
firewallSettingReconnaissanceDetectTcpNullScanEnabled
|
TCP Null Scan - Enabled
|
|
firewallSettingReconnaissanceDetectTcpSynFinScanEnabled
|
TCP SYNFIN Scan - Enabled
|
|
firewallSettingReconnaissanceDetectTcpXmasAttackEnabled
|
TCP Xmas Scan - Enabled
|
|
firewallSettingReconnaissanceEnabled
|
Reconnaissance Scan Detection - Enabled
|
|
firewallSettingReconnaissanceExcludeIpListId
|
Reconnaissance Scan Detection - Do not perform detection on traffic coming from
|
|
firewallSettingReconnaissanceIncludeIpListId
|
Reconnaissance Scan Detection - Computers/Networks on which to perform detection
|
|
firewallSettingReconnaissanceNotifyFingerprintProbeEnabled
|
Computer OS Fingerprint Probe - Notify DSM Immediately
|
|
firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled
|
Network or Port Scan - Notify DSM Immediately
|
|
firewallSettingReconnaissanceNotifyTcpNullScanEnabled
|
TCP Null Scan - Notify DSM Immediately
|
|
firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled
|
TCP SYNFIN Scan - Notify DSM Immediately
|
|
firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled
|
TCP Xmas Scan - Notify DSM Immediately
|
|
firewallSettingState (Default policy settings only)
|
Firewall State
|
|
firewallSettingSyslogConfigId
|
Firewall and Intrusion Prevention Syslog Configuration
|
|
firewallSettingVirtualAndContainerNetworkScanEnabled
|
Scan container network traffic
|
|
Integrity Monitoring Settings
|
|
|
integrityMonitoringSettingAutoApplyRecommendationsEnabled
|
Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during
Recommendation Scans
|
|
integrityMonitoringSettingCombinedModeProtectionSource
|
Integrity Monitoring
|
|
integrityMonitoringSettingContentHashAlgorithm
|
Integrity Monitoring Hash Algorithm
|
|
integrityMonitoringSettingCpuUsageLevel
|
Integrity Monitoring CPU Usage Level:
|
|
integrityMonitoringSettingRealtimeEnabled
|
Real Time
|
|
integrityMonitoringSettingScanCacheConfigId
|
Integrity Scan Cache Configuration:
|
|
integrityMonitoringSettingState (Default policy settings only)
|
Integrity Monitoring State
|
|
integrityMonitoringSettingSyslogConfigId
|
Integrity Monitoring Syslog Configuration
|
|
integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax
|
Max Integrity Monitoring Scan Cache Entries
|
|
Intrusion Prevention Settings
|
|
|
intrusionPreventionSettingAutoApplyRecommendationsEnabled
|
Automatically implement Recommendations
|
|
intrusionPreventionSettingCombinedModeProtectionSource
|
Intrusion Prevention
|
|
intrusionPreventionSettingEngineOptionFragmentedIpKeepMax
|
Maximum number of fragmented IP packets to keep
|
|
intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled
|
Send ICMP to indicate fragmented packet timeout exceeded
|
|
intrusionPreventionSettingEngineOptionFragmentedIpTimeout
|
Fragment Timeout
|
|
intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled
|
Bypass MAC addresses that don't belong to host
|
|
intrusionPreventionSettingEngineOptionsEnabled
|
Use custom driver settings
|
|
intrusionPreventionSettingLogDataRuleFirstMatchEnabled
|
Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period)
|
|
intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel
|
Detect Mode
|
|
intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel
|
Prevent Mode
|
|
intrusionPreventionSettingState (Default policy settings only)
|
Intrusion Prevention State
|
|
intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled
|
Scan container network traffic
|
|
Log Inspection Settings
|
|
|
logInspectionSettingAutoApplyRecommendationsEnabled
|
Automatically assign/unassign recommended Log Inspection Rules to Computer during
Recommendation Scans
|
|
logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin
|
Send Agent/Appliance events to syslog when they equal or exceed the following severity
level
|
|
logInspectionSettingSeverityClippingAgentEventStoreLevelMin
|
Store events at the Agent/Appliance for later retrieval by DSM when they equal or
exceed the following severity level
|
|
logInspectionSettingState (Default policy settings only)
|
Log Inspection State
|
|
logInspectionSettingSyslogConfigId
|
Log Inspection Syslog Configuration
|
|
Platform Settings
|
|
|
platformSettingAgentCommunicationsDirection
|
Direction of Server & Workload Protection to Agent/Appliance communication
|
|
platformSettingAgentEventsSendInterval
|
Period between sending of events
|
|
platformSettingAgentSelfProtectionEnabled
|
Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent
|
|
platformSettingAgentSelfProtectionPassword
|
Password
|
|
platformSettingAgentSelfProtectionPasswordEnabled
|
Local override requires password
|
|
platformSettingAutoAssignNewIntrusionPreventionRulesEnabled
|
Automatically assign new Intrusion Prevention Rules as required by updated Application
Types and Intrusion Prevention Rule dependencies
|
|
platformSettingAutoUpdateAntiMalwareEngineEnabled
|
Automatically update anti-malware engine
|
|
platformSettingCombinedModeNetworkGroupProtectionSource
|
Network Combined Mode Affinity
|
|
platformSettingEnvironmentVariableOverrides
|
Environment Variable Overrides
|
|
platformSettingHeartbeatInactiveVmOfflineAlertEnabled
|
Raise Offline Errors For Inactive Virtual Machines
|
|
platformSettingHeartbeatInterval
|
Heartbeat Interval
|
|
platformSettingHeartbeatLocalTimeShiftAlertThreshold
|
Maximum change (in minutes) of the local system time on the computer between heartbeats
before an alert is raised
|
|
platformSettingHeartbeatMissedAlertThreshold
|
Number of Heartbeats that can be missed before an alert is raised
|
|
platformSettingInactiveAgentCleanupOverrideEnabled
|
Prevent this computer from being deleted if Inactive Agent Cleanup is enabled:
|
|
platformSettingNotificationsSuppressPopupsEnabled
|
Suppress all pop-up notifications on host
|
|
platformSettingOverwriteHostnameDuringHeartbeatEnabled
|
Automatically update the computer name to the latest reported by the agent
|
|
platformSettingRecommendationOngoingScansInterval
|
Ongoing Scan Interval
|
|
platformSettingRelayState
|
Relay State
|
|
platformSettingScanCacheConcurrencyMax
|
Max Concurrent Scans
|
|
platformSettingScanOpenPortListId
|
Ports to scan
|
|
platformSettingSmartProtectionAntiMalwareGlobalServerProxyId
|
Use Proxy when accessing Smart Protection Service for Smart Scan
|
|
platformSettingSmartProtectionGlobalServerEnabled
|
Use Global Service for Census
|
|
platformSettingSmartProtectionGlobalServerProxyId
|
Use Proxy when accessing Global Service for Census
|
|
platformSettingSmartProtectionGlobalServerUseProxyEnabled
|
Use Proxy when accessing Global Service for Census
|
|
platformSettingTroubleshootingLoggingLevel
|
Logging Level
|
|
platformSettingUpgradeOnActivationEnabled
|
Automatically upgrade agents on activation
|
|
SAP Settings
|
|
|
sapSettingState (Default policy settings only)
|
Configuration
|
|
Sensing Mode Settings
|
|
|
sensingModeSettingActivityEnabled
|
Sensor Activity Enabled
|
|
sensingModeSettingIndicatorEnabled
|
Sensor Indicator Enabled
|
|
sensingModeSettingState (Default policy settings only)
|
Sensing Mode State
|
|
sensingModeSettingSyslogConfigId
|
Sensing Mode Configuration
|
|
Web Reputation Settings
|
|
|
webReputationSettingAlertingEnabled
|
Alert
|
|
webReputationSettingAllowedUrlDomains
|
Allowed Domain URLs
|
|
webReputationSettingAllowedUrls
|
Allowed Page URLs
|
|
webReputationSettingBlockedUrlDomains
|
Blocked Domain URLs
|
|
webReputationSettingBlockedUrlKeywords
|
Blocked Keywords
|
|
webReputationSettingBlockedUrls
|
Blocked Page URLs
|
|
webReputationSettingBlockingPageLink
|
Blocked Page Link
|
|
webReputationSettingCombinedModeProtectionSource
|
Web Reputation
|
|
webReputationSettingMonitorPortListId
|
Ports to monitor
|
|
webReputationSettingSecurityBlockUntestedPagesEnabled
|
Block Untested Pages
|
|
webReputationSettingSecurityLevel
|
Security Level
|
|
webReputationSettingSmartProtectionGlobalServerUseProxyEnabled
|
Use Proxy when accessing Smart Protection Service for Web Reputation
|
|
webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal
|
When off domain, connect to global Smart Protection Service. (Windows only)
|
|
webReputationSettingSmartProtectionLocalServerEnabled
|
Use Local Smart Protection Server for Web Reputation Service
|
|
webReputationSettingSmartProtectionLocalServerUrls
|
Local Smart Protection Servers for Web Reputation
|
|
webReputationSettingSmartProtectionServerConnectionLostWarningEnabled
|
Warn if connection to Smart Protection Server is lost
|
|
webReputationSettingSmartProtectionWebReputationGlobalServerProxyId
|
Use Proxy when accessing Smart Protection Service for Web Reputation
|
|
webReputationSettingState (Default policy settings only)
|
Web Reputation State
|
|
webReputationSettingSyslogConfigId
|
Web Reputation Syslog Configuration
|
System settings
|
Setting
|
Description
|
|
Anti-Malware Settings
|
|
|
antiMalwareSettingEventEmailBodyTemplate
|
Email Template
|
|
antiMalwareSettingEventEmailEnabled
|
Anti-Malware Email Notifications Enabled
|
|
antiMalwareSettingEventEmailRecipients
|
Email Recipients
|
|
antiMalwareSettingEventEmailSubject
|
Email Subject Text
|
|
antiMalwareSettingRetainEventDuration
|
Automatically delete Anti-Malware Events older than
|
|
Application Control Settings
|
|
|
applicationControlSettingRetainEventDuration
|
Automatically delete Application Control Events older than
|
|
applicationControlSettingServeRulesetsFromRelaysEnabled
|
Serve application control rulesets from relays
|
|
Firewall Settings
|
|
|
firewallSettingEventRankSeverityDeny
|
Deny
|
|
firewallSettingEventRankSeverityLogOnly
|
Log Only
|
|
firewallSettingEventRankSeverityPacketRejection
|
Packet Rejection
|
|
firewallSettingGlobalStatefulConfigId
|
Global Firewall Stateful Configuration
|
|
firewallSettingInternetConnectivityTestExpectedContentRegex
|
Regular Expression for returned content used to confirm
Connectivity
|
|
firewallSettingInternetConnectivityTestInterval
|
Test Interval
|
|
firewallSettingInternetConnectivityTestUrl
|
URL for testing Internet Connectivity Status
|
|
firewallSettingIntranetConnectivityTestExpectedContentRegex
|
Regular Expression for returned content used to confirm Intranet
Connectivity
|
|
firewallSettingIntranetConnectivityTestUrl
|
URL for testing Intranet Connectivity Status
|
|
firewallSettingRetainEventDuration
|
Automatically delete Firewall Events older than
|
|
Integrity Monitoring Settings
|
|
|
integrityMonitoringSettingEventRankSeverityCritical
|
Critical
|
|
integrityMonitoringSettingEventRankSeverityHigh
|
High
|
|
integrityMonitoringSettingEventRankSeverityLow
|
Low
|
|
integrityMonitoringSettingEventRankSeverityMedium
|
Medium
|
|
integrityMonitoringSettingRetainEventDuration
|
Automatically delete Integrity Monitoring Events older than
|
|
Intrusion Prevention Settings
|
|
|
intrusionPreventionSettingEventRankSeverityFilterCritical
|
Critical
|
|
intrusionPreventionSettingEventRankSeverityFilterError
|
Error
|
|
intrusionPreventionSettingEventRankSeverityFilterHigh
|
High
|
|
intrusionPreventionSettingEventRankSeverityFilterLow
|
Low
|
|
intrusionPreventionSettingEventRankSeverityFilterMedium
|
Medium
|
|
intrusionPreventionSettingRetainEventDuration
|
Automatically delete Intrusion Prevention Events older than
|
|
Log Inspection Settings
|
|
|
logInspectionSettingEventRankSeverityCritical
|
Critical
|
|
logInspectionSettingEventRankSeverityHigh
|
High
|
|
logInspectionSettingEventRankSeverityLow
|
Low
|
|
logInspectionSettingEventRankSeverityMedium
|
Medium
|
|
logInspectionSettingRetainEventDuration
|
Automatically delete Log Inspection Events older than
|
|
Platform Settings
|
|
|
platformSettingActiveSessionsMax
|
Number of concurrent sessions allowed per User
|
|
platformSettingActiveSessionsMaxExceededAction
|
Action when concurrent session limit is exceeded
|
|
platformSettingAgentInitiatedActivationDuplicateHostnameMode
|
If a computer already exists
|
|
platformSettingAgentInitiatedActivationEnabled
|
Allow Agent-Initiated Activation
|
|
platformSettingAgentInitiatedActivationPolicyId
|
Policy to assign (if Policy not assigned by activation
script):
|
|
platformSettingAgentInitiatedActivationReactivateClonedEnabled
|
Reactivate cloned Agents
|
|
platformSettingAgentInitiatedActivationReactivateUnknownEnabled
|
Reactivate unknown Agents
|
|
platformSettingAgentInitiatedActivationSpecifyHostnameEnabled
|
Allow Agent to specify hostname
|
|
platformSettingAgentInitiatedActivationWithinIpListId
|
Agent-Initiated Activation IP List
|
|
platformSettingAgentlessVcloudProtectionEnabled
|
Allow Appliance protection of vCloud VMs
|
|
platformSettingAlertAgentUpdatePendingThreshold
|
Length of time an Update can be pending before raising an
Alert
|
|
platformSettingAlertDefaultEmailAddress
|
Alert Email Address - The email address to which all alert emails
should be sent
|
|
platformSettingAwsManagerIdentityAccessKey
|
Access Key - The Access Key of an AWS User used for the manager
identity
|
|
platformSettingAwsManagerIdentitySecretKey
|
Secret Key - The Secret Access Key of an AWS User used for the
manager identity
|
|
platformSettingAwsManagerIdentityUseInstanceRoleEnabled
|
Use Instance Role
|
|
platformSettingCaptureEncryptedTrafficEnabled
|
Allow packet data capture on encrypted traffic (SSL)
|
|
platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey
|
API Key
|
|
platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl
|
Server URL (ex: "https://[server]/webapp")
|
|
platformSettingConnectedThreatDefenseControlManagerProxyId
|
Use Proxy when accessing Apex Central
|
|
platformSettingConnectedThreatDefenseControlManagerSourceOption
|
Suspicious Object List Source
|
|
platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled
|
Compare objects against Suspicious Object List
|
|
platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled
|
When accessing Apex Central, use proxy:
|
|
platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled
|
Use default server settings
|
|
platformSettingDdanAutoSubmissionEnabled
|
Enable automatic file submission
|
|
platformSettingDdanManualSourceApiKey
|
API Key
|
|
platformSettingDdanManualSourceServerUrl
|
Server URL (ex: "https://[server]/")
|
|
platformSettingDdanProxyId
|
Use Proxy when accessing Deep Discovery Analyzer
|
|
platformSettingDdanSourceOption
|
Deep Discovery Analyzer Source
|
|
platformSettingDdanSubmissionEnabled
|
Enable submission of suspicious files to Deep Discovery
Analyzer
|
|
platformSettingDdanUseProxyEnabled
|
When accessing Deep Discovery Analyzer, use proxy:
|
|
platformSettingDemoModeEnabled
|
Demo Mode Enabled
|
|
platformSettingEventForwardingSnsAccessKey
|
Access Key - The Access Key of an AWS User with access to the SNS
Topic
|
|
platformSettingEventForwardingSnsAdvancedConfigEnabled
|
Amazon SNS Advanced Configuration
|
|
platformSettingEventForwardingSnsConfigJson
|
Amazon SNS Configuration
|
|
platformSettingEventForwardingSnsEnabled
|
Publish Events to Amazon Simple Notification Service
|
|
platformSettingEventForwardingSnsSecretKey
|
Secret Key - The Secret Key of an AWS User with access to the SNS
Topic
|
|
platformSettingEventForwardingSnsTopicArn
|
SNS Topic ARN
|
|
platformSettingExportedDiagnosticPackageLocale
|
Exported Diagnostic Package Language
|
|
platformSettingExportedFileCharacterEncoding
|
Exported file Character Encoding
|
|
platformSettingInactiveAgentCleanupDuration
|
Delete Agents that have been inactive for:
|
|
platformSettingInactiveAgentCleanupEnabled
|
Delete Agents that have been inactive for:
|
|
platformSettingManagedDetectResponseCompanyGuid
|
Company GUID
|
|
platformSettingManagedDetectResponseEnabled
|
Enable the MDR service
|
|
platformSettingManagedDetectResponseProxyId
|
Use Proxy when accessing MDR server
|
|
platformSettingManagedDetectResponseServerUrl
|
Server URL (ex: "https://[server]/")
|
|
platformSettingManagedDetectResponseServiceToken
|
Service Token
|
|
platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled
|
Use default server settings
|
|
platformSettingManagedDetectResponseUseProxyEnabled
|
When accessing MDR server, use proxy:
|
|
platformSettingProxyAgentUpdateProxyId
|
Primary Security Update Proxy used by Agents, Appliances, and
Relays:
|
|
platformSettingRecommendationOngoingScansEnabled
|
Perform ongoing Recommendation Scans
|
|
platformSettingRetainAgentInstallersPerPlatformMax
|
Number of older software versions to keep per platform
|
|
platformSettingRetainCountersDuration
|
Automatically delete Counters older than
|
|
platformSettingRetainSecurityUpdatesMax
|
Number of older Rule Updates to keep
|
|
platformSettingRetainSystemEventDuration
|
Automatically delete System Events older than
|
|
platformSettingSamlIdentityProviderCertificateExpiryWarningDays
|
Warn when a SAML identity provider certificate will expire within
(days)
|
|
platformSettingSamlRetainInactiveExternalAdministratorsDuration
|
Automatically delete inactive identity provider users after
(days)
|
|
platformSettingSmartProtectionFeedbackBandwidthMaxKbytes
|
Maximum bandwidth:
|
|
platformSettingSmartProtectionFeedbackEnabled
|
Enable Trend Micro Smart Feedback (recommended)
|
|
platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled
|
Send suspicious file signatures along with feedback
|
|
platformSettingSmartProtectionFeedbackIndustryType
|
Your industry (optional):
|
|
platformSettingSmartProtectionFeedbackInterval
|
Feedback Interval (min)
|
|
platformSettingSmartProtectionFeedbackThreatDetectionsThreshold
|
Feedback Interval by threats
|
|
platformSettingSmtpBounceEmailAddress
|
"Bounce" email address (optional) - The email address to which delivery failure notifications
should be sent
|
|
platformSettingSmtpFromEmailAddress
|
"From" email address - The email address from which outgoing emails should be sent
|
|
platformSettingSmtpPassword
|
SMTP password
|
|
platformSettingSmtpRequiresAuthenticationEnabled
|
Mail server requires authentication
|
|
platformSettingSmtpServerAddress
|
SMTP mail server address (optionally include :port)
|
|
platformSettingSmtpStartTlsEnabled
|
STARTTLS
|
|
platformSettingSmtpUsername
|
SMTP username
|
|
platformSettingSyslogConfigId
|
Forward System Events to a remote computer (via Syslog) using
configuration
|
|
platformSettingSystemEventForwardingSnmpAddress
|
Hostname or IP address to which events should be sent
|
|
platformSettingSystemEventForwardingSnmpEnabled
|
Forward System Events to a remote computer (via SNMP)
|
|
platformSettingSystemEventForwardingSnmpPort
|
UDP port to which events should be sent
|
|
platformSettingTenantAllowImpersonationByPrimaryTenantEnabled
|
Allow Primary Tenant access to my Server & Workload Protection
Environment
|
|
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled
|
Automatically revoke Primary Tenant access after
|
|
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout
|
Automatically revoke Primary Tenant access after
|
|
platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled
|
Use the Primary Tenant Relay Group as my Default Relay Group
|
|
platformSettingTrendMicroXdrApiKey
|
API Key
|
|
platformSettingTrendMicroXdrApiServerUrl
|
API Server URL
|
|
platformSettingTrendMicroXdrApiUser
|
API User
|
|
platformSettingTrendMicroXdrCompanyId
|
Company ID
|
|
platformSettingTrendMicroXdrEnabled
|
Forward activity data to Trend Micro XDR data lake
|
|
platformSettingTrendMicroXdrLogServerUrl
|
Log Server URL
|
|
platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled
|
Allow Agents/Appliances to download security updates directly
from Primary Security Update Source if Relays are not
accessible
|
|
platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled
|
Allow Agents/Appliances to download security updates when
Server & Workload Protection is not accessible
|
|
platformSettingUpdateApplianceDefaultAgentVersion
|
Upon deployment, update Virtual Appliances to
|
|
platformSettingUpdateHostnameOnIpChangeEnabled
|
Update the "Hostname" entry if an IP is used as a hostname and a
change in IP is detected on the computer after
Agent/Appliance-initiated communication or discovery
|
|
platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled
|
Download Patterns for all Regions
|
|
platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled
|
Allow supported 8.0 and 9.0 Agents to be updated
|
|
platformSettingUpdateRulesPolicyAutoApplyEnabled
|
Automatically apply Rule Updates to Policies
|
|
platformSettingUpdateSecurityPrimarySourceMode
|
Relay Update Source
|
|
platformSettingUpdateSecurityPrimarySourceUrl
|
URL
|
|
platformSettingUpdateSoftwareAlternateUpdateServerUrls
|
Alternate Software Update Web Server(s)
|
|
platformSettingUserHideUnlicensedModulesEnabled
|
Hide unlicensed Protection Modules for new Users
|
|
platformSettingUserPasswordExpiry
|
User password expires
|
|
platformSettingUserPasswordExpirySendEmailEnabled
|
Send email when a user's password is about to expire
|
|
platformSettingUserPasswordLengthMin
|
User password minimum length
|
|
platformSettingUserPasswordRequireLettersAndNumbersEnabled
|
User password requires both letters and numbers
|
|
platformSettingUserPasswordRequireMixedCaseEnabled
|
User password requires both upper and lower case characters
|
|
platformSettingUserPasswordRequireNotSameAsUsernameEnabled
|
User password cannot match username or username spelled
backward
|
|
platformSettingUserPasswordRequireSpecialCharactersEnabled
|
User password requires non-alphanumeric characters
|
|
platformSettingUserSessionDurationMax
|
Maximum session duration
|
|
platformSettingUserSessionIdleTimeout
|
Session idle timeout
|
|
platformSettingUserSignInAttemptsAllowedNumber
|
Number of incorrect sign-in attempts allowed (before lock
out)
|
|
platformSettingWhoisUrl
|
Whois URL - The full URL to a Whois lookup with the IP
represented as [IP]
|
|
Web Reputation Settings
|
|
|
webReputationSettingEventRankRiskBlockedByAdministratorRank
|
Blocked By Administrator
|
|
webReputationSettingEventRankRiskDangerous
|
Dangerous
|
|
webReputationSettingEventRankRiskHighlySuspicious
|
Highly Suspicious
|
|
webReputationSettingEventRankRiskSuspicious
|
Suspicious
|
|
webReputationSettingEventRankRiskUntested
|
Untested
|
|
webReputationSettingRetainEventDuration
|
Automatically delete Web Reputation Events older than
|