The following tables list the settings that are available in the API with a description.
Setting names are prefixed with
platform
or the name of the associated protection module. Suffixes can indicate the nature
of the setting. For example, the Enabled
suffix indicates a Boolean value.
Tip
For information about how to configure settings see the following sections:
|
Default policy, policy, and computer settings
NoteThe following table lists the settings that are included in default policy settings,
policy settings, and computer settings. Note that these settings are included only
in
DefaultPolicySettings:
|
Setting
|
Description
|
Anti-Malware Settings
|
|
antiMalwareSettingBehaviorMonitoringScanExclusionList
|
Scan Exclusions for Suspicious Activity/Unauthorized Change
|
antiMalwareSettingCombinedModeProtectionSource
|
Anti-Malware
|
antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled
|
Submit files identified as suspicious by Document Exploit Protection scanning to Deep
Discovery Analyzer
|
antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled
|
Use Apex Central's Suspicious Object List
|
antiMalwareSettingDocumentExploitProtectionRuleExceptions
|
Allowed Advanced Threat Detection Rules
|
antiMalwareSettingFileHashEnabled
|
Calculate Hash values of all anti-malware events (at least SHA1 by default)
|
antiMalwareSettingFileHashMd5Enabled
|
MD5
|
antiMalwareSettingFileHashSha256Enabled
|
SHA256
|
antiMalwareSettingFileHashSizeMaxMbytes
|
Skip hash values calculation if file size is large than (64MB~512MB)
|
antiMalwareSettingIdentifiedFilesSpaceMaxMbytes
|
Maximum disk space used to store identified files
|
antiMalwareSettingMalwareScanMultithreadedProcessingEnabled
|
Use multithreaded processing for Malware scans (if available)
|
antiMalwareSettingNsxSecurityTaggingEnabled
|
Anti-Malware NSX Security Tagging State
|
antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled
|
Anti-Malware NSX Only Tag on Failure to Remediate
|
antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled
|
Anti-Malware NSX Remove Tag
|
antiMalwareSettingNsxSecurityTaggingValue
|
Anti-Malware NSX Security Tag
|
antiMalwareSettingPredictiveMachineLearningExceptions
|
Predictive Machine Learning Exclusion List
|
antiMalwareSettingScanCacheOnDemandConfigId
|
Anti-Malware On Demand Scan Cache Configuration
|
antiMalwareSettingScanCacheRealTimeConfigId
|
Anti-Malware Real-Time Scan Cache Configuration
|
antiMalwareSettingScanFileSizeMaxMbytes
|
Maximum file size to scan
|
antiMalwareSettingSmartProtectionGlobalServerEnabled
|
Use Global Smart Protection Service for Smart Scan
|
antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled
|
Use Proxy when accessing Smart Protection Service for Smart Scan
|
antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal
|
When off domain, connect to global Smart Protection Service. (Windows only)
|
antiMalwareSettingSmartProtectionLocalServerUrls
|
Local Smart Protection Servers for Smart Scan
|
antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled
|
Warn if connection to Smart Protection Server is lost
|
antiMalwareSettingSmartScanState
|
Smart Scan State
|
antiMalwareSettingSpywareApprovedList
|
Allowed Spyware/Grayware
|
antiMalwareSettingState (Default policy settings only)
|
Anti-Malware State
|
antiMalwareSettingSyslogConfigId
|
Anti-Malware Syslog Configuration
|
antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax
|
Max On-Demand Malware Scan Cache Entries
|
antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax
|
Max Real-Time Malware Scan Cache Entries
|
Application Control Settings
|
|
applicationControlSettingExecutionEnforcementLevel
|
Enforcement:
|
applicationControlSettingRulesetMode
|
Ruleset mode:
|
applicationControlSettingSharedRulesetId
|
Shared Application Control Ruleset
|
applicationControlSettingState (Default policy settings only)
|
Application Control State
|
applicationControlSettingSyslogConfigId
|
Application Control Syslog Configuration
|
Firewall Settings
|
|
firewallSettingAntiEvasionCheckEvasiveRetransmit
|
Evasive Retransmit
|
firewallSettingAntiEvasionCheckFinNoConnection
|
FIN packet out of connection
|
firewallSettingAntiEvasionCheckFragmentedPackets
|
Fragmented Packets
|
firewallSettingAntiEvasionCheckOutNoConnection
|
Outgoing packet out of connection
|
firewallSettingAntiEvasionCheckPaws
|
Invalid TCP Timestamps
|
firewallSettingAntiEvasionCheckRstNoConnection
|
RST packet out of connection
|
firewallSettingAntiEvasionCheckTcpChecksum
|
TCP Checksum
|
firewallSettingAntiEvasionCheckTcpCongestionFlags
|
TCP Congestion Flags
|
firewallSettingAntiEvasionCheckTcpPawsZero
|
Timestamp PAWS Zero Allowed
|
firewallSettingAntiEvasionCheckTcpRstFinFlags
|
TCP Rst Fin Flags
|
firewallSettingAntiEvasionCheckTcpSplitHandshake
|
TCP Split Handshake
|
firewallSettingAntiEvasionCheckTcpSynFinFlags
|
TCP Syn Fin Flags
|
firewallSettingAntiEvasionCheckTcpSynRstFlags
|
TCP Syn Rst Flags
|
firewallSettingAntiEvasionCheckTcpSynWithData
|
TCP Syn with Data
|
firewallSettingAntiEvasionCheckTcpUrgentFlags
|
TCP Urgent Flags
|
firewallSettingAntiEvasionCheckTcpZeroFlags
|
TCP Zero Flags
|
firewallSettingAntiEvasionSecurityPosture
|
Anti-Evasion Posture
|
firewallSettingAntiEvasionTcpPawsWindowPolicy
|
TCP Timestamp PAWS Window
|
firewallSettingCombinedModeProtectionSource
|
Firewall
|
firewallSettingConfigPackageExceedsAlertMaxEnabled
|
Advanced - Generate an Alert when Agent configuration package exceeds maximum size
|
firewallSettingEngineOptionAckTimeout
|
ACK Storm Timeout
|
firewallSettingEngineOptionAllowNullIpEnabled
|
Allow Null IP
|
firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled
|
Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier
|
firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled
|
Advanced - Block IPv6 on Agents and Appliances verions 9 and later
|
firewallSettingEngineOptionBlockSameSrcDstIpEnabled
|
Block Same Src-Dest IP Address
|
firewallSettingEngineOptionBootStartTimeout
|
Boot Start Timeout
|
firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled
|
Bypass Cisco WAAS Connections
|
firewallSettingEngineOptionCloseTimeout
|
CLOSED Timeout
|
firewallSettingEngineOptionCloseWaitTimeout
|
CLOSE_WAIT Timeout
|
firewallSettingEngineOptionClosingTimeout
|
CLOSING Timeout
|
firewallSettingEngineOptionColdStartTimeout
|
Cold Start Timeout
|
firewallSettingEngineOptionConnectionCleanupTimeout
|
Connection Cleanup Timeout
|
firewallSettingEngineOptionConnectionsCleanupMax
|
Maximum Connections per Cleanup
|
firewallSettingEngineOptionConnectionsNumIcmpMax
|
Maximum ICMP Connections
|
firewallSettingEngineOptionConnectionsNumTcpMax
|
Maximum TCP Connections
|
firewallSettingEngineOptionConnectionsNumUdpMax
|
Maximum UDP Connections
|
firewallSettingEngineOptionDebugModeEnabled
|
Enable Debug Mode
|
firewallSettingEngineOptionDebugPacketNumMax
|
Number of Packets to retain in Debug Mode
|
firewallSettingEngineOptionDisconnectTimeout
|
DISCONNECT Timeout
|
firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled
|
Drop 6to4 Bogon Addresses
|
firewallSettingEngineOptionDropEvasiveRetransmitEnabled
|
Drop Evasive Retransmit
|
firewallSettingEngineOptionDropIpZeroPayloadEnabled
|
Drop IP Packet with Zero Payload
|
firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled
|
Drop IPv6 Bogon Addresses
|
firewallSettingEngineOptionDropIpv6ExtType0Enabled
|
Drop IPv6 Extension Type 0
|
firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled
|
Drop IPv6 Fragments Lower Than minimum MTU
|
firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled
|
Drop IPv6 Reserved Addresses
|
firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled
|
Drop IPv6 Site Local Addresses
|
firewallSettingEngineOptionDropTeredoAnomaliesEnabled
|
Drop Teredo Anomalies
|
firewallSettingEngineOptionDropUnknownSslProtocolEnabled
|
Drop Unknown SSL Protocol
|
firewallSettingEngineOptionErrorTimeout
|
ERROR Timeout
|
firewallSettingEngineOptionEstablishedTimeout
|
ESTABLISHED Timeout
|
firewallSettingEngineOptionEventNodesMax
|
Number of Event Nodes
|
firewallSettingEngineOptionFilterIpv4Tunnels
|
Filter IPv4 Tunnels
|
firewallSettingEngineOptionFilterIpv6Tunnels
|
Filter IPv6 Tunnels
|
firewallSettingEngineOptionFinWait1Timeout
|
FIN_WAIT1 Timeout
|
firewallSettingEngineOptionForceAllowDhcpDns
|
Force Allow DHCP DNS
|
firewallSettingEngineOptionForceAllowIcmpType3Code4
|
Force Allow ICMP type3 code4
|
firewallSettingEngineOptionFragmentOffsetMin
|
Minimum Fragment Offset
|
firewallSettingEngineOptionFragmentSizeMin
|
Minimum Fragment Size
|
firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled
|
Generate Connection Events for ICMP
|
firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled
|
Generate Connection Events for TCP
|
firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled
|
Generate Connection Events for UDP
|
firewallSettingEngineOptionIcmpTimeout
|
ICMP Timeout
|
firewallSettingEngineOptionIgnoreStatusCode0
|
Ignore Status Code
|
firewallSettingEngineOptionIgnoreStatusCode1
|
Ignore Status Code
|
firewallSettingEngineOptionIgnoreStatusCode2
|
Ignore Status Code
|
firewallSettingEngineOptionLastAckTimeout
|
LAST_ACK Timeout
|
firewallSettingEngineOptionLogAllPacketDataEnabled
|
Log All Packet Data
|
firewallSettingEngineOptionLogEventsPerSecondMax
|
Maximum Events Per Second
|
firewallSettingEngineOptionLogOnePacketPeriod
|
Period for Log only one packet within period
|
firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled
|
Log only one packet within period
|
firewallSettingEngineOptionLogPacketLengthMax
|
Maximum data size to store when packet data is captured
|
firewallSettingEngineOptionLoggingPolicy
|
Advanced Logging Policy
|
firewallSettingEngineOptionSilentTcpConnectionDropEnabled
|
Silent TCP Connection Drop
|
firewallSettingEngineOptionSslSessionSize
|
SSL Session Size
|
firewallSettingEngineOptionSslSessionTime
|
SSL Session Time
|
firewallSettingEngineOptionStrictTerodoPortCheckEnabled
|
Strict Teredo Port Check
|
firewallSettingEngineOptionSynRcvdTimeout
|
SYN_RCVD Timeout
|
firewallSettingEngineOptionSynSentTimeout
|
SYN_SENT Timeout
|
firewallSettingEngineOptionTcpMssLimit
|
TCP MSS Limit
|
firewallSettingEngineOptionTunnelDepthMax
|
Maximum Tunnel Depth
|
firewallSettingEngineOptionTunnelDepthMaxExceededAction
|
Action if Maximum Tunnel Depth Exceeded
|
firewallSettingEngineOptionUdpTimeout
|
UDP Timeout
|
firewallSettingEngineOptionVerifyTcpChecksumEnabled
|
Verify TCP Checksum
|
firewallSettingEngineOptionsEnabled
|
Use custom driver settings
|
firewallSettingEventLogFileCachedEntriesLifeTime
|
Cache Lifetime
|
firewallSettingEventLogFileCachedEntriesNum
|
Cache Size
|
firewallSettingEventLogFileCachedEntriesStaleTime
|
Cache Stale time
|
firewallSettingEventLogFileIgnoreSourceIpListId
|
Do not record events with source IP of
|
firewallSettingEventLogFileRetainNum
|
Number of event log files to retain (on Agent/Appliance)
|
firewallSettingEventLogFileSizeMax
|
Maximum size of the event log files (on Agent/Appliance)
|
firewallSettingEventsOutOfAllowedPolicyEnabled
|
Generate Firewall Events for packets that are 'Out Of Allowed Policy'
|
firewallSettingFailureResponseEngineSystem
|
Network Engine System Failure
|
firewallSettingFailureResponsePacketSanityCheck
|
Network Packet Sanity Check Failure
|
firewallSettingInterfaceIsolationEnabled
|
Enable Interface Isolation
|
firewallSettingInterfaceLimitOneActiveEnabled
|
Limit to one active interface
|
firewallSettingInterfacePatterns
|
Interface Patterns
|
firewallSettingNetworkEngineMode
|
Network Engine Mode
|
firewallSettingReconnaissanceBlockFingerprintProbeDuration
|
Computer OS Fingerprint Probe - Block Traffic
|
firewallSettingReconnaissanceBlockNetworkOrPortScanDuration
|
Network or Port Scan - Block Traffic
|
firewallSettingReconnaissanceBlockTcpNullScanDuration
|
TCP Null Scan - Block Traffic
|
firewallSettingReconnaissanceBlockTcpSynFinScanDuration
|
TCP SYNFIN Scan - Block Traffic
|
firewallSettingReconnaissanceBlockTcpXmasAttackDuration
|
TCP Xmas Scan - Block Traffic
|
firewallSettingReconnaissanceDetectFingerprintProbeEnabled
|
Computer OS Fingerprint Probe - Enabled
|
firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled
|
Network or Port Scan - Enabled
|
firewallSettingReconnaissanceDetectTcpNullScanEnabled
|
TCP Null Scan - Enabled
|
firewallSettingReconnaissanceDetectTcpSynFinScanEnabled
|
TCP SYNFIN Scan - Enabled
|
firewallSettingReconnaissanceDetectTcpXmasAttackEnabled
|
TCP Xmas Scan - Enabled
|
firewallSettingReconnaissanceEnabled
|
Reconnaissance Scan Detection - Enabled
|
firewallSettingReconnaissanceExcludeIpListId
|
Reconnaissance Scan Detection - Do not perform detection on traffic coming from
|
firewallSettingReconnaissanceIncludeIpListId
|
Reconnaissance Scan Detection - Computers/Networks on which to perform detection
|
firewallSettingReconnaissanceNotifyFingerprintProbeEnabled
|
Computer OS Fingerprint Probe - Notify DSM Immediately
|
firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled
|
Network or Port Scan - Notify DSM Immediately
|
firewallSettingReconnaissanceNotifyTcpNullScanEnabled
|
TCP Null Scan - Notify DSM Immediately
|
firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled
|
TCP SYNFIN Scan - Notify DSM Immediately
|
firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled
|
TCP Xmas Scan - Notify DSM Immediately
|
firewallSettingState (Default policy settings only)
|
Firewall State
|
firewallSettingSyslogConfigId
|
Firewall and Intrusion Prevention Syslog Configuration
|
firewallSettingVirtualAndContainerNetworkScanEnabled
|
Scan container network traffic
|
Integrity Monitoring Settings
|
|
integrityMonitoringSettingAutoApplyRecommendationsEnabled
|
Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during
Recommendation Scans
|
integrityMonitoringSettingCombinedModeProtectionSource
|
Integrity Monitoring
|
integrityMonitoringSettingContentHashAlgorithm
|
Integrity Monitoring Hash Algorithm
|
integrityMonitoringSettingCpuUsageLevel
|
Integrity Monitoring CPU Usage Level:
|
integrityMonitoringSettingRealtimeEnabled
|
Real Time
|
integrityMonitoringSettingScanCacheConfigId
|
Integrity Scan Cache Configuration:
|
integrityMonitoringSettingState (Default policy settings only)
|
Integrity Monitoring State
|
integrityMonitoringSettingSyslogConfigId
|
Integrity Monitoring Syslog Configuration
|
integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax
|
Max Integrity Monitoring Scan Cache Entries
|
Intrusion Prevention Settings
|
|
intrusionPreventionSettingAutoApplyRecommendationsEnabled
|
Automatically implement Recommendations
|
intrusionPreventionSettingCombinedModeProtectionSource
|
Intrusion Prevention
|
intrusionPreventionSettingEngineOptionFragmentedIpKeepMax
|
Maximum number of fragmented IP packets to keep
|
intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled
|
Send ICMP to indicate fragmented packet timeout exceeded
|
intrusionPreventionSettingEngineOptionFragmentedIpTimeout
|
Fragment Timeout
|
intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled
|
Bypass MAC addresses that don't belong to host
|
intrusionPreventionSettingEngineOptionsEnabled
|
Use custom driver settings
|
intrusionPreventionSettingLogDataRuleFirstMatchEnabled
|
Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period)
|
intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel
|
Detect Mode
|
intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel
|
Prevent Mode
|
intrusionPreventionSettingState (Default policy settings only)
|
Intrusion Prevention State
|
intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled
|
Scan container network traffic
|
Log Inspection Settings
|
|
logInspectionSettingAutoApplyRecommendationsEnabled
|
Automatically assign/unassign recommended Log Inspection Rules to Computer during
Recommendation Scans
|
logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin
|
Send Agent/Appliance events to syslog when they equal or exceed the following severity
level
|
logInspectionSettingSeverityClippingAgentEventStoreLevelMin
|
Store events at the Agent/Appliance for later retrieval by DSM when they equal or
exceed the following severity level
|
logInspectionSettingState (Default policy settings only)
|
Log Inspection State
|
logInspectionSettingSyslogConfigId
|
Log Inspection Syslog Configuration
|
Platform Settings
|
|
platformSettingAgentCommunicationsDirection
|
Direction of Server & Workload Protection to Agent/Appliance communication
|
platformSettingAgentEventsSendInterval
|
Period between sending of events
|
platformSettingAgentSelfProtectionEnabled
|
Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent
|
platformSettingAgentSelfProtectionPassword
|
Password
|
platformSettingAgentSelfProtectionPasswordEnabled
|
Local override requires password
|
platformSettingAutoAssignNewIntrusionPreventionRulesEnabled
|
Automatically assign new Intrusion Prevention Rules as required by updated Application
Types and Intrusion Prevention Rule dependencies
|
platformSettingAutoUpdateAntiMalwareEngineEnabled
|
Automatically update anti-malware engine
|
platformSettingCombinedModeNetworkGroupProtectionSource
|
Network Combined Mode Affinity
|
platformSettingEnvironmentVariableOverrides
|
Environment Variable Overrides
|
platformSettingHeartbeatInactiveVmOfflineAlertEnabled
|
Raise Offline Errors For Inactive Virtual Machines
|
platformSettingHeartbeatInterval
|
Heartbeat Interval
|
platformSettingHeartbeatLocalTimeShiftAlertThreshold
|
Maximum change (in minutes) of the local system time on the computer between heartbeats
before an alert is raised
|
platformSettingHeartbeatMissedAlertThreshold
|
Number of Heartbeats that can be missed before an alert is raised
|
platformSettingInactiveAgentCleanupOverrideEnabled
|
Prevent this computer from being deleted if Inactive Agent Cleanup is enabled:
|
platformSettingNotificationsSuppressPopupsEnabled
|
Suppress all pop-up notifications on host
|
platformSettingOverwriteHostnameDuringHeartbeatEnabled
|
Automatically update the computer name to the latest reported by the agent
|
platformSettingRecommendationOngoingScansInterval
|
Ongoing Scan Interval
|
platformSettingRelayState
|
Relay State
|
platformSettingScanCacheConcurrencyMax
|
Max Concurrent Scans
|
platformSettingScanOpenPortListId
|
Ports to scan
|
platformSettingSmartProtectionAntiMalwareGlobalServerProxyId
|
Use Proxy when accessing Smart Protection Service for Smart Scan
|
platformSettingSmartProtectionGlobalServerEnabled
|
Use Global Service for Census
|
platformSettingSmartProtectionGlobalServerProxyId
|
Use Proxy when accessing Global Service for Census
|
platformSettingSmartProtectionGlobalServerUseProxyEnabled
|
Use Proxy when accessing Global Service for Census
|
platformSettingTroubleshootingLoggingLevel
|
Logging Level
|
platformSettingUpgradeOnActivationEnabled
|
Automatically upgrade agents on activation
|
SAP Settings
|
|
sapSettingState (Default policy settings only)
|
Configuration
|
Sensing Mode Settings
|
|
sensingModeSettingActivityEnabled
|
Sensor Activity Enabled
|
sensingModeSettingIndicatorEnabled
|
Sensor Indicator Enabled
|
sensingModeSettingState (Default policy settings only)
|
Sensing Mode State
|
sensingModeSettingSyslogConfigId
|
Sensing Mode Configuration
|
Web Reputation Settings
|
|
webReputationSettingAlertingEnabled
|
Alert
|
webReputationSettingAllowedUrlDomains
|
Allowed Domain URLs
|
webReputationSettingAllowedUrls
|
Allowed Page URLs
|
webReputationSettingBlockedUrlDomains
|
Blocked Domain URLs
|
webReputationSettingBlockedUrlKeywords
|
Blocked Keywords
|
webReputationSettingBlockedUrls
|
Blocked Page URLs
|
webReputationSettingBlockingPageLink
|
Blocked Page Link
|
webReputationSettingCombinedModeProtectionSource
|
Web Reputation
|
webReputationSettingMonitorPortListId
|
Ports to monitor
|
webReputationSettingSecurityBlockUntestedPagesEnabled
|
Block Untested Pages
|
webReputationSettingSecurityLevel
|
Security Level
|
webReputationSettingSmartProtectionGlobalServerUseProxyEnabled
|
Use Proxy when accessing Smart Protection Service for Web Reputation
|
webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal
|
When off domain, connect to global Smart Protection Service. (Windows only)
|
webReputationSettingSmartProtectionLocalServerEnabled
|
Use Local Smart Protection Server for Web Reputation Service
|
webReputationSettingSmartProtectionLocalServerUrls
|
Local Smart Protection Servers for Web Reputation
|
webReputationSettingSmartProtectionServerConnectionLostWarningEnabled
|
Warn if connection to Smart Protection Server is lost
|
webReputationSettingSmartProtectionWebReputationGlobalServerProxyId
|
Use Proxy when accessing Smart Protection Service for Web Reputation
|
webReputationSettingState (Default policy settings only)
|
Web Reputation State
|
webReputationSettingSyslogConfigId
|
Web Reputation Syslog Configuration
|
System settings
Setting
|
Description
|
Anti-Malware Settings
|
|
antiMalwareSettingEventEmailBodyTemplate
|
Email Template
|
antiMalwareSettingEventEmailEnabled
|
Anti-Malware Email Notifications Enabled
|
antiMalwareSettingEventEmailRecipients
|
Email Recipients
|
antiMalwareSettingEventEmailSubject
|
Email Subject Text
|
antiMalwareSettingRetainEventDuration
|
Automatically delete Anti-Malware Events older than
|
Application Control Settings
|
|
applicationControlSettingRetainEventDuration
|
Automatically delete Application Control Events older than
|
applicationControlSettingServeRulesetsFromRelaysEnabled
|
Serve application control rulesets from relays
|
Firewall Settings
|
|
firewallSettingEventRankSeverityDeny
|
Deny
|
firewallSettingEventRankSeverityLogOnly
|
Log Only
|
firewallSettingEventRankSeverityPacketRejection
|
Packet Rejection
|
firewallSettingGlobalStatefulConfigId
|
Global Firewall Stateful Configuration
|
firewallSettingInternetConnectivityTestExpectedContentRegex
|
Regular Expression for returned content used to confirm
Connectivity
|
firewallSettingInternetConnectivityTestInterval
|
Test Interval
|
firewallSettingInternetConnectivityTestUrl
|
URL for testing Internet Connectivity Status
|
firewallSettingIntranetConnectivityTestExpectedContentRegex
|
Regular Expression for returned content used to confirm Intranet
Connectivity
|
firewallSettingIntranetConnectivityTestUrl
|
URL for testing Intranet Connectivity Status
|
firewallSettingRetainEventDuration
|
Automatically delete Firewall Events older than
|
Integrity Monitoring Settings
|
|
integrityMonitoringSettingEventRankSeverityCritical
|
Critical
|
integrityMonitoringSettingEventRankSeverityHigh
|
High
|
integrityMonitoringSettingEventRankSeverityLow
|
Low
|
integrityMonitoringSettingEventRankSeverityMedium
|
Medium
|
integrityMonitoringSettingRetainEventDuration
|
Automatically delete Integrity Monitoring Events older than
|
Intrusion Prevention Settings
|
|
intrusionPreventionSettingEventRankSeverityFilterCritical
|
Critical
|
intrusionPreventionSettingEventRankSeverityFilterError
|
Error
|
intrusionPreventionSettingEventRankSeverityFilterHigh
|
High
|
intrusionPreventionSettingEventRankSeverityFilterLow
|
Low
|
intrusionPreventionSettingEventRankSeverityFilterMedium
|
Medium
|
intrusionPreventionSettingRetainEventDuration
|
Automatically delete Intrusion Prevention Events older than
|
Log Inspection Settings
|
|
logInspectionSettingEventRankSeverityCritical
|
Critical
|
logInspectionSettingEventRankSeverityHigh
|
High
|
logInspectionSettingEventRankSeverityLow
|
Low
|
logInspectionSettingEventRankSeverityMedium
|
Medium
|
logInspectionSettingRetainEventDuration
|
Automatically delete Log Inspection Events older than
|
Platform Settings
|
|
platformSettingActiveSessionsMax
|
Number of concurrent sessions allowed per User
|
platformSettingActiveSessionsMaxExceededAction
|
Action when concurrent session limit is exceeded
|
platformSettingAgentInitiatedActivationDuplicateHostnameMode
|
If a computer already exists
|
platformSettingAgentInitiatedActivationEnabled
|
Allow Agent-Initiated Activation
|
platformSettingAgentInitiatedActivationPolicyId
|
Policy to assign (if Policy not assigned by activation
script):
|
platformSettingAgentInitiatedActivationReactivateClonedEnabled
|
Reactivate cloned Agents
|
platformSettingAgentInitiatedActivationReactivateUnknownEnabled
|
Reactivate unknown Agents
|
platformSettingAgentInitiatedActivationSpecifyHostnameEnabled
|
Allow Agent to specify hostname
|
platformSettingAgentInitiatedActivationWithinIpListId
|
Agent-Initiated Activation IP List
|
platformSettingAgentlessVcloudProtectionEnabled
|
Allow Appliance protection of vCloud VMs
|
platformSettingAlertAgentUpdatePendingThreshold
|
Length of time an Update can be pending before raising an
Alert
|
platformSettingAlertDefaultEmailAddress
|
Alert Email Address - The email address to which all alert emails
should be sent
|
platformSettingAwsManagerIdentityAccessKey
|
Access Key - The Access Key of an AWS User used for the manager
identity
|
platformSettingAwsManagerIdentitySecretKey
|
Secret Key - The Secret Access Key of an AWS User used for the
manager identity
|
platformSettingAwsManagerIdentityUseInstanceRoleEnabled
|
Use Instance Role
|
platformSettingCaptureEncryptedTrafficEnabled
|
Allow packet data capture on encrypted traffic (SSL)
|
platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey
|
API Key
|
platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl
|
Server URL (ex: "https://[server]/webapp")
|
platformSettingConnectedThreatDefenseControlManagerProxyId
|
Use Proxy when accessing Apex Central
|
platformSettingConnectedThreatDefenseControlManagerSourceOption
|
Suspicious Object List Source
|
platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled
|
Compare objects against Suspicious Object List
|
platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled
|
When accessing Apex Central, use proxy:
|
platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled
|
Use default server settings
|
platformSettingDdanAutoSubmissionEnabled
|
Enable automatic file submission
|
platformSettingDdanManualSourceApiKey
|
API Key
|
platformSettingDdanManualSourceServerUrl
|
Server URL (ex: "https://[server]/")
|
platformSettingDdanProxyId
|
Use Proxy when accessing Deep Discovery Analyzer
|
platformSettingDdanSourceOption
|
Deep Discovery Analyzer Source
|
platformSettingDdanSubmissionEnabled
|
Enable submission of suspicious files to Deep Discovery
Analyzer
|
platformSettingDdanUseProxyEnabled
|
When accessing Deep Discovery Analyzer, use proxy:
|
platformSettingDemoModeEnabled
|
Demo Mode Enabled
|
platformSettingEventForwardingSnsAccessKey
|
Access Key - The Access Key of an AWS User with access to the SNS
Topic
|
platformSettingEventForwardingSnsAdvancedConfigEnabled
|
Amazon SNS Advanced Configuration
|
platformSettingEventForwardingSnsConfigJson
|
Amazon SNS Configuration
|
platformSettingEventForwardingSnsEnabled
|
Publish Events to Amazon Simple Notification Service
|
platformSettingEventForwardingSnsSecretKey
|
Secret Key - The Secret Key of an AWS User with access to the SNS
Topic
|
platformSettingEventForwardingSnsTopicArn
|
SNS Topic ARN
|
platformSettingExportedDiagnosticPackageLocale
|
Exported Diagnostic Package Language
|
platformSettingExportedFileCharacterEncoding
|
Exported file Character Encoding
|
platformSettingInactiveAgentCleanupDuration
|
Delete Agents that have been inactive for:
|
platformSettingInactiveAgentCleanupEnabled
|
Delete Agents that have been inactive for:
|
platformSettingManagedDetectResponseCompanyGuid
|
Company GUID
|
platformSettingManagedDetectResponseEnabled
|
Enable the MDR service
|
platformSettingManagedDetectResponseProxyId
|
Use Proxy when accessing MDR server
|
platformSettingManagedDetectResponseServerUrl
|
Server URL (ex: "https://[server]/")
|
platformSettingManagedDetectResponseServiceToken
|
Service Token
|
platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled
|
Use default server settings
|
platformSettingManagedDetectResponseUseProxyEnabled
|
When accessing MDR server, use proxy:
|
platformSettingProxyAgentUpdateProxyId
|
Primary Security Update Proxy used by Agents, Appliances, and
Relays:
|
platformSettingRecommendationOngoingScansEnabled
|
Perform ongoing Recommendation Scans
|
platformSettingRetainAgentInstallersPerPlatformMax
|
Number of older software versions to keep per platform
|
platformSettingRetainCountersDuration
|
Automatically delete Counters older than
|
platformSettingRetainSecurityUpdatesMax
|
Number of older Rule Updates to keep
|
platformSettingRetainSystemEventDuration
|
Automatically delete System Events older than
|
platformSettingSamlIdentityProviderCertificateExpiryWarningDays
|
Warn when a SAML identity provider certificate will expire within
(days)
|
platformSettingSamlRetainInactiveExternalAdministratorsDuration
|
Automatically delete inactive identity provider users after
(days)
|
platformSettingSmartProtectionFeedbackBandwidthMaxKbytes
|
Maximum bandwidth:
|
platformSettingSmartProtectionFeedbackEnabled
|
Enable Trend Micro Smart Feedback (recommended)
|
platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled
|
Send suspicious file signatures along with feedback
|
platformSettingSmartProtectionFeedbackIndustryType
|
Your industry (optional):
|
platformSettingSmartProtectionFeedbackInterval
|
Feedback Interval (min)
|
platformSettingSmartProtectionFeedbackThreatDetectionsThreshold
|
Feedback Interval by threats
|
platformSettingSmtpBounceEmailAddress
|
"Bounce" email address (optional) - The email address to which delivery failure notifications
should be sent
|
platformSettingSmtpFromEmailAddress
|
"From" email address - The email address from which outgoing emails should be sent
|
platformSettingSmtpPassword
|
SMTP password
|
platformSettingSmtpRequiresAuthenticationEnabled
|
Mail server requires authentication
|
platformSettingSmtpServerAddress
|
SMTP mail server address (optionally include :port)
|
platformSettingSmtpStartTlsEnabled
|
STARTTLS
|
platformSettingSmtpUsername
|
SMTP username
|
platformSettingSyslogConfigId
|
Forward System Events to a remote computer (via Syslog) using
configuration
|
platformSettingSystemEventForwardingSnmpAddress
|
Hostname or IP address to which events should be sent
|
platformSettingSystemEventForwardingSnmpEnabled
|
Forward System Events to a remote computer (via SNMP)
|
platformSettingSystemEventForwardingSnmpPort
|
UDP port to which events should be sent
|
platformSettingTenantAllowImpersonationByPrimaryTenantEnabled
|
Allow Primary Tenant access to my Server & Workload Protection
Environment
|
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled
|
Automatically revoke Primary Tenant access after
|
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout
|
Automatically revoke Primary Tenant access after
|
platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled
|
Use the Primary Tenant Relay Group as my Default Relay Group
|
platformSettingTrendMicroXdrApiKey
|
API Key
|
platformSettingTrendMicroXdrApiServerUrl
|
API Server URL
|
platformSettingTrendMicroXdrApiUser
|
API User
|
platformSettingTrendMicroXdrCompanyId
|
Company ID
|
platformSettingTrendMicroXdrEnabled
|
Forward activity data to Trend Micro XDR data lake
|
platformSettingTrendMicroXdrLogServerUrl
|
Log Server URL
|
platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled
|
Allow Agents/Appliances to download security updates directly
from Primary Security Update Source if Relays are not
accessible
|
platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled
|
Allow Agents/Appliances to download security updates when
Server & Workload Protection is not accessible
|
platformSettingUpdateApplianceDefaultAgentVersion
|
Upon deployment, update Virtual Appliances to
|
platformSettingUpdateHostnameOnIpChangeEnabled
|
Update the "Hostname" entry if an IP is used as a hostname and a
change in IP is detected on the computer after
Agent/Appliance-initiated communication or discovery
|
platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled
|
Download Patterns for all Regions
|
platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled
|
Allow supported 8.0 and 9.0 Agents to be updated
|
platformSettingUpdateRulesPolicyAutoApplyEnabled
|
Automatically apply Rule Updates to Policies
|
platformSettingUpdateSecurityPrimarySourceMode
|
Relay Update Source
|
platformSettingUpdateSecurityPrimarySourceUrl
|
URL
|
platformSettingUpdateSoftwareAlternateUpdateServerUrls
|
Alternate Software Update Web Server(s)
|
platformSettingUserHideUnlicensedModulesEnabled
|
Hide unlicensed Protection Modules for new Users
|
platformSettingUserPasswordExpiry
|
User password expires
|
platformSettingUserPasswordExpirySendEmailEnabled
|
Send email when a user's password is about to expire
|
platformSettingUserPasswordLengthMin
|
User password minimum length
|
platformSettingUserPasswordRequireLettersAndNumbersEnabled
|
User password requires both letters and numbers
|
platformSettingUserPasswordRequireMixedCaseEnabled
|
User password requires both upper and lower case characters
|
platformSettingUserPasswordRequireNotSameAsUsernameEnabled
|
User password cannot match username or username spelled
backward
|
platformSettingUserPasswordRequireSpecialCharactersEnabled
|
User password requires non-alphanumeric characters
|
platformSettingUserSessionDurationMax
|
Maximum session duration
|
platformSettingUserSessionIdleTimeout
|
Session idle timeout
|
platformSettingUserSignInAttemptsAllowedNumber
|
Number of incorrect sign-in attempts allowed (before lock
out)
|
platformSettingWhoisUrl
|
Whois URL - The full URL to a Whois lookup with the IP
represented as [IP]
|
Web Reputation Settings
|
|
webReputationSettingEventRankRiskBlockedByAdministratorRank
|
Blocked By Administrator
|
webReputationSettingEventRankRiskDangerous
|
Dangerous
|
webReputationSettingEventRankRiskHighlySuspicious
|
Highly Suspicious
|
webReputationSettingEventRankRiskSuspicious
|
Suspicious
|
webReputationSettingEventRankRiskUntested
|
Untested
|
webReputationSettingRetainEventDuration
|
Automatically delete Web Reputation Events older than
|