To view system events, go to .
To configure system events, go to the tab. On this tab you can set whether to record individual events and
whether to forward them to a SIEM server. If you select Record, then
the event is saved to the database. If you deselect Record, then the
event won't appear under the Events & Reports tab (or anywhere in
Server & Workload Protection) and it won't be forwarded
either.
Depending on whether it's a system configuration change or security incident, each
log will appear in either the System Events sub-menu, or the sub-menu
corresponding to the event's protection module, such as Anti-Malware
Events.
These events sometimes also appear in the Status column on
Computers.
|
ID
|
Severity
|
Event
|
Description or Solution
|
|
0
|
Error
|
Unknown Error
|
|
|
100
|
Info
|
Workload Security Started
|
|
|
101
|
Info
|
License Changed
|
|
|
103
|
Warning
|
Check For Updates Failed
|
|
|
104
|
Warning
|
Automatic Software Download Failed
|
|
|
105
|
Warning
|
Scheduled Rule Update Download and Apply Failed
|
|
|
106
|
Info
|
Scheduled Rule Update Downloaded and Applied
|
|
|
107
|
Info
|
Rule Update Downloaded and Applied
|
|
|
108
|
Info
|
Script Executed
|
|
|
109
|
Error
|
Script Execution Failed
|
|
|
110
|
Info
|
System Events Exported
|
|
|
111
|
Info
|
Firewall Events Exported
|
|
|
112
|
Info
|
Intrusion Prevention Events Exported
|
|
|
113
|
Warning
|
Scheduled Rule Update Download Failed
|
|
|
114
|
Info
|
Scheduled Rule Update Downloaded
|
|
|
115
|
Info
|
Rule Update Downloaded
|
|
|
116
|
Info
|
Rule Update Applied
|
|
|
117
|
Info
|
Workload Security Shutdown
|
|
|
118
|
Warning
|
Workload Security Offline
|
|
|
119
|
Info
|
Workload Security Back Online
|
|
|
120
|
Error
|
Heartbeat Server Failed
|
The server within Server & Workload Protection that listens for incoming agent
heartbeats did not start. Check that Server & Workload Protection's incoming
heartbeat port number is not in use by another
application on the server. Once the port is free, the Server & Workload Protection's heartbeat server
should bind to it, and this error should be fixed.
|
|
121
|
Error
|
Scheduler Failed
|
|
|
122
|
Error
|
Manager Message Thread Failed
|
An internal thread has failed. There is no resolution for this
error. If it persists, please contact customer
support.
|
|
123
|
Info
|
Workload Security Forced Shutdown
|
|
|
124
|
Info
|
Rule Update Deleted
|
|
|
130
|
Info
|
Credentials Generated
|
|
|
140
|
Info
|
Discover Computers
|
|
|
141
|
Warning
|
Discover Computers Failed
|
|
|
142
|
Info
|
Discover Computers Requested
|
|
|
143
|
Info
|
Discover Computers Canceled
|
|
|
150
|
Info
|
System Settings Saved
|
|
|
151
|
Info
|
Software Added
|
|
|
152
|
Info
|
Software Deleted
|
|
|
153
|
Info
|
Software Updated
|
|
|
154
|
Info
|
Software Exported
|
|
|
155
|
Info
|
Software Platforms Changed
|
|
|
156
|
Error
|
Agent Installer Digital Signature Verification
Failed
|
'<agent>.zip' has been deleted because the digital
signature verification failed. The failure indicates that the
file may have been tampered with. Details:
<detailed_message>
Please contact Trend Micro support for more help.
See Check digital signatures on software packages for
details.
|
|
157
|
Info
|
Agent Version Control Setting Changed
|
|
|
161
|
Info
|
Rule Update Exported
|
|
|
162
|
Info
|
Log Inspection Events Exported
|
|
|
163
|
Info
|
Anti-Malware Event Exported
|
|
|
164
|
Info
|
Security Update Successful
|
|
|
165
|
Error
|
Security Update Failed
|
|
|
166
|
Info
|
Check for New Software Success
|
|
|
167
|
Error
|
Check for New Software Failed
|
|
|
168
|
Info
|
Manual Security Update Successful
|
|
|
169
|
Error
|
Manual Security Update Failed
|
|
|
170
|
Error
|
Manager Available Disk Space Too Low
|
The manager does not have enough free disk space to function
and will shut down.
|
|
171
|
Info
|
Anti-Malware Spyware Item Exported
|
|
|
172
|
Info
|
Web Reputation Events Exported
|
|
|
173
|
Info
|
Anti-Malware Identified Files List Exported
|
|
|
174
|
Info
|
Anti-Malware Unauthorized Change Targeted Item Exported
|
|
|
175
|
Info
|
Creating Heap Dump
|
|
|
176
|
Info
|
Heap Dump Created
|
|
|
177
|
Error
|
Failed to create Heap Dump
|
|
|
180
|
Info
|
Alert Type Updated
|
|
|
190
|
Info
|
Alert Started
|
|
|
191
|
Info
|
Alert Changed
|
|
|
192
|
Info
|
Alert Ended
|
|
|
197
|
Info
|
Alert Emails Sent
|
|
|
198
|
Warning
|
Alert Emails Failed
|
An alert email could not be sent.
|
|
199
|
Error
|
Alert Processing Failed
|
The current alert status could be inaccurate because an alert
was not completely processed. If the problem persists, contact
your support provider.
|
|
200
|
Info
|
Dismissing Alert on All Hosts Started
|
|
|
201
|
Info
|
Dismissing Alert on All Hosts Finished
|
|
|
202
|
Error
|
Dismissing Alert on All Hosts Failed
|
|
|
247
|
Warning
|
Agent Integrity Check Failed
|
|
|
248
|
Info
|
Software Update: Disable Relay Requested
|
|
|
249
|
Info
|
Software Update: Enable Relay Requested
|
|
|
250
|
Info
|
Computer Created
|
|
|
251
|
Info
|
Computer Deleted
|
|
|
252
|
Info
|
Computer Updated
|
|
|
253
|
Info
|
Policy Assigned to Computer
|
|
|
254
|
Info
|
Computer Moved
|
|
|
255
|
Info
|
Activation Requested
|
|
|
256
|
Info
|
Send Policy Requested
|
|
|
259
|
Info
|
Deactivation Requested
|
|
|
260
|
Info
|
Scan for Open Ports
|
|
|
261
|
Warning
|
Scan for Open Ports Failed
|
|
|
262
|
Info
|
Scan for Open Ports Requested
|
|
|
263
|
Info
|
Scan for Open Ports Canceled
|
|
|
264
|
Info
|
Agent Software Upgrade Requested
|
|
|
265
|
Info
|
Agent Software Upgrade Cancelled
|
|
|
266
|
Info
|
Warnings/Errors Cleared
|
|
|
267
|
Info
|
Check Status Requested
|
|
|
268
|
Info
|
Get Events Requested
|
|
|
269
|
Info
|
Computer Added to Cloud Connector
|
|
|
270
|
Error
|
Computer Creation Failed
|
|
|
271
|
Info
|
Agent Software Upgrade Timed Out
|
|
|
272
|
Info
|
Appliance Software Upgrade Timed Out
|
|
|
273
|
Info
|
Security Update: Security Update Check and Download
Requested
|
|
|
274
|
Info
|
Security Update: Security Update Rollback
Requested
|
|
|
275
|
Warning
|
Duplicate Computer
|
|
|
276
|
Info
|
Update: Summary Information
|
|
|
277
|
Info
|
Upgrade on Activation Skipped
|
The agent was eligible for an automatic upgrade, but the
upgrade did not occur. For more information, see Automatically upgrade agents on
activation.
|
|
278
|
Info
|
Software Update: Reboot to Complete Agent Software
Upgrade
|
|
|
280
|
Info
|
Computers Exported
|
|
|
281
|
Info
|
Computers Imported
|
|
|
286
|
Info
|
Computer Log Exported
|
|
|
287
|
Info
|
Relay Group Assigned to Computer
|
|
|
290
|
Info
|
Group Added
|
|
|
291
|
Info
|
Group Removed
|
|
|
292
|
Info
|
Group Updated
|
|
|
293
|
Info
|
Interface Renamed
|
|
|
294
|
Info
|
Computer Bridge Renamed
|
|
|
295
|
Info
|
Interface Deleted
|
|
|
296
|
Info
|
Interface IP Deleted
|
|
|
297
|
Info
|
Recommendation Scan Requested
|
|
|
298
|
Info
|
Recommendations Cleared
|
|
|
299
|
Info
|
Asset Value Assigned to Computer
|
|
|
300
|
Info
|
Recommendation Scan Completed
|
|
|
301
|
Info
|
Agent Software Deployment Requested
|
|
|
302
|
Info
|
Agent Software Removal Requested
|
|
|
303
|
Info
|
Computer Renamed
|
|
|
304
|
Info
|
Computer Moved To Datacenter
|
|
|
305
|
Info
|
Scan for Integrity Requested
|
|
|
306
|
Info
|
Rebuild Baseline Requested
|
|
|
307
|
Info
|
Cancel Update Requested
|
|
|
308
|
Info
|
Integrity Monitoring Rule Compile Issue
|
|
|
309
|
Info
|
Integrity Monitoring Rule Compile Issue Resolved
|
|
|
310
|
Info
|
Directory Added
|
|
|
311
|
Info
|
Directory Removed
|
|
|
312
|
Info
|
Directory Updated
|
|
|
320
|
Info
|
Directory Synchronization
|
|
|
321
|
Info
|
Directory Synchronization Finished
|
|
|
322
|
Error
|
Directory Synchronization Failed
|
|
|
323
|
Info
|
Directory Synchronization Requested
|
|
|
324
|
Info
|
Directory Synchronization Cancelled
|
|
|
325
|
Info
|
User Synchronization
|
Synchronization of the user accounts with Microsoft Active
Directory has been started.
|
|
326
|
Info
|
User Synchronization Finished
|
Synchronization of the user accounts with Microsoft Active
Directory has completed.
|
|
327
|
Error
|
User Synchronization Failed
|
|
|
328
|
Info
|
User Synchronization Requested
|
|
|
329
|
Info
|
User Synchronization Cancelled
|
|
|
330
|
Info
|
SSL Configuration Created
|
|
|
331
|
Info
|
SSL Configuration Deleted
|
|
|
332
|
Info
|
SSL Configuration Updated
|
|
|
333
|
Info
|
Host Merge Finished
|
|
|
334
|
Error
|
Host Merge Failed
|
|
|
338
|
Warning
|
Directory Synchronization Limit Exceeded
|
|
|
350
|
Info
|
Policy Created
|
|
|
351
|
Info
|
Policy Deleted
|
|
|
352
|
Info
|
Policy Updated
|
|
|
353
|
Info
|
Policies Exported
|
|
|
354
|
Info
|
Policies Imported
|
|
|
355
|
Info
|
Scan for Recommendations Canceled
|
|
|
356
|
Error
|
Secure Boot Public Key Not Enrolled
|
This error can occur if the public key required to check the
signature on the Trend Micro kernel module is not successfully
enrolled on the agent computer.
For details, see Linux Secure Boot support for agents.
|
|
357
|
Error
|
Secure Boot 'On' Not Supported
|
The agent does not support this OS with Secure Boot enabled.
For details, see Linux Secure Boot support for agents.
|
|
358
|
Error
|
Policies Import Failed
|
|
|
360
|
Info
|
VMware vCenter Added
|
|
|
361
|
Info
|
VMware vCenter Removed
|
|
|
362
|
Info
|
VMware vCenter Updated
|
|
|
363
|
Info
|
VMware vCenter Synchronization
|
|
|
364
|
Info
|
VMware vCenter Synchronization Finished
|
|
|
365
|
Error
|
VMware vCenter Synchronization Failed
|
|
|
366
|
Info
|
VMware vCenter Synchronization Requested
|
|
|
367
|
Info
|
VMware vCenter Synchronization Cancelled
|
|
|
368
|
Warning
|
Interfaces Out of Sync
|
|
|
369
|
Info
|
Interfaces in Sync
|
|
|
370
|
Info
|
Filter Driver Installed
|
|
|
371
|
Info
|
Filter Driver Removed
|
|
|
372
|
Info
|
Filter Driver Upgraded
|
|
|
376
|
Warning
|
Virtual Machine Moved to Unprotected ESXi
|
|
|
382
|
Info
|
Filter Driver Update Requested
|
|
|
384
|
Warning
|
Prepare ESXi Failed
|
|
|
385
|
Warning
|
Filter Driver Update Failed
|
|
|
386
|
Warning
|
Removal of Filter Driver from ESXi Failed
|
|
|
387
|
Error
|
Connection to Filter Driver Failure
|
|
|
393
|
Error
|
Anti-Malware Engine Offline
|
|
|
394
|
Info
|
Anti-Malware Engine Back Online
|
|
|
410
|
Info
|
Firewall Rule Created
|
|
|
411
|
Info
|
Firewall Rule Deleted
|
|
|
412
|
Info
|
Firewall Rule Updated
|
|
|
413
|
Info
|
Firewall Rule Exported
|
|
|
414
|
Info
|
Firewall Rule Imported
|
|
|
420
|
Info
|
Firewall Stateful Configuration Created
|
|
|
421
|
Info
|
Firewall Stateful Configuration Deleted
|
|
|
422
|
Info
|
Firewall Stateful Configuration Updated
|
|
|
423
|
Info
|
Firewall Stateful Configuration Exported
|
|
|
424
|
Info
|
Firewall Stateful Configuration Imported
|
|
|
460
|
Info
|
Application Type Created
|
An administrator configured a new IPSnetwork
application definition.
|
|
461
|
Info
|
Application Type Deleted
|
An administrator removed an IPSnetwork application
definition.
|
|
462
|
Info
|
Application Type Updated
|
An administrator changed an existing IPSnetwork
application definition.
|
|
463
|
Info
|
Application Type Exported
|
An administrator downloaded an IPS network application
definition.
|
|
464
|
Info
|
Application Type Imported
|
An administrator uploaded an IPS network application
definition.
|
|
470
|
Info
|
Intrusion Prevention Rule Created
|
|
|
471
|
Info
|
Intrusion Prevention Rule Deleted
|
|
|
472
|
Info
|
Intrusion Prevention Rule Updated
|
|
|
473
|
Info
|
Intrusion Prevention Rule Exported
|
|
|
474
|
Info
|
Intrusion Prevention Rule Imported
|
|
|
480
|
Info
|
Integrity Monitoring Rule Created
|
|
|
481
|
Info
|
Integrity Monitoring Rule Deleted
|
|
|
482
|
Info
|
Integrity Monitoring Rule Updated
|
|
|
483
|
Info
|
Integrity Monitoring Rule Exported
|
|
|
484
|
Info
|
Integrity Monitoring Rule Imported
|
|
|
490
|
Info
|
Log Inspection Rule Created
|
|
|
491
|
Info
|
Log Inspection Rule Deleted
|
|
|
492
|
Info
|
Log Inspection Rule Updated
|
|
|
493
|
Info
|
Log Inspection Rule Exported
|
|
|
494
|
Info
|
Log Inspection Rule Imported
|
|
|
495
|
Info
|
Log Inspection Decoder Created
|
|
|
496
|
Info
|
Log Inspection Decoder Deleted
|
|
|
497
|
Info
|
Log Inspection Decoder Updated
|
|
|
498
|
Info
|
Log Inspection Decoder Exported
|
|
|
499
|
Info
|
Log Inspection Decoder Imported
|
|
|
505
|
Info
|
Context Created
|
|
|
506
|
Info
|
Context Deleted
|
|
|
507
|
Info
|
Context Updated
|
|
|
508
|
Info
|
Context Exported
|
|
|
509
|
Info
|
Context Imported
|
|
|
510
|
Info
|
IP List Created
|
|
|
511
|
Info
|
IP List Deleted
|
|
|
512
|
Info
|
IP List Updated
|
|
|
513
|
Info
|
IP List Exported
|
|
|
514
|
Info
|
IP List Imported
|
|
|
520
|
Info
|
Port List Created
|
|
|
521
|
Info
|
Port List Deleted
|
|
|
522
|
Info
|
Port List Updated
|
|
|
523
|
Info
|
Port List Exported
|
|
|
524
|
Info
|
Port List Imported
|
|
|
525
|
Info
|
Scan Cache Configuration Created
|
|
|
526
|
Info
|
Scan Cache Configuration Exported
|
|
|
527
|
Info
|
Scan Cache Configuration Updated
|
|
|
530
|
Info
|
MAC List Created
|
|
|
531
|
Info
|
MAC List Deleted
|
|
|
532
|
Info
|
MAC List Updated
|
|
|
533
|
Info
|
MAC List Exported
|
|
|
534
|
Info
|
MAC List Imported
|
|
|
540
|
Info
|
Proxy Created
|
|
|
541
|
Info
|
Proxy Deleted
|
|
|
542
|
Info
|
Proxy Updated
|
|
|
543
|
Info
|
Proxy Exported
|
|
|
544
|
Info
|
Proxy Imported
|
|
|
550
|
Info
|
Schedule Created
|
|
|
551
|
Info
|
Schedule Deleted
|
|
|
552
|
Info
|
Schedule Updated
|
|
|
553
|
Info
|
Schedule Exported
|
|
|
554
|
Info
|
Schedule Imported
|
|
|
560
|
Info
|
Scheduled Task Created
|
|
|
561
|
Info
|
Scheduled Task Deleted
|
|
|
562
|
Info
|
Scheduled Task Updated
|
|
|
563
|
Info
|
Scheduled Task Manually Executed
|
|
|
564
|
Info
|
Scheduled Task Started
|
|
|
565
|
Info
|
Backup Finished
|
|
|
566
|
Error
|
Backup Failed
|
|
|
567
|
Info
|
Sending Outstanding Alert Summary
|
|
|
568
|
Warning
|
Failed To Send Outstanding Alert Summary
|
|
|
569
|
Warning
|
Email Failed
|
An e-mail notification could not be sent.
|
|
570
|
Info
|
Sending Report
|
|
|
571
|
Warning
|
Failed To Send Report
|
|
|
572
|
Error
|
Invalid Report Jar
|
|
|
573
|
Info
|
Asset Value Created
|
|
|
574
|
Info
|
Asset Value Deleted
|
|
|
575
|
Info
|
Asset Value Updated
|
|
|
576
|
Error
|
Report Uninstall Failed
|
|
|
577
|
Error
|
Report Uninstalled
|
|
|
578
|
Warning
|
Integrity Monitoring Rules Require Configuration
|
|
|
580
|
Warning
|
Application Type Port List Misconfiguration
|
|
|
581
|
Warning
|
Application Type Port List Misconfiguration
Resolved
|
|
|
582
|
Warning
|
Intrusion Prevention Rules Require Configuration
|
|
|
583
|
Info
|
Intrusion Prevention Rules Require Configuration
Resolved
|
|
|
584
|
Warning
|
Application Types Require Configuration
|
IPS rules require network application definitions, and cannot
correctly scan traffic until you define them.
|
|
585
|
Info
|
Integrity Monitoring Rules Require Configuration
Resolved
|
|
|
586
|
Warning
|
Log Inspection Rules Require Configuration
|
|
|
587
|
Info
|
Log Inspection Rules Require Configuration
Resolved
|
|
|
588
|
Warning
|
Log Inspection Rules Require Log Files
|
|
|
589
|
Info
|
Log Inspection Rules Require Log Files Resolved
|
|
|
590
|
Warning
|
Scheduled Task Unknown Type
|
|
|
591
|
Info
|
Relay Group Created
|
|
|
592
|
Info
|
Relay Group Updated
|
|
|
593
|
Info
|
Relay Group Deleted
|
|
|
594
|
Info
|
Event-Based Task Created
|
|
|
595
|
Info
|
Event-Based Task Deleted
|
|
|
596
|
Info
|
Event-Based Task Updated
|
|
|
597
|
Info
|
Event-Based Task Triggered
|
|
|
600
|
Info
|
User Signed In
|
|
|
601
|
Info
|
User Signed Out
|
|
|
602
|
Info
|
User Timed Out
|
|
|
609
|
Error
|
User Made Invalid Request
|
Server & Workload Protection received invalid request to access audit data
(events). Access was denied.
|
|
610
|
Info
|
User Session Validated
|
|
|
611
|
Info
|
User Viewed Firewall Event
|
|
|
613
|
Info
|
User Viewed Intrusion Prevention Event
|
|
|
615
|
Info
|
User Viewed System Event
|
|
|
616
|
Info
|
User Viewed Integrity Monitoring Event
|
|
|
617
|
Info
|
User Viewed Log Inspection Event
|
|
|
618
|
Info
|
User Viewed Identified File Detail
|
|
|
619
|
Info
|
User Viewed Anti-Malware Event
|
|
|
620
|
Info
|
User Viewed Web Reputation Event
|
|
|
630
|
Info
|
Syslog Configuration Created
|
|
|
631
|
Info
|
Syslog Configuration Deleted
|
|
|
632
|
Info
|
Syslog Configuration Updated
|
|
|
633
|
Info
|
Syslog Configuration Exported
|
|
|
634
|
Info
|
Syslog Configuration Imported
|
|
|
650
|
Info
|
User Created
|
|
|
651
|
Info
|
User Deleted
|
|
|
656
|
Info
|
API Key Created
|
|
|
657
|
Info
|
API Key Deleted
|
|
|
658
|
Info
|
API Key Updated
|
|
|
660
|
Info
|
Role Created
|
|
|
661
|
Info
|
Role Deleted
|
|
|
662
|
Info
|
Role Updated
|
|
|
670
|
Info
|
Contact Created
|
|
|
671
|
Info
|
Contact Deleted
|
|
|
672
|
Info
|
Contact Updated
|
|
|
673
|
Info
|
API Key Locked Out
|
|
|
674
|
Info
|
API Key Unlocked
|
|
|
675
|
Error
|
API Key Session Validation Failed
|
|
|
678
|
Info
|
API Key Expired
|
|
|
700
|
Info
|
Agent Software Installed
|
|
|
701
|
Error
|
Agent Software Installation Failed
|
|
|
702
|
Info
|
Credentials Generated
|
|
|
703
|
Error
|
Credential Generation Failed
|
|
|
704
|
Info
|
Activated
|
|
|
705
|
Error
|
Activation Failed
|
This can occur if agent self-protection is enabled. In the Server & Workload Protection console, go to
Computer editor > Settings > General. In
Agent Self Protection, and then either deselect
Prevent local end-users from uninstalling, stopping,
or otherwise modifying the Agent or enter a password
for local override.
|
|
706
|
Info
|
Software Update: Agent Software Upgraded
|
|
|
707
|
Warning
|
Software Update: Agent Software Upgrade Failed
|
Refer to the event details for more information about why the
upgrade was not successful.
|
|
708
|
Info
|
Deactivated
|
|
|
709
|
Error
|
Deactivation Failed
|
|
|
710
|
Info
|
Events Retrieved
|
|
|
711
|
Info
|
Agent Software Deployed
|
|
|
712
|
Error
|
Agent Software Deployment Failed
|
This can occur if agent self-protection is enabled. In the Server & Workload Protection console, go to
Computer editor > Settings > General. In
Agent Self Protection, and then either deselect
Prevent local end-users from uninstalling, stopping,
or otherwise modifying the Agent or enter a password
for local override.
|
|
713
|
Info
|
Agent Software Removed
|
|
|
714
|
Error
|
Agent Software Removal Failed
|
This can occur if agent self-protection is enabled. In the Server & Workload Protection console, go to
Computer editor > Settings > General. In
Agent Self Protection, and then either deselect
Prevent local end-users from uninstalling, stopping,
or otherwise modifying the Agent or enter a password
for local override.
|
|
715
|
Info
|
Agent/Appliance Version Changed
|
|
|
716
|
Info
|
Reactivation Attempted by Unknown Agent
|
An agent that is currently unknown to Server & Workload Protection has attempted
reactivation. This usually happens when a computer was deleted
from Server & Workload Protection without first
removing the agent on the computer. For more information, see
the 'Reactivation Attempted by Unknown Agent' section in Agent settings.
|
|
720
|
Info
|
Policy Sent
|
Agent/Appliance updated.
|
|
721
|
Error
|
Send Policy Failed
|
|
|
722
|
Warning
|
Get Interfaces Failed
|
|
|
723
|
Info
|
Get Interfaces Failure Resolved
|
|
|
724
|
Warning
|
Insufficient Disk Space
|
An agent detected low disk space. Free space on the computer.
See Warning: Insufficient disk space.
|
|
725
|
Warning
|
Events Suppressed
|
|
|
726
|
Warning
|
Get Agent/Appliance Events Failed
|
Server & Workload Protection was unable to retrieve events from the agent. This
error does not mean that the data was lost on the agent. This
error is normally caused by a network interruption while events
are being transferred. Clear the error and run a "Check Status"
to retry the operation.
|
|
727
|
Info
|
Get Agent/Appliance Events Failure Resolved
|
|
|
728
|
Error
|
Get Events Failed
|
Server & Workload Protection was unable to retrieve audit data from the agent.
This error does not mean that the data was lost on the agent.
This error is normally caused by a network interruption while
events are being transferred. Clear the error and run a "Get
Events Now" to retry the operation.
|
|
729
|
Info
|
Get Events Failure Resolved
|
|
|
730
|
Error
|
Offline
|
Server & Workload Protection cannot communicate with Computer. Usually, however,
the offline agent is still protecting the computer with its last
configured settings. See Computer and Agent/Appliance Status and
"Offline" agent.
|
|
731
|
Info
|
Back Online
|
|
|
732
|
Error
|
Firewall Engine Offline
|
The Firewall Engine is offline and traffic is flowing
unfiltered. This is normally due to an error during installation
or verification of the driver on the computer's OS platform.
Check the status of the network driver at the computer to ensure
it is properly loaded.
|
|
733
|
Info
|
Firewall Engine Back Online
|
|
|
734
|
Warning
|
Computer Clock Change
|
A clock change has occurred on the Computer which exceeds the
maximum allowed specified in Computer or Policy editor >
Settings > General > Heartbeat area. Investigate what has
caused the clock change on the computer.
|
|
735
|
Warning
|
Misconfiguration Detected
|
The Agent's configuration does not match the configuration
indicated in the Manager's records. This is typically because of
a recent backup restoration of the Manager or the Agent.
Unanticipated misconfiguration warnings should be
investigated.
|
|
736
|
Info
|
Check Status Failure Resolved
|
|
|
737
|
Error
|
Check Status Failed
|
|
|
738
|
Error
|
Intrusion Prevention Engine Offline
|
The Intrusion Prevention Engine is offline and traffic is
flowing unfiltered. This is normally due to an error during
installation or verification of the driver on the computer's OS
platform. Check the status of the network driver at the computer
to ensure it is properly loaded.
|
|
739
|
Info
|
Intrusion Prevention Engine Back Online
|
|
|
740
|
Error
|
Agent/Appliance Error
|
|
|
741
|
Warning
|
Abnormal Restart Detected
|
|
|
742
|
Warning
|
Communications Problem
|
The Agent is having problems communicating its status to
Manager. It usually indicates network or load congestion in the
Agent --> Manager direction. Further investigation is
warranted if the situation persists
|
|
743
|
Info
|
Communications Problem Resolved
|
|
|
745
|
Warning
|
Events Truncated
|
|
|
748
|
Error
|
Log Inspection Engine Offline
|
|
|
749
|
Info
|
Log Inspection Engine Back Online
|
|
|
750
|
Warning
|
Last Automatic Retry
|
|
|
755
|
Info
|
Workload Security Version Compatibility Resolved
|
|
|
756
|
Warning
|
Workload Security Upgrade Recommended (Incompatible Security Update(s))
|
|
|
760
|
Info
|
Agent/Appliance Version Compatibility Resolved
|
|
|
761
|
Warning
|
Agent/Appliance Upgrade Recommended
|
|
|
762
|
Warning
|
Agent/Appliance Upgrade Required
|
|
|
763
|
Error
|
Incompatible Agent/Appliance Version
|
|
|
764
|
Warning
|
Agent/Appliance Upgrade Recommended (Incompatible Security
Update(s))
|
|
|
765
|
Error
|
Computer Reboot Required
|
|
|
766
|
Warning
|
Network Engine Mode Configuration Incompatibility
|
|
|
767
|
Warning
|
Network Engine Mode Version Incompatibility
|
|
|
768
|
Warning
|
Network Engine Mode Incompatibility Resolved
|
|
|
770
|
Warning
|
Agent/Appliance Heartbeat Rejected
|
|
|
771
|
Warning
|
Contact by Unrecognized Client
|
|
|
780
|
Info
|
Recommendation Scan Failure Resolved
|
|
|
781
|
Warning
|
Recommendation Scan Failure
|
|
|
782
|
Info
|
Rebuild Baseline Failure Resolved
|
|
|
783
|
Warning
|
Rebuild Baseline Failure
|
|
|
784
|
Info
|
Security Update: Security Update Check and Download
Successful
|
|
|
785
|
Warning
|
Security Update: Security Update Check and Download
Failed
|
|
|
786
|
Info
|
Scan For Change Failure Resolved
|
|
|
787
|
Warning
|
Scan For Change Failure
|
|
|
790
|
Info
|
Agent-Initiated Activation Requested
|
|
|
791
|
Warning
|
Agent-Initiated Activation Failure
|
|
|
792
|
Info
|
Manual Malware Scan Failure Resolved
|
|
|
793
|
Warning
|
Manual Malware Scan Failure
|
A Malware Scan has failed. Use the VMware vCenter console to
check the status of the VM on which the scan failed. See also
Anti-Malware scan failure events.
|
|
794
|
Info
|
Scheduled Malware Scan Failure Resolved
|
|
|
795
|
Warning
|
Scheduled Malware Scan Failure
|
A scheduled Malware Scan has failed. Use the VMware vCenter
console to check the status of the VM on which the scan failed.
See also Anti-Malware scan failure events.
|
|
796
|
Warning
|
Scheduled Malware Scan Task has been Missed
|
This occurs when a scheduled Malware Scan is initiated on a
computer when a previous scan is still pending. This typically
indicates that Malware Scans are being scheduled too
frequently.
|
|
797
|
Info
|
Malware Scan Cancellation Failure Resolved
|
|
|
798
|
Warning
|
Malware Scan Cancellation Failure
|
A Malware Scan cancellation has failed. Use the VMware vCenter
console to check the status of the VM on which the scan
failed.
|
|
799
|
Warning
|
Malware Scan Stalled
|
A Malware Scan has stalled. Use the VMware vCenter console to
check the status of the VM on which the scan
stalled.
|
|
800
|
Info
|
Alert Dismissed
|
|
|
801
|
Info
|
Error Dismissed
|
|
|
803
|
Warning
|
Agent Configuration Package too Large
|
|
|
804
|
Error
|
Intrusion Prevention Rule Compiler Failed
|
|
|
805
|
Error
|
Intrusion Prevention Rules Failed to Compile
|
|
|
806
|
Error
|
Intrusion Prevention Rules Failed to Compile
|
|
|
850
|
Warning
|
Reconnaissance Detected: Computer OS Fingerprint
Probe
|
|
|
851
|
Warning
|
Reconnaissance Detected: Network or Port Scan
|
|
|
852
|
Warning
|
Reconnaissance Detected: TCP Null Scan
|
|
|
853
|
Warning
|
Reconnaissance Detected: TCP SYNFIN Scan
|
|
|
854
|
Warning
|
Reconnaissance Detected: TCP Xmas Scan
|
|
|
910
|
Info
|
Diagnostic Package Generated
|
|
|
911
|
Info
|
Diagnostic Package Exported
|
|
|
912
|
Info
|
Diagnostic Package Uploaded
|
|
|
913
|
Error
|
Automatic Diagnostic Package Error
|
|
|
914
|
Info
|
Identified File Deletion Succeeded
|
|
|
915
|
Info
|
Identified File Deletion Failed
|
|
|
916
|
Info
|
Identified File Download Succeeded
|
|
|
917
|
Info
|
Identified File Download Failed
|
|
|
918
|
Info
|
Identified File Administration Utility Download
Succeeded
|
|
|
919
|
Info
|
Identified File Not Found
|
|
|
924
|
Warning
|
File cannot be analyzed or quarantined (VM maximum disk space
used to store identified files exceeded)
|
The Anti-Malware module was unable to analyze or quarantine a
file because the VM maximum disk space used to store identified
files was reached. To change the maximum disk space for
identified files setting, open the computer or policy editor and
go to the Anti-malware > Advanced tab.
|
|
925
|
Warning
|
File cannot be analyzed or quarantined (maximum disk space
used to store identified files exceeded)
|
The Anti-Malware module was unable to analyze or quarantine a
file because the maximum disk space used to store identified
files was reached. To change the maximum disk space for
identified files setting, open the computer or policy editor and
go to the Anti-malware > Advanced tab.
|
|
926
|
Warning
|
Smart Protection Server Disconnected for Smart
Scan
|
|
|
927
|
Info
|
Smart Protection Server Connected for Smart Scan
|
|
|
928
|
Info
|
Identified File Restoration Succeeded
|
|
|
929
|
Warning
|
Identified File Restoration Failed
|
|
|
930
|
Info
|
Certificate Accepted
|
|
|
931
|
Info
|
Certificate Deleted
|
|
|
932
|
Warning
|
Smart Protection Server Disconnected for Web
Reputation
|
|
|
933
|
Info
|
Smart Protection Server Connected for Web
Reputation
|
|
|
934
|
Info
|
Software Update: Anti-Malware Windows Platform Update
Successful
|
|
|
935
|
Error
|
Software Update: Anti-Malware Windows Platform Update
Failed
|
|
|
936
|
Info
|
Submission of identified file to Deep Discovery Analyzer
succeeded
|
|
|
937
|
Info
|
Submission of identified file to Deep Discovery Analyzer
failed
|
|
|
938
|
Info
|
Identified File Submission Queued
|
|
|
940
|
Info
|
Auto-Tag Rule Created
|
|
|
941
|
Info
|
Auto-Tag Rule Deleted
|
|
|
942
|
Info
|
Auto-Tag Rule Updated
|
|
|
943
|
Info
|
Tag Deleted
|
|
|
944
|
Info
|
Tag Created
|
|
|
945
|
Warning
|
Census, Good File Reputation, and Predictive Machine Learning
Service Disconnected
|
|
|
946
|
Info
|
Census, Good File Reputation, and Predictive Machine Learning
Service Connected
|
|
|
947
|
Info
|
FIPS Mode Enabled
|
|
|
948
|
Info
|
FIPS Mode Disabled
|
|
|
949
|
Warning
|
Computer reboot is required to complete the Deep Security
Agent installation with Windows installer
|
A computer reboot is required to complete the agent
installation with Windows installer.
|
|
950
|
Warning
|
A computer reboot is required to enable Deep Security Agent
protection
|
A computer reboot is required to disable Windows Defender and
enable agent protection.
|
|
970
|
Info
|
Command Line Utility Started
|
|
|
978
|
Info
|
Command Line Utility Failed
|
|
|
979
|
Info
|
Command Line Utility Shutdown
|
Server & Workload Protection was manually stopped.
|
|
995
|
Info
|
Connection to the Certified Safe Software Service has been
restored
|
|
|
996
|
Warning
|
Unable to connect to the Certified Safe Software
Service
|
|
|
997
|
Error
|
Tagging Error
|
|
|
998
|
Error
|
System Event Notification Error
|
|
|
999
|
Error
|
Internal Software Error
|
|
|
1110
|
Error
|
Software Package Not Found
|
Agent software package was not found or a newer package is
required.
|
|
1111
|
Info
|
Software Package Found
|
|
|
1112
|
Error
|
Kernel Unsupported
|
The Linux driver cannot be installed because your computer may
have been upgraded to an unsupported kernel. For more
information, see Agent Linux kernel support.
|
|
1500
|
Info
|
Malware Scan Configuration Created
|
|
|
1501
|
Info
|
Malware Scan Configuration Deleted
|
|
|
1502
|
Info
|
Malware Scan Configuration Updated
|
|
|
1503
|
Info
|
Malware Scan Configuration Exported
|
|
|
1504
|
Info
|
Malware Scan Configuration Imported
|
|
|
1505
|
Info
|
Directory List Created
|
|
|
1506
|
Info
|
Directory List Deleted
|
|
|
1507
|
Info
|
Directory List Updated
|
|
|
1508
|
Info
|
Directory List Exported
|
|
|
1509
|
Info
|
Directory List Imported
|
|
|
1510
|
Info
|
File Extension List Created
|
|
|
1511
|
Info
|
File Extension List Deleted
|
|
|
1512
|
Info
|
File Extension List Updated
|
|
|
1513
|
Info
|
File Extension List Exported
|
|
|
1514
|
Info
|
File Extension List Imported
|
|
|
1515
|
Info
|
File List Created
|
|
|
1516
|
Info
|
File List Deleted
|
|
|
1517
|
Info
|
File List Updated
|
|
|
1518
|
Info
|
File List Exported
|
|
|
1519
|
Info
|
File List Imported
|
|
|
1520
|
Info
|
Manual Malware Scan Pending
|
|
|
1521
|
Info
|
Manual Malware Scan Started
|
|
|
1522
|
Info
|
Manual Malware Scan Completed
|
|
|
1523
|
Info
|
Scheduled Malware Scan Started
|
|
|
1524
|
Info
|
Scheduled Malware Scan Completed
|
|
|
1525
|
Info
|
Manual Malware Scan Cancellation In Progress
|
|
|
1526
|
Info
|
Manual Malware Scan Cancellation
|
This event can have several causes. See Anti-Malware scan failure events.
|
|
1527
|
Info
|
Scheduled Malware Scan Cancellation In Progress
|
|
|
1528
|
Info
|
Scheduled Malware Scan Cancellation
|
This event can have several causes. See Anti-Malware scan failure events.
|
|
1529
|
Info
|
Manual Malware Scan Paused
|
|
|
1530
|
Info
|
Manual Malware Scan Resumed
|
|
|
1531
|
Info
|
Scheduled Malware Scan Paused
|
|
|
1532
|
Info
|
Scheduled Malware Scan Resumed
|
|
|
1533
|
Info
|
A computer reboot is required to complete an Anti-Malware
cleanup or restoration task
|
A computer reboot is required to complete an Anti-Malware
cleanup or restoration task.
|
|
1534
|
Error
|
Computer reboot required for Anti-Malware
protection
|
|
|
1535
|
Info
|
Anti-Malware cleanup task must be performed
manually
|
|
|
1536
|
Info
|
Quick Malware Scan Pending
|
|
|
1537
|
Info
|
Quick Malware Scan Started
|
|
|
1538
|
Info
|
Quick Malware Scan Completed
|
|
|
1539
|
Info
|
Quick Malware Scan Cancellation In Progress
|
|
|
1540
|
Info
|
Quick Malware Scan Cancellation
|
This event can have several causes. See Anti-Malware scan failure events.
|
|
1541
|
Info
|
Quick Malware Scan Paused
|
|
|
1542
|
Info
|
Quick Malware Scan Failure Resolved
|
|
|
1543
|
Warning
|
Quick Malware Scan Failure
|
|
|
1544
|
Info
|
Quick Malware Scan Resumed
|
|
|
1545
|
Info
|
Files could not be scanned for malware
|
Anti-malware could not scan a file because its file path
exceeded the maximum number of characters. Maximum file path
length varies by OSand file system. To prevent this
problem, try moving the file to a directory path and file name
with fewer characters.
|
|
1546
|
Info
|
Files could not be scanned for malware
|
Anti-malware could not scan a file because its location
exceeded the maximum directory depth. To prevent this problem,
try reducing the number of layers of nested
directories.
|
|
1547
|
Info
|
Scheduled Malware Scan Task has been cancelled
|
|
|
1550
|
Info
|
Web Reputation Settings Updated
|
|
|
1551
|
Info
|
Malware Scan Configuration Updated
|
|
|
1552
|
Info
|
Integrity Configuration Updated
|
|
|
1553
|
Info
|
Log Inspection Configuration Updated
|
|
|
1554
|
Info
|
Firewall Stateful Configuration Updated
|
|
|
1555
|
Info
|
Intrusion Prevention Configuration Updated
|
|
|
1556
|
Info
|
Anti-Malware scan exclusion setting update
|
|
|
1600
|
Info
|
Relay Group Update Requested
|
|
|
1601
|
Info
|
Relay Group Update Success
|
|
|
1602
|
Error
|
Relay Group Update Failed
|
|
|
1603
|
Info
|
Security Update: Security Update Rollback Success
|
|
|
1604
|
Warning
|
Security Update: Security Update Rollback Failure
|
|
|
1605
|
Info
|
Successfully send file back up command to host
|
|
|
1606
|
Warning
|
Failed to send file back up command to host
|
|
|
1607
|
Info
|
Successfully back up file
|
|
|
1608
|
Error
|
Failed to back up file
|
|
|
1650
|
Warning
|
Anti-Malware protection is not enabled or is out of
date
|
|
|
1651
|
Info
|
Anti-Malware module is ready
|
|
|
1660
|
Info
|
Rebuild Baseline Started
|
|
|
1661
|
Info
|
Rebuild Baseline Paused
|
|
|
1662
|
Info
|
Rebuild Baseline Resumed
|
|
|
1663
|
Warning
|
Rebuild Baseline Failure
|
|
|
1664
|
Warning
|
Rebuild Baseline Stalled
|
|
|
1665
|
Info
|
Rebuild Baseline Completed
|
|
|
1666
|
Info
|
Scan for Integrity Started
|
|
|
1667
|
Info
|
Scan for Integrity Paused
|
|
|
1668
|
Info
|
Scan for Integrity Resumed
|
|
|
1669
|
Warning
|
Scan for Integrity Failure
|
|
|
1670
|
Warning
|
Scan for Integrity Stalled
|
|
|
1671
|
Info
|
Scan for Integrity Completed
|
|
|
1675
|
Error
|
Integrity Monitoring Engine Offline
|
|
|
1676
|
Info
|
Integrity Monitoring Engine Back Online
|
|
|
1677
|
Error
|
Trusted Platform Module Error
|
|
|
1678
|
Info
|
Trusted Platform Module Register Values Loaded
|
|
|
1679
|
Warning
|
Trusted Platform Module Register Values Changed
|
|
|
1680
|
Info
|
Trusted Platform Module Checking Disabled
|
|
|
1681
|
Info
|
Trusted Platform Module Information Unreliable
|
|
|
1700
|
Info
|
No Agent Detected
|
|
|
1800
|
Error
|
Deep Security Protection Module Failure
|
|
|
1801
|
Info
|
Deep Security Protection Module Back to Normal
|
|
|
1900
|
Info
|
Cloud Account Added
|
|
|
1901
|
Info
|
Cloud Account Removed
|
|
|
1902
|
Info
|
Cloud Account Updated
|
|
|
1903
|
Info
|
Cloud Account Synchronization In Progress
|
|
|
1904
|
Info
|
Cloud Account Synchronization Finished
|
|
|
1905
|
Error
|
Cloud Account Synchronization Failed
|
|
|
1906
|
Info
|
Cloud Account Synchronization Requested
|
|
|
1907
|
Info
|
Cloud account Synchronization Cancelled
|
|
|
1908
|
Info
|
AWS Account Synchronization Requested
|
|
|
1909
|
Info
|
AWS Account Synchronization Finished
|
|
|
1910
|
Error
|
AWS Account Synchronization Failed
|
|
|
1911
|
Info
|
AWS Account Added
|
|
|
1912
|
Info
|
AWS Account Removed
|
|
|
1913
|
Info
|
AWS Account Updated
|
|
|
1914
|
Info
|
Azure Account Added
|
|
|
1915
|
Info
|
Azure Account Removed
|
|
|
1916
|
Info
|
Azure Account Updated
|
|
|
1917
|
Info
|
Azure Account Synchronization Finished
|
|
|
1918
|
Error
|
Azure Account Synchronization Failed
|
|
|
1919
|
Info
|
Azure Account Synchronization Requested
|
|
|
1920
|
Warning
|
Azure Account Synchronization Completed but with
Errors
|
|
|
1921
|
Info
|
vCloud Account Added
|
|
|
1922
|
Info
|
vCloud Account Removed
|
|
|
1923
|
Info
|
vCloud Account Updated
|
|
|
1924
|
Info
|
vCloud Account Synchronization Finished
|
|
|
1925
|
Error
|
vCloud Account Synchronization Failed
|
|
|
1926
|
Info
|
vCloud Account Synchronization Requested
|
|
|
1927
|
Info
|
Upgrade Connector to AWS Account Requested
|
|
|
1928
|
Warning
|
AWS Account Update Failed
|
|
|
1929
|
Info
|
Upgrade Connector to AWS Account Finished
|
|
|
2000
|
Info
|
Scan Cache Configuration Object Added
|
|
|
2001
|
Info
|
Scan Cache Configuration Object Removed
|
|
|
2002
|
Info
|
Scan Cache Configuration Object Updated
|
|
|
2113
|
Info
|
Agent Installation Requested
|
|
|
2124
|
Info
|
Event Storage Settings Publish Job Started
|
|
|
2125
|
Info
|
Event Storage Settings Publish Job Completed
|
|
|
2126
|
Error
|
Event Storage Settings Publish Job Failed
|
|
|
2130
|
Info
|
Core Storage Settings Publish Job Started
|
|
|
2131
|
Info
|
Core Storage Settings Publish Job Completed
|
|
|
2132
|
Error
|
Core Storage Settings Publish Job Failed
|
|
|
2200
|
Info
|
Software Update: Anti-Malware Module Installation
Started
|
|
|
2201
|
Info
|
Software Update: Anti-Malware Module Installation
Successful
|
This event is also triggered by installing Application Control
or Integrity Monitoring because they share the same framework as
Anti-Malware.
|
|
2202
|
Warning
|
Software Update: Anti-Malware Module Installation
Failed
|
|
|
2203
|
Info
|
Software Update: Anti-Malware Module Download
Successful
|
|
|
2204
|
Info
|
Security Update: Pattern Update on Agents/Appliances
Successful
|
|
|
2205
|
Warning
|
Security Update: Pattern Update on Agents/Appliances
Failed
|
|
|
2206
|
Info
|
Security Update: Pattern Update on Agents/Appliances
Skipped
|
|
|
2207
|
Info
|
Required Host Permission Is Allowed: Anti-Malware
|
|
|
2208
|
Error
|
Host Permission Required: Anti-Malware
|
|
|
2209
|
Warning
|
Anti-Malware Engine with Basic Functions
|
Anti-Malware engine has only basic functions available. See
Anti-Malware Engine has only Basic Functions for
details.
|
|
2300
|
Info
|
Software Update: Web Reputation Module Installation
Started
|
|
|
2301
|
Info
|
Software Update: Web Reputation Module Installation
Successful
|
|
|
2302
|
Warning
|
Software Update: Web Reputation Module Installation
Failed
|
|
|
2303
|
Info
|
Software Update: Web Reputation Download
Successful
|
|
|
2304
|
Error
|
Web Reputation Engine Offline
|
|
|
2305
|
Info
|
Web Reputation Engine Back Online
|
|
|
2306
|
Warning
|
Web Reputation Engine Working With Limited Functionality
|
|
|
2307
|
Info
|
Web Reputation Engine Back Online on all Interfaces
|
|
|
2308
|
Warning
|
Web Reputation Engine Disabled
|
|
|
2309
|
Info
|
Web Reputation Engine Enabled
|
|
|
2400
|
Info
|
Software Update: Firewall Module Installation
Started
|
|
|
2401
|
Info
|
Software Update: Firewall Module Installation
Successful
|
|
|
2402
|
Warning
|
Software Update: Firewall Module Installation
Failed
|
|
|
2403
|
Info
|
Software Update: Firewall Module Download
Successful
|
|
|
2404
|
Warning
|
Firewall Engine Working With Limited Functionality
|
|
|
2405
|
Info
|
Firewall Engine Back Online on all Interfaces
|
|
|
2406
|
Warning
|
Firewall Engine Disabled
|
|
|
2407
|
Info
|
Firewall Engine Enabled
|
|
|
2500
|
Info
|
Software Update: Intrusion Prevention Module Installation
Started
|
|
|
2501
|
Info
|
Software Update: Intrusion Prevention Module Installation
Successful
|
|
|
2502
|
Warning
|
Software Update: Intrusion Prevention Module Installation
Failed
|
|
|
2503
|
Info
|
Software Update: Intrusion Prevention Module Download
Successful
|
|
|
2504
|
Warning
|
Intrusion Prevention Engine Working With Limited
Functionality
|
|
|
2505
|
Info
|
Intrusion Prevention Engine Back Online on all Interfaces
|
|
|
2506
|
Warning
|
Intrusion Prevention Engine Disabled
|
|
|
2507
|
Info
|
Intrusion Prevention Engine Enabled
|
|
|
2600
|
Info
|
Software Update: Integrity Monitoring Module Installation
Started
|
|
|
2601
|
Info
|
Software Update: Integrity Monitoring Module Installation
Successful
|
|
|
2602
|
Warning
|
Software Update: Integrity Monitoring Module Installation
Failed
|
|
|
2603
|
Info
|
Software Update: Integrity Monitoring Module Download
Successful
|
|
|
2604
|
Info
|
A computer reboot is required to complete Integrity Monitoring
protection
|
|
|
2605
|
Info
|
Agent will send Integrity Monitoring baseline in
events
|
|
|
2606
|
Info
|
Manager has requested that agent sends Integrity Monitoring
baseline in events
|
|
|
2700
|
Info
|
Software Update: Log Inspection Module Installation
Started
|
|
|
2701
|
Info
|
Software Update: Log Inspection Module Installation
Successful
|
|
|
2702
|
Warning
|
Software Update: Log Inspection Module Installation
Failed
|
|
|
2703
|
Info
|
Software Update: Log Inspection Module Download
Successful
|
|
|
2800
|
Info
|
Software Update: Software Automatically Downloaded
|
|
|
2803
|
Info
|
Online Help Update Started
|
|
|
2804
|
Info
|
Online Help Update Ended
|
|
|
2805
|
Info
|
Online Help Update Success
|
|
|
2806
|
Warning
|
Online Help Update Failed
|
|
|
2900
|
Info
|
Software Update: Relay Module Installation Started
|
|
|
2901
|
Info
|
Software Update: Relay Module Installation
Successful
|
|
|
2902
|
Warning
|
Software Update: Relay Module Installation Failed
|
|
|
2903
|
Info
|
Software Update: Relay Module Download Successful
|
|
|
2904
|
Info
|
VMware NSX Synchronization Finished
|
|
|
2905
|
Error
|
VMware NSX Synchronization Failed
|
|
|
2906
|
Info
|
Agent Self-Protection enabled
|
Agent self-protection was enabled via Server & Workload Protection.
|
|
2907
|
Info
|
Agent Self-Protection disabled
|
|
|
2908
|
Info
|
Agent Self-Protection enabled
|
Agent self-protection was enabled via the command line on the
agent.
|
|
2909
|
Info
|
Agent Self-Protection disabled
|
|
|
2920
|
Info
|
Querying report from DDAn Finished
|
|
|
2921
|
Error
|
Querying report from DDAn Failed
|
|
|
2922
|
Info
|
Submission to Deep Discovery Analyzer processed
|
|
|
2923
|
Error
|
File submission to Deep Discovery Analyzer Failed
|
|
|
2924
|
Info
|
Security Update: Suspicious Object Check and Update
Successful
|
|
|
2925
|
Error
|
Security Update: Suspicious Object Check and Update
Failed
|
|
|
2926
|
Warning
|
Submission to Deep Discovery Analyzer queued
|
|
|
2930
|
Info
|
File back up pending
|
|
|
2931
|
Info
|
Smart Folder Added
|
|
|
2932
|
Info
|
Smart Folder Removed
|
|
|
2933
|
Info
|
Smart Folder Updated
|
|
|
2934
|
Error
|
Failed to send Amazon SNS message
|
|
|
2935
|
Info
|
System resumed sending SNS messages
|
|
|
2951
|
Error
|
Failed to send TIC message
|
|
|
2952
|
Info
|
System resumed sending TIC messages
|
|
|
2953
|
Info
|
Inactive Agent Cleanup Completed Successfully
|
Inactive agent cleanup removed computers that have been
offline and inactive for a specified period of time. For more
information on inactive agent cleanup, see Automate offline computer removal with Inactive Agent
Cleanup.
|
|
2954
|
Warning
|
Dropped events recorded in the future
|
|
|
2960
|
Info
|
Appliance (SVM) Upgrade Requested
|
|
|
2961
|
Info
|
Appliance (SVM) Upgrade Started
|
|
|
2962
|
Info
|
Appliance (SVM) Upgrade Canceled
|
|
|
2963
|
Info
|
Appliance (SVM) Upgraded
|
|
|
2964
|
Error
|
Appliance (SVM) Upgrade Failed
|
|
|
2965
|
Warning
|
Appliance (SVM) Upgraded but Not Ready
|
|
|
2969
|
Info
|
Scheduled Task Skipped
|
|
|
2970
|
Info
|
GCP Account Added
|
GCP Account: <GCPaccountname> successfully added.
For details, see Add
a Google Cloud Platform account.
|
|
2971
|
Info
|
GCP Account Removed
|
GCP Account: <GCPaccountname> successfully removed.
For details, see Remove a GCP account.
|
|
2972
|
Info
|
GCP Account Updated
|
GCP Account: <GCPaccountname> successfully updated.
For details, see Add
a Google Cloud Platform account.
|
|
2973
|
Info
|
GCP Account Synchronization Finished
|
Synchronize computers completed for GCP Account:
<GCPaccountname>
For details, see Synchronize a GCPaccount.
|
|
2974
|
Error
|
GCP Account Synchronization Failed
|
Server & Workload Protection was unable to synchronize computers with GCP
Account: <GCPaccountname>
<detailed_message>
For example:
Root URLis not valid
For details, see Synchronize a GCPaccount.
|
|
2975
|
Info
|
GCP Account Synchronization Requested
|
A request has been made to synchronize computers with GCP
Account: <GCPaccountname>
For details, see Synchronize a GCPaccount.
|
|
2976
|
Warning
|
GCP Account Synchronization Completed but with
Errors
|
The GCP Account <GCPaccountname> synchronization operation
completed, but information for the following hosts or groups
could not be updated with following message:
<detailed_message>
For example:
Project <GCPprojectname>: 403 Required
'compute.machineTypes.list' permission for
'projects/<GCPprojectname>'
For details, see Synchronize a GCPaccount.
|
|
2988
|
Warning
|
MQTT Connection Offline
|
The agent has lost its MQTT connection.
|
|
2989
|
Info
|
MQTT Connection Online
|
|
|
2990
|
Info
|
Trend Vision One Service Registered
|
|
|
2992
|
Warning
|
VMware NSX Policy Configuration Conflict
|
|
|
2997
|
Warning
|
MQTT Connection Configuration Failed
|
There was a failure when performing the MQTT setup for an
agent. The agent will not be able to establish an MQTT
connection.
|
|
2998
|
Info
|
MQTT Connection Configured
|
|
|
3000
|
Info
|
Software Update: SAP Module Installation Started
|
|
|
3001
|
Info
|
Software Update: SAP Module Installation
Successful
|
|
|
3002
|
Error
|
Software Update: SAP Module Installation Failed
|
|
|
3003
|
Info
|
Software Update: SAP Module Download Successful
|
|
|
3004
|
Info
|
SAP VSA is installed
|
|
|
3005
|
Error
|
SAP VSA is not installed
|
|
|
3006
|
Info
|
SAP VSA is up-to-date
|
|
|
3007
|
Info
|
SAP VSA is not up-to-date
|
|
|
3008
|
Info
|
SAP: Anti-Malware module is ready
|
|
|
3009
|
Error
|
SAP: Anti-Malware module is not ready
|
|
|
3100
|
Info
|
Software Update: Container Control Module Installation
Started
|
|
|
3101
|
Info
|
Software Update: Container Control Module Installation
Successful
|
|
|
3102
|
Warning
|
Software Update: Container Control Module Installation Failed
|
|
|
3103
|
Info
|
Software Update: Container Control Module Download Successful
|
|
|
3113
|
Info
|
Registry Scanner Created
|
|
|
3114
|
Info
|
Registry Scanner Deleted
|
|
|
3115
|
Info
|
Registry Scanner Updated
|
|
|
3116
|
Error
|
Registry Scanner Disconnected
|
|
|
3200
|
Info
|
A computer reboot is required to complete the installation of
Activity Monitoring
|
|
|
3300
|
Info
|
Computer Added to vCenter Account
|
|
|
3301
|
Warning
|
Duplicate Hosts with Same Virtual UUID Found.
|
|
|
3400
|
Info
|
Device Control USB device created.
|
|
|
3401
|
Info
|
Device Control USB device updated.
|
|
|
3402
|
Info
|
Device Control USB device deleted.
|
|
|
3403
|
Error
|
Device Control engine offline
|
The Device Control Engine is offline, so device policies may
not be working and may not being applied. This is normally due
to an error during engine initializing or the platform being
offline (the platform is sometimes called the Anti-Malware
Solution Platform, or AMSP, and sometimes called the Trend Micro
Solution Platform). Check the status of the platform at the
computer.
|
|
3404
|
Info
|
Device Control engine back online
|
|
|
3405
|
Info
|
Device Control event exported
|
|
|
3406
|
Info
|
User viewed Device Control event
|
|
|
3407
|
Info
|
Software Update: Device Control Module Download Successful
|
|
|
3408
|
Info
|
Software Update: Device Control Module Installation Started | |
|
3409
|
Info
|
Software Update: Device Control Module Installation
Successful
|
|
|
3410
|
Info
|
Software Update: Device Control Module Installation Failed
|
|
|
3500
|
Info
|
Service Gateway Added
|
|
|
3501
|
Info
|
Service Gateway Removed
|
|
|
3502
|
Info
|
Service Gateway Updated
|
|
|
3506
|
Info
|
Recommendation Updated
|
|
|
7000
|
Info
|
Application Control Security Events Exported
|
An administrator downloaded application control event logs in
CSV format.
|
|
7007
|
Info
|
User Viewed Application Control Event
|
An administrator dismissed an application control alert. This
is normal unless your system has been compromised by an intruder
that has gained an administrator login.
|
|
7008
|
Error
|
Application Control Engine Offline
|
An agent's application control engine failed to come online.
This could happen if you have enabled application control on a
computer whose kernel is not supported.
|
|
7009
|
Info
|
Application Control Engine Online Again
|
An agent's application control engine restarted.
|
|
7010
|
Info
|
Application Control Configuration Updated
|
Server & Workload Protection updated the Application Control settings on an
agent.
|
|
7011
|
Info
|
Software Update: Application Control Module Installation
Started
|
The agent received a policy from Server & Workload Protection where application
control was selected, but detected that it did not have the
application control engine installed or needed to update it, so
it began to download it. This is normal when you enable
application control on a computer for the first time, or when it
has been disabled while application control engine updates were
released.
|
|
7012
|
Info
|
Software Update: Application Control Module Installation
Successful
|
The agent installed the application control engine. The
application control engine is also used by the integrity
monitoring feature.
|
|
7013
|
Error
|
Software Update: Application Control Module Installation
Failed
|
The agent could not install the application control engine.
This is not normal.
|
|
7014
|
Info
|
Software Update: Application Control Module Download
Successful
|
The agent finished downloading the application control
engine.
|
|
7015
|
Info
|
Application Control Ruleset Rules Updated
|
The legacy REST API was used to allow or block software. This
message does not occur when administrators perform the same
action in the GUI.
|
|
7020
|
Info
|
Application Control Inventory Retrieved
|
The legacy REST API uploaded a computer's initial allow rules to Server & Workload Protection.
|
|
7021
|
Info
|
Application Control Inventory Scan Started
|
The application control engine was enabled, and the agent
detected that it did not have any allow rules for that computer,
so it began to build initial rules based on the currently
installed software. This is normal when you enable application
control for the first time. This message does not occur when you
use the legacy REST API to replace the allow rules.
|
|
7022
|
Info
|
Application Control Inventory Scan Completed
|
The agent finished building the initial allow rules for that
computer. After this, any new software that is detected which is
not in the allow or block rules will, if configured, cause and
alert.
|
|
7023
|
Error
|
Application Control Inventory Scan Failed
|
The agent could not build the initial allow rules for that
computer. This is not normal.
|
|
7024
|
Info
|
Application Control Software Changes Detected
|
An administrator allowed or blocked software in the
Actions tab, or changed a rule by clicking
Change rule in an application control log
message. This message does not occur when you use the legacy
REST API to replace the allow rules.
|
|
7025
|
Info
|
Application Control Inventory Scan Requested
|
You manually forced application control to delete the current
rules and rebuild them based on the currently installed
software. This could be normal if you needed to change many
rules at the same time.
|
|
7026
|
Info
|
Application Control Maintenance Mode Start
Requested
|
Either an administrator sent or the legacy REST
APIreceived the command to enable maintenance
mode.
|
|
7027
|
Info
|
Application Control Maintenance Mode Stop
Requested
|
Either an administrator sent or the legacy REST
APIreceived the command to disable maintenance
mode.
|
|
7028
|
Info
|
Application Control Maintenance Mode Started
|
Maintenance mode was enabled. While enabled, the agent
automatically adds updated or newly installed software to its
allow rules, indicating that you know and want to allow the
software update. The agent continues to apply block rules during
this time.
|
|
7029
|
Info
|
Application Control Maintenance Mode Stopped
|
Maintenance mode was disabled. Once maintenance mode is
stopped, all new or changed software will be considered
"unrecognized" until you specifically allow or block
it.
|
|
7030
|
Info
|
Application Control Inventory Scan Cancelled
|
The agent began to build the initial allow rules, but an
administrator canceled the process.
|
|
7031
|
Error
|
Sending Application Control Ruleset Failed
|
An agent could not download a shared ruleset for application
control. This can occur if network connectivity is interrupted
(such as a firewall or proxy between the agent and relay), or if
there isn't enough free disk space on the agent.
|
|
7032
|
Info
|
Sending Application Control Ruleset Succeeded
|
An agent downloaded a shared ruleset for application control.
This normally occurs whenever an administrator or the legacy
REST API allows or blocks software, or when a different shared
ruleset is applied.
|
|
7033
|
Info
|
Application Control Ruleset Created
|
The legacy REST API was used to create an application control
ruleset. This message does not occur when administrators perform
the same action in the GUI.
|
|
7034
|
Info
|
Application Control Ruleset Updated
|
The legacy REST API was used to allow or block software via an
application control ruleset. This message does not occur when
administrators perform the same action in the GUI.
|
|
7035
|
Info
|
Application Control Ruleset Deleted
|
The legacy REST API was used to delete an application control
ruleset. This message does not occur when administrators perform
the same action in the GUI.
|
|
7036
|
Info
|
Application Control Maintenance Mode Reset Duration
Requested
|
An administrator changed the time period for when maintenance
mode is active.
|
|
7037
|
Error
|
Newly applied ruleset will block some running processes on
restart
|
An administrator applied a new ruleset, but some of the
currently running processes exist in block rules. Application
control will not terminate the processes, but the next time you
reboot or restart those services, depending on your
configuration, it will either alert you or block them. If the
processes are not authorized, you should terminate them
manually. If they are authorized, but are missing from the
ruleset, you should add them to the ruleset.
|
|
7038
|
Error
|
Unresolved software change limit reached
|
Software changes detected on the file system exceeded the
maximum amount. Application control will continue to enforce
existing rules, but will not record any more changes, and it
will stop displaying any of that computer's software changes.
You must resolve and prevent excessive software
change.
|
|
7040
|
Error
|
Incompatible Application Control Ruleset
|
An application control ruleset could not be assigned to one or more computers because
the ruleset
is not supported by the installed version of the agent.
Typically, the problem is that a hash-based ruleset (which is
compatible only with agent version 11.0 or newer) has been
assigned to an older agent. Agent version 10.x supports only
file-based rulesets. (For details, see Differences in how 10.x and 11.x agents compare
files.) To fix this issue, upgrade the agent to
version 11.0 or newer. Alternatively, if you are using local
rulesets, reset application control for the agent.
|
|
7041
|
Info
|
Application Control Ruleset Upgraded
|
An application control ruleset was upgraded from a file-based ruleset to a hash-based
ruleset.
(For details, see Differences in how 10.x and 11.x agents compare
files.)
|
|
7042
|
Info
|
Application Control Software Inventory Deleted
|
|
|
7043
|
Info
|
A computer reboot is required to complete Application Control
protection
|
|
|
7044
|
Info
|
Sending Application Control Ruleset
|
Server & Workload Protection is sending Application Control rulesets to the
remote agent.
|
|
7045
|
Error
|
Failed to send Application Control Ruleset
|
Server & Workload Protection failed to send the Application Control rulesets to
the remote agent.
|
|
7046
|
Info
|
Application Control Trust Rule Created
|
|
|
7047
|
Info
|
Application Control Trust Rule Updated
|
|
|
7048
|
Info
|
Application Control Trust Rule Deleted
|
|
|
7049
|
Info
|
Application Control Trust Ruleset Created
|
|
|
7050
|
Info
|
Application Control Trust Ruleset Updated
|
|
|
7051
|
Info
|
Application Control Trust Ruleset Deleted
|
|
|
9000
|
Info
|
Computer Moved From Deep Security Software
|
|
|
9100
|
Info
|
Threat Intelligence Status Publish Job Started
|
|
|
9101
|
Info
|
Threat Intelligence Status Publish Job Completed
|
|
|
9102
|
Error
|
Threat Intelligence Status Publish Job Failed
|
|
|
9250
|
Warning
|
Trend Micro LightWeight Filter Driver has been disabled
|
|
|
9251
|
Info
|
Trend Micro LightWeight Filter Driver has been restarted
|
|
|
9252
|
Info
|
Trend Micro LightWeight Filter Drivers have been restarted
successfully
|
|
|
9253
|
Warning
|
Trend Micro LightWeight Filter Driver failed to bind on all
network interfaces
|