|
Alert
|
Default Severity
|
Dismissible
|
Description
|
|
A computer reboot is required to enable Deep Security Agent protection
|
Critical
|
Yes
|
The agent software upgrade was successful, but a computer reboot is required to disable
Windows Defender and enable agent protection.
|
|
A Deep Security Relay cannot download security components
|
Critical
|
No
|
A relay cannot successfully download security components. This might be due to network
connectivity issues or misconfiguration in Server & Workload Protection under . Check your network configurations (for example, the proxy settings of the relay
group) and System Settings then manually initiate an update on the relay using the Download Security Update option on the page.
|
|
Abnormal Restart Detected
|
Warning
|
Yes
|
An abnormal restart was detected on the computer. This condition may be caused by
a variety of conditions. If the agent is suspected as the root cause, then the diagnostics
package (in the Support section of the Computer Details dialog) should be invoked.
This alert indicates that the agent service was restarted abnormally. You can safely
dismiss this alert, or, if the alert reoccurs, create a diagnostics package and open
a case with Technical Support.
|
|
Account Balance Depleted
|
Critical
|
No
|
Your prepaid account balance has been depleted. You can no longer receive updates,
including security updates, until your account is replenished. To ensure your security
is maintained, contact your sales representative to add credit to your account.
|
|
Account Balance Low
|
Warning
|
No
|
Your prepaid account balance is running low. To ensure uninterrupted service, please
contact your sales representative to add more credit to your account.
|
|
Activation Failed
|
Critical
|
No
|
This may indicate a problem with the agent, but it also can occur if agent self-protection
is enabled. In the Workload Security console, go to . In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
|
|
Agent configuration package too large
|
Warning
|
Yes
|
This is usually caused by too many firewall and intrusion prevention rules being assigned.
Run a recommendation scan on the computer to determine if any rules can be safely
unassigned.
|
|
Agent Installation Failed
|
Critical
|
Yes
|
The agent failed to install successfully on one or more computers. Those computers
are currently unprotected. You must reboot the computers which will automatically
restart the agent install program.
This may indicate a problem with the agent, but it also can occur if agent self-protection
is enabled. In the Server & Workload Protection console, go to Computer editor > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
|
|
Agent/Appliance Upgrade Recommended
|
Warning
|
No
|
Server & Workload Protection has detected an older agent version on the computer that does not support all available
features. An upgrade of the agent software is recommended. (Deprecated in 9.5)
|
|
Agent/Appliance Upgrade Recommended (Incompatible Component Update(s))
|
Warning
|
No
|
Server & Workload Protection has detected a computer with a version of the agent that is not compatible with one
or more component updates assigned to it. An upgrade of the agent software is recommended.
|
|
Agent/ApplianceUpgrade Recommended (New Version Available)
|
Warning
|
No
|
Server & Workload Protection has detected one or more computers with a version of the agent that is older than
the latest version in Server & Workload Protection. An upgrade of the agent software is recommended.
|
|
Agent/Appliance Upgrade Required
|
Warning
|
No
|
Server & Workload Protection has detected a computer with a version of the agent that is not compatible with Server & Workload Protection. An upgrade of the agent software is required.
|
|
An update to the Rules is available
|
Warning
|
No
|
Updated rules have been downloaded but not applied to your policies. To apply the
rules, go to Administration > Updates > Component and in the Rule Updates column, click Apply Rules to Policies.
|
|
Anti-Malware Alert
|
Warning
|
Yes
|
A malware scan configuration that is configured for alerting has raised an event on
one or more computers.
|
|
Anti-Malware Component Failure
|
Critical
|
Yes
|
An anti-malware component failed on one or more computers. See the event descriptions
on the individual computers for specific details.
|
|
Anti-Malware Component Update Failed
|
Warning
|
No
|
One or more agent or relay failed to update anti-malware components. See the affected
computers for more information.
|
|
Anti-Malware Engine Offline
|
Critical
|
No
|
The agent has reported that the anti-malware engine is not responding. Please check
the system events for the computer to determine the cause of the failure.
|
|
Anti-Malware module maximum disk space used to store identified files exceeded
|
Warning
|
Yes
|
The Anti-Malware module was unable to analyze or quarantine a file because the maximum
disk space used to store identified files was reached. To change the maximum disk
space for identified files setting, open the computer or policy editor and go to the
Anti-malware > Advanced tab.
|
|
Anti-Malware protection is absent or out of date
|
Warning
|
No
|
The agent on this computer has not received its initial anti-malware protection package,
or its anti-malware protection is out of date. Make sure a relay is available and
that the agent has been properly configured to communicate with it. To configure relays
and other update options, go to Administration > System Settings > Updates.
|
|
APIKey Locked Out
|
Warning
|
No
|
API Keys can be locked out manually, or by repeated failed validation attempts.
|
|
Application Control Engine Offline
|
Critical
|
No
|
The agent has reported that the Application Control engine failed to initialize. Please
check the system events for the computer to determine the cause of the failure.
|
|
Application Control Ruleset is incompatible with agent version
|
Critical
|
No
|
An application control ruleset could not be assigned to one or more computers because
the ruleset is not supported by the installed version of the agent. Typically, the
problem is that a hash-based ruleset (which is compatible only with agent version
11.0 or newer) has been assigned to an older agent. Agent version 10.x supports only
file-based rulesets. (For details, see Differences in how 10.x and 11.x agents compare files.) To fix this issue, upgrade the agent to version 11.0 or newer. Alternatively, if
you are using local rulesets, reset application control for the agent.
|
|
Application Type Misconfiguration
|
Warning
|
No
|
Misconfiguration of application types may prevent proper security coverage.
|
|
Application Type Recommendation
|
Warning
|
Yes
|
Server & Workload Protection has determined that a computer should be assigned an application type. This could
be because an agent was installed on a new computer and vulnerable applications were
detected, or because a new vulnerability has been discovered in an installed application
that was previously thought to be safe. To assign the application type to the computer,
open the 'Computer Details' dialog box, click on 'Intrusion Prevention Rules', and
assign the application type.
|
|
AWS Contract License Exceeded
|
Critical
|
No
|
AWS Contract License expired or AWS Contract entitlements have been exceeded.
|
|
Azure Account Not Authorized to Read Resources Information
|
Critical
|
No
|
Azure Cloud Account can't retrieve resources information from Azure API because the
Azure Application is not authorized to read resources. Please verify that the Reader
role has been assigned to the application.
|
|
Azure Account Password Invalid
|
Critical
|
No
|
Azure Cloud Account can't retrieve resources information from Azure API because the
Azure Application password is invalid.
|
|
Azure Account Secret Expired
|
Critical
|
No
|
Azure Cloud Account can't retrieve resources information from Azure API because the
Azure Application secret key has expired.
|
|
Microsoft Entra ID Application Not Found
|
Critical
|
No
|
Azure Cloud Account can't retrieve resources information from Azure API because the
Azure Application is not found. The application possibly has been removed from Microsoft Entra ID.
|
|
Microsoft Entra ID Application Need Renew
|
Critical
|
No
|
The Microsoft Entra ID application can not sync the cloud data now. Maybe the application password is expired
or the application is deleted. Please renew the application via Computers > Properties (right click on the target group) > Renew Application Now.
|
|
Azure Key Pair Expired
|
Critical
|
No
|
The key pair for Azure service(s) has expired. You can remove this alert by updating
your key pair on the Azure service's property page.
|
|
Azure Key Pair Expires Soon
|
Warning
|
No
|
The key pair for Azure service(s) will expire soon. You can remove this alert by updating
your key pair on the Azure service's property page.
|
|
Azure Subscription Not Found
|
Critical
|
No
|
Azure Cloud Account cannot retrieve resources information from Azure API because the
Azure Subscription cannot be found.
|
|
Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
|
Warning
|
Yes
|
Disconnected from Census, Good File Reputation, and Predictive Machine Learning Service.
See the event details for possible solutions.
Refer to Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected for troubleshooting tips.
|
|
Clock Change Detected
|
Warning
|
Yes
|
A clock change was detected on the computer. Unexpected clock changes may indicate
a problem on the computer and should be investigated before dismissing the alert.
|
|
Cloud Computer Not Managed as Part of Cloud Account
|
Warning
|
Yes
|
An agent was activated on one or more computers belonging to a cloud account that
is not synchronized with Server & Workload Protection. Click the Action to add the cloud account. The computers will be moved into the account, and may be
billed at a lower hourly rate.
|
|
Communications Problem Detected
|
Warning
|
Yes
|
A communications problem was detected on the computer. The computer cannot initiate
communication with Server & Workload Protection because of network configuration or load reasons. Check the system events in addition
to verifying communications can be established from the computer to Server & Workload Protection. The cause of the issue should be investigated before dismissing the alert.
|
|
Computer Not Receiving Updates
|
Warning
|
No
|
These computer(s) have stopped receiving updates. Manual intervention may be required.
|
|
Computer Reboot Required
|
Critical
|
Yes
|
The agent software upgrade was successful, but you must reboot the computer to complete
the install. Manually update the computer(s) before dismissing the alert.
|
|
Computer Reboot Required for Activity Monitoring
|
Critical
|
No
|
The Activity Monitoring on the agent reported that the computer needs to be rebooted.
Check the system events for the computer to determine the reason for the reboot.
|
|
Computer Reboot Required for Anti-Malware Protection
|
Critical
|
No
|
The anti-malware protection on the agent reported that the computer needs to be rebooted.
Check the system events for the computer to determine the reason for the reboot.
|
|
Computer Reboot Required for Application Control Protection
|
Critical
|
No
|
The Application Control protection on the agent reported that the computer needs to
be rebooted. Check the system events for the computer to determine the reason for
the reboot.
|
|
Computer Reboot Required for Integrity Monitoring Protection
|
Critical
|
No
|
The Integrity Monitoring protection on the agent reported that the computer needs
to be rebooted. Check the system events for the computer to determine the reason for
the reboot.
|
|
Configuration Required
|
Warning
|
No
|
One or more computers are using a policy that defines multiple interface types where
not all interfaces have been mapped.
|
|
Duplicate Computer Detected
|
Warning
|
Yes
|
A duplicate computer was activated or imported. Remove the duplicate computer and
reactivate the original computer if necessary.
|
|
Empty Relay Group Assigned
|
Critical
|
No
|
These computers were assigned an empty relay group. Assign a different relay group
to the computers or add relays to the empty relay group(s).
|
|
Events Suppressed
|
Warning
|
Yes
|
The agent encountered an unexpectedly high volume of events. As a result, one or more
events were not recorded (suppressed) to prevent a potential denial of service. Check
the firewall events to determine the cause of the suppression.
|
|
Events Truncated
|
Warning
|
Yes
|
Some events were lost because the data file grew too large for the agent to store.
This may have been caused by an unexpected increase in the number of events generated,
or the inability of the agent to send the data to Server & Workload Protection. For more information, see the properties of the Events Truncated system event on the computer.
|
|
Execution of Software Blocked
|
Warning
|
Yes
|
Execution of software was blocked on one or more computers. See the Application Control
Events on the following computers for more information.
|
|
Failed to Send SNSMessage
|
Critical
|
No
|
Server & Workload Protection was unable to forward messages to Amazon Simple Notification Service (SNS)
|
|
Failed to Send Syslog Message
|
Warning
|
No
|
Server & Workload Protection was unable to forward messages to one or more syslog servers.
|
|
Files could not be scanned for malware
|
Warning
|
No
|
Files could not be scanned for malware because the file path exceeded the maximum
file path length limit or the directory depth exceeded the maximum directory depth
limit. Check the system events for the computer to determine the reason.
|
|
Firewall Engine Offline
|
Critical
|
No
|
The agent reported that the firewall engine is offline. Check the status of the engine
on the agent.
|
|
Firewall Rule Alert
|
Warning
|
Yes
|
A firewall rule that is selected for alerting was encountered on one or more computers.
|
|
Firewall Rule Recommendation
|
Warning
|
Yes
|
Server & Workload Protection determined that a computer on your network should be assigned a firewall rule. This
could be because an agent was installed on a new computer and vulnerable applications
were detected, or because a new vulnerability was discovered in an installed application
that was previously thought to be safe. To assign the firewall rule to the computer,
open Computer Details and click Firewall Rules.
This alert is not supported for enhanced recommendation scan.
|
|
Incompatible Agent/Appliance Version
|
Error
|
No
|
Server & Workload Protection detected a more recent agent version on the computer that is not compatible with
Server & Workload Protection.
|
|
Insufficient Disk Space
|
Warning
|
Yes
|
The agent reported that it was forced to delete an old log file to free up disk space
for a new log file. Immediately free up disk space to prevent loss of intrusion prevention,
firewall and agent events. See Warning: Insufficient disk space.
|
|
Integrity Monitoring Engine Offline
|
Critical
|
No
|
The agent reported that the integrity monitoring engine is not responding. Check the
system events for the computer to determine the cause of the failure.
|
|
Integrity Monitoring Rule Alert
|
Warning
|
Yes
|
An integrity monitoring rule that is selected for alerting was encountered on one
or more computers.
|
|
Integrity Monitoring Rule Compilation Error
|
Critical
|
No
|
An error was encountered compiling an integrity monitoring rule on a computer. This
may result in the integrity monitoring rule not operating as expected.
|
|
Integrity Monitoring Rule Recommendation
|
Warning
|
Yes
|
Server & Workload Protection determined that a computer on your network should be assigned an integrity monitoring
rule. To assign the integrity monitoring rule to the computer, open Computer Details and select .
This alert is not supported for enhanced recommendation scan.
|
|
Integrity Monitoring Rule Requires Configuration
|
Warning
|
No
|
An integrity monitoring rule that requires configuration before use was assigned to
one or more computers. This rule will not be sent to the computer(s). Open the integrity
monitoring rule properties and select the Configuration tab for more information.
|
|
Integrity Monitoring Trusted Platform Module Not Enabled
|
Warning
|
Yes
|
Trusted platform module not enabled. Ensure the hardware is installed and the BIOS
setting is correct.
|
|
Integrity Monitoring Trusted Platform Module Register Value Changed
|
Warning
|
Yes
|
Trusted platform module register value changed. If you have not modified the ESXi
hypervisor configuration this may represent an attack.
|
|
Intrusion Prevention Engine Offline
|
Critical
|
No
|
The agent reported that the intrusion prevention engine is offline. Check the status
of the engine on the agent.
|
|
Intrusion Prevention Rule Alert
|
Warning
|
Yes
|
An intrusion prevention rule that is selected for alerting was encountered on one
or more computers.
|
|
Intrusion Prevention Rule Compilation Failed
|
Critical
|
Yes
|
This is usually caused by a misconfigured IPS Rule. The Rule name can be found in
the Event's Properties window. To resolve this issue, identify the Rule and unassign
it or contact Trend Micro Support for assistance.
|
|
Intrusion Prevention Rule Requires Configuration
|
Warning
|
No
|
An intrusion prevention rule that requires configuration before use was assigned to
one or more computers. This rule will not be sent to the computer(s). Open the intrusion
prevention rule properties and select the Configuration tab for more information.
|
|
Invalid System Settings Detected
|
Critical
|
No
|
Server & Workload Protection detected invalid values for one or more system settings.
|
|
License Expired
|
Critical
|
No
|
Your Server & Workload Protection license has expired. You will no longer receive updates, including security updates,
until your license is renewed. To ensure your security is maintained, contact your
sales representative to renew your license.
|
|
License Expiring Soon
|
Warning
|
No
|
Your Server & Workload Protection license will expire soon. Contact your sales representative to renew your license.
|
|
Log Inspection Engine Offline
|
Critical
|
No
|
The agent reported that the log inspection engine has failed to initialize. Check
the system events for the computer to determine the cause of the failure.
|
|
Log Inspection Rule Alert
|
Warning
|
Yes
|
A log inspection rule that is selected for alerting was encountered on one or more
computers.
|
|
Log Inspection Rule Recommendation
|
Warning
|
Yes
|
Server & Workload Protection determined that a computer on your network should be assigned a log inspection rule.
To assign the log inspection rule to the computer, open Computer Details and select .
This alert is not supported for enhanced recommendation scan.
|
|
Log Inspection Rule Requires Configuration
|
Warning
|
No
|
A log inspection rule that requires configuration before use was assigned to one or
more computers. This rule will not be sent to the computer(s). Open the Log Inspection
Rule properties and select the Configuration tab for more information.
|
|
Maintenance Mode On
|
Warning
|
No
|
Maintenance mode is currently active for application control on one or more computers. While this
mode is active, application control continues to enforce block rules (if you selected
Block unrecognized software until it is explicitly allowed), but will allow software updates, and automatically add them to the inventory part
of the ruleset. When the software update is finished for each computer, disable maintenance
mode so that unauthorized software is not accidentally added to the ruleset.
|
|
MQTT Connection Configuration Failed
|
Warning
|
No
|
Failed to configure agent for MQTT connection.
|
|
MQTT Connection Offline
|
Warning
|
No
|
The agent is unable to connect to the MQTT endpoint.
|
|
Network Engine Mode Incompatibility
|
Warning
|
No
|
Setting "Network Engine Mode" to "Tap" is only available on agent versions 5.2 or
higher. Review and update the agent's configuration or upgrade the agent to resolve
the incompatibility.
|
|
New Pattern Update is Downloaded and Available
|
Warning
|
No
|
New patterns are available as part of a security update. The patterns have been downloaded
to Server & Workload Protection but have not yet been applied to your computers. To apply the update to your computers,
go to the Administration > Updates > Security page.
|
|
New Rule Update is Downloaded and Available
|
Warning
|
No
|
New rules are available as part of a security update. The rules have been downloaded
to Server & Workload Protection but have not yet been applied to policies and sent to your computers. To apply the
update and send the updated policies to your computers, go to the Administration >
Updates > Security page.
|
|
Newer Versions of Software Available
|
Warning
|
No
|
New software is available. Software can be downloaded from the Download Center.
|
|
Recommendation
|
Warning
|
Yes
|
Server & Workload Protection determined that the security configuration of one of your computers should be updated.
To see recommended changes, open the Computer editor and look through the module pages for warnings of unresolved recommendations.
Under Assigned Rules, click Assign/Unassign and select Show Recommended for Assignment. For rules that you can safely unassign, select Show Recommended for Unassignment.
|
|
Reconnaissance Detected: Computer OS Fingerprint Probe
|
Warning
|
Yes
|
The agent detected an attempt to identify the computer operating system via a "fingerprint"
probe. Such activity is often a precursor to an attack that targets specific vulnerabilities.
Check the computer's events to see the details of the probe and see Warning: Reconnaissance Detected.
|
|
Reconnaissance Detected: Network or Port Scan
|
Warning
|
Yes
|
The agent detected network activity typical of a network or port scan. Such activity
is often a precursor to an attack that targets specific vulnerabilities. Check the
computer's events to see the details of the probe and see Warning: Reconnaissance Detected.
|
|
Reconnaissance Detected: TCP Null Scan
|
Warning
|
Yes
|
The agent detected a TCP "Null" scan. Such activity is often a precursor to an attack
that targets specific vulnerabilities. Check the computer's events to see the details
of the probe and see Warning: Reconnaissance Detected.
|
|
Reconnaissance Detected: TCP SYNFIN Scan
|
Warning
|
Yes
|
The agent detected a TCP "SYNFIN" scan. Such activity is often a precursor to an attack
that targets specific vulnerabilities. Check the computer's events to see the details
of the probe and see Warning: Reconnaissance Detected.
|
|
Reconnaissance Detected: TCP Xmas Scan
|
Warning
|
Yes
|
The agent detected a TCP "Xmas" scan. Such activity is often a precursor to an attack
that targets specific vulnerabilities. Check the computer's events to see the details
of the probe and see Warning: Reconnaissance Detected.
|
|
Relay Upgrade Required For Agent Integrity Check
|
Warning
|
No
|
To enable Agent Integrity Check, upgrade the relay.
|
|
SAML Identity Provider Certificate expired
|
Critical
|
No
|
One or more Security Assertion Markup Language (SAML) Identity Provider Certificate(s)
expired.
|
|
SAML Identity Provider Certificate expires soon
|
Warning
|
No
|
One or more SAML Identity Provider Certificate(s) expire soon.
|
|
SAP Virus Scan Adapter is not installed
|
Critical
|
No
|
The agent reported that the SAP Virus Scan Adapter is not installed. Check the system
events for the computer to determine the cause of the failure.
|
|
SAP Virus Scan Adapter is not up to date
|
Critical
|
No
|
The agent reported that the SAP Virus Scan Adapter is not up to date. Check the system
events for the computer to determine the cause of the failure.
|
|
SAP Virus Scan service is not working correctly
|
Critical
|
No
|
The SAP Virus Scan service is not functioning properly. Check the system events for
the computer to determine the cause of the failure.
|
|
Scheduled Malware Scan Missed
|
Warning
|
No
|
Scheduled malware scan tasks were initiated on computers that already had pending
scan tasks. This may indicate a scanning frequency that is too high. Consider lowering
the scanning frequency, or selecting fewer computers to scan during each scheduled
scan job.
|
|
Send Policy Failed
|
Critical
|
No
|
Inability to send policy may indicate a problem with the agent. Check the affected
computers.
|
|
Smart Protection Server Connection Failed
|
Warning
|
Yes
|
Failed to connect to a Smart Protection Server. This could be due to a configuration
issue or due to network connectivity.
|
|
Software Changes Detected
|
Warning
|
No
|
During ongoing file system monitoring, application control detected that new software
was installed, which did not match any configured allow or block rule. If your system
administrators did not install the software and no other users have permissions to
install software, this could indicate a security compromise. Depending on your lockdown
configuration, the software may be allowed to execute.
|
|
Software Package Not Found
|
Critical
|
No
|
An Agent Software Package is required for the proper operation of one or more virtual
appliance(s). Import a Red Hat Enterprise 6 (64-bit) Agent Software Package with the
correct version for each Appliance. If the required version is not available then
import the latest package and upgrade the appliance to match.
|
|
Unable to communicate
|
Critical
|
No
|
Server & Workload Protection could not query the agent status in the configured period. Check your network configuration
and the connectivity of the affected computer.
|
|
Unable to Upgrade the Agent Software
|
Warning
|
Yes
|
Server & Workload Protection could not upgrade the agent software on the computer.
This may indicate a problem with the agent, but can also occur if agent self-protection
is enabled. In Server & Workload Protection, select . In Agent Self Protection, deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
|
|
Unresolved software change limit reached
|
Critical
|
No
|
Software changes detected on the file system exceeded the maximum amount. Application
control continues to enforce existing rules, but without recording further changes,
and no longer displays that computer's software changes. You must resolve and prevent
excessive software change.
|
|
User Locked Out
|
Warning
|
No
|
Users can be locked out manually, by repeated incorrect sign-in attempts when their
password expires, or if the accounts have been imported but not yet unlocked.
|
|
User Password Expires Soon
|
Warning
|
No
|
The password expiry setting is enabled and one or more users have passwords that will
expire within the next seven days.
|
|
Web Reputation Event Alert
|
Warning
|
Yes
|
A web reputation event was encountered on one or more computers selected for alerting.
|
|
WorkSpaces Disabled for AWS Account
|
Warning
|
Yes
|
An agent was activated on one or more Amazon WorkSpaces, but WorkSpaces are not enabled
for your AWS account. To enable WorkSpaces, click Edit AWS Account and select Include Amazon WorkSpaces. Your WorkSpaces will be moved into the WorkSpaces folder of the AWS account and
billed at a lower hourly rate, if you are using hourly billing.
|
The following table lists alerts and their corresponding alert email subjects.
|
Alert
|
Alert Email Subject
|
| CPU Critical Threshold Exceeded | The CPU critical threshold of Manager Node ({1}) was exceeded |
| CPU Warning Threshold Exceeded | The CPU warning threshold of Manager Node ({1}) was exceeded |
| DSRU Recommended | DSRU recommended |
| Legacy Agent Software Detected | Legacy Agent software detected |
| User Locked Out | {0} User(s) locked out |
| User Password Expires Soon | {0} User(s) have passwords due to expire |
| Abnormal Restart Detected | Abnormal restart detected on {0} computer(s) |
| Clock Change Detected | Clock change detected on {0} computer(s) |
| Communications Problem Detected | Communications problem detected on {0} computer(s) |
| Events Truncated | Events truncated on {0} computer(s) |
| Agent Heartbeat Public Server Certificate Expired | Agent heartbeat public server certificate expired |
| Agent Heartbeat Public Server Certificate Expires Soon | Agent heartbeat public server certificate expires soon |
| Agent Installation Failed | Agent installation failed on {0} computer(s) |
| Insufficient Disk Space | Insufficient disk space detected on {0} computer(s) |
| Events Suppressed | Events suppressed on {0} computer(s) |
| Unable to communicate | Unable to communicate with {0} computer(s) |
| A Deep Security Relay cannot download security components | Unable to update security components on {0} relay(s) |
| Unable to Upgrade the Agent Software | Unable to upgrade the Agent software on {0} computer(s) |
| Incompatible Agent/Appliance Version | Incompatible agent/appliance version detected on {0} computer(s) |
| Agent/Appliance Upgrade Recommended (New Version Available) | Upgrade of the agent/appliance software is recommended on one or more computers |
| Agent Upgrade Recommended (Incompatible with Appliance) | Upgrade of the agent software is recommended on {0} computer(s) in order to coordinate protection with the appliance |
| Agent/Appliance Upgrade Recommended (Incompatible Security Update(s)) | Upgrade of the agent/appliance software is recommended on {0} computer(s) in order to support the assigned security updates |
| Agent/Appliance Upgrade Required | Upgrade of the agent/appliance software is required on {0} computer(s) |
| Agent/Appliance Upgrade Recommended | Upgrade of the agent/appliance is recommended on {0} computer(s) |
| New Pattern Update is Downloaded and Available | New pattern update available for {0} agent/appliance(s) |
| AWS Account Migration Failed | AWS account migration failed |
| WorkSpaces Disabled for AWS Account | WorkSpaces disabled for AWS account |
| API Key Locked Out | {0} API key(s) locked out |
| Connection to Filter Driver Failure | Connection to filter driver failure |
| Software Package Not Found | Software package not found |
| Microsoft Entra ID Application Certificate Expired | Microsoft Entra ID application for {0} Azure service(s) has expired |
| Microsoft Entra ID Application Certificate Expires Soon | Microsoft Entra ID application certificate for {0} Azure service(s) expires soon |
| Microsoft Entra ID Application Need Renew | Microsoft Entra ID application for {0} Azure service(s) need renew |
| Azure Account Not Authorized to Read Resource Information | Microsoft Entra ID application for {0} Azure cloud account(s) does not have read permission |
| Microsoft Entra ID Application Not Found | Microsoft Entra ID application for {0} Azure cloud account(s) not found |
| Microsoft Entra ID Application Password Expires Soon | Microsoft Entra ID application password for {0} Azure service(s) expires soon |
| Azure Account Secret Expired | Microsoft Entra ID application secret key for {0} Azure cloud account(s) has expired |
| Azure Account Password Invalid | Invalid Microsoft Entra ID application secret for {0} Azure cloud account(s) |
| Azure Subscription Not Found | Azure subscription cannot be found for {0} Azure cloud account(s) |
| Azure Key Pair Expired | Key pair for {0} Azure service(s) has expired |
| Azure Key Pair Expires Soon | Key Pair for {0} Azure service(s) will expire soon |
| Census, Good File Reputation, and Predictive Machine Learning Service Disconnected | Disconnected from Census, Good File Reputation, and Predictive Machine Learning Service |
| Cloud Computer Not Managed as Part of Cloud Account | {0} computer(s) are in cloud environment but not managed as part of cloud account |
| Duplicate Computer Detected | {0} duplicate computer(s) detected |
| Duplicate Unique Identifiers Detected | {0} duplicate unique identifiers detected |
| Upgrade of the Filter Driver Recommended (New Version Available) | Upgrade of the filter driver is recommended on {0} ESXi Server(s) in order to take advantage of the latest features |
| Heartbeat Server Failed | Heartbeat server failed to start on Manager Node ({1}) |
| Configuration Required | Configuration required on {0} computer(s) |
| Computer Not Receiving Updates | {0} Computers(s) are not receiving updates |
| A computer reboot is required to enable Deep Security Agent protection | A computer reboot is required to enable Deep Security Agent protection |
| Invalid System Settings Detected | Invalid system settings detected |
| MQTT Connection Offline | MQTT connection offline for {0} computer(s) |
| MQTT Connection Configuration Failed | MQTT connection configuration failed for {0} computer(s) |
| Protection Module Licensing Expired | Licensing for {1} has expired |
| Protection Module Licensing Expires Soon | Licensing for {1} expires ({2}) |
| Low Disk Space | Manager node ({1}) has low disk space |
| Manager Offline | Manager node ({1}) is offline |
| Manager Time Out of Sync | The clock on Manager Node ({1}) is not synchronized with the clock on the database |
| Upgrade of the Workload Security Manager Software Recommended (Incompatible Security Update(s)) | Upgrade of the Workload Security Manager software is recommended because {0} computer(s) have assigned security updates that are incompatible with the current Workload Security Manager version |
| Memory Critical Threshold Exceeded | The memory critical threshold of Manager Node ({1}) was exceeded |
| Memory Warning Threshold Exceeded | The memory warning threshold of Manager Node ({1}) was exceeded |
| Virtual Machine Moved to Unprotected ESXi Server | Virtual Machine moved to unprotected ESXi server from a protected ESXi server |
| Multiple Activated Appliances Detected | Multiple activated appliances detected |
| Newer Versions of Software Available | Newer versions of software available |
| Newer Version of Workload Security Manager is Available | Newer version of Workload Security Manager is available |
| Number of Computers exceeds database limit | Number of computers exceeds the recommended limit for an embedded database |
| Number of Computers exceeds License | Number of computers exceeds the licensed computers allowed |
| Number of Manager Nodes Exceeds License | Number of Manager Nodes exceeds the {3} licensed Managers allowed |
| Critical database error while creating new table partitions during maintenance job | Critical database error while creating new table partitions during maintenance job |
| Recommendation | Recommendations have been made for {0} computer(s) |
| Relay Upgrade Required For Agent Integrity Check | To enable Agent Integrity Check, please upgrade relay |
| SAML Identity Provider Certificate expired | {0} SAML Identity Provider certificate(s) expired |
| SAML Identity Provider Certificate expires soon | {0} SAML Identity Provider certificate(s) expire soon |
| SAML Service Provider Certificate expired | SAML Service Provider certificate expired |
| SAML Service Provider Certificate expires soon | SAML Service Provider certificate expires soon |
| Failed to Send SNS Message | Unable to forward messages to Amazon SNS |
| Software Updates Available for Import | Software updates are available for download |
| Failed to Send Syslog Message | Unable to forward messages to {0} Syslog Server(s) |
| Activation Failed | Failed to activate {0} computer(s) |
| Send Policy Failed | Failed to send policy(ies) to {0} computer(s) |
| Virtual Machine Unprotected after move to another ESXi | Virtual Machine unprotected after move to another ESXi |
| VMware Tools Not Installed | VMware tools not installed |
| An update to the Rules is available | An update to the Rules is available |
| New Rule Update is Downloaded and Available | New Rule update not applied |
| Anti-Malware Alert | Malware Scan Configuration ({1}) alert on {0} Computer(s) |
| Intrusion Prevention Rule Alert | Intrusion Prevention Rule ({1}) alert on {0} Computer(s) |
| Computer Reboot Required for Activity Monitoring | Computer Reboot Required for Activity Monitoring |
| Agent requires Permission for Anti-Malware | Agent on {0} computer(s) requires permission for Anti-Malware |
| Anti-Malware Engine Offline | {0} Anti-Malware Engine(s) Offline |
| Scheduled Malware Scan Missed | Scheduled Malware Scan(s) missed on {0} computers |
| Anti-Malware protection is absent or out of date | Apply the latest Anti-Malware updates to the Agent on {0} computer(s) |
| Anti-malware module maximum disk space used to store identified files exceeded | Anti-malware module exceeded maximum disk space used to store identified files |
| Computer Reboot Required for Anti-Malware Protection | Computer Reboot is Required for Anti-Malware Protection |
| Files could not be scanned for malware | Files(s) on {0} Agent(s)/Appliance(s) could not be scanned for malware |
| Smart Protection Server Connection Failed | Failure to connect to a Smart Protection Server |
| Anti-Malware Component Failure | An Anti-Malware component failure occurred on {0} computer(s) |
| Anti-Malware Component Update Failed | Anti-Malware Component Update Failed on {0} computers |
| Web Reputation Event Alert | Web Reputation event alert on {0} Computer(s) |
| Intrusion Defense Firewall Server Plug-in License has Expired or Will Expire Soon | Intrusion Defense Firewall Server Plug-in license expires ({2}) |
| Agent/Appliance Upgrade Recommended (Incompatible Component Update(s)) | Upgrade of the Agent/Appliance software is recommended on {0} Computer(s) in order to support the assigned Component Updates |
| Container Control authorization plugin parse request failed | The Container Control authorization plugin was unable to parse a request. This may be caused by a Docker version incompatibility. Please check that you are using a supported Docker version. |
| Container Control authorization plugin connection to Docker failed | The Container Control authorization plugin cannot connect to Docker. Please try turning the Container Control module off and then on again. |
| Container Control authorization plugin installation failed | The Container Control authorization plugin is not installed. Please try turning the Container Control module off and then on again. |
| Container Control authorization plugin failed to send configuration | The Container Control authorization plugin failed to send a configuration. Please try turning the Container Control module off and then on again. |
| Log Inspection Engine Offline | {0} Log Inspection engine(s) offline |
| Log Inspection Rule Alert | Log Inspection Rule ({1}) alert on {0} Computer(s) |
| Log Inspection Rule Requires Configuration | Log Inspection Rule ({1}) requires configuration on {0} Computer(s) |
| Log Inspection Rule Recommendation | Log Inspection Rule ({1}) is recommended on {0} Computer(s) |
| SAP Virus Scan service is not working correctly | {0} SAP Virus Scan service is not working correctly |
| SAP Virus Scan Adapter is not installed | {0} SAP Virus Scan Adapter is not installed |
| SAP Virus Scan Adapter is not up to date | {0} SAP Virus Scan Adapter is not up to date |
| Execution of Software Blocked | Execution of Software Blocked on {0} {0,choice,1#computer|2#computers} |
| Unresolved software change limit reached | Unresolved software change limit reached on {0} {0,choice,1#computer|2#computers} |
| Application Control Engine Offline | {0} Application Control {0,choice,1#Engine|2#Engines} Offline |
| Application Control Ruleset is incompatible with agent version | Application Control Ruleset is incompatible with agent version on {0} {0,choice,1#computer|2#computers} |
| Maintenance Mode On | Maintenance Mode active on {0} {0,choice,1#computer|2#computers} |
| Computer Reboot Required for Application Control Protection | Computer Reboot is Required for Application Control Protection |
| Software Changes Detected | Software Changes detected on {0} {0,choice,1#computer |
| AWS Contract License Exceeded | AWS Contract License Exceeded |
| AWS SaaS Billing is not configured correctly | AWS SaaS Billing is not configured correctly |
| License Expired | License Expired |
| License Expiring Soon | License Expiring Soon |
| License Seat Limit Exceeded | License Seat Limit Exceeded |
| License Seat Limit Almost Reached | License Seat Limit Almost Reached |
| Account Balance Depleted | Account Balance Depleted |
| Account Balance Low | Account Balance Low |
| Integrity Monitoring information collection has been delayed | Integrity Monitoring information collection has been delayed |
| Integrity Monitoring Engine Offline | {0} Integrity Monitoring Engine(s) Offline |
| Certified Safe Software Service Offline | Manager node ({1}) cannot connect to Certified Safe Software Service |
| Computer Reboot Required for Integrity Monitoring Protection | Computer Reboot Required for Integrity Monitoring Protection |
| Integrity Monitoring Rule Alert | Integrity Monitoring Rule ({1}) alert on {0} Computer(s) |
| Integrity Monitoring Rule Compilation Error | Integrity Monitoring Rule Compilation Error on {0} Computer(s) |
| Integrity Monitoring Rule Requires Configuration | Integrity Monitoring Rule ({1}) requires configuration on {0} Computer(s) |
| Integrity Monitoring Trusted Platform Module Not Enabled | Integrity Monitoring Trusted Platform Module Not Enabled |
| Integrity Monitoring Trusted Platform Module Register Value Changed | Integrity Monitoring Trusted Platform Module Register Value Changed |
| Integrity Monitoring Rule Recommendation | Integrity Monitoring Rule ({1}) is recommended on {0} Computer(s) |
| Agent configuration package too large | Agent configuration package too large on {0} computer(s) |
| Intrusion Prevention Rule Compilation Failed | Intrusion Prevention Rule Compilation Failed on {0} computer(s) |
| Reconnaissance Detected: Computer OS Fingerprint Probe | Reconnaissance Detected: Computer OS fingerprint probe on {0} Computer(s) |
| Reconnaissance Detected: TCP Null Scan | Reconnaissance Detected: TCP "Null" scan on {0} Computer(s) |
| Reconnaissance Detected: Network or Port Scan | Reconnaissance Detected: Network or port scan on {0} Computer(s) |
| Reconnaissance Detected: TCP SYNFIN Scan | Reconnaissance Detected: TCP "SYNFIN" scan on {0} Computer(s) |
| Reconnaissance Detected: TCP Xmas Scan | Reconnaissance Detected: TCP "Xmas" scan on {0} Computer(s) |
| Application Type Misconfiguration | {0} Computer(s) have Application Type Misconfiguration |
| Network Engine Mode Incompatibility | {0} Agent(s) unable to implement Network Engine Mode |
| Firewall Engine Offline | {0} firewall engine(s) offline |
| Firewall Rule Alert | Firewall Rule ({1}) alert on {0} Computer(s) |
| Intrusion Prevention Engine Offline | {0} Intrusion Prevention engine(s) offline |
| Intrusion Prevention Rule Alert | Intrusion Prevention Rule ({1}) alert on {0} Computer(s) |
| Intrusion Prevention Rule Requires Configuration | Intrusion Prevention Rule ({1}) requires configuration on {0} Computer(s) |
| Application Type Recommendation | Application Type ({1}) is recommended on {0} Computer(s) |
| Firewall Rule Recommendation | Firewall Rule ({1}) is recommended on {0} Computer(s) |
| Intrusion Prevention Rule Recommendation | Intrusion Prevention Rule ({1}) is recommended on {0} Computer(s) |
| Intrusion Prevention Rule Removal Recommendation | Intrusion Prevention Rule ({1}) is recommended for removal on {0} Computer(s) |
| Virtual Machine Interfaces Out of Sync | Virtual Machine Interfaces Out of Sync |
| Wrong AWS credential | Wrong AWS credential for {0} Account(s) |
| Virtual Appliance is Incompatible With Filter Driver | Incompatibility with Filter Driver was detected for {0} Virtual Appliance(s) |
| Empty Relay Group Assigned | {0} Computers(s) are assigned an empty Relay Group |
| Computer Reboot Required | Computer reboot required on {0} Computer(s) |