Table of contents
Topics on this page

Agent events

ID Severity Event Notes
Special Events
0 Error Unknown Agent/Appliance Event  
Driver-Related Events
1000 Error Unable To Open Engine  
1001 Error Engine Command Failed  
1002 Warning Engine List Objects Error  
1003 Warning Remove Object Failed  
1004 Error Driver Upgrade Stalled  
1005 Info Upgrading Driver  
1006 Error Driver Upgrade Requires Reboot  
1007 Info Driver Upgrade Succeeded  
1008 Error Kernel Unsupported  
1010 Warning Trend Micro LightWeight Filter Driver has been disabled  
1011 Info Trend Micro LightWeight Filter Driver has been restarted  
1012 Info All Trend Micro LightWeight Filter Drivers have been restarted successfully  
1013 Warning Trend Micro LightWeight Filter Driver failed to bind on all network interfaces  
Configuration-Related Events
2000 Info Policy Sent  
2001 Warning Invalid Firewall Rule Assignment  
2002 Warning Invalid Firewall Stateful Configuration  
2003 Error Save Security Configuration Failed  
2004 Warning Invalid Interface Assignment  
2005 Warning Invalid Interface Assignment  
2006 Warning Invalid Action  
2007 Warning Invalid Packet Direction  
2008 Warning Invalid Rule Priority  
2009 Warning Unrecognized IP Format  
2010 Warning Invalid Source IP List  
2011 Warning Invalid Source Port List  
2012 Warning Invalid Destination IP List  
2013 Warning Invalid Destination Port List  
2014 Warning Invalid Schedule  
2015 Warning Invalid Source MAC List  
2016 Warning Invalid Destination MAC List  
2017 Warning Invalid Schedule Length  
2018 Warning Invalid Schedule String  
2019 Warning Unrecognized IP Format  
2020 Warning Object Not Found  
2021 Warning Object Not Found  
2022 Warning Invalid Rule Assignment  
2050 Warning Firewall Rule Not Found  
2075 Warning Traffic Stream Not Found  
2076 Warning Intrusion Prevention Rule Not Found  
2077 Warning Pattern List Not Found  
2078 Warning Traffic Stream Conversion Error  
2080 Warning Conditional Firewall Rule Not Found  
2081 Warning Conditional Intrusion Prevention Rule Not Found  
2082 Warning Empty Intrusion Prevention Rule  
2083 Warning Intrusion Prevention Rule XML Rule Conversion Error  
2085 Error Security Configuration Error  
2086 Warning Unsupported IP Match Type  
2087 Warning Unsupported MAC Match Type  
2088 Warning Invalid SSL Credential  
2089 Warning Missing SSL Credential  
2090 Error Security Configuration Error  
2091 Error Security Configuration Error  
Hardware-Related Events
3000 Warning Invalid MAC Address  
3001 Warning Get Event Data Failed  
3002 Warning Too Many Interfaces  
3003 Error Unable To Run External Command  
3004 Error Unable To Read External Command Output  
3005 Error Operating System Call Error  
3006 Error Operating System Call Error  
3007 Error File Error  
3008 Error Machine-Specific Key Error  
3009 Error Unexpected Agent/Appliance Shutdown  
3010 Error Agent/Appliance Database Error  
3300 Warning Get Event Data Failed Linux error.
3302 Warning Get Security Configuration Failed Linux error.
3303 Error File Mapping Error Linux error. File type error.
3600 Error Get Windows System Directory Failed  
3601 Warning Read Local Data Error Windows error.
3602 Warning Windows Service Error Windows error.
3603 Error File Mapping Error Windows error. File size error.
3700 Warning Abnormal Restart Detected Windows error.
3701 Info System Last Boot Time Change Windows error.
Communications-Related Events
4000 Warning Invalid Protocol Header Content length out of range.
4001 Warning Invalid Protocol Header Content length missing.
4002 Info Command Session Initiated  
4003 Info Configuration Session Initiated  
4004 Info Command Received  
4011 Warning Failure to Contact Manager  
4012 Warning Heartbeat Failed  
Agent-Related Events
5000 Info Agent/Appliance Started  
5001 Error Thread Exception  
5002 Error Operation Timed Out  
5003 Info Agent/Appliance Stopped  
5004 Warning Clock Changed  
5005 Info Agent/Appliance Auditing Started  
5006 Info Agent/Appliance Auditing Stopped  
5007 Info Appliance Protection Change  
5008 Warning Filter Driver Connection Failed  
5009 Info Filter Driver Connection Success  
5010 Warning Filter Driver Informational Event  
5100 Info Protection Module Deployment Started  
5101 Info Protection Module Deployment Succeeded  
5102 Error Protection Module Deployment Failed  
5103 Info Protection Module Download Succeeded  
5104 Info Protection Module Disablement Started  
5105 Info Protection Module Disablement Succeeded  
5106 Error Protection Module Disablement Failed  
5107 Info Agent Self-Protection enabled  
5108 Info Agent Self-Protection disabled  
5109 Error FIPS verification Error  
5110 Error Secure Boot Public Key Not Enrolled

This error can occur if the public key required to check the signature on the Trend Micro kernel module is not successfully enrolled on the agent computer.

For details, see Linux Secure Boot support for agents.

5111 Error Secure Boot 'On' Not Supported

The agent does not support this OS with Secure Boot enabled.

For details, see Linux Secure Boot support for agents.

5200 Info File Backup Completed  
5201 Error Failure to Backup File  
Logging-Related Events
6000 Info Log Device Open Error  
6001 Info Log File Open Error  
6002 Info Log File Write Error  
6003 Info Log Directory Creation Error  
6004 Info Log File Query Error  
6005 Info Log Directory Open Error  
6006 Info Log File Delete Error  
6007 Info Log File Rename Error  
6008 Info Log Read Error  
6009 Warning Log File Deleted Due To Insufficient Space  
6010 Warning Events Were Suppressed  
6011 Warning Events Truncated  
6012 Error Insufficient Disk Space See Warning: Insufficient disk space.
6013 Warning Agent configuration package too large  
Attack-, Scan-, and Probe-Related Events
7000 Warning Computer OS Fingerprint Probe  
7001 Warning Network or Port Scan  
7002 Warning TCP Null Scan  
7003 Warning TCP SYNFIN Scan  
7004 Warning TCP Xmas Scan  
Download Security Update Events
9050 Info Update of Anti-Malware Component on Agent Succeeded  
9051 Error Update of Anti-Malware Component on Agent Failed  
9100 Info Security Update Successful  
9101 Error Security Update Failure  
9102 Error Security Update Failure Specific information recorded in error message.
Relay Events
9103 Info Relay Web Server Disabled  
9104 Info Relay Web Server Enabled  
9105 Error Enable Relay Web Server Failed  
9106 Error Disable Relay Web Server Failed  
9107 Error Relay Web Server failed  
9108 Info Unable to Connect to Update Source  
9109 Error Component Update Failure  
9110 Error Anti-Malware license is expired  
9111 Info Security Update Rollback Success  
9112 Error Security Update Rollback Failure  
9113 Info Relay Replicated All Packages  
9114 Error Relay Failed to Replicate All Packages  
9115 Info Failed to download from the Relay Web Server  
Integrity Scan Status Events
9201 Info Integrity Scan Started  
9203 Info Integrity Scan Terminated Abnormally  
9204 Info Integrity Scan Paused  
9205 Info Integrity Scan Resumed  
9208 Warning Integrity Scan failed to start  
9209 Warning Integrity Scan Stalled  
Smart Protection Server Status Events
9300 Warning Smart Protection Server Disconnected for Web Reputation See Troubleshooting "Smart Protection Server disconnected" errors.
9301 Info Smart Protection Server Connected for Web Reputation See Troubleshooting "Smart Protection Server disconnected" errors.
9302 Warning Census, Good File Reputation, and Predictive Machine Learning Service Disconnected  
9303 Info Census, Good File Reputation, and Predictive Machine Learning Service Connected