Table of contents

Settings reference

The following tables list the settings that are available in the API with a description. Setting names are prefixed with platform or the name of the associated protection module. Suffixes can indicate the nature of the setting. For example, the Enabled suffix indicates a Boolean value.

Default policy, policy, and computer settings

The following table lists the settings that are included in default policy settings, policy settings, and computer settings. Note that these settings are included only in DefaultPolicySettings:
  • antiMalwareSettingState
  • applicationControlSettingState
  • firewallSettingState
  • integrityMonitoringSettingState
  • intrusionPreventionSettingState
  • logInspectionSettingState
  • sapSettingState
  • webReputationSettingState
Setting Description
Anti-Malware Settings
antiMalwareSettingBehaviorMonitoringScanExclusionList Scan Exclusions for Suspicious Activity/Unauthorized Change
antiMalwareSettingCombinedModeProtectionSource Anti-Malware
antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled Submit files identified as suspicious by Document Exploit Protection scanning to Deep Discovery Analyzer
antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled Use Apex Central's Suspicious Object List
antiMalwareSettingDocumentExploitProtectionRuleExceptions Allowed Advanced Threat Detection Rules
antiMalwareSettingFileHashEnabled Calculate Hash values of all anti-malware events (at least SHA1 by default)
antiMalwareSettingFileHashMd5Enabled MD5
antiMalwareSettingFileHashSha256Enabled SHA256
antiMalwareSettingFileHashSizeMaxMbytes Skip hash values calculation if file size is large than (64MB~512MB)
antiMalwareSettingIdentifiedFilesSpaceMaxMbytes Maximum disk space used to store identified files
antiMalwareSettingMalwareScanMultithreadedProcessingEnabled Use multithreaded processing for Malware scans (if available)
antiMalwareSettingNsxSecurityTaggingEnabled Anti-Malware NSX Security Tagging State
antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled Anti-Malware NSX Only Tag on Failure to Remediate
antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled Anti-Malware NSX Remove Tag
antiMalwareSettingNsxSecurityTaggingValue Anti-Malware NSX Security Tag
antiMalwareSettingPredictiveMachineLearningExceptions Predictive Machine Learning Exclusion List
antiMalwareSettingScanCacheOnDemandConfigId Anti-Malware On Demand Scan Cache Configuration
antiMalwareSettingScanCacheRealTimeConfigId Anti-Malware Real-Time Scan Cache Configuration
antiMalwareSettingScanFileSizeMaxMbytes Maximum file size to scan
antiMalwareSettingSmartProtectionGlobalServerEnabled Use Global Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled Use Proxy when accessing Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal When off domain, connect to global Smart Protection Service. (Windows only)
antiMalwareSettingSmartProtectionLocalServerUrls Local Smart Protection Servers for Smart Scan
antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled Warn if connection to Smart Protection Server is lost
antiMalwareSettingSmartScanState Smart Scan State
antiMalwareSettingSpywareApprovedList Allowed Spyware/Grayware
antiMalwareSettingState (Default policy settings only) Anti-Malware State
antiMalwareSettingSyslogConfigId Anti-Malware Syslog Configuration
antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax Max On-Demand Malware Scan Cache Entries
antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax Max Real-Time Malware Scan Cache Entries
Application Control Settings
applicationControlSettingExecutionEnforcementLevel Enforcement:
applicationControlSettingRulesetMode Ruleset mode:
applicationControlSettingSharedRulesetId Shared Application Control Ruleset
applicationControlSettingState (Default policy settings only) Application Control State
applicationControlSettingSyslogConfigId Application Control Syslog Configuration
Firewall Settings
firewallSettingAntiEvasionCheckEvasiveRetransmit Evasive Retransmit
firewallSettingAntiEvasionCheckFinNoConnection FIN packet out of connection
firewallSettingAntiEvasionCheckFragmentedPackets Fragmented Packets
firewallSettingAntiEvasionCheckOutNoConnection Outgoing packet out of connection
firewallSettingAntiEvasionCheckPaws Invalid TCP Timestamps
firewallSettingAntiEvasionCheckRstNoConnection RST packet out of connection
firewallSettingAntiEvasionCheckTcpChecksum TCP Checksum
firewallSettingAntiEvasionCheckTcpCongestionFlags TCP Congestion Flags
firewallSettingAntiEvasionCheckTcpPawsZero Timestamp PAWS Zero Allowed
firewallSettingAntiEvasionCheckTcpRstFinFlags TCP Rst Fin Flags
firewallSettingAntiEvasionCheckTcpSplitHandshake TCP Split Handshake
firewallSettingAntiEvasionCheckTcpSynFinFlags TCP Syn Fin Flags
firewallSettingAntiEvasionCheckTcpSynRstFlags TCP Syn Rst Flags
firewallSettingAntiEvasionCheckTcpSynWithData TCP Syn with Data
firewallSettingAntiEvasionCheckTcpUrgentFlags TCP Urgent Flags
firewallSettingAntiEvasionCheckTcpZeroFlags TCP Zero Flags
firewallSettingAntiEvasionSecurityPosture Anti-Evasion Posture
firewallSettingAntiEvasionTcpPawsWindowPolicy TCP Timestamp PAWS Window
firewallSettingCombinedModeProtectionSource Firewall
firewallSettingConfigPackageExceedsAlertMaxEnabled Advanced - Generate an Alert when Agent configuration package exceeds maximum size
firewallSettingEngineOptionAckTimeout ACK Storm Timeout
firewallSettingEngineOptionAllowNullIpEnabled Allow Null IP
firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier
firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled Advanced - Block IPv6 on Agents and Appliances verions 9 and later
firewallSettingEngineOptionBlockSameSrcDstIpEnabled Block Same Src-Dest IP Address
firewallSettingEngineOptionBootStartTimeout Boot Start Timeout
firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled Bypass Cisco WAAS Connections
firewallSettingEngineOptionCloseTimeout CLOSED Timeout
firewallSettingEngineOptionCloseWaitTimeout CLOSE_WAIT Timeout
firewallSettingEngineOptionClosingTimeout CLOSING Timeout
firewallSettingEngineOptionColdStartTimeout Cold Start Timeout
firewallSettingEngineOptionConnectionCleanupTimeout Connection Cleanup Timeout
firewallSettingEngineOptionConnectionsCleanupMax Maximum Connections per Cleanup
firewallSettingEngineOptionConnectionsNumIcmpMax Maximum ICMP Connections
firewallSettingEngineOptionConnectionsNumTcpMax Maximum TCP Connections
firewallSettingEngineOptionConnectionsNumUdpMax Maximum UDP Connections
firewallSettingEngineOptionDebugModeEnabled Enable Debug Mode
firewallSettingEngineOptionDebugPacketNumMax Number of Packets to retain in Debug Mode
firewallSettingEngineOptionDisconnectTimeout DISCONNECT Timeout
firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled Drop 6to4 Bogon Addresses
firewallSettingEngineOptionDropEvasiveRetransmitEnabled Drop Evasive Retransmit
firewallSettingEngineOptionDropIpZeroPayloadEnabled Drop IP Packet with Zero Payload
firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled Drop IPv6 Bogon Addresses
firewallSettingEngineOptionDropIpv6ExtType0Enabled Drop IPv6 Extension Type 0
firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled Drop IPv6 Fragments Lower Than minimum MTU
firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled Drop IPv6 Reserved Addresses
firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled Drop IPv6 Site Local Addresses
firewallSettingEngineOptionDropTeredoAnomaliesEnabled Drop Teredo Anomalies
firewallSettingEngineOptionDropUnknownSslProtocolEnabled Drop Unknown SSL Protocol
firewallSettingEngineOptionErrorTimeout ERROR Timeout
firewallSettingEngineOptionEstablishedTimeout ESTABLISHED Timeout
firewallSettingEngineOptionEventNodesMax Number of Event Nodes
firewallSettingEngineOptionFilterIpv4Tunnels Filter IPv4 Tunnels
firewallSettingEngineOptionFilterIpv6Tunnels Filter IPv6 Tunnels
firewallSettingEngineOptionFinWait1Timeout FIN_WAIT1 Timeout
firewallSettingEngineOptionForceAllowDhcpDns Force Allow DHCP DNS
firewallSettingEngineOptionForceAllowIcmpType3Code4 Force Allow ICMP type3 code4
firewallSettingEngineOptionFragmentOffsetMin Minimum Fragment Offset
firewallSettingEngineOptionFragmentSizeMin Minimum Fragment Size
firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled Generate Connection Events for ICMP
firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled Generate Connection Events for TCP
firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled Generate Connection Events for UDP
firewallSettingEngineOptionIcmpTimeout ICMP Timeout
firewallSettingEngineOptionIgnoreStatusCode0 Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode1 Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode2 Ignore Status Code
firewallSettingEngineOptionLastAckTimeout LAST_ACK Timeout
firewallSettingEngineOptionLogAllPacketDataEnabled Log All Packet Data
firewallSettingEngineOptionLogEventsPerSecondMax Maximum Events Per Second
firewallSettingEngineOptionLogOnePacketPeriod Period for Log only one packet within period
firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled Log only one packet within period
firewallSettingEngineOptionLogPacketLengthMax Maximum data size to store when packet data is captured
firewallSettingEngineOptionLoggingPolicy Advanced Logging Policy
firewallSettingEngineOptionSilentTcpConnectionDropEnabled Silent TCP Connection Drop
firewallSettingEngineOptionSslSessionSize SSL Session Size
firewallSettingEngineOptionSslSessionTime SSL Session Time
firewallSettingEngineOptionStrictTerodoPortCheckEnabled Strict Teredo Port Check
firewallSettingEngineOptionSynRcvdTimeout SYN_RCVD Timeout
firewallSettingEngineOptionSynSentTimeout SYN_SENT Timeout
firewallSettingEngineOptionTcpMssLimit TCP MSS Limit
firewallSettingEngineOptionTunnelDepthMax Maximum Tunnel Depth
firewallSettingEngineOptionTunnelDepthMaxExceededAction Action if Maximum Tunnel Depth Exceeded
firewallSettingEngineOptionUdpTimeout UDP Timeout
firewallSettingEngineOptionVerifyTcpChecksumEnabled Verify TCP Checksum
firewallSettingEngineOptionsEnabled Use custom driver settings
firewallSettingEventLogFileCachedEntriesLifeTime Cache Lifetime
firewallSettingEventLogFileCachedEntriesNum Cache Size
firewallSettingEventLogFileCachedEntriesStaleTime Cache Stale time
firewallSettingEventLogFileIgnoreSourceIpListId Do not record events with source IP of
firewallSettingEventLogFileRetainNum Number of event log files to retain (on Agent/Appliance)
firewallSettingEventLogFileSizeMax Maximum size of the event log files (on Agent/Appliance)
firewallSettingEventsOutOfAllowedPolicyEnabled Generate Firewall Events for packets that are 'Out Of Allowed Policy'
firewallSettingFailureResponseEngineSystem Network Engine System Failure
firewallSettingFailureResponsePacketSanityCheck Network Packet Sanity Check Failure
firewallSettingInterfaceIsolationEnabled Enable Interface Isolation
firewallSettingInterfaceLimitOneActiveEnabled Limit to one active interface
firewallSettingInterfacePatterns Interface Patterns
firewallSettingNetworkEngineMode Network Engine Mode
firewallSettingReconnaissanceBlockFingerprintProbeDuration Computer OS Fingerprint Probe - Block Traffic
firewallSettingReconnaissanceBlockNetworkOrPortScanDuration Network or Port Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpNullScanDuration TCP Null Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpSynFinScanDuration TCP SYNFIN Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpXmasAttackDuration TCP Xmas Scan - Block Traffic
firewallSettingReconnaissanceDetectFingerprintProbeEnabled Computer OS Fingerprint Probe - Enabled
firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled Network or Port Scan - Enabled
firewallSettingReconnaissanceDetectTcpNullScanEnabled TCP Null Scan - Enabled
firewallSettingReconnaissanceDetectTcpSynFinScanEnabled TCP SYNFIN Scan - Enabled
firewallSettingReconnaissanceDetectTcpXmasAttackEnabled TCP Xmas Scan - Enabled
firewallSettingReconnaissanceEnabled Reconnaissance Scan Detection - Enabled
firewallSettingReconnaissanceExcludeIpListId Reconnaissance Scan Detection - Do not perform detection on traffic coming from
firewallSettingReconnaissanceIncludeIpListId Reconnaissance Scan Detection - Computers/Networks on which to perform detection
firewallSettingReconnaissanceNotifyFingerprintProbeEnabled Computer OS Fingerprint Probe - Notify DSM Immediately
firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled Network or Port Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpNullScanEnabled TCP Null Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled TCP SYNFIN Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled TCP Xmas Scan - Notify DSM Immediately
firewallSettingState (Default policy settings only) Firewall State
firewallSettingSyslogConfigId Firewall and Intrusion Prevention Syslog Configuration
firewallSettingVirtualAndContainerNetworkScanEnabled Scan container network traffic
Integrity Monitoring Settings
integrityMonitoringSettingAutoApplyRecommendationsEnabled Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during Recommendation Scans
integrityMonitoringSettingCombinedModeProtectionSource Integrity Monitoring
integrityMonitoringSettingContentHashAlgorithm Integrity Monitoring Hash Algorithm
integrityMonitoringSettingCpuUsageLevel Integrity Monitoring CPU Usage Level:
integrityMonitoringSettingRealtimeEnabled Real Time
integrityMonitoringSettingScanCacheConfigId Integrity Scan Cache Configuration:
integrityMonitoringSettingState (Default policy settings only) Integrity Monitoring State
integrityMonitoringSettingSyslogConfigId Integrity Monitoring Syslog Configuration
integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax Max Integrity Monitoring Scan Cache Entries
Intrusion Prevention Settings
intrusionPreventionSettingAutoApplyRecommendationsEnabled Automatically implement Recommendations
intrusionPreventionSettingCombinedModeProtectionSource Intrusion Prevention
intrusionPreventionSettingEngineOptionFragmentedIpKeepMax Maximum number of fragmented IP packets to keep
intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled Send ICMP to indicate fragmented packet timeout exceeded
intrusionPreventionSettingEngineOptionFragmentedIpTimeout Fragment Timeout
intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled Bypass MAC addresses that don't belong to host
intrusionPreventionSettingEngineOptionsEnabled Use custom driver settings
intrusionPreventionSettingLogDataRuleFirstMatchEnabled Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period)
intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel Detect Mode
intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel Prevent Mode
intrusionPreventionSettingState (Default policy settings only) Intrusion Prevention State
intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled Scan container network traffic
Log Inspection Settings
logInspectionSettingAutoApplyRecommendationsEnabled Automatically assign/unassign recommended Log Inspection Rules to Computer during Recommendation Scans
logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin Send Agent/Appliance events to syslog when they equal or exceed the following severity level
logInspectionSettingSeverityClippingAgentEventStoreLevelMin Store events at the Agent/Appliance for later retrieval by DSM when they equal or exceed the following severity level
logInspectionSettingState (Default policy settings only) Log Inspection State
logInspectionSettingSyslogConfigId Log Inspection Syslog Configuration
Platform Settings
platformSettingAgentCommunicationsDirection Direction of Workload Security to Agent/Appliance communication
platformSettingAgentEventsSendInterval Period between sending of events
platformSettingAgentSelfProtectionEnabled Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent
platformSettingAgentSelfProtectionPassword Password
platformSettingAgentSelfProtectionPasswordEnabled Local override requires password
platformSettingAutoAssignNewIntrusionPreventionRulesEnabled Automatically assign new Intrusion Prevention Rules as required by updated Application Types and Intrusion Prevention Rule dependencies
platformSettingAutoUpdateAntiMalwareEngineEnabled Automatically update anti-malware engine
platformSettingCombinedModeNetworkGroupProtectionSource Network Combined Mode Affinity
platformSettingEnvironmentVariableOverrides Environment Variable Overrides
platformSettingHeartbeatInactiveVmOfflineAlertEnabled Raise Offline Errors For Inactive Virtual Machines
platformSettingHeartbeatInterval Heartbeat Interval
platformSettingHeartbeatLocalTimeShiftAlertThreshold Maximum change (in minutes) of the local system time on the computer between heartbeats before an alert is raised
platformSettingHeartbeatMissedAlertThreshold Number of Heartbeats that can be missed before an alert is raised
platformSettingInactiveAgentCleanupOverrideEnabled Prevent this computer from being deleted if Inactive Agent Cleanup is enabled:
platformSettingNotificationsSuppressPopupsEnabled Suppress all pop-up notifications on host
platformSettingOverwriteHostnameDuringHeartbeatEnabled Automatically update the computer name to the latest reported by the agent
platformSettingRecommendationOngoingScansInterval Ongoing Scan Interval
platformSettingRelayState Relay State
platformSettingScanCacheConcurrencyMax Max Concurrent Scans
platformSettingScanOpenPortListId Ports to scan
platformSettingSmartProtectionAntiMalwareGlobalServerProxyId Use Proxy when accessing Smart Protection Service for Smart Scan
platformSettingSmartProtectionGlobalServerEnabled Use Global Service for Census
platformSettingSmartProtectionGlobalServerProxyId Use Proxy when accessing Global Service for Census
platformSettingSmartProtectionGlobalServerUseProxyEnabled Use Proxy when accessing Global Service for Census
platformSettingTroubleshootingLoggingLevel Logging Level
platformSettingUpgradeOnActivationEnabled Automatically upgrade agents on activation
SAP Settings
sapSettingState (Default policy settings only) Configuration
Sensing Mode Settings
sensingModeSettingActivityEnabled Sensor Activity Enabled
sensingModeSettingIndicatorEnabled Sensor Indicator Enabled
sensingModeSettingState (Default policy settings only) Sensing Mode State
sensingModeSettingSyslogConfigId Sensing Mode Configuration
Web Reputation Settings
webReputationSettingAlertingEnabled Alert
webReputationSettingAllowedUrlDomains Allowed Domain URLs
webReputationSettingAllowedUrls Allowed Page URLs
webReputationSettingBlockedUrlDomains Blocked Domain URLs
webReputationSettingBlockedUrlKeywords Blocked Keywords
webReputationSettingBlockedUrls Blocked Page URLs
webReputationSettingBlockingPageLink Blocked Page Link
webReputationSettingCombinedModeProtectionSource Web Reputation
webReputationSettingMonitorPortListId Ports to monitor
webReputationSettingSecurityBlockUntestedPagesEnabled Block Untested Pages
webReputationSettingSecurityLevel Security Level
webReputationSettingSmartProtectionGlobalServerUseProxyEnabled Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal When off domain, connect to global Smart Protection Service. (Windows only)
webReputationSettingSmartProtectionLocalServerEnabled Use Local Smart Protection Server for Web Reputation Service
webReputationSettingSmartProtectionLocalServerUrls Local Smart Protection Servers for Web Reputation
webReputationSettingSmartProtectionServerConnectionLostWarningEnabled Warn if connection to Smart Protection Server is lost
webReputationSettingSmartProtectionWebReputationGlobalServerProxyId Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingState (Default policy settings only) Web Reputation State
webReputationSettingSyslogConfigId Web Reputation Syslog Configuration

System settings

Setting Description
Anti-Malware Settings
antiMalwareSettingEventEmailBodyTemplate Email Template
antiMalwareSettingEventEmailEnabled Anti-Malware Email Notifications Enabled
antiMalwareSettingEventEmailRecipients Email Recipients
antiMalwareSettingEventEmailSubject Email Subject Text
antiMalwareSettingRetainEventDuration Automatically delete Anti-Malware Events older than
Application Control Settings
applicationControlSettingRetainEventDuration Automatically delete Application Control Events older than
applicationControlSettingServeRulesetsFromRelaysEnabled Serve application control rulesets from relays
Firewall Settings
firewallSettingEventRankSeverityDeny Deny
firewallSettingEventRankSeverityLogOnly Log Only
firewallSettingEventRankSeverityPacketRejection Packet Rejection
firewallSettingGlobalStatefulConfigId Global Firewall Stateful Configuration
firewallSettingInternetConnectivityTestExpectedContentRegex Regular Expression for returned content used to confirm Connectivity
firewallSettingInternetConnectivityTestInterval Test Interval
firewallSettingInternetConnectivityTestUrl URL for testing Internet Connectivity Status
firewallSettingIntranetConnectivityTestExpectedContentRegex Regular Expression for returned content used to confirm Intranet Connectivity
firewallSettingIntranetConnectivityTestUrl URL for testing Intranet Connectivity Status
firewallSettingRetainEventDuration Automatically delete Firewall Events older than
Integrity Monitoring Settings
integrityMonitoringSettingEventRankSeverityCritical Critical
integrityMonitoringSettingEventRankSeverityHigh High
integrityMonitoringSettingEventRankSeverityLow Low
integrityMonitoringSettingEventRankSeverityMedium Medium
integrityMonitoringSettingRetainEventDuration Automatically delete Integrity Monitoring Events older than
Intrusion Prevention Settings
intrusionPreventionSettingEventRankSeverityFilterCritical Critical
intrusionPreventionSettingEventRankSeverityFilterError Error
intrusionPreventionSettingEventRankSeverityFilterHigh High
intrusionPreventionSettingEventRankSeverityFilterLow Low
intrusionPreventionSettingEventRankSeverityFilterMedium Medium
intrusionPreventionSettingRetainEventDuration Automatically delete Intrusion Prevention Events older than
Log Inspection Settings
logInspectionSettingEventRankSeverityCritical Critical
logInspectionSettingEventRankSeverityHigh High
logInspectionSettingEventRankSeverityLow Low
logInspectionSettingEventRankSeverityMedium Medium
logInspectionSettingRetainEventDuration Automatically delete Log Inspection Events older than
Platform Settings
platformSettingActiveSessionsMax Number of concurrent sessions allowed per User
platformSettingActiveSessionsMaxExceededAction Action when concurrent session limit is exceeded
platformSettingAgentInitiatedActivationDuplicateHostnameMode If a computer already exists
platformSettingAgentInitiatedActivationEnabled Allow Agent-Initiated Activation
platformSettingAgentInitiatedActivationPolicyId Policy to assign (if Policy not assigned by activation script):
platformSettingAgentInitiatedActivationReactivateClonedEnabled Reactivate cloned Agents
platformSettingAgentInitiatedActivationReactivateUnknownEnabled Reactivate unknown Agents
platformSettingAgentInitiatedActivationSpecifyHostnameEnabled Allow Agent to specify hostname
platformSettingAgentInitiatedActivationWithinIpListId Agent-Initiated Activation IP List
platformSettingAgentlessVcloudProtectionEnabled Allow Appliance protection of vCloud VMs
platformSettingAlertAgentUpdatePendingThreshold Length of time an Update can be pending before raising an Alert
platformSettingAlertDefaultEmailAddress Alert Email Address - The email address to which all alert emails should be sent
platformSettingAwsManagerIdentityAccessKey Access Key - The Access Key of an AWS User used for the manager identity
platformSettingAwsManagerIdentitySecretKey Secret Key - The Secret Access Key of an AWS User used for the manager identity
platformSettingAwsManagerIdentityUseInstanceRoleEnabled Use Instance Role
platformSettingCaptureEncryptedTrafficEnabled Allow packet data capture on encrypted traffic (SSL)
platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey API Key
platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl Server URL (ex: "https://[server]/webapp")
platformSettingConnectedThreatDefenseControlManagerProxyId Use Proxy when accessing Apex Central
platformSettingConnectedThreatDefenseControlManagerSourceOption Suspicious Object List Source
platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled Compare objects against Suspicious Object List
platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled When accessing Apex Central, use proxy:
platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled Use default server settings
platformSettingDdanAutoSubmissionEnabled Enable automatic file submission
platformSettingDdanManualSourceApiKey API Key
platformSettingDdanManualSourceServerUrl Server URL (ex: "https://[server]/")
platformSettingDdanProxyId Use Proxy when accessing Deep Discovery Analyzer
platformSettingDdanSourceOption Deep Discovery Analyzer Source
platformSettingDdanSubmissionEnabled Enable submission of suspicious files to Deep Discovery Analyzer
platformSettingDdanUseProxyEnabled When accessing Deep Discovery Analyzer, use proxy:
platformSettingDemoModeEnabled Demo Mode Enabled
platformSettingEventForwardingSnsAccessKey Access Key - The Access Key of an AWS User with access to the SNS Topic
platformSettingEventForwardingSnsAdvancedConfigEnabled Amazon SNS Advanced Configuration
platformSettingEventForwardingSnsConfigJson Amazon SNS Configuration
platformSettingEventForwardingSnsEnabled Publish Events to Amazon Simple Notification Service
platformSettingEventForwardingSnsSecretKey Secret Key - The Secret Key of an AWS User with access to the SNS Topic
platformSettingEventForwardingSnsTopicArn SNS Topic ARN
platformSettingExportedDiagnosticPackageLocale Exported Diagnostic Package Language
platformSettingExportedFileCharacterEncoding Exported file Character Encoding
platformSettingInactiveAgentCleanupDuration Delete Agents that have been inactive for:
platformSettingInactiveAgentCleanupEnabled Delete Agents that have been inactive for:
platformSettingManagedDetectResponseCompanyGuid Company GUID
platformSettingManagedDetectResponseEnabled Enable the MDR service
platformSettingManagedDetectResponseProxyId Use Proxy when accessing MDR server
platformSettingManagedDetectResponseServerUrl Server URL (ex: "https://[server]/")
platformSettingManagedDetectResponseServiceToken Service Token
platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled Use default server settings
platformSettingManagedDetectResponseUseProxyEnabled When accessing MDR server, use proxy:
platformSettingProxyAgentUpdateProxyId Primary Security Update Proxy used by Agents, Appliances, and Relays:
platformSettingRecommendationOngoingScansEnabled Perform ongoing Recommendation Scans
platformSettingRetainAgentInstallersPerPlatformMax Number of older software versions to keep per platform
platformSettingRetainCountersDuration Automatically delete Counters older than
platformSettingRetainSecurityUpdatesMax Number of older Rule Updates to keep
platformSettingRetainSystemEventDuration Automatically delete System Events older than
platformSettingSamlIdentityProviderCertificateExpiryWarningDays Warn when a SAML identity provider certificate will expire within (days)
platformSettingSamlRetainInactiveExternalAdministratorsDuration Automatically delete inactive identity provider users after (days)
platformSettingSmartProtectionFeedbackBandwidthMaxKbytes Maximum bandwidth:
platformSettingSmartProtectionFeedbackEnabled Enable Trend Micro Smart Feedback (recommended)
platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled Send suspicious file signatures along with feedback
platformSettingSmartProtectionFeedbackIndustryType Your industry (optional):
platformSettingSmartProtectionFeedbackInterval Feedback Interval (min)
platformSettingSmartProtectionFeedbackThreatDetectionsThreshold Feedback Interval by threats
platformSettingSmtpBounceEmailAddress "Bounce" email address (optional) - The email address to which delivery failure notifications should be sent
platformSettingSmtpFromEmailAddress "From" email address - The email address from which outgoing emails should be sent
platformSettingSmtpPassword SMTP password
platformSettingSmtpRequiresAuthenticationEnabled Mail server requires authentication
platformSettingSmtpServerAddress SMTP mail server address (optionally include :port)
platformSettingSmtpStartTlsEnabled STARTTLS
platformSettingSmtpUsername SMTP username
platformSettingSyslogConfigId Forward System Events to a remote computer (via Syslog) using configuration
platformSettingSystemEventForwardingSnmpAddress Hostname or IP address to which events should be sent
platformSettingSystemEventForwardingSnmpEnabled Forward System Events to a remote computer (via SNMP)
platformSettingSystemEventForwardingSnmpPort UDP port to which events should be sent
platformSettingTenantAllowImpersonationByPrimaryTenantEnabled Allow Primary Tenant access to my Workload Security Environment
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled Automatically revoke Primary Tenant access after
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout Automatically revoke Primary Tenant access after
platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled Use the Primary Tenant Relay Group as my Default Relay Group
platformSettingTrendMicroXdrApiKey API Key
platformSettingTrendMicroXdrApiServerUrl API Server URL
platformSettingTrendMicroXdrApiUser API User
platformSettingTrendMicroXdrCompanyId Company ID
platformSettingTrendMicroXdrEnabled Forward activity data to Trend Micro XDR data lake
platformSettingTrendMicroXdrLogServerUrl Log Server URL
platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled Allow Agents/Appliances to download security updates directly from Primary Security Update Source if Relays are not accessible
platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled Allow Agents/Appliances to download security updates when Workload Security is not accessible
platformSettingUpdateApplianceDefaultAgentVersion Upon deployment, update Virtual Appliances to
platformSettingUpdateHostnameOnIpChangeEnabled Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery
platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled Download Patterns for all Regions
platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled Allow supported 8.0 and 9.0 Agents to be updated
platformSettingUpdateRulesPolicyAutoApplyEnabled Automatically apply Rule Updates to Policies
platformSettingUpdateSecurityPrimarySourceMode Relay Update Source
platformSettingUpdateSecurityPrimarySourceUrl URL
platformSettingUpdateSoftwareAlternateUpdateServerUrls Alternate Software Update Web Server(s)
platformSettingUserHideUnlicensedModulesEnabled Hide unlicensed Protection Modules for new Users
platformSettingUserPasswordExpiry User password expires
platformSettingUserPasswordExpirySendEmailEnabled Send email when a user's password is about to expire
platformSettingUserPasswordLengthMin User password minimum length
platformSettingUserPasswordRequireLettersAndNumbersEnabled User password requires both letters and numbers
platformSettingUserPasswordRequireMixedCaseEnabled User password requires both upper and lower case characters
platformSettingUserPasswordRequireNotSameAsUsernameEnabled User password cannot match username or username spelled backward
platformSettingUserPasswordRequireSpecialCharactersEnabled User password requires non-alphanumeric characters
platformSettingUserSessionDurationMax Maximum session duration
platformSettingUserSessionIdleTimeout Session idle timeout
platformSettingUserSignInAttemptsAllowedNumber Number of incorrect sign-in attempts allowed (before lock out)
platformSettingWhoisUrl Whois URL - The full URL to a Whois lookup with the IP represented as [IP]
Web Reputation Settings
webReputationSettingEventRankRiskBlockedByAdministratorRank Blocked By Administrator
webReputationSettingEventRankRiskDangerous Dangerous
webReputationSettingEventRankRiskHighlySuspicious Highly Suspicious
webReputationSettingEventRankRiskSuspicious Suspicious
webReputationSettingEventRankRiskUntested Untested
webReputationSettingRetainEventDuration Automatically delete Web Reputation Events older than