Deep Security Notifier

The Deep Security Notifier is a Windows System Tray application that communicates the state of the Deep Security Agent and Deep Security Relay to client machines. The notifier displays popup user notifications when the Deep Security Agent begins a scan, or blocks malware or access to malicious web pages.

The notifier has a small footprint on the client machine, requiring less than 1MB of disk space and 1MB of memory. When the notifier is running the notifier icon () appears in the system tray. The notifier is automatically installed by default with the Deep Security Agent on Windows computers. Use the Administration > Updates > Software > Local page to import the latest version for distribution and upgrades.

On computers running a relay-enabled agent, the notifier displays the components that are being distributed to agents or appliances, not which components are in effect on the local computer.

How the notifier works

When malware is detected or a malicious site is blocked, the Deep Security Agent sends a message to the notifier, which displays a popup message in the system tray.

If malware is detected, the notifier displays a message in a system tray popup similar to the following:

If the user clicks on the message, a dialog box with detailed information about anti-malware events is displayed:

When a malicious web page is blocked, the notifier displays a message in a system tray popup similar to the following:

If the user clicks on the message, a dialog box with detailed information about web reputation events is displayed:

The notifier also provides a console utility for viewing the current protection status and component information, including pattern versions. The console utility allows the user to turn on and off the popup notifications and access detailed event information.

You can also turn off pop-up notifications for certain computers or for computers that are assigned a particular policy by going to the Workload Security Computer/Policy editor > Settings > General and settings Suppress all pop-up notifications on host to Yes. The messages still appear as alerts or events in the Workload Security console.

When the notifier is running on a computer hosting Deep Security Relay, the notifier's display shows the components being distributed by the relay and not the components that in effect on the computer.