Topics on this page
System events
To view system events, go to Events & Reports > Events.
To configure system events, go to the Administration > System Settings > System Events tab. On this tab, you can set whether or not to record individual events and whether or not to forward them to a SIEM server. If you select Record, then the event is saved to the database. If you deselect Record, then the event does not appear under the Events & Reports tab (or anywhere in Workload Security) and it is not forwarded either.
Depending on whether it is a system configuration change or security incident, each log appears in either the System Events submenu, or the submenu corresponding to the event's protection module, such as Anti-Malware Events.
These events sometimes also appear in the Status column on Computers.
| ID | Severity | Event | Description or Solution |
| 0 | Error | Unknown Error | |
| 100 | Info | Workload Security Started | |
| 101 | Info | License Changed | |
| 103 | Warning | Check For Updates Failed | |
| 104 | Warning | Automatic Software Download Failed | |
| 105 | Warning | Scheduled Rule Update Download and Apply Failed | |
| 106 | Info | Scheduled Rule Update Downloaded and Applied | |
| 107 | Info | Rule Update Downloaded and Applied | |
| 108 | Info | Script Executed | |
| 109 | Error | Script Execution Failed | |
| 110 | Info | System Events Exported | |
| 111 | Info | Firewall Events Exported | |
| 112 | Info | Intrusion Prevention Events Exported | |
| 113 | Warning | Scheduled Rule Update Download Failed | |
| 114 | Info | Scheduled Rule Update Downloaded | |
| 115 | Info | Rule Update Downloaded | |
| 116 | Info | Rule Update Applied | |
| 117 | Info | Workload Security Shutdown | |
| 118 | Warning | Workload Security Offline | |
| 119 | Info | Workload Security Back Online | |
| 120 | Error | Heartbeat Server Failed | The server within Workload Security that listens for incoming agent heartbeats did not start. Check that Workload Security's incoming heartbeat port number is not in use by another application on the server. Once the port is free, the Workload Security's heartbeat server should bind to it, and this error should be fixed. |
| 121 | Error | Scheduler Failed | |
| 122 | Error | Manager Message Thread Failed | An internal thread has failed. There is no resolution for this error. If it persists, please contact customer support. |
| 123 | Info | Workload Security Forced Shutdown | |
| 124 | Info | Rule Update Deleted | |
| 130 | Info | Credentials Generated | |
| 140 | Info | Discover Computers | |
| 141 | Warning | Discover Computers Failed | |
| 142 | Info | Discover Computers Requested | |
| 143 | Info | Discover Computers Canceled | |
| 150 | Info | System Settings Saved | |
| 151 | Info | Software Added | |
| 152 | Info | Software Deleted | |
| 153 | Info | Software Updated | |
| 154 | Info | Software Exported | |
| 155 | Info | Software Platforms Changed | |
| 156 | Error | Agent Installer Digital Signature Verification Failed |
'<agent>.zip' has been deleted because the digital signature verification failed. The failure indicates that the file may have been tampered with. Details: <detailed_message> Please contact Trend Micro support for more help. See Check digital signatures on software packages for details. |
| 157 | Info | Agent Version Control Setting Changed | |
| 160 | Info | Authentication Failed | |
| 161 | Info | Rule Update Exported | |
| 162 | Info | Log Inspection Events Exported | |
| 163 | Info | Anti-Malware Event Exported | |
| 164 | Info | Security Update Successful | |
| 165 | Error | Security Update Failed | |
| 166 | Info | Check for New Software Success | |
| 167 | Error | Check for New Software Failed | |
| 168 | Info | Manual Security Update Successful | |
| 169 | Error | Manual Security Update Failed | |
| 170 | Error | Manager Available Disk Space Too Low | The manager does not have enough free disk space to function and will shut down. |
| 171 | Info | Anti-Malware Spyware Item Exported | |
| 172 | Info | Web Reputation Events Exported | |
| 173 | Info | Anti-Malware Identified Files List Exported | |
| 174 | Info | Anti-Malware Unauthorized Change Targeted Item Exported | |
| 175 | Info | Creating Heap Dump | |
| 176 | Info | Heap Dump Created | |
| 177 | Error | Failed to create Heap Dump | |
| 180 | Info | Alert Type Updated | |
| 190 | Info | Alert Started | |
| 191 | Info | Alert Changed | |
| 192 | Info | Alert Ended | |
| 197 | Info | Alert Emails Sent | |
| 198 | Warning | Alert Emails Failed | An alert email could not be sent. |
| 199 | Error | Alert Processing Failed | The current alert status could be inaccurate because an alert was not completely processed. If the problem persists, contact your support provider. |
| 200 | Info | Dismissing Alert on All Hosts Started | |
| 201 | Info | Dismissing Alert on All Hosts Finished | |
| 202 | Error | Dismissing Alert on All Hosts Failed | |
| 247 | Warning | Agent Integrity Check Failed | |
| 248 | Info | Software Update: Disable Relay Requested | |
| 249 | Info | Software Update: Enable Relay Requested | |
| 250 | Info | Computer Created | |
| 251 | Info | Computer Deleted | |
| 252 | Info | Computer Updated | |
| 253 | Info | Policy Assigned to Computer | |
| 254 | Info | Computer Moved | |
| 255 | Info | Activation Requested | |
| 256 | Info | Send Policy Requested | |
| 259 | Info | Deactivation Requested | |
| 260 | Info | Scan for Open Ports | |
| 261 | Warning | Scan for Open Ports Failed | |
| 262 | Info | Scan for Open Ports Requested | |
| 263 | Info | Scan for Open Ports Canceled | |
| 264 | Info | Agent Software Upgrade Requested | |
| 265 | Info | Agent Software Upgrade Cancelled | |
| 266 | Info | Warnings/Errors Cleared | |
| 267 | Info | Check Status Requested | |
| 268 | Info | Get Events Requested | |
| 269 | Info | Computer Added to Cloud Connector | |
| 270 | Error | Computer Creation Failed | |
| 271 | Info | Agent Software Upgrade Timed Out | |
| 272 | Info | Appliance Software Upgrade Timed Out | |
| 273 | Info | Security Update: Security Update Check and Download Requested | |
| 274 | Info | Security Update: Security Update Rollback Requested | |
| 275 | Warning | Duplicate Computer | |
| 276 | Info | Update: Summary Information | |
| 277 | Info | Upgrade on Activation Skipped | The agent was eligible for an automatic upgrade, but the upgrade did not occur. For more information, see Automatically upgrade agents on activation. |
| 278 | Info | Software Update: Reboot to Complete Agent Software Upgrade | |
| 280 | Info | Computers Exported | |
| 281 | Info | Computers Imported | |
| 286 | Info | Computer Log Exported | |
| 287 | Info | Relay Group Assigned to Computer | |
| 290 | Info | Group Added | |
| 291 | Info | Group Removed | |
| 292 | Info | Group Updated | |
| 293 | Info | Interface Renamed | |
| 294 | Info | Computer Bridge Renamed | |
| 295 | Info | Interface Deleted | |
| 296 | Info | Interface IP Deleted | |
| 297 | Info | Recommendation Scan Requested | |
| 298 | Info | Recommendations Cleared | |
| 299 | Info | Asset Value Assigned to Computer | |
| 300 | Info | Recommendation Scan Completed | |
| 301 | Info | Agent Software Deployment Requested | |
| 302 | Info | Agent Software Removal Requested | |
| 303 | Info | Computer Renamed | |
| 304 | Info | Computer Moved To Datacenter | |
| 305 | Info | Scan for Integrity Requested | |
| 306 | Info | Rebuild Baseline Requested | |
| 307 | Info | Cancel Update Requested | |
| 308 | Info | Integrity Monitoring Rule Compile Issue | |
| 309 | Info | Integrity Monitoring Rule Compile Issue Resolved | |
| 310 | Info | Directory Added | |
| 311 | Info | Directory Removed | |
| 312 | Info | Directory Updated | |
| 320 | Info | Directory Synchronization | |
| 321 | Info | Directory Synchronization Finished | |
| 322 | Error | Directory Synchronization Failed | |
| 323 | Info | Directory Synchronization Requested | |
| 324 | Info | Directory Synchronization Cancelled | |
| 325 | Info | User Synchronization | Synchronization of the user accounts with Microsoft Active Directory has been started. |
| 326 | Info | User Synchronization Finished | Synchronization of the user accounts with Microsoft Active Directory has completed. |
| 327 | Error | User Synchronization Failed | |
| 328 | Info | User Synchronization Requested | |
| 329 | Info | User Synchronization Cancelled | |
| 330 | Info | SSL Configuration Created | |
| 331 | Info | SSL Configuration Deleted | |
| 332 | Info | SSL Configuration Updated | |
| 333 | Info | Host Merge Finished | |
| 334 | Error | Host Merge Failed | |
| 338 | Warning | Directory Synchronization Limit Exceeded | Reached the limit of {0} total group members for Active Directory synchronization. Skipping any remaining members. Consider adjusting the limit in system setting "{1}". |
| 350 | Info | Policy Created | |
| 351 | Info | Policy Deleted | |
| 352 | Info | Policy Updated | |
| 353 | Info | Policies Exported | |
| 354 | Info | Policies Imported | |
| 355 | Info | Scan for Recommendations Canceled | |
| 356 | Error | Secure Boot Public Key Not Enrolled |
This error can occur if the public key required to check the signature on the Trend Micro kernel module is not successfully enrolled on the agent computer. For details, see Linux Secure Boot support for agents. |
| 357 | Error | Secure Boot 'On' Not Supported |
The agent does not support this OS with Secure Boot enabled. For details, see Linux Secure Boot support for agents. |
| 358 | Error | Policies Import Failed | |
| 360 | Info | VMware vCenter Added | |
| 361 | Info | VMware vCenter Removed | |
| 362 | Info | VMware vCenter Updated | |
| 363 | Info | VMware vCenter Synchronization | |
| 364 | Info | VMware vCenter Synchronization Finished | |
| 365 | Error | VMware vCenter Synchronization Failed | |
| 366 | Info | VMware vCenter Synchronization Requested | |
| 367 | Info | VMware vCenter Synchronization Cancelled | |
| 368 | Warning | Interfaces Out of Sync | |
| 369 | Info | Interfaces in Sync | |
| 370 | Info | Filter Driver Installed | |
| 371 | Info | Filter Driver Removed | The Filter Driver has been removed from ESXi server. Previous Filter Driver version: {0} |
| 372 | Info | Filter Driver Upgraded | ESXi Filter Driver upgraded from version {0} to version {1}. |
| 376 | Warning | Virtual Machine Moved to Unprotected ESXi | 382 | Info | Filter Driver Update Requested | Filter Driver upgrade from version {0} to version {1} requested. |
| 384 | Warning | Prepare ESXi Failed | |
| 385 | Warning | Filter Driver Update Failed | |
| 386 | Warning | Removal of Filter Driver from ESXi Failed | |
| 387 | Error | Connection to Filter Driver Failure | The Appliance has reported a failure connecting to the filter driver. See the agent event(s) for more information. |
| 393 | Error | Anti-Malware Engine Offline | |
| 394 | Info | Anti-Malware Engine Back Online | |
| 410 | Info | Firewall Rule Created | |
| 411 | Info | Firewall Rule Deleted | |
| 412 | Info | Firewall Rule Updated | |
| 413 | Info | Firewall Rule Exported | |
| 414 | Info | Firewall Rule Imported | |
| 420 | Info | Firewall Stateful Configuration Created | |
| 421 | Info | Firewall Stateful Configuration Deleted | |
| 422 | Info | Firewall Stateful Configuration Updated | |
| 423 | Info | Firewall Stateful Configuration Exported | |
| 424 | Info | Firewall Stateful Configuration Imported | |
| 460 | Info | Application Type Created | An administrator configured a new IPS network application definition. |
| 461 | Info | Application Type Deleted | An administrator removed an IPS network application definition. |
| 462 | Info | Application Type Updated | An administrator changed an existing IPS network application definition. |
| 463 | Info | Application Type Exported | An administrator downloaded an IPS network application definition. |
| 464 | Info | Application Type Imported | An administrator uploaded an IPS network application definition. |
| 470 | Info | Intrusion Prevention Rule Created | |
| 471 | Info | Intrusion Prevention Rule Deleted | |
| 472 | Info | Intrusion Prevention Rule Updated | |
| 473 | Info | Intrusion Prevention Rule Exported | |
| 474 | Info | Intrusion Prevention Rule Imported | |
| 480 | Info | Integrity Monitoring Rule Created | |
| 481 | Info | Integrity Monitoring Rule Deleted | |
| 482 | Info | Integrity Monitoring Rule Updated | |
| 483 | Info | Integrity Monitoring Rule Exported | |
| 484 | Info | Integrity Monitoring Rule Imported | |
| 490 | Info | Log Inspection Rule Created | |
| 491 | Info | Log Inspection Rule Deleted | |
| 492 | Info | Log Inspection Rule Updated | |
| 493 | Info | Log Inspection Rule Exported | |
| 494 | Info | Log Inspection Rule Imported | |
| 495 | Info | Log Inspection Decoder Created | |
| 496 | Info | Log Inspection Decoder Deleted | |
| 497 | Info | Log Inspection Decoder Updated | |
| 498 | Info | Log Inspection Decoder Exported | |
| 499 | Info | Log Inspection Decoder Imported | |
| 505 | Info | Context Created | |
| 506 | Info | Context Deleted | |
| 507 | Info | Context Updated | |
| 508 | Info | Context Exported | |
| 509 | Info | Context Imported | |
| 510 | Info | IP List Created | |
| 511 | Info | IP List Deleted | |
| 512 | Info | IP List Updated | |
| 513 | Info | IP List Exported | |
| 514 | Info | IP List Imported | |
| 520 | Info | Port List Created | |
| 521 | Info | Port List Deleted | |
| 522 | Info | Port List Updated | |
| 523 | Info | Port List Exported | |
| 524 | Info | Port List Imported | |
| 525 | Info | Scan Cache Configuration Created | |
| 526 | Info | Scan Cache Configuration Exported | |
| 527 | Info | Scan Cache Configuration Updated | |
| 530 | Info | MAC List Created | |
| 531 | Info | MAC List Deleted | |
| 532 | Info | MAC List Updated | |
| 533 | Info | MAC List Exported | |
| 534 | Info | MAC List Imported | |
| 540 | Info | Proxy Created | |
| 541 | Info | Proxy Deleted | |
| 542 | Info | Proxy Updated | |
| 543 | Info | Proxy Exported | |
| 544 | Info | Proxy Imported | |
| 550 | Info | Schedule Created | |
| 551 | Info | Schedule Deleted | |
| 552 | Info | Schedule Updated | |
| 553 | Info | Schedule Exported | |
| 554 | Info | Schedule Imported | |
| 560 | Info | Scheduled Task Created | |
| 561 | Info | Scheduled Task Deleted | |
| 562 | Info | Scheduled Task Updated | |
| 563 | Info | Scheduled Task Manually Executed | |
| 564 | Info | Scheduled Task Started | |
| 565 | Info | Backup Finished | |
| 566 | Error | Backup Failed | |
| 567 | Info | Sending Outstanding Alert Summary | |
| 568 | Warning | Failed To Send Outstanding Alert Summary | |
| 569 | Warning | Email Failed | An e-mail notification could not be sent. |
| 570 | Info | Sending Report | |
| 571 | Warning | Failed To Send Report | |
| 572 | Error | Invalid Report Jar | |
| 573 | Info | Asset Value Created | |
| 574 | Info | Asset Value Deleted | |
| 575 | Info | Asset Value Updated | |
| 576 | Error | Report Uninstall Failed | |
| 577 | Error | Report Uninstalled | |
| 578 | Warning | Integrity Monitoring Rules Require Configuration | |
| 580 | Warning | Application Type Port List Misconfiguration | |
| 581 | Warning | Application Type Port List Misconfiguration Resolved | |
| 582 | Warning | Intrusion Prevention Rules Require Configuration | |
| 583 | Info | Intrusion Prevention Rules Require Configuration Resolved | |
| 584 | Warning | Application Types Require Configuration | IPS rules require network application definitions, and cannot correctly scan traffic until you define them. |
| 585 | Info | Integrity Monitoring Rules Require Configuration Resolved | |
| 586 | Warning | Log Inspection Rules Require Configuration | |
| 587 | Info | Log Inspection Rules Require Configuration Resolved | |
| 588 | Warning | Log Inspection Rules Require Log Files | |
| 589 | Info | Log Inspection Rules Require Log Files Resolved | |
| 590 | Warning | Scheduled Task Unknown Type | |
| 591 | Info | Relay Group Created | |
| 592 | Info | Relay Group Updated | |
| 593 | Info | Relay Group Deleted | |
| 594 | Info | Event-Based Task Created | |
| 595 | Info | Event-Based Task Deleted | |
| 596 | Info | Event-Based Task Updated | |
| 597 | Info | Event-Based Task Triggered | |
| 600 | Info | User Signed In | |
| 601 | Info | User Signed Out | |
| 602 | Info | User Timed Out | |
| 609 | Error | User Made Invalid Request | Workload Security received invalid request to access audit data (events). Access was denied. |
| 610 | Info | User Session Validated | |
| 611 | Info | User Viewed Firewall Event | |
| 613 | Info | User Viewed Intrusion Prevention Event | |
| 615 | Info | User Viewed System Event | |
| 616 | Info | User Viewed Integrity Monitoring Event | |
| 617 | Info | User Viewed Log Inspection Event | |
| 618 | Info | User Viewed Identified File Detail | |
| 619 | Info | User Viewed Anti-Malware Event | |
| 620 | Info | User Viewed Web Reputation Event | |
| 630 | Info | Syslog Configuration Created | |
| 631 | Info | Syslog Configuration Deleted | |
| 632 | Info | Syslog Configuration Updated | |
| 633 | Info | Syslog Configuration Exported | |
| 634 | Info | Syslog Configuration Imported | |
| 650 | Info | User Created | |
| 651 | Info | User Deleted | |
| 652 | Info | User Updated | |
| 656 | Info | API Key Created | #160; |
| 657 | Info | API Key Deleted | |
| 658 | Info | API Key Updated | |
| 660 | Info | Role Created | |
| 661 | Info | Role Deleted | |
| 662 | Info | Role Updated | |
| 670 | Info | Contact Created | |
| 671 | Info | Contact Deleted | |
| 672 | Info | Contact Updated | |
| 673 | Info | API Key Locked Out | |
| 674 | Info | API Key Unlocked | |
| 675 | Error | API Key Session Validation Failed | |
| 678 | Info | API Key Expired | |
| 700 | Info | Agent Software Installed | |
| 701 | Error | Agent Software Installation Failed | |
| 702 | Info | Credentials Generated | |
| 703 | Error | Credential Generation Failed | |
| 704 | Info | Activated | |
| 705 | Error | Activation Failed | This can occur if agent self-protection is enabled. In the Workload Security console, go to Computer editor > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override. |
| 706 | Info | Software Update: Agent Software Upgraded | |
| 707 | Warning | Software Update: Agent Software Upgrade Failed | Refer to the event details for more information about why the upgrade was not successful. |
| 708 | Info | Deactivated | |
| 709 | Error | Deactivation Failed | |
| 710 | Info | Events Retrieved | |
| 711 | Info | Agent Software Deployed | |
| 712 | Error | Agent Software Deployment Failed | This can occur if agent self-protection is enabled. In the Workload Security console, go to |
| 713 | Info | Agent Software Removed | |
| 714 | Error | Agent Software Removal Failed |
This can occur if agent self-protection is enabled. In the Workload Security console, go to |
| 715 | Info | Agent/Appliance Version Changed | |
| 716 | Info | Reactivation Attempted by Unknown Agent | An agent that is currently unknown to Workload Security has attempted reactivation. This usually happens when a computer was deleted from Workload Security without first removing the agent on the computer. For more information, see the 'Reactivation Attempted by Unknown Agent' section in Agent settings. |
| 720 | Info | Policy Sent | Agent/Appliance updated. |
| 721 | Error | Send Policy Failed | |
| 722 | Warning | Get Interfaces Failed | |
| 723 | Info | Get Interfaces Failure Resolved | |
| 724 | Warning | Insufficient Disk Space | An agent detected low disk space. Free space on the computer. See Warning: Insufficient disk space. |
| 725 | Warning | Events Suppressed | |
| 726 | Warning | Get Agent/Appliance Events Failed | Workload Security was unable to retrieve events from the agent. This error does not mean that the data was lost on the agent. This error is normally caused by a network interruption while events are being transferred. Clear the error and run a "Check Status" to retry the operation. |
| 727 | Info | Get Agent/Appliance Events Failure Resolved | |
| 728 | Error | Get Events Failed | Workload Security was unable to retrieve audit data from the agent. This error does not mean that the data was lost on the agent. This error is normally caused by a network interruption while events are being transferred. Clear the error and run a "Get Events Now" to retry the operation. |
| 729 | Info | Get Events Failure Resolved | |
| 730 | Error | Offline | Workload Security cannot communicate with Computer. Usually, however, the offline agent is still protecting the computer with its last configured settings. See Computer and Agent/Appliance Status and "Offline" agent. |
| 731 | Info | Back Online | |
| 732 | Error | Firewall Engine Offline | The Firewall Engine is offline and traffic is flowing unfiltered. This is normally due to an error during installation or verification of the driver on the computer's OS platform. Check the status of the network driver at the computer to ensure it is properly loaded. |
| 733 | Info | Firewall Engine Back Online | |
| 734 | Warning | Computer Clock Change | A clock change has occurred on the Computer which exceeds the maximum allowed specified in |
| 735 | Warning | Misconfiguration Detected | The Agent's configuration does not match the configuration indicated in the Manager's records. This is typically because of a recent backup restoration of the Manager or the Agent. Unanticipated misconfiguration warnings should be investigated. |
| 736 | Info | Check Status Failure Resolved | |
| 737 | Error | Check Status Failed | See Error: Check Status Failed. |
| 738 | Error | Intrusion Prevention Engine Offline | The Intrusion Prevention Engine is offline and traffic is flowing unfiltered. This is normally due to an error during installation or verification of the driver on the computer's OS platform. Check the status of the network driver at the computer to ensure it is properly loaded. |
| 739 | Info | Intrusion Prevention Engine Back Online | |
| 740 | Error | Agent/Appliance Error | |
| 741 | Warning | Abnormal Restart Detected | |
| 742 | Warning | Communications Problem | The Agent is having problems communicating its status to Manager. It usually indicates network or load congestion in the Agent --> Manager direction. Further investigation is warranted if the situation persists |
| 743 | Info | Communications Problem Resolved | |
| 745 | Warning | Events Truncated | |
| 748 | Error | Log Inspection Engine Offline | |
| 749 | Info | Log Inspection Engine Back Online | |
| 750 | Warning | Last Automatic Retry | |
| 755 | Info | Workload Security Version Compatibility Resolved | |
| 756 | Warning | Workload Security Upgrade Recommended (Incompatible Security Update(s)) | |
| 760 | Info | Agent/Appliance Version Compatibility Resolved | |
| 761 | Warning | Agent/Appliance Upgrade Recommended | |
| 762 | Warning | Agent/Appliance Upgrade Required | |
| 763 | Error | Incompatible Agent/Appliance Version | |
| 764 | Warning | Agent/Appliance Upgrade Recommended (Incompatible Security Update(s)) | |
| 765 | Error | Computer Reboot Required | |
| 766 | Warning | Network Engine Mode Configuration Incompatibility | |
| 767 | Warning | Network Engine Mode Version Incompatibility | |
| 768 | Warning | Network Engine Mode Incompatibility Resolved | |
| 770 | Warning | Agent/Appliance Heartbeat Rejected | |
| 771 | Warning | Contact by Unrecognized Client | See Why am I getting event ID 771 "Contact by Unrecognized Client"?. |
| 780 | Info | Recommendation Scan Failure Resolved | |
| 781 | Warning | Recommendation Scan Failure | See Recommendation Scan Failure. |
| 782 | Info | Rebuild Baseline Failure Resolved | |
| 783 | Warning | Rebuild Baseline Failure | |
| 784 | Info | Security Update: Security Update Check and Download Successful | |
| 785 | Warning | Security Update: Security Update Check and Download Failed | |
| 786 | Info | Scan For Change Failure Resolved | |
| 787 | Warning | Scan For Change Failure | |
| 790 | Info | Agent-Initiated Activation Requested | |
| 791 | Warning | Agent-Initiated Activation Failure | |
| 792 | Info | Manual Malware Scan Failure Resolved | |
| 793 | Warning | Manual Malware Scan Failure | A Malware Scan has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. See also Anti-Malware scan failure events. |
| 794 | Info | Scheduled Malware Scan Failure Resolved | |
| 795 | Warning | Scheduled Malware Scan Failure | A scheduled Malware Scan has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. See also Anti-Malware scan failure events. |
| 796 | Warning | Scheduled Malware Scan Task has been Missed | This occurs when a scheduled Malware Scan is initiated on a computer when a previous scan is still pending. This typically indicates that Malware Scans are being scheduled too frequently. |
| 797 | Info | Malware Scan Cancellation Failure Resolved | |
| 798 | Warning | Malware Scan Cancellation Failure | A Malware Scan cancellation has failed. Use the VMware vCenter console to check the status of the VM on which the scan failed. |
| 799 | Warning | Malware Scan Stalled | A Malware Scan has stalled. Use the VMware vCenter console to check the status of the VM on which the scan stalled. |
| 800 | Info | Alert Dismissed | |
| 801 | Info | Error Dismissed | |
| 803 | Warning | Agent Configuration Package too Large | |
| 804 | Error | Intrusion Prevention Rule Compiler Failed | |
| 805 | Error | Intrusion Prevention Rules Failed to Compile | |
| 806 | Error | Intrusion Prevention Rules Failed to Compile | |
| 850 | Warning | Reconnaissance Detected: Computer OS Fingerprint Probe | See Warning: Reconnaissance Detected |
| 851 | Warning | Reconnaissance Detected: Network or Port Scan | See Warning: Reconnaissance Detected |
| 852 | Warning | Reconnaissance Detected: TCP Null Scan | See Warning: Reconnaissance Detected |
| 853 | Warning | Reconnaissance Detected: TCP SYNFIN Scan | See Warning: Reconnaissance Detected |
| 854 | Warning | Reconnaissance Detected: TCP Xmas Scan | See Warning: Reconnaissance Detected |
| 910 | Info | Diagnostic Package Generated | |
| 911 | Info | Diagnostic Package Exported | |
| 912 | Info | Diagnostic Package Uploaded | |
| 913 | Error | Automatic Diagnostic Package Error | |
| 914 | Info | Identified File Deletion Succeeded | |
| 915 | Info | Identified File Deletion Failed | |
| 916 | Info | Identified File Download Succeeded | |
| 917 | Info | Identified File Download Failed | |
| 918 | Info | Identified File Administration Utility Download Succeeded | |
| 919 | Info | Identified File Not Found | |
| 924 | Warning | File cannot be analyzed or quarantined (VM maximum disk space used to store identified files exceeded) | The Anti-Malware module was unable to analyze or quarantine a file because the VM maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab. |
| 925 | Warning | File cannot be analyzed or quarantined (maximum disk space used to store identified files exceeded) | The Anti-Malware module was unable to analyze or quarantine a file because the maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab. |
| 926 | Warning | Smart Protection Server Disconnected for Smart Scan | See Troubleshooting "Smart Protection Server disconnected" errors. |
| 927 | Info | Smart Protection Server Connected for Smart Scan | |
| 928 | Info | Identified File Restoration Succeeded | |
| 929 | Warning | Identified File Restoration Failed | |
| 930 | Info | Certificate Accepted | |
| 931 | Info | Certificate Deleted | |
| 932 | Warning | Smart Protection Server Disconnected for Web Reputation | See Troubleshooting "Smart Protection Server disconnected" errors. |
| 933 | Info | Smart Protection Server Connected for Web Reputation | |
| 934 | Info | Software Update: Anti-Malware Windows Platform Update Successful | |
| 935 | Error | Software Update: Anti-Malware Windows Platform Update Failed | See Anti-Malware Windows platform update failed |
| 936 | Info | Submission of identified file to Deep Discovery Analyzer succeeded | |
| 937 | Info | Submission of identified file to Deep Discovery Analyzer failed | |
| 938 | Info | Identified File Submission Queued | |
| 940 | Info | Auto-Tag Rule Created | |
| 941 | Info | Auto-Tag Rule Deleted | |
| 942 | Info | Auto-Tag Rule Updated | |
| 943 | Info | Tag Deleted | |
| 944 | Info | Tag Created | |
| 945 | Warning | Census, Good File Reputation, and Predictive Machine Learning Service Disconnected | |
| 946 | Info | Census, Good File Reputation, and Predictive Machine Learning Service Connected | |
| 947 | Info | FIPS Mode Enabled | |
| 948 | Info | FIPS Mode Disabled | |
| 949 | Warning | Computer reboot is required to complete the Deep Security Agent installation with Windows installer | A computer reboot is required to complete the agent installation with Windows installer. |
| 950 | Warning | A computer reboot is required to enable Deep Security Agent protection | A computer reboot is required to disable Windows Defender and enable agent protection. |
| 970 | Info | Command Line Utility Started | |
| 978 | Info | Command Line Utility Failed | |
| 979 | Info | Command Line Utility Shutdown | Workload Security was manually stopped. |
| 995 | Info | Connection to the Certified Safe Software Service has been restored | |
| 996 | Warning | Unable to connect to the Certified Safe Software Service | |
| 997 | Error | Tagging Error | |
| 998 | Error | System Event Notification Error | |
| 999 | Error | Internal Software Error | |
| 1110 | Error | Software Package Not Found | Agent software package was not found or a newer package is required. |
| 1111 | Info | Software Package Found | |
| 1112 | Error | Kernel Unsupported | The Linux driver cannot be installed because your computer may have been upgraded to an unsupported kernel. For more information, see Agent Linux kernel support. |
| 1500 | Info | Malware Scan Configuration Created | |
| 1501 | Info | Malware Scan Configuration Deleted | |
| 1502 | Info | Malware Scan Configuration Updated | |
| 1503 | Info | Malware Scan Configuration Exported | |
| 1504 | Info | Malware Scan Configuration Imported | |
| 1505 | Info | Directory List Created | |
| 1506 | Info | Directory List Deleted | |
| 1507 | Info | Directory List Updated | |
| 1508 | Info | Directory List Exported | |
| 1509 | Info | Directory List Imported | |
| 1510 | Info | File Extension List Created | |
| 1511 | Info | File Extension List Deleted | |
| 1512 | Info | File Extension List Updated | |
| 1513 | Info | File Extension List Exported | |
| 1514 | Info | File Extension List Imported | |
| 1515 | Info | File List Created | |
| 1516 | Info | File List Deleted | |
| 1517 | Info | File List Updated | |
| 1518 | Info | File List Exported | |
| 1519 | Info | File List Imported | |
| 1520 | Info | Manual Malware Scan Pending | |
| 1521 | Info | Manual Malware Scan Started | |
| 1522 | Info | Manual Malware Scan Completed | |
| 1523 | Info | Scheduled Malware Scan Started | |
| 1524 | Info | Scheduled Malware Scan Completed | |
| 1525 | Info | Manual Malware Scan Cancellation In Progress | |
| 1526 | Info | Manual Malware Scan Cancellation | This event can have several causes. See Anti-Malware scan failure events. |
| 1527 | Info | Scheduled Malware Scan Cancellation In Progress | |
| 1528 | Info | Scheduled Malware Scan Cancellation | This event can have several causes. See Anti-Malware scan failure events. |
| 1529 | Info | Manual Malware Scan Paused | |
| 1530 | Info | Manual Malware Scan Resumed | |
| 1531 | Info | Scheduled Malware Scan Paused | |
| 1532 | Info | Scheduled Malware Scan Resumed | |
| 1533 | Info | A computer reboot is required to complete an Anti-Malware cleanup or restoration task | A computer reboot is required to complete an Anti-Malware cleanup or restoration task. |
| 1534 | Error | Computer reboot required for Anti-Malware protection | |
| 1535 | Info | Anti-Malware cleanup task must be performed manually | |
| 1536 | Info | Quick Malware Scan Pending | |
| 1537 | Info | Quick Malware Scan Started | |
| 1538 | Info | Quick Malware Scan Completed | |
| 1539 | Info | Quick Malware Scan Cancellation In Progress | |
| 1540 | Info | Quick Malware Scan Cancellation |
This event can have several causes. See Anti-Malware scan failure events. |
| 1541 | Info | Quick Malware Scan Paused | |
| 1542 | Info | Quick Malware Scan Failure Resolved | |
| 1543 | Warning | Quick Malware Scan Failure | |
| 1544 | Info | Quick Malware Scan Resumed | |
| 1545 | Info | Files could not be scanned for malware | Anti-malware could not scan a file because its file path exceeded the maximum number of characters. Maximum file path length varies by OS and file system. To prevent this problem, try moving the file to a directory path and file name with fewer characters. |
| 1546 | Info | Files could not be scanned for malware | Anti-malware could not scan a file because its location exceeded the maximum directory depth. To prevent this problem, try reducing the number of layers of nested directories. |
| 1547 | Info | Scheduled Malware Scan Task has been cancelled | |
| 1550 | Info | Web Reputation Settings Updated | |
| 1551 | Info | Malware Scan Configuration Updated | |
| 1552 | Info | Integrity Configuration Updated | |
| 1553 | Info | Log Inspection Configuration Updated | |
| 1554 | Info | Firewall Stateful Configuration Updated | |
| 1555 | Info | Intrusion Prevention Configuration Updated | |
| 1556 | Info | Anti-Malware scan exclusion setting update | |
| 1600 | Info | Relay Group Update Requested | |
| 1601 | Info | Relay Group Update Success | |
| 1602 | Error | Relay Group Update Failed | |
| 1603 | Info | Security Update: Security Update Rollback Success | |
| 1604 | Warning | Security Update: Security Update Rollback Failure | |
| 1605 | Info | Successfully send file back up command to host | |
| 1606 | Warning | Failed to send file back up command to host | |
| 1607 | Info | Successfully back up file | |
| 1608 | Error | Failed to back up file | |
| 1650 | Warning | Anti-Malware protection is not enabled or is out of date | |
| 1651 | Info | Anti-Malware module is ready | |
| 1660 | Info | Rebuild Baseline Started | |
| 1661 | Info | Rebuild Baseline Paused | |
| 1662 | Info | Rebuild Baseline Resumed | |
| 1663 | Warning | Rebuild Baseline Failure | |
| 1664 | Warning | Rebuild Baseline Stalled | |
| 1665 | Info | Rebuild Baseline Completed | |
| 1666 | Info | Scan for Integrity Started | |
| 1667 | Info | Scan for Integrity Paused | |
| 1668 | Info | Scan for Integrity Resumed | |
| 1669 | Warning | Scan for Integrity Failure | |
| 1670 | Warning | Scan for Integrity Stalled | |
| 1671 | Info | Scan for Integrity Completed | |
| 1675 | Error | Integrity Monitoring Engine Offline | |
| 1676 | Info | Integrity Monitoring Engine Back Online | |
| 1677 | Error | Trusted Platform Module Error | |
| 1678 | Info | Trusted Platform Module Register Values Loaded | |
| 1679 | Warning | Trusted Platform Module Register Values Changed | |
| 1680 | Info | Trusted Platform Module Checking Disabled | |
| 1681 | Info | Trusted Platform Module Information Unreliable | |
| 1700 | Info | No Agent Detected | |
| 1800 | Error | Deep Security Protection Module Failure | |
| 1801 | Info | Deep Security Protection Module Back to Normal | |
| 1900 | Info | Cloud Account Added | |
| 1901 | Info | Cloud Account Removed | |
| 1902 | Info | Cloud Account Updated | |
| 1903 | Info | Cloud Account Synchronization In Progress | |
| 1904 | Info | Cloud Account Synchronization Finished | |
| 1905 | Error | Cloud Account Synchronization Failed | |
| 1906 | Info | Cloud Account Synchronization Requested | |
| 1907 | Info | Cloud account Synchronization Cancelled | |
| 1908 | Info | AWS Account Synchronization Requested | |
| 1909 | Info | AWS Account Synchronization Finished | |
| 1910 | Error | AWS Account Synchronization Failed | |
| 1911 | Info | AWS Account Added | |
| 1912 | Info | AWS Account Removed | |
| 1913 | Info | AWS Account Updated | |
| 1914 | Info | Azure Account Added | |
| 1915 | Info | Azure Account Removed | |
| 1916 | Info | Azure Account Updated | |
| 1917 | Info | Azure Account Synchronization Finished | |
| 1918 | Error | Azure Account Synchronization Failed | |
| 1919 | Info | Azure Account Synchronization Requested | |
| 1920 | Warning | Azure Account Synchronization Completed but with Errors | |
| 1921 | Info | vCloud Account Added | |
| 1922 | Info | vCloud Account Removed | |
| 1923 | Info | vCloud Account Updated | |
| 1924 | Info | vCloud Account Synchronization Finished | |
| 1925 | Error | vCloud Account Synchronization Failed | |
| 1926 | Info | vCloud Account Synchronization Requested | |
| 1927 | Info | Upgrade Connector to AWS Account Requested | |
| 1928 | Warning | AWS Account Update Failed | |
| 1929 | Info | Upgrade Connector to AWS Account Finished | |
| 2000 | Info | Scan Cache Configuration Object Added | |
| 2001 | Info | Scan Cache Configuration Object Removed | |
| 2002 | Info | Scan Cache Configuration Object Updated | |
| 2113 | Info | Agent Installation Requested | |
| 2124 | Info | Event Storage Settings Publish Job Started | |
| 2125 | Info | Event Storage Settings Publish Job Completed | |
| 2126 | Error | Event Storage Settings Publish Job Failed | |
| 2130 | Info | Core Storage Settings Publish Job Started | |
| 2131 | Info | Core Storage Settings Publish Job Completed | |
| 2132 | Error | Core Storage Settings Publish Job Failed | |
| 2200 | Info | Software Update: Anti-Malware Module Installation Started | |
| 2201 | Info | Software Update: Anti-Malware Module Installation Successful | This event is also triggered by installing Application Control or Integrity Monitoring because they share the same framework as Anti-Malware. |
| 2202 | Warning | Software Update: Anti-Malware Module Installation Failed | |
| 2203 | Info | Software Update: Anti-Malware Module Download Successful | |
| 2204 | Info | Security Update: Pattern Update on Agents/Appliances Successful | |
| 2205 | Warning | Security Update: Pattern Update on Agents/Appliances Failed | |
| 2206 | Info | Security Update: Pattern Update on Agents/Appliances Skipped | |
| 2207 | Info | Required Host Permission Is Allowed: Anti-Malware | |
| 2208 | Error | Host Permission Required: Anti-Malware | |
| 2209 | Warning | Anti-Malware Engine with Basic Functions | Anti-Malware engine has only basic functions available. See Anti-Malware Engine has only Basic Functions for details. |
| 2300 | Info | Software Update: Web Reputation Module Installation Started | |
| 2301 | Info | Software Update: Web Reputation Module Installation Successful | |
| 2302 | Warning | Software Update: Web Reputation Module Installation Failed | |
| 2303 | Info | Software Update: Web Reputation Download Successful | |
| 2304 | Error | Web Reputation Engine Offline | |
| 2305 | Info | Web Reputation Engine Back Online | |
| 2306 | Warning | Web Reputation Engine Working With Limited Functionality | |
| 2307 | Info | Web Reputation Engine Back Online on all Interfaces | |
| 2308 | Warning | Web Reputation Engine Disabled | |
| 2309 | Info | Web Reputation Engine Enabled | |
| 2400 | Info | Software Update: Firewall Module Installation Started | |
| 2401 | Info | Software Update: Firewall Module Installation Successful | |
| 2402 | Warning | Software Update: Firewall Module Installation Failed | |
| 2403 | Info | Software Update: Firewall Module Download Successful | |
| 2404 | Warning | Firewall Engine Working With Limited Functionality | |
| 2405 | Info | Firewall Engine Back Online on all Interfaces | |
| 2406 | Warning | Firewall Engine Disabled | |
| 2407 | Info | Firewall Engine Enabled | |
| 2500 | Info | Software Update: Intrusion Prevention Module Installation Started | |
| 2501 | Info | Software Update: Intrusion Prevention Module Installation Successful | |
| 2502 | Warning | Software Update: Intrusion Prevention Module Installation Failed | |
| 2503 | Info | Software Update: Intrusion Prevention Module Download Successful | |
| 2504 | Warning | Intrusion Prevention Engine Working With Limited Functionality | |
| 2505 | Info | Intrusion Prevention Engine Back Online on all Interfaces | |
| 2506 | Warning | Intrusion Prevention Engine Disabled | |
| 2507 | Info | Intrusion Prevention Engine Enabled | |
| 2600 | Info | Software Update: Integrity Monitoring Module Installation Started | |
| 2601 | Info | Software Update: Integrity Monitoring Module Installation Successful | |
| 2602 | Warning | Software Update: Integrity Monitoring Module Installation Failed | |
| 2603 | Info | Software Update: Integrity Monitoring Module Download Successful | |
| 2604 | Info | A computer reboot is required to complete Integrity Monitoring protection | |
| 2605 | Info | Agent will send Integrity Monitoring baseline in events | |
| 2606 | Info | Manager has requested that agent sends Integrity Monitoring baseline in events | |
| 2700 | Info | Software Update: Log Inspection Module Installation Started | |
| 2701 | Info | Software Update: Log Inspection Module Installation Successful | |
| 2702 | Warning | Software Update: Log Inspection Module Installation Failed | |
| 2703 | Info | Software Update: Log Inspection Module Download Successful | |
| 2800 | Info | Software Update: Software Automatically Downloaded | |
| 2803 | Info | Online Help Update Started | |
| 2804 | Info | Online Help Update Ended | |
| 2805 | Info | Online Help Update Success | |
| 2806 | Warning | Online Help Update Failed | |
| 2900 | Info | Software Update: Relay Module Installation Started | |
| 2901 | Info | Software Update: Relay Module Installation Successful | |
| 2902 | Warning | Software Update: Relay Module Installation Failed | |
| 2903 | Info | Software Update: Relay Module Download Successful | |
| 2904 | Info | VMware NSX Synchronization Finished | |
| 2905 | Error | VMware NSX Synchronization Failed | |
| 2906 | Info | Agent Self-Protection enabled | Agent self-protection was enabled via Workload Security. |
| 2907 | Info | Agent Self-Protection disabled | |
| 2908 | Info | Agent Self-Protection enabled | Agent self-protection was enabled via the command line on the agent. |
| 2909 | Info | Agent Self-Protection disabled | |
| 2920 | Info | Querying report from DDAn Finished | |
| 2921 | Error | Querying report from DDAn Failed | |
| 2922 | Info | Submission to Deep Discovery Analyzer processed | |
| 2923 | Error | File submission to Deep Discovery Analyzer Failed | |
| 2924 | Info | Security Update: Suspicious Object Check and Update Successful | |
| 2925 | Error | Security Update: Suspicious Object Check and Update Failed | |
| 2926 | Warning | Submission to Deep Discovery Analyzer queued | |
| 2930 | Info | File back up pending | |
| 2931 | Info | Smart Folder Added | |
| 2932 | Info | Smart Folder Removed | |
| 2933 | Info | Smart Folder Updated | |
| 2934 | Error | Failed to send Amazon SNS message | |
| 2935 | Info | System resumed sending SNS messages | |
| 2937 | Info | SAML Identity Provider Created | |
| 2938 | Info | SAML Identity Provider Updated | |
| 2939 | Info | SAML Identity Provider Deleted | |
| 2940 | Info | SAML Service Provider Updated | |
| 2951 | Error | Failed to send TIC message | |
| 2952 | Info | System resumed sending TIC messages | |
| 2953 | Info | Inactive Agent Cleanup Completed Successfully | Inactive agent cleanup removed computers that have been offline and inactive for a specified period of time. For more information on inactive agent cleanup, see Automate offline computer removal with Inactive Agent Cleanup. |
| 2954 | Warning | Dropped events recorded in the future | |
| 2960 | Info | Appliance (SVM) Upgrade Requested | |
| 2961 | Info | Appliance (SVM) Upgrade Started | |
| 2962 | Info | Appliance (SVM) Upgrade Canceled | |
| 2963 | Info | Appliance (SVM) Upgraded | |
| 2964 | Error | Appliance (SVM) Upgrade Failed | |
| 2965 | Warning | Appliance (SVM) Upgraded but Not Ready | |
| 2969 | Info | Scheduled Task Skipped | |
| 2970 | Info | GCP Account Added |
GCP Account: <GCPaccountname> successfully added. For details, see Add a Google Cloud Platform account. |
| 2971 | Info | GCP Account Removed |
GCP Account: <GCPaccountname> successfully removed. For details, see Remove a GCP account. |
| 2972 | Info | GCP Account Updated |
GCP Account: <GCPaccountname> successfully updated. For details, see Add a Google Cloud Platform account. |
| 2973 | Info | GCP Account Synchronization Finished |
Synchronize computers completed for GCP Account: <GCPaccountname> For details, see Synchronize a GCP account. |
| 2974 | Error | GCP Account Synchronization Failed |
Workload Security was unable to synchronize computers with GCP Account: <GCPaccountname> <detailed_message> For example: Root URL is not valid For details, see Synchronize a GCP account. |
| 2975 | Info | GCP Account Synchronization Requested |
A request has been made to synchronize computers with GCP Account: <GCPaccountname> For details, see Synchronize a GCP account. |
| 2976 | Warning | GCP Account Synchronization Completed but with Errors |
The GCP Account <GCPaccountname> synchronization operation completed, but information for the following hosts or groups could not be updated with following message: <detailed_message> For example: Project <GCPprojectname>: 403 Required 'compute.machineTypes.list' permission for 'projects/<GCPprojectname>' For details, see Synchronize a GCP account. |
| 2988 | Warning | MQTT Connection Offline | The agent has lost its MQTT connection. |
| 2989 | Info | MQTT Connection Online | |
| 2990 | Info | Trend Vision One Service Registered | |
| 2991 | Info | Trend Vision One Service Deleted | |
| 2992 | Warning | VMware NSX Policy Configuration Conflict | |
| 2997 | Warning | MQTT Connection Configuration Failed | There was a failure when performing the MQTT setup for an agent. The agent will not be able to establish an MQTT connection. |
| 2998 | Info | MQTT Connection Configured | |
| 3000 | Info | Software Update: SAP Module Installation Started | |
| 3001 | Info | Software Update: SAP Module Installation Successful | |
| 3002 | Error | Software Update: SAP Module Installation Failed | |
| 3003 | Info | Software Update: SAP Module Download Successful | |
| 3004 | Info | SAP VSA is installed | |
| 3005 | Error | SAP VSA is not installed | |
| 3006 | Info | SAP VSA is up-to-date | |
| 3007 | Info | SAP VSA is not up-to-date | |
| 3008 | Info | SAP: Anti-Malware module is ready | |
| 3009 | Error | SAP: Anti-Malware module is not ready | |
| 3100 | Info | Software Update: Container Control Module Installation Started | |
| 3101 | Info | Software Update: Container Control Module Installation Successful | |
| 3102 | Warning | Software Update: Container Control Module Installation Failed | |
| 3103 | Info | Software Update: Container Control Module Download Successful | |
| 3113 | Info | Registry Scanner Created | |
| 3114 | Info | Registry Scanner Deleted | |
| 3115 | Info | Registry Scanner Updated | |
| 3116 | Error | Registry Scanner Disconnected | |
| 3200 | Info | A computer reboot is required to complete the installation of Activity Monitoring | |
| 3201 | Error | Activity Monitoring Engine Offline | See Activity Monitoring Engine Offline. |
| 3202 | Info | Activity Monitoring Engine Back Online | |
| 3203 | Warning | Activity Monitoring Engine with Basic Functions | Activity Monitoring engine has only basic functions. |
| 3300 | Info | Computer Added to vCenter Account | |
| 3301 | Warning | Duplicate Hosts with Same Virtual UUID Found. | |
| 3400 | Info | Device Control USB device created. | |
| 3401 | Info | Device Control USB device updated. | |
| 3402 | Info | Device Control USB device deleted. | |
| 3403 | Error | Device Control engine offline | The Device Control Engine is offline so device policies may not be working and may not being applied. This is normally due to an error during engine initializing or the platform being offline (the platform is sometimes called the Anti-Malware Solution Platform, or AMSP, and sometimes called the Trend Micro Solution Platform). Check the status of the platform at the computer. |
| 3404 | Info | Device Control engine back online | |
| 3405 | Info | Device Control event exported | |
| 3406 | Info | User viewed Device Control event | |
| 3407 | Info | Software Update: Device Control Module Download successful | |
| 3408 | Info | Software Update: Device Control Module Installation Started | |
| 3409 | Info | Software Update: Device Control Module Installation Successful | |
| 3410 | Warning | Software Update: Device Control Module Installation Failed | |
| 3500 | Info | Service Gateway Added | |
| 3501 | Info | Service Gateway Removed | |
| 3502 | Info | Service Gateway Updated | |
| 3506 | Info | Recommendation Updated | The Recommendation on computer ({0}) has updated. |
| 7000 | Info | Application Control Security Events Exported | An administrator downloaded application control event logs in CSV format. |
| 7007 | Info | User Viewed Application Control Event | An administrator |
| 7008 | Error | Application Control Engine Offline | An agent's application control engine failed to come online. This could happen if you have enabled application control on a computer whose kernel is not supported. |
| 7009 | Info | Application Control Engine Online Again | An agent's application control engine restarted. |
| 7010 | Info | Application Control Configuration Updated | Workload Security updated the Application Control settings on an agent. |
| 7011 | Info | Software Update: Application Control Module Installation Started | The agent received a policy from Workload Security where application control was selected, but detected that it did not have the application control engine installed or needed to update it, so it began to download it. This is normal when you enable application control on a computer for the first time, or when it has been disabled while application control engine updates were released. |
| 7012 | Info | Software Update: Application Control Module Installation Successful | The agent installed the application control engine. The application control engine is also used by the integrity monitoring feature. |
| 7013 | Error | Software Update: Application Control Module Installation Failed | The agent |
| 7014 | Info | Software Update: Application Control Module Download Successful | The agent |
| 7015 | Info | Application Control Ruleset Rules Updated | The legacy REST API was used to allow or block software. This message does not occur when administrators perform the same action in the GUI. |
| 7020 | Info | Application Control Inventory Retrieved | The legacy REST API uploaded a computer's initial allow rules to Workload Security. |
| 7021 | Info | Application Control Inventory Scan Started | The application control engine was enabled, and the agent detected that it did not have any allow rules for that computer, so it began to build initial rules based on the currently installed software. This is normal when you enable application control for the first time. This message does not occur when you use the legacy REST API to replace the allow rules. |
| 7022 | Info | Application Control Inventory Scan Completed | The agent finished building the initial allow rules for that computer. After this, any new software that is detected which is not in the allow or block rules will, if configured, cause and alert. |
| 7023 | Error | Application Control Inventory Scan Failed | The agent |
| 7024 | Info | Application Control Software Changes Detected | An administrator allowed or blocked software |
| 7025 | Info | Application Control Inventory Scan Requested | You |
| 7026 | Info | Application Control Maintenance Mode Start Requested | Either an administrator sent or the legacy REST API received the command to enable maintenance mode. |
| 7027 | Info | Application Control Maintenance Mode Stop Requested | Either an administrator sent or the legacy REST API received the command to disable maintenance mode. |
| 7028 | Info | Application Control Maintenance Mode Started | Maintenance mode was enabled. While enabled, the agent automatically adds updated or newly installed software to its allow rules, indicating that you know and want to allow the software update. The agent continues to apply block rules during this time. |
| 7029 | Info | Application Control Maintenance Mode Stopped | Maintenance mode was disabled. Once maintenance mode is stopped, all new or changed software will be considered "unrecognized" until you specifically allow or block it. |
| 7030 | Info | Application Control Inventory Scan Cancelled | The agent began to build the initial allow rules, but an administrator canceled the process. |
| 7031 | Error | Sending Application Control Ruleset Failed | An agent could not download a shared ruleset for application control. This can occur if network connectivity is interrupted (such as a firewall or proxy between the agent and relay), or if there isn't enough free disk space |
| 7032 | Info | Sending Application Control Ruleset Succeeded | An agent downloaded a shared ruleset for application control. This normally occurs whenever an administrator or the legacy REST API allows or blocks software, or when a different shared ruleset is applied. |
|
|
Info | Application Control Ruleset Created | The legacy REST API was used to create an application control ruleset. This message does not occur when administrators perform the same action in the GUI. |
| 7034 | Info | Application Control Ruleset Updated | The legacy REST API was used to allow or block software via an application control ruleset. This message does not occur when administrators perform the same action in the GUI. |
| 7035 | Info | Application Control Ruleset Deleted | The legacy REST API was used to delete an application control ruleset. This message does not occur when administrators perform the same action in the GUI. |
| 7036 | Info | Application Control Maintenance Mode Reset Duration Requested | An administrator changed the time period for when maintenance mode is active. |
| 7037 | Error | Newly applied ruleset will block some running processes on restart | An administrator applied a new ruleset, but some of the currently running processes exist in block rules. Application control will not terminate the processes, but the next time you reboot or restart those services, depending on your configuration, it will either alert you or block them. If the processes are not authorized, you should terminate them manually. If they are authorized, but are missing from the ruleset, you should add them to the ruleset. |
| 7038 | Error | Unresolved software change limit reached | Software changes detected on the file system exceeded the maximum amount. Application control will continue to enforce existing rules, but will not record any more changes, and it will stop displaying any of that computer's software changes. You must resolve and prevent excessive software change. |
| 7040 | Error | Incompatible Application Control Ruleset | An application control ruleset could not be assigned to one or more computers because the ruleset is not supported by the installed version of the agent. Typically, the problem is that a hash-based ruleset (which is compatible only with agent version 11.0 or newer) has been assigned to an older agent. Agent version 10.x supports only file-based rulesets. (For details, see Differences in how 10.x and 11.x agents compare files.) To fix this issue, upgrade the agent to version 11.0 or newer. Alternatively, if you are using local rulesets, reset application control for the agent. |
| 7041 | Info | Application Control Ruleset Upgraded | An application control ruleset was upgraded from a file-based ruleset to a hash-based ruleset. (For details, see Differences in how 10.x and 11.x agents compare files.) |
| 7042 | Info | Application Control Software Inventory Deleted | |
| 7043 | Info | A computer reboot is required to complete Application Control protection | |
| 7044 | Info | Sending Application Control Ruleset | Workload Security is sending Application Control rulesets to the remote agent. |
| 7045 | Error | Failed to send Application Control Ruleset | Workload Security failed to send the Application Control rulesets to the remote agent. |
| 7046 | Info | Application Control Trust Rule Created | |
| 7047 | Info | Application Control Trust Rule Updated | |
| 7048 | Info | Application Control Trust Rule Deleted | |
| 7049 | Info | Application Control Trust Ruleset Created | |
| 7050 | Info | Application Control Trust Ruleset Updated | |
| 7051 | Info | Application Control Trust Ruleset Deleted | |
| 9000 | Info | Computer Moved From Deep Security Software | |
| 9100 | Info | Threat Intelligence Status Publish Job Started | |
| 9101 | Info | Threat Intelligence Status Publish Job Completed | |
| 9102 | Error | Threat Intelligence Status Publish Job Failed | |
| 9250 | Warning | Trend Micro LightWeight Filter Driver has been disabled | |
| 9251 | Info | Trend Micro LightWeight Filter Driver has been restarted | |
| 9252 | Info | Trend Micro LightWeight Filter Drivers have been restarted successfully | |
| 9253 | Warning | Trend Micro LightWeight Filter Driver failed to bind on all network interfaces | |
| 9311 | Warning | Invalid user name in a User List | |
| 9312 | Info | User List Created | |
| 9313 | Info | User List Deleted | |
| 9314 | Info | User List Updated | |
| 9315 | Info | User List Exported | |
| 9316 | Info | User List Imported |