User Guide > Configure events and alerts > Lists of events and alerts > System events

System events
To view system events, go to Events & Reports > Events.

To configure system events, go to the Administration > System Settings > System Events tab.
On this tab you can set whether to record individual events and whether to forward them to a SIEM
server. If you select Record, then the event is saved to the database. If you deselect Record, then
the event won't appear under the Events & Reports tab (or anywhere in Deep Security Manager)
and it won't be forwarded either.

Depending on whether it's a system configuration change or security incident, each log will appear
in either the System Events sub-menu, or the sub-menu corresponding to the event's protection
module, such as Anti-Malware Events.

These events sometimes also appear in the Status column on Computers.

ID Severity Event Description or Solution

0 Error Unknown Error

100 Info Deep Security

Manager Started

101 Info License Changed

102 Info Trend Micro Deep

Security Customer
Account Changed

103 Warning Check For

Updates Failed

104 Warning Automatic

Software
Download Failed

105 Warning Scheduled Rule

Update Download
and Apply Failed

106 Info Scheduled Rule

Update
Downloaded and
Applied
 pp
ID Severity Event Description or Solution
107 Info Rule Update
Downloaded and
Applied

108 Info Script Executed

109 Error Script Execution

Failed

110 Info System Events

Exported

111 Info Firewall Events

Exported

112 Info Intrusion

Prevention Events
Exported

113 Warning Scheduled Rule

Update Download
Failed

114 Info Scheduled Rule

Update
Downloaded

115 Info Rule Update

Downloaded

116 Info Rule Update

Applied

117 Info Deep Security

Manager
Shutdown

118 Warning Deep Security

Manager Offline

119 Info Deep Security

Manager Back
Online

120 Error Heartbeat Server The server within Deep Security Manager that listens
Failed for incoming agent heartbeats did not start. Check that
the manager's incoming heartbeat port number is not
in use by another application on the server. Once the
port is free, the manager's heartbeat server should
bind to it, and this error should be fixed.

120 Error Scheduler Failed

122 Error Manager Message An internal thread has failed. There is no resolution for
Thread Failed this error. If it persists, please contact customer
support.
ID Severity Event Description or Solution
123 Info Deep Security
Manager Forced
Shutdown

124 Info Rule Update

Deleted

130 Info Credentials

Generated

131 Warning Credential

Generation Failed

140 Info Discover

Computers

141 Warning Discover

Computers Failed

142 Info Discover

Computers
Requested

143 Info Discover

Computers
Canceled

150 Info System Settings

Saved

151 Info Software Added

152 Info Software Deleted

153 Info Software Updated

154 Info Software Exported

155 Info Software

Platforms
Changed

156 Error Agent Installer '<agent>.zip' has been deleted because the digital
Digital Signature signature verification failed. The failure indicates that
Verification Failed
the file may have been tampered with. Details:

<detailed_message>

Please contact Trend Micro support for more help.

See Check digital signatures on software packages

for details.
160 Info Authentication
ID Severity Event
Failed Description or Solution

161 Info Rule Update

Exported

162 Info Log Inspection

Events Exported

163 Info Anti-Malware

Event Exported

164 Info Security Update

Successful

165 Error Security Update

Failed

166 Info Check for New

Software Success

167 Error Check for New

Software Failed

168 Info Manual Security

Update Successful

169 Error Manual Security

Update Failed

170 Error Manager Available The manager does not have enough free disk space to
Disk Space Too function and will shut down. Either expand the disk
Low space or delete unused files to free some disk space,
then Restart the Deep Security Manager.

171 Info Anti-Malware

Spyware Item
Exported

172 Info Web Reputation

Events Exported

173 Info Anti-Malware

Identified Files List
Exported

174 Info Anti-Malware  

Unauthorized
Change Targeted
Item Exported

175 Info Creating Heap  

Dump

176 Info Heap Dump  

Created
ID Severity Event Description or Solution
177 Error Failed to create  
Heap Dump

180 Info Alert Type

Updated

190 Info Alert Started

191 Info Alert Changed

192 Info Alert Ended

197 Info Alert Emails Sent

198 Warning Alert Emails An alert email could not be sent. Verify that your SMTP
Failed settings are correct.

199 Error Alert Processing The current alert status could be inaccurate because
Failed an alert was not completely processed. If the problem
persists, contact your support provider.

247 Warning Agent Integrity  

Check Failed

248 Info Software Update:

Disable Relay
Requested

249 Info Software Update:

Enable Relay
Requested

250 Info Computer Created

251 Info Computer Deleted

252 Info Computer

Updated

253 Info Policy Assigned to

Computer

254 Info Computer Moved

255 Info Activation

Requested

256 Info Send Policy

Requested

257 Info Locked

258 Info Unlocked

259 Info Deactivation

259 Info Deactivation
ID Severity Requested
Event Description or Solution

260 Info Scan for Open

Ports

261 Warning Scan for Open

Ports Failed

262 Info Scan for Open

Ports Requested

263 Info Scan for Open

Ports Canceled

264 Info Agent Software

Upgrade
Requested

265 Info Agent Software

Upgrade
Cancelled

266 Info Warnings/Errors

Cleared

267 Info Check Status

Requested

268 Info Get Events

Requested

269 Info Computer Added

to Cloud
Connector

270 Error Computer

Creation Failed

271 Info Agent Software

Upgrade Timed
Out

272 Info Appliance

Software Upgrade
Timed Out

273 Info Security Update:

Security Update
Check and
Download
Requested

274 Info Security Update:

Security Update
Rollback
R t d
 Requested
ID Severity Event Description or Solution
275 Warning Duplicate
Computer

276 Info Update: Summary

Information

277 Info Upgrade on The agent was eligible for an automatic upgrade, but
Activation Skipped the upgrade did not occur. For more information, see
Automatically upgrade agents on activation.

278 Info Software Update:  

Reboot to
Complete Agent
Software Upgrade

280 Info Computers

Exported

281 Info Computers

Imported

286 Info Computer Log

Exported

287 Info Relay Group

Assigned to
Computer

290 Info Group Added

291 Info Group Removed

292 Info Group Updated

293 Info Interface Renamed

294 Info Computer Bridge

Renamed

295 Info Interface Deleted

296 Info Interface IP

Deleted

297 Info Recommendation

Scan Requested

298 Info Recommendations

Cleared

299 Info Asset Value

Assigned to
Computer

300 Info Recommendation

Scan Completed
 Scan Completed
ID Severity Event Description or Solution
301 Info Agent Software
Deployment
Requested

302 Info Agent Software

Removal
Requested

303 Info Computer

Renamed

304 Info Computer Moved The virtual machine (VM) was placed in its root data
To Datacenter center folder because Deep Security Manager couldn't
determine the VM's parent folder due to a permission
issue. To have the VM appear in the correct folder in
Deep Security Manager, check the permissions of the
VM on the vCenter server.

305 Info Scan for Integrity

Requested

306 Info Rebuild Baseline

Requested

307 Info Cancel Update

Requested

308 Info Integrity Monitoring

Rule Compile
Issue

309 Info Integrity Monitoring

Rule Compile
Issue Resolved

310 Info Directory Added

311 Info Directory

Removed

312 Info Directory Updated

320 Info Directory

Synchronization

321 Info Directory

Synchronization
Finished

322 Error Directory

Synchronization
Failed

323 Info Directory

 y
ID Severity
Synchronization
Event Description or Solution
Requested

324 Info Directory

Synchronization
Cancelled

325 Info User Synchronization of the user accounts with Microsoft

Synchronization Active Directory has been started.

326 Info User Synchronization of the user accounts with Microsoft

Synchronization Active Directory has completed.
Finished

327 Error User

Synchronization
Failed

328 Info User

Synchronization
Requested

329 Info User

Synchronization
Cancelled

330 Info SSL Configuration

Created

331 Info SSL Configuration

Deleted

332 Info SSL Configuration

Updated

333 Info Host Merge  

Finished

334 Error Host Merge Failed  

338 Warning Directory Reached the limit of total group members for Active
Synchronization Directory synchronization. Skipping any remaining
Limit Exceeded members. Consider adjusting the limit in the system
setting.

350 Info Policy Created

351 Info Policy Deleted

352 Info Policy Updated

353 Info Policies Exported

354 Info Policies Imported

355 Info Scan for

Recommendations
 Recommendations
ID Severity Canceled
Event Description or Solution

356 Error Secure Boot This error can occur if the public key required to check
Public Key Not the signature on the Trend Micro kernel module is not
Enrolled
successfully enrolled on the agent computer.

For details, see Linux Secure Boot support for agents.

357 Error Secure Boot 'On' Deep Security Agent does not support this OS with
Not Supported Secure Boot enabled.

For details, see Linux Secure Boot support for agents.

360 Info VMware vCenter

Added

361 Info VMware vCenter

Removed

362 Info VMware vCenter

Updated

363 Info VMware vCenter

Synchronization

364 Info VMware vCenter

Synchronization
Finished

365 Error VMware vCenter

Synchronization
Failed

366 Info VMware vCenter

Synchronization
Requested

367 Info VMware vCenter

Synchronization
Cancelled

368 Warning Interfaces Out of Interfaces reported by the Deep Security Virtual
Sync Appliance are different than the interfaces reported by
the vCenter. This can typically be resolved by
rebooting the VM.

369 Info Interfaces in Sync

369 Info Interfaces in Sync
ID Severity Event Description or Solution
370 Info Filter Driver
Installed

371 Info Filter Driver The VMware ESXi server has been restored to the
Removed state it was in before the filter driver software was
installed.

372 Info Filter Driver

Upgraded

373 Info Virtual Appliance

Deployed

374 Info Virtual Appliance

Upgraded

375 Warning Virtual Appliance

Upgrade Failed

376 Warning Virtual Machine

Moved to
Unprotected ESXi

377 Info Virtual Machine

Moved to
Protected ESXi

378 Warning Virtual Machine A VM was moved to an ESXi where there is no Deep
unprotected after Security Virtual Appliance.
move to another
ESXi

379 Info Virtual Machine

unprotected after
move to another
ESXi Resolved

380 Error Filter Driver Offline The filter driver on an ESXi server is offline. Use the
VMware vCenter console to troubleshoot problems
with the hypervisor and the ESXi.

381 Info Filter Driver Back

Online

382 Info Filter Driver

Upgrade
Requested

383 Info Appliance

Upgrade
Requested

384 Warning Prepare ESXi

F il d
 Failed
ID Severity Event Description or Solution
385 Warning Filter Driver
Upgrade Failed

386 Warning Removal of Filter

Driver from ESXi
Failed

387 Error Connection to

Filter Driver
Failure

388 Info Connection to

Filter Driver
Success

389 Error Multiple Activated

Appliances
Detected

390 Info Multiple Activated

Appliances
Detected
Resolved

391 Error Network Settings

Out of Sync With
vCenter Global
Settings

392 Info Network Settings

in Sync With
vCenter Global
Settings

393 Error Anti-Malware The anti-malware protection module is not functioning.

Engine Offline This is probably because the VMware environment
does not meet the requirements. See System
requirements.

394 Info Anti-Malware

Engine Back
Online

395 Error Virtual Appliance

is Incompatible
With Filter Driver

396 Info Virtual Appliance

is Incompatible
With Filter Driver
Resolved

397 Warning VMware NSX

Callback
ID Severity
Authentication
Event Description or Solution
Failed

398 Error VMware Tools Not

Installed

399 Info VMware Tools Not

Installed Resolved

410 Info Firewall Rule

Created

411 Info Firewall Rule

Deleted

412 Info Firewall Rule

Updated

413 Info Firewall Rule

Exported

414 Info Firewall Rule

Imported

420 Info Firewall Stateful

Configuration
Created

421 Info Firewall Stateful

Configuration
Deleted

422 Info Firewall Stateful

Configuration
Updated

423 Info Firewall Stateful

Configuration
Exported

424 Info Firewall Stateful

Configuration
Imported

460 Info Application Type An administrator configured a new IPS network

Created application definition.

461 Info Application Type An administrator removed an IPS network application

Deleted definition.

462 Info Application Type An administrator changed an existing IPS network

Updated application definition.

463 Info Application Type An administrator downloaded an IPS network

Exported application definition.
 464
ID Info
Severity Application Type
Event An administrator
Description uploaded
or Solution an IPS network application
Imported definition.

470 Info Intrusion

Prevention Rule
Created

471 Info Intrusion

Prevention Rule
Deleted

472 Info Intrusion

Prevention Rule
Updated

473 Info Intrusion

Prevention Rule
Exported

474 Info Intrusion

Prevention Rule
Imported

480 Info Integrity Monitoring

Rule Created

481 Info Integrity Monitoring

Rule Deleted

482 Info Integrity Monitoring

Rule Updated

483 Info Integrity Monitoring

Rule Exported

484 Info Integrity Monitoring

Rule Imported

490 Info Log Inspection

Rule Created

491 Info Log Inspection

Rule Deleted

492 Info Log Inspection

Rule Updated

493 Info Log Inspection

Rule Exported

494 Info Log Inspection

Rule Imported

495 Info Log Inspection

Decoder Created

496 Info Log Inspection

496 Info Log Inspection
ID Severity Decoder Deleted
Event Description or Solution

497 Info Log Inspection

Decoder Updated

498 Info Log Inspection

Decoder Exported

499 Info Log Inspection

Decoder Imported

505 Info Context Created

506 Info Context Deleted

507 Info Context Updated

508 Info Context Exported

509 Info Context Imported

510 Info IP List Created

511 Info IP List Deleted

512 Info IP List Updated

513 Info IP List Exported

514 Info IP List Imported

520 Info Port List Created

521 Info Port List Deleted

522 Info Port List Updated

523 Info Port List Exported

524 Info Port List Imported

525 Info Scan Cache

Configuration
Created

526 Info Scan Cache

Configuration
Exported

527 Info Scan Cache  

Configuration
Updated
530 Info MAC List Created
ID Severity Event Description or Solution

531 Info MAC List Deleted

532 Info MAC List Updated

533 Info MAC List

Exported

534 Info MAC List Imported

540 Info Proxy Created

541 Info Proxy Deleted

542 Info Proxy Updated

543 Info Proxy Exported

544 Info Proxy Imported

550 Info Schedule Created

551 Info Schedule Deleted

552 Info Schedule Updated

553 Info Schedule

Exported

554 Info Schedule Imported

560 Info Scheduled Task

Created

561 Info Scheduled Task

Deleted

562 Info Scheduled Task

Updated

563 Info Scheduled Task

Manually Executed

564 Info Scheduled Task

Started

565 Info Backup Finished

566 Error Backup Failed

567 Info Sending

Outstanding Alert
Summary
ID
568 Severity
Warning Event
FailedTo Send Description or Solution
Outstanding Alert
Summary

569 Warning Email Failed An e-mail notification could not be sent. Verify that your
SMTP settings are correct.

570 Info Sending Report

571 Warning Failed To Send

Report

572 Error Invalid Report Jar

573 Info Asset Value

Created

574 Info Asset Value

Deleted

575 Info Asset Value

Updated

576 Error Report Uninstall

Failed

577 Error Report Uninstalled

578 Warning Integrity Monitoring  

Rules Require
Configuration

580 Warning Application Type

Port List
Misconfiguration

581 Warning Application Type

Port List
Misconfiguration
Resolved

582 Warning Intrusion

Prevention Rules
Require
Configuration

583 Info Intrusion

Prevention Rules
Require
Configuration
Resolved

584 Warning Application Types IPS rules require network application definitions, and
Require cannot correctly scan traffic until you define them.
Configuration

585 Info Integrity Monitoring

 g y g
ID Severity
Rules
Event
Require Description or Solution
Configuration
Resolved

586 Warning Log Inspection

Rules Require
Configuration

587 Info Log Inspection

Rules Require
Configuration
Resolved

588 Warning Log Inspection

Rules Require Log
Files

589 Info Log Inspection

Rules Require Log
Files Resolved

590 Warning Scheduled Task

Unknown Type

591 Info Relay Group

Created

592 Info Relay Group

Updated

593 Info Relay Group

Deleted

594 Info Event-Based Task

Created

595 Info Event-Based Task

Deleted

596 Info Event-Based Task

Updated

597 Info Event-Based Task

Triggered

600 Info User Signed In

601 Info User Signed Out

602 Info User Timed Out

603 Info User Locked Out

604 Info User Unlocked

605 Info User Session  

Terminated
ID Severity Event Description or Solution
608 Error User Session Deep Security Manager could not confirm that a
Validation Failed session was initiated after successful authentication.
The user will be redirected to the login page, and
asked to re-authenticate. This could be normal if the
authenticated session list was cleared.

609 Error User Made Invalid Deep Security Manager received invalid request to
Request access audit data (events). Access was denied.

610 Info User Session

Validated

611 Info User Viewed

Firewall Event

613 Info User Viewed

Intrusion
Prevention Event

615 Info User Viewed

System Event

616 Info User Viewed

Integrity Monitoring
Event

617 Info User Viewed Log

Inspection Event

618 Info User Viewed

Identified File
Detail

619 Info User Viewed Anti-

Malware Event

620 Info User Viewed Web

Reputation Event

621 Info User Signed In As

Tenant

622 Info Access from

Primary Tenant
Enabled

623 Info Access from

Primary Tenant
Disabled

624 Info Access from

Primary Tenant
Allowed

625 Info Access from

Primary Tenant
 y
ID Severity
Revoked
Event Description or Solution

626 Info Access from

Primary Tenant
Expired

630 Info Syslog  

Configuration
Created

631 Info Syslog  

Configuration
Deleted

632 Info Syslog  

Configuration
Updated

633 Info Syslog  

Configuration
Exported

634 Info Syslog  

Configuration
Imported

650 Info User Created

651 Info User Deleted

652 Info User Updated

653 Info User Password

Set

656 Info API Key Created  

657 Info API Key Deleted  

658 Info API Key Updated  

660 Info Role Created

661 Info Role Deleted

662 Info Role Updated

663 Info Roles Imported

664 Info Roles Exported

670 Info Contact Created

671 Info Contact Deleted

 672
ID Info
Severity Contact Updated
Event Description or Solution

673 Info API Key Locked  

Out

674 Info API Key Unlocked  

675 Error API Key Session  

Validation Failed

676 Error API Key Made  

Invalid Request

678 Info API Key Expired  

680 Info Created master For details, see the masterkey parameter.
encryption key

681 Info Exported master For details, see the masterkey parameter.
encryption key

682 Info Imported master For details, see the masterkey parameter.
encryption key

690 Info Microservice API  

Key Created

691 Info Microservice API  

Key Deleted

692 Info Microservice API  

Key Updated

693 Info Microservice API  

Key Locked Out

694 Info Microservice API  

Key Unlocked

695 Error Microservice API  

Key Session
Validation Failed

696 Info Microservice API  

Key Expired

700 Info Agent Software

Installed

701 Error Agent Software

Installation Failed

702 Info Credentials

Generated

703 Error Credential

Generation Failed
 Generation Failed
ID Severity Event Description or Solution
704 Info Activated

705 Error Activation Failed This can occur if agent self-protection is enabled. On
the Deep Security Manager, go to Computer editor >

Settings > General. In Agent Self Protection, and

then either deselect Prevent local end-users from
uninstalling, stopping, or otherwise modifying the
Agent or enter a password for local override.

706 Info Software Update:

Agent Software
Upgraded

707 Warning Software Update: Refer to the event details for more information about
Agent Software why the upgrade was not successful.
Upgrade Failed

708 Info Deactivated

709 Error Deactivation

Failed

710 Info Events Retrieved

711 Info Agent Software

Deployed

712 Error Agent Software This can occur if agent self-protection is enabled. On
Deployment Failed the Deep Security Manager, go to Computer editor >

Settings > General. In Agent Self Protection, and

then either deselect Prevent local end-users from
uninstalling, stopping, or otherwise modifying the
Agent or enter a password for local override.

713 Info Agent Software

Removed

714 Error Agent Software This can occur if agent self-protection is enabled. On
Removal Failed the Deep Security Manager, go to Computer editor >

Settings > General. In Agent Self Protection, and

then either deselect Prevent local end-users from
uninstalling, stopping, or otherwise modifying the
Agent or enter a password for local override.

715 Info Agent/Appliance

Version Changed
 Version Changed
ID Severity Event Description or Solution

716 Info Reactivation An agent that is currently unknown to the Deep

Attempted by Security Manager has attempted reactivation. This
Unknown Agent usually happens when a computer was deleted from
Deep Security Manager without first removing the
agent on the computer. For more information, see the
'Reactivation Attempted by Unknown Agent' section in
Agent settings.

720 Info Policy Sent Agent/Appliance updated.

721 Error Send Policy Failed

722 Warning Get Interfaces

Failed

723 Info Get Interfaces

Failure Resolved

724 Warning Insufficient Disk An agent detected low disk space. Free space on the
Space computer. See Warning: Insufficient disk space.

725 Warning Events

Suppressed

726 Warning Get Manager was unable to retrieve Events from

Agent/Appliance Agent/Appliance. This error does not mean that the
Events Failed data was lost on the Agent/Appliance. This error is
normally caused by a network interruption while events
are being transferred. Clear the error and run a "Check
Status" to retry the operation.

727 Info Get

Agent/Appliance
Events Failure
Resolved

728 Error Get Events Failed Manager was unable to retrieve audit data from
Agent/Appliance. This error does not mean that the
data was lost on the Agent/Appliance. This error is
normally caused by a network interruption while events
are being transferred. Clear the error and run a "Get
Events Now" to retry the operation.

729 Info Get Events Failure

Resolved

730 Error Offline Manager cannot communicate with Computer. Usually,

however, the offline Agent is still protecting the
computer with its last configured settings. See
Computer and Agent/Appliance Status and "Offline"
agent.
 g
ID Severity Event Description or Solution
731 Info Back Online

732 Error Firewall Engine The Firewall Engine is offline and traffic is flowing
Offline unfiltered. This is normally due to an error during
installation or verification of the driver on the
computer's OS platform. Check the status of the
network driver at the computer to ensure it is properly
loaded.

733 Info Firewall Engine

Back Online

734 Warning Computer Clock A clock change has occurred on the Computer which
Change exceeds the maximum allowed specified in
Computer or Policy editor > Settings > General >

Heartbeat area. Investigate what has caused the clock

change on the computer.

735 Warning Misconfiguration The Agent's configuration does not match the
Detected configuration indicated in the Manager's records. This
is typically because of a recent backup restoration of
the Manager or the Agent. Unanticipated
misconfiguration warnings should be investigated.

736 Info Check Status

Failure Resolved

737 Error Check Status See Error: Check Status Failed.

Failed

738 Error Intrusion The Intrusion Prevention Engine is offline and traffic is
Prevention Engine flowing unfiltered. This is normally due to an error
Offline during installation or verification of the driver on the
computer's OS platform. Check the status of the
network driver at the computer to ensure it is properly
loaded.

739 Info Intrusion

Prevention Engine
Back Online

740 Error Agent/Appliance

Error

741 Warning Abnormal Restart

Detected

742 Warning Communications The Agent is having problems communicating its

Problem status to Manager. It usually indicates network or load
congestion in the Agent --> Manager direction. Further
investigation is warranted if the situation persists
 743
ID Info
Severity Communications
Event Description or Solution
Problem Resolved

745 Warning Events Truncated

748 Error Log Inspection

Engine Offline

749 Info Log Inspection

Engine Back
Online

750 Warning Last Automatic

Retry

755 Info Deep Security

Manager Version
Compatibility
Resolved

756 Warning Deep Security Each security module rule (such as Firewall, Anti-
Manager Upgrade Malware, and the others) has a specific minimum
Recommended
(Incompatible Deep Security Manager version that's required in
Security order for the rule to run.
Update(s))
Your current Deep Security Manager version is less
than the rule's minimum supported version. Upgrade
your Deep Security Manager to clear the warning and
run the rule.

760 Info Agent/Appliance

Version
Compatibility
Resolved

761 Warning Agent/Appliance

Upgrade
Recommended

762 Warning Agent/Appliance Your current Deep Security Agent or Deep Security
Upgrade Required Virtual Appliance version is less than the Deep
Security Manager's minimum supported version.
Upgrade your Agent/Appliance.

763 Error Incompatible Your current Deep Security Manager version is less
Agent/Appliance than the Deep Security Agent or Deep Security Virtual
Version
Appliance's minimum supported version. Upgrade
 your manager.
ID Severity Event Description or Solution

764 Warning Agent/Appliance Each security module rule (such as Firewall, Anti-
Upgrade Malware, and the others) has a specific minimum
Recommended
(Incompatible Deep Security Agent or Deep Security Virtual
Security Appliance version that's required in order for the rule to
Update(s)) run.

Your current Deep Security Agent or Deep Security

Virtual Appliance version is less than the rule's
minimum supported version. Upgrade your Deep
Security Agent or Deep Security Virtual Appliance to
clear the warning and run the rule.

765 Error Computer Reboot

Required

766 Warning Network Engine

Mode
Configuration
Incompatibility

767 Warning Network Engine

Mode Version
Incompatibility

768 Warning Network Engine

Mode
Incompatibility
Resolved

770 Warning Agent/Appliance

Heartbeat
Rejected

771 Warning Contact by See Troubleshoot event ID 771 "Contact by

Unrecognized Unrecognized Client".
Client

780 Info Recommendation

Scan Failure
Resolved

781 Warning Recommendation See Troubleshooting: Recommendation Scan Failure.

Scan Failure

782 Info Rebuild Baseline

Failure Resolved
ID
783 Severity
Warning Event
Rebuild Baseline Description or Solution
Failure

784 Info Security Update:

Security Update
Check and
Download
Successful

785 Warning Security Update:

Security Update
Check and
Download Failed

786 Info Scan For Change

Failure Resolved

787 Warning Scan For Change

Failure

790 Info Agent-Initiated

Activation
Requested

791 Warning Agent-Initiated

Activation Failure

792 Info Manual Malware

Scan Failure
Resolved

793 Warning Manual Malware A Malware Scan has failed. Use the VMware vCenter
Scan Failure console to check the status of the VM on which the
scan failed. See also Anti-Malware scan failures and
cancellations.

794 Info Scheduled

Malware Scan
Failure Resolved

795 Warning Scheduled A scheduled Malware Scan has failed. Use the
Malware Scan VMware vCenter console to check the status of the VM
Failure on which the scan failed. See also Anti-Malware scan
failures and cancellations.

796 Warning Scheduled This occurs when a scheduled Malware Scan is

Malware Scan initiated on a computer when a previous scan is still
Task has been pending. This typically indicates that Malware Scans
Missed are being scheduled too frequently.

797 Info Malware Scan

Cancellation
Failure Resolved
 798
ID Warning
Severity Malware
Event Scan A Malwareor
Description Scan cancellation has
Solution failed. Use the
Cancellation VMware vCenter console to check the status of the VM
Failure on which the scan failed.

799 Warning Malware Scan A Malware Scan has stalled. Use the VMware vCenter
Stalled console to check the status of the VM on which the
scan stalled.

800 Info Alert Dismissed

801 Info Error Dismissed

803 Warning Agent  

Configuration
Package too
Large

804 Error Intrusion  

Prevention Rule
Compiler Failed

805 Error Intrusion  

Prevention Rules
Failed to Compile

806 Error Intrusion  

Prevention Rules
Failed to Compile

850 Warning Reconnaissance See Warning: Reconnaissance Detected

Detected:
Computer OS
Fingerprint Probe

851 Warning Reconnaissance See Warning: Reconnaissance Detected

Detected: Network
or Port Scan

852 Warning Reconnaissance See Warning: Reconnaissance Detected

Detected: TCP
Null Scan

853 Warning Reconnaissance See Warning: Reconnaissance Detected

Detected: TCP
SYNFIN Scan

854 Warning Reconnaissance See Warning: Reconnaissance Detected

Detected: TCP
Xmas Scan

900 Info Deep Security

Manager Audit
Started

901 I f D S it
901 Info Deep Security
ID Severity Event
Manager Audit Description or Solution
Shutdown

902 Info Deep Security

Manager Installed

903 Warning License Related

Configuration
Change

904 Info Diagnostic  

Logging Enabled

905 Info Diagnostic  

Logging
Completed

910 Info Diagnostic

Package
Generated

911 Info Diagnostic

Package Exported

912 Info Diagnostic

Package
Uploaded

913 Error Automatic

Diagnostic
Package Error

914 Info Identified File

Deletion
Succeeded

915 Info Identified File

Deletion Failed

916 Info Identified File

Download
Succeeded

917 Info Identified File

Download Failed

918 Info Identified File

Administration
Utility Download
Succeeded

919 Info Identified File Not

Found

920 Info Usage Information

Generated
ID Severity Event Description or Solution
921 Info Usage Information
Package Exported

922 Info Usage Information

Package
Uploaded

923 Error Usage Information

Package Error

924 Warning File cannot be The Anti-Malware module was unable to analyze or
analyzed or quarantine a file because the VM maximum disk
quarantined (VM space used to store identified files was reached. To
maximum disk change the maximum disk space for identified files
space used to setting, open the computer or policy editor and go to
store identified the Anti-malware > Advanced tab.
files exceeded)

925 Warning File cannot be The Anti-Malware module was unable to analyze or
analyzed or quarantine a file because the maximum disk space
quarantined used to store identified files was reached. To change
(maximum disk the maximum disk space for identified files setting,
space used to open the computer or policy editor and go to the Anti-
store identified malware > Advanced tab.
files exceeded)

926 Warning Smart Protection See Troubleshoot "Smart Protection Server

Server disconnected" errors.
Disconnected for
Smart Scan

927 Info Smart Protection

Server Connected
for Smart Scan

928 Info Identified File

Restoration
Succeeded

929 Warning Identified File

Restoration Failed

930 Info Certificate

Accepted

931 Info Certificate Deleted

932 Warning Smart Protection See Troubleshoot "Smart Protection Server

Server disconnected" errors.
Disconnected for
Web Reputation

933 Info Smart Protection

Server Connected
for Web
Reputation

934 Info Software Update:

 p
ID Severity
Anti-Malware
Event Description or Solution
Windows Platform
Update Successful

935 Error Software Update: See Anti-Malware Windows platform update failed
Anti-Malware
Windows Platform
Update Failed

936 Info Submission of

identified file to
Deep Discovery
Analyzer
succeeded

937 Info Submission of

identified file to
Deep Discovery
Analyzer failed

938 Info Identified File  

Submission
Queued

940 Info Auto-Tag Rule

Created

941 Info Auto-Tag Rule

Deleted

942 Info Auto-Tag Rule

Updated

943 Info Tag Deleted

944 Info Tag Created

945 Warning Census, Good File  

Reputation, and
Predictive
Machine Learning
Service
Disconnected

946 Info Census, Good File  

Reputation, and
Predictive
Machine Learning
Service
Connected

947 Info FIPS Mode  

Enabled

948 Info FIPS Mode

948 Info FIPS Mode  
ID Severity Disabled
Event Description or Solution

949 Warning Computer reboot A computer reboot is required to complete the Deep
is required to Security Agent installation with Windows installer.
complete the
Deep Security
Agent installation
with Windows
installer

950 Warning A computer reboot A computer reboot is required to disable Windows

is required to Defender and enable Deep Security Agent protection.
enable Deep
Security Agent
protection

970 Info Command Line

Utility Started

978 Info Command Line

Utility Failed

979 Info Command Line Deep Security Manager was manually stopped.
Utility Shutdown

980 Info System

Information
Exported

990 Info Manager Node

Added

991 Info Manager Node

Decommissioned

992 Info Manager Node

Updated

995 Info Connection to the

Certified Safe
Software Service
has been restored

996 Warning Unable to connect

to the Certified
Safe Software
Service

997 Error Tagging Error

998 Error System Event

Notification Error
ID
999 Severity
Error Event
Internal Software Description or Solution
Error

1101 Error Plug-in Installation

Failed

1102 Info Plug-in Installed

1103 Error Plug-in Upgrade

Failed

1104 Info Plug-in Upgraded

1105 Error Plug-in Start

Failed

1106 Error Plug-in Uninstall

Failed

1107 Info Plug-in Uninstalled

1108 Info Plug-in Started

1109 Info Plug-in Stopped

1110 Error Software Package Agent software package was not found or a newer
Not Found package is required.

1111 Info Software Package

Found

1112 Error Kernel The Linux driver cannot be installed because your
Unsupported computer may have been upgraded to an unsupported
kernel. For more information, see Deep Security
Agent Linux kernel support.

1204 Info Identified file The download request has been sent. Please check
download for event ID 1209 for the latest update. Files that are
requested "Ready for download" will be available for 24 hours.

1205 Info Identified file The download request could not be sent successfully.
download request
failed

1208 Info Identified file The download request has timeout due to reaching the
download request 2-day limit.
timeout

1209 Info Identified file is Identified file is ready for download. Please download
ready for the file within 24 hours.
download

1500 Info Malware Scan

Configuration
Created
 1501
ID Info
Severity Malware
Event Scan Description or Solution
Configuration
Deleted

1502 Info Malware Scan

Configuration
Updated

1503 Info Malware Scan

Configuration
Exported

1504 Info Malware Scan

Configuration
Imported

1505 Info Directory List

Created

1506 Info Directory List

Deleted

1507 Info Directory List

Updated

1508 Info Directory List

Exported

1509 Info Directory List

Imported

1510 Info File Extension List

Created

1511 Info File Extension List

Deleted

1512 Info File Extension List

Updated

1513 Info File Extension List

Exported

1514 Info File Extension List

Imported

1515 Info File List Created

1516 Info File List Deleted

1517 Info File List Updated

1518 Info File List Exported

ID Severity Event Description or Solution
1519 Info File List Imported

1520 Info Manual Malware

Scan Pending

1521 Info Manual Malware

Scan Started

1522 Info Manual Malware

Scan Completed

1523 Info Scheduled

Malware Scan
Started

1524 Info Scheduled

Malware Scan
Completed

1525 Info Manual Malware

Scan Cancellation
In Progress

1526 Info Manual Malware This event can have several causes. See Anti-Malware
Scan Cancellation scan failures and cancellations.

1527 Info Scheduled

Malware Scan
Cancellation In
Progress

1528 Info Scheduled This event can have several causes. See Anti-Malware
Malware Scan scan failures and cancellations.
Cancellation

1529 Info Manual Malware

Scan Paused

1530 Info Manual Malware

Scan Resumed

1531 Info Scheduled

Malware Scan
Paused

1532 Info Scheduled

Malware Scan
Resumed

1533 Info A computer reboot A computer reboot is required to complete an Anti-

is required to Malware cleanup or restoration task.
complete an Anti-
Malware cleanup
or restoration task

1534 E C t b t
1534 Error Computer reboot
ID Severity Event
required for Anti- Description or Solution
Malware
protection

1535 Info Anti-Malware  

cleanup task must
be performed
manually

1536 Info Quick Malware

Scan Pending

1537 Info Quick Malware

Scan Started

1538 Info Quick Malware

Scan Completed

1539 Info Quick Malware

Scan Cancellation
In Progress

1540 Info Quick Malware This event can have several causes. See Anti-Malware
Scan Cancellation scan failures and cancellations.

1541 Info Quick Malware

Scan Paused

1542 Info Quick Malware

Scan Failure
Resolved

1543 Warning Quick Malware See Anti-Malware scan failures and cancellations.
Scan Failure

1544 Info Quick Malware

Scan Resumed

1545 Info Files could not be Anti-malware could not scan a file because its file path
scanned for exceeded the maximum number of characters.
malware Maximum file path length varies by OS and file system.
To prevent this problem, try moving the file to a
directory path and file name with fewer characters.

1546 Info Files could not be Anti-malware could not scan a file because its location
scanned for exceeded the maximum directory depth. To prevent
malware this problem, try reducing the number of layers of
nested directories.

1547 Info Scheduled  

Malware Scan
 Malware Scan
ID Severity Task has been
Event Description or Solution
cancelled

1550 Info Web Reputation

Settings Updated

1551 Info Malware Scan

Configuration
Updated

1552 Info Integrity

Configuration
Updated

1553 Info Log Inspection

Configuration
Updated

1554 Info Firewall Stateful

Configuration
Updated

1555 Info Intrusion

Prevention
Configuration
Updated

1556 Info Anti-Malware scan  

exclusion setting
update

1600 Info Relay Group

Update Requested

1601 Info Relay Group

Update Success

1602 Error Relay Group

Update Failed

1603 Info Security Update:

Security Update
Rollback Success

1604 Warning Security Update:

Security Update
Rollback Failure

1605 Info Successfully send  

file back up
command to host

1606 Warning Failed to send file  

back up command
to host

1607 I f S f ll b k
1607 Info Successfully back  
ID Severity Event
up file Description or Solution

1608 Error Failed to back up  

file

1650 Warning Anti-Malware

protection is not
enabled or is out
of date

1651 Info Anti-Malware

module is ready

1660 Info Rebuild Baseline

Started

1661 Info Rebuild Baseline

Paused

1662 Info Rebuild Baseline

Resumed

1663 Warning Rebuild Baseline

Failure

1664 Warning Rebuild Baseline

Stalled

1665 Info Rebuild Baseline

Completed

1666 Info Scan for Integrity

Started

1667 Info Scan for Integrity

Paused

1668 Info Scan for Integrity

Resumed

1669 Warning Scan for Integrity

Failure

1670 Warning Scan for Integrity

Stalled

1671 Info Scan for Integrity

Completed

1675 Error Integrity Monitoring

Engine Offline

1676 Info Integrity Monitoring

Engine Back
Online
 Online
ID Severity Event Description or Solution
1677 Error Trusted Platform
Module Error

1678 Info Trusted Platform

Module Register
Values Loaded

1679 Warning Trusted Platform

Module Register
Values Changed

1680 Info Trusted Platform

Module Checking
Disabled

1681 Info Trusted Platform

Module Information
Unreliable

1700 Info No Agent

Detected

1800 Error Deep Security

Protection Module
Failure

1801 Info Deep Security  

Protection Module
Back to Normal

1900 Info Cloud Account

Added

1901 Info Cloud Account

Removed

1902 Info Cloud Account

Updated

1903 Info Cloud Account

Synchronization In
Progress

1904 Info Cloud Account

Synchronization
Finished

1905 Error Cloud Account

Synchronization
Failed

1906 Info Cloud Account

Synchronization
R t d
 Requested
ID Severity Event Description or Solution
1907 Info Cloud account
Synchronization
Cancelled

1908 Info AWS Account  

Synchronization
Requested

1909 Info AWS Account  

Synchronization
Finished

1910 Error AWS Account  

Synchronization
Failed

1911 Info AWS Account  

Added

1912 Info AWS Account  

Removed

1913 Info AWS Account  

Updated

1914 Info Azure Account  

Added

1915 Info Azure Account  

Removed

1916 Info Azure Account  

Updated

1917 Info Azure Account  

Synchronization
Finished

1918 Error Azure Account  

Synchronization
Failed

1919 Info Azure Account  

Synchronization
Requested

1920 Warning Azure Account  

Synchronization
Completed but
with Errors

1921 Info vCloud Account  

Added
1922
ID
Info
Severity
vCloud Account
Event
 
Description or Solution
Removed

1923 Info vCloud Account  

Updated

1924 Info vCloud Account  

Synchronization
Finished

1925 Error vCloud Account  

Synchronization
Failed

1926 Info vCloud Account  

Synchronization
Requested

1927 Info Upgrade  

Connector to AWS
Account
Requested

1928 Warning AWS Account  

Update Failed

1929 Info Upgrade  

Connector to AWS
Account Finished

1950 Info Tenant Created

1951 Info Tenant Deleted

1952 Info Tenant Updated

1953 Info Tenant Database

Server Created

1954 Info Tenant Database

Server Deleted

1955 Info Tenant Database

Server Updated

1956 Info Tenant Exported  

1957 Error Tenant Initialization

Failure

1958 Info Tenant Features

Updated

2000 Info Scan Cache

Configuration
Object Added
 Object Added
ID Severity Event Description or Solution
2001 Info Scan Cache
Configuration
Object Removed

2002 Info Scan Cache

Configuration
Object Updated

2100 Info Deep Security as  

a Service
Subscription
Started

2101 Info Deep Security as  

a Service
Subscription
Canceled

2102 Info Cleverbridge  

Quantity Updated

2103 Warning Cleverbridge  

Quantity Not
Updated

2104 Info Cleverbridge  

Quantity Reset

2105 Warning Cleverbridge  

Quantity Not Reset

2106 Info Cleverbridge  

Billing Date Set

2107 Warning Cleverbridge  

Billing Date Not
Set

2108 Info Deep Security as  

a Service
Subscription
Payment Received

2109 Warning Deep Security as  

a Service
Subscription
Payment Not
Received

2110 Info Cleverbridge  

Notification
Received

2111 Info Deep Security as  

a Service
 a Service
ID Severity Subscription
Event Description or Solution
Deactivated

2112 Info Account Balance  

Reset

2113 Info Agent Installation  

Requested

2114 Info AWS Billing Job  

Started

2115 Info AWS Billing Job  

Completed

2116 Error AWS Billing failure Deep Security Manager sent a billing usage record to
AWS using the AWS SDK, which the SDK returned
with an exception. If the problem persists, contact your
support provider.

2117 Info Entitlement  

Created

2118 Info Entitlement  

Updated

2119 Error Agent Activation  

Prevented Due to
AWS Metering
Billing Usage Data
Submission
Failure

2120 Error AWS Billing failure Deep Security Manager encountered an error while
executing an AWS billing job. If the problem persists,
contact your support provider.

2123 Error Azure Marketplace The job used to send host usage statistics to Azure
Billing Job Failed Marketplace for consumption-based billing failed. See
the description in the event for details about the error
that caused this event.

2126   Event Storage  

Settings Publish
Job Failed

2127 Info Account Details  

Publish Job
Started

2128 Info Account Details  

Publish Job
Completed

2129 Error Account Details  

Publish Job Failed
ID
2200 Severity
Info Event
Software Update: Description or Solution
Anti-Malware
Module Installation
Started

2201 Info Software Update: This event is also triggered by installing Application
Anti-Malware Control or Integrity Monitoring because they share the
Module Installation same framework as Anti-Malware.
Successful

2202 Warning Software Update:

Anti-Malware
Module Installation
Failed

2203 Info Software Update:

Anti-Malware
Module Download
Successful

2204 Info Security Update:

Pattern Update on
Agents/Appliances
Successful

2205 Warning Security Update:

Pattern Update on
Agents/Appliances
Failed

2206 Info Security Update:  

Pattern Update on
Agents/Appliances
Skipped

2300 Info Software Update:

Web Reputation
Module Installation
Started

2301 Info Software Update:

Web Reputation
Module Installation
Successful

2302 Warning Software Update:

Web Reputation
Module Installation
Failed

2303 Info Software Update:

Web Reputation
Download
Successful

2400 Info Software Update:

Fi ll M d l
 Firewall Module
ID Severity Event
Installation Started Description or Solution

2401 Info Software Update:

Firewall Module
Installation
Successful

2402 Warning Software Update:

Firewall Module
Installation Failed

2403 Info Software Update:

Firewall Module
Download
Successful

2500 Info Software Update:

Intrusion
Prevention Module
Installation Started

2501 Info Software Update:

Intrusion
Prevention Module
Installation
Successful

2502 Warning Software Update:

Intrusion
Prevention Module
Installation Failed

2503 Info Software Update:

Intrusion
Prevention Module
Download
Successful

2600 Info Software Update:

Integrity Monitoring
Module Installation
Started

2601 Info Software Update:

Integrity Monitoring
Module Installation
Successful

2602 Warning Software Update:

Integrity Monitoring
Module Installation
Failed

2603 Info Software Update:

Integrity Monitoring
Module Download
Successful

2604 I f A t b t
2604 Info A computer reboot
ID Severity Event
is requiredto Description or Solution
complete Integrity
Monitoring
protection

2700 Info Software Update:

Log Inspection
Module Installation
Started

2701 Info Software Update:

Log Inspection
Module Installation
Successful

2702 Warning Software Update:

Log Inspection
Module Installation
Failed

2703 Info Software Update:

Log Inspection
Module Download
Successful

2800 Info Software Update:

Software
Automatically
Downloaded

2801 Error Software Update:

Unable to retrieve
Download Center
inventory

2802 Error Software Update:

Unable to
download software
from Download
Center

2803 Info Online Help

Update Started

2804 Info Online Help

Update Ended

2805 Info Online Help

Update Success

2806 Warning Online Help

Update Failed

2900 Info Software Update:

Relay Module
Installation Started
ID Severity Event Description or Solution
2901 Info Software Update:
Relay Module
Installation
Successful

2902 Warning Software Update:

Relay Module
Installation Failed

2903 Info Software Update:

Relay Module
Download
Successful

2904 Info VMware NSX

Synchronization
Finished

2905 Error VMware NSX

Synchronization
Failed

2906 Info Agent Self- Agent self-protection was enabled via the Deep
Protection enabled Security Manager.

2907 Info Agent Self-  

Protection
disabled

2908 Info Agent Self- Agent self-protection was enabled via the command
Protection enabled line on the Deep Security Agent.

2909 Info Agent Self-  

Protection
disabled

2915 Info Data migration  

complete

2916 Warning Data migration  

finished with error

2920 Info Querying report

from DDAn
Finished

2921 Error Querying report

from DDAn Failed

2922 Info Submission to  

Deep Discovery
Analyzer
processed

2923 Error File submission to  

D Di
 Deep Discovery
ID Severity Event
Analyzer Failed Description or Solution

2924 Info Security Update:  

Suspicious Object
Check and Update
Successful

2925 Error Security Update:  

Suspicious Object
Check and Update
Failed

2926 Warning Submission to  

Deep Discovery
Analyzer queued

2930 Info File back up  

pending

2931 Info Smart Folder  

Added

2932 Info Smart Folder  

Removed

2933 Info Smart Folder  

Updated

2934 Error Failed to send  

Amazon SNS
message

2935 Info System resumed  

sending SNS
messages

2936 Info Inactive User  

Deleted

2937 Info SAML Identity  

Provider Created

2938 Info SAML Identity  

Provider Updated

2939 Info SAML Identity  

Provider Deleted

2940 Info SAML Service  

Provider Updated

2941 Error Failed to Update  

News

2942 Info Performance  

Profile Created
 2943
ID Info
Severity Performance
Event  
Description or Solution
Profile Updated

2944 Info Performance  

Profile Deleted

2945 Info System Upgrade  

Started

2946 Info System Update  

Succeeded

2947 Error System Upgrade  

Failed

2948 Info Manager Node  

Upgrade Started

2949 Info Manager Node  

Update
Succeeded

2950 Error Manager Node A node in a multi-node environment failed to upgrade.

Upgrade Failed

2951 Error Failed to send TIC Managed Detection and Response events failed to
message send.

2952 Info System resumed  

sending TIC
messages

2953 Info Inactive Agent Inactive agent cleanup removed computers that have
Cleanup been offline and inactive for a specified period of time.
Completed For more information on inactive agent cleanup, see
Successfully Automate offline computer removal with inactive agent
cleanup.

2954 Warning Dropped events  

recorded in the
future

2955 Info The public CA  

chain was
imported (via the
dsm_c command)

2656 Info The public CA  

chain was deleted
(via the dsm_c
command)

2957 Info The manager's  

certificate authority
 y
ID Severity
cert was renewed
Event Description or Solution
(happens
automatically, by
default every 10
yrs)

2958 Info The default TLS  

certificate was
renewed (happens
automatically, by
default every 2 yrs)

2960 Info Appliance (SVM) Deep Security Manager has received the upgrade
Upgrade request.
Requested

2961 Info Appliance (SVM) Deep Security Manager is processing the upgrade.
Upgrade Started

2962 Info Appliance (SVM) The appliance SVM is not available so the upgrade
Upgrade cannot be done. See the description of the system
Canceled event for the reason.

2963 Info Appliance (SVM) The appliance SVM is upgraded to the new version
Upgraded and is activated successfully. All guest VMs are auto-
activated three minutes after the appliance activation.

2964 Warning Appliance (SVM) Deep Security Manager encountered one or more
Upgrade Failed errors and failed the upgrade process. For details, see
Troubleshooting the 'Appliance (SVM) Upgrade
Failed' system event.

2965 Error Appliance (SVM) The appliance SVM was upgraded to the newer
Upgraded but Not version but has not yet been activated, or the
Ready
appliance SVM was activated but your guest VMs
have not yet been auto-activated. See the description
of the system event for details. You may need to
confirm the appliance deployment and manually trigger
activation of the appliance or guest VMs.

2969 Info Scheduled Task  

Skipped

2970 Info GCP Account GCP Account: <GCPaccountname> successfully

Added added.

For details, see Add a Google Cloud Platform

account.
2971
ID
Info
Severity
GCP Account
Event
GCP Account: <GCPaccountname> successfully
Description or Solution
Removed removed.

For details, see Remove a GCP account.

2972 Info GCP Account GCP Account: <GCPaccountname> successfully

Updated updated.

For details, see Add a Google Cloud Platform

account.

2973 Info GCP Account Synchronize computers completed for GCP Account:
Synchronization <GCPaccountname>
Finished
For details, see Synchronize a GCP account.

2974 Error GCP Account Deep Security Manager was unable to synchronize
Synchronization computers with GCP Account: <GCPaccountname>
Failed
<detailed_message>

For example: 

Root URL is not valid

For details, see Synchronize a GCP account.

2975 Info GCP Account A request has been made to synchronize computers
Synchronization with GCP Account: <GCPaccountname>
Requested
For details, see Synchronize a GCP account.

2976 Warning GCP Account The GCP Account <GCPaccountname>

Synchronization synchronization operation completed, but information
Completed but
with Errors for the following hosts or groups could not be updated
with following message:

<detailed_message>

For example: 

Project <GCPprojectname>: 403 Required

 j p j q
ID Severity Event 'compute.machineTypes.list'
Description or Solution permission for
'projects/<GCPprojectname>'

For details, see Synchronize a GCP account.

2988 Warning MQTT Connection  

Offline

2989 Info MQTT Connection  

Online

2990 Info XDR Service  

Registered

2991 Info XDR Service  

Deleted

2992 Warning VMware NSX Deep Security Manager has detected that the
Policy following NSX-T groups are using different security
Configuration
Conflict policies for Endpoint Protection and Network
Introspection (E-W):

<group_names>

Go to NSX-T and reconfigure the group to use the

same security policy.

For details, see Method 3: Synchronize your Deep

Security policies to NSX-T 3.x.

2993 Warning XDR Certificate  

Expired

2994 Warning XDR Product  

Connector Missing

2995 Info XDR Certificate  

Updated

2996 Warning XDR Certificate  

Update Failed

2997 Warning MQTT Connection  

Configuration
Failed

2998 Warning MQTT Connection  

Configured

3000 Info Software Update:

SAP Module
 SAP Module
ID Severity Installation Started
Event Description or Solution

3001 Info Software Update:

SAP Module
Installation
Successful

3002 Error Software Update:

SAP Module
Installation Failed

3003 Info Software Update:

SAP Module
Download
Successful

3004 Info SAP VSA is

installed

3005 Error SAP VSA is not

installed

3006 Info SAP VSA is up-to-

date

3007 Info SAP VSA is not

up-to-date

3008 Info SAP: Anti-  

Malware module is
ready

3009 Error SAP: Anti-  

Malware module is
not ready

3200 Info A computer reboot

is required to
complete the
installation of
Activity Monitoring

3300 Info Computer Added

to vCenter Account

3301 Warning Duplicate Hosts Cannot move the standalone host to vCenter
with Same Virtual (<vCenter's name>). Deep Security found the following
UUID Found hosts with same virtual UUID (<The UUID>): <Hosts>

7000 Info Application An administrator downloaded application control event

Control Security logs in CSV format.
Events Exported

7007 Info User Viewed An administrator dismissed an application control

Application alert. This is normal unless your system has been
Control Event compromised by an intruder that has gained an
administrator login.
ID
7008 Severity
Error Event
Application Description
An agent'sor Solution control engine
application failed to come
Control Engine online. This could happen if you have enabled
Offline application control on a computer whose kernel is not
supported.

7009 Info Application An agent's application control engine restarted.

Control Engine
Online Again

7010 Info Application Deep Security Manager updated the application

Control control settings on an agent.
Configuration
Updated

7011 Info Software Update: The agent received a policy from Deep Security
Application Manager where application control was selected, but
Control Module detected that it did not have the application control
Installation Started engine installed or needed to update it, so it began to
download it. This is normal when you enable
application control on a computer for the first time, or
when it has been disabled while application control
engine updates were released.

7012 Info Software Update: The agent installed the application control engine. The
Application application control engine is also used by the integrity
Control Module monitoring feature.
Installation
Successful

7013 Error Software Update: The agent could not install the application control
Application engine. This is not normal.
Control Module
Installation Failed

7014 Info Software Update: The agent finished downloading the application control
Application engine.
Control Module
Download
Successful

7015 Info Application The legacy REST API was used to allow or block
Control Ruleset software. This message does not occur when
Rules Updated administrators perform the same action in the GUI.

7020 Info Application The legacy REST API uploaded a computer's initial
Control Inventory allow rules to Deep Security Manager.
Retrieved

7021 Info Application The application control engine was enabled, and the
Control Inventory agent detected that it did not have any allow rules for
Scan Started that computer, so it began to build initial rules based
on the currently installed software. This is normal when
you enable application control for the first time. This
message does not occur when you use the legacy
REST API to replace the allow rules.

7022 Info Application The agent finished building the initial allow rules for
7022 Info Application The agent finished building the initial allow rules for
ID Severity Control Inventory
Event that computer.
Description After this, any new software
or Solution that is
Scan Completed detected which is not in the allow or block rules will, if
configured, cause and alert.

7023 Error Application The agent could not build the initial allow rules for that
Control Inventory computer. This is not normal.
Scan Failed

7024 Info Application An administrator allowed or blocked software in the

Control Software Actions tab, or changed a rule by clicking Change
Changes Detected rule in an application control log message. This
message does not occur when you use the legacy
REST API to replace the allow rules.

7025 Info Application You manually forced application control to delete the
Control Inventory current rules and rebuild them based on the currently
Scan Requested installed software. This could be normal if you needed
to change many rules at the same time.

7026 Info Application Either an administrator sent or the legacy REST

Control API received the command to enable maintenance
Maintenance mode.
Mode Start
Requested

7027 Info Application Either an administrator sent or the legacy REST

Control API received the command to disable maintenance
Maintenance mode.
Mode Stop
Requested

7028 Info Application Maintenance mode was enabled. While enabled, the
Control agent automatically adds updated or newly installed
Maintenance software to its allow rules, indicating that you know and
Mode Started want to allow the software update. The agent continues
to apply block rules during this time.

7029 Info Application Maintenance mode was disabled. Once maintenance

Control mode is stopped, all new or changed software will be
Maintenance considered "unrecognized" until you specifically allow
Mode Stopped or block it.

7030 Info Application The agent began to build the initial allow rules, but an
Control Inventory administrator canceled the process.
Scan Cancelled

7031 Error Sending An agent could not download a shared ruleset for
Application application control. This can occur if network
Control Ruleset connectivity is interrupted (such as a firewall or proxy
Failed between the agent and relay), or if there isn't enough
free disk space on the agent.

7032 Info Sending An agent downloaded a shared ruleset for application

Application control. This normally occurs whenever an
Control Ruleset administrator or the legacy REST API allows or blocks
Succeeded software or when a different shared ruleset is applied
 Succeeded software, or when a different shared ruleset is applied.
ID Severity Event Description or Solution
7033 Info Application The legacy REST API was used to create an
Control Ruleset application control ruleset. This message does not
Created occur when administrators perform the same action in
the GUI.

7034 Info Application The legacy REST API was used to allow or block
Control Ruleset software via an application control ruleset. This
Updated message does not occur when administrators perform
the same action in the GUI.

7035 Info Application The legacy REST API was used to delete an
Control Ruleset application control ruleset. This message does not
Deleted occur when administrators perform the same action in
the GUI.

7036 Info Application An administrator changed the time period for when
Control maintenance mode is active.
Maintenance
Mode Reset
Duration
Requested

7037 Error Newly applied An administrator applied a new ruleset, but some of
ruleset will block the currently running processes exist in block rules.
some running Application control will not terminate the processes,
processes on but the next time you reboot or restart those services,
restart depending on your configuration, it will either alert you
or block them. If the processes are not authorized, you
should terminate them manually. If they are authorized,
but are missing from the ruleset, you should add them
to the ruleset.

7038 Error Unresolved Software changes detected on the file system

software change exceeded the maximum amount. Application control
limit reached will continue to enforce existing rules, but will not
record any more changes, and it will stop displaying
any of that computer's software changes. You must
resolve and prevent excessive software change.

7040 Error Incompatible An application control ruleset could not be assigned to

Application one or more computers because the ruleset is not
Control Ruleset supported by the installed version of the agent.
Typically, the problem is that a hash-based ruleset
(which is compatible only with Deep Security Agent
11.0 or newer) has been assigned to an older Deep
Security Agent. Deep Security Agent 10.x supports
only file-based rulesets. (For details, see Differences
in how Deep Security Agent 10 and 11 compare files.)
To fix this issue, upgrade the Deep Security Agent to
version 11.0 or newer. Alternatively, if you are using
local rulesets, reset application control for the agent.
Or if you are using a shared ruleset, use a shared
ruleset that was created with Deep Security 10.x until
all agents using the shared ruleset are upgraded to
Deep Security Agent 11.0 or newer.

7041 Info Application An application control ruleset was upgraded from a

Control Ruleset file based ruleset to a hash based ruleset (For details
 Control Ruleset file-based ruleset to a hash-based ruleset. (For details,
ID Severity Upgraded
Event see Differences
Description in how Deep
or Solution Security Agent 10 and
11 compare files.)

7042 Info Application  

Control Software
Inventory Deleted

7043 Info A computer reboot  

is required to
complete
Application
Control protection

Privacy Notice

Looking for help for other versions?

© 2021 Trend Micro Incorporated. All rights reserved.

Last Modified: June 12, 2021