Settings reference | Trend Micro

Views:

The following tables list the settings that are available in the API with a description. Setting names are prefixed with platform or the name of the associated protection module. Suffixes can indicate the nature of the setting. For example, the Enabled suffix indicates a Boolean value.

Tip

For information about how to configure settings see the following sections:

Default policy, policy, and computer settings

Note

The following table lists the settings that are included in default policy settings, policy settings, and computer settings. Note that these settings are included only in DefaultPolicySettings:

antiMalwareSettingState
applicationControlSettingState
firewallSettingState
integrityMonitoringSettingState
intrusionPreventionSettingState
logInspectionSettingState
sapSettingState
webReputationSettingState

Setting	Description
Anti-Malware Settings
antiMalwareSettingBehaviorMonitoringScanExclusionList	Scan Exclusions for Suspicious Activity/Unauthorized Change
antiMalwareSettingCombinedModeProtectionSource	Anti-Malware
antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled	Submit files identified as suspicious by Document Exploit Protection scanning to Deep Discovery Analyzer
antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled	Use Apex Central's Suspicious Object List
antiMalwareSettingDocumentExploitProtectionRuleExceptions	Allowed Advanced Threat Detection Rules
antiMalwareSettingFileHashEnabled	Calculate Hash values of all anti-malware events (at least SHA1 by default)
antiMalwareSettingFileHashMd5Enabled	MD5
antiMalwareSettingFileHashSha256Enabled	SHA256
antiMalwareSettingFileHashSizeMaxMbytes	Skip hash values calculation if file size is large than (64MB~512MB)
antiMalwareSettingIdentifiedFilesSpaceMaxMbytes	Maximum disk space used to store identified files
antiMalwareSettingMalwareScanMultithreadedProcessingEnabled	Use multithreaded processing for Malware scans (if available)
antiMalwareSettingNsxSecurityTaggingEnabled	Anti-Malware NSX Security Tagging State
antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled	Anti-Malware NSX Only Tag on Failure to Remediate
antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled	Anti-Malware NSX Remove Tag
antiMalwareSettingNsxSecurityTaggingValue	Anti-Malware NSX Security Tag
antiMalwareSettingPredictiveMachineLearningExceptions	Predictive Machine Learning Exclusion List
antiMalwareSettingScanCacheOnDemandConfigId	Anti-Malware On Demand Scan Cache Configuration
antiMalwareSettingScanCacheRealTimeConfigId	Anti-Malware Real-Time Scan Cache Configuration
antiMalwareSettingScanFileSizeMaxMbytes	Maximum file size to scan
antiMalwareSettingSmartProtectionGlobalServerEnabled	Use Global Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled	Use Proxy when accessing Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal	When off domain, connect to global Smart Protection Service. (Windows only)
antiMalwareSettingSmartProtectionLocalServerUrls	Local Smart Protection Servers for Smart Scan
antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled	Warn if connection to Smart Protection Server is lost
antiMalwareSettingSmartScanState	Smart Scan State
antiMalwareSettingSpywareApprovedList	Allowed Spyware/Grayware
antiMalwareSettingState (Default policy settings only)	Anti-Malware State
antiMalwareSettingSyslogConfigId	Anti-Malware Syslog Configuration
antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax	Max On-Demand Malware Scan Cache Entries
antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax	Max Real-Time Malware Scan Cache Entries
Application Control Settings
applicationControlSettingExecutionEnforcementLevel	Enforcement:
applicationControlSettingRulesetMode	Ruleset mode:
applicationControlSettingSharedRulesetId	Shared Application Control Ruleset
applicationControlSettingState (Default policy settings only)	Application Control State
applicationControlSettingSyslogConfigId	Application Control Syslog Configuration
Firewall Settings
firewallSettingAntiEvasionCheckEvasiveRetransmit	Evasive Retransmit
firewallSettingAntiEvasionCheckFinNoConnection	FIN packet out of connection
firewallSettingAntiEvasionCheckFragmentedPackets	Fragmented Packets
firewallSettingAntiEvasionCheckOutNoConnection	Outgoing packet out of connection
firewallSettingAntiEvasionCheckPaws	Invalid TCP Timestamps
firewallSettingAntiEvasionCheckRstNoConnection	RST packet out of connection
firewallSettingAntiEvasionCheckTcpChecksum	TCP Checksum
firewallSettingAntiEvasionCheckTcpCongestionFlags	TCP Congestion Flags
firewallSettingAntiEvasionCheckTcpPawsZero	Timestamp PAWS Zero Allowed
firewallSettingAntiEvasionCheckTcpRstFinFlags	TCP Rst Fin Flags
firewallSettingAntiEvasionCheckTcpSplitHandshake	TCP Split Handshake
firewallSettingAntiEvasionCheckTcpSynFinFlags	TCP Syn Fin Flags
firewallSettingAntiEvasionCheckTcpSynRstFlags	TCP Syn Rst Flags
firewallSettingAntiEvasionCheckTcpSynWithData	TCP Syn with Data
firewallSettingAntiEvasionCheckTcpUrgentFlags	TCP Urgent Flags
firewallSettingAntiEvasionCheckTcpZeroFlags	TCP Zero Flags
firewallSettingAntiEvasionSecurityPosture	Anti-Evasion Posture
firewallSettingAntiEvasionTcpPawsWindowPolicy	TCP Timestamp PAWS Window
firewallSettingCombinedModeProtectionSource	Firewall
firewallSettingConfigPackageExceedsAlertMaxEnabled	Advanced - Generate an Alert when Agent configuration package exceeds maximum size
firewallSettingEngineOptionAckTimeout	ACK Storm Timeout
firewallSettingEngineOptionAllowNullIpEnabled	Allow Null IP
firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled	Advanced - Block IPv6 on Agents and Appliances versions 8 and earlier
firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled	Advanced - Block IPv6 on Agents and Appliances verions 9 and later
firewallSettingEngineOptionBlockSameSrcDstIpEnabled	Block Same Src-Dest IP Address
firewallSettingEngineOptionBootStartTimeout	Boot Start Timeout
firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled	Bypass Cisco WAAS Connections
firewallSettingEngineOptionCloseTimeout	CLOSED Timeout
firewallSettingEngineOptionCloseWaitTimeout	CLOSE_WAIT Timeout
firewallSettingEngineOptionClosingTimeout	CLOSING Timeout
firewallSettingEngineOptionColdStartTimeout	Cold Start Timeout
firewallSettingEngineOptionConnectionCleanupTimeout	Connection Cleanup Timeout
firewallSettingEngineOptionConnectionsCleanupMax	Maximum Connections per Cleanup
firewallSettingEngineOptionConnectionsNumIcmpMax	Maximum ICMP Connections
firewallSettingEngineOptionConnectionsNumTcpMax	Maximum TCP Connections
firewallSettingEngineOptionConnectionsNumUdpMax	Maximum UDP Connections
firewallSettingEngineOptionDebugModeEnabled	Enable Debug Mode
firewallSettingEngineOptionDebugPacketNumMax	Number of Packets to retain in Debug Mode
firewallSettingEngineOptionDisconnectTimeout	DISCONNECT Timeout
firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled	Drop 6to4 Bogon Addresses
firewallSettingEngineOptionDropEvasiveRetransmitEnabled	Drop Evasive Retransmit
firewallSettingEngineOptionDropIpZeroPayloadEnabled	Drop IP Packet with Zero Payload
firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled	Drop IPv6 Bogon Addresses
firewallSettingEngineOptionDropIpv6ExtType0Enabled	Drop IPv6 Extension Type 0
firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled	Drop IPv6 Fragments Lower Than minimum MTU
firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled	Drop IPv6 Reserved Addresses
firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled	Drop IPv6 Site Local Addresses
firewallSettingEngineOptionDropTeredoAnomaliesEnabled	Drop Teredo Anomalies
firewallSettingEngineOptionDropUnknownSslProtocolEnabled	Drop Unknown SSL Protocol
firewallSettingEngineOptionErrorTimeout	ERROR Timeout
firewallSettingEngineOptionEstablishedTimeout	ESTABLISHED Timeout
firewallSettingEngineOptionEventNodesMax	Number of Event Nodes
firewallSettingEngineOptionFilterIpv4Tunnels	Filter IPv4 Tunnels
firewallSettingEngineOptionFilterIpv6Tunnels	Filter IPv6 Tunnels
firewallSettingEngineOptionFinWait1Timeout	FIN_WAIT1 Timeout
firewallSettingEngineOptionForceAllowDhcpDns	Force Allow DHCP DNS
firewallSettingEngineOptionForceAllowIcmpType3Code4	Force Allow ICMP type3 code4
firewallSettingEngineOptionFragmentOffsetMin	Minimum Fragment Offset
firewallSettingEngineOptionFragmentSizeMin	Minimum Fragment Size
firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled	Generate Connection Events for ICMP
firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled	Generate Connection Events for TCP
firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled	Generate Connection Events for UDP
firewallSettingEngineOptionIcmpTimeout	ICMP Timeout
firewallSettingEngineOptionIgnoreStatusCode0	Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode1	Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode2	Ignore Status Code
firewallSettingEngineOptionLastAckTimeout	LAST_ACK Timeout
firewallSettingEngineOptionLogAllPacketDataEnabled	Log All Packet Data
firewallSettingEngineOptionLogEventsPerSecondMax	Maximum Events Per Second
firewallSettingEngineOptionLogOnePacketPeriod	Period for Log only one packet within period
firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled	Log only one packet within period
firewallSettingEngineOptionLogPacketLengthMax	Maximum data size to store when packet data is captured
firewallSettingEngineOptionLoggingPolicy	Advanced Logging Policy
firewallSettingEngineOptionSilentTcpConnectionDropEnabled	Silent TCP Connection Drop
firewallSettingEngineOptionSslSessionSize	SSL Session Size
firewallSettingEngineOptionSslSessionTime	SSL Session Time
firewallSettingEngineOptionStrictTerodoPortCheckEnabled	Strict Teredo Port Check
firewallSettingEngineOptionSynRcvdTimeout	SYN_RCVD Timeout
firewallSettingEngineOptionSynSentTimeout	SYN_SENT Timeout
firewallSettingEngineOptionTcpMssLimit	TCP MSS Limit
firewallSettingEngineOptionTunnelDepthMax	Maximum Tunnel Depth
firewallSettingEngineOptionTunnelDepthMaxExceededAction	Action if Maximum Tunnel Depth Exceeded
firewallSettingEngineOptionUdpTimeout	UDP Timeout
firewallSettingEngineOptionVerifyTcpChecksumEnabled	Verify TCP Checksum
firewallSettingEngineOptionsEnabled	Use custom driver settings
firewallSettingEventLogFileCachedEntriesLifeTime	Cache Lifetime
firewallSettingEventLogFileCachedEntriesNum	Cache Size
firewallSettingEventLogFileCachedEntriesStaleTime	Cache Stale time
firewallSettingEventLogFileIgnoreSourceIpListId	Do not record events with source IP of
firewallSettingEventLogFileRetainNum	Number of event log files to retain (on Agent/Appliance)
firewallSettingEventLogFileSizeMax	Maximum size of the event log files (on Agent/Appliance)
firewallSettingEventsOutOfAllowedPolicyEnabled	Generate Firewall Events for packets that are 'Out Of Allowed Policy'
firewallSettingFailureResponseEngineSystem	Network Engine System Failure
firewallSettingFailureResponsePacketSanityCheck	Network Packet Sanity Check Failure
firewallSettingInterfaceIsolationEnabled	Enable Interface Isolation
firewallSettingInterfaceLimitOneActiveEnabled	Limit to one active interface
firewallSettingInterfacePatterns	Interface Patterns
firewallSettingNetworkEngineMode	Network Engine Mode
firewallSettingReconnaissanceBlockFingerprintProbeDuration	Computer OS Fingerprint Probe - Block Traffic
firewallSettingReconnaissanceBlockNetworkOrPortScanDuration	Network or Port Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpNullScanDuration	TCP Null Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpSynFinScanDuration	TCP SYNFIN Scan - Block Traffic
firewallSettingReconnaissanceBlockTcpXmasAttackDuration	TCP Xmas Scan - Block Traffic
firewallSettingReconnaissanceDetectFingerprintProbeEnabled	Computer OS Fingerprint Probe - Enabled
firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled	Network or Port Scan - Enabled
firewallSettingReconnaissanceDetectTcpNullScanEnabled	TCP Null Scan - Enabled
firewallSettingReconnaissanceDetectTcpSynFinScanEnabled	TCP SYNFIN Scan - Enabled
firewallSettingReconnaissanceDetectTcpXmasAttackEnabled	TCP Xmas Scan - Enabled
firewallSettingReconnaissanceEnabled	Reconnaissance Scan Detection - Enabled
firewallSettingReconnaissanceExcludeIpListId	Reconnaissance Scan Detection - Do not perform detection on traffic coming from
firewallSettingReconnaissanceIncludeIpListId	Reconnaissance Scan Detection - Computers/Networks on which to perform detection
firewallSettingReconnaissanceNotifyFingerprintProbeEnabled	Computer OS Fingerprint Probe - Notify DSM Immediately
firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled	Network or Port Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpNullScanEnabled	TCP Null Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled	TCP SYNFIN Scan - Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled	TCP Xmas Scan - Notify DSM Immediately
firewallSettingState (Default policy settings only)	Firewall State
firewallSettingSyslogConfigId	Firewall and Intrusion Prevention Syslog Configuration
firewallSettingVirtualAndContainerNetworkScanEnabled	Scan container network traffic
Integrity Monitoring Settings
integrityMonitoringSettingAutoApplyRecommendationsEnabled	Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during Recommendation Scans
integrityMonitoringSettingCombinedModeProtectionSource	Integrity Monitoring
integrityMonitoringSettingContentHashAlgorithm	Integrity Monitoring Hash Algorithm
integrityMonitoringSettingCpuUsageLevel	Integrity Monitoring CPU Usage Level:
integrityMonitoringSettingRealtimeEnabled	Real Time
integrityMonitoringSettingScanCacheConfigId	Integrity Scan Cache Configuration:
integrityMonitoringSettingState (Default policy settings only)	Integrity Monitoring State
integrityMonitoringSettingSyslogConfigId	Integrity Monitoring Syslog Configuration
integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax	Max Integrity Monitoring Scan Cache Entries
Intrusion Prevention Settings
intrusionPreventionSettingAutoApplyRecommendationsEnabled	Automatically implement Recommendations
intrusionPreventionSettingCombinedModeProtectionSource	Intrusion Prevention
intrusionPreventionSettingEngineOptionFragmentedIpKeepMax	Maximum number of fragmented IP packets to keep
intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled	Send ICMP to indicate fragmented packet timeout exceeded
intrusionPreventionSettingEngineOptionFragmentedIpTimeout	Fragment Timeout
intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled	Bypass MAC addresses that don't belong to host
intrusionPreventionSettingEngineOptionsEnabled	Use custom driver settings
intrusionPreventionSettingLogDataRuleFirstMatchEnabled	Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period)
intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel	Detect Mode
intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel	Prevent Mode
intrusionPreventionSettingState (Default policy settings only)	Intrusion Prevention State
intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled	Scan container network traffic
Log Inspection Settings
logInspectionSettingAutoApplyRecommendationsEnabled	Automatically assign/unassign recommended Log Inspection Rules to Computer during Recommendation Scans
logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin	Send Agent/Appliance events to syslog when they equal or exceed the following severity level
logInspectionSettingSeverityClippingAgentEventStoreLevelMin	Store events at the Agent/Appliance for later retrieval by DSM when they equal or exceed the following severity level
logInspectionSettingState (Default policy settings only)	Log Inspection State
logInspectionSettingSyslogConfigId	Log Inspection Syslog Configuration
Platform Settings
platformSettingAgentCommunicationsDirection	Direction of Server & Workload Protection to Agent/Appliance communication
platformSettingAgentEventsSendInterval	Period between sending of events
platformSettingAgentSelfProtectionEnabled	Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent
platformSettingAgentSelfProtectionPassword	Password
platformSettingAgentSelfProtectionPasswordEnabled	Local override requires password
platformSettingAutoAssignNewIntrusionPreventionRulesEnabled	Automatically assign new Intrusion Prevention Rules as required by updated Application Types and Intrusion Prevention Rule dependencies
platformSettingAutoUpdateAntiMalwareEngineEnabled	Automatically update anti-malware engine
platformSettingCombinedModeNetworkGroupProtectionSource	Network Combined Mode Affinity
platformSettingEnvironmentVariableOverrides	Environment Variable Overrides
platformSettingHeartbeatInactiveVmOfflineAlertEnabled	Raise Offline Errors For Inactive Virtual Machines
platformSettingHeartbeatInterval	Heartbeat Interval
platformSettingHeartbeatLocalTimeShiftAlertThreshold	Maximum change (in minutes) of the local system time on the computer between heartbeats before an alert is raised
platformSettingHeartbeatMissedAlertThreshold	Number of Heartbeats that can be missed before an alert is raised
platformSettingInactiveAgentCleanupOverrideEnabled	Prevent this computer from being deleted if Inactive Agent Cleanup is enabled:
platformSettingNotificationsSuppressPopupsEnabled	Suppress all pop-up notifications on host
platformSettingOverwriteHostnameDuringHeartbeatEnabled	Automatically update the computer name to the latest reported by the agent
platformSettingRecommendationOngoingScansInterval	Ongoing Scan Interval
platformSettingRelayState	Relay State
platformSettingScanCacheConcurrencyMax	Max Concurrent Scans
platformSettingScanOpenPortListId	Ports to scan
platformSettingSmartProtectionAntiMalwareGlobalServerProxyId	Use Proxy when accessing Smart Protection Service for Smart Scan
platformSettingSmartProtectionGlobalServerEnabled	Use Global Service for Census
platformSettingSmartProtectionGlobalServerProxyId	Use Proxy when accessing Global Service for Census
platformSettingSmartProtectionGlobalServerUseProxyEnabled	Use Proxy when accessing Global Service for Census
platformSettingTroubleshootingLoggingLevel	Logging Level
platformSettingUpgradeOnActivationEnabled	Automatically upgrade agents on activation
SAP Settings
sapSettingState (Default policy settings only)	Configuration
Sensing Mode Settings
sensingModeSettingActivityEnabled	Sensor Activity Enabled
sensingModeSettingIndicatorEnabled	Sensor Indicator Enabled
sensingModeSettingState (Default policy settings only)	Sensing Mode State
sensingModeSettingSyslogConfigId	Sensing Mode Configuration
Web Reputation Settings
webReputationSettingAlertingEnabled	Alert
webReputationSettingAllowedUrlDomains	Allowed Domain URLs
webReputationSettingAllowedUrls	Allowed Page URLs
webReputationSettingBlockedUrlDomains	Blocked Domain URLs
webReputationSettingBlockedUrlKeywords	Blocked Keywords
webReputationSettingBlockedUrls	Blocked Page URLs
webReputationSettingBlockingPageLink	Blocked Page Link
webReputationSettingCombinedModeProtectionSource	Web Reputation
webReputationSettingMonitorPortListId	Ports to monitor
webReputationSettingSecurityBlockUntestedPagesEnabled	Block Untested Pages
webReputationSettingSecurityLevel	Security Level
webReputationSettingSmartProtectionGlobalServerUseProxyEnabled	Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal	When off domain, connect to global Smart Protection Service. (Windows only)
webReputationSettingSmartProtectionLocalServerEnabled	Use Local Smart Protection Server for Web Reputation Service
webReputationSettingSmartProtectionLocalServerUrls	Local Smart Protection Servers for Web Reputation
webReputationSettingSmartProtectionServerConnectionLostWarningEnabled	Warn if connection to Smart Protection Server is lost
webReputationSettingSmartProtectionWebReputationGlobalServerProxyId	Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingState (Default policy settings only)	Web Reputation State
webReputationSettingSyslogConfigId	Web Reputation Syslog Configuration

System settings

Setting	Description
Anti-Malware Settings
antiMalwareSettingEventEmailBodyTemplate	Email Template
antiMalwareSettingEventEmailEnabled	Anti-Malware Email Notifications Enabled
antiMalwareSettingEventEmailRecipients	Email Recipients
antiMalwareSettingEventEmailSubject	Email Subject Text
antiMalwareSettingRetainEventDuration	Automatically delete Anti-Malware Events older than
Application Control Settings
applicationControlSettingRetainEventDuration	Automatically delete Application Control Events older than
applicationControlSettingServeRulesetsFromRelaysEnabled	Serve application control rulesets from relays
Firewall Settings
firewallSettingEventRankSeverityDeny	Deny
firewallSettingEventRankSeverityLogOnly	Log Only
firewallSettingEventRankSeverityPacketRejection	Packet Rejection
firewallSettingGlobalStatefulConfigId	Global Firewall Stateful Configuration
firewallSettingInternetConnectivityTestExpectedContentRegex	Regular Expression for returned content used to confirm Connectivity
firewallSettingInternetConnectivityTestInterval	Test Interval
firewallSettingInternetConnectivityTestUrl	URL for testing Internet Connectivity Status
firewallSettingIntranetConnectivityTestExpectedContentRegex	Regular Expression for returned content used to confirm Intranet Connectivity
firewallSettingIntranetConnectivityTestUrl	URL for testing Intranet Connectivity Status
firewallSettingRetainEventDuration	Automatically delete Firewall Events older than
Integrity Monitoring Settings
integrityMonitoringSettingEventRankSeverityCritical	Critical
integrityMonitoringSettingEventRankSeverityHigh	High
integrityMonitoringSettingEventRankSeverityLow	Low
integrityMonitoringSettingEventRankSeverityMedium	Medium
integrityMonitoringSettingRetainEventDuration	Automatically delete Integrity Monitoring Events older than
Intrusion Prevention Settings
intrusionPreventionSettingEventRankSeverityFilterCritical	Critical
intrusionPreventionSettingEventRankSeverityFilterError	Error
intrusionPreventionSettingEventRankSeverityFilterHigh	High
intrusionPreventionSettingEventRankSeverityFilterLow	Low
intrusionPreventionSettingEventRankSeverityFilterMedium	Medium
intrusionPreventionSettingRetainEventDuration	Automatically delete Intrusion Prevention Events older than
Log Inspection Settings
logInspectionSettingEventRankSeverityCritical	Critical
logInspectionSettingEventRankSeverityHigh	High
logInspectionSettingEventRankSeverityLow	Low
logInspectionSettingEventRankSeverityMedium	Medium
logInspectionSettingRetainEventDuration	Automatically delete Log Inspection Events older than
Platform Settings
platformSettingActiveSessionsMax	Number of concurrent sessions allowed per User
platformSettingActiveSessionsMaxExceededAction	Action when concurrent session limit is exceeded
platformSettingAgentInitiatedActivationDuplicateHostnameMode	If a computer already exists
platformSettingAgentInitiatedActivationEnabled	Allow Agent-Initiated Activation
platformSettingAgentInitiatedActivationPolicyId	Policy to assign (if Policy not assigned by activation script):
platformSettingAgentInitiatedActivationReactivateClonedEnabled	Reactivate cloned Agents
platformSettingAgentInitiatedActivationReactivateUnknownEnabled	Reactivate unknown Agents
platformSettingAgentInitiatedActivationSpecifyHostnameEnabled	Allow Agent to specify hostname
platformSettingAgentInitiatedActivationWithinIpListId	Agent-Initiated Activation IP List
platformSettingAgentlessVcloudProtectionEnabled	Allow Appliance protection of vCloud VMs
platformSettingAlertAgentUpdatePendingThreshold	Length of time an Update can be pending before raising an Alert
platformSettingAlertDefaultEmailAddress	Alert Email Address - The email address to which all alert emails should be sent
platformSettingAwsManagerIdentityAccessKey	Access Key - The Access Key of an AWS User used for the manager identity
platformSettingAwsManagerIdentitySecretKey	Secret Key - The Secret Access Key of an AWS User used for the manager identity
platformSettingAwsManagerIdentityUseInstanceRoleEnabled	Use Instance Role
platformSettingCaptureEncryptedTrafficEnabled	Allow packet data capture on encrypted traffic (SSL)
platformSettingConnectedThreatDefenseControlManagerManualSourceApiKey	API Key
platformSettingConnectedThreatDefenseControlManagerManualSourceServerUrl	Server URL (ex: "https://[server]/webapp")
platformSettingConnectedThreatDefenseControlManagerProxyId	Use Proxy when accessing Apex Central
platformSettingConnectedThreatDefenseControlManagerSourceOption	Suspicious Object List Source
platformSettingConnectedThreatDefenseControlManagerSuspiciousObjectListComparisonEnabled	Compare objects against Suspicious Object List
platformSettingConnectedThreatDefenseControlManagerUseProxyEnabled	When accessing Apex Central, use proxy:
platformSettingConnectedThreatDefensesUsePrimaryTenantServerSettingsEnabled	Use default server settings
platformSettingDdanAutoSubmissionEnabled	Enable automatic file submission
platformSettingDdanManualSourceApiKey	API Key
platformSettingDdanManualSourceServerUrl	Server URL (ex: "https://[server]/")
platformSettingDdanProxyId	Use Proxy when accessing Deep Discovery Analyzer
platformSettingDdanSourceOption	Deep Discovery Analyzer Source
platformSettingDdanSubmissionEnabled	Enable submission of suspicious files to Deep Discovery Analyzer
platformSettingDdanUseProxyEnabled	When accessing Deep Discovery Analyzer, use proxy:
platformSettingDemoModeEnabled	Demo Mode Enabled
platformSettingEventForwardingSnsAccessKey	Access Key - The Access Key of an AWS User with access to the SNS Topic
platformSettingEventForwardingSnsAdvancedConfigEnabled	Amazon SNS Advanced Configuration
platformSettingEventForwardingSnsConfigJson	Amazon SNS Configuration
platformSettingEventForwardingSnsEnabled	Publish Events to Amazon Simple Notification Service
platformSettingEventForwardingSnsSecretKey	Secret Key - The Secret Key of an AWS User with access to the SNS Topic
platformSettingEventForwardingSnsTopicArn	SNS Topic ARN
platformSettingExportedDiagnosticPackageLocale	Exported Diagnostic Package Language
platformSettingExportedFileCharacterEncoding	Exported file Character Encoding
platformSettingInactiveAgentCleanupDuration	Delete Agents that have been inactive for:
platformSettingInactiveAgentCleanupEnabled	Delete Agents that have been inactive for:
platformSettingManagedDetectResponseCompanyGuid	Company GUID
platformSettingManagedDetectResponseEnabled	Enable the MDR service
platformSettingManagedDetectResponseProxyId	Use Proxy when accessing MDR server
platformSettingManagedDetectResponseServerUrl	Server URL (ex: "https://[server]/")
platformSettingManagedDetectResponseServiceToken	Service Token
platformSettingManagedDetectResponseUsePrimaryTenantSettingsEnabled	Use default server settings
platformSettingManagedDetectResponseUseProxyEnabled	When accessing MDR server, use proxy:
platformSettingProxyAgentUpdateProxyId	Primary Component Update Proxy used by Agents, Appliances, and Relays:
platformSettingRecommendationOngoingScansEnabled	Perform ongoing Recommendation Scans
platformSettingRetainAgentInstallersPerPlatformMax	Number of older software versions to keep per platform
platformSettingRetainCountersDuration	Automatically delete Counters older than
platformSettingRetainSecurityUpdatesMax	Number of older Rule Updates to keep
platformSettingRetainSystemEventDuration	Automatically delete System Events older than
platformSettingSamlIdentityProviderCertificateExpiryWarningDays	Warn when a SAML identity provider certificate will expire within (days)
platformSettingSamlRetainInactiveExternalAdministratorsDuration	Automatically delete inactive identity provider users after (days)
platformSettingSmartProtectionFeedbackBandwidthMaxKbytes	Maximum bandwidth:
platformSettingSmartProtectionFeedbackEnabled	Enable Trend Micro Smart Feedback (recommended)
platformSettingSmartProtectionFeedbackForSuspiciousFileEnabled	Send suspicious file signatures along with feedback
platformSettingSmartProtectionFeedbackIndustryType	Your industry (optional):
platformSettingSmartProtectionFeedbackInterval	Feedback Interval (min)
platformSettingSmartProtectionFeedbackThreatDetectionsThreshold	Feedback Interval by threats
platformSettingSmtpBounceEmailAddress	"Bounce" email address (optional) - The email address to which delivery failure notifications should be sent
platformSettingSmtpFromEmailAddress	"From" email address - The email address from which outgoing emails should be sent
platformSettingSmtpPassword	SMTP password
platformSettingSmtpRequiresAuthenticationEnabled	Mail server requires authentication
platformSettingSmtpServerAddress	SMTP mail server address (optionally include :port)
platformSettingSmtpStartTlsEnabled	STARTTLS
platformSettingSmtpUsername	SMTP username
platformSettingSyslogConfigId	Forward System Events to a remote computer (via Syslog) using configuration
platformSettingSystemEventForwardingSnmpAddress	Hostname or IP address to which events should be sent
platformSettingSystemEventForwardingSnmpEnabled	Forward System Events to a remote computer (via SNMP)
platformSettingSystemEventForwardingSnmpPort	UDP port to which events should be sent
platformSettingTenantAllowImpersonationByPrimaryTenantEnabled	Allow Primary Tenant access to my Server & Workload Protection Environment
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled	Automatically revoke Primary Tenant access after
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout	Automatically revoke Primary Tenant access after
platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled	Use the Primary Tenant Relay Group as my Default Relay Group
platformSettingTrendMicroXdrApiKey	API Key
platformSettingTrendMicroXdrApiServerUrl	API Server URL
platformSettingTrendMicroXdrApiUser	API User
platformSettingTrendMicroXdrCompanyId	Company ID
platformSettingTrendMicroXdrEnabled	Forward activity data to Trend Micro XDR data lake
platformSettingTrendMicroXdrLogServerUrl	Log Server URL
platformSettingUpdateAgentSecurityContactPrimarySourceOnMissingRelayEnabled	Allow Agents/Appliances to download component updates directly from Primary Component Update Source if Relays are not accessible
platformSettingUpdateAgentSecurityOnMissingDeepSecurityManagerEnabled	Allow Agents/Appliances to download component updates when Server & Workload Protection is not accessible
platformSettingUpdateApplianceDefaultAgentVersion	Upon deployment, update Virtual Appliances to
platformSettingUpdateHostnameOnIpChangeEnabled	Update the "Hostname" entry if an IP is used as a hostname and a change in IP is detected on the computer after Agent/Appliance-initiated communication or discovery
platformSettingUpdateRelaySecurityAllRegionsPatternsDownloadEnabled	Download Patterns for all Regions
platformSettingUpdateRelaySecuritySupportAgent9AndEarlierEnabled	Allow supported 8.0 and 9.0 Agents to be updated
platformSettingUpdateRulesPolicyAutoApplyEnabled	Automatically apply Rule Updates to Policies
platformSettingUpdateSecurityPrimarySourceMode	Relay Update Source
platformSettingUpdateSecurityPrimarySourceUrl	URL
platformSettingUpdateSoftwareAlternateUpdateServerUrls	Alternate Software Update Web Server(s)
platformSettingUserHideUnlicensedModulesEnabled	Hide unlicensed Protection Modules for new Users
platformSettingUserPasswordExpiry	User password expires
platformSettingUserPasswordExpirySendEmailEnabled	Send email when a user's password is about to expire
platformSettingUserPasswordLengthMin	User password minimum length
platformSettingUserPasswordRequireLettersAndNumbersEnabled	User password requires both letters and numbers
platformSettingUserPasswordRequireMixedCaseEnabled	User password requires both upper and lower case characters
platformSettingUserPasswordRequireNotSameAsUsernameEnabled	User password cannot match username or username spelled backward
platformSettingUserPasswordRequireSpecialCharactersEnabled	User password requires non-alphanumeric characters
platformSettingUserSessionDurationMax	Maximum session duration
platformSettingUserSessionIdleTimeout	Session idle timeout
platformSettingUserSignInAttemptsAllowedNumber	Number of incorrect sign-in attempts allowed (before lock out)
platformSettingWhoisUrl	Whois URL - The full URL to a Whois lookup with the IP represented as [IP]
Web Reputation Settings
webReputationSettingEventRankRiskBlockedByAdministratorRank	Blocked By Administrator
webReputationSettingEventRankRiskDangerous	Dangerous
webReputationSettingEventRankRiskHighlySuspicious	Highly Suspicious
webReputationSettingEventRankRiskSuspicious	Suspicious
webReputationSettingEventRankRiskUntested	Untested
webReputationSettingRetainEventDuration	Automatically delete Web Reputation Events older than