There is no limit to the number of key:value pairs you can enter but the key:value pairs must be separated from each other by a space. They must be entered as key:value pairs (with a colon as a separator). Additional parameters are also available (see the table of available parameters below). The host name is the only required parameter. ( could be the Manager's fully qualified domain name (FQDN), IPv4 address, or IPv6 address, and is the Agent-to-Manager communication port number.) For example:ĭsa_control -a dsm://fe80::ad4a:af37:17cf:8937:4120 dsm://:/ is the parameter that points the Agent to the Manager.-a is the command to activate the Agent, and.The minimum activation instruction contains the activation command and the Manager's URL (including the port number): To enabled agent-initiated activation, go to Administration > System Settings > Agents and select Allow Agent-Initiated Activation. This is useful when a large number of computers will be added to an installation and you want to write a script to automate the activation process. You can manually activate an Agent from the Manager by right-clicking on the computer in the Computers screen and selecting Actions > Activate/Reactivate.Īgents can initiate the activation process using a locally-run command-line tool. This ensures that only one Manager (or one of its Manager Nodes) can send instructions to and communicate with the Agent. The activation process includes the exchange of unique fingerprints between the Agent and the Manager. The default value is 300.Īgent-initiated activation ("dsa_control -a")Īn Agent installed on a computer needs to be activated before the Manager can assign Rules and Policies to protect the computer. -dsm-retry-interval Approximate delay in seconds between retrying activations.-max-dsm-retries Number of times to retry an activation.-scanForChanges Scan for changes for Integrity Monitoring.-buildBaseline Build baseline for Integrity Monitoring.-y relay_proxy://: If the agent connects through a proxy to a relay for security updates and software, provide the proxy's IP address or FQDN and port number, separated by a colon (:).-x dsm_proxy://: If the agent connects through a proxy to the manager, provide the proxy's IP address or FQDN and port number, separated by a colon (:).-w : If the agent connects through a proxy to a relay for security updates and software, provide the proxy user name and password, separated by a colon (:).-u : If the agent connects through a proxy to the manager, provide the proxy user name and password, separated by a colon (:).There is a one second pause between retries. -t, -retries= If dsa_control cannot contact the Agent service to carry out accompanying instructions, this parameter instructs dsa_control to retry number of times.In Deep Security 9.0 and earlier, this option was -H, -harden= Command-line instructions must include the authentication password when self-protection is enabled. -s, -selfprotect= enable self-protection on the Agent by preventing local end-users from uninstalling, stopping, or otherwise controlling the Agent.-R, -restore= Restore quarantined file.To hide the password with asterisks (*) while you type, enter the interactive form of the command, which will prompt you for the password: If you type the password directly into the command line, it will be displayed on screen. -m, -heartbeat Ask the Agent to contact the Manager now.where port is the Manager's listening port number. -d, -diag Generate an agent diagnostic package.-c, -cert= Identify the certificate file.Where port is the manager's discovery and heartbeat port number. a, -activate= Activate agent with Manager at specified URL. /opt/ds_agent/dsa_control -m "AntiMalwareManualScan:true"ĭsa_control.dsa_control -m "AntiMalwareManualScan:true".cd C:\Program Files\Trend Micro\Deep Security Agent\.You can use dsa_control to configure some agent settings, and to manually trigger it to perform some actions such as an anti-malware scan or baseline rebuild. Your CLI commands must include the authentication password. On Windows, when self-protection is enabled ( -s, -selfprotect= where 1 is enable, and 0 is disable), local users cannot uninstall, update, stop, or otherwise control the agent.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |