Trend Micro Deep Security 9 Tips

TrendMicroDeepSecurity9

Let me start off by saying that these tips may not be officially documented or supported by Trend Micro. These are simple fixes for some shortcomings in the administrative interface which I have run into.

Tip 1: Directory Synchronization Search Filter cannot be modified through the GUI.

If you have configured Deep Security to synchronize with your company’s LDAP or Active Directory to populate all available computers, you may have noticed that once you have setup the Directory you cannot edit the scope of your search. Once the sync has been configured and saved, you are only able to change the address, name, username and password as shown below… but what happens if you want to modify your search scope to include more or less machines. It appears from the admin window that you would need to delete the directory setup and start over.

Directory General SettingsDirectory Schema Settings

After the third time of doing this, and an unsuccessful call to support, I started looking for where this information was kept in the database. The good thing is the database structure is pretty easy to read, and I quickly discovered a table called dbo.directories where Deep Security Manager keeps all of the configurations for your multiple directory synchronizations. Since I am only using two it was pretty easy to figure out which of the two rows was my computer sync. The schema search filter is stored in a column appropriately labeled SearchFilter. After updating the search filter in the database and performing a manual synchronization, I was able to see the desired computers without having to re-build the entire directory sync.

This discovery led me to a second issue I had come across while initially setting up Deep Security Manager to sync with my Active Directory. All of our end user machines are contained within a specific top level OU. Once you enter your directory credentials, you do not have the option of specifying the search base (also referred to as Naming Context as shown in the right image above.) DSM forces you to use the root of the domain “DC=yourdomain,DC=com”. I’d rather not search through the entire domain each time a sync is run but I though I was out of luck. In the same table where you find the SearchFilter, there is another column labeled NamingContext which contains the search base DC=yourdomain,DC=com. I have not attempted to edit this yet to set the specific OU, but one would think you could specify the top level OU where you would want to begin your search by modifying this entry in the database. Test it out and see if it works for you, I will let you know my results once I test it on my own system.

Tip 2: A pending task shows in the status bar of DSM and never disappears.

In the process of activating a new VM, the task failed and had to be attempted again. My concern was the 1 Pending Activation task was still showing in the status bar at the bottom of the DSM web console. I waited 2 days to see if this would get cleared on it’s own, but the task never went away. I e-mailed support for a fix on this one, and am happy to say that there was a quick and easy fix. This fix was provided directly by Trend Micro support, so it should be fully supported to run.

Step 1: Connect to the SQL server where the DSM database is running.

Step 2: Execute the following SQL query to show all active tasks: “select * from managerjobs where CompletedDate is NULL;”

If there are no other active jobs, your hung job should be the only one listed. If it isn’t you can modify the next command select only one of the jobs.

Step 3: Execute the following SQL query to remove all unfinished tasks: “delete from managerjobs where CompletedDate is NULL;”

Again, if you don’t want to clear out other jobs which may currently be running you could modify the where clause to look something like “where CompletedDate is NULL and ManagerJobID = X” where X is the ID of the stuck job shown in the query statement above.

Within a few seconds of deleting the task from the database, you will see the pending job disappear from the DSM web console.

I will continue to add additional tips as I come across them, and feel free to e-mail me or post your own in the comments to be added to the post.

Thanks for reading!