To activate an agent from the command line, you need to know the tenant ID and password. You can get them from the deployment script. If you need to troubleshoot a Deep Security Agent issue, your support provider might ask you to create and send a diagnostic package from the computer.
For more detailed instructions, see Create an agent diagnostic package via CLI on a protected computer. So when Technical Support asks for a diagnostic package, you need to run the command directly on the agent computer.
Authentication password used with the optional agent self-protection feature. Required if you specified a password when enabling self-protection. For some query-commands, authentication can be bypassed directly, in such case, password is not required. Execute query-command against the agent. The following commands are supported: "GetHostInfo" : to query which identity is returned to the manager during a heartbeat "GetAgentStatus" : to query which protection modules are enabled, the status of Anti-Malware or Integrity Monitoring scans in progress, and other miscellaneous information "GetComponentInfo" : to query version information of anti-malware patterns and engines "GetPluginVersion" : to query version information of the agent and protection modules.
Some actions require either a -tenantname parameter or a -tenantid parameter. If execution problems occur when you use the tenant name, try the command using the associated tenant ID.
Add an Azure endpoint to the allowed endpoint list. The allowed endpoint list is used to validate endpoints that are specified when adding an Azure account to Deep Security Manager. If you do not specify any endpoints, then only the default built-in endpoints are allowed. Back up your deployment before running the command.
Don't use this command unless you understand the effects of the setting. Some misconfigurations can make your service unavailable, or your data unreadable. Usually, you should only use this command if requested by your technical support provider, who will tell you which setting NAME to change. Sometimes this command is required during normal use. If so, the setting will be described in that section of the documentation, such as masterkey. If needed, you can Increase verbose diagnostic package process memory.
If you already configured a master key during a new install , the installer has completed this setup for you. If you skipped master key creation, and want to configure one now, start with the commands in step 1. Enter all commands in order. To generate a new master key, start with the commands in step 1 and enter all commands in order. See also Install the manager for details on the master key, how it is generated, and what it encrypts. If you configured the master key during an upgrade , back up your database and properties files, and then start with the commands in step 4.
If using the local environment variable on a multi-node Deep Security Manager, it must be configured on all nodes at the system-level not user-level , and must include, at a minimum:.
You will be prompted for the password. This can be useful either for disaster recovery of a corrupted key, or to migrate the master key to another KMS. Before you run this command, you must delete the existing master key from the primary tenant T0 database. Tenant key seeds are used to derive sub-keys that you can use in the next step.
Safe to run multiple times; it will not apply multiple layers of encryption if the seed has already been encrypted. Optionally, if you want to encrypt only for new tenants while you slowly roll out to each existing tenant, you can enter this command first:. Default built-in endpoints cannot be removed. The following values can be returned:. Looking for help for other versions?
All rights reserved. Skip To Main Content. All Files. Submit Search. On Windows, when self-protection is enabled , local users cannot uninstall, update, stop, or otherwise control the agent. They must also supply the authentication password when running CLI commands.
In Deep Security 9. Some commands may cause the Deep Security Manager to restart. Once the commands have been run, ensure the Deep Security Manager has started up again.
If a custom master key is not configured, Deep Security will use a hard-coded seed, and personal data will not be encrypted by default. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams?
Collectives on Stack Overflow. Learn more. Asked 9 years, 9 months ago. Active 9 years, 8 months ago. Viewed 45k times. Mahavir Munot Mahavir Munot 1, 2 2 gold badges 20 20 silver badges 45 45 bronze badges. A reference of exit and error codes for Windows Commands can be found in the Debug system error codes articles that may be helpful to understanding errors produced. You can configure the Command shell to automatically complete file and directory names on a computer or user session when a specified control character is pressed.
By default this control character is configured to be the tab key for both file and directory names, although they can be different.
To change this control character, run regedit. Incorrectly editing the registry may severely damage your system. Before making the following changes to the registry, you should back up any valued data on the computer. Set these values to that of the control character you wish to use. See virtual key codes for a complete list. To disable a particular completion character in the registry, use the value for space 0x20 as it is not a valid control character.
You can also enable or disable file and directory name completion per instance of a Command shell by running cmd. User-specified settings take precedence over computer settings, and command-line options take precedence over registry settings. To find information about a specific command, in the following A-Z menu, select the letter that the command starts with, and then select the command name.
0コメント