Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Anti-Malware Email Notifications Plug-in for Deep Security 9.0

    • Updated:
    • 4 Sep 2015
    • Product/Version:
    • Deep Security 9.0
    • Platform:
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
Summary
The Anti-Malware Email Notifications Plug-in for Deep Security Manager (DSM) monitors anti-malware events and sends an email containing details of each new event to a list of recipients. This is different from the alert email notification which is configured in the Properties window of Anti-Malware Alert on the DSM console.
This plug-in allows DSM to send all anti-malware alerts through email, regardless if the alert had been raised on the Alert page of the console.
The Anti-Malware Email Notifications Plug-in checks for new anti-malware events every 30 seconds, during which it can send emails for a maximum of 1000 new events.
Details
Public
 
If multiple DSMs are installed and connected to the same database (multi-node manager feature), install the plug-in on one of the manager nodes only.

To install the plug-in:

  1. Download the Anti-Malware Email Notifications Plug-in.
  2. Save the JAR file in the plug-ins directory under the installation directory. This is C:\Program Files\Trend Micro\Deep Security Manager\plugins by default.
    Create a plugins directory if it is not present.
  3. Restart the Trend Micro Deep Security Manager service using the Services MMC, or via the command line using this command:
    net stop "Trend Micro Deep Security Manager"
    net start "Trend Micro Deep Security Manager"

After installing the plug-in, a new Events & Reports page will appear in the DSM console:

new Events and Reports page on DSM

 

If user uses the above procedure to enable Anti-Malware Email Notifications Plug-in on the DSM, and then upgrade the DSM from version 9.0 or 9.5 to 9.5 SP1 or 9.6, below issue may occur causing failure to start the DSM service.

 ==========
Jun 24, 2015 6:02:37 PM org.apache.catalina.core.ContainerBase startInternal
SEVERE: A child container failed during start
java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost]]
     at java.util.concurrent.FutureTask.report(FutureTask.java:122)
  at java.util.concurrent.FutureTask.get(FutureTask.java:192)
  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:917)
  at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
  at org.apache.catalina.core.StandardService.startInternal(StandardService.java:439)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
  at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:760)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
  at org.apache.catalina.startup.Tomcat.start(Tomcat.java:339)
  at com.thirdbrigade.manager.service.Tomcat.startTomcat(Tomcat.java:106)
  at com.thirdbrigade.manager.service.DSMService$WorkerThread.run(DSMService.java:226)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Tomcat].StandardHost[localhost]]
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
  at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
  at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399)
  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
  at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:925)
  at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:868)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 6 more
===========

As a workaround solution, do any of the following:

  • Follow the uninstallation procedure in this KB before upgrading the DSM from version 9.0 or 9.5 to 9.5 SP1 or 9.6.
  • Manually remove the plug-in “plugin-com.trendmicro.ds.antimalwareemailalertplugin-1.x.x.jar” form the following DSM folders:
    • C:\<DSM Installer Folder>\plugins
    • C:\<DSM Installer Folder>\webclient\webapps\ROOT\WEB-INF\lib

To uninstall the plug-in:

  1. Log in to the DSM console.
  2. Go to Administration > System Settings.
  3. Go to the Advanced tab and click the View Pluggable button.
  4. Select Trend Micro Inc. Anti-Malware Email Notification Plug-in and click Uninstall.

Enter a valid SMTP configuration under the System tab of the Systems Settings page. Once SMTP configuration is finished, you can configure the Anti-Malware Email Notifications Plug-in on the Events & Reports page.

Anti-Malware Email Notifications page on DSM

The following settings are available:

  • Anti-Malware Email Notifications Enabled controls whether or not email notifications will be sent for anti-malware events. Emails are sent only for events that occur after the feature is enabled.
  • Email Recipients is the list of email addresses that will receive the notification emails. At least one recipient is required.
  • Email Subject Text is the text that will appear in the email subject line.
  • Email Template is the template that will be used to format the body of the email message. The template is a mix of plain text and variables. Details of the malware event are inserted in the template using specially named variables enclosed in brackets. The full list of available variables is shown on the web page.
Premium
Internal
Rating:
Category:
Install
Solution Id:
1103517
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.