Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"Intrusion Prevention Rules Failed to Compile" error appears in Deep Security

    • Updated:
    • 21 Jun 2019
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

Performing an update on a machine may fail and the following error may occur on Deep Security Manager:

Intrusion Prevention Rules Failed to Compile
Description: This error may be caused by system memory issues. Please check the DS_Agent.Log file and search for the error messages related to Compile, or check the diagnostic package for details.

On the Agent/Appliance Events, the following appear:

Level: Error
Event ID: 2090
Event: Security Configuration Error
Description: Error compiling configuration:
Error(s) error: too many application types apply to port 80 can't open preload file - ignored /var/opt/ds_agent/filter/preload.tbf 1 errors during parsing

Details
Public

This error may occur because the maximum number of Application Type that can be assigned on a port is reached. By default, the maximum number allowed is eight (8). Once it reaches nine (9) or above, the error will display.

To resolve the issue, create the following port lists and apply the following Application Types:

  • Custom Port List 1, Incoming, Port(s): 80
    • Web Application Perl Based
    • Web Application PHP Based
    • Web Server Apache
  • Custom Port List 2, Outgoing, Port(s): 80, 8080, 3128
    • Web Client Common
    • Web Client Mozilla Firefox
    • Web Proxy Squid
  • Custom Port List 3, Incoming, Port(s): 80, 8000, 8080, 8081, 3000, 3128, 443
    • Web Server Squid
    • Web Server HTTPS
    • Web Application Tomcat
    • Web Application Ruby Based

To apply on computer-level:

  1. Log in to the web console with administrator privileges.
  2. Create a custom port list.
    1. On the web console, go to Policies > Lists > Port Lists.
    2. Click New > New Port Lists.
    3. Enter a name and description for the port list.
    4. Under ports, input the ports listed above, one port per line.
    5. Repeat these steps for each of the three port lists.
  3. On the web console, go to Computers and select the necessary computer.
  4. Navigate to Intrusion Prevention > Assign/Unassign...
  5. Modify the drop-down list to All, Assigned, and By Application Type.
  6. Edit the Application Type on the computer-level.
    1. On the upper-right, search for the application type (e.g. Web Application PHP).
    2. Click the Application Type and select all IPS rules listed underneath. There is no need to select the checkbox of the application type.
    3. Right-click and select Application Type Properties...
    4. On port, uncheck Inherited and modify the drop-down button from Any to Port Lists.
    5. Select the appropriate port list (e.g. Custom Port List 1), and then click OK.
  7. Repeat Steps 1-6 for all the involved application types.

Another possible cause of this error is the invalid IP address format of the IP List or IP address defined in one of the Firewall Rules, which is assigned in the Security Profile. The IP address might contain an extra dot (.) after the last octet ("x.x.x.x.").

To resolve the issue:

  1. Log in to the Deep Security Manager (DSM) console.
  2. Go to Policies > Lists > IP Lists.
  3. Check the IP address defined in each of the list.
  4. Remove the extra dot (.) after the last IP address ("x.x.x.x.").
    It should look like this: "x.x.x.x"
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1104703
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.