Property Section Parent topic

The following table lists the commands available for setup.ini. If no value is specified in the setup file, the default value will be used.

Setup.ini File [PROPERTY] Section Arguments

Key
Description
Possible Values
Default Value
Encrypted
ACTIVATION_CODE
Activation Code
<activation_code>
<empty>
No
NO_DESKTOP
Create a shortcut on desktop
  • 0: Create shortcut
  • 1: Do not create shortcut
0
No
NO_STARTMENU
Create a shortcut in the Start menu
  • 0: Create shortcut
  • 1: Do not create shortcut
0
No
NO_SYSTRAY
Display the system tray icon and Windows notifications
  • 0: Create system tray icon
  • 1: Do not create system tray icon
0
No
NO_NSC
Install firewall
  • 0: Create firewall
  • 1: Do not create firewall
0
No
CONFIG_PATH
Configuration file path
<path>
<empty>
No
LIST_PATH
Approved List path for import
<path>
<empty>
No
APPLICATIONFOLDER
Installation path for agent program
<path>
<empty>
No
MANAGED_MODE
Specify if Safe Lock is managed by the Safe Lock Intelligent Manager server
  • 0: Standalone mode
  • 1: Managed mode
0
No
PASSWORD
Password which is used for SLCmd.exe and Safe Lock console
<password>
<empty>
No
CUSTOM_ACTION
Custom action for blocked events
  • 0: Ignore
  • 1: Quarantine
  • 2: Ask server
0
No
QUARANTINE_FOLDER_PATH
Quarantine path for agent program
<path>
<empty>
No
ROOT_CAUSE_ANALYSIS
Enable root cause analysis reporting
  • 0: Disable
  • Other value: Enable
1
No
INTEGRITY_MONITOR
Enable Integrity Monitor
  • 0: Disable
  • 1: Enable
0
No
PREDEFINED_TRUSTED_UPDATER
Enable Predefined Trusted Updater
  • 0: Disable
  • 1: Enable
0
No
WINDOWS_UPDATE_SUPPORT
Enable Window Update Support
  • 0: Disable
  • 1: Enable
0
No
PRESCAN
Prescan the endpoint before installing Safe Lock
  • 0: Do not prescan the endpoint
  • 1: Prescan the endpoint
1
No
MAX_EVENT_DB_SIZE
Maximum database file size (MB)
Positive integer
1024
No
WEL_SIZE
Windows Event Log size (KB)
Positive integer
Note
Note
Default value for new installations. Upgrading Safe Lock does not change any user-defined WEL_SIZE values set in the previous installation.
10240
No
WEL_RETENTION
Windows Event Log option when maximum event log size is reached on Windows Event Log.
For Windows XP or earlier platforms:
  • 0: Overwrite events as needed
  • 1 - 365: Overwrite events older than (1-365) days
  • -1: Do not overwrite events (Clear logs manually)
For Windows Vista or later platforms:
  • 0: Overwrite events as needed (oldest events first)
  • 1: Archive the log when full, do not overwrite events
  • -1: Do not overwrite events (Clear logs manually)
0
No
WEL_IN_SIZE
Windows Event Log size for Integrity Monitor events (KB)
Positive integer
10240
No
WEL_IN_RETENTION
Windows Event Log option when maximum event log size for Integrity Monitor events is reached on Windows Event Log.
For Windows XP or earlier platforms:
  • 0: Overwrite events as needed
  • 1 - 365: Overwrite events older than (1-365) days
  • -1: Do not overwrite events (Clear logs manually)
For Windows Vista or later platforms:
  • 0: Overwrite events as needed (oldest events first)
  • 1: Archive the log when full, do not overwrite events
  • -1: Do not overwrite events (Clear logs manually)
0
No
USR_DEBUGLOG_ENABLE
Enable debug logging for user sessions
  • 0: Do not log
  • 1: Log
0
No
USR_DEBUGLOGLEVEL
The number of debug log entries allowed for user sessions
  • 273
273
No
SRV_DEBUGLOG_ENABLE
Enable debug logging for service sessions.
  • 0: Do not log
  • 1: Log
0
No
SRV_DEBUGLOGLEVEL
The number of debug log entries allowed for service sessions
  • 273
273
No
SILENT_INSTALL
Execute installation in silent mode
  • 0: Do not use silent mode
  • 1: Use silent mode
0
No
Important
Important
To use silent mode, you must also specify the ACTIVATION_CODE and PASSWORD keys and values. For example:
[PROPERTY]
ACTIVATION_CODE=XX-XXXXX-XXXXX-XXXXX-XXXXX
PASSWORD=P@ssW0Rd
SILENT_INSTALL=1
STORAGE_DEVICE_BLOCKING
Blocks storage devices, including CD/DVD drives, floppy disks, and network drives, from accessing managed endpoints.
  • 0: Allow access from storage devices
  • 1: Block access from storage devices
0
No
INIT_LIST
Initialize the Approved List during installation
  • 0: Do not initialize the Approved List during installation
  • 1: Initialize the Approved List during installation
0
No
Note
Note
LIST_PATH has priority over INIT_LIST.
For example:
[PROPERTY]
LIST_PATH=liststore.db
INIT_LIST=1
In this case, liststore.db is imported and INIT_LIST is ignored.
INIT_LIST_PATH
A folder path to be traversed for the Approved List initialization. Each local disk's root directory will be traversed if empty.
<folder path>
<empty>
No
INIT_LIST_PATH_OPTIONAL
A folder path to be traversed for the Approved List initialization. Each local disk's root directory will be traversed if empty.
<folder path>
<empty>
No
INIT_LIST_EXCLUDED_FOLDER
An absolute folder path to exclude from automatic file enumeration for Approved List initialization.
The configuration applies to the Approved List first initialized and all subsequent Approved List updates.
Specify multiple folders by creating new entries with names that start with INIT_LIST_EXCLUDED_FOLDER. Ensure each entry name is unique. For example:
INIT_LIST_EXCLUDED_FOLDER=c:\folder1
INIT_LIST_EXCLUDED_FOLDER2=c:\folder2
INIT_LIST_EXCLUDED_FOLDER3=c:\folder3
<folder path>
Note
Note
  • Folder path supports a maximum length of 260 characters.
  • Folder paths that do not exist may be specified.
  • The exclusion does not apply to subfolders.
<empty>
No
INIT_LIST_EXCLUDED_EXTENSION
A file extension to exclude from automatic file enumeration for Approved List initialization.
The configuration applies to the Approved List first initialized and all subsequent Approved List updates.
Specify multiple extensions by creating new entries with names that start with INIT_LIST_EXCLUDED_EXTENSION. Ensure each entry name is unique. For example:
INIT_LIST_EXCLUDED_EXTENSION=bmp
INIT_LIST_EXCLUDED_EXTENSION2=png
<file extension>
Note
Note
Specifying file extensions of executable files (e.g. exe, dll and sys) may cause issues with Application Lockdown.
<empty>
No
LOCKDOWN
Turn Application Lockdown on after installation
  • 0: Turn off Application Lockdown
  • 1: Turn on Application Lockdown
0
No
FILELESS_ATTACK_ PREVENTION
Enable the Fileless Attack Prevention feature
  • 0: Disable feature
  • 1: Enable feature
0
No
SERVICE_CREATION_PREVENTION
Enable the Service Creation Prevention feature
  • 0: Disable feature
  • 1: Enable feature
<empty>
No
Note
Note
Safe Lock temporarily disables the Service Creation Prevention feature under the following conditions:
  • Updating or installing new applications using installers allowed by Trusted Updater. The feature is automatically re-enabled after the Trusted Updater process is complete.
  • Enabling Windows Update Support. Disabling Windows Update Support automatically re-enables the feature.
VERIFY_PATCH_SIGNATURE
Verify signature of patch received from Safe Lock Intelligent Manager before continuing
  • 0: Do not verify patch signature
  • 1: Verify patch signature
  • 2 or other: Verify patch signature on Windows 7 or later, but skip verification on Windows Vista or earlier
2
No
USR_DEBUGLOG_ENABLE
Enable debug log in user session
  • 0: Disable debug log
  • 1: Enable debug log
0
No
USR_DEBUGLOGLEVEL
Debug level in user session
273
273
No
SRV_DEBUGLOG_ENABLE
Enable debug log in service session
  • 0: Disable debug log
  • 1: Enable debug log
0
No
SRV_DEBUGLOGLEVEL
Debug level in service session
  • 273
273
No
FW_USR_DEBUGLOG
Enable debug log in user session of firewall
  • 0: Disable debug log
  • 1: Enable debug log
0
No
FW_USR_DEBUGLOG_LEVEL
Debug level in user session of firewall
number
273
No
FW_SRV_DEBUGLOG_ENABLE
Enable debug log in service session of firewall
  • 0: Disable debug log
  • 1: Enable debug log
0
No
FW_SRV_DEBUGLOG_LEVEL
Debug level in service session of firewall
number
273
No
BM_SRV_DEBUGLOG_ENABLE
Enable debug log of Behavior Monitoring Core service
  • 0: Disable debug log
  • 1: Enable debug log
0
No
BM_SRV_DEBUGLOG_LEVEL
Debug level of Behavior Monitoring Core service
  • 51
51
No