Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

INFO: What are the Trustwave SEG install paths and registry key locations?

Expand / Collapse

This article applies to:

  • Trustwave MailMarshal (SEG)


  • What are the SEG/MailMarshal SMTP install paths and registry key locations?
  • What is the default database name for the SEG/MailMarshal database?


This article lists the default install paths, registry key locations, and database name for each SEG/MailMarshal SMTP version.

For Trustwave ECM/MailMarshal Exchange, see Q14003.


  • The install path and database name can be customized by the user when the product is installed, so they may not be installed in the default location.
  • During an upgrade the registry key is migrated to the new location, but the install path and database name are normally not changed.
    • Exception: on upgrade/migration from SEG 7.X to SEG 8.X, the default install path is changed to the path noted below. The database name is not changed.

Install Paths

  • Latest versions (SEG 8.0 and above): %SystemDrive%\Program Files\Trustwave\Secure Email Gateway
    • Web Components install to %SystemDrive%\Program Files (x86)\Trustwave\SEG Web Components
  • MailMarshal 2006, SEG/MailMarshal 6.1.4 through 7.5.7): %SystemDrive%\Program Files\Marshal\MailMarshal
    • For 64 bit operating systems where supported, MailMarshal installs as a 32 bit application in %SystemDrive%\Program Files (x86)\Marshal\MailMarshal
    • Web Components install to ...\Marshal\MailMarshal Web Components
  • Version 5.5 - 6.1.3: %SystemDrive%\Program Files\NetIQ\MailMarshal
  • Version 4.2 - 5.0: %SystemDrive%\Program Files\Marshal Software\MailMarshal
  • Version 3.0 - 4.1: %SystemDrive%\Program Files\Designer Technology\MailMarshal

%SystemDrive% refers to the partition or drive letter where the Windows system is installed.  This is most often C:

MailMarshal Unpacking or Explode (MMExp) folder

The Explode folder is used as a working space to unpack and scan email messages.

Prior to version, the default location for the MailMarshal Explode folder is the root of the SystemDrive (for example, C:\MMExp).

In new installations of MailMarshal SMTP from version onwards the default location for the Explode folder is within the MailMarshal installation folder (for instance, C:\Program Files\NetIQ\MailMarshal\MMExp).

In new installations of SEG/MailMarshal SMTP version 6.0 and higher the Explode directory has been renamed to Unpacking and is located within the SEG or MailMarshal installation folder (for instance in 8.X, C:\Program Files\Trustwave\Secure Email Gateway\Unpacking).

Database Name

  • Trustwave SEG 7.5 and above: The default database name for newly created databases is TrustwaveSEG
  • SEG/MailMarshal versions prior to 7.5: The default name is MailMarshal

Registry Key Locations

MailMarshal (SEG) 10

Array Manager Registry entries within sub-key "Default" and most other sub-keys are replaced by the Advanced Settings page of the Management Console. See Help for the Management Console.

  • For example the registry entry
    HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Engine\LogSpamAlways
    becomes an Advanced Setting named Engine.LogSpamAlways
    • Values previously entered as DWORD are now entered as type Integer, or for 1/0 (enable/disable), type Boolean.
    • Reg_Sz values are type String.
    • Reg_Multi_Sz values are type Multi String.
  • Some basic items on the Array Manager are stored in the file arraymanager.config.json
    • Note that most of these items are managed through the Server Tool or Config Service Admin Tool.
    • The SSMAuthMode value is still stored in Registry.
    • Any boolean values (1/0) are entered as true or false
  • The Node registry location is no longer used. The values previously entered in the Node registry key are now stored in the file controller.config.json 

For help with json files, see Editing json files below.

The Registry location remains as in 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway

SEG 8.0 through 8.2:

  • 64 bit OS:  HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway
    • Web Components registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Trustwave\  

SEG or MailMarshal 6.8 through 7.5.7:

  • 32 bit OS:  HKEY_LOCAL_MACHINE\SOFTWARE\Marshal\MailMarshal
  • 64 bit OS:  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Marshal\MailMarshal

Earlier versions:

  • Version 3.0 - 4.1:  HKEY_LOCAL_MACHINE\SOFTWARE\Designer Technology\MailMarshal
  • Version 4.2 - 5.0:  HKEY_LOCAL_MACHINE\SOFTWARE\Marshal Software\MailMarshal
  • Version 5.5 - 6.1.3:  HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\MailMarshal
  • MailMarshal 2006, MailMarshal 6.1.4 through 6.7.X (32 bit OS):  HKEY_LOCAL_MACHINE\SOFTWARE\NetIQ\MailMarshal
  • MailMarshal 6.5 through 6.7.X (64 bit OS):  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NetIQ\MailMarshal

Note: The sub-key Default could be duplicated as Default(1) (and in rare cases Default(2)), depending on the configuration reload status.

To determine the active Default key where new changes should be made, see the value CurrentConfig in the root of the product registry tree.

The below screenshot show this location for a SEG 7.X installation:

Editing json files:

To add an entry to a json configuration file:

  1. Back up the file
  2. Edit the file with a text editor. 
  3. After the opening brace { add a new line with "valuename":value ,
    The value name is quoted. String values are quoted. Integer values are not quoted. Where a value was a DWORD with possible value 1 or 0, these are entered as boolean true or false
    End the line with a comma.
    For example:
  4. Restart the service (Array Manager or Controller).

This article was previously published as:


To contact Trustwave about this article or to request support:

Rate this Article:

Add Your Comments

Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster