The issue occurs because the agent self-protection feature is enabled. To resolve the issue, disable agent self-protection for the Deep Security Relay you intend to upgrade. Make sure that you only disable it on the host level, because doing it globally will pose a security risk.
The issue happens when running the upgrade from the agent side. If the Deep Security Relay upgrade is performed from the Deep Security Manager console, there is no need to modify the self-protection settings.
To disable agent self-protection on the host level:
- Log in to the Deep Security management console.
- Go to Computers and click the machine details, then click Settings > System Settings > Computer.
- Under Agent Self Protection, do either of the following:
- Set a password for local override.
- Untick the option Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, or set it to No.
If the Deep Security Agent (DSA) is not connected or is configured with agent-initiated communication, reset the agent configuration, including the agent self-protection feature. To reset the DSA, run the command:
C:\Program Files\Trend Micro\Deep Security Agent> dsa_control –r