1. Ask for a copy of the Cipher Suite Checker from Trend Micro Technical Support.
2. Execute a checker via Command Prompt using Admin privileges.

   This will check the machine’s Cipher Suites status. You will see a result Cipher checking, like the screenshot below:

   

   You don’t need to install Cipher Suites unless it's listed for the machine’s requirements:

   • Windows 10
     • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
     • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   • Windows XP
     • TLS_RSA_WITH_RC4_128_MD5
   • For Windows 7, Windows 8, Windows Server 2012
     • KB3042058 from Microsoft Security Advisory 3042058
     • TLS_RSA_WITH_AES_256_GCM_SHA384
     • TLS_RSA_WITH_AES_128_GCM_SHA256
   • For Windows 8.1, Windows Server 2012 R2
     • Update from Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update: April 2014 and
     • Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2

1. Go to Start > Run and type “mmc”.
2. Click OK and the MMC window opens.
3. Go to File > Add/Remove Snap-in.
4. Add Certificates from left-panel to right-panel:
   1. Select "Certificates" and click Add.
   2. Select "Computer account" and choose Next.
   3. Select "Local computer" and click Finish.
   4. Choose OK.
5. In the left panel, go to Console Root > Certificates (Local Computer).
6. Click Trusted Root Certification Authorities > Certificates to verify if "AffirmTrust Commercial" Root Certificate is installed.
7. In the left panel, go to Console Root > Certificates (Local Computer).
8. Click Intermediate Certification Authorities > Certificates to verify if Trend Micro S2 CA is installed.

If the certificates are not installed, go to Trend Micro SSL Certificates to download.

1. Right-click Trusted Root Certification Authorities.
2. Click All tasks > Import.
3. Choose Next and select the ROOT certificate file that you want to add.
4. Click Next.
5. Verify if the store location is in "Trusted Root Certification Authorities".
6. Choose Next > Finish.

   Repeat the steps for Trend Micro S2 CA intermediate certificate.

7. Check the properties of the two certificates. Make sure "Client Authentication" and "Server Authentication" are checked.
8. Unload and reload agent.

The root certificates should now be successfully installed.

Open Command Prompt and run:

wmic qfe list | findstr <KB number>

If the Security Agent still could not be activated, gather Wireshark logs while accessing the magic link.