Deep Security Manager (DSM)

Multi-tenant deployments are not yet supported with PostgreSQL. This feature will be introduced in a future release.

When using Application Control, if you create a golden image, update it with required patches, create a shared ruleset, and then apply that shared ruleset to other computers. When you install those same patches on the other computer, they will be allowed to execute because they are in the shared ruleset. However, the patch updates will appear on the Software Changes page. To avoid this from happening, Application Control must be set to Maintenance Mode when applying patches.

In the Computers page, searching for entries in the Status column will produce no result when the complete string is used. For example, searching "Error (Reason)" shows no result, but typing each word (e.g. "Error" or "Reason" only) will produce results.

AWS instance types have different throughputs and computing resources. Shared ruleset creation time may vary widely depending on the instance type and may take an hour or longer on m3.medium and smaller instances.

Deep Security Agent (DSA)

Application Control builds inventory, which happens after enabling it. The process will take longer to finish on Windows 2008 R2 compared to other supported platforms.

If you have created an Application Control block rule for a batch file or PowerShell script, you will not be able to copy, move, or rename the file using its associated interpreter (powershell.exe for PowerShell scripts or cmd.exe for batch files).

Application Control is not compatible with Windows Defender. Running both can result in severe performance impact. However, if both Application Control and anti-malware are enabled, then Deep Security will automatically disable Windows Defender for normal operation.

When using Application Control for Windows computers, if you select Block unrecognized software until it is explicitly allowed, you must enable Maintenance Mode before you update the computer's operating system. This is also applicable when you perform an Update and restart action on a computer running Windows. Failure to do this could break the computer because Application Control would block execution of updated files in the OS until you create the allow rules. Depending on which OS file was updated, you might need to use an OS recovery mode or external tool to recover from this misconfiguration.

In rare circumstances, Deep Security Agent Anti-Malware may become offline after it has finished upgrading. When you check the Windows Application events log, it will show that Microsoft-Windows-RestartManager has stopped the Anti-Malware Solution Platform (AMSP) and Trend Micro Solution Platform service, and the service will need to be restarted. For more details, refer to this article: Anti-Malware shows offline after Deep Security Agent (DSA) upgrade.

After enabling Application Control, it builds inventory. However, the process will be slower when TiWorker.exe is running. TiWorker.exe is the Windows Modules Installer Worker used when doing Windows Updates.

When Application Control is configured to Block unrecognized software until it is explicitly allowed, you will not be able to upgrade or uninstall the Deep Security Agent on that computer. To unblock the procedure, enable maintenance mode.

Known issues in Deep Security 10.1

Product / Version includes:

Deep Security10.1

Last updated: 2021/08/28

Solution ID: KA-0007607

Category: Troubleshoot

Summary

This article enumerates the known issues that may occur during installation and usage of Deep Security 10.1. This list does not include the issues from the old versions of Deep Security.

Deep Security Manager (DSM)

Multi-tenant deployments are not yet supported with PostgreSQL. This feature will be introduced in a future release.
When using Application Control, if you create a golden image, update it with required patches, create a shared ruleset, and then apply that shared ruleset to other computers. When you install those same patches on the other computer, they will be allowed to execute because they are in the shared ruleset. However, the patch updates will appear on the Software Changes page. To avoid this from happening, Application Control must be set to Maintenance Mode when applying patches.
In the Computers page, searching for entries in the Status column will produce no result when the complete string is used. For example, searching "Error (Reason)" shows no result, but typing each word (e.g. "Error" or "Reason" only) will produce results.
AWS instance types have different throughputs and computing resources. Shared ruleset creation time may vary widely depending on the instance type and may take an hour or longer on m3.medium and smaller instances.

Deep Security Agent (DSA)

Application Control builds inventory, which happens after enabling it. The process will take longer to finish on Windows 2008 R2 compared to other supported platforms.
If you have created an Application Control block rule for a batch file or PowerShell script, you will not be able to copy, move, or rename the file using its associated interpreter (powershell.exe for PowerShell scripts or cmd.exe for batch files).
Application Control is not compatible with Windows Defender. Running both can result in severe performance impact. However, if both Application Control and anti-malware are enabled, then Deep Security will automatically disable Windows Defender for normal operation.
When using Application Control for Windows computers, if you select Block unrecognized software until it is explicitly allowed, you must enable Maintenance Mode before you update the computer's operating system. This is also applicable when you perform an Update and restart action on a computer running Windows. Failure to do this could break the computer because Application Control would block execution of updated files in the OS until you create the allow rules. Depending on which OS file was updated, you might need to use an OS recovery mode or external tool to recover from this misconfiguration.
In rare circumstances, Deep Security Agent Anti-Malware may become offline after it has finished upgrading. When you check the Windows Application events log, it will show that Microsoft-Windows-RestartManager has stopped the Anti-Malware Solution Platform (AMSP) and Trend Micro Solution Platform service, and the service will need to be restarted. For more details, refer to this article: Anti-Malware shows offline after Deep Security Agent (DSA) upgrade.
After enabling Application Control, it builds inventory. However, the process will be slower when TiWorker.exe is running. TiWorker.exe is the Windows Modules Installer Worker used when doing Windows Updates.
When Application Control is configured to Block unrecognized software until it is explicitly allowed, you will not be able to upgrade or uninstall the Deep Security Agent on that computer. To unblock the procedure, enable maintenance mode.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Known issues in Deep Security 10.1

Deep Security Manager (DSM)

Deep Security Agent (DSA)

Known issues in Deep Security 10.1

Product / Version includes:

Summary

Deep Security Manager (DSM)

Deep Security Agent (DSA)