Views:

Windows

To monitor Deep Security Manager service, run "tasklist" or/and "sc" command to confirm the process and service below are running:

  • Process name: Deep Security Manager.exe
  • Service name: Trend Micro Deep Security Manager

Linux

To monitor Deep Security Manager service, use ps -ef command to ensure the process below is running:

  • Process name: /opt/dsm/jre/bin/java

Windows

Usually, you can check the Deep Security Manager's user interface to ensure agent status is green. You can also monitor the following processes to verify that the agent is under normal status:

  • Process names
    • dsa.exe (Agent's main process)
    • Notifier.exe (Deep Security Notifier's process)
    • coreFrameworkHost.exe (Anti-malware scan process)1
    • coreServiceShell.exe (Anti-malware scan process)1
    • dsvp (Relay server process)2
    • nginx (Used to connect proxy server)2
    • ds_nuagent.exe (Advanced TLS traffic inspection process)4
  • Service names
    • ds_agent (Agent Service)
    • ds_notifier (Agent Notifier Service)
    • Amsp (Anti-malware Service)1
  • Driver: tbimdsa (Common driver for Web Reputation Service/Firewall/Intrusion Prevention System)3

1 Process/Service is running when Anti-Malware is enabled.

2 Process/Service is running when Relay is enabled.

3 Driver is loaded when Web Reputation Service or/and Firewall or/and Intrusion Prevention System are enabled.

4 The ds_nuagent is enabled when Advanced TLS traffic inspection is enabled. It has two processes: there is the main process and the other is for process monitoring. This is only available in Deep Security Agent version 20.0 until 20.0.0-8438.

5 From DSA 20.0.0-8438 onwards, ds_nuagent.exe will be replaced by tm_netagent.exe. The old ds_nuagent is still supported in the previous build.

Linux

Check the following processes and driver:

  • Process names
    • ds_agent (Agent's main process)1
    • ds_am (Anti-malware scan process)2
    • dsvp (Relay server process)3
    • nginx (Used to connect proxy server)3
    • ds_nuagent (Advanced TLS traffic inspection service)4
  • Driver: dsa_filter (Common driver for Web Reputation Service/Firewall/Intrusion Prevention System)4

1 The ds_agent has two processes. One is the main process and the other is for process monitoring.

2 The process will be running when Anti-Malware is enabled, as ds_agent two processes exist.

3 The process will be running when Relay is enabled.

4 Driver is loaded when Web Reputation Service or/and Firewall or/and Intrusion Prevention System are enabled.

5 The ds_nuagent is enabled when Advanced TLS traffic inspection is enabled. It has two processes: there is the main process and the other is for process monitoring. This is only available in Deep Security Agent version 20.0 until 20.0.0-8438.

6 From DSA 20.0.0-8438 onwards, ds_nuagent will be replaced by tm_netagent. The old ds_nuagent is still supported in the previous build.

Mac

For Mac DSA, you can also monitor the following processes to verify that the agent is under normal status.

Processes:

  • dsa (DSA Core Process)
  • DSAService (DSA Service Process)
  • cot (Performance monitor process )
  • TrendMicroSecurity(Main UI process)
  • dsa-connect (IoT connector process)
  • iCoreService (Core Tech engine Service process)
  • com.trendmicro.icore.netfilter ( Extend core networking features process)
  • com.trendmicro.icore.es(Endpoint security process)
  • DSAMonitor(Monitor && Restart agent services process)

The dsa-connect has two processes. One is the main process, and the other is for process monitoring.

The iCoreService has two processes. They include functionalities such as AM, WTP, Device Control, iAU, and others.

To ensure the normal status, dvfilter-dsa should be running.

As VMsafe API is no longer supported by VMware, this driver does not exist starting on Deep Security 9.6.

Comments (0)