Views:

Root Cause

The issue occurred because the previous installation or uninstallation had left some remnants of dsa_filter module (i.e. the module was unloaded, but some module-related files were still present). This was preventing the module from being loaded.

To confirm the cause of the issue:

  1. Check if the assigned policy has Firewall or Intrusion Prevention enabled with rules assigned.
  2. Run "modinfo |grep ds". It should show the module is not loaded.
  3. Go to cat /var/svc/log/application-ds_agent:default.log. It should contain a section similar below:
    [ Feb  3 00:32:34 Executing stop method ("/opt/ds_agent/ds_agent.init stop") ]
    Stopping Deep Security Agent
    stop: Stopping /opt/ds_agent/ds_agent (will wait up to 60 seconds) kill -TERM 675
    ...
    stop: /opt/ds_agent/ds_agent stopped.
    Stopping Trend Micro Deep Security Drivers
    Driver (dsa_filter) not installed.
    Driver failed to be removed: rc=1
    Stopping Deep Security Drivers (svcadm)
    [ Feb 3 00:32:37 Method "stop" exited with status 0 ]

Resolution

To resolve the issue:

  1. Run the following commands:

    svcadm disable svc:/application/ds_agent:default
    /usr/sbin/rem_drv dsa_filter
    cd /usr/kernel/drv
    rm dsa_filter.conf
    cd sparcv9
    rm dsa_filter
    rm /dev/dsa
    rm /dev/dsa_ssl
    svcadm enable svc:/application/ds_agent:default

  2. Execute "svcs -a |grep ds". It should show the ds_9up, ds_filter, and ds_agent services as online similar below:
    bash-3.2# svcs -a |grep ds
    online 13:09:56 svc:/application/ds_9up:default
    online 13:09:59 svc:/network/ds_filter:default
    online 13:10:06 svc:/application/ds_agent:default
    bash-3.2#
  3. Run "modinfo |grep ds". The dsa_filter module is now loaded.
  4. Verify on the Deep Security Manager that the Firewall and Intrusion Prevention features are enabled and online.