Views:

Server side

After the client and the server successfully negotiate SSL protocol, then the server sends the CAVIT command to the agent.

Module state

  • If the CAVIT command failed via the TA-Server tool, on your browser, verify this issue using this link: https://agent-ip-address:port/?CAVIT.
  • Use curl to verify this connection.
    • Download the curl from the following website: https://curl.haxx.se/windows/

      For information on how to install and use curl on windows, refer to the Stack Overflow Q & A post.

    • Run following command:

      curl.exe -k -v https://10.106.186.47:443
      curl.exe -k -v --tlsv1 https://10.106.186.47:443

Agent side

On the agent side, when the SATA tool checks the Tmlisten.exe status, it also uses the CAVIT command to check it status.

Module state

  1. The SATA tool checks the agent's registry key "localserverport", this is from the tmlisten process listening port:

    [ X64 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    [ X86 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    "LocalServerPort"=dword:00005278
  2. The SATA tool checks the agent's regstry key "UseSocketHTTPAdapter", this code means tmlisten used HTTP or HTTPS protocol:

    [ X64 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    [ X86 ]
    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion]
    "UseSocketHTTPAdapter"=dword:00000001
    UseSocketHTTPAdapter=0 means HTTPS protocol
    UseSocketHTTPAdapter=1 means HTTP protocol

    If there is no "UseSocketHTTPAdapter" parameter, this means it used the default setting, UseSocketHTTPAdapter=0.

  3. The SATA tool will use the command "Http(s)://agent-IP-address:localserverport/CAVIT" to verify the connection.

Next Steps

  • If the agent also did not respond to the browser, this means the communication has a problem, you need to first debug the network issue.
  • If the agent has responded to the browser, that means network connection has no problem, please collect the CDT log on the agent and server to analyze the root cause.