"Anti-malware Engine Offline" error appears on Agent for Windows in Deep Security/Cloud One Workload Security

Product / Version includes:

Deep SecurityAll , Cloud One - Endpoint and Workload SecurityAll

Last updated: 2021/12/16

Solution ID: KA-0012230

Category: Troubleshoot

Summary

"Anti-malware Engine Offline" error appears on Deep Security or Cloud One Workload Security Agent for Windows.

This error appears if the agent cannot get the correct working status of the Anti-malware module. This is commonly caused by any of the following:

Windows OS does not have the CA certificates to verify the Anti-malware driver's digital signature and prevents installing the driver.
Third party AV software or Trend Micro OfficeScan/Apex One, or ServerProtect are installed on the same machine which prevents DSA's Anti-malware driver from being installed This error leads to Security Update failure on the agent, and the Anti-malware is unable to detect malware.

To resolve the issue, do the following:

Make sure that the Windows machine has the following required certificates:
- VeriSign Class 3 Public Primary Certification Authority - G5
- VeriSign Universal Root Certification Authority
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- DigiCert Global Root G2
- USERTrust RSA Certification Authority
- DigiCert Trusted Root G4
If any of these certificates do not exist, apply the solution from the KB article: Updating the VeriSign, DigiCert, USERTrust RSA certificate on Deep Security.
Make sure that there is no third party AV, Trend Micro OfficeScan/Apex One, or ServerProtect installed on the same machine.
If you are using an older version of Windows (2008 or lower), make sure to apply the Microsoft patch to support SHA-2 signature. For more info, refer to the KB article: New versions of Trend Micro Deep Security agents for Windows will only be signed with SHA-2.
Uninstall the agent.

You need to disable agent self-protection to allow uninstalling of agent. To disable self-protection, execute the following in <drive>:\program files\trend micro\deep security agent\ on Administrator command line:

dsa_control -s0

If the agent’s self-protection password is enabled on the policy, execute:

dsa_control -s0 -p <password>

Substitute “<password>” with the correct password.
After rebooting the machine, run the following commands on the Administrator command line to verify that there is no longer Anti-malware driver running:
- sc query tmactmon
- sc query tmevtmgr
- sc query tmcomm
- sc query tmeyes
Install the agent and activate it.

If the problem still exists, contact Trend Micro Technical Support and provide the following:

Screenshot of Microsoft Management console’s Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates or output of the following Administrator powershell command:

ls Cert:\LocalMachine\root
Agent diagnostic package. For more info, refer to the KB article:Creating Deep Security diagnostic packages

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

"Anti-malware Engine Offline" error appears on Agent for Windows in Deep Security/Cloud One Workload Security

"Anti-malware Engine Offline" error appears on Agent for Windows in Deep Security/Cloud One Workload Security

Product / Version includes:

Summary