On the Apex One server, you can check if the affected agent group is allowed to update all of its components (including hotfixes and the agent program).
You can refer to Apex One clients cannot update or upgrade even when allowed to upgrade and deploy hot fixes to check the affected agent settings.
On the Apex One server, check if there are several .dll and .exe files with invalid digital signatures.
You can refer to Restoring the renamed "_invalid" files using Windows Powershell in Apex One to address the issue.
If you encounter a "Rename-Item : Cannot create a file when that file already exists." error, back-up the invalid files and delete them manually.
On the affected agent, go to ..\Trend Micro\Security Agent\AU_Data\AU_Log\TmuDump.txt and look for the following error:
ActiveUpdate was unable to verify security information. The local trusted information database is corrupted.
If you find the error on the logs, you need to re-create the local signature files. You may do as follows:
- On the Apex One server, backup and delete all the .loc and .sig files in ...\PCCSRV\Download\Engine\ and ...\PCCSRV\Download\Pattern\
- Go to services.msc and stop the Apex One Master Service.
- Modify the following registry key:
[HKLM\SOFTWARE\WOW6432Node\TrendMicro\OfficeScan\service\Information]
ALGS=0 - Restart the Apex One Master Service, the .loc and .sig files should be re-created.
On the affected agent, go to ..\Trend Micro\Security Agent\Temp\ and check if you find several files named upgrade_XXXXXXXXXXXXXX created on the same day.
If you find several upgrade files, the affected agent may be experiencing an upgrade loop. Go to the Log Collection section of the article for further information.
If the issue persists, use the Case Diagnostic Tool to collect debugging information. Run it simultaneously on both Apex One server and the affected agent while replicating the issue.
Once done, provide the logs to Trend Micro Technical Support or contact your Technical Account Manager.