- Apex One On-premise
- Apex One as a Service
- DLP Plugin is installed and activated
- DLP Policy is configured for agents
Verify if the Apex One server is On-premise:
- Check if the Apex One server has Apex Central installed and connected.
- Check if the Apex Agent Policy is deployed on the agent machines.
If the Apex One server is SaaS:
- Check if there is a Data Loss Prevention Policy configured.
- Check if there is a Data Loss Prevention Policy deployed for the affected agents.
- Check DLP-related registry key values:
64-bit environment:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite]
32-bit environment:
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite]
In normal cases, it is expected that the DlpLite registry key values are:
"deploy"=dword:00000001
"enable"=dword:00000001
"status"=dword:00000001
"type"=dword:00000001 or 00000002 - Check DLP-related drivers and services:
- Run cmd as administrator.
- Type the following commands in the cmd window:
sc query dsasvc sc query sakfile sc query sakcd sc query dlpnetfltr
- Disable “Self-protection” in the Apex One server.
- Unload the Apex One agent.
- Make sure that dsagent.exe and ShowMsg.exe are not running.
- Rename the following file:
%WINDIR%\System32\drivers\sakfile.sys
to
%WINDIR%\System32\drivers\sakfile.sys.bk
- Reboot and check if the issue is gone.
- Rename dsagent in c:\windows\system32\dgagent\ from "dsagent.exe" to "_dsagent.exe".
- Reload the Apex One agent and then check if the issue is gone.
If the DLP issue still persists even after performing the aforementioned steps above, please collect a CDT Data Log on the affected machine/s and contact Trend Micro Technical Support for assistance.
Indicate the initial troubleshooting steps done and the scope of the issue (e.g. aent-specific issue or multiple agents affected).