Affected Deep Security Agent versions:
Windows | Linux | |
---|---|---|
Deep Security 20 | <20.0.0-877 | <20.0.0.2376 |
Deep Security 12 | <12.0.0-360 | <12.0.0.1782 |
Deep Security 11 | <11.0.0-1690 | <11.0.0.2029 |
Deep Security 10 | <10.0.0-4069 | <10.0.0.3968 |
There are two solutions to address this issue:
- Solution 1: Upgrade to the latest Deep Security agent version to bypass the issue. Refer to the following table:
Windows Linux Deep Security 20 20.0.0-877+ 20.0.0.2376+ Deep Security 12 12.0.0-360+ 12.0.0.1782+ Deep Security 11 11.0.0-1690+ 11.0.0.2029+ Deep Security 10 10.0.0-4069+ 10.0.0.3968+ - Solution 2: Change the certificate file in local host.
For Windows:
- Contact Trend Micro Technical Support to obtain a copy of the curl-ca-bundle.zip file.
- Temporarily disable agent self-protection.
- Stop AMSP service (Trend Micro Solution Platform).
- Go to AMSP installation path, C:\Program Files\Trend Micro\AMSP\.
- Searching for file "curl-ca-bundle.crt".
Deep Security 10 : C:\Program Files\Trend Micro\AMSP\module\10008\pattern\
Deep Security 11 : C:\Program Files\Trend Micro\AMSP\module\10018\pattern\ - Back-up and replace this file with the one extracted from the curl-ca-bundle.zip.
- Start AMSP service.
- Enable agent self-protection.
For Linux:
- Contact Trend Micro Technical Support to obtain a copy of the curl-ca-bundle.zip file.
- Unzip the curl-ca-bundle.zip with password to obtain curl-ca-bundle.crt.
- Backup the original certificate, curl-ca-bundle.crt.default which under /opt/ds_agent.
- Copy curl-ca-bundle.crt. and rename it to curl-ca-bundle.crt.default under /opt/ds_agent.
- Restart agent.
- Solution 3: Change the iCRC FQDN from HTTPS to HTTP (for Deep Security 9.6 only).
For this solution, the DSM version should be 11.2.162 or higher. Execute the following command on the DSM machine:
/opt/dsm/dsm_c -action changesetting -name com.trendmicro.ds.antimalware:settings.configuration.defaultICRCServiceHostOverride -value http://ds20.icrc.trendmicro.com//tmcss/?