If an AWS instance encounters an error (Reason ID: 7) in Deep Security due to the Anti-Malware Engine being offline but still partially functional, it may be necessary to update the kernelsupport package. To do so, follow the steps below:

Connect to the Primary Security Update Source via proxy

You can connect your agents, appliances, and relays to your primary security update source via a proxy. By default, the primary security update source is the Trend Micro Update Server (also known as Active Update).

Note that the agents and appliances only use the proxy if their assigned relay is not available and they have been granted explicit permission to access the primary update source.

1. Make sure that you are using Deep Security Agent 10.0 or later, as connections through a proxy are not suppored in earlier versions.
2. Register a proxy in the manager.

3. If you are setting the security update proxy for the default relay group, perform the following:

   • In Deep Security Manager, select the Administration > System Settings > Proxies tab.
   • In the Proxy Server Use area, change the Primary Security Update Proxy used by Agents, Appliances, and Relays setting to point to the new proxy.

4. If you are setting the security update proxy for a non-default relay group, perform the following:

   • In Deep Security Manager, select the Administration > Updates > Relay Management tab.
   • Select the target relay group. In the Relay Group Properties area, change the Update Source Proxy setting to point to the new proxy.
5. Click Save.
6. Restart the agents.

The proxy should not replace the TLS certificate used to communicate with the primary security update source, as this can cause the security update to fail.

On a Windows agent:

• Open a command prompt (cmd.exe) as Administrator and enter the following:

  cd C:\Program Files\Trend Micro\Deep Security Agent\

  dsa_control -u myUserName:MTPassw0rd

  dsa_control -x dsm_proxy://squid.example.com:443

On a Linux agent:

• Enter the following:

  /opt/ds_agent/dsa_control -u myUserName:MTPassw0rd

  /opt/ds_agent/dsa_control -x dsm_proxy://squid.example.com:443

Regardless of the agent platform:

• Make sure the proxy uses one of the Supported proxy protocols.
• For details on dsa_control and its -u and -x options, see dsa_control.
• Repeat these commands on each agent that needs to connect through a proxy to the manager.
• Run commands to update the agent's local configuration. No policy or configuration changes are made in the manager as a result of running these commands.