Views:

Customers may encounter issues with Anti-Malware Component Updates and Anti-Malware Engine offline errors in Deep Security. If this occurs, the following steps can be taken to resolve the issue:

  1. Deactivate the DSAgent from DSM Console.
  2. Delete the computer object of the DSA from DSM and uninstall the DSA from add/remove programs.
  3. Reboot the server.
  4. Open services and check if there are still Trend Micro related services.
  5. Check if there are still related Trend Micro Related folders from the following path and delete them:
    • Trend Micro Deep Security Agent
    • Trend Micro Deep Security Monitor
    • Trend Micro Deep Security Notifier
    • Trend Micro Solution Platform
  6. Check if the drivers are still present in the device manager. Open Device Manager > Show hidden devices > Non - Plug and Play drivers. Look for the following: , tmcom, tmevtmgr, tmactmon, tmebc and any driver starting with TM. If they are present, right-click and remove driver or uninstall. If it asks to reboot after uninstall, please do so.
  7. Manually delete the following driver files:
    • C:\WINDOWS\System32\Drivers\s
    • C:\WINDOWS\System32\Drivers\s
    • C:\WINDOWS\System32\Drivers\s
    • C:\WINDOWS\System32\Drivers\s
    • C:\WINDOWS\System32\Drivers\s
    • C:\WINDOWS\System32\Drivers\s
  8. Delete the following registry entries:
    • HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
    • HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP
    • HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSPStatus
    • HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Deep Security Agent
    • HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\WL
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Amsp
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ds_agent
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ds_monitor
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ds_notifier
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tbimdsa
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmcomm
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmevtmgr
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TMEBC
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmumh
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Deep Security Agent
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\tbimdsa\
  9. If unable to delete the services, drivers, and folders, follow the manual cleanup of DSA remnants.
  10. After reboot, go through steps 3 to 8 again and ensure no DSA remnants are left.
  11. Reinstall the agent and activate.