Anti Malware Engine Offline in Deep Security

Product / Version includes:

Deep Security20.0

Last updated: 2024/04/30

Solution ID: KA-0016479

Category:

Summary

Newly installed servers with Trend Micro Anti-Virus (TM AV) show the anti-malware engine offline. The DSM version is 20.0.585 and the DSA version is 20.0.0.3445. The issue is caused by secureboot being enabled and the key not being enrolled.

Sample logs
2024-03-26 11:51:06.836318 [+0800]: [Info/5] | Secure Boot enabled: true | dsa/SecureBoot.lua:160:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46062: 2024-03-26 11:51:06.836318 [+0800]: [Info/5] | Secure Boot enabled: true | dsa/SecureBoot.lua:160:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46062: 2024-03-26 11:51:06.836318 [+0800]: [Info/5] | Secure Boot enabled: true | dsa/SecureBoot.lua:160:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46063: 2024-03-26 11:51:06.836387 [+0800]: [Warning/2] | Key not enrolled: /opt/ds_agent/DS20.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46063: 2024-03-26 11:51:06.836387 [+0800]: [Warning/2] | Key not enrolled: /opt/ds_agent/DS20.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46064: 2024-03-26 11:51:06.836434 [+0800]: [Warning/2] | Key not enrolled: /opt/ds_agent/secureboot/DS20_v2.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46064: 2024-03-26 11:51:06.836434 [+0800]: [Warning/2] | Key not enrolled: /opt/ds_agent/secureboot/DS20_v2.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | DB528:7F95ACAFB700:dsa.Scheduler_1681
   Line 46064

If newly installed servers with Trend Micro Anti-Virus (TM AV) show the anti-malware engine offline, it is likely due to secureboot being enabled and the key not being enrolled. This issue can be resolved by following the steps in the KB article provided by Trend Micro.

When secureboot is enabled, the key must be enrolled to ensure that the anti-malware engine is online. If the key is not enrolled, the anti-malware engine will be offline and the DSM and DSA versions will be affected. To resolve this issue, follow the steps in the KB article provided by Trend Micro.

Once the key is enrolled, the anti-malware engine will be online and the DSM and DSA versions will be updated. This will ensure that the newly installed servers with TM AV are protected against malware and other threats.

Ref
https://help.deepsecurity.trendmicro.com/aws/agent-linux-secure-boot.html

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Anti Malware Engine Offline in Deep Security

Anti Malware Engine Offline in Deep Security

Product / Version includes:

Summary