Below are the two possible warning message you may observe, based on the Deep Security Relay build version:

• "Security Update: Pattern Update on Agents/Appliance Fail" with error message, "IAURELAY_STATUS_DIGITAL_SIGNATURE_CERT_EXPIRE" is seen under the Deep Security Agent System Event Page if Deep Security Relay Version is higher than Deep Security 20.0.0-1337, Deep Security 12.0.0-1278, or Deep Security 11.0.0-1690.

  

• "Security Update: Pattern Update on Agents/Appliance Fail" with error message, "IAURELAY_STATUS_CHECK_DIGITAL_SIGNATURE_FAILURE" is seen under the Deep Security Agent System Event Page if Deep Security Relay Version is lower than Deep Security 20.0.0-1337, Deep Security 12.0.0-1278, or Deep Security 11.0.0-1690.

  

Each Deep Security iAU pattern exists a corresponding signature file which contains the certificate. When the Agent does a security update from Relay, it will first check whether pattern signature certificate is valid. There are some change-less pattern signature certificate files that will expire on January 17, 2022.

For older Agent builds, it cannot directly update these pattern signature file without new version of pattern released. So for these old Relay builds, you need to reinstall the Relay to force duplicate new pattern new signature.

For those Agent build that can directly duplicate pattern signature, customers need to trigger Relay security update from Trend Micro Update Server.

To resolve this issue:

• If the Deep Security Relay is below version 20.0.0-1337, 12.0.0-1278, or 11.0.0-1690:
  1. Upgrade the Deep Security Relay to the latest Deep Security release.
  2. Perform a Security Update for the Deep Security Relay (ensure Primary Source is Trend Micro Update Server).
  3. Once "Security Update: Pattern Update on Agents/Appliance Successful" message is seen under the Deep Security Relay System Event Page, run the Security Update for Deep Security Agent Security Update.
• If the Deep Security Relay version is greater or equal to 20.0.0-1337, 12.0.0-1278, or 11.0.0-1690**:
  1. Perform a Security Update for the Deep Security Relay (ensure Primary Source is Trend Micro Update Server).
  2. Once "Security Update: Pattern Update on Agents/Appliance Successful" is seen under the Deep Security Relay System Event Page, run the Security Update for Deep Security Agent Security Update.
   

  *The above also applies if you have deployed a Deep Security Agent Relay integrated with your Trend Micro Cloud One - Workload Security.
  **Starting Deep Security Agent 11.0 LTS Update 2, it supports engine update which means that the agent will perform signature verification. If this is enabled, the Agent may encounter the pattern signature expired issue. Follow this link for the release notes.

   
• For customers who still use Deep Security 12.5 Feature release build, it is strongly recommended to upgrade the Manager/Relay to the latest Deep Security 20 release for better support, noted there will no more regular release for 12.5 build. Re-install Deep Security Relay if the issue persist on Deep Security 12.5 release build.
• Customers who are using Trend Micro Cloud One - Workload Security should not be affected by this issue. Please note that when the two options below have been enabled unexpectedly, since these options will let the relay duplicate old pattern version or all language pattern, a similar pattern signature expiration error may occur because some pattern versions are already in End-of-Support (EOS) and will not update anymore.
  • Allow supported 8.0 and 9.0 Agents to be updated.
  • Download Patterns for all Regions.