Details
The Deep Security Agent Relay is the update source of the agent and if the Deep Security Agent Relay did not perform a successful security update after December 6, 2021, you may see the warning message.Below are the two possible warning message you might observe, based on the Deep Security Relay build version:
- Security Update: Pattern Update on Agents/Appliance Fail with Error message: IAURELAY_STATUS_DIGITAL_SIGNATURE_CERT_EXPIRE is seen under the Deep Security Agent System Event Page if Deep Security Relay Version is higher than Deep Security 20.0.0-1337, Deep Security 12.0.0-1278, or Deep Security 11.0.0-1690.
- Security Update: Pattern Update on Agents/Appliance Fail with Error Message: IAURELAY_STATUS_CHECK_DIGITAL_SIGNATURE_FAILURE is seen under the Deep Security Agent System Event Page if Deep Security Relay Version is lower than Deep Security 20.0.0-1337, Deep Security 12.0.0-1278, or Deep Security 11.0.0-1690.
Technical Details
Each Deep Security iAU pattern exists a corresponding signature file which contains the certificate, when the Agent do a security update from Relay, it will first check whether pattern signature certificate is valid. There are some change-less pattern signature certificate file that will expire on January 17, 2022.For older Agent builds, it can't directly update these pattern signature file without new version of pattern released. So for these old Relay builds, you need to reinstall the Relay to force duplicate new pattern new signature; For those Agent build that can directly duplicate pattern signature, customer need trigger Relay security update from Trend Micro Update Server.
To resolve this issue:
If the Deep Security Relay is below version 20.0.0-1337, 12.0.0-1278, or 11.0.0-1690:
- Upgrade the Deep Security Relay to the latest Deep Security release.
- Perform a Security Update for the Deep Security Relay (ensure Primary Source is Trend Micro Update Server)
- Once Security Update: Pattern Update on Agents/Appliance Successful is seen under the Deep Security Relay System Event Page. Run the Security Update for Deep Security Agent Security Update.
If the Deep Security Relay version is greater or equal to 20.0.0-1337, 12.0.0-1278, or 11.0.0-1690**:
- Perform a Security Update for the Deep Security Relay (ensure Primary Source is Trend Micro Update Server)
- Once Security Update: Pattern Update on Agents/Appliance Successful is seen under the Deep Security Relay System Event Page. Run the Security Update for Deep Security Agent Security Update.
*The above also applies if you have deployed a Deep Security Agent Relay integrated with your Trend Micro Cloud One - Workload Security.
**Starting Deep Security Agent 11.0 LTS Update 2, it supports engine update which means that the agent will do signature verification. If this is enabled, the Agent may encounter the pattern signature expired issue. Here is the link for the release notes
Enhancement 1: [DSSEG-2488]
Anti-Malware Scan Engine can be displayed and has the
option to enable or disable an Anti-Malware update.
For customers who still use Deep Security 12.5 Feature release build:
It is strongly recommended to upgrade the Manager/Relay to the latest Deep Security 20 release for better support, noted there will no more regular release for 12.5 build.
- Customer need Re-install Deep Security Relay if the issue persist on Deep Security 12.5 release build.
For customers who are using Trend Micro Cloud One - Workload Security
You should not be affected by this issue.
Please note that when the two options below have been enabled unexpectedly, since these options will let the relay duplicate old pattern version or all language pattern, a similar pattern signature expiration error may occur because some pattern versions are already in EOS and will not update anymore.
- Allow supported 8.0 and 9.0 Agents to be updated
- Download Patterns for all Regions