Views:

This enhancement will be deployed during Worry-Free Services scheduled maintenance on May 19-28, 2025.

Below are some important details to take note of before proceeding:

  • The unload password should only be appended when transferring a Worry-Free Services Security Agent to a different Worry-Free Services domain via Installation Link. Using it during a fresh install may cause failure.
  • Appending the unload password is not required when re-establishing connectivity between a Security Agent and its current domain via Installation Link.
  • If the appended unload password is missing or incorrect during a domain transfer, the following error may occur:

    "Activation Unsuccessful
    The server encountered an error and was unable to complete your request. Click Refresh or try again later. (Error code: 0x80003500)"

    Module state

  • Security Agent transfer to another domain via the enhanced Installation Link will proceed only if all the following conditions are met:
    • The Security Agent has an unload password configured.
    • The unload password must consist of English letters (a–z, A–Z) and numbers (0–9).
      Special characters (e.g.,!, @, #, $, etc.) and spaces are not supported.
    • The Security Agent version is from the agent version 6.7.3954 and above.

  1. Log in to the Worry-Free Services web console of the desired destination domain.
  2. On the Dashboard page, locate the Security Agent Status widget and click Add Security Agents.

    Module state

  3. From the "Add Security Agents to" dropdown list, select which group you want to add the Security Agent to.

    Module state

  4. Under "Select an installation method" select "Send Installation Invitation" and click View email content.

    Module state

  5. Copy the Installation link provided for modification.

    Module state

  6. Append the unload password to the Installation link by adding #p=<unload password>.
  7. Open the modified link in a browser of the target machine to begin the migration.
  8. The message "Protection activated" appears once migration is completed.
  9. In the destination Worry-Free Services web console, go to Security Agents to verify that Agents have been migrated.

  1. Log in to the Worry-Free Services web console of the desired destination domain.
  2. On the Dashboard page, locate the Security Agent Status widget and click Add Security Agents.

    Module state

  3. From the Add Security Agents to dropdown list, select which group you want to add the Security Agent to.

    Module state

  4. Under the Download button under "Download Installer" section, expand Instruction for service providers.

    Module state

  5. Once the page is expanded, click Copy Identifier.

    Module state

  6. For the script to execute HostedAgentPluginTool.exe, use the following script:
    Example:
@echo off
Reg query HKLM\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\HostedAgent /f <companykey value> /d > nul 2>&1
If %ERRORLEVEL% EQU 0 (goto :next) else (goto :end)
:next
@if /i "%PROCESSOR_ARCHITECTURE%" == "x86" (@goto :x86) else (@goto :x64)
:x86
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start /wait "" "C:\Program Files\Trend Micro\Security Agent\HostedAgent\HostedAgentPluginTool.exe"" wfbss_change_identity <identifier> <unload password>
:x64
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start /wait "" "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgentPluginTool.exe"" wfbss_change_identity <identifier> <unload password>
:end
     
    • The <company key value> on the first part of the script will be checking its current value. You can put the company key value of the old AC where it is reporting to, to do its checking. If the value you put on the script is same with the value on the registry, it will perform the moving of security agent to the new console.
    • The <company key value> is located on this Registry Hive:
      • HKLM\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\HostedAgent
      • Name: CompanyKey
      • Type: REG_SZ
    • The command cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start /wait will be bypassing the admin privilege needed for domain users to run the script.
    • The <identifier> is the Identifier copied from Step 5.
    • The <unload password> is the unload password of the Security Agent from the source domain.
     
  7. After creating the script, put it as a Startup Script on the GPO.

    Module state

  8. Under Security Filtering, add the “Domain Computers” group.

    Module state

  9. Enforce the Group Policy.

    Module state

For support assistance, please contact Trend Micro Technical Support.

Keywords: worry-free Installation Link