Views:
The offline status of the DSA is due to the installed Comodo certificate. To resolve the issue, delete files related to the certificate installed, and reinstall the Comodo certificate:
  1. Uninstall DSA manually.
  2. Restart the server.
  3. Look for the following files or folders, and delete them if found:
    • C:\WINDOWS\System32\Drivers\tbimdsa.sys
    • C:\WINDOWS\System32\Drivers\tmactmon.sys
    • C:\WINDOWS\System32\Drivers\tmcomm.sys
    • C:\WINDOWS\System32\Drivers\tmevtmgr.sys
    • C:\WINDOWS\System32\LogFiles\ds_agent\
    • C:\Program Files\Trend Micro \AMSP\
    • C:\Program Files\Trend Micro \Deep Security Agent\Agent
    • C:\Program Files\Trend Micro \Deep Relay of Security Settings\Local (Relay)
    • C:\Program Files\Trend Micro \Deep Notifier of Security Settings\Local (Notifier)
    • C:\ProgramData\Microsoft\Windows\Start Menu \Programs\Trend Micro\
    • Deep Security\Trend Micro Deep Security Notifier (for Windows 2008)
    • C:\Documents and Settings\All Users\Start menu\programs\Trend Micro\
    • Deep Security\Trend Micro Deep Security Notifier (for Windows 2003)
    • C:\Windows\Installer\ {4E02FA4C-5238-454C-BBEB-61E314F8EC9A} / (Agent 64-bit)
  4. From the C:\Windows\inf\setupapi.dev.log file, look for entries containing the following:
    • tmcomm.sys
    • tmevtmgr.sys
    • tmactmon.sys
    These entries will enable you to identify if there are any remains of the previous installation. Look for "Installing catalog (any of the three drivers above).cat as:" and note the dates of the installation and the oemXX.inf files used to install these drivers.
  5. Uninstall the existing tmcomm.sys, tmevtmgr.sys and tmactmon.sys by executing "pnputil -d oemfile.inf".
    Identify which oemXX.inf files you need to uninstall by reviewing the setupapi.dev.log.
  6. Delete any catalog files for AMSP drivers present in C:\Windows\system32\catroot, which are remains from the previous installations and that were not removed.
    Note: These files will be appearing as oem01.cat or oem12.cat.
  7. Delete old driver files present in the Windows Driver Store, C:\Windows\system32\DriverStore\FileRepository\tmxxxx (folders).
  8. Install all the Comodo certificates. Make sure to place them in the appropriate store.
  9. Reinstall the DSA using a freshly downloaded installation package.
  10. Restart the server.
  11. Verify that the drivers are present in the Device Manager using non P&P devices. You should see the following drivers:
    • tmcomm.sys
    • tmevtmgr.sys
    • tmactmon.sys
  12. Deactivate the agent on the DSM to remove the old associations.
  13. Activate the agent from the DSM again.