Views:

Supported Features

  • Firewall
  • Intrusion Prevention
  • Integrity Monitoring
  • Log Inspection

Unsupported Features

  • Anti-Malware Feature (AM)
  • Application Control (AC)
  • Web Reputation Service (WRS)
  • Agent Deployment Script
  • Location Awareness (Context)
  • Interface Isolation

Due to the age of this operating system, there are few manual steps that you must take before you can install Deep Security Agent 9.6 on Windows 2000.

  1. Install MSI package.

    Go to the Microsoft Catalog KB893803 and download and install Microsoft Windows Installer 3.1 . Otherwise, Windows 2000 cannot execute MSI installation.

  2. Install Deep Security Network Filter Driver.

    The default Microsoft root certificate in Windows 2000 Service Pack 4 is too old to recognize the latest Deep Security Agent certificate. This will cause a failure when installing the Network Driver. Updating the Microsoft root certificate is necessary to resolve this. Please follow these steps to update the root certificate before installing the Deep Security Agent:

    Get the updated certificate file and execute rootuspd201711.exe.

    Optionally, use rootuspd.exe to update the Microsoft root certificate.

    For reference, follow this article: Updating List of Trusted Root Certificates

Deep Security has supported a Windows 2000 agent for some time and as such customers may be in various deployment configurations. Please read the section for the configuration that applies to you.

Deep Security Manager 10.0 or 11.0

If you are running Deep Security Manager version 10.0 or 11.0 and already have the Deep Security Agent 8.0 for Windows 2000 deployed, you can upgrade the agent using the steps provided in the Deep Security Online Help.

Upgrade from Deep Security Manager 9.6 to versions 10.0 or 11.0

If you are using Deep Security Manager 9.6, please note that it will go end of life on August 12, 2019. Deep Security Agent 8.0 for Windows 2000 will continue to be supported for this deployment until August 12, 2019. Trend Micro recommends that you plan to upgrade to the latest version of Deep Security before this date.

 
Due to the introduction of TLS 1.2 support in Deep Security Agent 9.6 for Windows 2000, the agent will not work with Deep Security Manager 9.6.
 
  1. Upgrade Deep Security Manager.

    Follow the instructions in Deep Security Online Help to upgrade your Deep Security Manager to the latest version.

  2. Enable Older Agent Support
    1. After upgrading Deep Security Manager, go to System Settings > Updates > Relays.
    2. Tick Allow supported 8.0 and 9.0 Agents to be updated.
    3. Click Save.
  3. Upgrade Deep Security Agent.

    Once you have upgraded the Deep Security Manager to the latest version, you can upgrade the agent using the steps provided in Deep Security Online Help.

If you have trouble installing the Deep Security Agent and see the following error messages in the msi logs:

……
MSI (c) (C0:D8) [12:44:57:750]: Doing action: _CheckEyesRebootRequired
Action 12:44:57: _CheckEyesRebootRequired.
Action start 12:44:57: _CheckEyesRebootRequired.
MSI (c) (C0:50) [12:44:57:765]: Invoking remote custom action. DLL: C:\Temp\3\MSI5.tmp, Entrypoint: CheckEyesRebootRequired
MSI (c) (C0:04) [12:44:57:765]: Cloaking enabled.
MSI (c) (C0:04) [12:44:57:765]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (C0:04) [12:44:57:781]: Connected to service for CA interface.
Action ended 12:44:57: _CheckEyesRebootRequired. Return value 3.
MSI (c) (C0:D8) [12:44:57:984]: Doing action: FatalError
Action 12:44:58: FatalError.
Action start 12:44:58: FatalError.
Action 12:44:58: FatalError. Dialog created
MSI (c) (C0:44) [12:44:58:078]: Note: 1: 2731 2: 0
Action ended 12:44:59: FatalError. Return value 2.
Action ended 12:44:59: INSTALL. Return value 3.
……

Please uninstall any other Anti-Malware software and then install the Deep Security Agent again.