Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"Anti-malware Engine Offline" error appears on Agent for Windows in Deep Security/Cloud One Workload Security

    • Updated:
    • 11 Aug 2021
    • Product/Version:
    • Cloud One - Workload Security
    • Deep Security
    • Platform:
Summary

"Anti-malware Engine Offline" error appears on Deep Security or Cloud One Workload Security Agent for Windows.

This error appears if the agent cannot get the correct working status of the Anti-malware module. This is commonly caused by any of the following:

  • Windows OS does not have the CA certificates to verify the Anti-malware driver's digital signature and prevents installing the driver.
  • Third party AV software or Trend Micro OfficeScan/Apex One, or ServerProtect are installed on the same machine which prevents DSA's Anti-malware driver from being installed This error leads to Security Update failure on the agent, and the Anti-malware is unable to detect malware.
Details
Public

To resolve the issue, do the following:

  1. Make sure that the Windows machine has the following required certificates:

    • VeriSign Class 3 Public Primary Certification Authority - G5
    • VeriSign Universal Root Certification Authority
    • DigiCert Assured ID Root CA
    • DigiCert Global Root CA
    • DigiCert High Assurance EV Root CA
    • DigiCert Global Root G2
    • USERTrust RSA Certification Authority
     
    If any of these certificates do not exist, apply the solution from the KB article: Updating the VeriSign, DigiCert, USERTrust RSA certificate on Deep Security.
     
  2. Make sure that there is no third party AV, Trend Micro OfficeScan/Apex One, or ServerProtect installed on the same machine.
  3. If you are using an older version of Windows (2008 or lower), make sure to apply the Microsoft patch to support SHA-2 signature. For more info, refer to the KB article: New versions of Trend Micro Deep Security agents for Windows will only be signed with SHA-2.
  4. Uninstall the agent.

     

    You need to disable agent self-protection to allow uninstalling of agent. To disable self-protection, execute the following in <drive>:\program files\trend micro\deep security agent\ on Administrator command line:

    dsa_control -s0

     

    If the agent’s self-protection password is enabled on the policy, execute:

    dsa_control -s0 -p <password>

     

    Substitute “<password>” with the correct password.

     
  5. After rebooting the machine, run the following commands on the Administrator command line to verify that there is no longer Anti-malware driver running:

    • sc query tmactmon
    • sc query tmevtmgr
    • sc query tmcomm
    • sc query tmeyes
  6. Install the agent and activate it.

If the problem still exists, contact Trend Micro Technical Support and provide the following:

  • Screenshot of Microsoft Management console’s Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates or output of the following Administrator powershell command:

    ls Cert:\LocalMachine\root

  • Agent diagnostic package. For more info, refer to the KB article:Creating Deep Security diagnostic packages
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000288063
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.