"Anti-malware Engine Offline" error appears on Deep Security or Cloud One Workload Security Agent for Windows.
This error appears if the agent cannot get the correct working status of the Anti-malware module. This is commonly caused by any of the following:
- Windows OS does not have the CA certificates to verify the Anti-malware driver's digital signature and prevents installing the driver.
- Third party AV software or Trend Micro OfficeScan/Apex One, or ServerProtect are installed on the same machine which prevents DSA's Anti-malware driver from being installed This error leads to Security Update failure on the agent, and the Anti-malware is unable to detect malware.
To resolve the issue, do the following:
Make sure that the Windows machine has the following required certificates:
If any of these certificates do not exist, apply the solution from the KB article: Updating the VeriSign, DigiCert, USERTrust RSA certificate on Deep Security.
- VeriSign Class 3 Public Primary Certification Authority - G5
- VeriSign Universal Root Certification Authority
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- DigiCert Global Root G2
- USERTrust RSA Certification Authority
- Make sure that there is no third party AV, Trend Micro OfficeScan/Apex One, or ServerProtect installed on the same machine.
- If you are using an older version of Windows (2008 or lower), make sure to apply the Microsoft patch to support SHA-2 signature. For more info, refer to the KB article: New versions of Trend Micro Deep Security agents for Windows will only be signed with SHA-2.
Uninstall the agent.
You need to disable agent self-protection to allow uninstalling of agent. To disable self-protection, execute the following in <drive>:\program files\trend micro\deep security agent\ on Administrator command line:
If the agent’s self-protection password is enabled on the policy, execute:
dsa_control -s0 -p <password>
Substitute “<password>” with the correct password.
After rebooting the machine, run the following commands on the Administrator command line to verify that there is no longer Anti-malware driver running:
- sc query tmactmon
- sc query tmevtmgr
- sc query tmcomm
- sc query tmeyes
- Install the agent and activate it.
If the problem still exists, contact Trend Micro Technical Support and provide the following:
Screenshot of Microsoft Management console’s Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates or output of the following Administrator powershell command:
- Agent diagnostic package. For more info, refer to the KB article:Creating Deep Security diagnostic packages