Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Advance Anti-malware exclusions not working after upgrading the Deep Security Agent (DSA)

    • Updated:
    • 8 Sep 2021
    • Product/Version:
    • Platform:
    • Linux
Summary

Customers that have enabled Application Control, Integrity Monitoring or Activity Monitor without enabling the real-time scan of the Anti-Malware module may encounter issues excluding file events from the kernel. These exclusions are configured in ds_am-exclude-file.ini or ds_am-exclude-dir.ini file. The issue may happen if you are using either of the agent version below: 

  •  20.0.0-2740
  •  20.0.0-2921
Details
Public

As a workaround, rollback to Agent version 20.0.0-2593:

  1. From the manager console, deactivate the target agent.
  2. SSH to the target computer.
  3. Go to /var/opt/ds_agent/am and backup the following files
    • ds_am-exclude-file.ini
    • ds_am-exclude-dir.ini  
    • ds_am.ini
  4. Uninstall the DSA version 20.0.0-2740.
  5. Install and activate the DSA version 20.0.0-2593.
     
    If you are using deployment script, make sure to update the agent version control feature in the manager console to deploy a specific agent version.
     
  6. Restore the files in step 4 and restart the agent service
 
The fix for this issue is scheduled to be included in the September official release.
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot
Solution Id:
000288781
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.