Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Agent and Vulnerability Protection Agent are unable to attach to Intel Teamed NIC Virtual Adapter

    • Updated:
    • 18 Aug 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Vulnerability Protection 2.0
    • Platform:
    • Windows 2000 Professional
    • Windows 2003 Standard Server Edition
    • Windows 2008 Standard Server Edition
    • Windows Vista 32-bit
    • Windows XP Home

When installing the Deep Security Agent (DSA) or Vulnerability Protection Agent (VPA) on a host with multiple Intel NIC Adapters in a team configuration, the DSA or VPA driver is unable to attach to the Virtual Adapter.


Deep Security Agent and VPA were successfully installed on the physical NIC but are unable to attach to the virtual one.

Unlike Solaris and Linux environments where teaming/bonding is supported by their respective kernels, the Microsoft environment relies on teaming from the network adapter hardware manufacturers. Each vendor has its own implementation of teaming drivers and supported features offered. As NIC vendors update their firmware, new NIC features are implemented (e.g. TCP segmentation offloading).

The Deep Security Agent NDIS Intermediate Filter driver positions itself between the NIC driver and the platform TCP/IP stack. All communications (messages) between the NIC driver and the stack are intercepted and interpreted by our driver.

If, for any reason, we failed to bind on an adapter (physical or virtual), the end result will be the inability to filter on that specific device. If such bind failures occur, we recommend rebooting the server and attempting a manual bind process either with bindview utility or via the network properties control.

Contact Trend Micro Technical Support for additional information on the bindview utility.

In a teamed environment, the NIC vendor usually creates a virtual adapter and clones the MAC address from the primary device(s). Deep Security’s default behavior when installing is to bind all existing active adapters. This results in a likely scenario where two or more adapters have the same hardware address, a condition we do not currently support.

In the meantime, we have the a workaround. You can manually bind to the virtual adapter created by the NIC vendor and then ensure that we are not bound to the physical adapters. A reboot may be necessary to accomplish this task.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.