Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Windows Firewall settings changed after installing Deep Security Agent (DSA)

    • Updated:
    • 1 Dec 2016
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Platform:
    • Windows 2003 Compute Cluster Server
    • Windows 2003 Datacenter Server
    • Windows 2003 Datacenter Server Edition 64-bit
    • Windows 2003 Enterprise Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Standard Server Edition 64-bit
    • Windows 2003 Storage Server
    • Windows 2003 Web Server Edition
    • Windows 2008 Enterprise
    • Windows 2012 Enterprise
Summary

By default, DSA installation will disable Windows Firewall. However, if Windows Firewall is enabled via GPO, then Deep Security will not be able to turn off Windows Firewall.

In some cases, Deep Security may not turn off Windows Firewall, but will modify its port and process exclusions and cause legitimate applications to be blocked by Windows Firewall.

Details
Public

To resolve this issue:

  1. Download the DSA MSI package transform file for your Deep Security version. This file can be instructed not to modify the port in the firewall.
     
    The password to open the file is "trend".

    DSA MSI package transform file for Deep Security 9.0 and below

  2. Use the following command to install the MSI package:

    msiexec /i <path to Agent.msi> TRANSFORMS=<path to Leave_Firewall.mst>  /L*v c:\dsa_install.log

    In some environments running Deep Security 9.0, the TRANSFORMSSECURE setting may need to be used along with the MST file. The command would then be:

    msiexec /i <path to Agent.msi> TRANSFORMS=<path to Leave_Firewall.mst> TRANSFORMSSECURE=0 /L*v c:\dsa_install.log

    Setting the TRANSFORMSSECURE property to "0" informs the installer that transforms are not to be cached locally on the user's computer in a location where the user does not have write access.

If the above steps did not resolve the issue, send the following information to Trend Micro Technical Support:

  • MSI install log file that will be created (C:\dsa_install.log)
  • Screenshot of the firewall "show state" command before and after the DSA installation:

    C:\ netsh

    netsh> firewall

    netsh firewall> show state

Premium
Internal
Rating:
Category:
Install
Solution Id:
1055458
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.