The upgrade of the Deep Security Relay (DSR) fails with the following error message:
Removal or modification of this application is prohibited by its security settings.
The issue occurs because the agent self-protection feature is enabled. To resolve the issue, disable agent self-protection for the DSR you intend to upgrade. Make sure that you only disable it on the host level, because doing it globally will pose a security risk.
To disable agent self-protection on the host level:
- Log in to the Deep Security management console.
- Do the following:
- For Deep Security 8.0: Go to Computers > Host Level > Deep Security Manager System > System Settings > Computers.
- For Deep Security 9.0: Go to Computers and click the machine details, then click Settings > System Settings > Computer.
- Under Agent Self Protection, do either of the following:
- Set a password for local override.
- Untick the option Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, or set it to No.
If the Deep Security Agent (DSA) is not connected or is configured with agent-initiated communication, reset the DSA to reset the agent configuration, including the agent self-protection feature.
To reset the DSA, run the appropriate command based on your product version:
- For 8.0 and 9.0: C:\Program Files\Trend Micro\Deep Security Agent> dsa_control /r
- For 9.5 and above: C:\Program Files\Trend Micro\Deep Security Agent> dsa_control –r