The upgrade of the Deep Security Relay (DSR) fails with the following error message:
Removal or modification of this application is prohibited by its security settings.
The issue occurs because the agent self-protection feature is enabled. To resolve the issue, disable agent self-protection for the Deep Security Relay you intend to upgrade. Make sure that you only disable it on the host level, because doing it globally will pose a security risk.
To disable agent self-protection on the host level:
- Log in to the Deep Security management console.
- Go to Computers and click the machine details, then click Settings > System Settings > Computer.
- Under Agent Self Protection, do either of the following:
- Set a password for local override.
- Untick the option Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, or set it to No.
If the Deep Security Agent (DSA) is not connected or is configured with agent-initiated communication, reset the agent configuration, including the agent self-protection feature.
To reset the DSA, run the command C:\Program Files\Trend Micro\Deep Security Agent> dsa_control –r