Summary
Nginx.exe is a cache/web/proxy server of Deep Security Relay (DSR) that is used for component updates. It is installed on the Deep Security Manager (DSM) by default, but you are experiencing a high CPU usage on DSM 9.0 build 6019 because of nginx.exe. As a result, you are unable to log in to the console.
Rebooting the server fixes the issue, but this is only a workaround.
Details
To resolve the issue, upgrade nginx.exe:
- Disable the agent self-protection feature. To do this:
- Log in to the DSM console.
- Go to Computers and click the machine details, then click Settings > System Settings > Computer.
- Under Agent Self Protection, do either of the following:
- Set a password for local override.
- Untick the option Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, or set it to No.
If the Deep Security Agent (DSA) is not connected or is configured with agent-initiated communication, reset the DSA to the reset the agent configuration, including the agent self-protection feature. To do this, run the following on the command line:C:\Program Files\Trend Micro\Deep Security Agent> dsa_control /r
- Stop the Trend Micro Deep Security Relay service.
- Download the latest version of nginx.exe from nginx.
- Extract the file to a temporary folder.
- Back up then replace C:\Program Files\Trend Micro\Deep Security Relay\nginx.exe with the updated version.
- Start the Trend Micro Deep Security Relay service.
If the issue continues even with the higher build, enable debug on nginx.exe:
- Set error_log to debug mode:
- Go to C:\Program Files\Trend Micro\Deep Security Relay\relay.
- Open the nginx.conf file.
- Look for “error_log” and set the line to:
error_log "C:/Program Files/Trend Micro/Deep Security Relay/relay/logs/error.log debug";
- Save the changes.
- Generate a diagnostic package for the DSR. Follow the procedure in getting a DSM diagnostic package in this KB article: Creating Deep Security 9.0 diagnostic package.
- Submit the files to Trend Micro Technical Support.
