Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Installing Deep Security Agent (DSA) on Microsoft Hyper-V Server

    • Updated:
    • 13 Mar 2020
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Deep Security 12.0
    • Platform:
    • Windows 2012 Enterprise

Learn how to install and implement Deep Security Agent on a Microsoft Hyper-V 2012 Server. 


To install DSA on Microsoft Hyper-V Server:

  1. Configure external switch.

    The DSA and Deep Security Manager (DSM) should be able to communicate with each other. The virtual machines are connected to an external switch, which allows virtual machines to send or receive packets among all Hyper-V partitions and physical network interfaces on the host.

    To use the Microsoft Hyper-V feature, Microsoft requires a virtual switch so that the guest virtual machines can connect to the desired network. Refer to this Microsoft article to create virtual networks.

    Configure external switch

    Microsoft Hyper-V allows third-party vendors to develop custom switch extensions. This includes an NDIS filter or WFP filter that runs inside the Hyper-V virtual switch. At present, we support the standard configuration which only includes Microsoft default switch extensions.

    Microsoft default switch extensions

  2. Install DSA on Windows 2012 Hyper-V Server.

    There is no special configuration needed in installing the DSA on Windows 2012 Hyper-V Server. After the installation is completed, the driver will automatically connect to the Hyper-V virtual adapter.

    Connect using Hyper-V Virtual Ethernet Adapter

    Starting from Deep Security 9.0 SP1 Patch 2, the Hyper-V environment is supported.
    Currently, DSA does not support Windows Server 2012 Hyper-V Replica.
  3. Protect the virtual machines.

    The DSA installed on Windows 2012 Hyper-V Server provides host-level protection and does not protect the inner guest virtual machines at hypervisor level.

    Guest virtual machines without DSA receive packets without inspection. To protect the guest virtual machine, a separate DSA should be installed and activated on the virtual machine as a standalone host. No other special configuration is needed.

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.