Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

“Anti-Malware Driver offline” status occurs due to Comodo certificate issue

    • Updated:
    • 6 Mar 2015
    • Product/Version:
    • Deep Security 9.0
    • Platform:
    • N/A N/A
Summary
Deep Security Agent (DSA) shows “Anti-Malware Driver offline” status on the Deep Security Manager (DSM) console.
Details
Public
The offline status of the DSA is due to the installed Comodo certificate. To resolve the issue, delete files related to the certificate installed, and reinstall the Comodo certificate:
  1. Uninstall DSA manually.
  2. Restart the server.
  3. Look for the following files or folders, and delete them if found:
    • C:\WINDOWS\System32\Drivers\tbimdsa.sys
    • C:\WINDOWS\System32\Drivers\tmactmon.sys
    • C:\WINDOWS\System32\Drivers\tmcomm.sys
    • C:\WINDOWS\System32\Drivers\tmevtmgr.sys
    • C:\WINDOWS\System32\LogFiles\ds_agent\
    • C:\Program Files\Trend Micro \AMSP\
    • C:\Program Files\Trend Micro \Deep Security Agent\Agent
    • C:\Program Files\Trend Micro \Deep Relay of Security Settings\Local (Relay)
    • C:\Program Files\Trend Micro \Deep Notifier of Security Settings\Local (Notifier)
    • C:\ProgramData\Microsoft\Windows\Start Menu \Programs\Trend Micro\
    • Deep Security\Trend Micro Deep Security Notifier (for Windows 2008)
    • C:\Documents and Settings\All Users\Start menu\programs\Trend Micro\
    • Deep Security\Trend Micro Deep Security Notifier (for Windows 2003)
    • C:\Windows\Installer\ {4E02FA4C-5238-454C-BBEB-61E314F8EC9A} / (Agent 64-bit)
  4. From the C:\Windows\inf\setupapi.dev.log file, look for entries containing the following:
    • tmcomm.sys
    • tmevtmgr.sys
    • tmactmon.sys
    These entries will enable you to identify if there are any remains of the previous installation. Look for "Installing catalog (any of the three drivers above).cat as:" and note the dates of the installation and the oemXX.inf files used to install these drivers.
  5. Uninstall the existing tmcomm.sys, tmevtmgr.sys and tmactmon.sys by executing "pnputil -d oemfile.inf".
    Identify which oemXX.inf files you need to uninstall by reviewing the setupapi.dev.log.
  6. Delete any catalog files for AMSP drivers present in C:\Windows\system32\catroot, which are remains from the previous installations and that were not removed.
    Note: These files will be appearing as oem01.cat or oem12.cat.
  7. Delete old driver files present in the Windows Driver Store, C:\Windows\system32\DriverStore\FileRepository\tmxxxx (folders).
  8. Install all the Comodo certificates. Make sure to place them in the appropriate store.
  9. Reinstall the DSA using a freshly downloaded installation package.
  10. Restart the server.
  11. Verify that the drivers are present in the Device Manager using non P&P devices. You should see the following drivers:
    • tmcomm.sys
    • tmevtmgr.sys
    • tmactmon.sys
  12. Deactivate the agent on the DSM to remove the old associations.
  13. Activate the agent from the DSM again.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install
Solution Id:
1107428
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.