When a computer has an issue with certificate verification, it cannot receive policy and cannot be removed due to self-protection.
Running the command "dsa_control" shows the following error message:
c:\Program Files\Trend Micro\Deep Security Agent>dsa_control -r Unable to load agent certificate for verification. Path is: C:\ProgramData\Trend Micro\Deep Security Agent\dsa_core\ds_agent.crt Error is: error:02001005:system library:fopen:Input/output error [fopen('C:\Prog ramData\Trend Micro\Deep Security Agent\dsa_core\ds_agent.crt','r')] sslCtx:UseCredentials() failed - error:2006D002:BIO routines:BIO_new_file:system lib 
The issue happens due to any of the following reasons:
- A non-administrator account is used to perform the command and it has no permission to read the file.
- The certificate file is corrupted.
To resolve the issue, do the following using an administrator's account:
- Stop the Deep Security Agent service.
- Delete the file C:\ProgramData\Trend Micro\Deep Security Agent\dsa_core\ds_agent.crt.
- Start the Deep Security Agent service.
- Verify that a new file ds_agent.crt is generated after restarting the agent service.
- Run the command "dsa_control" again.