The most common cause is a pending restart. The DSA agent requires a reboot to lock the drivers into the kernel. Even if the installer didn't ask for it, 2. Verify Agent Status via CLI
Look for "Required key not available" or "Signature successfully verified" errors.
Reinstall using a freshly downloaded .msi package—never use a .zip for installation. 4. Special Considerations for Agentless Protection
On Linux, Deep Security builds a kernel module dynamically using dkms or hooks directly into the kernel via the vfenit and vfsFilter drivers. Step 1: Check Kernel Module Status The most common cause is a pending restart
If any of these are stopped, try restarting the service. 2. Resolving Secure Boot Conflicts
The "Anti-Malware Driver Offline" or "Not Installed" error in Trend Micro Deep Security is a critical alert. It means your host agent cannot communicate with its core kernel drivers, leaving the system unprotected against malicious software. This issue commonly occurs after operating system updates, agent upgrades, or due to corrupted installations.
: Pre-existing antivirus software like Trend Micro OfficeScan, Apex One, or third-party products often block the Deep Security driver. Verify Agent Status via CLI Look for "Required
If Secure Boot is enabled on the host, Windows may block unsigned or newly updated drivers.
If signature verification fails (often signaled by Event ID 9017 ), you may need to manually update root certificates:
: A full system reboot is non-negotiable here. It flushes active memory loops and releases deep-seated system driver locks. If supported but failing
If you run other security monitoring tools (like EDR or forensic tools), configure mutual exclusions. This prevents multiple security drivers from locking the same system file-system hooks.
If supported but failing, install the matching kernel headers and development tools so the agent can build its hook: sudo yum install kernel-devel-$(uname -r)
A simple reboot resolves a significant percentage of driver offline issues, especially after an agent upgrade. Open the Windows Registry Editor ( regedit ).
If Secure Boot is enabled, you must enroll the Trend Micro Public Key into your system’s Machine Owner Key (MOK) facility: mokutil --import /opt/ds_agent/mok.pub Use code with caution.