![]() By turning off individual modules, one-by-one, from the Deep Security Manager console, you can watch the resource utilization for any decrease in use, then likely attribute that behavior to the most recent module disabled. Regardless of which process is consuming resources, you’ll want to narrow down which protection module(s) are contributing to the increased use of resources. In a Linux server, these processes are named ds_agent and ds_am, respectively. dsa.exe is the core Agent process running on the machine, and coreServiceShell.exe is part of the Anti-Malware module. In Windows machines, there are two services that could typically be the culprit dsa.exe or coreServiceShell.exe. Performance issues can be identified first by which processes on a server may be utilizing more CPU/RAM than others. ![]() If a server’s performance is impacted, or an application’s functionality is impacted, you should first identify which Deep Security module could be contributing to the problem. Prior to deploying a Deep Security Agent, the appropriate security configuration will need to be applied to a server this is common with any Anti-Malware/Security software, and ensures the server or applications installed are not negatively impacted by increased review of their activity.Īlthough this section does not refer directly to a status in the Deep Security console, this is one of the more common configuration adjustments that will require troubleshooting after deploying the Deep Security Agent to a new server. Performance/Application issues introduced after installing the Deep Security Agent (Anti-Malware and Module Isolation) Windows – C:\ProgramData\Trend Micro\Deep Security Agent\diag.Correlate the update attempt time with the time in the log file to identify the underlying reason why updates are failing. The ds_agent.log file on the Agent will normally provide a reason for why it cannot perform a security update and will be identified at the start of the line with the word Error or Warning. If TCP connectivity is open, then there could potentially be a device between the two that is performing SSL Inspection, or interfering with the encrypted connection between the two points. Using a utility like Test-NetConnection in Powershell, or telnet/curl from a Linux server can help with confirming TCP communication between the Agent and Manager are open. The article linked below gives a few steps for checking that connectivity and confirming TCP communication is functioning between the two components. When troubleshooting security update failures, the most common reason for the failure is due to network connectivity between the Deep Security Agent and the Deep Security Relay. If a Deep Security Agent is unable to communicate with the designated Deep Security Relay in the environment, the server has a risk of not running the latest Anti-Malware patterns, so this can be a higher priority issue. It’s not always necessary to manually uninstall the Agent, but the instructions include file locations, registry entries, and services to clean up, after a normal uninstall and reboot has been completed. Most of the time this problem is resolved by uninstalling, restarting, and re-installing/re-activating the Agent, as the troubleshooting steps in the first article referenced below states.įor a full walkthrough of cleaning up the Deep Security Agent from a Windows machine, refer to the third article linked below, which includes instructions for manually uninstalling the Deep Security Agent. From the Agent side, the Deep Security notifier app in the taskbar will show a status of “Driver Offline/Not Installed.” If the server reporting this error has not had the initial root certificate updates installed from Microsoft’s Updates, then the server must be patched, the Agent must be uninstalled, the server rebooted, and the Agent re-installed/re-activated. This problem typically occurs on Windows machines, where the Anti-Malware module has either not installed properly, or a driver/service is not running. This article looks at three of the most common issues that can occur when installing or updating agents. Common issues when installing or updating the agent
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |