Local software

The Local Software page lists the software that has been imported into Deep Security.

Software must be imported from the Trend Micro Download Center into the Deep Security database for it to be available to the computers on your network. When an alert is raised that the software on a computer is out of date, it is because a more recent version of the agent or appliance software is available locally in Deep Security. That is, the check is made against the local inventory, not against what is available on the Download Center. There is a separate alert for new software on the Download Center.

To install a Deep Security Agent or Deep Security Virtual Appliance on a computer, you first have to import the software from the Download Center into Deep Security and then extract the installer package.

From the Local Software page, you can:

  • Import () a Software Update
  • Delete () a Software Update
  • View the Properties () of a Software Update
  • Export () a Package or Installer
  • Generate Deployment Scripts for the installation of Agents on computers

Import a software update

Under normal circumstances, software is imported from the Download Center either automatically, or manually from the Administration > Updates > Software > Download Center page. Use this Import function to manually import software from locations other than the Trend Micro Download Center.

Delete a software update

Delete a software package from the Deep Security database.

The Deep Security database must contain a copy of all software currently installed on managed computers. When a Deep Security Agent is first activated, only those protection modules that are "On" in the security policy being applied are installed on the computer. If you turn on a protection module at a later time, Deep Security will retrieve the plug-in for the new security module from the agent software package in the database to install it on the computer. If that software is missing, the security module plug-in cannot be installed.

To save space, Deep Security will periodically remove unused packages from the Deep Security database. There are two types of packages that can be deleted: agent packages and Kernel support packages.

The Deep Security Virtual Appliance relies on the protection module plug-ins found in the 64-bit Red Hat Enterprise Linux Agent software package. If you have an activated Deep Security Virtual Appliance and try to delete a 64-bit Red Hat Enterprise Linux Agent, you will get an error message telling you the software is in use.

Deleting agent packages in single-tenancy mode

In single tenancy mode, Deep Security automatically deletes agent packages (Agent-platform-version.zip) that are not currently being used by agents. The number of old software packages kept in the database is configured on the System Settings > Storage tab. You can also manually delete unused agent packages. If you try to delete software that is being used on one of your managed computers, you will get a warning and be unable to delete the software.

For the Windows and Linux Agent packages, only the in-use package (whose version is the same as the Agent Installer) cannot be deleted.

Deleting agent packages in multi-tenancy mode

In multi-tenancy mode, unused agent packages (Agent-platform-version.zip) are not deleted automatically. For privacy reasons, Deep Security cannot determine whether software is currently in use by your tenants, even though you and your tenants share the same software repository in the Deep Security database. As the primary tenant, Deep Security will not prevent you from deleting software that is not currently running on any of your own account's computers, but before deleting a software package, be very sure that no other tenants are using it.

For Linux Kernel Support packages, only the latest one cannot be deleted.

Deleting Kernel support packages

In both single and multi-tenancy mode, Deep Security automatically deletes unused Kernel support packages (KernelSupport-platform-version.zip). The number of old packages kept in the database is configured on the System Settings > Storage tab. A Kernel support package can be deleted if both of these conditions are true:

  • There is no agent package with the same group identifier.
  • There is another Kernel support package with the same group identifier and a later build number.

You can also manually delete unused Kernel support packages.

View the properties of a software update

The Properties window for a software update displays:

General Information

  • Name: the name of the Software Update file
  • Platform: the operating system the software is built for
  • Version: the version number of the Software Update
  • Fingerprint: The digital fingerprint of the file.
  • Imported: the date the Rule Update was imported into Deep Security
  • Notes: any miscellaneous notes you wish to attach to the file


Export Package: This option will export the entire software package. Use this option to export software for use with an optional Update Web Server. (Update Web Servers are web servers under your control which can be used as software distribution points instead of Relays. Update Web Servers are configured on the Administration > System Settings > Updates tab. For more information on Update Web Servers, see Update Deep Security software.)

Export Installer: This option extracts the core Agent installer from the Agent package. The core Agent installer is used to install the core Agent software on a computer. It is a lightweight package that does not contain any of the plug-ins required for any of the Protection Modules. When you activate the Agent and turn on a Protection Module, Deep Security Manager retrieves the required plug-in from the software package in the Deep Security database and sends it out to the Agent to be installed on the computer.

Generate Deployment Scripts

Installing an Agent, activating it, and applying protection with a Security Policy is multi-step process that can be scripted from the command line on the computer you want to protect. The Deployment Script Generator tool will generate a customized script to be run on the computer which will download the Agent software from the Deep Security Manager, install and activate it, and then apply a Security Policy. For information on using the Deployment Script Generator, see Use a deployment script.