Error: Anti-malware Engine Offline

This error can occur for a variety of reasons. To resolve the issue, follow the instructions below for the mode of protection that is being used:

• Agent-based protection
• Agentless protection

Agent-based protection

In addition to these steps, also take the following steps that are specific to agents that are running on Windows or Linux.

1. In Deep Security Manager, check for other errors on the same machine. If errors exist, there could be other issues that are causing your anti-malware engine to be offline, such as communications or agent installation failure.
2. Check communications from the agent to the relay and the Deep Security Manager.
3. In Deep Security Manager, view the details for the agent with the issue. Verify that the policy or setting for anti-malware is turned on, and that the configuration for each scan (real-time, manual, scheduled) is in place and active. Review the "General" section in Anti-malware settings for more information.
4. Deactivate and uninstall the agent before reinstalling and re-activating it. See Uninstalling agents and Activate the agent for more information.
5. In Deep Security Manager, go to the Updates section for that computer. Verify that the Security Updates are present and current. If not, click Download Security Updates to initiate an update.
6. Check if there are conflicts with another anti-virus product, such as OfficeScan. If conflicts exist, uninstall the other agent and Deep Security Agent, reboot, and reinstall the Deep Security Agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan (OSCE).

Agents on Windows

1. Verify that these services are running:
   • Trend Micro Deep Security Agent
   • Trend Micro Solution Platform
2. Verify that all anti-malware related drivers are running properly by running these commands:
   • # sc query AMSP
   • # sc query tmcomm
   • # sc query tmactmon
   • # sc query tmevtmgr

   If a driver is not running, restart the Trend Micro services. If it is still not running, continue with the following steps below.

3. Verify the installation method. Only install the MSI, not the zip file.
4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Deep Security Agent, Relay, and Notifier from Windows
5. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see "Anti-Malware Driver offline” status occurs due to Comodo certificate issue.
6. All instances and virtual machines deployed from a catalog or vApp template from vCloud Director are given the same BIOS UUID. Deep Security distinguishes different VMs by there BIOS UUID, so a duplicate value in the vCenter causes an Anti-Malware Engine Offline error. To resolve the issue, see VM BIOS UUIDs are not unique when virtual machines are deployed from vApp templates (2002506).

Agents on Linux

1. To check that the agent is running, enter the following command in the command line:
   • service ds_agent status
2. If you're using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).

If the problem is still unresolved after following these instructions, create a diagnostic package and contact support. For more information, see Create a diagnostic package.

Agentless protection

1. In the Deep Security Manager, verify synchronization with vCenter and NSX.
   Go to Computers . Right-click your vCenter and then select Properties. Click Test Connection. Then go to the NSX tab and test the connection. If the certificate has changed, click Add/Update Certificate.
2. Log into the NSX manager and verify that it is syncing to vCenter properly.
3. Log into your vSphere client. Go to Network & Security > Installation > Service Deployments. Check for errors with Trend Micro Deep Security and Guest Introspection, and resolve any that are found.
4. In vSphere client, go to Network & Security > Service Composer. Verify that the security policy is assigned to the appropriate security group.
5. Verify that your VMware tools are compatible with Deep Security. For more information, see VMware Tools 10.x Interoperability Issues with Deep Security.
6. Verify that the File Introspection Driver (vsepflt) is installed and running on the target VM. As an admin, run sc query vsepflt at the command prompt.
7. All instances and virtual machines deployed from a catalog or vApp template from vCloud Director are given the same BIOS UUID. Deep Security distinguishes different VMs by there BIOS UUID, so a duplicate value in the vCenter causes an Anti-Malware Engine Offline error. To resolve the issue, see VM BIOS UUIDs are not unique when virtual machines are deployed from vApp templates (2002506).
8. If the problem is still unresolved, open a case with support with:
   • Diagnostic package from each Deep Security Manager. For more information, see Create a diagnostic package.
   • Diagnostic package from the Deep Security Virtual Appliance.
   • vCenter support bundle for the effected hosts.