Deep Security 10.3 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Enable or disable agent self-protection
To update or uninstall Deep Security Agent or Relay, or to create a diagnostic package for support (see Create a diagnostic package), you must temporarily disable agent self-protection.
Agent self-protection prevents local users from tampering with the agent. When enabled, if a user tries to tamper with the agent, the GUI will display a message such as "Removal or modification of this application is prohibited by its security settings".
You can configure agent self-protection using either the GUI for Deep Security Manager, or the command line on the agent's computer.
Via Deep Security Manager
- Open the Computer or Policy editor
where you want to enable agent self-protection.
- Click Settings > General.
- In the Agent Self-Protection section, for Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, select Yes.
- To password-protect agent self protection, for Local override requires password, select Yes and type the password.
- Click Save.
- To disable the setting, select No. Click Save.
Via command line
- Log in to the Windows computer locally.
- Open the Command Prompt (cmd.exe) as Administrator.
-
Change the current directory to the Deep Security Agent installation folder. (The default install folder is shown below.)
cd C:\Program Files\Trend Micro\Deep Security\Agent
-
Enter this command:
dsa_control --selfprotect=1 --passwd=<password>
where <password> is a password that will be required in order to override this setting. (See Command-line basics.) The password is optional, but strongly recommended.
Store this password in a safe location. If you lose or forget the password you will have to contact your support provider for assistance in overriding this protection. -
To disable the setting, enter this command:
dsa_control –s=0 –p "<password>"