Deep Security 11.3 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Get Deep Security Agent software
To install Deep Security Agent, you must download the agent installer and load packages for the agent's protection modules into Deep Security Manager. To view a list of software that has been imported into Deep Security Manager, go to Administration > Updates > Software > Local.
Deep Security is modular. Initially, Deep Security Agent only has core functionality. When you enable a protection module, then the agent downloads that plug-in and installs it.
Even if you use a third party deployment system, you must import all installed Deep Security Agent software into the Deep Security Manager's database. When a Deep Security Agent is first activated, it only installs protection modules that are currently enabled in the security policy. If you enable a new protection module later, Deep Security Agent will try to download its plug-in from Deep Security Manager. If that software is missing, the agent may not be able to install the protection module.
Once you import the agent installer package, depending on your preferred deployment method, you can then export and load the installers into a third party deployment system such as Ansible, Chef, or Puppet which will install it on your computers.
Even if you don't use Deep Security Manager to deploy agent updates, you should still import the software into the Deep Security Manager's database. You can do this manually or automatically.
Automatically import software updates
You can configure Deep Security Manager to automatically download any updates to software that you've already imported into Deep Security. To enable this feature, go to Administration > System Settings > Updates and select Automatically download updates to imported software.
Manually import software updates
You can manually import software updates as they become available on the Download Center.
In Deep Security Manager, go to Administration > Updates > Software > Download Center.
The Trend Micro Download Center displays the latest versions of agent software.
To download your agent software package to the manager's local storage, select the installer from the list, and then click Import .
Deep Security Manager connects to the internet to download the software from Trend Micro. When the manager has finished, a green check mark will appear in the Imported column for that agent. Software packages will appear on Administration > Updates > Software > Local.
If a package cannot be imported directly, a popup note will indicate that. For these packages, download them from the Trend Micro Download Center website to a local folder, then go to Administration > Updates > Software > Local and manually import them.Alternatively, if your Deep Security Manager is "air-gapped" (not connected to the Internet) and cannot connect directly to the Download Center web site, you can load them indirectly. Download the ZIP packages to your management computer first, and then log into the Deep Security Manager and upload them.
You can download the agent installer from Deep Security Manager.
- In Deep Security Manager, go to Administration > Updates > Software > Local.
- Select your agent from the list.
Click Export > Export Installer.
If you have older versions, the latest version of the software will have a green check mark in the Is Latest column.
- Save the agent installer. If you will install the agent manually, save it on the computer where you want to install Deep Security Agent. Otherwise, if you use a third party deployment system (such as Ansible, Chef, Puppet, PowerShell, or others), load the agent installer into that system.
To save disk space, Deep Security Manager will periodically remove unused packages from the Deep Security database. To configure the maximum number of old packages kept, go to System Settings > Storage.
There are two types of packages that can be deleted:
- kernel support
Deleting agent packages in single-tenancy mode
In single tenancy mode, Deep Security automatically deletes agent packages (Agent-platform-version.zip) that are not currently being used by agents. Alternatively, you can manually delete unused agent packages. Only unused software packages can be deleted.
Deleting agent packages in multi-tenancy mode
In multi-tenancy mode, unused agent packages (Agent-platform-version.zip) are not deleted automatically. For privacy reasons, Deep Security cannot determine whether software is currently in use by your tenants, even though you and your tenants share the same software repository in the Deep Security database. As the primary tenant, Deep Security does not prevent you from deleting software that is not currently running on any of your own account's computers, but before deleting a software package, be very sure that no other tenants are using it.
Deleting kernel support packages
In both single and multi-tenancy mode, Deep Security automatically deletes unused kernel support packages (KernelSupport-platform-version.zip). A kernel support package can be deleted if both of these conditions are true:
- No agent package has the same group identifier.
- Another kernel support package has the same group identifier and a later build number.
You can also manually delete unused kernel support packages. For Linux kernel support packages, only the latest one cannot be deleted.