Manually install the Deep Security Agent

For easier agent installation and activation, use a deployment script instead. For more information, see Use deployment scripts to add and protect computers.

Before installing the Deep Security Agent, you must import the software into Deep Security Manager and export the installer. See Get Deep Security Agent software.

After installation, the agent must be activated before it can protect its computer or be converted into a relay. See Activate the agent.

In this topic:

Install a Windows agent

  1. Copy the installer file to the computer.
  2. Double-click the installation file (.MSI file) to run the installer package.

    On Windows Server 2012 R2 Server Core, launch the installer using this command instead: msiexec /i Agent-Core-Windows-12.0.x-xxxx.x86_64.msi
  3. At the Welcome screen, click Next to begin the installation.
  4. End-User License Agreement: If you agree to the terms of the license agreement, select I accept the terms of the license agreement and click Next.
  5. Destination Folder: Select the location where you would like Deep Security Agent to be installed and click Next.
  6. Ready to install Trend Micro Deep Security Agent: Click Install to proceed with the installation.
  7. Completed: when the installation has completed successfully, click Finish.

The Deep Security Agent is now installed and running on this computer, and will start every time the machine boots.

When installing the agent on Windows 2012 Server Core, the notifier will not be included.
During an install, network interfaces will be suspended for a few seconds before being restored. If you are using DHCP, a new request will be generated, potentially resulting in a new IP address for the restored connection.

Installation on Amazon WorkSpaces

  • If you are unable to install Deep Security Agent .msi file due to error code ‘2503’ then you must do one of the following:
    • Edit your C:\Windows\Temp folder and allow the write permission for your user
      OR
    • Open the command prompt as an administrator and run the .msi file

Amazon has fixed this issue for newly-deployed Amazon WorkSpaces.

Installation on Windows 2012 Server Core

  • Deep Security does not support switching the Windows 2012 server mode between Server Core and Full (GUI) modes after the Deep Security Agent is installed.
  • If you are using Server Core mode in a Hyper-V environment, you will need to use Hyper-V Manager to remotely manage the Server Core computer from another computer. When the Server Core computer has the Deep Security Agent installed and Firewall enabled, the Firewall will block the remote management connection. To manage the Server Core computer remotely, turn off the Firewall module.
  • Hyper-V provides a migration function used to move a guest VM from one Hyper-V server to another. The Deep Security Firewall module will block the connection between Hyper-V servers, so you will need to turn off the Firewall module to use the migration function.

Install a Red Hat, SUSE, Oracle Linux, or Cloud Linux agent

  1. Copy the installer file to the computer.
  2. Install the agent.

    # sudo rpm -i <package name>

    Preparing... ########################################## [100%]

    1:ds_agent ########################################## [100%]

    Loading ds_filter_im module version ELx.x [ OK ]

    Starting ds_agent: [ OK ]

    To upgrade from a previous install, use "rpm -U" instead. This will preserve your profile settings.

    The Deep Security Agent will start automatically upon installation.

Install an Ubuntu or Debian agent

  1. Go to Administration > Updates > Software > Download Center.
  2. Import the agent package into Deep Security Manager.
  3. , and then export the installer (.deb file).
  4. Copy the installer file to the computer.
  5. Install the agent.

    sudo dpkg -i <installer file>

To start, stop, or reset the agent:

  • Start: : /etc/init.d/ds_agent start
  • Stop: /etc/init.d/ds_agent stop
  • Reset: /etc/init.d/ds_agent reset
  • Restart: /etc/init.d/ds_agent restart
  • Display status: svcs -a | grep ds_agent

Install a Solaris agent

The Deep Security Agent installation is only supported in the global zone. Non-global zones are not supported.

Solaris requires the following libraries to be installed to support Deep Security Agent:

  • Solaris 10: SUNWgccruntime
  • Solaris 11: gcc-45-runtime
  1. Go to Administration > Updates > Software > Download Center.
  2. Import the agent package into Deep Security Manager.
  3. Export the installer file to the computer.
  4. Unzip the installer package.

    gunzip <installer package>

  5. Install the agent. Method varies by version and zones. File name varies by SPARC vs. x86.
    • Solaris 11, one zone (run in the global zone):

      x86: pkg update -g file:///mnt/Agent-Solaris_5.11-9.x.x-xxxx.x86_64/Agent-Core-Solaris_5.11-9.x.x-xxxx.x86_64.p5p pkg:/security/ds-agent

      SPARC: pkg update -g file:///mnt/Agent-Solaris_5.11-9.x.x-xxxx.x86_64/Agent-Solaris_5.11-9.x.x-xxxx.sparc.p5p pkg:/security/ds-agent

    • Solaris 11, multiple zones (run in the global zone):

      mkdir <path>

      pkgrepo create <path>

      pkgrecv -s file://<dsa core p5p file location> -d <path> '*'

      pkg set-publisher -g <path> trendmicro

      pkg update pkg://trendmicro/security/ds-agent

      pkg unset-publisher trendmicro

      rm -rf <path>

    • Solaris 10:

      x86: pkgadd -G -d Agent-Core-Solaris_5.10_U7-9.x.x-xxxx.x86_64.pkg

      SPARC: pkgadd -G -d Agent-Solaris_5.10_U7-9.x.x-xxxx.sparc.pkg

To start, stop, or reset the agent:

  • Start: svcadm enable ds_agent
  • Stop: svcadm disable ds_agent
  • Reset: /opt/ds_agent/dsa_control -r
  • Restart: svcadm restart ds_agent
  • Display status: svcs -a | grep ds_agent

To uninstall the agent on Solaris 11:

pkg uninstall pkg:/security/ds-agent

To uninstall the agent on Solaris 10:

pkgrm -v ds-agent

Install an AIX agent

  1. Log in as Root.
  2. Copy the installer file to the computer.
  3. Copy the package to a temporary folder such as /tmp.
  4. Unzip the installer package.

    /tmp> gunzip <installer package>

  5. Install the agent.

    /tmp> installp -a -d /tmp/Agent-AIX_x.x-x.x.x-xxxx.powerpc.bff ds_agent

To start, stop, load, or unload the driver for the agent:

  • Start: startsrc -s ds_agent
  • Stop: stopsrc -s ds_agent
  • Load the driver: /opt/ds_agent/ds_fctrl load
  • Unload the driver: /opt/ds_agent/ds_fctrl unload

Install the agent on a Microsoft Azure VM

To install the agent on VM instances running in the Microsoft Azure cloud, you need to deploy Deep Security Agents to them. You can do this in multiple ways:

Generate and run a deployment script

You can generate Deep Security deployment scripts for automatically deploying agents using deployment tools such as RightScale, Chef, Puppet, and SSH.

For more information on how to do so, see Use deployment scripts to add and protect computers.

Add a custom script extension to an existing virtual machine

You can also add a custom script extension to an existing virtual machine to deploy and activate the Deep Security Agent. To do this, navigate to your existing virtual machine in the Azure management portal and follow the steps below to upload and execute the deployment script on your Azure VM.

  1. Log in to the Azure portal.
  2. Switch to the preview portal, and then click the virtual machine that you want to add the custom script to.
  3. In the Settings blade, click Extensions, in the Extensions blade, click Add extension, in the New Resource blade, select Custom Script, and then click Create.
  4. In the Add Extension blade under Script File (required), click upload, select the saved .ps1 deployment script, and then click OK.

Upload custom script to Azure