Supported features by platform

The tables below list the features available for each OS platform of Deep Security Agent 12.0 and the Deep Security Virtual Appliance:

Microsoft Windows (12.0 agent)
Red Hat Enterprise Linux (12.0 agent)
CentOS Linux (12.0 agent)
Oracle Linux (12.0 agent)
SUSE Linux (12.0 agent)
Ubuntu Linux (12.0 agent)
Debian Linux (12.0 agent)
CloudLinux (12.0 agent)
Amazon Linux (12.0 agent)
Solaris (12.0 agent)
AIX (12.0 agent)
Deep Security Virtual Appliance 12.0 (NSX) supported guest OS's

Older agents are compatible with other platforms (although they don't support new features). See their Deep Security Agent platforms, Deep Security Agent release notes, and supported features lists:

Deep Security Agent 10.0 (and newer) supported features: In the drop-down menu above, select that version of Deep Security.
Deep Security Agent 9.6 Service Pack 1 supported features

Microsoft Windows (12.0 agent)

Deep Security Agent is supported with both Full/Desktop Experience and Server Core installations of Windows Server 2012 and later (any exceptions for particular features are noted in the table below). For Windows Server 2008 and 2008 R2, only Full installations are supported.

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Services, Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Services, Processes, Listening Ports
Windows 7 (32‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔
Windows 7 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows 7 Embedded (32‑bit) (³)	✔	✔	✔	✔	✔	✔	✔	✔	✔				✔	✔	✔	✔		✔
Windows 8 (32‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔
Windows 8 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows 8.1 (32‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔
Windows 8.1 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows 8.1 Embedded (32‑bit) (³)	✔	✔	✔	✔	✔	✔	✔	✔	✔				✔	✔	✔	✔		✔
Windows 10 (32‑bit) (²)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔
Windows 10 (64‑bit) (²)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows 10 IoT Enterprise 2019 LTSC (32- and 64-bit) (³)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows 10 IoT Enterprise 2021 LTSC (64-bit) (³)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows Server 2008 (32‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔
Windows Server 2008 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔		✔	✔
Windows Server 2008 R2 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔ (¹)	✔(¹)	✔	✔	✔	✔	✔	✔	✔	✔	✔
Windows Server 2012 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔ (¹)(⁵)	✔ (¹)(⁵)	✔	✔	✔	✔	✔	✔ (⁵)	✔	✔		✔
Windows Server 2012 R2 (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔ (¹)	✔ (¹)	✔	✔	✔	✔	✔	✔	✔	✔	✔ (⁵)	✔
Windows Server 2016 (LTSC, version 1607) (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔ (¹)	✔ (¹)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
Windows Server Core (SAC, version 1709) (64‑bit)) (²)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔ (¹)	✔ (¹)	✔	✔	✔	✔	✔	✔	✔	✔		✔
Windows Server 2019 (LTSC, version 1809) (64‑bit)	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔ (¹)	✔ (¹)	✔	✔	✔	✔	✔	✔	✔	✔		✔

FIPS mode for Windows Desktop platforms may work, but is not supported.

Red Hat Enterprise Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
Red Hat Enterprise Linux 6 (32‑bit)	✔ (⁴)				✔		✔	✔	✔			✔	✔		✔	✔		✔
Red Hat Enterprise Linux 6 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔	✔
Red Hat Enterprise Linux 7 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔	✔	✔
Red Hat Enterprise Linux 8 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

CentOS Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
CentOS 6 (32‑bit)	✔(⁴)				✔		✔	✔	✔			✔	✔		✔	✔		✔
CentOS 6 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
CentOS 7 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔		✔
CentOS 8 (64-bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

Oracle Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
Oracle Linux 6 (32‑bit)					✔		✔	✔	✔			✔	✔		✔	✔		✔
Oracle Linux 6 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Oracle Linux 7 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Oracle Linux 8 (64-bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

SUSE Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
SUSE Linux Enterprise Server 11 SP1, SP2, SP3 (32‑bit)	✔(⁴)				✔		✔	✔	✔			✔	✔		✔	✔		✔
SUSE Linux Enterprise Server 11 SP1, SP2, SP3, SP4 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔			✔	✔		✔	✔		✔	✔	✔
SUSE Linux Enterprise Server 12 SP1, SP2, SP3, SP4, SP5 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔	✔
SUSE Linux Enterprise Server 15 SP1, SP2, SP3 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

Ubuntu Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
Ubuntu 16.04 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Ubuntu 18.04 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Ubuntu 20.04 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

Debian Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
Debian 7 (64‑bit)					✔	✔	✔	✔	✔			✔	✔		✔	✔		✔	✔
Debian 8 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Debian 9 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Debian 10 (64-bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Debian 11 (64-bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

CloudLinux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
CloudLinux 7 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
CloudLinux 8 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

Amazon Linux (12.0 agent)

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
Amazon Linux (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔
Amazon Linux 2 (64‑bit)	✔(⁴)				✔	✔	✔	✔	✔	✔ (¹)		✔	✔		✔	✔	✔	✔	✔

Solaris (12.0 agent)

See How does agent protection work for Solaris zones? for more on how protection works between Solaris zones.

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
Solaris					✔	✔	✔	✔	✔			✔	✔		✔	✔		✔

AIX (12.0 agent)

For a list of supported AIX versions, see Deep Security Agent platforms.

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Processes, Listening Ports
AIX							✔	✔	✔			✔	✔		✔	✔		✔

Deep Security Virtual Appliance 12.0 (NSX) supported guest OS's

Deep Security Virtual Appliance can protect guest VMs running OS's from the vendors shown in the table below. From within those vendors, the appliance supports all OS's that VMware supports. For the list of OS's that VMware supports, see this VMware Compatibility search tool. When using the tool, make sure that:

What are you looking for? is set to Guest OS.
OS Vendor is set to one of the supported vendors listed in the table below.

If you are using combined mode, any guest VMs with an agent installed must be supported by the agent. For a list of OS's supported by the agent, see Supported features by platform.

The list of supported features varies not only by platform, as shown in the table below, but also by NSX license type. For details on which features are supported by your NSX license, see VMware deployments with the virtual appliance and NSX.

	Anti-Malware					Web Reputation Service	Firewall	Intrusion Prevention System		Integrity Monitoring						Log Inspection	Application Control	Recommen- dation Scan	Relay	Scanner	FIPS mode
	Real-time				On-demand					Real-time			On-demand
	Feature set 1	Process memory scan, Registry scan	Behavior monitoring	Predictive Machine Learning	Feature set 1			Unencrypted Traffic	SSL Encrypted Traffic	File Scans	Directory Scans	Scans of Running Services, Processes, Listening Ports	File and Directory Scans	Registry Scans	Scans of Running Services, Processes, Listening Ports
OS vendors supported by the appliance on NSX Data Center for VSphere (NSX-V)
Microsoft Windows	✔			✔	✔	✔	✔	✔					✔					✔			N/A
Red Hat Enterprise Linux						✔	✔	✔													N/A
CentOS Linux						✔	✔	✔													N/A
Oracle Linux						✔	✔	✔													N/A
SUSE Linux						✔	✔	✔													N/A
Ubuntu Linux						✔	✔	✔													N/A
Debian Linux						✔	✔	✔													N/A
OS vendors supported by the appliance on NSX-T Data Center (NSX-T)
Microsoft Windows	✔			✔	✔																N/A

Feature set 1 includes signature-based file scanning, spyware scanning, and document exploit protection.

(¹) This platform supports enhanced real-time integrity monitoring. It uses the application control driver to provide file monitoring and captures information about who made changes to a monitored file.

(²) Microsoft releases regular, semi-annual releases for Microsoft Windows 10 and Windows Server Core. For details about which specific releases are supported, see Deep Security Support for Windows 10 and Deep Security Support for Windows Server Core.

(³) All Trend Micro testing on Windows Embedded platforms is performed in a virtualized environment. Because these operating systems are typically run on custom hardware (for example, on point-of-sale terminals), customers must plan to thoroughly test on their target hardware platform prior to deployment in a production environment. In addition, before raising support cases, customers should attempt to reproduce problems in a virtualized environment because this is the environment the Trend Micro support team has available. If the issue is specific to deployments on custom hardware, Trend Micro may require the customer to provide us with remote access to a suitable environment before we can fully respond to support cases. Note that Windows 10 IoT was formerly named Windows 10 Embedded, and is therefore included in the list of Windows Embedded platforms.

(⁴) Real-time Anti-Malware support on Linux: Real-time Anti-Malware scanning is highly dependent on the file system hooking implementation, so file system incompatibility can cause issues with this feature. The following table shows which file systems are compatible with the feature:

File system type		Deep Security Agent version
File system type		12.0	11.3	11.2	11.1	11.0	10.3	10.2	10.1	10.0	9.6
Disk file systems	ext2	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	ext3	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	ext4	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	XFS	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	Btrfs	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	VFAT	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
Optical discs	ISO 9660	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
Special file systems	tmpfs	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	aufs	✔	✔	✔	✔	✔	✔	✔	✔	✔
	OverlayFS	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
Network file systems (see Note, below)	NFSv3	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	NFSv4	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	SMB	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	CIFS	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
	FTP	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔

To protect network file systems, you must select Enable network directory scan in the malware scan configuration. For information, see Scan a network directory (real-time scan only).

(⁵) This feature is available only with Full/Desktop Experience installations. It is not supported with Server Core installations.