Error: Activity Monitoring Engine Offline

To resolve this error:

  1. In Deep Security Manager, look for other errors on the same machine. If errors exist, other issues could cause your Activity Monitoring engine to be offline, such as communications or agent installation failure.
  2. Check communications from the agent to the Deep Security Relay and Deep Security Manager.
  3. In Deep Security Manager, view the details for the agent with the issue. Verify that the policy or setting for Activity Monitoring is enabled.
  4. Deactivate and uninstall the agent before reinstalling and reactivating it. See Uninstall Deep Security and Activate the agent for more information.
  5. In Deep Security Manager, go to Updates for that computer and ensure that the Security Updates are present and current. If not, click Download Security Updates.
  6. Check if there are conflicts with another anti-virus product, such as OfficeScan. If conflicts exist, uninstall the other product and Deep Security Agent, reboot, and then reinstall Deep Security Agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan.

Agent on Windows

To troubleshoot the Deep Security Agent on Windows:

  1. Make sure the following services are running:
    • Trend Micro Deep Security Agent
    • Trend Micro Solution Platform
  2. Check that all the anti-malware related drivers are running properly by executing the following commands:

    For all versions of Deep Security Agent:

    • # sc query AMSP

    For Deep Security Agent 12.5 or earlier, also check:

    • # sc query tmcomm
    • # sc query tmactmon
    • # sc query tmevtmgr

    If a driver is not running, restart the Trend Micro services. If the driver is still not running, continue with the following steps:

  3. Verify the installation method. Only install the MSI file, not the ZIP file.
  4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Deep Security Agent, Relay, and Notifier from Windows
  5. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see Anti-Malware Driver offline status occurs due to Comodo certificate issue.

Agent on Linux

To troubleshoot the Deep Security Agent on Linux:

  1. To check that the agent is running, execute the following command:
    • service ds_agent status
  2. If you are using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).
    When a Linux kernal is not supported, the Activity Monitoring engine may remain partially functional and show a Warning rather than an Error. For details, see Warning: Activity Monitoring Engine has only Basic functions.

If the problem is still unresolved after following these instructions, create a diagnostic package and contact Trend Micro support. For more information, see Create a diagnostic package and logs.