Install the agent
Topics:
Install the agent manually
Before you begin, make sure you have:
- Reviewed the agent's system requirements. See Deep Security Agent requirements.
- Windows only: Coexistence of Deep Security Agent with Microsoft Defender Antivirus
- Allowed inbound and outbound communication to and from the agent on the appropriate port numbers. See Deep Security port numbers.
- Imported the agent software into the manager. See Import agent software.
- Exported the agent software from the manager. See Export the agent installer.
Next, install the agent. Follow the instructions for your platform.
- Copy the agent ZIP to the computer and extract it.
-
Double-click the installation file (.MSI file) to run the installer package.
On Windows Server 2012 R2 Server Core, launch the installer using this command instead: msiexec /i Agent-Core-Windows-12.x-xxxx.x86_64.msi - At the Welcome screen, click Next to begin the installation.
- End-User License Agreement: If you agree to the terms of the license agreement, select I accept the terms of the license agreement and click Next.
- Destination Folder: Select the location where you would like Deep Security Agent to be installed and click Next.
- Ready to install Trend Micro Deep Security Agent: Click Install to proceed with the installation.
- Completed: when the installation has completed successfully, click Finish.
The Deep Security Agent is now installed and running on this computer, and will start every time the machine boots.
Installation on Amazon WorkSpaces
- If you are unable to install Deep Security Agent .msi file due to error code ‘2503’ then you must do one of the following:
- Edit your C:\Windows\Temp folder and allow the write permission for your user
OR - Open the command prompt as an administrator and run the .msi file
- Edit your C:\Windows\Temp folder and allow the write permission for your user
Amazon has fixed this issue for newly-deployed Amazon WorkSpaces.
Installation on Windows 2012 Server Core
- Deep Security does not support switching the Windows 2012 server mode between Server Core and Full (GUI) modes after the Deep Security Agent is installed.
- If you are using Server Core mode in a Hyper-V environment, you will need to use Hyper-V Manager to remotely manage the Server Core computer from another computer. When the Server Core computer has the Deep Security Agent installed and Firewall enabled, the Firewall will block the remote management connection. To manage the Server Core computer remotely, turn off the Firewall module.
- Hyper-V provides a migration function used to move a guest VM from one Hyper-V server to another. The Deep Security Firewall module will block the connection between Hyper-V servers, so you will need to turn off the Firewall module to use the migration function.
- Copy the agent ZIP to the computer and extract it.
- Install the agent.
# sudo rpm -i <package name>
Preparing... ########################################## [100%]
1:ds_agent ########################################## [100%]
Loading ds_filter_im module version ELx.x [ OK ]
Starting ds_agent: [ OK ]
The Deep Security Agent will start automatically upon installation.
- Copy the agent ZIP to the computer and extract it.
-
Install the agent.
sudo dpkg -i <installer deb file>
To start, stop, or reset the agent:
Using SysV init scripts:
- Start: : /etc/init.d/ds_agent start
- Stop: /etc/init.d/ds_agent stop
- Reset: /etc/init.d/ds_agent reset
- Restart: /etc/init.d/ds_agent restart
- Display status: svcs -a | grep ds_agent
Using systemd commands:
- Start: systemctl start ds_agent
- Stop: systemctl stop ds_agent
- Restart: systemctl restart ds_agent
- Display status: systemctl status ds_agent
The Deep Security Agent installation is only supported in the global zone.
Solaris requires the following libraries to be installed to support Deep Security Agent:
Solaris 10: SUNWgccruntime
Solaris 11.0 - 11.3: gcc-45-runtime
Solaris 11.4: none; gcc-c-runtime version 7.3 is installed by default
- Copy the agent installer package to the computer where you want to install the agent.
- Unzip the ZIP file.
- Unzip the GZ file.
gunzip <agent_GZ_file>
The agent installer file (P5P or PKG) is now available.
- Install the agent. Some examples of installation commands are provided below. Alter the commands to suit your Solaris version, Solaris zone, Solaris processor, and Deep Security agent package name.
- On Solaris 11, with one zone, run the following command in the global zone:
x86: pkg install -g file:///mnt/Agent-Solaris_5.11-xx.x.x-xxxx.x86_64/Agent-Core-Solaris_5.11-xx.x.x-xxxx.x86_64.p5p pkg:/security/ds-agent
SPARC: pkg install -g file:///mnt/Agent-Solaris_5.11-xx.x.x-xxxx.sparc/Agent-Core-Solaris_5.11-xx.x.x-xxxx.sparc.p5p pkg:/security/ds-agent
- On Solaris 11, with multiple zones, run the following command in the global zone:
mkdir <path>
pkgrepo create <path>
pkgrecv -s file://<path_to_agent_p5p_file> -d <path> '*'
pkg set-publisher -g <path> trendmicro
pkg install pkg://trendmicro/security/ds-agent
pkg unset-publisher trendmicro
rm -rf <path>
- On Solaris 10, run one of these commands:
x86: pkgadd -G -d Agent-Core-Solaris_5.10_Ux-xx.x.x-xxx.x86_64.pkg
SPARC: pkgadd -G -d Agent-Core-Solaris_5.10_Ux-xx.x.x-xxx.sparc.pkg
- On Solaris 11, with one zone, run the following command in the global zone:
To start, stop, or reset the agent:
- Start: svcadm enable ds_agent
- Stop: svcadm disable ds_agent
- Reset: /opt/ds_agent/dsa_control -r
- Restart: svcadm restart ds_agent
- Display status: svcs -a | grep ds_agent
To uninstall the agent on Solaris 11:
pkg uninstall pkg:/security/ds-agent
To uninstall the agent on Solaris 10:
pkgrm -v ds-agent
- Copy the agent ZIP to the computer and extract it. A GZ file becomes available.
- Move the GZ file to another location.
- Extract the GZ file using gunzip. A BFF file becomes available. This is the installer file.
- Copy the BFF file to the AIX computer.
- Place the BFF file in a temporary folder such as /tmp.
- Install the agent.
/tmp> installp -a -d /tmp/<agent_BFF_file_name> ds_agent
where <agent_BFF_file_name> is replaced with the name of the BFF installer file you extracted.
To start, stop, load, or unload the driver for the agent:
- Start: startsrc -s ds_agent
- Stop: stopsrc -s ds_agent
- Load the driver: /opt/ds_agent/ds_fctrl load
- Unload the driver: /opt/ds_agent/ds_fctrl unload
Before you begin:
- Ensure that you have helm v3 or newer installed.
- Make sure you have imported the agent software to Deep Security Manager. See Get Deep Security Agent software for details.
- Ensure that you have enabled agent-initiated activation (AIA). AIA is required if you want your deployment script to activate the agent after installation. See Activate and protect agents using agent-initiated activation and communication for details.
Installing the agent:
- From the Deep Security console, in the upper right corner, click Support > Deployment Scripts.
- Select OpenShift Agent Deployment.
- (optional) Select the options for Security Policy, Computer Group, Relay Group, Proxy to contact Deep Security Manager, and Proxy to contact Relay(s).
The deployment script generator displays the script. - Do one of the following:
- Click Copy to Clipboard and paste the deployment script in your preferred deployment tool
- Click Save to File.
Install the agent using other methods
If you don't want to install the agent manually, you can use one of the methods described below.
- Deployment scripts: Generate deployment scripts within the manager and use them to install the agent. For details, see Use deployment scripts to add and protect computers
- Deep Security API: Use the API to generate deployment scripts to automate the installation of the agent on a computer. See Use Scripts to Deploy Deep Security Manager and Agent on the Deep Security Automation Center.
- SCCM: Use Microsoft System Center Configuration Manager (SCCM) to install an agent, activate it, and apply a policy. To use SCCM, go to Administration > System Settings > Agents and enable agent-initiated activation.
- Template: Include the agent in your VM template. See Install the agent on an AMI or WorkSpace bundle.
Post-installation tasks
After you install the agent, you must perform the following post-installation tasks, if they were not already completed as part of the installation process: