Install the agent

Topics:

Install the agent manually
Install the agent using other methods
Post-installation tasks

Install the agent manually

Before you begin, make sure you have:

Reviewed the agent's system requirements. See Deep Security Agent requirements.
Windows only: Coexistence of Deep Security Agent with Microsoft Defender Antivirus
Allowed inbound and outbound communication to and from the agent on the appropriate port numbers. See Deep Security port numbers.
Imported the agent software into the manager. See Import agent software.
Exported the agent software from the manager. See Export the agent installer.

Next, install the agent. Follow the instructions for your platform.

Install the agent on Windows

Copy the agent ZIP to the computer and extract it.
Double-click the installation file (.MSI file) to run the installer package.

On Windows Server 2012 R2 Server Core, launch the installer using this command instead: msiexec /i Agent-Core-Windows-12.x-xxxx.x86_64.msi
At the Welcome screen, click Next to begin the installation.
End-User License Agreement: If you agree to the terms of the license agreement, select I accept the terms of the license agreement and click Next.
Destination Folder: Select the location where you would like Deep Security Agent to be installed and click Next.
Ready to install Trend Micro Deep Security Agent: Click Install to proceed with the installation.
Completed: when the installation has completed successfully, click Finish.

The Deep Security Agent is now installed and running on this computer, and will start every time the machine boots.

When installing the agent on Windows 2012 Server Core, the notifier will not be included.

During an install, network interfaces will be suspended for a few seconds before being restored. If you are using DHCP, a new request will be generated, potentially resulting in a new IP address for the restored connection.

Installation on Amazon WorkSpaces

If you are unable to install Deep Security Agent .msi file due to error code ‘2503’ then you must do one of the following:
- Edit your C:\Windows\Temp folder and allow the write permission for your user
  OR
- Open the command prompt as an administrator and run the .msi file

Amazon has fixed this issue for newly-deployed Amazon WorkSpaces.

Installation on Windows 2012 Server Core

Deep Security does not support switching the Windows 2012 server mode between Server Core and Full (GUI) modes after the Deep Security Agent is installed.
If you are using Server Core mode in a Hyper-V environment, you will need to use Hyper-V Manager to remotely manage the Server Core computer from another computer. When the Server Core computer has the Deep Security Agent installed and Firewall enabled, the Firewall will block the remote management connection. To manage the Server Core computer remotely, turn off the Firewall module.
Hyper-V provides a migration function used to move a guest VM from one Hyper-V server to another. The Deep Security Firewall module will block the connection between Hyper-V servers, so you will need to turn off the Firewall module to use the migration function.

Install the agent on Red Hat, Amazon, SUSE, Oracle, Alma, Rocky, Miracle, or Cloud Linux

Copy the agent ZIP to the computer and extract it.
Install the agent.
# sudo rpm -i <package name>
Preparing... ########################################## [100%]
1:ds_agent ########################################## [100%]
Loading ds_filter_im module version ELx.x [ OK ]
Starting ds_agent: [ OK ]
The Deep Security Agent will start automatically upon installation.

Install the agent on Ubuntu or Debian

Copy the agent ZIP to the computer and extract it.
Install the agent.

sudo dpkg -i <installer deb file>

To start, stop, or reset the agent:

Using SysV init scripts:

Start: : /etc/init.d/ds_agent start
Stop: /etc/init.d/ds_agent stop
Reset: /etc/init.d/ds_agent reset
Restart: /etc/init.d/ds_agent restart
Display status: svcs -a | grep ds_agent

Using systemd commands:

Start: systemctl start ds_agent
Stop: systemctl stop ds_agent
Restart: systemctl restart ds_agent
Display status: systemctl status ds_agent

Install the agent on Solaris

The Deep Security Agent installation is only supported in the global zone.

Solaris requires the following libraries to be installed to support Deep Security Agent:

Solaris 10: SUNWgccruntime

Solaris 11.0 - 11.3: gcc-45-runtime

Solaris 11.4: none; gcc-c-runtime version 7.3 is installed by default

Copy the agent installer package to the computer where you want to install the agent.
Unzip the ZIP file.
Unzip the GZ file.
gunzip <agent_GZ_file>
The agent installer file (P5P or PKG) is now available.
Install the agent. Some examples of installation commands are provided below. Alter the commands to suit your Solaris version, Solaris zone, Solaris processor, and Deep Security agent package name.
- On Solaris 11, with one zone, run the following command in the global zone:
  x86: pkg install -g file:///mnt/Agent-Solaris_5.11-xx.x.x-xxxx.x86_64/Agent-Core-Solaris_5.11-xx.x.x-xxxx.x86_64.p5p pkg:/security/ds-agent
  SPARC: pkg install -g file:///mnt/Agent-Solaris_5.11-xx.x.x-xxxx.sparc/Agent-Core-Solaris_5.11-xx.x.x-xxxx.sparc.p5p pkg:/security/ds-agent
- On Solaris 11, with multiple zones, run the following command in the global zone:
  mkdir <path>
  pkgrepo create <path>
  pkgrecv -s file://<path_to_agent_p5p_file> -d <path> '*'
  pkg set-publisher -g <path> trendmicro
  pkg install pkg://trendmicro/security/ds-agent
  pkg unset-publisher trendmicro
  rm -rf <path>
- On Solaris 10, run one of these commands:
  x86: pkgadd -G -d Agent-Core-Solaris_5.10_Ux-xx.x.x-xxx.x86_64.pkg
  SPARC: pkgadd -G -d Agent-Core-Solaris_5.10_Ux-xx.x.x-xxx.sparc.pkg

To start, stop, or reset the agent:

Start: svcadm enable ds_agent
Stop: svcadm disable ds_agent
Reset: /opt/ds_agent/dsa_control -r
Restart: svcadm restart ds_agent
Display status: svcs -a | grep ds_agent

To uninstall the agent on Solaris 11:

pkg uninstall pkg:/security/ds-agent

To uninstall the agent on Solaris 10:

pkgrm -v ds-agent

Install the agent on AIX

Copy the agent ZIP to the computer and extract it. A GZ file becomes available.
Move the GZ file to another location.
Extract the GZ file using gunzip. A BFF file becomes available. This is the installer file.
Copy the BFF file to the AIX computer.
Place the BFF file in a temporary folder such as /tmp.
Install the agent.
/tmp> installp -a -d /tmp/<agent_BFF_file_name> ds_agent
where <agent_BFF_file_name> is replaced with the name of the BFF installer file you extracted.

To start, stop, load, or unload the driver for the agent:

Start: startsrc -s ds_agent
Stop: stopsrc -s ds_agent
Load the driver: /opt/ds_agent/ds_fctrl load
Unload the driver: /opt/ds_agent/ds_fctrl unload

Install the agent on Red Hat OpenShift

Before you begin:

Ensure that you have helm v3 or newer installed.
Make sure you have imported the agent software to Deep Security Manager. See Get Deep Security Agent software for details.
Ensure that you have enabled agent-initiated activation (AIA). AIA is required if you want your deployment script to activate the agent after installation. See Activate and protect agents using agent-initiated activation and communication for details.

Installing the agent:

From the Deep Security console, in the upper right corner, click Support > Deployment Scripts.
Select OpenShift Agent Deployment.
(optional) Select the options for Security Policy, Computer Group, Relay Group, Proxy to contact Deep Security Manager, and Proxy to contact Relay(s).
The deployment script generator displays the script.
Do one of the following:
- Click Copy to Clipboard and paste the deployment script in your preferred deployment tool
- Click Save to File.

Install the agent using other methods

If you don't want to install the agent manually, you can use one of the methods described below.

Deployment scripts: Generate deployment scripts within the manager and use them to install the agent. For details, see Use deployment scripts to add and protect computers
Deep Security API: Use the API to generate deployment scripts to automate the installation of the agent on a computer. See Use Scripts to Deploy Deep Security Manager and Agent on the Deep Security Automation Center.
SCCM: Use Microsoft System Center Configuration Manager (SCCM) to install an agent, activate it, and apply a policy. To use SCCM, go to Administration > System Settings > Agents and enable agent-initiated activation.
Template: Include the agent in your VM template. See Install the agent on an AMI or WorkSpace bundle.

Post-installation tasks

After you install the agent, you must perform the following post-installation tasks, if they were not already completed as part of the installation process:

Activate the agent
Assign a policy to a computer