Command-line basics for agent tasks

This article includes some common command-line utilities that you can use to instruct agents to perform a number of actions.

In this article:

Activate an agent

To activate an agent from the command line you will need to know the tenant ID and password. You can get them from the Deployment script.

  1. In the top right-hand corner of Deep Security Manager, click Support > Deployment Scripts to display the Deployment Scripts Generator.
  2. Select your platform.
  3. Select Activate Agent automatically after installation.
  4. In the deployment script, locate the strings for tenantID and token.

Windows

In PowerShell: & $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -a <URL of the DSM> <tenantID> <token>

From DOS: C:\Windows\system32>"\Program Files\Trend Micro\Deep Security Agent\dsa_control" -a <URL of the DSM> <tenantID> <token>

Linux

/opt/ds_agent/dsa_control –a <URL of the DSM> <tenantID> <token>

Initiate a manual anti-malware scan

Windows

  1. Open a Command Prompt as Administrator.
  2. cd C:\Program Files\Trend Micro\Deep Security Agent\
  3. dsa_control -m "AntiMalwareManualScan:true"

Linux

/opt/ds_agent/dsa_control -m "AntiMalwareManualScan:true"

Force the agent to contact the Manager

This command will force the agent to contact the Manager.

Windows

In powershell: & "\Program Files\Trend Micro\Deep Security Agent\dsa_control" -m

From DOS: C:\Windows\system32>"\Program Files\Trend Micro\Deep Security Agent\dsa_control" -m

Linux

/opt/ds_agent/dsa_control –m

Reset the agent

This command will remove target agent's registration information and deactivate it.

Windows

In Powershell: & "\Program Files\Trend Micro\Deep Security Agent\dsa_control" –r

From DOS: C:\Windows\system32>"\Program Files\Trend Micro\Deep Security Agent\dsa_control" -r

Linux

/opt/ds_agent/dsa_control –r (resets the agent, meaning the registration information is removed from the agent)

Create a diagnostic package

Deep Security Technical Support might ask you to create a diagnostic package to help them troubleshoot and diagnose your issue. The diagnostic package is created in a zip file which is downloaded locally. From there you can send it to Technical Support. For more detailed instructions, see Create a diagnostic package.

You can produce a diagnostic package for a managed computer through the Deep Security Manager but if the computer is in agent-initiated activation (AIA) mode it cannot collect all of the required logs. So when Technical Support asks for a diagnostic package you need to run the command directly on the managed computer.

Windows

In PowerShell: & "\Program Files\Trend Micro\Deep Security Agent\dsa_control" –d

In the command prompt: C:\Windows\system32>"\Program Files\Trend Micro\Deep Security Agent\dsa_control" -d

Linux

/opt/ds_agent/dsa_control –d

Check that ds_agent processes / services are running

This command lists ds_agent processes that are currently running.

On Windows, you can use the Task Manager or procmon.

Linux

ps –ef|grep ds_agent

Check CPU Usage, Memory Usage

On Windows, you can use the Task Manager or procmon.

On Linux, you can enter the command:

top

Restart a Linux agent

These commands restart the ds-agent.

service ds_agent restart

or

/etc/init.d/ds_agent restart