Disable agent self protection

The agent self protection feature is only available for agents on Windows. It is not available on Linux.

Agent self protection prevents local users from interfering with agent functions. However, to update or uninstall Deep Security Agent or a relay on Windows, or to Create a diagnostic package from the command line, you must first disable agent self protection.

Follow the steps below to disable agent self protection by using:

Deep Security Manager

  1. In the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General.
  2. Go to the Agent Self Protection section. In the drop-down menu, next to Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, select No.

Command line

  1. Log in to the Windows local computer and open the Command Prompt as Administrator.
  2. Navigate to the installation folder ..\Deep Security Agent. The default agent install directory is C:\Program Files\Trend Micro\Deep Security\Agent.
  3. Enter the following command:
    • dsa_control —s=0
  4. If the Deep Security Agent installation is password-protected, enter the following command instead:

    • dsa_control –s=0 –p "password_in_clear_test"

    In Deep Security 9.0 and earlier, this option was dsa_control --harden=0 --passwd=<password>.

  5. Continue updating or uninstalling a Deep Security Agent or Relay, or creating a diagnostic package.