Enable or disable agent self-protection
To update or uninstall Deep Security Agent or Relay, or to create a diagnostic package for support (see Create a diagnostic package and logs), you must temporarily disable agent self-protection.
Agent self-protection prevents local users from tampering with the agent. When enabled, if a user tries to tamper with the agent, the GUI will display a message such as "Removal or modification of this application is prohibited by its security settings".
You can configure agent self-protection using either the GUI for Deep Security Manager, or the command line on the agent's computer.
Via Deep Security Manager
- Open the Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). where you want to enable agent self-protection.
- Click Settings > General.
- In the Agent Self-Protection section, for Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, select Yes.
- To password-protect agent self protection, for Local override requires password, select Yes and type the password.
- Click Save.
- To disable the setting, select No. Click Save.
Via command line
- Log in to the Windows computer locally.
- Open the Command Prompt (cmd.exe) as Administrator.
Change the current directory to the Deep Security Agent installation folder. (The default install folder is shown below.)
cd C:\Program Files\Trend Micro\Deep Security\Agent
Enter this command:
dsa_control --selfprotect=1 --passwd=<password>
where <password> is a password that will be required in order to override this setting. (See Command-line basics.) The password is optional, but strongly recommended.Store this password in a safe location. If you lose or forget the password you will have to contact your support provider for assistance in overriding this protection.
To disable the setting, enter this command:
dsa_control -s=0 -p "<password>"