Disable agent self protection
Agent self protection prevents local users from interfering with agent functions. However, to update or uninstall Deep Security Agent or a relay on Windows, or to Create a diagnostic package from the command line, you must first disable agent self protection.
Follow the steps below to disable agent self protection by using:
- In the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General.
- Go to the Agent Self Protection section. In the drop-down menu, next to Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent, select No.
- Log in to the Windows local computer and open the Command Prompt as Administrator.
- Navigate to the installation folder
..\Deep Security Agent. The default agent install directory is
C:\Program Files\Trend Micro\Deep Security\Agent.
- Enter the following command:
- dsa_control —s=0
If the Deep Security Agent installation is password-protected, enter the following command instead:
- dsa_control –s=0 –p "password_in_clear_test"
In Deep Security 9.0 and earlier, this option was
dsa_control --harden=0 --passwd=<password>.