Topics on this page
Agent platform compatibility
Workload Security agents can be installed on the operating systems (OS) and containers shown below. If platform support was added in an update release, the minimum update version is noted next to the check mark in the table.
Workload Security supports the use of older agent versions, but we do encourage you to upgrade agents regularly. New agent releases provide additional security features and protection, higher quality, performance improvements, and updates to stay in sync with releases from each platform vendor. Each agent has an end-of-life date. For details, see Deep Security Agent LTS life cycle dates and Deep Security Agent FR life cycle dates.
The agent can be installed to protect various cloud, virtual, or physical environments, if the operating system and kernel are supported.
Not all agent features are available on all platforms. See Supported features by platform.
If you have agent version 20.0.0-1558 or earlier, and a firewall that filters incoming traffic, you may need to configure your firewall to allow agent activation.
| Operating System | Agent Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 20 LTS | 12 FR | 12 LTS | 11.3 | 11.2 | 11.1 | 11 LTS | 10 LTS | 9.6 | ||
| Windows 2000, Service Pack 3 or 4 (32-bit) (See Note 5) | ✔ U17 | |||||||||
| Windows XP (32- and 64-bit) (See Note 5) | ✔ | |||||||||
| Windows Server 2003 SP1 or SP2 (32- and 64-bit) (See Note 5) | ✔ | |||||||||
| Windows Server 2003 R2 SP2 (32- and 64-bit) (See Note 5) | ✔ | |||||||||
| Windows 7 (32- and 64-bit) (See Note 5) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows 7 Embedded (32-bit) (See Note 2, Note 5, Note 10) | ✔ | ✔ | ✔ | • | ||||||
| Windows Server 2008 (32- and 64-bit) (See Note 3, Note 5, Note 11) | ✔ •• | ✔ | ✔ | • | • | • | ✔ | |||
| Windows Server 2008 R2 (64-bit) (See Note 3, Note 5) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows 8 (32- and 64-bit) (See Note 10) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows 8.1 (32- and 64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows 8.1 Embedded (32-bit) (See Note 2) | ✔ | ✔ | ✔ | • | ||||||
| Windows 10 (32- and 64-bit) (See Note 1) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows 10 IoT Enterprise 2019 LTSC (32- and 64-bit) (See Note 2) | ✔ | ✔ | ✔ | |||||||
| Windows 10 IoT Enterprise 2021 LTSC (64-bit) (See Note 2) | ✔ | ✔ | ✔ | |||||||
| Windows 10 Enterprise multi-session (64-bit) | ✔ | |||||||||
| Windows 11 (64-bit) (See Note 8) | ✔ | |||||||||
| Windows Server 2012 (64-bit) (See Note 3) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows Server 2012 R2 (64-bit) (See Note 3) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows Server 2016 (LTSC, version 1607) (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows Server Core (SAC, version 1709) (64-bit) (See Note 1, Note 10) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Windows Server 2019 (LTSC, version 1809) (64-bit) | ✔ | ✔ | ✔ | • | ✔ U4 | |||||
| Windows Server 2022 (LTSC, version 21H2) (64-bit) | ✔ 2021-11-24 | |||||||||
| Red Hat Enterprise Linux 5 (32- and 64-bit) | ✔ | |||||||||
| Red Hat Enterprise Linux 6 (32- and 64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Red Hat Enterprise Linux 7 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Red Hat Enterprise Linux 8 (64-bit) | ✔ | ✔ | ✔ | ✔ U12 | ||||||
| Red Hat Enterprise Linux 8 (AWS ARM-Based Graviton 2) | ✔ 2022-03-01 | |||||||||
| Red Hat Enterprise Linux 9 (64-bit) | ✔ 2022-07-26 | |||||||||
| Red Hat OpenShift 4.9+ | ✔ 20.0.0-5137 | |||||||||
| Ubuntu 10.04 (64-bit) | ✔ | |||||||||
| Ubuntu 12.04 (64-bit) | ✔ | |||||||||
| Ubuntu 14.04 (64-bit) | ✔ | |||||||||
| Ubuntu 16.04 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Ubuntu 18.04 (64-bit) | ✔ | ✔ | ✔ | • | • | ✔ U2 | ||||
| Ubuntu 18.04 (AWS ARM-Based Graviton 2) | ✔ 2021-10-08 | |||||||||
| Ubuntu 20.04 (64-bit) | ✔ | ✔ | ✔ U10 | |||||||
| Ubuntu 20.04 (AWS ARM-Based Graviton 2) | ✔ 2021-10-28 | |||||||||
| Ubuntu 22.04 (64-bit) | ✔ 2022-07-04 | |||||||||
| Ubuntu 22.04 (AWS ARM-Based Graviton 2) | ✔ 2022-08-29 | |||||||||
| CentOS 5 (32- and 64-bit) | ✔ | |||||||||
| CentOS 6 (32- and 64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| CentOS 7 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| CentOS 8 (64-bit) | ✔ | ✔ | ✔U3 | ✔U17 | ||||||
| Rocky Linux 8 (64-bit) (See Note 7) | ✔ 2021-10-28 | |||||||||
| Rocky Linux 9 (64-bit) (See Note 9) | ✔ 2023-01-31 | |||||||||
| Debian 6 (64-bit) | ✔ | |||||||||
| Debian 7 (64-bit) | ✔ | • | • | • | ✔ | |||||
| Debian 8 (64-bit) (See Note 11) | ✔ •• | ✔ | ✔ | • | • | • | ✔ | |||
| Debian 9 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Debian 10 (64-bit) | ✔ | ✔ | ✔ U1 | ✔ U14 | ||||||
| Debian 11 (64-bit) | ✔ 2022-03-01 | |||||||||
| Amazon Linux (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Amazon Linux 2 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Amazon Linux 2 (AWS ARM-Based Graviton 2) | ✔ 2021-01-18 | |||||||||
| Amazon Linux 2 (AWS ARM-Based Graviton 3) | ✔ 2022-07-26 | |||||||||
| Oracle Linux 5 (32- and 64-bit) | ✔ | |||||||||
| Oracle Linux 6 (32- and 64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Oracle Linux 7 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| Oracle Linux 8 (64-bit) | ✔ | ✔ | ✔ U2 | ✔ U14 | ||||||
| SUSE Linux Enterprise Server 10 (32- and 64-bit) | ✔ | |||||||||
| SUSE Linux Enterprise Server 11 (32- and 64-bit) | ✔ | • | • | • | ✔ | ✔ | ||||
| SUSE Linux Enterprise Server 12 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | ✔ | ||
| SUSE Linux Enterprise Server 15 (64-bit) | ✔ | ✔ | ✔ | ✔ U13 | ||||||
| CloudLinux 5 (32- and 64-bit) | ✔ | |||||||||
| CloudLinux 6 (32-bit) | ✔ | |||||||||
| CloudLinux 6 (64-bit) | ✔ U6 | |||||||||
| CloudLinux 7 (64-bit) | ✔ | ✔ | ✔ | • | • | • | ✔ | |||
| CloudLinux 8 (64-bit) | ✔ | ✔FR 2020-05-19 | ||||||||
| AlmaLinux 8 (64-bit) (See Note 6) | ✔ | |||||||||
| Solaris 10 Updates 4-6 (64-bit or SPARC) | ✔ | ✔ | ✔ U6 | |||||||
|
Solaris 10 Updates 7-10 (64-bit or SPARC) |
✔ | ✔ | ✔ U6 | |||||||
| Solaris 10 Update 11 (64-bit or SPARC) | ✔ | ✔ | ✔ U6 | |||||||
| Solaris 11.0 (1111)-11.1 (64-bit or SPARC) | ✔ | ✔ | ✔ U6 | |||||||
| Solaris 11.2-11.3 (64-bit or SPARC) | ✔ | ✔ | ✔ U6 | |||||||
| Solaris 11.4 (64-bit or SPARC) | ✔ | ✔ | ✔ U7 | |||||||
| AIX 6.1 TL 9 or later (See Note 4, Note 11)) |
✔ •• | ✔ U5 | ||||||||
| AIX 7.1 TL 3 or later AIX 7.2 TL 0 or later (See Note 4) |
✔ | ✔ U5 | ||||||||
| AIX 7.3 TL 0 or later(See Note 4) | ✔ 2022-08-29 | |||||||||
| macOS Catalina (10.15 or later) | ✔ 2022-07-11 | |||||||||
| macOS BigSur (11.0 or later) | ✔ 2022-07-11 | |||||||||
| macOS Monterey (12.0 or later) | ✔ 2022-07-11 | |||||||||
| macOS Ventura (13.0.1 or later) | ✔ 2022-11-22 | |||||||||
• Support for these releases is ending soon. Please upgrade to version 20 as soon as possible.
•• Standard support is ending soon for these platforms. For details, see Note 11.
If platform support was added in an update or FR release, the minimum update or FR version is noted next to the check mark in the table. Examples: Examples: ✔ 2021-01-18, ✔ U1, ✔FR 2020-05-04.
Note 1: Microsoft releases regular, semi-annual releases for Microsoft Windows 10 and Windows Server Core. For details about which specific releases are supported, see Deep Security Support for Windows 10 and Deep Security Support for Windows Server Core.
Note 2: All Trend Micro testing on Windows Embedded platforms is performed in a virtualized environment. Because these operating systems are typically run on custom hardware (for example, on point-of-sale terminals), customers must plan to thoroughly test on their target hardware platform prior to deployment in a production environment. In addition, before raising support cases, customers should attempt to reproduce problems in a virtualized environment because this is the environment the Trend Micro support team has available. If the issue is specific to deployments on custom hardware, Trend Micro may require the customer to provide us with remote access to a suitable environment before we can fully respond to support cases. Note that Windows 10 IoT was formerly named Windows 10 Embedded, and is therefore included in the list of Windows Embedded platforms.
Note 3: The agent is supported with both Full/Desktop Experience and Server Core installations of Windows Server 2012 and later. For Windows Server 2008 and 2008 R2, only Full installations are supported.
Note 4: The following AIX configurations are supported:
- AIX LPARs running on the PowerVM Hypervisor on Power Servers.
- AIX running as the bare metal OS on Power Servers.
Agent version 12.0 for AIX is supported on both Power8 and Power9 processor-based systems.
Note 5: Microsoft has changed their signing policy to use only SHA-2. For information on compatibility and required Microsoft security updates, see:
- Updated guidance for use of Trend Micro Deep Security to protect Windows 2003, Windows XP, and Windows 2000 based systems
- New versions of Trend Micro Deep Security Agents for Windows will only be signed with SHA-2 (also available in Japanese.)
Also, Windows XP is supported only with agent version 10.0 Update 25 or earlier and it will not be supported with future updates. Windows 2003 is supported with agent version 10.0 Update 25 or earlier. It is not supported with Updates 26, 27, and 28, but support will be reintroduced in agent version 10.0 Update 29. For more information, see Deep Security Agent version 10 update 26 cannot be used for installation or upgrade on Windows XP/2003.
For Windows 2008, the minimum supported version will be SP2; for Windows 2008 R2, the minimum supported version will be SP1.
Note 6: AlmaLinux 8 is currently supported using the Red Hat Enterprise Linux 8 agent version 20.0.0-3165+.
Note 7: Rocky Linux 8 is currently supported using Deep Security Agent version 20.0.0-3288+ for Red Hat Enterprise Linux 8.
Note 8: Microsoft releases regular, semi-annual releases for Microsoft Windows 11. For details about which specific releases are supported, see Trend Micro Cloud One - Workload Security and Deep Security Support for Windows 11.
Note 9: Rocky Linux 9 is currently supported using Deep Security Agent version 20.0.0-6313+ for Red Hat Enterprise Linux 9.
Note 10: Microsoft changed code signing requirements, but has not released a patch for this OS. Therefore the last supported update release for Deep Security 20 is in January 2023.
Note 11: In the second half of 2023, Deep Security Agent 20 for Windows Server 2008, AIX 6.1, and Debian 8 will reach end of standard support. For more information see https://success.trendmicro.com/dcx/s/solution/000292157.
Docker compatibility
You can use agent 10.0+ to protect Docker hosts and containers running on Linux distributions. Windows is not supported.
Each agent long-term support (LTS) release supports all Docker Enterprise Edition (EE) versions that have not reached end-of-life. (See Announcing Docker Enterprise Edition.) We do not officially support Docker Edge releases, but strive to test against Docker Edge releases to the best of our ability.
Support for new stable Docker releases is introduced with each release of the agent. We recommend that you refrain from upgrading to the latest stable release of Docker until Trend Micro documents the support statements for the latest agent release.
| Agent version | Docker | Docker CE | Docker EE | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| v1.12 | v1.13 | 17.03 | 17.09 | 17.12 | 18.03 | 18.06 | 18.09 | 19.03 | 20.10 | 17.06 | 18.03 | 18.06 | 18.09 | 19.03 | 20.10 | |
| 10 LTS | ✔ | ✔ | ||||||||||||||
| 11 LTS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||
| 11.1 | ✔ | ✔ | ✔ | ✔ | ||||||||||||
| 11.2 | ✔ | ✔ | ✔ | ✔ | ||||||||||||
| 11.3 | ✔ | ✔ | ✔ | ✔ | ||||||||||||
| 12 LTS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ||||||||
| 12 FR | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | |||||||||
| 20 LTS | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ||||||||
Agent support for Docker releases includes any sub-versions of those releases. For example, agent version 11.0 supports Docker 17.09-ce including its sub-versions: 17.09.0-ce and 17.09.1-ce.
Before deploying the agent into your target environment, you should ensure that Docker supports your target environment and platform configuration.
Systemd support
Some versions of the agent for Linux support systemd. See the table below for details.
| Operating System | Agent Version | |||
|---|---|---|---|---|
| 20 LTS | 12 FR | 12 LTS | 11 LTS | |
| AlmaLinux 8 (64-bit) | ✔ 2021-10-08 | |||
| Amazon Linux (64-bit) | ||||
| Amazon Linux 2 (64-bit) | ||||
| Amazon Linux 2 (AWS ARM-Based Graviton 2) | ✔ | |||
| Amazon Linux 2 (AWS ARM-Based Graviton 3) | ✔ | |||
| CloudLinux 6 (64-bit) | ||||
| CloudLinux 7 (64-bit) | ||||
| CloudLinux 8 (64-bit) | ✔ | ✔FR 2020-05-19 | ||
| Rocky Linux 8 (64-bit) | ✔ 2021-10-28 | |||
| Rocky Linux 9 (64-bit) | ✔ 2023-01-31 | |||
| Debian 8 (64-bit) | ||||
| Debian 9 (64-bit) | ||||
| Debian 10 (64-bit) | ✔ | ✔ | ✔U1 | ✔U14 |
| Debian 11 (64-bit) | ✔ 2022-03-01 | |||
| Oracle Linux 6 (32- and 64-bit) | ||||
| Oracle Linux 7 (64-bit) | ✔ | ✔ | ✔U1 | ✔U13 |
| Oracle Linux 8 (64-bit) | ✔ | ✔ | ✔U2 | ✔U14 |
| Red Hat Enterprise Linux 6 (32- and 64-bit) | ||||
| Red Hat Enterprise Linux 7 (64-bit) | ✔ | ✔ | ✔U1 | ✔U13 |
| Red Hat Enterprise Linux 8 (64-bit) | ✔ | ✔ | ✔ | ✔U12 |
| Red Hat Enterprise Linux 8 (AWS ARM-Based Graviton 2) | ✔ 2022-03-01 | |||
| Red Hat Enterprise Linux 9 (64-bit) | ✔ 2022-07-26 | |||
| SUSE Linux Enterprise Server 11 (32- and 64-bit) | ||||
| SUSE Linux Enterprise Server 12 (64-bit) | ||||
| SUSE Linux Enterprise Server 15 (64-bit) | ✔ | ✔ | ✔ | ✔U13 |
| Ubuntu 16.04 (64-bit) | ||||
| Ubuntu 18.04 (64-bit) | ✔ | ✔ | ||
| Ubuntu 18.04 (AWS ARM-Based Graviton 2) | ✔ 2021-10-08 | |||
| Ubuntu 20.04 (64-bit) | ✔ | |||
| Ubuntu 20.04 (AWS ARM-Based Graviton 2) | ✔ 2021-10-28 | |||
| Ubuntu 22.04 (64-bit) | ✔ 2022-07-04 | |||
| Ubuntu 22.04 (AWS ARM-Based Graviton 2) | ✔ 2022-08-29 | |||
If systemd support was added in an update or FR release, the minimum update or FR version is noted next to the check mark in the table. Examples: ✔ U1, ✔FR 2020-05-19.
SELinux support
Security-Enhanced Linux (SELinux) enforcing mode is supported on these OS and agent combinations, using the default SELinux policies:
| Operating System | Agent Version | ||
|---|---|---|---|
| 20 LTS | 12 FR | 12 LTS | |
| AlmaLinux 8 (64-bit) | ✔ | ||
| Amazon Linux (64-bit) | ✔ | ||
| Amazon Linux 2 (64-bit) | ✔ | ||
| Amazon Linux (AWS ARM-Based Graviton 2) | ✔ | ||
| Amazon Linux (AWS ARM-Based Graviton 3) | ✔ | ||
| CentOS 6 (64-bit) | ✔ | ||
| CentOS 7 (64-bit) | ✔ | ||
| CentOS 8 (64-bit) | ✔ | ||
| Oracle Linux 6 (32-bit) | ✔ | ||
| Oracle Linux 6 (64-bit) | ✔ | ||
| Oracle Linux 7 (64-bit) | ✔ | ||
| Oracle Linux 8 (64-bit) | ✔ | ||
| Red Hat Enterprise Linux 7 (64-bit) | ✔ | ✔ (FR 2020-05-19 or later) | ✔ (Update 9 or later) |
| Red Hat Enterprise Linux 8 (64-bit) | ✔ | ✔ (FR 2020-05-19 or later) | ✔ (Update 9 or later) |
| Rocky Linux 8 (64-bit) | ✔ | ||
| Rocky Linux 9 (64-bit) | ✔ | ||
Anti-malware software such as the agent must run in an unconfined domain in order to protect the system. Any additional SELinux policy customization or configuration may cause the agent to be blocked.
If any alerts occur, see Troubleshoot SELinux alerts.
Secure Boot support
Some versions of the agent support the Secure Boot feature. See the table below and Linux Secure Boot support for agents.
Secure Boot is not available for Azure VMs.
| Agent Version | ||||
|---|---|---|---|---|
| Operating System | 20 LTS | 12 FR | 12 LTS | 11 LTS |
| Red Hat Enterprise Linux 7 (64-bit) | ✔ | ✔ | ✔ | ✔ |
| Red Hat Enterprise Linux 8 (64-bit) | ✔ | ✔ | ||
| Red Hat Enterprise Linux 9 (64-bit) | ✔ | |||
| Debian 10 (64-bit) | ✔ | ✔ | ||
| Debian 11 (64-bit) | ✔ | |||
| CentOS 7 (64-bit) | ✔ | ✔ | ✔ | ✔ |
| CentOS 8 (64-bit) | ✔ | ✔ | ||
| SUSE Linux Enterprise Server 12 (64-bit) | ✔ | ✔ | ||
| SUSE Linux Enterprise Server 15 (64-bit) | ✔ | ✔ | ||
| Ubuntu 16.04 (64-bit) | ✔ | ✔ | ||
| Ubuntu 18.04 (64-bit) | ✔ | ✔ | ||
| Ubuntu 20.04 (64-bit) | ✔ | |||
| Oracle Linux 7 (64-bit) | ✔ 2021-10-08 | |||
| Oracle Linux 8 (64-bit) | ✔ 2021-10-28 | |||
| Rocky Linux 9 (64-bit) | ✔ 2023-01-31 | |||
Linux minor version support
Trend Micro releases agents for major Linux versions (like RHEL 8), as described in the Agent platform support table, above. Minor Linux versions (like RHEL 8.x) are also supported if they use a kernel that we support.
To determine whether a minor Linux version is supported:
-
Find the kernel version for the Linux release. Refer to OS provider's documentation, for example:
- Red Hat Enterprise Linux: https://access.redhat.com/articles/3078
- SUSE Linux Enterprise Server: https://www.suse.com/support/kb/doc/?id=000019587
- Ubuntu: https://wiki.ubuntu.com/Kernel/Support
- Oracle Linux: https://blogs.oracle.com/scoter/oracle-linux-and-unbreakable-enterprise-kernel-uek-releases
-
Check the Agent Linux kernel support list for the agent version that you plan to use.
- If the kernel is on the supported list, the agent supports that Linux version.
For example, if you're using Red Hat Enterprise Linux 8.2 and want to know whether it's supported with version 20 of the agent:
- Check the kernel version for Red Hat Enterprise Linux 8.2. According to the Red Hat article, it's 4.18.0-193.
- Look for that version in the list of supported kernels for Deep Security Agent 20.
- Version 4.18.0-193 is listed in the RHEL 8 table on that page, so Deep Security Agent 20 is supported with Red Hat Enterprise Linux 8.2.
Device Control support
Device Control is supported in Deep Security Agent 20.0.0-4959+ for Windows and 20.0.0-158+ for macOS.