Table of contents

Activate and protect agents using agent-initiated activation and communication

When you enable agent-initiated activation (AIA), instead of Workload Security contacting the agents directly, the agents initiate communication with Workload Security and establish an encrypted TCP connection over the Workload Security heartbeat port (443).

Enabling AIA can prevent communication issues between Workload Security and agents, as well as simplify agent deployment when used with deployment scripts. Trend Micro recommends that you use AIA if the following applies:

  • Your network environment prevents Workload Security from initiating connections to agents.
  • You need to deploy many agents at once.
  • You are protecting computers in cloud accounts.

Workload Security has agent-initiated communication enabled by default.

Enable agent-initiated activation

Perform the following:

  1. Create or modify a policy with agent-initiated communication enabled.
  2. Enable agent-initiated activation.
  3. Assign the policy to agents.
  4. Use a deployment script to activate the agents.

Create or modify policies with agent-initiated communication enabled

For your agents to continue initiating communication with Workload Security after activation, enable agent-initiated communication on any policies the agents will use. You can do this by either modifying an existing policy or by creating a new one.

You can create a new policy from an existing policy by right-clicking it and selecting Duplicate:

  1. On the Policies page, double-click the policy.
  2. Go to Settings > General.
  3. Under Communication Direction, select Agent/Appliance Initiated.
  4. Click Save.

Enable agent-initiated activation

  1. Go to Administration > System Settings > Agents.
  2. Select Allow Agent-Initiated Activation.
  3. Select Allow Agent to specify hostname.
  4. From the If a computer exists list, select Re-activate the existing computer.
  5. Click Save.

For a full description of each AIA setting, see Agent-initiated activation

Assign the policy to agents

You can either assign the policy to the agents during the deployment script configuration, or by using an event-based task after the deployment script has been run.

If all the agents need to use the same policy, you can assign the policy in the deployment script as part of the next step. If groups of agents need to use different policies, create an event-based task to assign the policies before proceeding with the next step.

Use a deployment script to activate the agents

See Generate a deployment to learn how to use a deployment script to activate the agents. If you are assigning a policy during deployment script configuration, you have to select it from the Security Policy list.