Topics on this page
Warning: Anti-Malware Engine has only Basic Functions
When a new Linux kernel version is released, Trend Micro releases a new kernel support package for the agent. If a computer's kernel version is not currently supported, then the Anti-Malware engine can provide only basic protection. Normal protection will resume when the agent receives the update to support the new kernel version. To prevent this problem, verify that the new kernel version is supported before you upgrade it.
|Scan / Detection||Document exploit protection||✔|
|Predictive machine learning||(1)|
|Scan compressed file||✔|
|Connected threat defense||✔|
|Inclusion / Exclusion||Document exploit protection||✔|
|File extension exclusion||✔|
|Process image file exclusion (2)||✔|
(1) Predictive machine learning: Sometimes this might work if the agent can get the process image path, but it is not reliable and therefore not supported.
(2) Process image file exclusion: Changes to user-mode matching. Performance could be impacted.
(3) Container protection: The agent cannot protect runtime container workloads in this mode.
If the agent is providing only basic protection and you want to restore full functionality, then you must resolve the cause. Steps vary by reason ID:
- Reason ID 7: No driver is available for the particular kernel version causes a driver offline error. To resolve this: Check if latest Kernel Support Package (KSP) is released for that particular kernel. File a case to request KSP support.
- Reason ID 11: The Trend Micro public key--on the system when SecureBoot is enabled--is missing, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
- Reason ID 12: The Trend Micro public key--on the system when SecureBoot is enabled--is expired, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
- Other reason IDs: Create a diagnostic package and contact support.
The reason ID is included in events forwarded to an external Syslog, SIEM server, or to Amazon SNS. It is also displayed in the event description for the agent (either Anti-Malware Engine Offline or Anti-Malware Engine with Basic Functions).
|Reason ID||Event reason||Description|
|1||Unknown reason||The malware scan failed for an unknown reason.|
|2||Incomplete Anti-Malware installation||Incomplete installation of the Anti-Malware service. This causes a driver offline error.|
|3||Failed process communication between DSA and AM service||The process communication between the agent and Anti-Malware service failed. This causes a driver offline error.|
|4||Timeout of restart||The Anti-Malware service (AMSP) restart timed out. (That is, the code signature verification process has hung.)|
|5||Stopped Anti-Malware service||The Anti-Malware service has stopped unexpectedly. This causes a driver offline error.|
|6||Failed sign check||Windows file (binaries/DLL) code signature verification failed unexpectedly.|
|7||Unavailable kernel version||No driver is available for the Linux kernel version. This causes a driver offline error.|
|8||Failed driver loading||Loading the driver (tmhook/bmhook) into the kernel failed. This causes a driver offline error.|
|9||Failed driver unloading||
Unloading a driver from the kernel failed. This causes a driver offline error.
Currently, this scenario does not occur, so the agent never reports this code in DsspState on Linux.
|10||Failed driver device opening||Opening a driver device file failed. This causes a driver offline error.|
|11||Missing machine owner key Trend Micro public key||The Trend Micro public key is missing in the SecureBoot machine owner key (MOK) list on the computer. As a result, the driver signature cannot be verified, and the computer will not load the driver. This causes a driver offline error.|
|12||Expired machine owner key Trend Micro public key||The Trend Micro public key is expired in the SecureBook MOK list on the computer. As a result, the driver signature cannot be verified, and the computer will not load the driver. This causes a driver offline error.|
|13||Signed with unauthorized public key||The driver was signed with an unknown/unsupported public key.|