Warning: Anti-Malware Engine has only Basic Functions
When the Anti-Malware engine is offline for Linux agents, Trend Micro still provides protection to your computers. The Anti-Malware engine provides partial functionality by automatically switching to the Linux kernel native hook.
|Scan / Detection||Document exploit protection||✔|
|Predictive machine learning||(1)|
|Scan compressed file||✔|
|Connected threat defense||✔|
|Inclusion / Exclusion||Document exploit protection||✔|
|File extension exclusion||✔|
|Process image file exclusion (2)||✔|
In a case where partial functionality is in operation, to ensure that the Linux agent returns to full functionality, it is necessary to take other steps that depend on the reason ID. The reason ID is included in events forwarded to an external Syslog, SIEM server, or to Amazon SNS. It is also displayed in event description for Linux agent (either Anti-Malware Engine Offline or Anti-Malware Engine with Basic Functions).
- Reason ID 7: No driver is available for the particular kernel version causes a driver offline error. To resolve this: Check if latest Kernel Support Package (KSP) is released for that particular kernel. File a case to request KSP support.
- Reason ID 11: The Trend Micro public key--on the system when SecureBoot is enabled--is missing, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
- Reason ID 12: The Trend Micro public key--on the system when SecureBoot is enabled--is expired, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
- For all other reason IDs: Create a diagnostic package and contact support.
|Reason ID||Event reason||Description|
|1||Unknown reason||The malware scan failed for an unknown reason.|
|2||Incomplete Anti-Malware installation||Incomplete installation of the Anti-Malware service has caused a driver offline error.|
|3||Failed process communication between DSA and AM service||The process communication between the Deep Security Agent and Anti-Malware service failed and had caused a driver offline error.|
|4||Timeout of restart||Windows Anti-Malware service (AMSP) restarted timeout (that is, the sign check process has hung).|
|5||Stopped Anti-Malware service||The Anti-Malware service has stopped unexpectedly and has caused a driver offline error.|
|6||Failed sign check||A Windows files (binaries/DLL) sign check failed unexpectedly.|
|7||Unavailable kernel version||No driver is available for the particular kernel version and has caused a driver offline error.|
|8||Failed driver loading||Load driver (tmhook/bmhook) into kernel has failed and has caused a driver offline error.|
|9||Failed driver unloading||
Unloading a driver from kernel failed and has caused a driver offline error.
No such scenario is needed currently, therefore, Trend Micro never reports this code in DsspState on Linux platforms.
|10||Failed driver device opening||Opening a driver device file failed and has caused a driver offline error.|
|11||Missing machine owner key Trend Micro public key||Missing machine owner key Trend Micro public key on the system when SecureBoot is enabled results in a driver load failed and this has caused a driver offline error.|
|12||Expired machine owner key Trend Micro public key||The machine owner key Trend Micro public key on the system is expired when SecureBoot is enabled results in a driver load failed and this has caused a driver offline error.|
|13||Signed with unauthorized public key||The driver was signed with an unknown/unsupported public key.|