Error: Anti-Malware Engine Offline

This error can occur for a variety of reasons. To resolve the issue, follow the instructions below.

For an overview of the Anti-Malware module, see Protect against malware.

  1. In the Workload Security console, check for other errors on the same machine. If errors exist, there could be other issues that are causing your Anti-Malware engine to be offline, such as communications or Deep Security Agent installation failure.
  2. Check communications from the agent to the Deep Security Relay and Workload Security.
  3. In the Workload Security console, view the details for the agent with the issue. Verify that the policy or setting for Anti-Malware is turned on, and that the configuration for each scan (real-time, manual, scheduled) is in place and active. (See Enable and configure Anti-Malware.)
  4. Deactivate and uninstall the agent before reinstalling and re-activating it. See Uninstall the Deep Security Agent and Activate the agent for more information.
  5. In the Workload Security console, go to the Updates section for that computer. Verify that the Security Updates are present and current. If not, click Download Security Updates to initiate an update.
  6. Check if there are conflicts with another anti-virus product, such as OfficeScan. If conflicts exist, uninstall the other product and Deep Security Agent, reboot, and reinstall the Deep Security Agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan (OSCE).

If your agent is on Windows

  1. Make sure the following services are running:
    • Trend Micro Deep Security Agent
    • Trend Micro Solution Platform
  2. Check that all the Anti-Malware related drivers are running properly by running the following commands:

    For all versions of Deep Security Agent:

    • # sc query AMSP

    For Deep Security Agent 12.5 or earlier, also check:

    • # sc query tmcomm
    • # sc query tmactmon
    • # sc query tmevtmgr

    If a driver is not running, restart the Trend Micro services. If it is still not running, continue with the following steps below.

  3. Verify the installation method. Only install the MSI, not the zip file.

  4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Deep Security Agent, Relay, and Notifier from Windows
  5. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see "Anti-Malware Driver offline" status occurs due to Comodo certificate issue.

If your agent is on Linux

  1. To check that the agent is running, enter the following command in the command line:
    • service ds_agent status
  2. If you're using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).

If the problem is still unresolved after following these instructions, create a diagnostic package and contact support. For more information, see Create a diagnostic package.