Table of contents
Topics on this page

Error: Anti-Malware Engine Offline

This error can occur for a variety of reasons.

For some cases with Linux agents, the Anti-Malware engine can remain partially functional and show a Warning rather than an Error. That scenario is discussed in Warning: Anti-Malware Engine has only Essential functions.

For an overview of the Anti-Malware module, see Protect against malware.

  1. In the Workload Security console, check for other errors on the same machine. If errors exist, there could be other issues that are causing your Anti-Malware engine to be offline, such as communications or agent installation failure.
  2. Check communications from the agent to the Workload Security Relay and Workload Security.
  3. In the Workload Security console, view the details for the agent with the issue. Verify that the policy or setting for Anti-Malware is turned on, and that the configuration for each scan (real-time, manual, scheduled) is in place and active. See Enable and configure Anti-Malware.
  4. Deactivate and uninstall the agent before reinstalling and reactivating it. See Uninstall the Workload Security Agent and Activate the agent for more information.
  5. In the Workload Security console, go to the Updates section for that computer. Verify that the Security Updates are present and current. If not, click Download Security Updates to initiate an update.
  6. Check if there are conflicts with another anti-virus product, such as OfficeScan. If conflicts exist, uninstall the other product and Workload Security Agent, reboot, and reinstall the Workload Security Agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan (OSCE).

Agent on Windows

  1. Make sure the following services are running:
    • Trend Micro Workload Security Agent
    • Trend Micro Solution Platform
  2. Check that all the Anti-Malware related drivers are running properly by executing the following commands:

    For all versions of Workload Security Agent:

    • # sc query AMSP

    For Workload Security Agent 12.5 or earlier, also check:

    • # sc query tmcomm
    • # sc query tmactmon
    • # sc query tmevtmgr

If a driver is not running, restart the Trend Micro services. If it is still not running, continue with steps 3, 4, and 5.

  1. Verify the installation method. Only install the MSI, not the zip file.
  2. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Workload Security Agent, Relay, and Notifier from Windows
  3. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see "Anti-Malware Driver offline" status occurs due to Comodo certificate issue.

Agent on Linux

  1. To check that the agent is running, enter the following command in the command line:
    • service ds_agent status
  2. If you are using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).

Reminder: If the Anti-Malware engine is showing a warning rather than an error for a Linux agent, see Warning: Anti-Malware Engine has only Essential functions.