Table of contents

Error: Anti-Malware Engine Offline

This error can occur for a variety of reasons. To resolve the issue, follow the instructions below.

For some cases with Linux agents, the Anti-Malware engine can remain partially functional and will show a Warning rather than an Error. That scenario is discussed in Warning: Anti-Malware Engine has only Essential functions.

For an overview of the Anti-Malware module, see Protect against malware.

  1. In the Workload Security console, check for other errors on the same machine. If errors exist, there could be other issues that are causing your Anti-Malware engine to be offline, such as communications or agent installation failure.
  2. Check communications from the agent to the Workload Security Relay and Workload Security.
  3. In the Workload Security console, view the details for the agent with the issue. Verify that the policy or setting for Anti-Malware is turned on, and that the configuration for each scan (real-time, manual, scheduled) is in place and active. (See Enable and configure Anti-Malware.)
  4. Deactivate and uninstall the agent before reinstalling and re-activating it. See Uninstall the Workload Security Agent and Activate the agent for more information.
  5. In the Workload Security console, go to the Updates section for that computer. Verify that the Security Updates are present and current. If not, click Download Security Updates to initiate an update.
  6. Check if there are conflicts with another anti-virus product, such as OfficeScan. If conflicts exist, uninstall the other product and Workload Security Agent, reboot, and reinstall the Workload Security Agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan (OSCE).

If your agent is on Windows

  1. Make sure the following services are running:
    • Trend Micro Workload Security Agent
    • Trend Micro Solution Platform
  2. Check that all the Anti-Malware related drivers are running properly by running the following commands:

    For all versions of Workload Security Agent:

    • # sc query AMSP

    For Workload Security Agent 12.5 or earlier, also check:

    • # sc query tmcomm
    • # sc query tmactmon
    • # sc query tmevtmgr

    If a driver is not running, restart the Trend Micro services. If it is still not running, continue with the following steps below.

  3. Verify the installation method. Only install the MSI, not the zip file.

  4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Workload Security Agent, Relay, and Notifier from Windows
  5. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see "Anti-Malware Driver offline" status occurs due to Comodo certificate issue.

If your agent is on Linux

  1. To check that the agent is running, enter the following command in the command line:
    • service ds_agent status
  2. If you're using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).

Reminder: If the Anti-Malware engine is showing a warning rather than an error for a Linux agent, see Warning: Anti-Malware Engine has only Essential functions.