Table of contents

Uninstall the agent

When you manually uninstall an activated Deep Security Agent from a computer, the computer does not notify Workload Security that the software has been uninstalled. On the Computers page in the Workload Security console, the computer's status will still be displayed as Managed (Offline) or similar, depending on the context. To avoid this, in Workload Security, either deactivate the agent before you uninstall it or delete the computer from the list after the installation.

Uninstall an agent on Windows

Before updating or uninstalling an agent or relay on Windows, you must disable agent self-protection. To do this, in the Workload Security console, go to Computer editor > Settings > General. In Agent Self Protection, either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.

Uninstall the agent as follows:

  1. Deactivate the agent using the Workload Security console by going to the Computers page, right-clicking the computer and selecting Actions > Deactivate.

    If you cannot deactivate the agent because Workload Security is unable to communicate with the agent, execute the following command before continuing to the next step:

    C:\Program Files\Trend Micro\Deep Security Agent>dsa_control --selfprotect 0
  2. Go to Control Panel and select Uninstall a program. Look for the Trend Micro Deep Security Agent and select Uninstall.

Alternatively, you can uninstall from the command line, as follows:

msiexec /x <package_name_including_extension>

For a silent uninstall, add /quiet to the preceding command.

Uninstall an agent on Linux

Before uninstalling an agent on Linux, check whether or not agent self-protection is enabled. If it is enabled, you need to disable it on the policy or computer level. For more information, see Enable or disable agent self-protection.

If your version of Linux provides a graphical package management tool, you can search for the ds_agent package and use the tool remove the package. Otherwise, use the command line instructions.

To completely remove the agent and any configuration files it created on a platform that uses the Red Hat package manager (RPM), such as CentOS, Amazon Linux, Oracle Linux, SUSE, or Cloud Linux, enter the following command:

# sudo rpm -ev ds_agent
Stopping ds_agent: [ OK ]
Unloading dsa_filter module [ OK ]

If iptables was enabled prior to installing the agent, it will be re-enabled when the agent is uninstalled.

If the platform uses Debian package manager (dpkg), such as Debian and Ubuntu, enter the following command:

$ sudo dpkg -r ds-agent
Removing ds-agent...
Stopping ds_agent: .[OK]

Uninstall an agent on Solaris 10

Enter the following command:

pkgrm ds-agent

Uninstall may require a reboot.

Uninstall an agent on Solaris 11

Enter the following command:

pkg uninstall ds-agent

Uninstall may require a reboot.

Uninstall an agent on AIX

Enter the following command:

installp -u ds_agent

Uninstall an agent on macOS

Before uninstalling the agent, you need to disable self-protection, as follows:

  1. From the terminal, enter the following command:
cd "/Library/Application Support/com.trendmicro.DSAgent"
  1. Enter the following command:
sudo ./dsa_control -s 0

Self-protection is now disabled.

For information on how to disable self-protection from Workload Security, see Configure self-protection through the Workload Security console.

Use the built-in DSAUninstaller tool to uninstall the agent, as follows:

sudo /opt/dsa/DSAUninstaller --all

A message "Uninstallation is complete” indicates successful uninstallation.

Uninstall an agent on Red Hat OpenShift

Enter the following command:

helm uninstall ds-agent

Uninstall the notifier

From the Windows Control Panel, select Add/Remove Programs, double-click Trend Micro Deep Security Notifier, and click Remove.

To uninstall from the command line, execute the following:

msiexec /x <package_name_including_extension>

For a silent uninstall, add /quiet to the preceding command.