Actions

Activation

A newly installed Vulnerability ProtectionDeep Security Agent/Appliance needs to be "activated" by the Vulnerability ProtectionDeep Security Manager before Policies, Rules, requests for Event logs, etc. can be sent to it. The activation procedure includes the exchange of SSL keys which uniquely identify a Manager (or one of its nodes) and an Agent/Appliance to each other. Once activated by a Vulnerability ProtectionDeep Security Manager, an Agent/Appliance will only accept instructions or communicate with the Vulnerability ProtectionDeep Security Manager which activated it (or one of its nodes).

An unactivated Agent/Appliance can be activated by any Vulnerability ProtectionDeep Security Manager.

Agents/Appliances can only be deactivated locally on the computer or from the Vulnerability ProtectionDeep Security Manager which activated it. If an Agent/Appliance is already activated, the button in this area will read Reactivate rather than Activate. Reactivation has the same effect as Activation. A reactivation will reset the Agent/Appliance to the state it was in after first being installed and initiate the exchange of a new set of SSL keys.

Policy

When you change the configuration of an Agent/Appliance on a computer using the Vulnerability ProtectionDeep Security Manager (Apply a new Intrusion Prevention Rule, change logging settings, etc.) the Vulnerability ProtectionDeep Security Manager has to send the new information to the Agent/Appliance. This is a "Send Policy" instruction. Policy updates usually happen immediately but you can force an update by clicking the Send Policy button.

Software

This displays the version of the Agent/Appliance currently running on the computer. If a newer version of the Agent/Appliance is available for the computer's platform you can click the Upgrade Agent... or Upgrade Appliance... button to remotely upgrade the Agent or Appliance from the Vulnerability ProtectionDeep Security Manager. You can configure the Vulnerability ProtectionDeep Security Manager to trigger an Alert if new versions of the Agent/Appliance software running on any of your computers by going to the Administration > System Settings > Updates tab.

Agent Self-Protection must be disabled on computers that you want to upgrade. To configure Agent Self-Protection, go to the Computer tab on the Policy/Computer Editor > Settings page. Agent Self-Protection is a Windows-only feature.

Versions 9.5 and later of the Windows and Linux Agents can be be configured to act as Deep Security Relays. Relays distribute Security and Software Updates throughout your network. Click Enable Relay to enable this functionality on the Agent. Once an Agent has Relay functionality enabled, it will retrieve the latest Security and Software Updates and distribute them according to your existing Updates settings. For more information about Relays, see Relay Groups.

Versions 2.0 SP1 and later of the Agents can be configured to act as Vulnerability Protection Relays. Relays distribute Security and Software Updates throughout your network. Click Enable Relay to enable this functionality on the Agent. Once an Agent has Relay functionality enabled, it will retrieve the latest Security and Software Updates and distribute them according to your exisitng Updates settings. For more information about Relays, see Relay Groups.

Support

The Create Diagnostic Package... button creates a snapshot of the state of the Agent/Appliance on the computer. Your support provider may request this for troubleshooting purposes.

If you have lost communication with the Computer, a diagnostics package can be created locally.

To create a diagnostics package locally on a Windows computer:

From a command line, type:
C:\Program Files\Trend Micro\Vulnerability ProtectionDeep Security Agent> dsa_control -d
and press Enter.
A numbered zip file (for example, "341234567.zip") containing the diagnostics information will be created in c:\ProgramData\TrendMicro\Deep Security Agent\diag.

To create a diagnostics package locally on a Linux computer:

From a command line, type:
$ /opt/ds_agent/dsa_control -d
and press Enter.
A numbered zip file (for example, "341234567.zip") containing the diagnostics information will be created in the same directory.

To create a diagnostics package locally on a Deep Security Virtual Appliance computer:

1.From a command line, type:
$ sudo /opt/ds_agent/dsa_control -d
and press Enter.
A numbered zip file (for example, "341234567.zip") containing the diagnostics information will be created in the same directory.

TPM (ESXi hypervisors only)

A Trusted Platform Module (TPM) is a type of chip that is used for hardware authentication. VMware uses the TPM with its ESXi hypervisors. During the boot sequence, an ESXi writes a SHA-1 hash of each hypervisor component to a set of registers as it loads. An unexpected change in these values from one boot sequence to the next can indicate a possible security issue worth investigating. Deep Security can monitor the TPM on an ESXi after every boot and raise an Alert if it detects any changes. If you select the option to enable TPM monitoring on an ESXi which doesn't support it, the option will be automatically disabled.

The Deep Security Integrity Monitoring module is a requirement for TPM.

The minimum requirements for TPM monitoring are:

Deep Security Manager 9+
vCenter 5.1+
ESXi 5.1+
TPM/TXT installed and enabled on the ESXi (consult your VMware documentation for details)
the Deep Security Integrity Monitoring Module must be On for this ESXi.