Configure agent version control | Trend Micro Service Central

Agent version control is a feature that gives you and your security operations team control over the specific versions of the agent that will be deployed when:

using deployment scripts
upgrading the agent through an upgrade alert, button, check box or other widget in the Server & Workload Protection console (the exceptions are listed in the FAQ)
upgrading the agent through the agent upgrade on activation feature

This allows security operations teams the ability to declare exactly what agents will be used at any given time.

As new agents are released by Trend Micro, your security operations team can test them in controlled environments before changing the version control settings to expose the new agents to downstream applications teams in their production environment.

Set up agent version control

Go to the Server & Workload Protection console.
Click Administration at the top.
On the left, expand Updates → Software → Agent Version Control. All the agent platforms appear in the main pane.
(Optional) Use the Show/Hide Platforms section on the right to restrict the agent platforms that are visible.
Make your agent version selections and click Save. Follow this guidance:

Note

Only agent versions 9.0 or later are displayed. For Solaris specifically, only versions 11.0 or later are displayed. If you want to deploy earlier agents, you'll have to use the agentVersion= setting available in the deployment scripts. For details, see Use deployment scripts to add and protect computers.

Column	Description
PLATFORM	This column lists the platforms for which agent software is available.
VERSION CONTROL	This column is where you select which version of the agent will be used by deployment scripts and so on. It has the following options: Latest: Indicates to use the latest agent software build , either long-term support (LTS) or feature release (FR). The logic to determine the latest agent is based on the agent version number:the highest version is used. For example, an agent with version 12.0.0.460 is higher than the version 12 General Availability (GA) agent. However, the version 12 feature release agents with version 12.5.0.350 are considered later than an LTS agent with version 12.0.0.460. In summary, choose Latest if you want the latest LTS or FR agent for the platform Latest LTS: (default) Indicates to use the latest long-term support (LTS) software build . Latest LTS can be the original LTS release, or can be an update to the original LTS release. Any FRs are ignored. LTS build versions always have ‘0’ as the minor version number. <agent_version> for example, 11.0.0.760 : Indicates to use a specific agent version. Other agents are ignored.
RESULTING AGENT	This column shows the agent that will be deployed based on your selection under VERSIONCONTROL. If the column shows an N/A (Removed from inventory) message, it's because Trend Micro deemed the agent unsuitable for deployment and removed it.

Use agent version control with URL requests

Agent version control provides the ability to control what agents are returned when any URL request is made to Server & Workload Protection to download the agent. For details, see Using agent version control to define which agent version is returned.

Agent version control FAQs

Do I need to update my deployment scripts to use this feature?

Yes. To update your deployment scripts:

In the Server & Workload Protection console, go to Support → Deployment Scripts and generate new deployment scripts. For instructions, see Use deployment scripts to add and protect computers.
Re-distribute and re-run the new scripts as necessary.

The latest deployment scripts pass additional information to Server & Workload Protection (for example, platform information) that is required for the version control feature to work properly.

What happens if I don't update existing deployment scripts?

If you have existing deployment scripts that you generated prior to the availability of the agent version control feature, and you do not take any action to update them, they will default to Latest LTS. This default will be used for any older deployment scripts regardless of how you have set your agent version control settings. Replace the older deployment scripts with new deployment scripts to leverage the settings you define in the agent version control settings.

Deployment scripts that are generated after the availability of the agent version control feature will use your agent version control settings.

What features are out of scope (exceptions)?

By design, the features listed below are out of scope for the agent version control feature. These features are typically accessed by the Server & Workload Protection administrator directly, in many cases to test a specific agent version in a development or staging environment prior to deploying the agent version into production.

We have left full access to all agent versions accessible in these specific scenarios:

the Computer details page > Upgrade Agent button
the Computers → Actions → Upgrade Agent Software pageSelecting either of the above options launches a wizard with a drop-down list that always defaults to 'Use latest version for platform' regardless of your version control settings. For details, see Upgrade the agent from the Computers page.
agent upgrades that are not initiated directly from Server & Workload Protection. For example, if you export an agent package, transfer it to the server, and initiate the upgrade from the command line, the agent version control settings will not be involved in this upgrade.