Views:
For an overview of the Anti-Malware module, see Protect against malware.
Note
Note
In some Linux agents, the Anti-Malware engine can remain partially functional and displays a Warning rather than an Error. For more information, see Warning: Anti-Malware Engine has only Essential functions.
The Anti-Malware Engine Offline error can occur for a variety of reasons. You may resolve this error as follows:
  1. In the Server & Workload Protection Manager, check for other errors on the same computer. The presence of additional errors could indicate issues such as communication or installation failures causing the Anti-Malware engine to be offline.
  2. Check communications from the agent to the Server & Workload Protection Relay and Server & Workload Protection.
  3. In the Server & Workload Protection Manager, view the details for the agent with the issue. Verify that Anti-Malware is enabled in the policy or computer settings, and that each scan type is configured and active. For more information, see Enable and configure Anti-Malware.
  4. Uninstall and redeploy the agent. See Uninstall the Server & Workload Protection Agent and Activate the agent.
  5. Verify that the computer is receiving component updates:
    1. Go to Computers and locate the affected computer.
    2. Ensure that the subject endpoints are managed and online.
    3. Go to Updates and verify the component updates are present and current.
    4. If not, click Actions Download Component Update to manually initiate an update.
  6. Check if there are conflicts with another endpoint security product, such as Trend Micro Apex One. If conflicts exist, uninstall the other product and the agent, then reboot and reinstall the agent. To remove Trend Micro Apex One, see Uninstalling Apex One clients/agents.
  7. For Windows agents, verify that the services and drivers are running properly:
    1. Ensure that the following services are running:
      • ds_agent (Agent service)
      • ds_notifier (Agent notifier service)
      • Amsp (Anti-Malware service)
    2. Check that all the Anti-Malware-related drivers are running properly by executing the following commands:
      • # sc query tmeyes
      • # sc query amsp
      If a driver is not running, restart the Trend Micro services. If the driver is still not running, continue with the following steps:
    3. Verify the installation method. Only install the MSI, not the ZIP file.
    4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Deep Security Agent, Relay, and Notifier from Windows.
    5. The installed certificates could be the cause of the issue. To resolve the issue, see Updating the VeriSign, DigiCert, USERTrust RSA certificate on Deep Security and Cloud One - Workload Security.
  8. For Linux agents, verify that the agent is running and the installed kernel is supported:
    1. To check that the agent is running, enter the following command in the command line:
      • service ds_agent status
    2. If you are using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).
    If the Anti-Malware engine is showing a Warning rather than an Error for a Linux agent, see Warning: Anti-Malware Engine has only Essential functions.