When new kernel versions are released, Trend Micro creates and releases kernel support
packages for them. If your kernel version is not supported by the Linux agent, the
Linux Anti-Malware Engine provides only basic protection to your computers. The Anti-Malware
engine will return back to normal status from the basic function mode when your kernel
version is supported.
Basic functions
Category
|
Feature name
|
Supported
|
Scan / Detection
|
Document exploit protection
|
✔
|
Predictive machine learning
|
(1) | |
Behavior monitoring
|
|
|
Spyware/Grayware
|
✔
|
|
IntelliTrap
|
✔
|
|
Scan compressed file
|
✔
|
|
Smart scan
|
✔
|
|
Connected threat defense
|
✔
|
|
Inclusion / Exclusion
|
Document exploit protection
|
✔
|
Directories inclusion
|
✔
|
|
File inclusion
|
✔
|
|
Directories exclusion
|
✔
|
|
File exclusion
|
✔
|
|
File extension exclusion
|
✔
|
|
Process image file exclusion (2)
|
Process image file exclusion (2)
|
✔
|
Quarantine
|
Quarantine file
|
✔
|
Restore file
|
✔
|
|
Container
|
Container protection
|
(1) Predictive machine learning: Even though this may occasionally work (if
Trend Micro can get the process image path), it is not reliable and therefore not
supported.
(2) Process image file exclusion: This is moved to user-mode match. This
mode may have performance impact.
(3) Container protection: Trend Micro cannot protect runtime container
workloads in this mode.
Reason IDs
In a case where partial functionality is in operation, to ensure that the Linux agent
returns to full functionality, it is necessary to take other steps that depend on
the reason ID. The reason ID is included in events forwarded to an external Syslog,
SIEM server, or to Amazon SNS. It is also displayed in event description for Linux
agent (either Anti-Malware Engine Offline or Anti-Malware Engine with Basic Functions).
-
Reason ID 7: No driver is available for the particular kernel version causes a driver offline error. To resolve this: Check if latest Kernel Support Package (KSP) is released for that particular kernel. File a case to request KSP support.
-
Reason ID 11: The Trend Micro public key--on the system when SecureBoot is enabled--is missing, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
-
Reason ID 12: The Trend Micro public key--on the system when SecureBoot is enabled--is expired, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
-
For all other reason IDs: Create a diagnostic package and contact support.
Reason ID
|
Event reason
|
Description
|
||
1
|
Unknown reason
|
The malware scan failed for an unknown reason.
|
||
2
|
Incomplete Anti-Malware installation
|
Incomplete installation of the Anti-Malware service has caused a driver offline error.
|
||
3
|
Failed process communication between DSA and AM service
|
The process communication between the Deep Security Agent and Anti-Malware service
failed and had caused a driver offline error.
|
||
4
|
Timeout of restart
|
Windows Anti-Malware service (AMSP) restarted timeout (that is, the sign check process
has hung).
|
||
5
|
Stopped Anti-Malware service
|
The Anti-Malware service has stopped unexpectedly and has caused a driver offline
error.
|
||
6
|
Failed sign check
|
A Windows files (binaries or DLL) sign check failed unexpectedly.
|
||
7
|
Unavailable kernel version
|
No driver is available for the particular kernel version and has caused a driver offline
error.
|
||
8
|
Failed driver loading
|
Load driver via tmhook or bmhook into kernel has failed and has caused a driver offline
error.
|
||
9
|
Failed driver unloading
|
Unloading a driver from kernel failed and has caused a driver offline
error.
|
||
10
|
Failed driver device opening
|
Opening a driver device file failed and has caused a driver offline error.
|
||
11
|
Missing machine owner key Trend Micro public key
|
Missing machine owner key Trend Micro public key on the system when SecureBoot is
enabled results in a driver load failed and this has caused a driver offline error.
|
||
12
|
Expired machine owner key Trend Micro public key
|
The machine owner key Trend Micro public key on the system is expired when SecureBoot
is enabled results in a driver load failed and this has caused a driver offline error.
|
||
13
|
Signed with unauthorized public key
|
The driver was signed with an unknown or unsupported public key.
|
||
14
|
Configuration file disable driver
|
Agent is set to not load the driver by configuration INI file. This causes a driver
offline state.
|
||
15
|
Policy disable driver
|
Agent is set to not load the driver by the Deep Security policy. This causes a driver
offline state.
|