Cause: Limited resources
-
Make sure that Deep Security Virtual Agent resource is reserved from settings.
-
Ensure that the deployment has met the requirements specified in the installation instructions.
Cause: Anti-malware
-
On Deep Security Manager, go to Computers.
-
Double-click the protected computer.
-
For Anti-Malware, select Off.
Cause: Network traffic
-
Add scan exclusions for locations that are known to reduce performance without improving security. For details, see Recommended scan exclusion list for Trend Micro Endpoint products.
![]() |
NoteThe thin driver exclusion is case-sensitive.
|
Cause: Policy
-
Change the policy setting for the virtual machine to None.
Cause: High CPU
-
Identify which Deep Security Virtual Agent has high CPU usage.
-
Go to the vCenter console, click each Deep Security Virtual Agent and select Performance to identify the machine with high CPU usage.
-
-
Run the hop tool to determine which process is consuming most of the CPU usage.
-
Identify the high CPU process memory consumption.
-
Execute the following to check the process memory status: #cat /proc/$PID/status(Replace $PID with your own PID.)
-
Verify that the vmsize is reasonable.
-
Export the content to a log file using this command:#cat /proc/$PID/status > /tmp/HighCPUProcessMemory.txt#sudo lsof -p $PID > /tmp/HighCPUProcessOpenedFile.t
-
-
Check if the Deep Security Virtual Agent has enough free memory.
-
Run the command cat /proc/meminfo to identify the Deep Security Virtual Agent system free memory.
-
Run the command cat /proc/meminfo > /tmp/DSVAMemory.txt to export the content to a log file.
-
Cause: Security Update
-
Check the connection between the relay and its update source or proxy server.
-
Verify if you need to use a proxy server or not.
-
Log into the Deep Security, go to Administration > System Settings > Proxy, and confirm that the configuration settings are correct.
-
-
Perform a ping test between the agent and the relay-enabled agent.
-
Make sure that the relay port number is open by using telnet [relay IP] [port number].
-
Test the DNS to determine if the hostname of the relay can be resolved.
-
Check if any firewalls are blocking the communication and disable them if they are.
-
Unassign the current policy and check if the issue still persists.