Security Agent Services

The Security Agent runs the services listed in the following tables. You can view the status of these services from Microsoft Management Console.

Default Processes

Process

Description

Location

TmListen.exe

Receives commands and notifications from the Apex One server and facilitates communication from the Security Agent to the server

<Agent installation folder>\tmlisten.exe

NTRtScan.exe

Performs Real-time, Scheduled, and Manual Scan on Security Agents

<Agent installation folder>\ntrtscan.exe

TmPfw.exe

Provides packet level firewall, network virus scanning, and intrusion detection capabilities

<Agent installation folder>\TmPfw.exe

TMBMSRV.exe

Regulates access to external storage devices and prevents unauthorized changes to registry keys and processes

Note

If this option is enabled, the Security Agent may prevent third-party products from installing successfully on endpoints. If you encounter this issue, you can temporarily disable the option and then re-enable it after the installation of the third-party product.

<%Program Files (x86) folder%>\Trend Micro\BM\TMBMSRV.exe

TmCCSF.exe

Performs Browser Exploit Prevention and memory scanning

<Agent installation folder>\CCSF\TmCCSF.exe

TmWSCSvc.exe

Reports security status of Apex One Security Agents to Security Center

<Agent installation folder>\TmWSCSvc.exe

Extended Feature Processes

Process	Description	Location
`DSAgent.exe`	Monitors the transmission of sensitive data and controls access to devices	<%Windows directory%>\system32\dgagent\DSAGENT.exe
`ATASAgent.exe`	Advanced Managed Detection and Response tasks and communication	<%Program Files (x86) folder%>\Trend Micro\iService\iATAS\ATASAgent.exe
`TMiACAgentSvc.exe`	Trend Micro Application Control Service (Agent)	<%Program Files (x86) folder%>\Trend Micro\iService\iAC\ac_bin\TMiACAgentSvc.exe
`ESEServiceShell.exe`	Trend Micro Endpoint Sensor Engine Wrapper	<%Program Files (x86) folder%>\Trend Micro\iService\iES\ESE\ESEServiceShell.exe
`ESClient.exe`	Trend Micro Endpoint Sensor Service (Agent)	C:\Program Files (x86)\Trend Micro\iService\iES\ESE\ESClient.exe
`iVPAgent.exe`	Trend Micro Vulnerability Protection Service (Agent)	<%Program Files (x86) folder%>\Trend Micro\iService\iVP\iVPAgent.exe

The following services provide robust protection but their monitoring mechanisms can strain system resources, especially on servers running system-intensive applications:

Trend Micro Unauthorized Change Prevention Service (TMBMSRV.exe)
Apex One NT Firewall (TmPfw.exe)
Apex One Data Protection Service (dsagent.exe)

For this reason, these services are disabled by default on Windows Server platforms. If you want to enable these services:

Monitor the system's performance constantly and take the necessary action when you notice a drop in performance.
For TMBMSRV.exe, you can enable the service if you exempt system-intensive applications from Behavior Monitoring policies. You can use a performance tuning tool to identify system intensive applications.

For details, see Using the Trend Micro Performance Tuning Tool.

For desktop platforms, disable the services only if you notice a significant drop in performance.