When you enable agent-initiated activation (AIA), instead of Workload Security contacting the agents directly, the agents initiate communication with Workload Security and establish an encrypted TCP connection over the Workload Security heartbeat port (443).

Enabling AIA can prevent communication issues between Workload Security and agents, as well as simplify agent deployment when used with deployment scripts. Trend Micro recommends that you use AIA if the following applies:

Workload Security has agent-initiated communication enabled by default.

Perform the following:

For your agents to continue initiating communication with Workload Security after activation, enable agent-initiated communication on any policies the agents will use. You can do this by either modifying an existing policy or by creating a new one.

You can create a new policy from an existing policy by right-clicking it and selecting Duplicate:

You can either assign the policy to the agents during the deployment script configuration, or by using an event-based task after the deployment script has been run.

If all the agents need to use the same policy, you can assign the policy in the deployment script as part of the next step. If groups of agents need to use different policies, create an event-based task to assign the policies before proceeding with the next step.

See Generate a deployment to learn how to use a deployment script to activate the agents. If you are assigning a policy during deployment script configuration, you have to select it from the Security Policy list.