Activate the agent | Trend Micro Service Central

Important

To deploy the Server & Workload Protection agent with endpoint sensor and full XDR functionality, download and deploy the agent package from Endpoint Inventory. For more information, see Deploy Agents.

Computers added using this method do not support the endpoint sensor and do not have XDR functionality. Trend Micro recommends only using this method for testing purposes or troubleshooting with your support provider.

Tip

If you haven't already installed the agent, see Use deployment scripts to add and protect computers or Manually install the agent for instructions.

Before the installed agent can protect its computer or be converted to a relay, you must activate the agent with Server & Workload Protection. Activation registers the agent with Server & Workload Protection during an initial communication.

To do this, you can either:

Activate the agent through a deployment script. See Use deployment scripts to add and protect computers for details.
Activate the agent from the computer where the agent is installed. Run this command: dsa_control -a dsm://agents.workload.<region>.cloudone.trendmicro.com:443/ "tenantID:<tenant ID>" "token:<token>" To find the appropriate values for <region>, <tenant ID>, and <token> in the Server & Workload Protection console, go to Administration → Updates → Software → Local → Generate Deployment Scripts, scroll to the end of the script that is generated, and copy the region, tenantID, and token values. For details on this command, including additional parameters, see Command-line basics.
Activate the agent through an event-based task ("Computer Created (by System)" event) to automatically activate computers when they connect to Server & Workload Protection or when Server & Workload Protection syncs with an LDAP directory or cloud account. For more information, see Create an event-based task.

Before activation, the agent will have one of these statuses:

No Agent: Indicates one of the following situations:
- No agent is running or listening on the default port.
- An agent is installed and running but is working with another manager and communications are configured as agent-initiated. In this case, the agent is not listening for Server & Workload Protection. To correct this situation, deactivate the agent from the computer.
Activation Required: The agent is installed and listening, and is ready to be activated by Server & Workload Protection.
Reactivation Required: The agent is installed and listening and is waiting to be reactivated by Server & Workload Protection.
Deactivation Required: The agent is installed and listening, but has already been activated by another manager.
Unknown: The computer has been imported (as part of an imported Computers list) without state information, or has been added by way of an LDAP directory discovery process.

After a successful activation, the agent state is Online. If the activation failed, the computer status is Activation Failed with the reason for the failure in brackets. Click this link to display the system event for more details on the reason for the activation failure.

Note

Although IPv6 traffic is supported by version 8.0 and earlier agents, it is blocked by default. To allow IPv6 traffic on version 8.0 agents, open a Computer or Policy editor and go to Settings → Advanced → Advanced Network Engine Settings. Set the Block IPv6 for 8.0 and Above Agents option to No.

Deactivate the agent

You can normally deactivate the agent from the Server & Workload Protection console. If Server & Workload Protection cannot communicate with the agent, you may have to perform the deactivation manually. To run the commands below, you must have administrator privileges on the local machine.

To deactivate the agent on Windows:

Procedure

From a command line, change to the agent directory (Default is C:\Program Files\Trend Micro\Deep Security Agent)
Run the following: dsa_control -r

What to do next

To deactivate the agent on Linux:

Run the following: /opt/ds_agent/dsa_control -r

Start or stop the agent

To start or stop the agent on Windows:

Start: sc start ds_agent
Stop: sc stop ds_agent

To start or stop the agent on Linux:

Using SysV init scripts:

Start: /etc/init.d/ds_agent start
Stop: /etc/init.d/ds_agent stop

Using systemd commands:

Start: systemctl start ds_agent
Stop: systemctl stop ds_agent