When a new Linux kernel version is released, Trend Micro releases a new kernel support
package for the agent. If a computer's kernel version is not currently supported,
then the Anti-Malware engine can provide only basic protection. Normal protection
resumes when the agent receives the update to support the new kernel version. To prevent
this problem, verify that the new kernel version is supported before you upgrading.
Basic functions
Category
|
Feature name
|
Supported
|
Scan / Detection
|
Document exploit protection
|
✔
|
Predictive machine learning (1)
|
||
Behavior monitoring
|
||
Spyware/Grayware
|
✔
|
|
IntelliTrap
|
✔
|
|
Scan compressed file
|
✔
|
|
Smart scan
|
✔
|
|
Connected threat defense
|
✔
|
|
Inclusion / Exclusion
|
Document exploit protection
|
✔
|
Directories inclusion
|
✔
|
|
File inclusion
|
✔
|
|
Directories exclusion
|
✔
|
|
File exclusion
|
✔
|
|
File extension exclusion
|
✔
|
|
Process image file exclusion (2)
|
✔
|
|
Quarantine
|
Quarantine file
|
✔
|
Restore file
|
✔
|
|
Container
|
Container protection (3)
|
(1) Predictive machine learning: Sometimes this might work if the agent can get the process image path, but it is
not reliable and therefore not supported.
(2) Process image file exclusion: Changes to user-mode matching. Performance could be impacted.
(3) Container protection: The agent cannot protect runtime container workloads in this mode.
Reason IDs
If the agent is providing only basic protection and you want to restore full functionality,
then you must resolve the cause. Steps vary by reason ID:
-
Reason ID 7: No driver is available for the particular kernel version causes a driver offline error. To resolve this: Check if latest Kernel Support Package (KSP) is released for that particular kernel. File a case to request KSP support.
-
Reason ID 11: The Trend Micro public key--on the system when SecureBoot is enabled--is missing, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
-
Reason ID 12: The Trend Micro public key--on the system when SecureBoot is enabled--is expired, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
-
Other reason IDs: Create a diagnostic package and contact support.
The reason ID is included in events forwarded to an external Syslog, SIEM server,
or to Amazon SNS. The reason ID is also displayed in the event description for the
agent (either Anti-Malware Engine Offline or Anti-Malware Engine with Basic Functions).
Reason ID
|
Event reason
|
Description
|
||
1
|
Unknown reason
|
The malware scan failed for an unknown reason.
|
||
2
|
Incomplete Anti-Malware installation
|
Incomplete installation of the Anti-Malware service. This causes a driver offline
error.
|
||
3
|
Failed process communication between DSA and AM service
|
The process communication between the agent and Anti-Malware service failed. This
causes a driver offline error.
|
||
4
|
Timeout of restart
|
The Anti-Malware service (AMSP) restart timed out. (That is, the code signature verification
process has hung.)
|
||
5
|
Stopped Anti-Malware service
|
The Anti-Malware service has stopped unexpectedly. This causes a driver offline error.
|
||
6
|
Failed sign check
|
Windows file (binaries/DLL) code signature verification failed unexpectedly.
|
||
7
|
Unavailable kernel version
|
No driver is available for the Linux kernel version. This causes a driver offline
error.
|
||
8
|
Failed driver loading
|
Loading the driver (tmhook/bmhook) into the kernel failed. This causes a driver offline
error.
|
||
9
|
Failed driver unloading
|
Unloading a driver from the kernel failed. This causes a driver offline error.
|
||
10
|
Failed driver device opening
|
Opening a driver device file failed. This causes a driver offline error.
|
||
11
|
Missing machine owner key Trend Micro public key
|
The Trend Micro public key is missing in the SecureBoot machine owner key (MOK) list
on the computer. As a result, the driver signature cannot be verified, and the computer
will not load the driver. This causes a driver offline error.
|
||
12
|
Expired machine owner key Trend Micro public key
|
The Trend Micro public key is expired in the SecureBook MOK list on the computer.
As a result, the driver signature cannot be verified, and the computer will not load
the driver. This causes a driver offline error.
|
||
13
|
Signed with unauthorized public key
|
The driver was signed with an unknown/unsupported public key.
|
||
14
|
Configuration file disable driver
|
Agent is set to not load the driver by configuration ini file.
This causes a driver offline state.
|
||
15
|
Policy disable driver
|
Agent is set to not load the driver by DSM/C1WS policy. This
causes a driver offline state.
|