Views:
When a new Linux kernel version is released, Trend Micro releases a new kernel support package for the agent. If a computer's kernel version is not currently supported, then the Anti-Malware engine can provide only basic protection. Normal protection resumes when the agent receives the update to support the new kernel version. To prevent this problem, verify that the new kernel version is supported before you upgrading.

Basic functions

Category
Feature name
Supported
Scan / Detection
Document exploit protection
Predictive machine learning (1)
 
Behavior monitoring
Spyware/Grayware
IntelliTrap
Scan compressed file
Smart scan
Connected threat defense
Inclusion / Exclusion
Document exploit protection
Directories inclusion
File inclusion
Directories exclusion
File exclusion
File extension exclusion
Process image file exclusion (2)
Quarantine
Quarantine file
Restore file
Container
Container protection (3)
 
(1) Predictive machine learning: Sometimes this might work if the agent can get the process image path, but it is not reliable and therefore not supported.
(2) Process image file exclusion: Changes to user-mode matching. Performance could be impacted.
(3) Container protection: The agent cannot protect runtime container workloads in this mode.

Reason IDs

If the agent is providing only basic protection and you want to restore full functionality, then you must resolve the cause. Steps vary by reason ID:
  • Reason ID 7: No driver is available for the particular kernel version causes a driver offline error. To resolve this: Check if latest Kernel Support Package (KSP) is released for that particular kernel. File a case to request KSP support.
  • Reason ID 11: The Trend Micro public key--on the system when SecureBoot is enabled--is missing, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
  • Reason ID 12: The Trend Micro public key--on the system when SecureBoot is enabled--is expired, so loading the driver failed, which caused a driver offline error. To resolve this: Install the machine owner key.
The reason ID is included in events forwarded to an external Syslog, SIEM server, or to Amazon SNS. The reason ID is also displayed in the event description for the agent (either Anti-Malware Engine Offline or Anti-Malware Engine with Basic Functions).
Reason ID
Event reason
Description
1
Unknown reason
The malware scan failed for an unknown reason.
2
Incomplete Anti-Malware installation
Incomplete installation of the Anti-Malware service. This causes a driver offline error.
3
Failed process communication between DSA and AM service
The process communication between the agent and Anti-Malware service failed. This causes a driver offline error.
4
Timeout of restart
The Anti-Malware service (AMSP) restart timed out. (That is, the code signature verification process has hung.)
5
Stopped Anti-Malware service
The Anti-Malware service has stopped unexpectedly. This causes a driver offline error.
6
Failed sign check
Windows file (binaries/DLL) code signature verification failed unexpectedly.
7
Unavailable kernel version
No driver is available for the Linux kernel version. This causes a driver offline error.
8
Failed driver loading
Loading the driver (tmhook/bmhook) into the kernel failed. This causes a driver offline error.
9
Failed driver unloading
Unloading a driver from the kernel failed. This causes a driver offline error.
Note
Note
Currently, this scenario does not occur, so the agent never reports this code in DsspState on Linux.
10
Failed driver device opening
Opening a driver device file failed. This causes a driver offline error.
11
Missing machine owner key Trend Micro public key
The Trend Micro public key is missing in the SecureBoot machine owner key (MOK) list on the computer. As a result, the driver signature cannot be verified, and the computer will not load the driver. This causes a driver offline error.
12
Expired machine owner key Trend Micro public key
The Trend Micro public key is expired in the SecureBook MOK list on the computer. As a result, the driver signature cannot be verified, and the computer will not load the driver. This causes a driver offline error.
13
Signed with unauthorized public key
The driver was signed with an unknown/unsupported public key.
14
Configuration file disable driver
Agent is set to not load the driver by configuration ini file. This causes a driver offline state.
15
Policy disable driver
Agent is set to not load the driver by DSM/C1WS policy. This causes a driver offline state.