Views:
This error can occur for a variety of reasons. To resolve the issue, follow the instructions below.
Note
Note
For some cases with Linux agents, the Anti-Malware engine can remain partially functional and will show a Warning rather than an Error. That scenario is discussed in Warning: Anti-Malware Engine has only Essential functions.
For an overview of the Anti-Malware module, see Protect against malware.

Procedure

  1. In the Server & Workload Protection console, check for other errors on the same machine. If errors exist, there could be other issues that are causing your Anti-Malware engine to be offline, such as communications or agent installation failure.
  2. Check communications from the agent to the Server & Workload Protection Relay and Server & Workload Protection.
  3. In the Server & Workload Protection console, view the details for the agent with the issue. Verify that the policy or setting for Anti-Malware is turned on, and that the configuration for each scan (real-time, manual, scheduled) is in place and active. (See Enable and configure Anti-Malware.)
  4. Deactivate and uninstall the agent before reinstalling and re-activating it. See Uninstall the Server & Workload Protection Agent and Activate the agent for more information.
  5. In the Server & Workload Protection console, go to the Updates section for that computer. Verify that the Security Updates are present and current. If not, click Download Security Updates to initiate an update.
  6. Check if there are conflicts with another anti-virus product, such as OfficeScan. If conflicts exist, uninstall the other product and Server & Workload Protection Agent, reboot, and reinstall the Server & Workload Protection Agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan (OSCE).

What to do next

If your agent is on Windows Parent topic

Procedure

  1. Make sure the following services are running:
    • Trend Micro Server & Workload Protection Agent
    • Trend Micro Solution Platform
  2. Check that all the Anti-Malware related drivers are running properly by running the following commands:
    For all versions of Server & Workload Protection Agent:
    • # sc query AMSP
    For Server & Workload Protection Agent 12.5 or earlier, also check:
    • # sc query tmcomm
    • # sc query tmactmon
    • # sc query tmevtmgr
    If a driver is not running, restart the Trend Micro services. If it is still not running, continue with the steps below.
  3. Verify the installation method. Only install the MSI, not the zip file.
  4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Server & Workload Protection Agent, Relay, and Notifier from Windows
  5. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see "Anti-Malware Driver offline" status occurs due to Comodo certificate issue.

What to do next

If your agent is on Linux Parent topic

Procedure

  1. To check that the agent is running, enter the following command in the command line:
    • service ds_agent status
  2. If you're using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).

What to do next

Reminder: If the Anti-Malware engine is showing a warning rather than an error for a Linux agent, see Warning: Anti-Malware Engine has only Essential functions.