Views:
Important
Important
For some cases with Linux agents, the Anti-Malware engine can remain partially functional and displays a Warning rather than an Error. For more information, see Warning: Anti-Malware Engine has only Essential functions.
For an overview of the Anti-Malware module, see Protect against malware.
The Anti-Malware Engine Offline error can occur for a variety of reasons. To resolve the issue, follow the instructions below.

Procedure

  1. In the Server & Workload Protection Manager, check for other errors on the same computer.
    The presence of additional errors could indicate issues such as communication or installation failures causing the Anti-Malware engine to be offline.
  2. Check communications from the agent to the Server & Workload Protection Relay and Server & Workload Protection.
  3. In the Server & Workload Protection Manager, view the details for the agent with the issue.
    Verify that Anti-Malware is enabled in the policy or computer settings, and that each scan type is configured and active. For more information, see Enable and configure Anti-Malware.
  4. Uninstall and redeploy the agent.
    For more information on how to uninstall and re-activate the agent, see Uninstall the Server & Workload Protection Agent and Activate the agent.
  5. Verify the computer is receiving component updates.
    1. Go to Computers and locate the affected computer.
    2. Go to Updates and verify the component updates are present and current.
    3. If not, click Download Component Updates to manually initiate an update.
  6. Check if there are conflicts with another anti-virus product, such as OfficeScan.
    If conflicts exist, uninstall the other product and the agent. Reboot and reinstall the agent. To remove OfficeScan, see Uninstalling clients or agents in OfficeScan (OSCE).
  7. For Windows agents, verify the services and drivers are running properly.
    1. Make sure the following services are running:
      • Trend Micro Server & Workload Protection Agent
      • Trend Micro Solution Platform
    2. Check that all the Anti-Malware related drivers are running properly by running the following commands:
      For all versions of Server & Workload Protection Agent:
      • # sc query AMSP
      For Server & Workload Protection Agent 12.5 or earlier, also check:
      • # sc query tmcomm
      • # sc query tmactmon
      • # sc query tmevtmgr
      If a driver is not running, restart the Trend Micro services. If the driver is still not running, continue with the following steps.
    3. Verify the installation method. Only install the MSI, not the zip file.
    4. The agent might need to be manually removed and reinstalled. For more information, see Manually uninstalling Server & Workload Protection Agent, Relay, and Notifier from Windows
    5. The installed Comodo certificate could be the cause of the issue. To resolve the issue, see "Anti-Malware Driver offline" status occurs due to Comodo certificate issue.
  8. For Linux agents, verify the agent is running and the installed kernel is supported.
    Important
    Important
    If the Anti-Malware engine is showing a warning rather than an error for a Linux agent, see Warning: Anti-Malware Engine has only Essential functions.
    1. To check that the agent is running, enter the following command in the command line:
      • service ds_agent status
    2. If you're using a Linux server, your kernel might not be supported. For more information, see Error: Module installation failed (Linux).