Solutions to Issues Indicated in Security Agent Icons

Perform the necessary actions if the Security Agent icon indicates any of the following conditions:



Pattern file has not been updated for a while

Security Agent users need to update components. From the web console, configure component update settings in Updates > Agents > Automatic Update, or grant users the privilege to update in Agents > Agent Management > Settings > Privileges and Other Settings > Privileges (tab) > Component Updates.

Real-time Scan Service has been disabled or is not functional

If the Real-time Scan Service (Apex One NT RealTime Scan) has been disabled or becomes non-functional, users must start the service manually from Microsoft Management Console.

Real-time Scan was disabled

Enable Real-time Scan from the web console (Agents > Agent Management > Settings > Scan Settings > Real-time Scan Settings).

Real-time Scan was disabled and the Security Agent is in Independent mode

Users need to disable Independent mode first. After disabling Independent mode, enable Real-time Scan from the web console.

The Security Agent is connected to the network but appears offline

Verify the connection from the web console (Agents > Connection Verification) and then check connection verification logs (Logs > Agents > Connection Verification Logs).

If the Security Agent is still offline after verification:

  1. If the connection status on both the server and Security Agent is offline, check the network connection.

  2. If the connection status on the Security Agent is offline but online on the server, the server's domain name may have been changed and the Security Agent connects to the server using the domain name (if you select domain name during server installation). Register the Apex One server's domain name to the DNS or WINS server or add the domain name and IP information into the "hosts" file in the following folder on the agent endpoint: <Windows folder>\system32\drivers\etc

  3. If the connection status on the Security Agent is online but offline on the server, check the Apex One firewall settings. The firewall may block server-to-agent communication, but allow agent-to-server communication.

  4. If the connection status on the Security Agent is online but offline on the server, the Security Agent's IP address may have been changed but its status does not reflect on the server (for example, when the agent is reloaded). Try to redeploy the Security Agent.

Smart protection sources are unavailable

Perform these tasks if the agent loses connection with smart protection sources:

  1. On the web console, go to the Endpoint Location screen (Agents > Endpoint Location) and check if the following endpoint location settings have been configured properly:

    • Reference servers and port numbers

    • Gateway IP addresses

  2. On the web console, go to the Smart Protection Source screen (Administration > Smart Protection > Smart Protection Sources) and then perform the following tasks:

    1. Check if the Smart Protection Server settings on the standard or custom list of sources are correct.

    2. Test if connection to the servers can be established.

    3. Click Notify All Agents after configuring the list of sources.

  3. Check if the following configuration files on the Smart Protection Server and Security Agent are synchronized:

    • sscfg.ini

    • ssnotify.ini

  4. Open Registry Editor and check if the agent is connected to the corporate network.


    HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iCRC Scan\Scan Server

    • If LocationProfile=1, the Security Agent is connected to the network and should be able to connect to a Smart Protection Server.

    • If LocationProfile=2, the Security Agent is not connected to the network and should connect to the Smart Protection Network. From Internet Explorer, check if the Security Agent endpoint can browse Internet web pages.

  5. Check internal and external proxy settings used to connect to Smart Protection Network and Smart Protection Servers.

    For more information, see Configuring Internal Agent Proxy Settings and Configuring External Agent Proxy Settings.

  6. For conventional scan agents running Windows 7, Server 2012, and later versions, verify that the tmusa driver is running. If this driver stops, agents cannot connect to smart protection sources for web reputation.