Deep Security 7

Installation Guide
Trend Micro Incorporated reserves the right to make changes to this
document and to the products described herein without notice.
Before installing and using the software, please review the readme
files, release notes, and the latest version of the applicable user
documentation, which are available from the Trend Micro Web site at:

http://www.trendmicro.com/download

Trend Micro, the Trend Micro t-ball logo, OfficeScan, Intrusion Defense Firewall,
Control Server Plug-in, Damage Cleanup Services, eServer Plug-in, InterScan,
Network VirusWall, ScanMail, ServerProtect, and TrendLabs are trademarks
or registered trademarks of Trend Micro, Incorporated. All other
product or company names may be trademarks or registered
trademarks of their owners.

Copyright © 2009 Trend Micro Incorporated. All rights reserved.

Document version: 1.2

Document number: APEM74348/91110
Release date: Nov 2009
Table of Contents
System Requirements ................................................................................................................... 4
Installation: What You Will Need .................................................................................................... 5
Install Packages........................................................................................................................ 5
License Key .............................................................................................................................. 5
Administrator/Root Privileges ..................................................................................................... 5
URL/IP and Free Ports on the Deep Security Manager Host Machine ................................................ 5
Network Communication ............................................................................................................ 5
A Database .............................................................................................................................. 5
Installing Deep Security Manager ................................................................................................... 6
1. Start the Installer ................................................................................................................. 6
2. License Agreement ................................................................................................................ 6
3. Installation Location .............................................................................................................. 6
4. Database Options .................................................................................................................. 6
5. License Key .......................................................................................................................... 6
6. Upgrading vs. Overwriting an Existing Installation ..................................................................... 6
7. Hostname, URL, or IP address, and Communication Ports .......................................................... 7
8. Credentials ........................................................................................................................... 7
9. Confirm Your Settings ............................................................................................................ 7
10. Setup Complete .................................................................................................................. 7
64-bit installations of Deep Security Manager ............................................................................... 8
Uninstalling the Deep Security Manager ....................................................................................... 8
Installing the Deep Security Agent (Windows).................................................................................. 9
1. Begin the Installation ............................................................................................................ 9
2. License Agreement ................................................................................................................ 9
3. Select a Destination Folder ..................................................................................................... 9
4. Confirm Installation ............................................................................................................... 9
5. Installation Complete ............................................................................................................ 9
Uninstalling the Deep Security Agent ........................................................................................... 9
Installing The Deep Security Agent (Linux) .................................................................................... 10
To install the Deep Security Agent for Linux: .............................................................................. 10
To start, stop and reset the Linux Agent: ................................................................................... 10
To uninstall the Linux Agent: .................................................................................................... 10
Installing the Deep Security Agent (Solaris)................................................................................... 11
What you will need: ................................................................................................................ 11
To install the Solaris 10 Agent: ................................................................................................. 12
To install the Solaris Sparc 8 and Sparc 9 Agents: ...................................................................... 14
Solaris Agent Command line Options: ........................................................................................ 14
To Upgrade the Solaris Agent (all versions) ................................................................................ 15
To uninstall the Solaris Agent: .................................................................................................. 15
Notes on Installing PFIL on a Solaris (8 and 9 Sparc) Host .......................................................... 15
Using the Local Agent Graphical User Interface on a Solaris Host ................................................. 16
Installing the Deep Security Agent (AIX) ....................................................................................... 18
To install the Deep Security Agent for AIX: ................................................................................ 18
To start and stop the AIX Agent: .............................................................................................. 18
To uninstall the AIX Agent: ...................................................................................................... 18
Installing the Deep Security Agent (HP-UX) ................................................................................... 19
To install the Deep Security Agent for HP-UX: ............................................................................ 19
To start and stop the HP-UX Agent: .......................................................................................... 19
To uninstall the HP-UX Agent: .................................................................................................. 19
Installing the Deep Security Virtual Appliance ................................................................................ 20
To prepare the ESX Server for the Virtual Appliance deployment: ................................................. 21
To deploy the Virtual Appliance to the ESX Server: ..................................................................... 21
To activate the Virtual Appliance on the ESX Server: ................................................................... 22
To remove the Virtual Appliance ............................................................................................... 23
To remove the Filter Driver from a prepared ESX Server .............................................................. 23
1. Registration Information ...................................................................................................... 24
2. Feature Selection ................................................................................................................ 24
3. Instance Name ................................................................................................................... 24
4. Service Account .................................................................................................................. 24
5. Authentication Mode ............................................................................................................ 24
6. Collation Settings ................................................................................................................ 24
 7. User Instances .................................................................................................................... 25
8. Finish the Basic Installation .................................................................................................. 25
9. SQL Server Configuration Manager ........................................................................................ 25
10. Restart the Server Instance ................................................................................................ 25
11. Create a Database ............................................................................................................. 26
Installing Oracle Database 10g Express Edition .............................................................................. 27
1. Select a SYSTEM password ................................................................................................... 27
2. Review Settings .................................................................................................................. 27
3. Launch Database Homepage ................................................................................................ 27
4. Database Login ................................................................................................................... 27
5. Create User for the Deep Security Manager ............................................................................ 27
Troubleshooting ......................................................................................................................... 29
FAQs ........................................................................................................................................ 33

3
System Requirements
Deep Security Manager
Memory: 2 GB
Disk Space: 1.5 GB (5 GB recommended)
Operating System: Microsoft Windows Server 2008 (32 and 64 bit), Windows 2003 Server SP2
(32 and 64 bit)
Database (Recommended but Optional): Oracle 10g, Microsoft SQL Server 2008 SP1,
Microsoft SQL Server 2005 SP2
Web Browser: Mozilla Firefox 3+ (cookies enabled), Internet Explorer 7+ (cookies enabled)

Deep Security Agent

Memory: 128 MB
Disk Space: 100 MB (200 MB recommended, primarily for logging)
Windows: Windows 7 (32 and 64 bit), Windows 2008 (32 and 64 bit), Windows 2008 R2 (64 bit),
Windows Vista (32 and 64 bit), Windows 2003 SP2 (32 and 64 bit), Windows XP (32 and 64 bit),
Windows 2000 (32 bit)
Solaris: Solaris 8, 9 and 10, (64-bit Sparc), Solaris 10 (64-bit x86)
Linux: Red Hat 4 (32- and 64-bit), Red Hat 5 (32- and 64-bit), SuSE 10 (32- and 64-bit), SuSE
11 (32- and 64-bit)
AIX: AIX 5.3, 6.1
HP-UX: HP-UX 11i v3

Deep Security Virtual Appliance

Memory: 512 MB
Disk Space: 20 GB
Operating System: VMware vCenter 4 and ESX 4 or ESXi 4

Deep Security uses VMware’s VMsafe-NET API to intercept network traffic at the hypervisor. The
VMsafe API is not available in the free ESXi 4 version.

A virtualized ESX environment (ESX running as a VM) is not supported.

ESX 4 Requirements for the Deep Security Virtual Appliance

In addition to the ESX 4 standard system requirements, the following specifications must be met:

CPU: 64 bit, Intel-VT present and enabled in BIOS

Supported vSwitch: standard vSwitch or 3rd party vSwitch – Cisco Nexus 1000v

4
Installation: What You Will Need
Install Packages
The latest version of the Deep Security Manager, Deep Security Agent, Deep Security Virtual Appliance, and
the Deep Security filter driver installer packages for your host platforms.

License Key
Your license key will have been sent to you by your account manager.

Administrator/Root Privileges
You will need to have Administrator privileges to install Deep Security Manager, the Deep Security Agent
for Windows, and the Deep Security Virtual Appliance.

URL/IP and Free Ports on the Deep Security Manager Host Machine
Your web client connects to Deep Security Manager over port 4119. Deep Security Manager communicates
with Deep Security Agents over port 4118. You must make sure these ports (on the machine hosting Deep
Security Manager) are not reserved for other purposes. The installer will place a shortcut to Deep Security
Manager in the Windows start menu. You will need to note this URL if you want to access the Manager
remotely. Deep Security Agents communicate with Deep Security Manager over port 4120 (this can be
changed during the installation).

Network Communication
Communication between Deep Security Manager and Deep Security Agents/Appliances uses DNS hostname.

In order for Deep Security Agent/Appliance deployments to be successful, you must ensure that each
computer can resolve the hostname of the Deep Security Manager. This requires that the Deep Security
Manager computer have a DNS entry or an entry in the Agent/Appliance computer’s hosts file.

Note you will specify this hostname as part of the Deep Security Manager Installation procedure
(see Step 7 in the Installing Deep Security Manager procedure.)

A Database
Deep Security Manager comes with an embedded database engine (Derby) that is suitable for managing up
to around one million log entries per month, which, under most circumstances, translates to approximately
10 computers. (Trend Micro recommends using Derby only for evaluation purposes.) If you are managing
more than 10 computers, we recommend using Microsoft SQL Server 2008 or Oracle Database 10g. (The
free versions of both Microsoft SQL Server 2008 Express, and Oracle database 10g Express Edition, with
their database size limits of 4 GB, are suitable for approximately 50 computers. Installation and integration
instructions for these free versions are included in this guide.)

During the installation of Deep Security Manager, the installer asks whether you are using the embedded
database engine, or one of the two more robust database engines. If you choose the latter, the installer
will prompt you for configuration information.

Note that if you intend to use Microsoft SQL Server or Oracle Database 10g, you must install it and
create a database before you install Deep Security Manager.

5
Installing Deep Security Manager
1. Start the Installer
(Remember that you must log in as an Administrator to install Deep Security Manager.)

Copy the installation file to the target machine and run it. When the Installation Wizard appears, click Next
to continue.

2. License Agreement
After reading and accepting the license agreement, select “I accept the agreement” and click Next.

3. Installation Location
Specify a location to install Deep security manager and click Next.

4. Database Options
Select whether you wish to use Deep Security Manager’s embedded database engine (Derby), or an
existing SQL Server or Oracle 10 database.

Keep in mind that Oracle or SQL Server must be installed and a database must be created before Deep
Security Manager is installed. Instructions on installing and configuring SQL Server 2005 Express or Oracle
10g Express Edition are included in this guide.

If you select MS SQL Server, the Advanced button becomes available. This allows you to select
whether you are connecting to the default instance of the SQL Server installation or one of several
instances.

When using named pipes to connect to a SQL Server, a properly authenticated Microsoft Windows
communication channel must be available between Deep Security Manager’s host and the SQL Server host.
This may already exist if:

the SQL Server is on the same host as Deep Security Manager,

both hosts are members of the same domain, or
a trust relationship exists between the two hosts.

If no such communication channel is available, Deep Security Manager will not be able to communicate to
the SQL Server over named pipes.

5. License Key
If you are creating a new installation, you will be asked to enter your license key. (If you are upgrading,
you will not see this dialog.) Your license key will have been emailed to you by your Trend Micro
representative.

6. Upgrading vs. Overwriting an Existing Installation

You are given the option to “upgrade the existing installation”, or to “overwrite the existing
installation”. Upgrading the installation will upgrade the Deep Security Manager to the latest version but
will not install any new Security Profiles, DPI Rules, Firewall Rules, Application Types, etc. or change any of

6
 the security settings being applied to the computers on your network. Overwriting the existing installation
will erase all data associated with the previous installation and then install the latest filters, rules, profiles,
etc.

Note that even if you create a new installation, existing security elements currently being applied on
your computers by Deep Security Agents will not be affected until you use Deep Security Manager to
update them. To update Agents from a new installation of the Manager will require deactivation and
reactivation of the Agents.

7. Hostname, URL, or IP address, and Communication Ports

If you are creating a new installation, enter the hostname, URL, or IP address of this computer. This
address will be used to access the web interface of Deep Security Manager. It will also be used by Deep
Security Agents to communicate with the Manager. It is therefore important to select a hostname that will
be resolvable by the Agents.

You can optionally change the default communication ports. The “Manager Port” is the port on which the
Manager’s browser-based UI is accessible through HTTPS. The “Heartbeat Port” is the port on which the
Manager listens for communication from the Agents.
When you are satisfied with the settings, click Next.

Note: In order for Deep Security Agent/Appliance deployments to be successful, you must ensure
that each computer can resolve the hostname of the Deep Security Manager. This requires that the
Deep Security Manager computer have a DNS entry or an entry in the Agent/Appliance computer’s
hosts file. The name used in the lookup will be the one you specified in Step 7.

When Deep Security Manager setup is complete, this hostname can be found by logging in to the Deep
Security Manager and under System->System Information viewing the Manager Node entry under
System Details.

8. Credentials
Enter a username and password for the Master Administrator account. This account will have full
administrative privileges in Deep Security Manager, including the ability to create other administrator
accounts with full or limited privileges.

If you have been given a Trend Micro Customer Account username and password, enter them here. Deep
Security Manager will use these credentials to check for new versions of the Manager and Agents and to
carry out Security Center updates.

Select the Enforce strong passwords checkbox to require this and future administrator passwords to
include upper and lower-case letters, non-alphanumeric characters, and numbers. (This can changed later
in System Settings.)

If you’ve entered a Trend Micro Customer Account username and password, you will be asked whether you
want Deep Security Manager to retrieve the latest Security Updates from the Security Center during the
installation. Although recommended, this is not required; you can retrieve them later using Deep Security
Manager.

9. Confirm Your Settings

This page displays a summary of the installation options. Verify the information you entered and click Next
to continue.

10. Setup Complete

Click Finish to complete the Installation of Deep Security Manager.

7
64-bit installations of Deep Security Manager
In providing support for 64-bit JVMs, the DSM can now make use of additional memory available (up to
3GB of RAM).

To configure the amount of RAM:

1. Go to the Deep Security Manager directory (the same directory as Deep Security Manager.exe),
e.g. C:\Program Files\Trend Micro\Deep Security Manager
2. Create a new file called “Deep Security Manager.vmoptions”
3. Modify the file and add the setting: -Xmx3g
In this example, “3g” will make 3 GB memory available to the DSM
4. Save the file and restart DSM
5. The user can then verify the setting has taken place in DSM by going to System > System
Information and in the system details section expand Manager Node: > Memory. The
Maximum Memory value should now be increased according your configuration change.

Uninstalling the Deep Security Manager

From the Windows Start Menu, select Trend Micro > Trend Micro Deep Security Manager Uninstaller,
and follow the wizard steps to complete the uninstallation.

8
Installing the Deep Security Agent (Windows)
1. Begin the Installation
Copy the installation file to the target machine and double-click it to run the installer package.
Click Next to begin the installation.

Remember that you must have administrator privileges to install and run the Agent on Windows
machines. With the exception of Windows Vista and Windows 7, this means logging in as an
administrator. For Windows Vista, you must be running at the elevated administrator privilege level.
To install the Agent on Vista, log in as an administrator, right-click on cmd.exe and select “Run as
Admin”. Then type
msiexec /i packagename
where “packagename” is the name of the Agent install package (the full name including the extension).

2. License Agreement
Read the license agreement and click Next to continue.

3. Select a Destination Folder

Specify a destination folder and click Next to continue.
(If you are upgrading, you will not be able to change the installation directory. To install to a different
directory, you will have to first uninstall the previous version.)

4. Confirm Installation
The installer package now has all the information needed to install the Deep Security Agent. Click Next to
proceed with the installation.

5. Installation Complete
Click Close to complete the installation.
The Deep Security Agent is now installed and running on this computer, and will start every time the
machine boots.

Uninstalling the Deep Security Agent

From the Windows Control Panel, select Add/Remove Programs. Double-click Trend Micro Deep Security
Agent from the list, and click Change/Remove.

9
Installing The Deep Security Agent (Linux)
To install the Deep Security Agent on a Linux machine, you need to log on as "root". Alternatively, you can
use the "sudo" utility to install the Agent.

$ su
Password:

To install the Deep Security Agent for Linux:

Use "rpm -i" to install the ds_agent package. Use “rpm -U” to upgrade from a previous install. This
approach will preserve your profile settings:

# rpm -i Agent-RedHat_2.6.9_22.EL_i686-5.0.0-96.i386.rpm
Preparing... ########################################## [100%]
1:ds_agent ########################################## [100%]
Loading ds_filter_im module version 2.4.21-20.EL-i686 [ OK ]
Starting ds_agent: [ OK ]

The Deep Security Agent will be started automatically upon installation. To monitor the status of the Agent,
run the dsa_config utility from an X-Windows/GUI session. It gets installed to /opt/ds_agent/dsa_config
and a shortcut to launch it will appear in the RedHat Gnome desktop menu under Applications 
Accessories, and under Application Menu  Utilities  Desktop for SuSE.

(Note that the desktop manager categorizes shortcuts based on keywords, so if the desktop menu
configuration has been altered it may appear elsewhere.)

To start, stop and reset the Linux Agent:

Command-line options:
/etc/init.d/ds_agent start - starts the agent
/etc/init.d/ds_agent status – displays the status of the agent
/etc/init.d/ds_agent stop - stops the agent
/etc/init.d/ds_agent reset - resets the agent
/etc/init.d/ds_agent restart - restarts the agent
/opt/ds_agent/dsa_config - starts the UI

To uninstall the Linux Agent:

To completely remove the agent and any configuration files it created, use "rpm -e":
# rpm -ev ds_agent
Stopping ds_agent: [ OK ]
Unloading dsa_filter module [ OK ]

If iptables was enabled prior to the installation of the Deep Security Agent, it will be re-enabled when the
agent is uninstalled.

10
Installing the Deep Security Agent (Solaris)
What you will need:
For Solaris Sparc/8 and Sparc/9:
libgcc 3.4.6 or better (www.sunfreeware.com)
libiconv 1.11 or better (www.sunfreeware.com)
pfil_Solaris_x.pkg
Agent-Solaris_5.x_sparc-5.x.x-yyy.sparc.pkg.gz

Note:”x” will be 8 or 9 depending on the version of the Solaris operating system you are installing on.

For Solaris Sparc/10 :

SUNWgccruntime, GCC Runtime libraries
pfil_Solaris_10sparc.pkg (see note below)
Agent-Solaris_5.10_sparc-5.x.x-yyy.sparc.pkg.gz

For Solaris X86/10:

SUNWgccruntime, GCC Runtime libraries
pfil_Solaris_10x86.pkg (see note below)
Agent-Solaris_5.10_i386-5.x.x-xxx.x86_64.pkg.gz

All Solaris versions up to and including Solaris 10 Update 3 require pfil to be installed.

To run the Agent graphical user interface, you will need additional packages. For a list of the required
packages, see “Using the Local Agent Graphical User Interface on a Solaris Host”, below.

11
To install the Solaris 10 Agent:
For Solaris 10 Update 4 and above, you only need to perform steps 5 and 6.

1) Acquire all of the required packages (see above)

2) Prepare to remove the Sun version of ipfilter and pfil

a. Note the version numbers and other information
modinfo | grep pfil
modinfo | grep ipf
pkginfo -l SUNWipfr
pkginfo -l SUNWipfu

b. To check the status

svcs -x ipfilter
svcs -x pfil

c. If either of these commands gives errors, then the problem should be corrected before
proceeding further. Also check that Sun's version of pfil loads correctly.

ifconfig ce0 modlist (use your network interface)

and see if pfil is in the list between "ip" and your network interface. If it isn't, then check that your
interface type is uncommented in /etc/ipf/pfil.ap, reboot and try again. Don't proceed further until
you are convinced that Sun's version of ipfilter/pfil is working correctly.

d. Export current ipfilter and pfil service configurations

svccfg export network/pfil > /var/tmp/pfil.svc
svccfg export network/ipfilter > /var/tmp/ipfilter.svc

e. Disable the two services

svcadm -v disable pfil
svcadm -v disable ipfilter

f. Reboot

3) Remove the Sun version of ipfilter and pfil

a. Check that the kernel modules are not loaded after reboot
modinfo | grep ipf
modinfo | grep pfil

b. Save copies of some of the Sun pfil files before removing the Sun packages,
Removing the Sun packages will remove these files and you will need them
to launch the public domain version of pfil.
cp /lib/svc/method/pfil /lib/svc/method/pfil.dist
cp /usr/sbin/pfild /usr/sbin/pfild.dist
cp /etc/ipf/pfil.ap /etc/ipf/pfil.ap.dist

c. Remove the Sun IPFilter packages

pkgrm SUNWipfu
pkgrm SUNWipfr

d. Reboot

12
4) Install pfil
a. Restore the pfil service configuration file
cp /lib/svc/method/pfil.dist /lib/svc/method/pfil

b. Install pfil
pkgadd -d pfil_Solaris_10xxxx.pkg all

c. After installation, remove the Solaris 9 statup scripts as they are

not needed, pfil will be using "svcadm"
rm /etc/rc2.d/S10pfil
rm /etc/rcS.d/S10pfil
rm /etc/init.d/pfil

d. Restore the pfil configuration file, NOTE, the config files for the
public domain pfil are in /etc/opt/ipf, while Sun's config files are
in /etc/ipf, because the service config files saved in step 4.d still
refer to Sun's config file path, you should use /etc/ipf for consistency
with Solaris 10.
cp /etc/ipf/pfil.ap.dist /etc/ipf/pfil.ap

e. Configure pfil network device

vi /etc/ipf/pfil.ap ( uncomment appropriate device(s) )

f. Enable the pfil service

svcadm -v enable pfil

if you receive an error on this command, then the service configuration

file for pfil was removed and needs to be revived from the exported copy
in step 4.d
svccfg -v import /var/tmp/pfil.svc
svcadm -v enable pfil

g. Reboot

h. Verify the pfil service started

modinfo | grep pfil

This should show the public domain version of pfil

(pfil Stream module 2.1.11)
(pfil Streams driver 2.1.11)

Also check that pfil is loaded into the tcp/ip stack correctly
ifconfig ce0 modlist (use your network interface)

If it isn't, then check that your interface type is uncommented in the pfil
configuration file /etc/ipf/pfil.ap, reboot and try again

5) Make sure SUNWgccruntime is installed. If it isn’t, locate the package and install it:
Pkgadd –d . SUNWgccruntime

6) Install the Agent:

gunzip Agent-Solaris_5.x_sparc-5.x.x-xxxx.sparc.pkg.gz
pkgadd -d Agent-Solaris_5.x_sparc-5.x.x-xxxx.sparc.pkg all

13
To install the Solaris Sparc 8 and Sparc 9 Agents:
1) Acquire all of the required packages (see above)

2) Install libiconv-1.8-solx-sparc.gz:
gunzip libiconv-1.8-solx-sparc.gz
pkgadd -d libiconv-1.8-solx-sparc all

3) Install libgcc-3.4.6-solx-sparc.gz:
gunzip libgcc-3.4.6-solx-sparc.gz
pkgadd -d libgcc-3.4.6-solx-sparc all

4) Install pfil:
pkgadd -d pfil_Solaris_x.pkg all

5) Push the pfil stream module into the network interface:

ifconfig <interface> modinsert pfil@2

Note that pfil should go right after ip in the network interface stream. To determine where ip is,
perform:

ifconfig <interface> modlist

and ensure that the number used on the modinsert is one higher than the number of ip in the modlist.

Also note that pfil must be added to the network stack for each of the interfaces the agent will be
protecting

touch /etc/ipf.conf
/etc/init.d/pfil start

(For more information, see " Notes on Installing PFIL on a Solaris (8 and 9 Sparc) Host ", below.)

6) Install the Agent:

gunzip Agent-Solaris_5.x_sparc-5.x.x-xxxx.sparc.pkg.gz
pkgadd -d Agent-Solaris_5.x_sparc-5.x.x-xxxx.sparc.pkg all

Solaris Agent Command line Options:

1) /etc/init.d/ds_agent start - starts the agent
2) /etc/init.d/ds_agent stop - stops the agent
3) /etc/init.d/ds_agent reset - resets the agent
4) /etc/init.d/ds_agent restart - restarts the agent
5) Note that the filtering activity log files are in
/var/log/ds_agent

14
To Upgrade the Solaris Agent (all versions)

pkgadd –v -a /opt/ds_agent/ds_agent.admin -d Agent-Solaris_5.9_sparc-

5.x.x-xxxx.sparc.pkg

To uninstall the Solaris Agent:

pkgrm ds-agent

(Note that uninstall may require a reboot.)

Notes on Installing PFIL on a Solaris (8 and 9 Sparc) Host

The Solaris agent uses the PFIL IP filter component developed by Darren Reed. We currently support
version 2.1.11. We have built this source code and provided a package on our website at:

http://labs.thirdbrigade.com

Further information can be found at: http://coombs.anu.edu.au/~avalon. (For a copy of the PFIL source
code, contact your support provider.)

Notes on pfil
(The following assumes your interface is hme)

If you do "ifconfig modlist", you will see a list of STREAMS modules pushed
onto the interface like this (for hme0):
0 arp
1 ip
2 hme

You need to insert pfil between ip and hme:

ifconfig hme0 modinsert pfil@2

Checking the list, you should see:

0 arp
1 ip
2 pfil
3 hme

To configure the pfil Streams module to be automatically pushed when the

device is opened:

autopush -f /etc/opt/pfil/iu.ap

15
 At this point,

strconf < /dev/hme

should return
pfil
hme

Also, modinfo should show

# modinfo | grep pfil

110 102d392c 6383 24 1 pfil (pfil Streams module 2.1.11)
110 102d392c 6383 216 1 pfil (pfil Streams driver 2.1.11)

Using the Local Agent Graphical User Interface on a Solaris Host

Solaris 9:
Install Sun Gnome from the Solaris 9 CDs:
pkgadd -d . SUNWlibpopt-share SUNWlibpopt
SUNWgnome-base-libs-share SUNWgnome-base-libs-root
SUNWgnome-base-libs

Solaris 8:
What you will need:
atk-1.9.0-sol8-sparc-local.gz (www.sunfreeware.com)
fontconfig-2.2.98-sol8-sparc-local.gz (www.sunfreeware.com)
freetype-2.1.9-sol8-sparc-local.gz (www.sunfreeware.com)
glib-2.6.2-sol8-sparc-local.gz (www.sunfreeware.com)
gtk-2.2.4-sol8-sparc-local.gz (www.sunfreeware.com)
libintl-3.4.0-sol8-sparc-local.gz (www.sunfreeware.com)
pango-1.8.0-sol8-sparc-local.gz (www.sunfreeware.com)
zlib-1.2.3-sol8-sparc-local.gz (www.sunfreeware.com)

1) Install libintl-3.4.0-sol8-sparc-local.gz
gunzip libintl-3.4.0-sol8-sparc-local.gz
pkgadd -d libintl-3.4.0-sol8-sparc-local all
2) Install zlib-1.2.3-sol8-sparc-local.gz
gunzip zlib-1.2.3-sol8-sparc-local.gz
pkgadd -d zlib-1.2.3-sol8-sparc-local all
3) Install freetype-2.1.9-sol8-sparc-local.gz
gunzip freetype-2.1.9-sol8-sparc-local.gz
pkgadd -d freetype-2.1.9-sol8-sparc-local all
4) Install fontconfig-2.2.98-sol8-sparc-local.gz
gunzip fontconfig-2.2.98-sol8-sparc-local.gz
pkgadd -d fontconfig-2.2.98-sol8-sparc-local all

16
5) Install atk-1.9.0-sol8-sparc-local.gz
gunzip atk-1.9.0-sol8-sparc-local.gz
pkgadd -d atk-1.9.0-sol8-sparc-local all
6) Install glib-2.6.2-sol8-sparc-local.gz
gunzip glib-2.6.2-sol8-sparc-local.gz
pkgadd -d glib-2.6.2-sol8-sparc-local all
7) Install pango-1.8.0-sol8-sparc-local.gz
gunzip pango-1.8.0-sol8-sparc-local.gz
pkgadd -d pango-1.8.0-sol8-sparc-local all

8) Install gtk-2.2.4-sol8-sparc-local.gz
gunzip gtk-2.2.4-sol8-sparc-local.gz
pkgadd -d gtk-2.2.4-sol8-sparc-local all

Solaris 8, 9, and 10:

/opt/ds_agent/dsa_config - starts the UI

17
Installing the Deep Security Agent (AIX)
To install the Deep Security Agent for AIX:
1. Log in as Root
2. Copy the package to a temporary folder (“/tmp”)
3. Unzip the package using gunzip:

/tmp> gunzip Agent-AIX_5.3-6.1.0-5.powerpc.bff.gz

4. Install the Agent:

/tmp> installp –a –d /tmp ds_agent

To start and stop the AIX Agent:

Enter either one of the following:

/etc/rc.d/init.d/ds_agent start

/etc/rc.d/init.d/ds_agent stop

To uninstall the AIX Agent:

Enter the following:

Install -u ds_agent

18
Installing the Deep Security Agent (HP-UX)
To install the Deep Security Agent for HP-UX:
1. Log in as Root
2. Copy the package to a temporary folder (“/tmp”)
3. Unzip the package using gunzip:

/tmp> gunzip Agent-HPUX_11.23_ia64-6.1.0-6.ia64.depot.gz

4. Install the Agent: (Note that the package is referenced using the full path. Relative paths will not
be accepted.)

/tmp> swinstall –s /tmp/Agent-HPUX_11.23_ia64-6.1.0-6.ia64.depot

ds_agent

Note: Since a kernel driver is being installed, there is the possibility that the system will need to
reboot. The installer will inform you before installing the package if this is the case. The installer will
not install the package if it necessary to reboot after install. In such cases, you must specify that it is
ok to automatically reboot after install:

/tmp> swinstall –x autoreboot=true –s /tmp/Agent-HPUX_11.23_ia64-6.0.0-595.ia64.depot

ds_agent

To start and stop the HP-UX Agent:

Enter one of the following:

/sbin/init.d/ds_agent start
/sbin/init.d/ds_agent stop

To uninstall the HP-UX Agent:

Enter the following:

/tmp> swremove ds_agent

19
Installing the Deep Security Virtual Appliance
The Deep Security Virtual Appliance provides Firewall, Intrusion Detection/Prevention, Application Control,
and Web Application protection services to Virtual Machines without requiring the presence of an in-guest
Agent. The Virtual Appliance uses VMware's VMsafe-NET API to intercept network traffic at the hypervisor.
It is supported on VMware vSphere 4 (Requires vCenter 4+ and ESX 4+ or ESXi 4+). Virtual Machines are
managed as though they had an agent installed.

The Virtual Appliance provides some distinct security advantages over scenarios with an in-guest Agent:

The Appliance is isolated from the guest. The guest can operate with only the minimum required
software being installed.
Short-lived and reverted machines for which administrator time may not have been allocated for
installing security software can easily and quickly be protected.
Virtual machines and other Appliances whose operating systems are not directly accessible can be
protected, even those machines being managed by other administrators.

The Deep Security Virtual Appliance is easier to deploy. There is no need to remotely install Agent software
on the virtual machine. Even connectivity to the virtual machine is not required.

As well, using the Virtual Appliance allows you to protect guests running operating systems not directly
supported by Deep Security Agents.

Using the Virtual Appliance to protect virtual machines doesn't preclude the use of Deep Security Agents on
those virtual machines. This coordinated approach provides the following benefits:

Allows you to implement the additional Integrity Monitoring and Log Inspection modules on the
virtual machine.
Recommendation Scans can be run on the virtual machines.
Provides mobility to the virtual machines. They can be moved between data centers or cloud
providers and the protection moves with them.
Performance improvement. While the Deep Security Agent is active on the virtual machine, the
Virtual Appliance automatically passes traffic through to the Agent.

Implementing VM Protection with the Deep Security Virtual Appliance involves:

1. Adding the VMware vCenter to the list of managed computers

2. Preparing the ESX Server for the Virtual Appliance deployment
3. Deploying the Virtual Appliance to the ESX Server
4. Assigning and IP address to the Virtual Appliance (only required if the Virtual Appliance does not
have access to a DHCP server)
5. Activating the Virtual Appliance
6. Enabling Virtual Appliance protection on guest virtual machines
7. Optionally, installing Deep Security Agents on the virtual machines to implement the "coordinated
approach" for VM protection

Before proceeding, make sure the Filter Driver and the Deep Security Virtual Appliance installer
packages have been downloaded into Deep Security Manager. In the Deep Security Manager, go to
System > Updates > Software and click on Download From Security Center…. Deep Security
Manager will download the latest available software.

20
 To add a VMware vCenter to the list of managed computers:

1. Right-click on Computers in the navigation pane and select Add VMware vCenter... to start the
Add VMware vCenter Wizard.
2. Provide the server address (IP or hostname) and port, a name and description, and the username
and password for the vCenter. Click Next.
3. The Add VMware vCenter Wizard will display the details of the vCenter being added. Click
Finish.
4. On the confirmation screen, click Close.

If you’ve never contacted this vCenter before you will be prompted to accept an SSL certificate.

The VMware vCenter is now displayed among your other Computers in the Computers list.

To prepare the ESX Server for the Virtual Appliance deployment:

1. Under Computers in the Deep Security Manager navigation pane, click on the newly added vCenter
to display the various vCenter components on the Computer screen.
2. Find the ESX Server in the Computers list (its "status" column should read "Unprepared"), right-
click on it, and select Actions > Prepare ESX Server to display the Prepare ESX Server
Wizard. Click Next.
3. The ESX Server must be put into maintenance mode before the first of two Virtual Appliance
components (the filter driver) can be installed. Then the ESX Server has to be rebooted. Select
Yes to allow the Deep Security Manager to manage this process automatically. Click Next.

All virtual machines running on this machine must be stopped/paused or VMotioned off the box.

4. On the DVFilter Configuration screen, accept the default values and click Next.
5. The ESX Server will now be placed in maintenance mode, the filter driver will be installed, and the
ESX Server will be rebooted. When the Wizard indicates that the process is complete, click Close.

You can monitor this process in the VMware vSphere Client management console. (An error will be
displayed in the console due to connectivity to the ESX Server being lost during the reboot. This error
can be ignored.)

The filter driver is now installed on the ESX Server.

To deploy the Virtual Appliance to the ESX Server:

1. Right-click on the ESX Server in the Computers list (the "status" column should now read
"Prepared"), and select Actions > Deploy Appliance to display the Deep Security Virtual
Appliance Wizard. Click next.
2. Give the Virtual Appliance a name, a datastore, and a folder. Click Finish.
3. The Virtual Appliance will now be deployed on the ESX Server. (Once again, this procedure can be
monitored in the VMware vSphere Client management console.) When the Virtual Appliance
deployment is complete, click Close.

If you’ve never contacted this ESX server before you will be prompted to accept an SSL certificate.

The Virtual Appliance is now displayed along with the other Computers in the vCenter Group in the
Computers list.

21
 To manually assign an IP address to the Virtual Appliance (only required if the Virtual Appliance
doesn’t have access to a DHCP server):

1. Log in to the vSphere client

2. Select the Virtual Appliance
3. View the console
4. Press F2
5. Log in using username/password: dsva/dsva
6. Select Configure Management Network
7. Specify a hostname and /or an IP address, subnet mask, default gateway, and DNS
8. Press Enter to save changes

To activate the Virtual Appliance on the ESX Server:

1. Right-click on the Virtual Appliance in the Computers list and select Actions > Activate
Appliance to display the Activate Deep Security Appliance Wizard. Click Next.
2. Appliance VNIC IP: This must be an otherwise unused IP address. The wizard will provide a
default Security Profile: Select Deep Security Virtual Appliance. Click Next.
3. When the Virtual Appliance has been successfully activated, click Close.

The status of the Virtual Appliance will now read "Managed (Online)".

To enable Virtual Appliance protection on guest virtual machines:

1. Right-click on a virtual machine in the Computers list and select Actions > Activate.
2. The status column for the virtual machine will change to "Managed (Online)".

The virtual machine is now protected by the Virtual Appliance even though no in-guest Agent is installed on
the virtual machine. Firewall Rules and DPI Rules (and Security Profiles) can be assigned to this virtual
machine like any other Computer being managed by Deep Security Manager.

To install a Deep Security Agent on a virtual machines to implement the "coordinated approach"
for VM protection:

To install a Deep Security Agent on a virtual machine, follow the same procedures as for any "real"
Computer. When a virtual machine is being protected by a Virtual Appliances well as an Agent, it is referred
to as coordinated protection. When the Virtual Appliance detects that an Agent is running on the virtual
machine, it will pass all traffic to the Agent and let the Agent apply the security rules to the traffic. If ever
the Agent fails or is stopped, the Virtual Appliance will take over the job of applying security rules to traffic.

When an Agent and a Virtual Appliance are protecting a virtual machine, both are always assigned
the same security rules. In other words, it is impossible to have one set of rules protecting the VM at
the Appliance level and another set of rules protecting the VM at the VM level. When you assign security
rules to the VM, the rules are always sent to the Appliance and to the Agent.

22
To remove the Virtual Appliance
To remove the Virtual Appliance:

1. Log in to vCenter.
2. Stop the Appliance.
3. Remove from disk.

To remove the Filter Driver from a prepared ESX Server

To restore the ESX Server to its “un-prepared” state:

1. From the Deep Security Manager Computers list, select the Virtual Center. Choose the Prepared
Computer for un-deployment, right-click the Computer and select Restore ESX.
2. Follow the wizard steps, accepting the defaults.
3. Choose "Yes" to have the DSM handle the ESX Server driver un-installation automatically.

The Deep Security Manager will attempt to bring the ESX server into and out of maintenance
mode automatically. Any running virtual machines will need to be manually shutdown. At the end of
the uninstallation process, the ESX Server will be automatically rebooted and brought out of
maintenance mode.

Or
4. Choose "No" to manually put the ESX server into /out of maintenance mode.

The Deep Security Manager wizard will start the uninstallation of the filter driver automaticallay
once the ESX Server has been put into maintenance mode. At the end of the uninstallation process,
the ESX Server will be automatically re-booted but remain in maintenance mode.

23
 Installing Microsoft SQL Server 2005 Express
The following instructions are for a typical installation of Microsoft SQL Server 2005 Express. SQL Server
Express, with its database size limit of 4 GB is suitable for managing between 10 and 50 computers. For
more than 50 computers, Trend Micro recommends using a full installation of MS SQL Server.
SQL Server 2005 Express is available for download from http://www.microsoft.com/sql/editions/express/.

Note that Service Pack 2 has been released for SQL Server Express 2005. Make sure your
installation is up-to-date.

The installation package will perform a system configuration check before beginning the installation
process. It will inform you of any missing components and offer to install them for you.

1. Registration Information
If the system configuration check detects no problems, you will see the Registration Information screen.
Uncheck the “Hide advanced configuration options” box.

2. Feature Selection
The Feature Selection dialog allows you to specify which optional components to install. You can accept the
default selections.

3. Instance Name
SQL Server can have multiple instances running on the same machine. This allows multiple products to
have completely separate database server engines. Unless you need to keep this instance of SQL Server
from conflicting with another instance already installed on your machine you can choose the default
instance.

4. Service Account
Unless you have a need to run SQL Server under a different account, you can stick with the defaults on the
Service Account screen.

5. Authentication Mode
Next, the installation prompts you for the authentication mode it should use. Select Mixed Mode and enter
a strong password for SQL Server’s master sa account (which has full rights to the database
environment.).

6. Collation Settings

Keep the default Collation Settings.

24
7. User Instances
Deep Security Manager does not make use of User Instances. Uncheck the “Enable User Instances”
checkbox. (If installing on Windows Vista, check the “Add user to the SQL Server Administrator role” box.)

8. Finish the Basic Installation

Click through the remaining screens and allow the installation to complete.

9. SQL Server Configuration Manager

When the SQL Server Express installation is complete, run the SQL Server Configuration Manager from
the “Microsoft SQL Server 2005” program group. Go to “Protocols for MSSQLSERVER” under “SQL Server
2005 Network Configuration”. Right-click on the Named Pipes and the TCP/IP protocols and Enable
them:

10. Restart the Server Instance

You will need to restart the server instance for the changes to take effect. Right click on the server instance
(“SQL Server (MSSQLSERVER)”) and select “Restart”:

25
11. Create a Database
SQL Server Express is now ready to go, but before it can be used by Deep Security Manager, you will need
to create a database:

1. Open a command prompt (Start 

Run (“command”)).
2. At the command prompt, type “osql
–U sa –P password”, where “password” is the
same password you entered in step 5 (above) for
the master SQL Server sa account. Hit Enter.
3. Type “create database dsm” where
“dsm” is a name for the new
database and hit Enter.
4. Type “go” and hit Enter.
5. Type “quit” and hit Enter.

The database (named “dsm”) has now been

created.
For more information on the osql command-line
tool, see :

http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/coprompt/cp_osql_1wxl.asp
During the installation of Deep Security Manager, choose the SQL Server option at the database step (step
4). Enter the database name, username, and password used during the installation of SQL Server Express
(“dsm”, “sa”, and “thirdbrigade” in this example).

26
Installing Oracle Database 10g Express Edition
The following instructions are for a typical installation of Oracle Database 10g Express Edition. Oracle
Database 10g Express Edition, with its database size limit of 4 GB is suitable for managing between 10 and
50 computers. For more than 50 computers, Trend Micro recommends using a full installation of Oracle
Database 10g.
Oracle Database 10g Express Edition is available for download from
http://www.oracle.com/technology/products/database/xe/index.html

1. Select a SYSTEM password

Start the install package and click through the introductory screens (accepting the license agreement and
the destination location) until you get to the “Specify Database Passwords” screen. Enter a password that
will be used to access Oracle 10g’s master SYSTEM and SYS accounts. These are the accounts used to
manage the Oracle installation. (You will be creating a user account specifically for the Deep Security
Manager later on.)

2. Review Settings
Review the settings on the Summary screen and click Install to continue.

3. Launch Database Homepage

When the installation is complete, you will see the InstallShield Wizard Complete screen. Make sure
“Launch Database homepage” is selected and click Finish.

4. Database Login
Log in to the Oracle database SYSTEM account. Use “SYSTEM” as your username and enter the password
you chose in step 1.

5. Create User for the Deep Security Manager

You now have to create an account for the Deep Security Manager to use.

Select Create User from the Administration icon’s drop-down menu. (Administration > Database
Users > Create User)

Now enter a username and password for the Deep Security Manager to use. The account needs to be able
to create tables, sequences, and triggers. Make sure at least these privileges are selected:

27
Click the Create button to create Deep Security Manager’s Oracle Database account.
Oracle Database 10g Express Edition is now ready for use by Deep Security Manager. During the
installation of Deep Security Manager, select “Oracle” on the Database options screen, enter “xe” as the
database name (the default name for the Express Edition, and enter the username and password you
selected for Deep Security manager to use in the last step of the Oracle database installation.)

28
Troubleshooting
Please consult the Deep Security Manager and Deep Security Agent release notes for any issues not
addressed in the Troubleshooting or FAQs sections.

Problem
"Communications Problem Detected" Alert on a computer managed by the Deep Security Manager.
or
Offline Bundle.zip error when preparing the ESX.
or
Offline Bundle.zip error when deploying the Deep Security Virtual Appliance.
or
Protocol Error when activating the Deep Security Appliance.

Solution
If you encounter any of the above situations it may be that a computer being managed by the Deep
Security Manager is unable to resolve the hostname of the computer hosting the Deep Security Manager.

To ensure the Deep Security Manager is able to resolve the hostname of the computer hosting
the Deep Security Manager:

1. Log in to the Deep Security Manager that is managing the Agent

2. Go to System >System Information and in the System Details, view the Manager Node entry
and note the hostname
3. Log in to the computer that is having communication problems
4. Perform an nslookup using the name from step 2
5. If the nslookup fails you must modify the hosts file on the computer to use the DSM hostname
with the correct IP address or update the DNS entry for the Deep Security Manager machine on
the specified DNS server

To change the hosts file on the Virtual Appliance you must log in via vCenter. Once in the console press
ALT+F2 to get to the console login screen. Then type: sudo vi /etc/hosts

Problem
Cannot contact the Deep Security Virtual Appliance.

Solution
By default the Deep Security Virtual Appliance uses DHCP to acquire an IP address when it is deployed. If
you are deploying in an environment that does not have a DHCP server then you must assign a static IP
address to the Appliance.

To assign a static IP address to the Virtual Appliance:

1. Log in to the Virtual Center hosting the Deep Security Virtual Appliance using vSphere Client
2. Select the Appliance and click the console tab
3. Log in to the Appliance by pressing F2 and using the default username and password (dsva:dsva)
4. Select Configure Management Network from the menu and press Enter
5. Change the Hostname, IP Address, Netmask, Gateway and DNS entries to match that of your
network
6. Press Enter to save the changes
7. Reboot the Appliance by selecting Reboot System from the main menu

29
Problem
Timeout when preparing the ESX server.

Solution
In order for the Filter Driver to be successfully installed, the ESX server it is being deployed to must be
rebooted. The Deep Security Manager offers the option to automatically reboot the server. If this selection
is chosen all virtual machines on the ESX server must be paused/stopped or VMotioned off of the box. If
this is not done the ESX server cannot be put in to maintenance mode and cannot be rebooted. The Deep
Security Manager will report a timeout issue if the ESX server cannot be put in to maintenance mode.

Problem
You see a DSA_IOCTL_SET_FILTER_CONFIG error on a computer with the description:

Engine command code DSA_IOCTL_SET_FILTER_CONFIG failed with error: 0x0005aa

(insufficient system resources exist to complete the requested service.).

Solution
This may be caused by one of two reasons:

1. The system is running with the /3GB boot option.

The /3GB flag reduces the amount of memory available to the kernel, which in turn reduces the amount of
non-pageable memory in the kernel. The exact amount can be influenced by many factors such as TCP
chimney offloading, use of large amounts memory over the 4GB addressing space, external device drivers
such as audio, video, etc.

2. Too many rules are applied on the computer for the amount of kernel memory available to the driver.

In these situations it will be necessary to reduce the number of Firewall and DPI rules applied to your
Computer in order to reduce the memory footprint, as well as improve performance. The Recommendation
Scan feature of Deep Security can help with this. By Scanning your computers for Recommendations you
can use the "Show Recommended for Unassignment" view of the "DPI Rules" page for computer and
unassign DPI Rules that do not need to be applied to maintain appropriate security. If you manager your
computers via Security Profiles you can use the same "Show Recommended for Unassignment" DPI Rules
view but note that it will only show DPI Rules that are not recommended on any of the Computers to which
the Security Profile is assigned, and may still leave you with a set of DPI Rules that has a footprint that is
too large for some Computers. If the Security Profile itself still has too many DPI Rules assigned it may be
necessary to make additional Security Profiles and divide the Computers amongst them such that the
Security Profiles are better representations of what DPI Rules are actually recommended to be applied to
the various Computers. This should allow you to reduce the number of DPI Rules assigned to all your
Computers.

Problem
The Agent protecting the Deep Security Manager is generating “Renewal” errors, and/or you cannot
connect remotely to the Deep Security Manager.

Solution
After applying the "Deep Security Manager" Security Profile, you may notice that the Deep Security Agent
will return numerous "Renewal Error" DPI Events. This is because the Agent cannot inspect the SSL Traffic
that existed before the "Deep Security Manager" Security Profile and its SSL Host Configuration was
applied. It is recommended that all browser sessions to the Deep Security Manager be restarted after
applying the “Deep Security Manager” Security Profile.

30
Problem
Your support provider has asked for a diagnostics package.

Solution
In Deep Security Manager, go to System > System Information and click Create Diagnostics Package…
in the toolbar. This displays the Diagnostic Package Wizard which will create a zip file containing
Install/Uninstall and Debug Logs, System Information, Database Contents (last hour only for time-sensitive
items), and a File Listing. This information can be given to your support provider to help troubleshoot any
problems.

Problem
Your support provider has asked you to increase the size of the diagnostics package.

Solution
The default maximum size of a diagnostic package is approximately 200MB. A command line instruction is
available to increase the size of the diagnostic package:

dsm_c -action changesetting -name configuration.diagnosticMaximumFileSize -value ####

The following example increases the size of the package to 1GB (1000MB):

dsm_c -action changesetting -name configuration.diagnosticMaximumFileSize -value 1000

Do not change the size of the diagnostic package unless instructed to do so by your support provider.

Problem
Cannot create a diagnostics package with Internet Explorer 7.

Solution
When exporting files (CVS, XML, software, or updates) or creating a diagnostic package, Internet Explorer’s
“Information Bar” may inform you that file downloads are being blocked and Deep Security Manager will
instruct you to “check the server0.log”. To permit file downloads, click on “More information” in the
Information Bar and follow the instructions to allow file and software downloads.

Problem
Deep Security Agent is installed, but the Agent UI displays blank fields.

Solution
If the “Manager URL”, “Manager certificate name”, and “Manager certificate fingerprint” fields are blank, the
Agent has not been activated. These fields are blank until the Agent has been activated by Deep Security
Manager. Find the Computer in the DSM’s Computers list, right-click on it and select Actions >
Activate/Reactivate.

31
Problem
Many DPI rules are being triggered on the Agent protecting the database used by Deep Security Manager.

Solution
When using Deep Security Manager with a database on a remote computer that is running a Deep Security
Agent (DSA) there is a possibility of DPI false positives. The false positives are caused by the contents of
the DPI Rules (when saving to the database) triggering the DPI Rules running on the DSA. The workaround
is to either create a bypass Firewall Rule to apply to the database server with the source IP being the static
IP of Deep Security Manager or to enable encryption on the database channel. SQL Server can be
encrypted by adding:

database.SqlServer.ssl=require

to \webclient\webapps\ROOT\WEB-INF\dsm.properties and restart the Deep Security Manager service.

Problem
Experiencing problems installing two Deep Security Managers on the same machine.

Solution
Only one instance of the Deep Security Manager can be installed on any given machine.

Problem
Getting the following error message in an “Agent Activate Failed” system event: "A client error occurred in
the DSM to DSA protocol: HTTP client error received: certificate is not yet valid".

Solution
The clock on a Deep Security Agent machine must be synchronized with the Deep Security Manager to
within 24 hours. If the DSA clock is behind the DSM clock then an Agent Activate operation will fail because
the certificate generated for the Agent by the Deep Security Manager will not yet be valid.

Problem
Traffic Analysis is not working.

Solution
Stateful Configuration must be on, with TCP and UDP logging enabled.

32
FAQs
Please consult the Deep Security Manager and Deep Security Agent release notes for any issues not
addressed in the Troubleshooting or FAQs sections.

What platforms are supported?

See the release notes for the latest information.

Where can I find my license for Deep Security 7?

It will be sent to you by your Account Manager. Refer to the Deep Security 7 Installation Guide for
information about the License Key.

Where can I download the installer package for Deep Security 7?

The Trend Micro Deep Security Center - https://labs.thirdbrigade.com

Where can I download the technical documents for Deep Security 7?

The Trend Micro Deep Security Center - https://labs.thirdbrigade.com

What is the default username and password to log into the Deep Security Manager console?
You are prompted for a username and password during installation. The default username to log in to the
Manager Console is "MasterAdmin" (no quotes). Both this and the password are set during the installation.
The username IS NOT case-sensitive. However, the password IS case-sensitive.

Can I reset the Manager console login password?

Yes. You can reset or change the Manager console login password.
You can reset the password for a User (if you have the rights) by double-clicking the User on the Users
screen, and selecting the Set Password button.

How can I unlock a locked out User?

Go to System > Users, right-click on the User and select “Unlock User”.

Can I use my domain account credentials when logging on to the Manager console?
Yes. See the “Synchronizing with a Directory” section in the User’s Guide.

How can I mass-deploy the Agents to the workstations?

Contact your support provider.

How can I uninstall Deep Security Manager and Agent from the command-line?
For the Agent (Windows), run:
msiexec /x <package name including extension>
(For a silent uninstall, add “/quiet”)

For the Manager, from the Deep Security Manager folder, run:
Uninstall.exe
(For a silent uninstall, add “-q”)

Can I still use my existing license or activation code when upgrading to version 7?
Yes

Can I move the DSM installation to a different drive?

Please contact your support provider.

33
How can I migrate my database to different versions of SQL or Oracle?
Please contact your support provider.

Can I uninstall the DS Agents from the Manager console?

No. You can de-activate an Agent/Appliance from the DSM, but you must uninstall locally.

What is the end of life or support policy for Deep Security?

• Product support is provided 2 years after a release
• Product support is provided 1 year after a subsequent release, whichever time period is longer

Can I assign a different port number for Deep Security?

Please contact your support provider.

Where can I retrieve my Trend Micro Deep Security Customer Account Credentials?
Your account credentials are provided by your Trend Micro account manager.

How can I register to the Trend Micro Deep Security Customer Account?
Your Trend Micro account manager will register your account when the software is purchased.

How frequent are Security Updates?

Typically every 2 weeks, but can be more frequent.

How do I deactivate the DS Agent from the command line?

See the User’s Guide section “Manually Deactivate/Stop/Start the Agent/Appliance”. It is platform
dependent.

How can I manually update the DS Agent that has no connection with the DS Manager?
Updating the Agent is not possible without connection to the Manager, since the Manager must send the
security configuration details to the Agent.

34