‘Trend Micro Deep Security Agent’ prevents #ConfigMgr SMS_PROVIDERS component from updating

The Configuration Manager current branch (CMCB) shows every 60 minutes errors for SMS_PROVIDERS.
It goes:
Message ID 1018: Site Component Manager is reinstalling this component on this site system
Message ID 1090: Site Component Manager could not stop the winmgmt service on site system
Message ID 1020: Site Component Manager failed to reinstall this component on this site system

So, I checked service dependencies and found ‘Trend Micro Deep Security Agent’ service depending on winmgmt and Trend Micro to set the service to be unstoppable even for the System-account. It is always great if a security company cannot get security descriptors right.

At least Trend Micro added an option to disable this behavior. Best is talk to your security team, to disable ‘Agent self-protection > Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent’ from the console or disable it on the local service (the setting may be password protected):

cd “\Program Files\Trend Micro\Deep Security Agent”
dsa_control –selfprotect=0 [–passwd=]

dsa_control001

Now the SMS_PROVIDERS component is updating successfully:
Message ID 1018: Site Component Manager is reinstalling this component on this site system
Message ID 1019: Site Component Manager successfully reinstalled this component on this site system

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s