Connect to the affected VM (via RDP or console) and run PowerShell as Administrator:
Get-Service | Where-Object $_.Name -like "*tm*" -or $_.Name -like "*trend*"
Look for services like:
If they show Stopped, run:
Start-Service tmcomm
Set-Service -Name tmcomm -StartupType Automatic
If they are missing entirely, the agent installation is corrupt. Proceed to Step 4. Connect to the affected VM (via RDP or
Modern Windows Server 2019/2022 and Linux distributions with UEFI Secure Boot may block unsigned or improperly signed kernel drivers. If Trend Micro’s certificate is not trusted, the driver stays offline. Look for services like:
The “Trend Micro Deep Security Anti-Malware driver offline or not installed” state is a critical failure that disables file-based threat protection. It stems from missing files, registration errors, kernel signature enforcement, or software conflicts. Resolution requires systematic verification of driver presence, service registration, filter attachment, and event logs – often culminating in a feature reinstallation or full agent rebuild. For production environments, immediate remediation is essential to close the window of vulnerability. If they show Stopped , run: Start-Service tmcomm