Configure agent version control

Agent version control is a feature that gives you and your security operations team control over the specific versions of the Deep Security Agent that will be deployed when:

This allows security operations teams who do not have control over Deep Security Manager's local inventory of agents or the relays the ability to declare exactly what agents will be used at any given time.

As new agents are released by Trend Micro, your security operations team can test them in controlled environments before changing the version control settings to expose the new agents to downstream applications teams in their production environment.

Topics:

Set up agent version control

  1. Before you begin, import the agent versions you want to use.
  2. Go to Deep Security Manager.
  3. Click Administration at the top.
  4. On the left, expand Updates > Software > Agent Version Control.

    All the agent platforms appear in the main pane.

  5. (Optional) Use the Show/Hide Platforms section on the right to restrict the agent platforms that are visible.
  6. Make your agent version selections and click Save. Follow this guidance:

    Only agent versions 9.0 or later are displayed. For Solaris specifically, only versions 11.0 or later are displayed. If you want to deploy earlier agents, you'll have to use the agentVersion= setting available in the deployment scripts. For details, see Use deployment scripts to add and protect computers.

    ColumnDescription
    PLATFORMThis column lists the platforms for which Deep Security Agent software is available.
    VERSION CONTROL

    This column is where you select which version of the agent will be used by deployment scripts and so on. It has the following options:

    • Latest: Indicates to use the latest agent software build available in your local inventory, either long-term support (LTS) or feature release (FR). The logic to determine the latest agent is based on the agent version number: the highest version is used. For example, a Deep Security 12 update agent with version 12.0.0.460 is higher than the Deep Security 12 General Availability (GA) agent. However, the Deep Security 12 feature release agents with version 12.5.0.350 is considered later than an LTS agent with version 12.0.0.460. In summary, choose Latest if you want the latest LTS or FR agent for the platform. For details on LTS and FR releases, see Deep Security 20 release strategy and lifecycle policy.
    • Latest LTS: (default) Indicates to use the latest long-term support (LTS) software build available in your local inventory. Latest LTS can be the original LTS release, or can be an update to the original LTS release. Any FRs in your inventory are ignored. LTS build versions always have ‘0’ as the minor version number. For details on LTS and FR releases, see Deep Security 20 release strategy and lifecycle policy.
    • <agent_version> for example, 11.0.0.760: Indicates to use a specific agent version available in your local inventory. Other agents in your inventory are ignored. If no agent version appears in the list, it's because there is no agent in your local inventory that matches the OS. To fix this issue, import an agent to your inventory.

    The latest version of the agent is sometimes a few releases behind your manager version. For example, the latest LTS for Windows Server 2003 is 10.0.0.3377 as of this writing. Although a release may be behind your manager's, it is still supported if you can see it on the Agent Version Control page. For details, see Agent platform support policy.

    RESULTING AGENT

    This column shows the agent that will be deployed based on your selection under VERSION CONTROL.

    If the column shows an N/A (No agent in inventory) message, it's because there is no agent in your local inventory that matches the selection in VERSION CONTROL. To fix this issue, import an agent to your inventory or change the VERSION CONTROL selection.

    If the column shows an N/A (Removed from inventory) message, it's because the primary tenant (T0) deemed the agent unsuitable for deployment and removed it.

Use agent version control with URL requests

Agent version control provides the ability to control what agents are returned when any URL request is made to Deep Security Manager to download the agent. For details, see Using agent version control to define which agent version is returned.

Agent version control FAQs