Trend Micro Deep Security 9.5 ( Filter Driver Installation ) – Part 4

Pls find my previous blogs about Trend DSM , Relay Server Installation and vShield Endpoint and in this blog we can see the Filter Driver Installation and its function.


Check the blog to install the filter driver on ESX5.x under Trend DSM 6.0 SP1

The Filter Driver is installed on each host in the cluster and the driver will interact between the ESXi and the DSVA which will re-directs the traffic from the ESXi networking layer to the DSVA to scan and also it is responsible for sending over the connection states of a VM to the other host when a VMotion moved the VM to the another host. We need Filter driver for Trend to manage the VMs and DSVA appliances which will put the ESX host in Maintenance Mode and also reboots the host during the installation.

Allow DSM to put the ESXi host in/out maintenance mode when installing the driver, the ESXi server will be put into maintenance mode, thus, schedule the deployment of DSVA and the Filter Driver carefully. When preparing the ESX box, allow the Deep Security Manager to automatically bring the host into and out of maintenance mode (via the deploy wizard).

Filter Driver Installation.

Go to the Computers – vCenter – Host and Clusters and select the host . Right-click Prepare ESX.



Select yes and click finish,  which will put the ESX in MM also note it will reboot the host after the installation.


Preparation will start installing the filter driver and also it will configure the VMSERVICE-VSWITCH and creates the VM port group on the isolated network which was created as part of the vShield Manager.







Once the ESX host has been rebooted it will be in the Maintenance Mode , remove the same and we can see the extra port group vmservice-trend-pg in the vmservice-vswitch.


We can find the Filter Driver and the modules are running by using the below command.

~ # esxcli software vib list | grep Trend

Run this command to check the modules:

~ # vmkload_mod -l | grep dvfilter


The IP of the DVfilter should match the VM Kernel VNIC IP found in the Deep Security Manager (DSM) console, under the Network configuration tab of vCenter Properties.

VM Kernel IP.

If we check the advance settings of the ESXi host, we can find the kernel IP .

DSVA vnic

To verify, run the command “~ # esxcfg-advcfg –get /Net/DVFilterBindIpAddress” . The value of DVFilterBindIpAddress should be

The predefined port 2222 should be open for inbound for DVFilter use. Use TELNET command to check if the port is open.


In My Next Blog we can see the Deep Security Virtual Appliance ( DSVA )

This entry was posted in Trend Micro Deep Security, VMware and tagged , , . Bookmark the permalink.

4 Responses to Trend Micro Deep Security 9.5 ( Filter Driver Installation ) – Part 4

  1. Pingback: Trend Micro Deep Security 9.5 ( vShield Endpoint ) – Part 3 | Techbrainblog

  2. Pingback: Trend Micro Deep Security 9.5 ( Deep Security Virtual Appliance-DSVA) – Part 4 | Techbrainblog

  3. Pingback: Trend Micro Deep Security 9.5 ( Deep Security Agent ) – Part 6 | Techbrainblog

  4. Pingback: Trend Micro Deep Security 9.5 ( Smart Scanning Protection Server – SSP Server) – Part 7 | Techbrainblog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s