Windows Client Enhancements

• Scheduled Scan Setting Enhancements: Administrators can configure agent settings from the management console to allow users to postpone or skip scheduled scans on their device. These features allow the user to take actions to postpone or skip scheduled scans prior to the start of a scan when they find the original schedule of the scan to be highly inconvenient to their work schedule. To configure the settings, go to Devices > {group} > Configure Policy > Windows > Client Privileges.
• Security Agent Security Level: The default security level setting for the Security Agent has been changed for increased security. This prevents users or other processes from modifying Worry Free Business Security related program files, registries and process. In conjunction the user interface on the management console has been changed from radio buttons to a checkbox, to help users understand the importance of the default feature. To change the settings, go to Devices > {group} > Configure Policy > Windows > Client Privileges.
• Security Agent Version Information: The Security Agent console displays the build version information after the “Version Informaion” wording when opening the Component Versions window. This information can be used as additional information when checking whether the client has the latest agent installed compared to the information on the Device page of the management console.

Mac Client Enhancements

Mac Security Agent Support: The Security Agent supports installation on Mac OS X 10.9 “Mavericks”.

Client Deployment and Upgrade

1. To completely reinstall or upgrade the CSA, you will need to restart the computer. A restart will also be necessary when updating some components including the firewall and the proxy drivers.

2. After installing the CSA on a computer with IIS 7.0, you must restart the IIS service. IIS 7.0 may not work as expected with the CSA, which uses the Windows Filtering Platform, until IIS is restarted. This issue only occurs on Microsoft Windows 2008 without service pack 2.

3. Real-time scan on CSA can prevent Hyper-V Manager from creating virtual machines. If you encounter this issue, configure real-time scan to exclude the storage folder for your virtual machines from scanning. Hyper-V Manager uses "C:\ProgramData\Microsoft\Windows\Hyper-V" as the default storage folder, but a different folder may be specified during virtual machine creation.

4. In environments such as distributed file systems, scanning offline files causes unnecessary file recalls and can eventually lead to performance issues. To avoid scanning offline files:

   1. Open the Windows registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmfilter\Parameters.

   2. Set the registry keys SkipOffLineFile and SkipSparseFile to 1.

      For more information, refer to http://esupport.trendmicro.com/Pages/How-to-skip-offline-files-from-being-scanned.aspx

5. The WFBS-SVC_Downloader.exe file can only be run on the computer on which the user downloads it. If a user copies the file to another computer and runs it there, an error results.

6. Computer loses network connection temporarily during installation.

7. Users cannot successfully uninstall the agent if Dropbox is installed on the same computer. Uninstall Dropbox before uninstalling the agent.

8. Users cannot deploy agent program when Internet Explorer 10 running in Windows UI mode on Windows 8.

9. CSA supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.

   In a Terminal Services environment, administrators can decide whether to show or hide the CSA icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.

   If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:

   1. On the CSA host, open the registry.
   2. Create/modify the following REG name/value pair:
   • Key: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.\RCS
   • Type: DWORD
   • Value: 202

     There will be no PccNTMon instances created when its value is set to 202.

Client / Server Security Agent

1. On Windows Vista/2008/7 guest operating systems running VMware ESX 3.5 servers, PccNTmon cannot render the CSA console correctly. The system hangs and eventually crashes.

   To prevent this issue:

   1. Click Start > Control Panel > Performance Information and Tools > Visual Effects.

   2. Select Adjust for best performance.

2. CSA self-protection for Process and Registry Keys works supports all 32-bit operating systems and only on the following 64-bit platforms: Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 and above.

3. If the "Client Security" setting on the web console (in Devices> {group} > Configure Policy > Windows tab > Client Privileges) is enabled and a malware program resides in the CSA folder before real-time scan starts, CSA cannot restrict that malware from updating the registry.

4. If virus pattern or spyware pattern files are not available to the CSA, the CSA will keep its current scan method until the pattern is delivered.

Firewall

1. During CSA installation or firewall driver uninstallation, the computer may temporarily lose its network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop could be affected by the disconnection. If the network connection is lost, restart the application after installing the CSA or after disabling the firewall.

2. The CSA firewall may conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.

3. On VMware clients, the CSA firewall may block all incoming packets.

   To address this issue, add the following value to the client's registry:

   • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

   • Name: EnableBypassRule

   • Type: REG_DWORD

   • Data: 1

4. The firewall does not support IPV6.

5. On Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 computers, if the firewall is disabled and then re-enabled, Firewall patterns fail to load sometimes. To fix this problem, restart the affected computer

Behavior Monitoring

1. Behavior Monitoring supports all 32-bit operating systems and only the following 64-bit platforms: Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 and above.

Device Control

1. Device Control supports all 32-bit operating systems and only the following 64-bit platforms: Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 and above.

Web Reputation and URL Filtering

1. When running Internet Explorer 9 with IE Enhanced Security Configuration, the Web Reputation plug-in module (TmIEPlugInBHO Class) cannot be automatically applied. Risky URLs using SSL cannot be blocked.

2. Web Reputation Services and URL Filtering are not supported when Internet Explorer 10 is running in Windows UI mode on Windows 8.

3. In an unstable network environment, the Trend Micro Web Reputation server may allow access to a website without validating the website's reputation.

SBS Dashboard Add-In Tool

1. When Internet Explorer 9 is installed under Windows Small Business Server 2011 Essentials, a popup window concerning unused windows appears when closing the Dashboard console.

2. SBS Dashboard Add-in is not compatible with Internet Explorer Enhanced Security Configuration. Ensure this option is disabled before opening the Dashboard.

3. Pinning or "freezing" table headers on the Device screen is not supported on Windows Small Business Server 2011 Essentials.

Login Script Setup Tool

1. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows 7, and Windows 8 computers with UAC enabled prohibit automatic installation.

1. The Agent does not support root accounts.

1. When TMMS is installed on a device running Android 2.x, the system proxy is not updated as this version of the operating system does not support system proxies. This could also prevent the device from connecting to the server to receive updates.

2. TMMS will not be installed on rooted Android devices.

3. If the user goes to Settings > Applications > Manage Applications > TMMS and taps Clear Data, TMMS might not be able to connect to the server to receive updates. The user would need to re-enroll the device.

4. If other installed apps interfere with the device’s network connection, TMMS might not be able to connect to the server to receive updates.

5. Clicking the installation link from an email opens a web browser window. On the default browser of Android 2.x devices, if users click the "Home" button to leave the browser window and then click the installation link again, the installation process stops and the browser window stops responding.

   To avoid this issue, users must close the browser window opened from installation links before clicking the link again.