Worry-Free Business Security 9.0 SP3 Server Readme

Trend Micro, Inc.

March 2016

Trend Micro™ Worry-Free Business Security™

Version 9.0 Service Pack 3

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey.aspx.

Contents

1. About Worry-Free Business Security

Trend Micro Worry-Free Business Security (WFBS) protects small business users and assets from data theft, identity theft, risky websites, and spam (Advanced Only).

2. What's New

Worry-Free Business Security includes the following new features and enhancements:

What's New in WFBS 9.0 Service Pack 3

Windows 10 November Update Support

Worry-Free Business Security now supports Security Agent installation on Windows 10 machines installed with the November update.

Program Inspection

Worry-Free Business Security provides increased ransomware protection by monitoring and hooking processes on endpoints to detect compromised executable files and improve the overall detection ratio.

Document Protection Enhancements

Worry-Free Business Security improves document protection against unauthorized encryption or modification to prevent possible ransomware attacks.

Increased Behavior Monitoring Protection

Worry-Free Business Security now enables the following behavior monitoring features by default:

User notifications before executing newly encountered programs
Document protection against unauthorized encryption or modification
Automatic backups of files modified by suspicious programs
Monitoring and hooking of processes
Blocking of processes associated with ransomware

SHA-2 Support

Worry-Free Business Security now supports certificates signed with SHA-2.

Resolved Known Issues

WFBS 9.0 SP3 resolves the following product issues:

Issue 1: The Trend Micro Messaging Security Agent disappears from the client tree on the Worry-Free Business Security Server management console when users reinstall the Messaging Security Agent after upgrading to Worry-Free Business Security 9.0 Service Pack 2.

Solution 1: [Hotfix: 3150] This hotfix ensures that the Messaging Security Agent can successfully register to the Worry-Free Business Security 9.0 Service Pack 2 Security Server.

Issue 2: Users may encounter ransomware because of recent widespread attacks.

Solution 2: [Hotfix: 3205] This hotfix enables the monitoring of newly encountered programs downloaded through HTTP or email applications on Security Agents to increase protection against possible ransomware attacks.

Issue 3: Users may not be able to access any web site after enabling the Web Reputation feature of the Worry-Free Business Security 9.0 Service Pack 2 agent.

Solution 3: [Hotfix: 3288] This hotfix ensures that the Web Reputation feature works normally.

Issue 4: After users upgrade to Worry-Free Business Security 9.0 Service Pack 2, the quick link "Edit settings" cannot be displayed normally on the Worry-Free Business Security Server management console.

Solution 4: [Hotfix: 3290] This hotfix ensures that the Worry-Free Business Security Server management console displays the "Edit settings" quick link correctly.

Issue 5: Users cannot redeploy the Worry-Free Security Agents using Group Policy Object (GPO) after uninstalling the Security Agents from the control panel. This happens because the Security Agents installation program detects the Worry-Free Security Agent product key that was generated by GPO and takes it to mean that the product is already installed which then triggers it to terminate the installation.

Solution 5: [Hotfix: 3304] This hotfix ensures that users can successfully redeploy the Security Agents from GPO.

Issue 6: Users might experience a "localStorage unsuccessfully" browser error message when they access the "Security Agent for Security Setting" page.

Solution 6: [Hotfix: 3323] This hotfix ensures that when users browse the client tree and the custom user interface layout setting fails, the browser displays the default user interface layout to the user.

Issue 7: The AEGIS module may trigger some processes to close unexpectedly.

Solution 7: [Hotfix: 3326] This hotfix updates the Behavior Monitoring Service module 2.974.1104 to ensure that the AEGIS module no longer triggers processes to close unexpectedly.

Issue 8: The Internet Explorer add-on of Worry-Free Business Security stops unexpectedly when users browse certain websites after enabling its "Browser Exploit Prevention" feature.

Solution 8: [Hotfix: 3330] This hotfix ensures that the Internet Explorer add-on works normally when the "Browser Exploit Prevention" feature is enabled.

Issue 9: ActiveSync does not work when the HTTP Authorization header field does not contain any user information.

Solution 9: [Hotfix: MSA 11.1.1306] This hotfix enables Worry-Free Business Security to automatically gather user information if the HTTP Authorization header field does not contain any user information. This helps ensure that ActiveSync works normally.

This hotfix also addresses some Messaging Security Agent user interface issues. After this hotfix is applied, Worry-Free Business Security opens the MSA web console on a new Internet Explorer tab.

What's New in WFBS 9.0 Service Pack 2

Windows 10 Support

Worry-Free Business Security now supports Security Agent installation on Windows 10.

Ransomware Protection for Documents

Enhanced scan features can identify and block ransomware programs that target documents that run on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs.

What's New in WFBS 9.0 Service Pack 1

Detection Improvements

Outbreak prevention protection against compressed executable files (packers)
Improved Damage Cleanup Engine performance

Enhancements

Web reputation logs include running processes information

Usability Improvements

Security Server version displays on the log on screen
Updated UI text to better reflect how WFBS works

What's New in WFBS 9.0

Microsoft Exchange Support

WFBS now supports Microsoft Exchange Server 2010 SP3 and Microsoft Exchange Server 2013

Windows Support

WFBS now supports Microsoft Windows 8.1 and Windows Server 2012 R2

Mobile device security

WFBS Advanced now supports mobile device data protection and access control. Mobile device security has the following features:

Device Access Control
- Allow access to the Exchange server based on user, operating system, and/or email client
- Specify the access granted to specific mailbox components
Device Management
- Perform a device wipe on lost or stolen devices
- Apply security settings to specific users including:

Activation Code Enhancement

Post-paid Activation Code support

Detection Improvements

Enhanced Memory Scan for real-time scan
Known and potential threat mode for Behavior Monitoring
Browser Exploit Prevention
Newly encountered program download detection

Usability Improvements

Global and group Approval/Block lists for Web Reputation and URL Filtering
IP exception list for Web Reputation and URL Filtering in the Global Settings
Removal of ActiveX from Client Tree and Remote installation page
Customized Outbreak Defense
Outlook 2013 and Windows Live Mail 2012 support for Trend Micro Anti-Spam Toolbar
Update Agent to update from Trend Micro ActiveUpdate only
Stop Server updates
Keep patterns when upgrading the Server and Agent
Help Link and Infection Source virus logs

3. Document Set

The Worry-Free Business Security Standard solution consists of an on-premise server (Security Server) and desktop protection software (Security Agent).

The Worry-Free Business Security Advanced solution consists of two components hosted/offsite email protection service (Trend Micro Hosted Email Security) and on-premise server (Security Server), desktop(Security Agent), and email protection (Messaging Security Agent) software.

The documents for Trend Micro Hosted Email Security are available at http://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx.

The document set for the Worry-Free Business Security Server includes:

Installation and Upgrade Guide: A PDF document that discusses requirements and procedures for installing the Security server, and upgrading the server and agents
Administrator's Guide: A PDF document that discusses getting started information, agent installation procedures, and Security server and agent management
Help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information
Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation.
Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com

4. System Requirements

See the System Requirements Guide for Worry-Free Business Security 9.0 for a complete list of installation and upgrade requirements:

http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_sysreq.pdf

You can refer to the system requirements for Windows 8/8.1 when installing Security Agents on Windows 10 endpoints.

Important: Worry-Free Business Security 9.0 Service Pack 3 does not support running the Security Server on Windows 10 endpoints.

5. Installation

Important: Be sure to install or upgrade to Worry-Free Business Security 9.0 Service Pack 2 before installing this service pack.

Download the installation packages for version 9.0 and this service pack at:

Worry-Free Business Security - Advanced 9.0:
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4482&lang_loc=1

Worry-Free Business Security - Standard 9.0 :
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4483&lang_loc=1

5.1. Installing/Upgrading to Worry-Free Business Security 9.0

See the Installation and Upgrade Guide for Worry-Free Business Security 9.0 for installation and upgrade instructions.

http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_iug.pdf

5.2. Installing this Service Pack

Copy the installation package to the Worry-Free Business Security server.
Launch the installation package.
Accept the license agreement and then click Next.
If a prompt message displays, read the pre-installation information carefully and follow instructions, if any.
Click Next to start the installation process.
Click OK to complete the installation process.

5.3. Inserting Contact Information (for Resellers and Partners)

Resellers and partners can add their contact information to the Security Server web console by performing the following steps:

On the computer where the Security Server is installed, navigate to {Security Server installation folder}\PCCSRV\Private. {Security Server installation folder} is typically C:\Program Files\Trend Micro\Security Server.
Open contact_info.ini using a text editor such as Notepad and then type the relevant contact information. Save the file. Log on to the Security Server web console and navigate to Preferences > Product License. A Reseller Information section is added to the Product License screen.

6. Post-installation Configuration

See the post-installation tasks in the Installation and Upgrade Guide if you:

Installed the Security Server
Upgraded the Security Server and agents
If you installed agents, see the agent post-installation tasks in the Administrator's Guide.

7. Known Issues

Some product features do not support certain operating systems and associated applications. For details, visit http://docs.trendmicro.com/en-us/smb/worry-free-business-security/agent_features/.

The following are the known issues in this release:

7.1. Security Agent Deployment, Upgrade, and Usage

Note: For details about installation limitations on certain operating systems, see the Help topic:
http://docs.trendmicro.com/en-us/smb/worry-free-business-security/install_meth/

To completely reinstall or upgrade the Security Agent, you will need to restart the computer. A restart will also be necessary when updating some components, including the firewall and the proxy drivers.

WFBS supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.

In a Terminal Services environment, administrators can decide whether to show or hide the Security Agent icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.

If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:

a. On the Security Agent host, open the registry.

b. Create/modify the following REG name/value pair:

Key:

For 32-bit: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

Name: RCS

Type: DWORD

Value: 202 (in decimal format)

There will be no PccNTMon instances created when its value is set to 202.
The manual scan process bar is not fully synchronized to Files scanned count based scan mechanism.

7.2. Security Server

The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:

HTTP: 8059 and 8082
SSL: 4343 and 4345
If an Internet connection problem occurs during the Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem or the installer might freeze. A stable Internet connection is required during installation.
During Security Server install/upgrade, Setup.exe or TrustedInstaller.exe may use up to 50% of CPU resources.

7.3. Web Console

Trend Micro recommends setting Internet Explorer to Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.

By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.

7.4. Behavior Monitoring/Device Control

Behavior Monitoring and Device Control fully support 32-bit operating systems. On 64-bit operating systems, only Vista x64 SP1 and later are supported.

7.5. Web Reputation/URL Filtering

Browser Exploit Prevention supports Internet Explorer versions 6, 7, 8, 9, 10, and 11.
In an unstable network environment, the Trend Micro Web Reputation server may pass a website without filtering.

7.6. Firewall

When uninstalling the firewall driver, the Client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).
The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.
On VMware clients, the Security Agent firewall may block all incoming packets. To address this issue, add the following value to the client's registry:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
Name: EnableBypassRule
Type: REG_DWORD
Value =1
1 means enable, 0 means disable

7.7. Messaging Security Agent

The Messaging Security Agent only supports typical installations of Exchange Server 2007, 2010, and 2013 that include the Hub Transport, the Mailbox, and the Client Access server roles.
Device Access Control for mobile devices is only supported for Exchange 2010 and 2013.
As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.
The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as the database availability group (DAG). To work around this issue, enable the Mailbox, Client Access, and Hub Transport server roles in all MS Exchange servers.
During Messaging Security Agent installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the Messaging Security Agent if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.
When installing Messaging Security Agent remotely, using the Web console or the Worry-Free Business Security Advanced installer on a computer running Windows Server 2008, SBS 2008, EBS 2008, SBS 2011 Standard, 2008 R2, 2012, or 2012 R2 you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.
Messaging Security Agent cannot be installed on the domain controller server when the operating system is Windows Server 2012 and above. This is a limitation of SQL Server 2008 R2 on Windows Server 2012 and above.
Mobile Security Policies are kept on the Exchange Server after the Messaging Security Agent is uninstalled.
Messaging Security Agent server console does not support Windows 10 Microsoft Edge browser. Use Internet Explorer 7 or later if you encounter any problems when accessing the console using the Edge browser.

7.8. Mac Security

For a list of all Trend Micro Security (for Mac) known issues, refer to the readme:
http://docs.trendmicro.com/all/ent/tmsm/v2.1/en-us/tmsm_2.1_readme.htm

8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our website.

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

9. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years' experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, TrendProtect, TrendSecure, Worry-Free, OfficeScan, ServerProtect, PC-cillin, InterScan, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

10. License Agreement

Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

License Attributions can be viewed from the Worry-Free Business Security web console.