Trend Micro, Inc.

March 2016


Trend Micro™ Worry-Free Business Security™

Version 9.0 Service Pack 3


This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site:



  1. About Worry-Free Business Security
  2. What's New

  3. Document Set
  4. System Requirements
  5. Installation

  6. Post-installation Configuration
  7. Known Issues
  8. Contact Information
  9. About Trend Micro
  10. License Agreement


1. About Worry-Free Business Security

Trend Micro Worry-Free Business Security (WFBS) protects small business users and assets from data theft, identity theft, risky websites, and spam (Advanced Only).


Back to top


2. What's New

Worry-Free Business Security includes the following new features and enhancements:

What's New in WFBS 9.0 Service Pack 3

Windows 10 November Update Support

Worry-Free Business Security now supports Security Agent installation on Windows 10 machines installed with the November update.

Program Inspection

Worry-Free Business Security provides increased ransomware protection by monitoring and hooking processes on endpoints to detect compromised executable files and improve the overall detection ratio.

Document Protection Enhancements

Worry-Free Business Security improves document protection against unauthorized encryption or modification to prevent possible ransomware attacks.

Increased Behavior Monitoring Protection

Worry-Free Business Security now enables the following behavior monitoring features by default:

SHA-2 Support

Worry-Free Business Security now supports certificates signed with SHA-2.


Back to top

Resolved Known Issues

WFBS 9.0 SP3 resolves the following product issues:

Issue 1: The Trend Micro Messaging Security Agent disappears from the client tree on the Worry-Free Business Security Server management console when users reinstall the Messaging Security Agent after upgrading to Worry-Free Business Security 9.0 Service Pack 2.

Solution 1: [Hotfix: 3150] This hotfix ensures that the Messaging Security Agent can successfully register to the Worry-Free Business Security 9.0 Service Pack 2 Security Server.


Issue 2: Users may encounter ransomware because of recent widespread attacks.

Solution 2: [Hotfix: 3205] This hotfix enables the monitoring of newly encountered programs downloaded through HTTP or email applications on Security Agents to increase protection against possible ransomware attacks.


Issue 3: Users may not be able to access any web site after enabling the Web Reputation feature of the Worry-Free Business Security 9.0 Service Pack 2 agent.

Solution 3: [Hotfix: 3288] This hotfix ensures that the Web Reputation feature works normally.


Issue 4: After users upgrade to Worry-Free Business Security 9.0 Service Pack 2, the quick link "Edit settings" cannot be displayed normally on the Worry-Free Business Security Server management console.

Solution 4: [Hotfix: 3290] This hotfix ensures that the Worry-Free Business Security Server management console displays the "Edit settings" quick link correctly.


Issue 5: Users cannot redeploy the Worry-Free Security Agents using Group Policy Object (GPO) after uninstalling the Security Agents from the control panel. This happens because the Security Agents installation program detects the Worry-Free Security Agent product key that was generated by GPO and takes it to mean that the product is already installed which then triggers it to terminate the installation.

Solution 5: [Hotfix: 3304] This hotfix ensures that users can successfully redeploy the Security Agents from GPO.


Issue 6: Users might experience a "localStorage unsuccessfully" browser error message when they access the "Security Agent for Security Setting" page.

Solution 6: [Hotfix: 3323] This hotfix ensures that when users browse the client tree and the custom user interface layout setting fails, the browser displays the default user interface layout to the user.


Issue 7: The AEGIS module may trigger some processes to close unexpectedly.

Solution 7: [Hotfix: 3326] This hotfix updates the Behavior Monitoring Service module 2.974.1104 to ensure that the AEGIS module no longer triggers processes to close unexpectedly.


Issue 8: The Internet Explorer add-on of Worry-Free Business Security stops unexpectedly when users browse certain websites after enabling its "Browser Exploit Prevention" feature.

Solution 8: [Hotfix: 3330] This hotfix ensures that the Internet Explorer add-on works normally when the "Browser Exploit Prevention" feature is enabled.


Issue 9: ActiveSync does not work when the HTTP Authorization header field does not contain any user information.

Solution 9: [Hotfix: MSA 11.1.1306] This hotfix enables Worry-Free Business Security to automatically gather user information if the HTTP Authorization header field does not contain any user information. This helps ensure that ActiveSync works normally.

This hotfix also addresses some Messaging Security Agent user interface issues. After this hotfix is applied, Worry-Free Business Security opens the MSA web console on a new Internet Explorer tab.



Back to top

What's New in WFBS 9.0 Service Pack 2

Windows 10 Support

Worry-Free Business Security now supports Security Agent installation on Windows 10.

Ransomware Protection for Documents

Enhanced scan features can identify and block ransomware programs that target documents that run on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs.


Back to top

What's New in WFBS 9.0 Service Pack 1

Detection Improvements


Web reputation logs include running processes information

Usability Improvements


Back to top

What's New in WFBS 9.0

Microsoft Exchange Support

WFBS now supports Microsoft Exchange Server 2010 SP3 and Microsoft Exchange Server 2013

Windows Support

WFBS now supports Microsoft Windows 8.1 and Windows Server 2012 R2

Mobile device security

WFBS Advanced now supports mobile device data protection and access control. Mobile device security has the following features:

Activation Code Enhancement

Post-paid Activation Code support

Detection Improvements

Usability Improvements


Back to top


3. Document Set

The Worry-Free Business Security Standard solution consists of an on-premise server (Security Server) and desktop protection software (Security Agent).

The Worry-Free Business Security Advanced solution consists of two components hosted/offsite email protection service (Trend Micro Hosted Email Security) and on-premise server (Security Server), desktop(Security Agent), and email protection (Messaging Security Agent) software.

The documents for Trend Micro Hosted Email Security are available at

The document set for the Worry-Free Business Security Server includes:


Back to top


4. System Requirements

See the System Requirements Guide for Worry-Free Business Security 9.0 for a complete list of installation and upgrade requirements:

You can refer to the system requirements for Windows 8/8.1 when installing Security Agents on Windows 10 endpoints.

Important: Worry-Free Business Security 9.0 Service Pack 3 does not support running the Security Server on Windows 10 endpoints.


Back to top


5. Installation

Important: Be sure to install or upgrade to Worry-Free Business Security 9.0 Service Pack 2 before installing this service pack.

Download the installation packages for version 9.0 and this service pack at:

Worry-Free Business Security - Advanced 9.0:

Worry-Free Business Security - Standard 9.0 :

5.1. Installing/Upgrading to Worry-Free Business Security 9.0

See the Installation and Upgrade Guide for Worry-Free Business Security 9.0 for installation and upgrade instructions.

5.2. Installing this Service Pack

  1. Copy the installation package to the Worry-Free Business Security server.
  2. Launch the installation package.
  3. Accept the license agreement and then click Next.
  4. If a prompt message displays, read the pre-installation information carefully and follow instructions, if any.
  5. Click Next to start the installation process.
  6. Click OK to complete the installation process.

5.3. Inserting Contact Information (for Resellers and Partners)

Resellers and partners can add their contact information to the Security Server web console by performing the following steps:

  1. On the computer where the Security Server is installed, navigate to {Security Server installation folder}\PCCSRV\Private. {Security Server installation folder} is typically C:\Program Files\Trend Micro\Security Server.
  2. Open contact_info.ini using a text editor such as Notepad and then type the relevant contact information. Save the file. Log on to the Security Server web console and navigate to Preferences > Product License. A Reseller Information section is added to the Product License screen.


Back to top


6. Post-installation Configuration

See the post-installation tasks in the Installation and Upgrade Guide if you:


Back to top


7. Known Issues

Some product features do not support certain operating systems and associated applications. For details, visit


The following are the known issues in this release:

7.1. Security Agent Deployment, Upgrade, and Usage

Note: For details about installation limitations on certain operating systems, see the Help topic:


  1. To completely reinstall or upgrade the Security Agent, you will need to restart the computer. A restart will also be necessary when updating some components, including the firewall and the proxy drivers.
  2. WFBS supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.

  3. In a Terminal Services environment, administrators can decide whether to show or hide the Security Agent icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.

    If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:

    a. On the Security Agent host, open the registry.

    b. Create/modify the following REG name/value pair:


    For 32-bit: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

    For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

    Name: RCS

    Type: DWORD

    Value: 202 (in decimal format)

    There will be no PccNTMon instances created when its value is set to 202.

  4. The manual scan process bar is not fully synchronized to Files scanned count based scan mechanism.

7.2. Security Server

  1. The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:

    HTTP: 8059 and 8082
    SSL: 4343 and 4345

  2. If an Internet connection problem occurs during the Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem or the installer might freeze. A stable Internet connection is required during installation.
  3. During Security Server install/upgrade, Setup.exe or TrustedInstaller.exe may use up to 50% of CPU resources.

7.3. Web Console

  1. Trend Micro recommends setting Internet Explorer to Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.

    By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.

7.4. Behavior Monitoring/Device Control

  1. Behavior Monitoring and Device Control fully support 32-bit operating systems. On 64-bit operating systems, only Vista x64 SP1 and later are supported.

7.5. Web Reputation/URL Filtering

  1. Browser Exploit Prevention supports Internet Explorer versions 6, 7, 8, 9, 10, and 11.

  2. In an unstable network environment, the Trend Micro Web Reputation server may pass a website without filtering.

7.6. Firewall

  1. When uninstalling the firewall driver, the Client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).

  2. The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.

  3. On VMware clients, the Security Agent firewall may block all incoming packets. To address this issue, add the following value to the client's registry:

    Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
    Name: EnableBypassRule
    Type: REG_DWORD
    Value =1
    1 means enable, 0 means disable

7.7. Messaging Security Agent

  1. The Messaging Security Agent only supports typical installations of Exchange Server 2007, 2010, and 2013 that include the Hub Transport, the Mailbox, and the Client Access server roles.

  2. Device Access Control for mobile devices is only supported for Exchange 2010 and 2013.

  3. As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.

  4. The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as the database availability group (DAG). To work around this issue, enable the Mailbox, Client Access, and Hub Transport server roles in all MS Exchange servers.

  5. During Messaging Security Agent installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the Messaging Security Agent if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.

  6. When installing Messaging Security Agent remotely, using the Web console or the Worry-Free Business Security Advanced installer on a computer running Windows Server 2008, SBS 2008, EBS 2008, SBS 2011 Standard, 2008 R2, 2012, or 2012 R2 you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.

  7. Messaging Security Agent cannot be installed on the domain controller server when the operating system is Windows Server 2012 and above. This is a limitation of SQL Server 2008 R2 on Windows Server 2012 and above.

  8. Mobile Security Policies are kept on the Exchange Server after the Messaging Security Agent is uninstalled.

  9. Messaging Security Agent server console does not support Windows 10 Microsoft Edge browser. Use Internet Explorer 7 or later if you encounter any problems when accessing the console using the Edge browser.

7.8. Mac Security

  1. For a list of all Trend Micro Security (for Mac) known issues, refer to the readme:


Back to top


8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at

Evaluation copies of Trend Micro products can be downloaded from our website.


Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.


Back to top


9. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years' experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit

Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, TrendProtect, TrendSecure, Worry-Free, OfficeScan, ServerProtect, PC-cillin, InterScan, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.


Back to top



10. License Agreement

Information about your license agreement with Trend Micro can be viewed at

License Attributions can be viewed from the Worry-Free Business Security web console.


Back to top