<> Trend Micro Incorporated May 27, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) 11.0 Service Pack 1 Critical Patch - Server Build 6054 and Agent Module Build 6034 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ========================================================== 1. Overview of This Critical Patch Release 1.1 Issues 1.2 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ========================================================== 1. Overview of This Critical Patch Release ====================================================================== Installing this critical patch improves protection against ransomware by enabling the Behavior Monitoring program inspection feature to block compromised executable files and helps protect against unintended file access attacks. 1.1 Issues =================================================================== The following enhancement is included in this critical patch: Enhancement: This critical patch enables the Behavior Monitoring program inspection feature to detect and block compromised executable files to improve protection against ransomware threats and provide a visibility widget for ransomware prevention. The following Behavior Monitoring Settings will be enabled by default, after installing this critical patch. - Enable Malware Behavior Blocking, Threats to block: Known and potential threats - Protect documents against unauthorized encryption or modification - Automatically back up files changed by suspicious programs (newly added feature) - Enable program inspection to detect and block compromised executable files (Server platforms excluded)(newly added feature) - Monitor newly encountered programs downloaded through HTTP or email applications (Server platforms excluded) Propmt use before executing This critical patch resolves the following issue: Issue: The OfficeScan agent program may be vulnerable to potential unintended file access attacks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This critical patch improves a checking mechanism in the OfficeScan agent program to protect it against unintended file access attacks. 1.2 Files Included in this Release =================================================================== Installation Path and Filename Build Number ------------------------------ ------------ OfficeScan\PCCSRV\Admin\Utility\SQL\*.* OfficeScan\PCCSRV\Admin\Utility\SQL\ ------------------------------------------------------------------- libSQLDatabaseUpgrade.dll 11.0.0.6054 OfficeScan\PCCSRV\Admin\ ------------------------------------------------------------------- Loadhttp.dll 12.0.0.6034 tmun tmuninst.dll 12.0.0.6034 tmuninst.exe 12.0.0.6034 tmuninst.ptn OfficeScan\PCCSRV\Admin\Utility\ClientPackager\ ------------------------------------------------------------------- CLIENTMSISETUP_MSI ClnPack.exe 11.0.0.6054 ClnPack.ini OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\ ------------------------------------------------------------------- CGIResUTF8.dll 11.0.0.6054 PolicyExportTool.exe 11.0.0.6054 OfficeScan\PCCSRV\Admin\Utility\TCacheGen\ ------------------------------------------------------------------- TCacheGen.exe 11.0.0.6054 TCacheGen_x64.exe 11.0.0.6054 OfficeScan\PCCSRV\Admin\Utility\TMVS\ ------------------------------------------------------------------- loadhttp.dll 12.0.0.6034 OfficeScan\PCCSRV\Admin\Utility\VSENcrypt\ ------------------------------------------------------------------- VSEncode.exe 11.0.0.6054 OfficeScan\PCCSRV\CmAgent\ ------------------------------------------------------------------- CGIResUTF8.dll 11.0.0.6054 ProductLibrary.dll 11.0.0.6054 OfficeScan\PCCSRV\Download\ ------------------------------------------------------------------- ClnPack_files.xml OfficeScan\PCCSRV\Download\Pattern\ ------------------------------------------------------------------- gpl.zip tmumh.zip OfficeScan\PCCSRV\CCSF\module\20019\UMH\UMH\ ------------------------------------------------------------------- tmumh.ptn OfficeScan\PCCSRV\CCSF\module\DRE\pattern\ ------------------------------------------------------------------- gpl.ptn OfficeScan\PCCSRV\Engine\ ------------------------------------------------------------------- TmSysEvt.dll 6.80.0.1006 OfficeScan\PCCSRV\Engine\x64\ ------------------------------------------------------------------- TmSysEvt.dll 6.80.0.1006 OfficeScan\PCCSRV\Pccnt\ ------------------------------------------------------------------- ClientConsole.zip Ntrtscan.exe 12.0.0.6034 OfficeScan\PCCSRV\Pccnt\Common\ ------------------------------------------------------------------- CCSF_PTN.zip CCSF_WIN32.zip fcWofieUI.dll 12.0.0.6034 ICRCHdler.dll 2.7.0.1100 libcurl.dll 7.46.0.0 libeay32.dll 1.0.1.17 libNetCtrl.dll 12.0.0.6034 Loadhttp.dll 12.0.0.6034 NTRmv.exe 12.0.0.6034 OfcPfwCommon.dll 12.0.0.6034 OfcPIPC.dll 12.0.0.6034 Pccnt.exe 12.0.0.6034 PccNTMon.exe 12.0.0.6034 ssleay32.dll 1.0.1.17 TmExtIns.exe 5.82.0.1093 tmfbeng.dll 2.54.0.1004 TmListen.dll 12.0.0.6034 TmListen.exe 12.0.0.6034 TmListenShare.dll 12.0.0.6034 TmSock.dll 12.0.0.6034 Upgrade.exe 12.0.0.6034 OfficeScan\PCCSRV\Pccnt\Drv\ ------------------------------------------------------------------- tmel.cat tmel.inf tmel.sys 1.6.0.1004 tmactmon.cat tmactmon.inf tmactmon.sys 2.974.0.1105 tmevtmgr.cat tmevtmgr.inf tmevtmgr.sys 2.974.0.1105 tmcomm.cat tmcomm.inf tmcomm.sys 6.60.0.1049 tmebc.cat TMEBC.inf TMEBC32.sys 1.5.0.1023 OfficeScan\PCCSRV\Pccnt\Drv\X64\ ------------------------------------------------------------------- tmel.cat tmel.inf tmel.sys 1.6.0.1004 tmactmon.cat tmactmon.inf tmactmon.sys 2.974.0.1105 tmevtmgr.cat tmevtmgr.inf tmevtmgr.sys 2.974.0.1105 tmcomm.cat tmcomm.inf tmcomm.sys 6.60.0.1049 tmebc.cat TMEBC.inf TMEBC64.sys 1.5.0.1023 OfficeScan\PCCSRV\Pccnt\Win64\X64\ ------------------------------------------------------------------- CCSF_X64.zip fcWofieUI.dll 12.0.0.6034 ICRCHdler.dll 2.7.0.1100 libcurl.dll 7.46.0.0 libeay32.dll 1.0.1.17 libNetCtrl_64x.dll 12.0.0.6034 loadhttp_64x.dll 12.0.0.6034 NTRmv.exe 12.0.0.6034 Ntrtscan.exe 12.0.0.6034 OfcPfwCommon_64x.dll 12.0.0.6034 OfcPIPC_64x.dll 12.0.0.6034 Pccnt.exe 12.0.0.6034 PccNTMon.exe 12.0.0.6034 ssleay32.dll 1.0.1.17 TmExtIns.exe 5.82.0.1093 TmExtIns32.exe 5.82.0.1093 tmfbeng.dll 2.54.0.1004 TmListen.exe 12.0.0.6034 TmListen_64x.dll 12.0.0.6034 TmListenShare_64x.dll 12.0.0.6034 TmSock_64x.dll 12.0.0.6034 Upgrade.exe 12.0.0.6034 OfficeScan\PCCSRV\Download\Engine\ ------------------------------------------------------------------- BMdriver_x32.zip BMdriver_x64.zip bmservice_x32.zip bmservice_x64.zip TMEBC32.zip TMEBC64.zip TMEBC32.sig TMEBC64.sig BMdriver_x32.sig BMdriver_x64.sig BMservice_x32.sig BMservice_x64.sig OfficeScan\PCCSRV\Engine\ ------------------------------------------------------------------- TmAegisSysEvt.dll 2.974.0.1105 TMBMCLI.dll 2.974.0.1105 TMBMSRV.exe 2.974.0.1105 tmcomeng.dll 2.974.0.1105 tmelapi.dll 1.6.0.1004 TmEngDrv.dll 2.974.0.1105 TMPEM.dll 2.974.0.1105 tmtap.dll 6.0.0.1074 tmwlutil.dll 2.974.0.1105 OfficeScan\PCCSRV\Engine\X64 ------------------------------------------------------------------- TmAegisSysEvt.dll 2.974.0.1105 TMBMCLI.dll 2.974.0.1105 TMBMSRV.exe 2.974.0.1105 tmcomeng.dll 2.974.0.1105 tmelapi.dll 1.6.0.1004 TmEngDrv.dll 2.974.0.1105 TMPEM.dll 2.974.0.1105 tmtap.dll 6.0.0.1074 tmwlutil.dll 2.974.0.1105 OfficeScan\PCCSRV\Download\Product\ ------------------------------------------------------------------- DLPLite_Common.zip DLPLite_Common_x64.zip OfficeScan\PCCSRV\Web\Service\ ------------------------------------------------------------------- CGIOCommon.dll 11.0.0.6054 CGIRes.dll 11.0.0.6054 CGIResUTF8.dll 11.0.0.6054 CmdHLClient.dll 11.0.0.6054 CmdHOConsole.dll 11.0.0.6054 DbServer.exe 11.0.0.6054 libCmdHndlrClientV2.dll 11.0.0.6054 libCmdHndlrConsoleV2.dll 11.0.0.6054 libLogHandler.dll 11.0.0.6058 LogCache.dll 11.0.0.6054 OfcDownload.dll 11.0.0.6054 OfcDownload.dll 11.0.0.6054 OfcHotFix.exe 11.0.0.6054 OfcNotify.dll 11.0.0.6054 OfcNotifyQueue.dll 11.0.0.6054 OfcService.exe 11.0.0.6054 Build.exe 2.85.0.1167 cert5.db ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 patch.exe 2.85.0.1167 patchbld.dll 12.21.0.0 PATCHW32.DLL 12.21.0.0 TmUpdate.dll 2.85.0.1167 x500.db Loadhttp.dll 12.0.0.6034 OfficeScan\PCCSRV\Web_OSCE\Web\CGI\ ------------------------------------------------------------------- CGIOCommon.dll 11.0.0.6054 cgiOnRTCfg.exe 11.0.0.6054 CGIRes.dll 11.0.0.6054 CGIResUTF8.dll 11.0.0.6054 isapiClient.dll 11.0.0.6054 isapiClientX64.dll 11.0.0.6054 isapiClientX86.dll 11.0.0.6054 Loadhttp.dll 12.0.0.6034 OfficeScan\PCCSRV\Web_OSCE\Web_console\CGI\ ------------------------------------------------------------------- CGIOCommon.dll 11.0.0.6054 CGIRes.dll 11.0.0.6054 CGIResUTF8.dll 11.0.0.6054 cgiShowClientAdm.exe 11.0.0.6054 cgiShowLogs.exe 11.0.0.6054 Loadhttp.dll 12.0.0.6034 OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\ ------------------------------------------------------------------- admin_account_domain.htm admin_account_info.htm admin_account_menu.htm Admin_User_List.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\ ------------------------------------------------------------------- bm_settings.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ ------------------------------------------------------------------- client_cfg_excludedlist.js client_cfg_manualscan.htm client_cfg_realtimelscan.htm client_cfg_scannow.htm client_cfg_schedulescan.htm client_cfg_wtp.htm client_globalsetting.htm client_list_2.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\ ------------------------------------------------------------------- menu_common.js OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\ ------------------------------------------------------------------- l10n.behavior_monitoring.js OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\PFW\ ------------------------------------------------------------------- profile_edit.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI\ ------------------------------------------------------------------- CGIRes.dll 11.0.0.6054 CGIResUTF8.dll 11.0.0.6054 Loadhttp.dll 12.0.0.6034 B. Files for Previous Issues ------------------------------------------------------------------- Not applicable. C. Network Traffic Required in Deployment ------------------------------------------------------------------- Estimated size (in terms of bandwidth) of deployed agent files in this critical patch. - 32-bit agent total = 51 MB - 64-bit agent total = 58.5 MB 2. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com. 3. System Requirements ====================================================================== Trend Micro recommends installing OfficeScan 11.0 Service Pack 1 with Critical Patch 4150 before installing this critical patch. 4. Installation ====================================================================== This section explains key steps for installing the critical patch. 4.1 Installing =================================================================== To install: 1. Copy the critical patch executable file to a temporary folder, on the server, for example, "C:\temp". 2. Double-click the file. The modules are automatically copied to the correct destination. This critical patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback. 4.2 Uninstalling =================================================================== To manually roll back to the previous build: 1. Locate the backup folder that the critical patch package created in the "\PCCSRV\Backup\Backup\CriticalPatch_B60xx" directory. 2. Stop the OfficeScan Master Service. 3. Stop the OfficeScan CMAgent Service. 4. Copy the backup modules to the original folders. 5. Start the OfficeScan CMAgent Service. 6. Start the OfficeScan Master Service. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ====================================================================== Known issue in this release: 6.1 Behavior Monitoring =============================================================== If users deploy policies from the Control Manager server "Policy Management" page to OfficeScan clients, the OfficeScan Behavior Monitoring Settings are overwritten and the following newly added features are disabled: - Automatically back up files changed by suspicious programs - Enable program inspection to detect and block compromised executable files (Server platforms excluded) 6.2 Damage Recovery and Program Inspection Monitoring Patterns =============================================================== Users cannot deploy Damage Recovery and Program Inspection Monitoring Patterns from the Control Manager server. 7. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================= Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, Control Manager, OfficeScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide