<<<>>> Trend Micro, Inc. May 13, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Worry-Free(TM) Business Security 9.0 Service Pack 1 Critical Patch - Build 2532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/ Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Overview of this Critical Patch Release ====================================================================== NOTE: Please install the critical patch before completing any procedure in this section (see "Installation"). The following enhancement is included in this critical patch: Enhancement: This critical patch adds the Ransomware Protection Enhanced Behavior Monitor feature to Worry-Free Business Security 9.0 Service Pack 1. This feature can identify and block ransomware programs that target documents running on endpoints by identifying common behaviors and blocking processes commonly associated with these ransomware programs. Note: Refer to "Known Issues" for information on a known issue for this critical patch release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the Ransomware Protection Behavior Monitor feature: a. Install this critical patch (see "Installation"). b. Go to the "Behavior Monitoring" configuration page on the Worry-Free Business Security console. c. Enable the following two options. - Protect documents against unauthorized encryption or modification - Block processes commonly associated with ransomware d. Click "Save". The settings are deployed automatically to all Security Agents. 1.1 Files Included in this Release =================================================================== A. Files for Current Issue ------------------------------------------------------------------- Filename Version Build No. ------------------------------------------------------------------- (For Activeupdate Engine Pattern) BMdriver_x32_2-972-1127.zip 2015-04-27 BMdriver_x64_2-972-1127.zip 2015-04-27 bmservice_x32_2-972-1127.zip 2015-04-27 bmservice_x64_2-972-1127.zip 2015-04-27 tmplcinf_122600.zip 2015-04-16 tmplcinf.xml 2015-04-16 tmpolicy_en_122600.zip 2015-04-16 (Security Agent) TMBMCLI.dll (32/64 bites) 2.972.0.1127 TMBMSRV.exe (32/64 bites) 2.972.0.1127 tmcomeng.dll (32/64 bites) 2.972.0.1127 TmEngDrv.dll (32/64 bites) 2.972.0.1127 TMPEM.dll (32/64 bites) 2.972.0.1127 tmtap.dll (32/64 bites) 6.0.0.1074 tmwlutil.dll (32/64 bites) 2.972.0.1127 NTRtScan.exe (32/64 bites) 19.0.0.2280 UI.zip 2015-04-27 fcWofieUI.dll (32/64 bites) 19.0.0.2280 OfcPIPC.dll 19.0.0.2280 OfcPIPC_64x.dll 19.0.0.2280 PccNT.exe (32/64 bites) 19.0.0.2280 TmListen.exe (32/64 bites) 19.0.0.2280 tmufeng.dll (32/64 bites) 3.6.0.1022 tmactmon.cat 2015-04-14 tmactmon.inf 2015-04-08 tmactmon.sys (32/64 bites) 2.972.0.1127 tmcomm.cat 2015-04-08 tmcomm.inf 2015-02-25 tmcomm.sys (32/64 bites) 6.60.0.1030 tmevtmgr.cat 2015-04-14 tmevtmgr.inf 2015-04-08 tmevtmgr.sys (32/64 bites) 2.972.0.1127 (Security Server) CGIResUTF8.dll 19.0.0.2532 CGIResUTF8.dll 19.0.0.2532 CmdHLClient.dll 19.0.0.2532 OfcHotFix.exe 19.0.0.2532 OfcService.exe 19.0.0.2532 CGIResUTF8.dll 19.0.0.2532 cgiShowClientAdm.exe 19.0.0.2532 cgiShowLogs.exe 19.0.0.2532 CGIResUTF8.dll 19.0.0.2532 CGIResUTF8.dll 19.0.0.2532 cgiShowClientAdm.exe 19.0.0.2532 cgiShowLogs.exe 19.0.0.2532 behavior_monitoring.htm 2015-04-27 behavior_monitoring.xml 2015-04-14 resources 2015-04-17 localization.js 2015-05-12 B. Files for Previous Issues -------------------------------------------------------------------- Not applicable. C. Estimated size (in terms of bandwidth) that client would be pulling from the server -------------------------------------------------------------------- 32-bit client total = 11.5 MB 64-bit client total = 15.3 MB 2. Documentation Set ====================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Readme.txt files -- version enhancements, basic installation, known issues, and release history. o Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ 3. System Requirements ====================================================================== Install this critical patch only on computers protected by Worry-Free Business Security 9.0 Service Pack 1. 4. Installation/Uninstallation ====================================================================== 4.1 Installation =================================================================== To install this critical patch: 1. Copy the critical patch executable file to a temporary folder on the Security Server computer, for example, "C:\temp". 2. Double-click the file. All critical patch modules are automatically copied to the correct destination. After the time stamps on the Security Server files change, the Security Server will automatically notify Security Agents to download the updated files. This critical patch installation package automatically rolls back the Security Server if it encounters problems during installation. If you encounter problems after installation, manually roll back the Security Server and Security Agents to their original configuration. 4.2 Uninstallation =================================================================== To manually roll back to the previous build: 1. Locate the backup folder that the critical patch package created in the "\PCCSRV\Backup\CriticalPatch_B2532" directory. 2. Copy any file that you want to roll back to the correct folder. 3. Run the "TmTouch.exe" tool to trigger the critical patch mechanism. To run "TmTouch.exe": a. Open a command prompt on the server. b. At the command prompt, browse to "PCCSRV\admin\utility\touch". c. Use the following syntax to run the touch tool: TmTouch.exe {filename} Note: {filename} is the file that you want to roll back. "TmTouch.exe" changes the file creation date to the current system time. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this critical patch. 6. Known Issues ====================================================================== The following is a known issue for this critical patch release: 6.1 The Security Agent cannot recover some files that were affected by ransomware processes. ------------------------------------------------------------------- The Security Agent cannot recover files that were affected by ransomware processes before this critical patch is applied. 7. Release History ====================================================================== See the following website for a more information about updates to this product: http://docs.trendmicro.com/ 8. Contact Information ====================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ====================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, and Worry-Free are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ====================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements / Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide