<> Trend Micro, Inc. June 14, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Control Manager(TM) 6.0 Service Pack 3 Patch 1 Update 1- Build 3287 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. About Control Manager 2. What's New 3. Documentation Set 4. Recommended System Requirements 5. Installation 6. Post-installation Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. About Control Manager ====================================================================== Control Manager is a multi-tiered security management solution that gives an administrator the ability to control antivirus and content security software or appliances from a central location -- regardless of the program or the appliance's physical location or platform. Control Manager also allows the identification of points of vulnerabilities and infections. It allows the formulation of effective deployment and response plans. 2. What's New ====================================================================== The following are the new features and enhancements for Control Manager 6.0 Service Pack 3 Patch 1 Update 1: 2.1 Ransomware Visibility =================================================================== - This release adds a new dashboard widget - "Ransomware Prevention", which displays the ransomware detection statistics in different layers. - This release raises the severity of the ransomware threat type to Severity 1 in the Critical Threats Widget, Users with Threats Widget, and Endpoints with Threats Widget. 2.2 What's New in Control Manager 6.0 Service Pack 3 =================================================================== http://docs.trendmicro.com/all/ent/tmcm/v6.0-sp3/en-us/tmcm_6.0-sp3_readme.html#2 2.3 What's New in Control Manager 6.0 Service Pack 3 Patch 1 =================================================================== http://files.trendmicro.com/documentation/readme/tmcm/Readme_tmcm_60_win_en_sp3_patch1.txt 2.4 Resolved Known Issues and Enhancements =================================================================== Hot Fix 3222 Issue: Users want to import or add Active Directory (AD) accounts that contain special characters such as carets ("^"). However, the system does not accept these types of characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that users can import or add AD accounts that contain special characters such as carets ("^"). Hot Fix 3223 Issue: Users encounter an exception error while syncing with the Active Directory (AD) server. This occurs when the syncing process encounters corrupted data. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that users can sync information with the AD server without issues. Hot Fix 3230 Enhancement: This hot fix enables Control Manager to record the IP information of users when they log onto or log off from the Control Manager web console. This information will be saved in the table that contains all user access records and will appear in debug logs in debug mode. Users can retrieve the information from the "AdHocQuery > Product Information > Control Manager Information > User Access Information" page of the Control Manager web console. Hot Fix 3231 Enhancement: This hot fix enables users to download the "Advanced Threat Scan Engine (Windows, 64-bit)" component from the Control Manager 6.0 web console. Hot Fix 3232 Issue: When Control Manager retrieves data from a product server, it uses only one of the IP addresses in the product server's IP address list to connect to the server. As a result, Control Manager may not be able to connect to product servers with multiple IP addresses. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix enables Control Manager to try all IP/ Hostname/FQDN from the IP address list of product servers to help ensure that it can connect to and retrieve information from product servers. Hot Fix 3233 Issue: When Trend Micro Deep Discovery Email Inspector strips email attachments, Control Manager indicates the action result as "quarantine". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that Control Manager indicates the correct action results. Hot Fix 3234 Issue: Users cannot view the "Process" information in C&C syslog notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that users can view the "Process" information in C&C syslog notifications. Hot Fix 3235 Issue: Users receive an error message when adding and generating a scheduled report. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that users can add and generate scheduled reports. Hot Fix 3236 Enhancement: This hot fix adds the "OfficeScan Domain Hierarchy" column in the "Ad Hoc Query > Detailed Spyware/ Grayware Information" page to display the domain tree path of OfficeScan clients. Hot Fix 3237 Issue: The Users/Endpoint with Threats widget displays inaccurate and outdated information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that the Users/Endpoint with Threats widget displays complete, accurate, and up-to-date information. Hot Fix 3238 Issue: When users access the "License Management > Managed Product" page of the Control Manager web console, Control Manager calls the SQL function "fn_Split" which uses SQL recursive queries. This may trigger an exception if the queried data is larger than the limitation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix prevents the exception by enabling Control Manager to use the "fn_Split_Long" function which can handle more information than the "fn_Split" function. Hot Fix 3239 Issue: Users are directed to a blank page after logging on to the Control Manager console. This issue happens because Control Manager refers to the "m_ExtraMenuLandingPage" flag instead of the "m_DefaultMenuLandingPage" flag to display the dashboard. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix resolves the issue by enabling Control Manager to refer to the "m_DefaultMenuLandingPage" flag to display the dashboard. Hot Fix 3240 Enhancement: This hot fix enables Control Manager to add the hostname information into web security violation logs in syslog. Hot Fix 3241 Issue: The ActiveUpdate (AU) program file signature checking feature requires certificates that may not be available in certain environments. As a result, Control Manager will not be able to apply updates in these environments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix provides a way to configure the AU program file signature checking feature so that Control Manager can apply updates in environments that do not have the certificates that this feature requires. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To configure the AU program file signature checking feature: a. Install this hotfix (see "Installation"). b. Open the "aucfg.ini" file in the Control Manager installation directory. c. Add the "check_file_signature" key and set its value to "1" (enable) or "0" (disable). "check_file_signature=1"? "check_file_signature=0"? d. Save the changes and close the file. e. Restart Control Manager services. Hot Fix 3246 Issue: The Log Forwarder Tool is affected by several issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix updates the Log Forwarder Tool in Control Manager 6.0 to make the following changes. - Spyware/Grayware Logs: The "dhost" cef key now adds the Trend Micro OfficeScan(TM) endpoint hostname instead of the OfficeScan server hostname. - Suspicious File Logs: The "rt" cef key now adds the Log Generation Time in UTC format. - C&C Callback Logs: The "spt" cef key has been removed from these logs because the endpoint port information is no longer used. - Debug Logs: Successful debug logs now display the correct severity. - Tool Console: - The copyright information on the tool console is changed to "2016". - Start/stop warning messages are updated. - The log names on the tool console have been changed to: - C&C Callback - Suspicious File - Network Content Inspection - Virus/Malware - Content Security - Spyware/Grayware Enhancement: This hot fix installs the Widget Account Replicator Tool which replicates the Dashboard settings and Server Visibility settings from a specific account to other existing accounts, roles, and new accounts. To replicate the settings to existing accounts, administrators can specify the source account and then specify one or more existing accounts or roles as targets. Users do not need to reconfigure the Dashboard settings or provide the product's account and password for all target accounts and roles. To replicate the settings to new accounts, administrators can specify the source account and provide a new account list. This tool can help to create new local accounts or import new Active Directory (AD) accounts from the AD server and apply the Dashboard settings and Server Visibility settings of the source account to the new accounts. Hot Fix 3249 Issue: The "Scheduled Download" page displays downloadable components in a mapping table that shows how these different components are related which allows users to pick which components to download. However, some unexpected data such as duplicate component IDs in the mapping table can cause Control Manager 6.0 to stop unexpectedly while processing the information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix removes the unexpected data and allows Control Manager to filter out unexpected data from the mapping table more efficiently. Hot Fix 3250 Issue: The Agent Connection Status widget in Control Manager 6.0 provides a way for users to query information about all managed products. However, the widget does not display TMEE. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that the Agent Connection Status widget displays all registered TMEE. Hot Fix 3251 Issue: An issue prevents Control Manager 6.0 from synchronizing Trend Micro OfficeScan(TM) clients and domains if the time difference between Control Manager and the OfficeScan server is not a multiple of 60 minutes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that the "Synchronize OfficeScan clients and domains" feature works normally in any time zone. Hot Fix 3252 Enhancement: This hotfix enables Control Manager to record all maintenance access logs instead of recording a specific number of logs for each log type. Users can query the logs through the "AdHoc Query > Product Information > User Access Information" page of the Control Manager web console. Note: This hotfix changes the information in the "Activity" column of the log query results. Instead of displaying the specific action for each log type, it will now display the action of all log types in general. This means, that users will no longer be able to filter a specific log type through the "Activity" column. To query a certain log type, use the "Description" column which contains the log type information. Hot Fix 3258 Issue: The widget setting will be stored separately if domain user uses different way to logon TMCM. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures there is only one widget setting if domain user logon TMCM with different ways. Hot Fix 3259 Enhancement: This hotfix adds a password complexity verification feature in Control Manager 6.0 to check the strength of passwords during new account registration or change of account password. This new password complexity verification feature is based on the following: A. Not contain the user's account name B. Be at least six characters in length C. Contain characters from three of the following four categories: - English uppercase characters (A through Z) - English lowercase characters (a through z) - Base 10 digits (0 through 9) - Non-alphabetic characters (for example, !, $, #, %) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the password complexity verification feature: a. Install this hotfix (see "Installation"). b. Open the "SystemConfiguration.xml" file using a text editor. c. Locate or add the "m_strIsCheckPwdComplexity" key and set its value to "1". Note: To disable the feature, set "m_strIsCheckPwdComplexity=0". d. Save the changes and close the file. e. Restart Control Manager. Hot Fix 3260 Issue: Control Manager does not recognize the new ID "200" in the policy column of Behavior Monitoring Logs from OfficeScan which should stand for "Unauthorized File Encryption". As a result, Control Manager cannot display the correct description. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Control Manager to recognize ID "200" which ensures that it displays the correct description in the policy column of OfficeScan Behavior Monitoring Logs. Hot Fix 3261 Issue: The following policy settings for OfficeScan in Control Manager 6.0 do not work on Windows 10: - Additional Service Settings - Web Reputation Settings ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures that the following OfficeScan policy settings in Control Manager 6.0 support and work normally on Windows 10: - Additional Service Settings - Web Reputation Settings Hot Fix 3262 Issue: An issue prevents Control Manager 6.0 from deploying DLP polices to IMSVA 9.1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the issue to ensure that Control Manager can deploy DLP polices to IMSVA 9.1 without issues. Hot Fix 3263 Issue: During product registration, Control Manager uses several SQL functions to handle and insert product information into the relevant database tables. Sometimes, Control Manager may receive incorrectly-formatted information which certain SQL functions may not be able to handle. As a result, the information that appear on the Control Manager web console may not match the information on the registered product console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix updates the SQL functions to enable these to handle incorrectly-formatted information from products during registration. This can help ensure that the product information on the Control Manager web console is consistent with the information on the registered product console. Hot Fix 3264 Issue: Users can create and add new DLP templates on the "Policy Resources > DLP Templates" page of the Control Manager web console. However, an issue related to the template definition function may prevent products that use newly-created templates from retrieving the correct action settings. As a result, these products cannot perform the specified actions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the template definition issue to ensure that products can successfully apply user-defined DLP templates. Hot Fix 3265 Issue: In "Web security violation" event logs, the %computer% token displays the hostname of the product server instead of the client's hostname. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures that the %computer% token displays the client's hostname in "Web security violation" event logs. Hot Fix 3268 Issue: It may take Control Manager a long time to generate some reports that use certain stored procedures and SQL functions which may result in a connection timeout issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix improves the SQL functions to reduce the report generation time and extends the default SQL connection timeout value. Hot Fix 3271 Issue: On the Control Manager console, the wrong "Action/Action result" information appears in Malware/Virus logs from OfficeScan 11.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures that the correct "Action/Action result" information appears on Malware/Virus logs from OfficeScan 11.0. Hot Fix 3272 Issue 1: When Control Manager uses Microsoft(TM) Windows(TM) authentication to establish a connection to the database, users will only be able to run the LogForwarder tool once and will not be able to launch it again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that users can run the LogForwarder tool normally when Control Manager uses Windows authentication to connect to the database. Issue 2: When the LogForwarder tool sends syslogs, it uses the ICMP protocol to ping the configured destination server to check if it can connect to it. However, some servers do not respond to ping requests because of the firewall settings but are still able to receive syslogs, as a result, LogForwarder does not send syslogs to these servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix adds a switch to allow the tool to bypass the ping destination server checking rule when sending syslogs. Issue 3: When Control Manager launches LogForwarder tool, it first checks if the tool file is in the Control Manager root folder. However, when the value of the "HomeDirectory" registry key is an upper case or lower case variant of the root folder path, for example "D:\" and "d:\", Control Manager will not be able to launch the tool. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates the file path checking mechanism to and make it case-insensitive. NOTE: You need to stop the LogForwarder service by pressing the "Stop" button on the LogForwarder console, and close the LogForwarder console before installing this hotfix. Hot Fix 3273 Enhancement: This hotfix enables Control Manager to keep a record of each time a user fails to log on to the web console and allows user to view the logs through the "AdHocQuery > Control Manager Information > User Access Information" page. Hot Fix 3274 Issue 1: In the Help page, users can input any URL to view the input URL HTTP response code. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the Help page only displays the input URL HTTP response code when users specify "doc.trendmicro.com". Issue 2: The PHP session cookie is not protected by an HTTPOnly flag. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix secures the PHP session cookie by enabling Control Manager 6.0 to add the HTTPOnly flag to it. Hot Fix 3277 Issue: The Control Manager 6.0 program is affected by XXE vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix improves the way Control Manager filters input parameters to remove the vulnerabilities and protect against attacks. Hot Fix 3280 Issue: "CasProcessor.exe" stops unexpectedly, which prevents child Control Managers from uploading logs to parent Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix prevents "CasProcessor.exe" from stopping unexpectedly to ensure that child Control Manager can upload logs to parent Control Manager. Hot Fix 3287 Enhancement: This hotfix enables Control Manager to display the file size information of violation in DLP logs sent from OfficeScan server. The following is a new feature for Control Manager 6.0 Repack 7: 2.5 Application Pool Management =================================================================== Repack 7 enables Control Manager 6.0 to set only the required Internet Information Services (IIS) Application Pools to 32-bit mode, instead of setting all IIS Application Pools to 32-bit mode. The following is a new feature for Control Manager 6.0 Repack 6: 2.6 Control Manager Installation with Microsoft(TM) Hot Fix MS14-045 =================================================================== Repack 6 enables Control Manager 6.0 to be installed with Microsoft Hot Fix MS14-045 (KB 2982791). The following are the new features and enhancements for Control Manager 6.0 Repack 5: 2.7 Control Manager Installer User Interface Enhancement =================================================================== Repack 5 adds the following enhancements on the Installer User Interface: - removes redundant input fields - allows users to use longer fully-qualified domain names (FQDN) to install Control Manager 6.0, up to 255 characters. 2.8 Microsoft Windows(TM) Azure Platform Support =================================================================== Repack 5 enables Control Manager 6.0 to support the Windows Azure platform. The following are the new features and enhancements for Control Manager 6.0 Repack 4: 2.9 Installing Control Manager 6.0 on the Windows Server 2012 Platform =================================================================== Repack 4 enables users to install Control Manager 6.0 on the Windows Server 2012 platform. 2.10 Upgrading from a Lower Control Manager Versions =================================================================== Repack 4 enables users to upgrade Control Manager: - from version 5.0 Patch 8 to version 6.0 - from version 5.5 to version 6.0 while the "tb_ServerList" database table contains data. The following are the new features and enhancements for Control Manager 6.0: 2.11 Policy Management =================================================================== Version 6.0 adds the following functionalities in policy management: - deployment of product settings to managed products using policies - flexible policy types - role-based administration - easy policy template updates from the web console 2.12 Policy Status Dashboard Widget =================================================================== Version 6.0 adds the following functionalities in the Policy Status dashboard widget: - up-to-date deployment status of product settings - monitoring of the numbers of deployed and pending targets - checking of the detailed status of pending targets 2.13 Policy Template Updates =================================================================== Version 6.0 allows administrators to perform updates from the web console when new or updated templates become available. 2.14 Trend Micro Data Loss Prevention(TM) (DLP) Integration =================================================================== DLP is a feature of the Data Protection module that monitors the transmission of digital assets. The DLP feature can minimize the risk of information loss and improve visibility of data usage patterns and risky business processes. Control Manager 6.0 has integrated the following DLP features: - Manageable DLP templates and data identifiers - DLP setting deployment to managed products using policies management, DLP templates, and data identifiers - DLP log collection for reports and event notifications - 22 pre-defined DLP report templates - Five DLP event notifications - Four dashboard widgets - Product support for the following products: - Trend Micro OfficeScan(TM) - Trend Micro InterScan(TM) Messaging Security Virtual Appliance (IMSVA) - Trend Micro ScanMail(TM) (for Microsoft Exchange(TM)) 2.15 My Favorites =================================================================== Version 6 allows administrators to add menu shortcuts to the "My Favorites" menu for quick access. 3. Documentation Set ====================================================================== The documentation set includes the following: o Readme.txt: Version enhancements, basic installation, known issues, release history o Online Help: Context-sensitive help screens that provide guidance for performing a task o Installation Guide: Product overview, installation planning, installation and configuration instructions, and basic information intended to get you "up and running" o Administrator's Guide: Provides product overview, installation planning, installation and configuration instructions, and guidance in using the product o System Requirements: Provides hardware and software requirements for fresh installations 4. Minimum System Requirements ====================================================================== Refer to the "System Requirements" document or visit the following web site for the complete list of system requirements: http://docs.trendmicro.com/en-us/enterprise/control-manager.aspx 5. Installation ====================================================================== To install Control Manager 6.0 Repack 6: 1. Install all required components (see "Minimum System Requirements"). 2. Specify the installation location. 3. Register and activate the product and services. 4. Configure the Control Manager security and web server settings. 5. Configure the backup settings and database information. 6. Set up the root account and configure the notification settings. To upgrade Control Manager from a previous version, see the Control Manager "Installation Guide". 6. Post-installation Configuration ====================================================================== After successfully installing Control Manager, Trend Micro recommends performing the following post-installation configuration steps: 1. Perform a one-time update immediately. 2. Configure user accounts. 3. Download the latest components to enhance security protection. 4. Set notifications. 7. Known Issues ====================================================================== Here are the known issues for this release: 7.1 Report contents display IPv6 addresses and graphics information incorrectly =================================================================== [ SCENARIO ] The Control Manager report contents contain IPv6 address information. [ IMPACT ] The IPv6 addresses and graphics information in the report may not display correctly. [ WORKAROUND ] N/A 7.2 While the policy list updates the numbers of deployed and pending endpoints, the numbers display incorrectly until the complete results have been processed. =================================================================== [ SCENARIO ] When a filtered policy is deployed to endpoints, it takes some time to process how the deployment is proceeding. Before the result of the deployment returns, in the policy list, the numbers in the "Deployed" and "Pending" columns of the policy are "0". Once the deployment completes and the result has been processed, the correct numbers display. The following actions will be affected by this issue: 1. Creating policies (sorting endpoints without policies) 2. Reordering policies (sorting all endpoints) 3. Editing policies (sorting all endpoints) [ IMPACT ] Users may think there is an issue with the policy before the deployment process completes. [ WORKAROUND ] Wait a few minutes and refresh the policy list a few times until the deployment process is complete. 7.3 Control Manager 5.5 cannot support a cascading environment structure with Control Manager 6.0 =================================================================== [ SCENARIO ] Without Control Manager 5.5 Service Pack 1 Hot Fix 1694, Control Manager 5.5 and 5.5 Service Pack 1 cannot support a cascading environment structure with Control Manager 6.0. [ IMPACT ] Users cannot use Control Manager 5.5 and 5.5 Service Pack 1 in a cascading environment with Control Manager 6.0. [ WORKAROUND ] Control Manager 5.5: Apply Service Pack 1 and the hot fix Control Manager 5.5 Service Pack 1: Apply the hot fix Hot Fix File: tmcm_55_win_en_hfb1694 7.4 Duplicate GUIDs cause issues with the Product Directory =================================================================== [ SCENARIO ] A user tries to register several copied Virtual Machine images containing installed products (server/endpoint) to Control Manager. [ IMPACT ] The Control Manager Product Directory will not work properly. This affects all Product Directory related features (Reports, Log Queries, Dashboard, Product Status, and so on). [ WORKAROUND ] N/A 7.5 Unable to log on to the web console because some SQL server settings are disabled =================================================================== [ SCENARIO ] A user installed SQL Server 2008 before installing Control Manager. The SQL server network configurations for TCP/IP and NamePipe and the SQL server browser service will be disabled. [ IMPACT ] The user can still successfully install Control Manager but will not be able to log on to the web console. [ SOLUTION ] Enable the TCP/IP and NamePipe settings and the SQL server browser service. 7.6 When Apache(TM) is used as the OfficeScan web server, Control Manager cannot Single Sign-on to OfficeScan using an IPv6 address =================================================================== [ SCENARIO ] A user installed OfficeScan in a dual stack environment and chose Apache as the web server. The user also installed Control Manager in a pure IPv6 environment. [ IMPACT ] Control Manager cannot Single Sign-on to this OfficeScan server. [ WORKAROUND ] Install IIS on the OfficeScan server. 7.7 An error message appears when migrating agents between computers that are not in the same domain =================================================================== [ SCENARIO ] A user wants to use the Agent Migration Tool to move an agent from computer A to computer B. Computer A has joined a domain, but computer B has not join the domain. [ IMPACT ] The user will see an error message, but the agent can still be migrated successfully. [ WORKAROUND ] Transfer both computers to a single domain. 7.8 Users have to wait for one day to deploy policies if they upgrade OfficeScan to version 10.6 Service Pack 1 first before upgrading Control Manager to version 6.0 ===================================================================== [ SCENARIO ] A user upgrades an OfficeScan registered to Control Manager 5.5 to a version that supports policy management. The user then upgrades to Control Manager 6.0. [ IMPACT ] The user has to wait for one day for OfficeScan to send a complete status log to be able to select the clients as targets for policy management. [ WORKAROUND ] Upgrade Control Manager first, and then upgrade OfficeScan. 7.9 Unable to restart the TMI service when Control Manager is installed using a Windows account that is not from the Administrator group =================================================================== [ SCENARIO ] A user installed Control Manager using a Windows account that does not belong to the Administrator group. [ IMPACT ] The TMI service cannot be restarted after the installation completes. [ WORKAROUND ] Use an account from the Administrator group to install Control Manager. 7.10 A JavaScript error may occur when a user continues to browse through the console content after the web console session has timed- out =================================================================== [ SCENARIO ] The web console session has timed out, but the user still tries to browse through the console content. [ IMPACT ] A JavaScript error may occur. [ WORKAROUND ] Refresh the screen and log on again. 7.11 Changes in the DLP templates cannot be applied to IMSVA policies unless users deploy the policies again =================================================================== [ SCENARIO ] After Control Manager deploys a policy to IMSVA, users make some changes to the DLP templates used in this policy. [ IMPACT ] Changes made in the DLP templates do not get applied to the IMSVA policy, unless users edit and deploy the policy again. [ WORKAROUND ] To apply the changes, click the IMSVA policy from the policy list and click the Deploy button. 7.12 Unable to obtain managed product information when Control Manager cannot establish a connection with the managed product =================================================================== [ SCENARIO ] Control Manager cannot connect to a managed product because the host name of the managed product cannot be resolved, or the IP address cannot be connected. [ IMPACT ] Control Manager cannot obtain some information (for example the Active Directory information) used for policy management from the managed product. [ WORKAROUND ] Modify the IP address or host name information in the "hosts" file. The file can be located in a Windows system folder (for example, C:\Windows\System32\drivers\etc). Or modify the network environment to allow Control Manager to connect to the managed product. 7.13 When users manually change the server authentication information in the Managed Servers list, and the server requires a proxy server for the connection, users have to configure the proxy settings on the same screen =================================================================== [ SCENARIO ] Users manually change the server authentication information in the Managed Servers list, and the server requires a proxy server for the connection. [ IMPACT ] Users have to configure the proxy settings on the same screen [ WORKAROUND ] N/A 7.14 The Online Help system experiences scripting errors in Microsoft Internet Explorer(TM) 8.0 and earlier versions. =================================================================== [ SCENARIO ] A user uses Internet Explorer 8.0 or an earlier version to view the Online Help system. [ IMPACT ] The user sees scripting errors. [ WORKAROUND ] Apply the following Windows fix to solve the problem: http://support.microsoft.com/kb/175500/en-us. 8. Contact Information ====================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, Control Manager, OfficeScan, InterScan, ScanMail and Data Loss Prevention are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ====================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide