Trend Micro, Inc.
November 20, 2017
Trend Micro™ OfficeScan™ 11.0 Service Pack 1 Patch 1
Critical Patch - Server Build 6469 and Agent Module Build 6219
Contents
- Critical Patch Release Information
- Document Set
- System Requirements
-
Installation/Uninstallation
- Post-installation Configuration
- Known Issues
- Release History
- Contact Information
- About Trend Micro
- License Agreement
1. Critical Patch Release Information
Resolved Known Issues
This Critical Patch resolves the following issue:
- (VRTS 1228)
Issue: Loading the UMH dynamic-link library (DLL) on other applications may make the applications vulnerable to DLL hijacking attacks.
Solution: This critical patch resolves the vulnerability.
Enhancements
The following enhancement(s) is included in this critical patch:
- (JIRA 16886)
Enhancement: This critical patch enables the OfficeScan 11.0 Service Pack 1 agent program to support Windows 10 Fall Creators Update.
Files Included in this Release
A. Files for Current Issue(s)
-------------------------------------------------------------------
Filename Build Number
------------------------------ ------------
OfficeScan\PCCSRV\Admin\Utility\SQL\*.*
OfficeScan\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
libSQLDatabaseUpgrade.dll 11.0.0.6469
OfficeScan\PCCSRV\
-------------------------------------------------------------------
CGIShare.dll 11.0.0.6469
SvrSvcSetup.exe 11.0.0.6469
VSAPI32.DLL 10.0.0.1040
OfficeScan\PCCSRV\Admin\
-------------------------------------------------------------------
Build.exe 2.85.0.1180
Build64.exe 2.85.0.1180
cert5.db
ciussi32.dll 2.0.0.2074
ciussi64.dll 2.0.0.2074
patch.exe 2.85.0.1180
patch64.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
patchw64.dll 12.20.0.0
TmUpdate.dll 2.85.0.1180
TmUpdate64.dll 2.85.0.1180
VSAPI32.DLL 10.0.0.1040
vsapi64.dll 10.0.0.1040
x500.db
OfficeScan\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
ClnExtor.ini
ClnPack.exe 11.0.0.6469
ClnPack.ini
VSAPI32.DLL 10.0.0.1040
OfficeScan\PCCSRV\Admin\Utility\listDeviceInfo\
-------------------------------------------------------------------
listDeviceInfo.exe 6.0.0.1502
OfficeScan\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
TMVS.exe 11.0.0.6469
OfficeScan\PCCSRV\Admin\Utility\VSEncrypt\
-------------------------------------------------------------------
VSAPI32.DLL 10.0.0.1040
OfficeScan\PCCSRV\Autopcc.cfg\
-------------------------------------------------------------------
ApNT.ini
ApNT_X64.ini
OfficeScan\PCCSRV\CmAgent\
-------------------------------------------------------------------
OfcCMAgent.exe 11.0.0.6469
ProductLibrary.dll 11.0.0.6469
En_I18N.dll 5.0.0.2270
En_Utility.dll 5.0.0.2270
TrendAprWrapperDll.dll 5.0.0.2270
zlib.dll 1.2.3.0
libcurl.dll 7.43.0.0
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\Download\
-------------------------------------------------------------------
ClnPack_files.xml
tmengNT.zip
tmengNT.zip.sig
tmengX64.zip
tmengX64.zip.sig
OfficeScan\PCCSRV\Download\Engine\
-------------------------------------------------------------------
BMdriver_x32.sig
BMdriver_x32.zip
BMdriver_x64.sig
BMdriver_x64.zip
bmservice_x32.sig
bmservice_x32.zip
bmservice_x64.sig
bmservice_x64.zip
eng_ntkd.sig
eng_ntkd.zip
engv_amd64_ntkd.sig
engv_amd64_ntkd.zip
OfficeScan\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite_Common.zip
DlpLite_Common_x64.zip
OfficeScan\PCCSRV\Engine\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.974.0.1204
TMBMCLI.dll 2.974.0.1204
TMBMSRV.exe 2.974.0.1204
tmcomeng.dll 2.974.0.1204
tmelapi.dll 1.6.0.1004
TmEngDrv.dll 2.974.0.1204
TMPEM.dll 2.974.0.1204
tmtap.dll 6.0.0.1074
tmwlutil.dll 2.974.0.1204
tmCfwApi.dll 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwRul.dll 5.83.0.1038
VSAPI32.DLL 10.0.0.1040
OfficeScan\PCCSRV\Engine\x64\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.974.0.1204
TMBMCLI.dll 2.974.0.1204
TMBMSRV.exe 2.974.0.1204
tmcomeng.dll 2.974.0.1204
tmelapi.dll 1.6.0.1004
TmEngDrv.dll 2.974.0.1204
TMPEM.dll 2.974.0.1204
tmtap.dll 6.0.0.1074
tmwlutil.dll 2.974.0.1204
tmCfwApi.dll 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwRul.dll 5.83.0.1038
vsapi64.dll 10.0.0.1040
OfficeScan\PCCSRV\LWCS\
-------------------------------------------------------------------
Build.exe 2.85.0.1180
cert5.db
ciuas32.dll 1.0.0.2075
ciussi32.dll 2.0.0.2074
patch.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
TmUpdate.dll 2.85.0.1180
x500.db
OfficeScan\PCCSRV\Private\
-------------------------------------------------------------------
DlpClc.xml
RansomwareWidget.ini
OfficeScan\PCCSRV\Private\certificate\
-------------------------------------------------------------------
openssl.exe
OfficeScan\PCCSRV\Web\Service\
-------------------------------------------------------------------
CGIOCommon.dll 11.0.0.6469
CGIShare.dll 11.0.0.6469
cme_dll.dll 6.0.0.1539
cme_vxe_dll_static.dll 6.0.0.1539
CmdHLClient.dll 11.0.0.6469
CmdHOConsole.dll 11.0.0.6469
DbServer.exe 11.0.0.6469
libCmdHndlrClientV2.dll 11.0.0.6469
libCmdHndlrConsoleV2.dll 11.0.0.6469
OfcNotifyQueue.dll 11.0.0.6469
OfcService.exe 11.0.0.6469
OfcCCCAUpdate.exe 12.0.0.6219
Build.exe 2.85.0.1180
cert5.db
ciuas32.dll 1.0.0.2075
ciussi32.dll 2.0.0.2074
patch.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
TmUpdate.dll 2.85.0.1180
VSAPI32.DLL 10.0.0.1040
x500.db
OfficeScan\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
cgiExportInfo.exe 11.0.0.6469
CGIOCommon.dll 11.0.0.6469
CGIShare.dll 11.0.0.6469
cgiRqUpd.exe 11.0.0.6469
SSO_PKIHelper.dll 5.0.0.2270
VSAPI32.DLL 10.0.0.1040
OfficeScan\PCCSRV\Web_OSCE\Web_console\CGI\
-------------------------------------------------------------------
cgiAuthManagement.exe 11.0.0.6469
CGIOCommon.dll 11.0.0.6469
CGIShare.dll 11.0.0.6469
cgiShowClientAdm.exe 11.0.0.6469
cgiShowSummary.exe 11.0.0.6469
cgiShowWSSAdmin.exe 11.0.0.6469
cgiWebUpdate.exe 11.0.0.6469
cgiWebUpdate.ini
cgiCmdNotify.exe 5.0.0.2270
SSO_PKIHelper.dll 5.0.0.2270
TrendAprWrapperDll.dll 5.0.0.2270
VSAPI32.DLL 10.0.0.1040
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\
-------------------------------------------------------------------
data_protection.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm
Admin_User_List.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\
-------------------------------------------------------------------
bm_settings.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall\
-------------------------------------------------------------------
agent_install.htm
WinNTChk.cab
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_list_2.htm
client_ofsc_services.htm
client_searchwindow.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
menu_common.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.dlp.js
l10n.serveradm.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\settings\
-------------------------------------------------------------------
setting.dlp.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\dlp\
-------------------------------------------------------------------
dlp_FileAttr_addedit.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\serveradm\
-------------------------------------------------------------------
server_proxy.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\
-------------------------------------------------------------------
config.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\class\common\soap\
-------------------------------------------------------------------
SoapFactory.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\class\proxy\
-------------------------------------------------------------------
HttpTalk.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\
-------------------------------------------------------------------
DeleteWidgetsFromDB.bat
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\wp[number]\inc\
-------------------------------------------------------------------
config.php
*wp[number] depends on user's environment, it would be wp1, wp2...etc
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\wp[number]\interface\
-------------------------------------------------------------------
analyzeWF.php
*wp[number] depends on user's environment, it would be wp1, wp2...etc
OfficeScan\PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI\
-------------------------------------------------------------------
CGIShare.dll 11.0.0.6469
cgiGetNTDomain.exe 11.0.0.6469
CGIOCommon.dll 11.0.0.6469
VSAPI32.DLL 10.0.0.1040
vsapi64.dll 10.0.0.1040
OfficeScan\PCCSRV\WSS\
-------------------------------------------------------------------
Build.exe 2.85.0.1180
cert5.db
ciuas32.dll 1.0.0.2075
ciussi32.dll 2.0.0.2074
patch.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
TmUpdate.dll 2.85.0.1180
VSAPI32.DLL 10.0.0.1040
x500.db
OfficeScan\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat
tmactmon.inf
tmactmon.sys 2.974.0.1204
tmevtmgr.cat
tmevtmgr.inf
tmevtmgr.sys 2.974.0.1204
tmcomm.cat
tmcomm.inf
tmcomm.sys 6.60.0.1062
tmeevw.cat
tmeevw.inf
tmeevw.sys 2.0.0.1039
tmlwf.cat
tmlwf.inf
TMLWF.sys 5.83.0.1038
tmlwfins.exe 5.83.0.1038
tmwfp.cat
tmwfp.inf
TMWFP.sys 5.83.0.1038
tmwfpins.exe 5.83.0.1038
tmfilter.cat
TmFilter.sys 10.0.0.1043
tmpreflt.inf
tmpreflt.sys 10.0.0.1043
tmxpflt.inf
tmxpflt.sys 10.0.0.1043
VsapiNT.inf
vsapiNT.sys 10.0.0.1043
OfficeScan\PCCSRV\Pccnt\Drv\X64\
-------------------------------------------------------------------
tmactmon.cat
tmactmon.inf
tmactmon.sys 2.974.0.1204
tmevtmgr.cat
tmevtmgr.inf
tmevtmgr.sys 2.974.0.1204
tmcomm.cat
tmcomm.inf
tmcomm.sys 6.60.0.1062
tmeevw.cat
tmeevw.inf
tmeevw.sys 2.0.0.1039
tmlwf.cat
tmlwf.inf
TMLWF.sys 5.83.0.1038
tmlwfins.exe 5.83.0.1038
tmwfp.cat
tmwfp.inf
TMWFP.sys 5.83.0.1038
tmwfpins.exe 5.83.0.1038
tmfilter.cat
tmpreflt.inf
tmpreflt.sys 10.0.0.1043
tmxpflt.inf
tmxpflt.sys 10.0.0.1043
VsapiNT.inf
vsapiNT.sys 10.0.0.1043
OfficeScan\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip
NTMonRes.dll 11.0.0.6469
NTRmvRC.dll 11.0.0.6469
NTRtScan.exe 12.0.0.6219
OfficeScan\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
fcWofieUI.dll 12.0.0.6219
NTRmv.exe 12.0.0.6219
OfcCCCAUpdate.exe 12.0.0.6219
OfcPfwSvc.dll 12.0.0.6219
PccNTMon.exe 12.0.0.6219
TmListen.dll 12.0.0.6219
TmListen.exe 12.0.0.6219
TmListenShare.dll 12.0.0.6219
TmSock.dll 12.0.0.6219
CCSF_PTN.zip
CCSF_WIN32.zip
tmCfwApi.dll 5.83.0.1038
TmFpHcEx.exe 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwCtl.dll 5.83.0.1038
TmPfwCtl_xp.dll 5.83.0.1038
TmPfwRul.dll 5.83.0.1038
tmwfpapi.dll 5.83.0.1038
TmopCfg.dll 2.0.0.1100
TmoppeUrlF.dll 2.0.0.1100
TmopphPop3.dll 2.0.0.1096
TmopphSmtp.dll 2.0.0.1096
tmufeng.dll 3.9.0.1012
ICRCHdler.dll 2.7.0.1108
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
fcWofieUI.dll 12.0.0.6219
NTRmv.exe 12.0.0.6219
Ntrtscan.exe 12.0.0.6219
OfcCCCAUpdate.exe 12.0.0.6219
OfcPfwSvc_64x.dll 12.0.0.6219
PccNTMon.exe 12.0.0.6219
TmListen.exe 12.0.0.6219
TmListen_64x.dll 12.0.0.6219
TmListenShare_64x.dll 12.0.0.6219
TmSock_64x.dll 12.0.0.6219
CCSF_X64.zip
tmCfwApi.dll 5.83.0.1038
TmFpHcEx.exe 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwCtl.dll 5.83.0.1038
TmPfwCtl_xp.dll 5.83.0.1038
TmPfwRul.dll 5.83.0.1038
tmwfpapi.dll 5.83.0.1038
TmopCfg.dll 2.0.0.1100
TmoppeUrlF.dll 2.0.0.1100
TmopphPop3.dll 2.0.0.1096
TmopphSmtp.dll 2.0.0.1096
tmufeng.dll 3.9.0.1012
ICRCHdler.dll 2.7.0.1108
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
B. Network Traffic Required in Deployment
Estimated size (in terms of bandwidth) of deployed agent files in this critical patch.
- 32-bit agent total = 75 MB
- 64-bit agent total = 103 MB
Back to top
2. Document Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com.
Back to top
3. System Requirements
You must install OfficeScan 11.0 Service Pack 1 with Patch 1 before installing this critical patch.
Back to top
4. Installation/Uninstallation
Installation
To install:
- Copy the critical patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This critical patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation.
If you encounter problems after installation, do a manual rollback.
Uninstallation
To manually roll back to the previous build:
- Locate the backup folder that the critical patch package created in the "\PCCSRV\Backup\CriticalPatch_B6469" directory.
- Stop the OfficeScan Master Service.
- Stop the OfficeScan CMAgent Service.
- Copy the backup modules to the original folders.
- Start the OfficeScan CMAgent Service.
- Start the OfficeScan Master Service.
Back to top
5. Post-installation Configuration
No post-installation steps are required.
Note: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing the product.
Back to top
6. Known Issues
There are no known issues for this critical patch release.
Back to top
7. Release History
Visit the following web site for more information about updates to this product:
http://www.trendmicro.com/download.
Prior Releases
Note: Only this critical patch was tested for this release. Prior hotfixes/critical patches were tested at the time of their release.
- OfficeScan 11.0
- OfficeScan 11.0 SP1
- OfficeScan 11.0 SP1 Patch1
- Hotfix 6250 (SBM 356853)
Issue: Installing OfficeScan 10.5 Patch 6 by web installation also installs ActiveX on the computer, however, ActiveX uninstallation. As a result, users encounter an error is not removed during client while installing OfficeScan 11 Service Pack 1 Critical Patch 6054 by web installation. This happens because the "WinNTchk.dll" for the ActiveX component cannot be updated when a previous version of the file exists in the installation directory. When this happens, the web installation fails.
Solution: This hotfix ensures that the OfficeScan server adds the version information of the "WinNTChk.cab" file when it triggers web installation.
- Hotfix 6252 (SBM 357563)
Issue: It is reported that the OfficeScan NT Listener service (TmListen.exe) in OfficeScan 11.0 Service Pack 1 Patch 1 failed to start up on endpoints running Microsoft(TM) Windows(TM) Vista or Windows Server 2008.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6252 (SBM 352284)
Issue: The User Mode Hooking (UMH) driver causes an unexpected error.
Solution: This hotfix updates the UMH driver to resolve this issue.
- Hotfix 6252 (SBM 357381)
Issue: When users export the Scan Exclusion Lists for the following scan types from the "Agent Management" screen of the OfficeScan web console, the generated CSV file will not contain any domain setting information for OfficeScan agents:
- Manual scans
- Real-time scans
- Scheduled scans
- Scan Now
Solution: This hotfix updates the OfficeScan server files to ensure that when users export Scan Exclusion Lists, the domain setting information for each OfficeScan agent appear on the exported CSV files.
- Hotfix 6252 (SBM 355584)
Issue: In some OfficeScan agents managed by the Update Agent (UA), the T-ball logo on the bottom right portion of the screen turns red since the "NtrtScan.exe" program keeps reloading.
Solution: This hotfix configures the "Agent Connection" setting to a global setting such that when it is changed, the Setting Aggregation File (SAF) package will be updated accordingly. This update enables the OfficeScan agents (managed by the Update Agent) to send a report to the OfficeScan server and instruct it to clear the configuration flag since there is a new setting.
- Hotfix 6252 (SBM 358070)
Issue: When users run the Agent Packager tool in the CLI to create setup or update packages for the OfficeScan agent, there is no way to specify a domain where all freshly-installed clients should belong to.
Solution: This hotfix updates the Agent Packager tool to enable users to specify a domain for freshly-installed agents using the "/domain" parameter when creating setup or update packages for the OfficeScan agent through the CLI.
- Hotfix 6258 (SBM 354263)
Issue: The OfficeScan server database may crash if the database backup path follows the universal naming convention (UNC) and the backup username length exceeds 32 characters.
Solution: This hotfix updates the OfficeScan server files to resolve this issue.
- Hotfix 6258 (SBM 357598)
Issue: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution: This hotfix enables OfficeScan to extend the cache time to 12 hours.
- Hotfix 6258 (SBM 357926)
Issue: DLP does not block the most current webmail site like Outlook.com.
Solution: This hotfix resolves this issue.
- Hotfix 6258 (SBM 357331)
Issue: After administrators remove or uninstall the OfficeScan agent, the OfficeScan server removes all the OfficeScan agents from the database. This situation occurs when administrators set an agent unique identifier (UID) as a root domain UID.
Solution: This hotfix updates the OfficeScan server files to add two check points to resolve this issue.
- Hotfix 6258 (SBM 356698)
Enhancement: This hotfix provides a way for users to approve programs to run without checks by Meerkat (a detection improvement program that monitors newly encountered programs downloaded through HTTP or email applications).
Procedure: To approve programs to run without checking by Meerkat:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "MKWL" key and assign the encrypted string of the full program path.
[Global Setting]
MKWL="The encrypted string of the full program path"
Note: The encrypted string of the full program path needs to be provided by OfficeScan SEG engineer.
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: for x64 platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
for x86 platform
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
Key: MKWL
Type: String
Value: "The encrypted string of the full program path"
- Hotfix 6258 (SBM 357554)
Enhancement: This hotfix updates the Data Loss Prevention Endpoint SDK 6.0 to support the following Google Chrome versions:
- 54.0.2840.99
- 55.0.2883.75
- Hotfix 6258 (SBM 344921)
Enhancement: This hotfix enables Data Loss Prevention Endpoint SDK 6.0 Webmail channel to share the exception from Email channel.
Procedure: To configure the "apply_email_wblist_to_webmail" setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "apply_email_wblist_to_webmail" key and set its value.
[Configure]
apply_email_wblist_to_webmail = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
apply_email_wblist_to_webmail=true
g. Restart all OfficeScan agents.
- Hotfix 6258 (SBM 344921)
Enhancement: This hotfix enables the Data Loss Prevention Endpoint SDK 6.0 to support Lotus Notes Webmail with its add-ons installed for Bank of Chengdu.
Procedure: To configure the "inet_enhanced_dwa_parser" setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "inet_enhanced_dwa_parser" key and set its value.
[Configure]
inet_enhanced_dwa_parser = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
inet_enhanced_dwa_parser=true
g. Restart all OfficeScan agents.
- Hotfix 6263/6281 (SBM 357949)
Issue: Automatic agent grouping uses rules defined by Microsoft(TM) Windows(TM) Active Directory (AD) domains. Sometimes, after the OfficeScan server synchronizes AD information from the Windows server, the status of enabled grouping rules shows a "Warning" sign.
Solution: This hotfix updates the OfficeScan programs to ensure that the enabled grouping rules will not be effected by the synchronized AD information.
- Hotfix 6263/6281 (SBM 357004)
Issue: In Microsoft(TM) Windows(TM) Vista/2008 or later clients, OfficeScan displays an incorrect firewall driver version number. The correct version number is 5.83.1003, but the version number that OfficeScan displays is 5.82.1050.
Solution: This hotfix ensures that the OfficeScan server references the "tmlwf.sys" and "tmwfp.sys" files to determine the correct version number of the common firewall driver.
- Hotfix 6263/6281 (SBM 357915)
Issue: While using the "Export Scan Exclusions" button, the "Scan Exclusion List (File Extensions)" function generates a "N/A" message in the exported CSV file when the "Scan Exclusion List (Files)" value is empty. This issue only happens in the "Scan Now" configuration.
Solution: This hotfix updates the OfficeScan programs to resolve this issue so that users can generate correct information in the CSV file.
- Hotfix 6263/6281/6300 (SBM 357769)
Issue: OfficeScan leaks encrypted account passwords during web console operations. Unauthorized users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution: This hotfix updates the OfficeScan server program to ensure that OfficeScan does not leak encrypted passwords.
- Hotfix 6263/6281 (SBM 358146)
Issue: If user set the default browser to Chrome and click on hyperlinks from other applications, the Chrome page shows a "try to access to an unexpected site "--disable-quic"" message.
Solution: This hotfix ensures that the Chrome page will not access unexpected "--disable-quic" sites when users click hyperlinks from other applications once they set Chrome as the default browser.
- Hotfix 6263/6281 (SBM 356728)
Issue: DLP blocks Exodus-jabber applications unexpectedly.
Solution: This hotfix ensures that Exodus-jabber works normally even when DLP is enabled on the endpoint machines.
- Hotfix 6263/6281 (SBM 356873)
Enhancement: This hotfix enables users to generate the Secure Sockets Layer (SSL) certificate with SHA256 signature algorithm and 2048-bit public key for the OfficeScan web site which is installed on Microsoft(TM) Internet Information Services (IIS) or Apache(TM) HTTP Server through the "SvrSvcSetup.exe" tool.
Procedure: To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for manually renew the IIS SSL certificate:
a. Install this hotfix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "\PCCSRV\" directory.
c. Run the following command:
SvrSvcSetup.exe -GenIISCert
A new SSL certificate is generated and is automatically added to the IIS SSL certificate store.
d. Open the IIS Manager console (inetmgr.exe).
e. Right-click the OfficeScan web site, and then click "Edit Bindings...".
f. When the "Site Bindings" window opens, select "https type" and click "Edit...".
g. Select the newly-created SSL certificate and click "OK".
Note: Click the "View..." option to view the 2048-bit public key.
h. Click "Close".
To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for manually renew the Apache SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "\PCCSRV\" directory.
c. Run the following command:
SvrSvcSetup.exe -GenApacheCert
A new SSL certificate is generated and is automatically added to the Apache SSL certificate store.
d. Stop the following services:
- OfficeScan Master Service
- Apache Service
e. Start the following services:
- Apache Service
- OfficeScan Master Service
- Hotfix 6267/6281 (SBM 358436)
Issue: OfficeScan can synchronize suspicious objects and retrieve actions against these objects from a Control Manager server. However, an expired suspicious object is still synchronized to OfficeScan that makes false detections on the agent.
Solution: This hotfix updates the OfficeScan programs to ensure that the expired suspicious objects will not be detected.
- Hotfix 6267/6281 (SBM 357701)
Issue: The "Agent Management" page of the OfficeScan web console may not display all OfficeScan agents if the domain has a large number of OfficeScan agents.
Solution: This hotfix resolves the issue by updating the mechanism used by the SQL table containing the OfficeScan agent information.
- Hotfix 6267/6281 (SBM 354253)
Issue: The OfficeScan 11.0 Service Pack 1 Behavior Monitoring feature may block valid programs without leaving a record of the block action in the detection log.
Solution: This hotfix updates the OfficeScan Behavior Monitoring program to ensure that it blocks the correct programs.
- Hotfix 6271/6281 (SBM 354682)
Issue: On x86 platforms, the Aegis module sends Meerkat detection information to the Officescan server and displays a pop-up dialog box that allows users to click on the "Allow Once" button. However, even after users clicked on this button, Meerkat still blocks the application.
Solution: This hotfix updates Meerkat to check the payload of API events to prevent this issue from happening.
- Hotfix 6271/6281 (SBM 356152)
Issue: The OfficeScan User-Mode Hooking (UMH) function prevents the "java.exe" program from working properly.
Solution: This hotfix adds "java.exe" onto the OfficeScan UMH whitelist pattern to ensure that the "java.exe" program works properly.
- Hotfix 6271/6281 (SBM 357370)
Issue: The OfficeScan UMH function prevents the WebISO software from working properly.
Solution: This hotfix adds the WebISO software into the OfficeScan UMH whitelist pattern to ensure that the WebISO software works proeprly.
- Hotfix 6271/6281 (SBM 358458)
Issue: Users may still be able to access web sites that the Trend Micro URL Filtering Engine (TMUFE) failed to rate because of connection issues.
Solution: This hotfix provides a way for users to configure OfficeScan to automatically block access to web sites if the TMUFE cannot rate the web sites.
Procedure: To configure OfficeScan to automatically block access to web sites that the TMUFE cannot rate:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
URLFilterErrMode=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\Scan\Common\URLFilter\config
Key: ErrMode
Type: dword
Value: 1
For Microsoft(TM) Windows(TM) 7/8/10 and Windows Server 2008 R2/2012/2016:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\URLFilter\config
Key: ErrMode
Type: dword
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 6274/6281 (SBM 349044)
Issue: The detected Virus/Malware information that appears in the OfficeScan web console does not match the information in the Trend Micro Control Manager(TM) console.
Solution: This hotfix ensures that the OfficeScan server sends the correct Virus/Malware information to Control Manager so that the information in the OfficeScan web console matches the information in the Control Manager console.
Procedure: To configure OfficeScan to send the accurate information to Control Manager:
a. Install this hotfix (see "Installation").
b. Open the "Product.ini" file in the "\PCCSRV\CmAgent" folder on the OfficeScan server installation directory using a text editor.
c. Under the "Configure" section, manually add the following key and set its value to "1".
[Configure]
EnableSFCacheTimeout=1
d. Save the changes and close the file.
e. Restart the OfficeScan Control Manager Agent.
- Hotfix 6274/6281 (SBM 358714)
Issue: On the "Agents > Agent Management" section of the OfficeScan web console, when users run an advanced search for OfficeScan agents running with Update Agent "Disabled" status, the search results always display both OfficeScan agents running with Update Agent "Enabled" status and "Disabled" status.
Solution: This hotfix updates the OfficeScan server program to ensure that when users run an advanced search for OfficeScan agents running with Update Agent "Disabled" status, it displays the correct result.
- Hotfix 6274/6281 (SBM 359007)
Issue: OfficeScan agents report their antivirus status information to the Microsoft(TM) Windows(TM) Security Center (WSC) when the system starts. However, after the system restarts, WSC displays that the OfficeScan antivirus reports are turned off.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6274/6281 (SBM 358753)
Issue: The OfficeScan NT Listener service ("TmListen.exe") may stop unexpectedly after the OfficeScan agent encounters a mismatch certificate error. When this happens, the agent update is unsuccessful.
Solution: This hotfix updates the OfficeScan agent program to prevent the "TmListen.exe" from stopping unexpectedly and ensures that the OfficeScan agent can handle the mismatch certificate error properly.
- Hotfix 6274/6281 (SBM 359384)
Issue: DLP does not block the drag-and-drop of files from current Webmail sites (such as "Outlook.office.com" or "Outlook.live.com) when users use Google Chrome to access these Webmail sites.
Solution: This hotfix ensures that OfficeScan does not leak sensitive information when users use Google Chrome to access these Webmail sites.
- Hotfix 6274/6281 (SBM 356731)
Issue: Enabling the Browser Exploit Protection (BEP) function causes Microsoft(TM) Internet Explorer 11 to crash when combined with Trend Micro add-ins (BEP) and the vSentry product from Bromium.
Solution: This hotfix resolves this issue.
- Hotfix 6274/6281 (SBM 356199)
Enhancement: This hotfix enables the Data Loss Prevention (DLP) Endpoint SDK 6.0 module to support version 55.0.2883.87 of the Google(TM) Chrome(TM) web browser and version 50.1.0 of the Mozilla(TM) Firefox(TM) web browser.
- Hotfix 6277 (SBM 354730)
Enhancement: This hotfix enhances the OfficeScan server to support Active Directory subgroups for OfficeScan user accounts.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "\PCCSRV\Private" folder on the OfficeScan installation directory.
c. Under the "INI_AD_INTEGRATION_SECTION" section, manually add the following key and set its value to "1".
[INI_AD_INTEGRATION_SECTION]
RBAMultilayerInheritanceForADUser=1
d. Save the changes and close the file.
- Hotfix 6281 (SBM 359424)
Issue: After installing hotfixes on OfficeScan 11.0 Service Pack 1 and activating the OfficeScan Firewall on agents, the Firewall logs display corrupted characters on both the agent console and the OfficeScan server web console.
Solution: This hotfix updates the OfficeScan Firewall to ensure that the Firewall logs display the correct information on both the agent console and the OfficeScan server web console.
- Hotfix 6281 (SBM 355684)
Issue: OfficeScan 11.0 Service Pack 1 (SP1) Critical Patch (CP) Build 6054 is unable to use the Sesame mobile application on endpoints.
Solution: This hotfix ensures that the User-Mode Hooking (UMH) does not hook the "ZWProtectVirtualMemory" API when the "Aclayer.dll" file exists.
- Hotfix 6281 (SBM 358910)
Issue1: Data Loss Prevention does not block large files inside ZIP archives, even if the boundary of the file size exceeds the maximum value.
Solution1: This hotfix ensures that Data Loss Prevention properly blocks large files inside a ZIP archives.
Issue2: Microsoft Access (.mdb) files can not be recovered to USB storage from the Data Loss Prevention backup folder.
Solution2: This hotfix ensures that Data Loss Prevention can successfully recover Microsoft Access (.mdb) files.
- Hotfix 6281 (SBM 355833)
Issue: The Listdeviceinfo tool cannot get information from external devices such as "LaCie Rugged THB USB3 SCSI Disk Device".
Solution: This hotfix resolves this tool issue.
- Hotfix 6281.1 (SBM 357771)
Issue: An issue related to the AEGIS module of the OfficeScan agent program may cause certain operating systems to stop responding.
Solution: This hot fix updates the Behavior Monitoring Service module to resolve the issue.
- Critical Patch 6285 (SBM 359321)
Issue: After installing hotfixes on OfficeScan 11.0 Service Pack 1 server, the Smart Scan Pattern may not be able to update properly from the Integrated Smart Protection Server.
Solution: This hotfix updates the OfficeScan ActiveUpdate module to ensure that the Smart Scan Pattern can be updated normally from the Integrated Smart Protection Server.
- Hotfix 6292 (SBM 358489)
Issue: OfficeScan Behavior Monitoring feature is unable to get the device type correctly when users launch programs by running as administrators (using administrator privileges).
Solution: This hotfix updates the Behavior Monitoring Service module to resolve this issue.
- Hotfix 6292 (SBM 359534)
Issue: An initialized issue related to the OfficeScan Control Manager Agent service ("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
- Hotfix 6292 (SBM 356903)
Issue: A signature verification issue related to the AEGIS module of the OfficeScan agent program may cause certain operating systems to stop unexpectedly.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
- Hotfix 6292 (SBM 360032)
Enhancement: This hotfix enables the Data Loss Prevention (DLP) Endpoint SDK 6.0 module starts to support the following Google Chrome versions:
- Google (TM) Chrome(TM) 55.0.2883.87
- Google (TM) Chrome(TM) 56.0.2924.87
- Hotfix 6292 (SBM 357707)
Enhancement: This hotfix enables the Address Space Layout Randomization (ASLR) of Data Loss Prevention (DLP) Endpoint SDK 6.0 for DLL injection.
- Hotfix 6299 (SBM 359477)
Issue: The OfficeScan User Mode Hooking (UMH) function may cause the "mkdir.exe" program to stop unexpectedly.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
- Hotfix 6299 (SBM 357853)
Issue: When the "Protect documents against unauthorized encryption or modification" feature of Ransomware Protection is enabled, the OfficeScan agent may prevent a valid program from running if the size of the program file is too large.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6299 (SBM 360097)
Issue: The Server Tuner tool optimizes the performance of the OfficeScan server. However, its Maximum Client Connections setting does not work.
Solution: This hotfix updates the OfficeScan server program to ensure that the tool's Maximum Client Connections setting works normally.
- Hotfix 6299 (SBM 357054)
Issue: When there are hotfix updates, the OfficeScan server checks all client components and prompts all clients with old hotfix versions to apply the updates including those where the No Program Upgrade option is enabled. This triggers a large number of unnecessary client notifications.
Solution: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the No Program Upgrade option is enabled in the client.
- Hotfix 6299 (SBM 359331)
Issue: The OfficeScan Behavior Monitoring program ("TMBMSRV.exe") crashes when the "MeerkatSkipUNC" option is enabled.
Solution: This hotfix updates the OfficeScan Behavior Monitoring program to correct this issue.
- Hotfix 6299 (SBM 359521)
Issue: When users upload files from the SMB folder to the internal website and iDLP is enabled, the upload may be interrupted intermittently.
Solution: This hotfix enables iDLP to check if a file is from SMB before it attempts to access the file information. If the source file is an SMB file, iDLP will then Impersonate to download the file.
- Hotfix 6299 (SBM 357721)
Issue: The library license of the third-party applicationDymola conflicts with DLP.
Solution: This hotfix adds "dymola.exe" and "license_check.exe" to the approved list to remove the conflict.
- Hotfix 6299 (SBM 359522)
Issue: When OfficeScan parses the contents of a policy that it receives from Control Manager, some space characters may be removed from the policy which changes certain settings when applied to OfficeScan.
Solution: This hotfix ensures that OfficeScan can parse and apply Control Manager policies properly.
- Hotfix 6302 (JIRA 1587)
Issue: The "Quarantine malware variants detected in memory" feature needs to be enabled before the Memory Inspection Pattern (MIP) can be updated on OfficeScan agents.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6302 (JIRA 1781)
Issue: Sometimes, the value of the "SourceUUID" setting in the "Ofcserver.ini" file is overwritten which prevents OfficeScan from updating the suspicious object list.
Solution: This hotfix ensures that the "SourceUUID" setting is not overwritten unexpectedly.
- Hotfix 6302 (JIRA 2639)
Issue: Sometimes, OfficeScan does not create system dump files when an exception error occurs.
Solution: This hotfix ensures that OfficeScan catches exception system codes and creates the corresponding system dump files when it encounters these codes.
- Hotfix 6306 (SBM 359200)
Issue: The "TMBMSRV.exe" process stops responding when debug log is enabled.
Solution: This hotfix resolves the issue by ensuring that the debug log output function receives the correct information.
- Hotfix 6306 (JIRA 2785)
Issue: Blue screen of death (BSOD) occurs when the OfficeScan agent AEGIS module runs simultaneously with an encryption software.
Solution: This hotfix enables the AEGIS module of OfficeScan agents to work normally with encryption software.
- Hotfix 6308 (JIRA 1474)
Issue: The Agent Connectivity widget displays inaccurate total number of connected clients for each Smart Protection Server information.
Solution: This hotfix updates the OfficeScan server program to ensure that the Agent Connectivity widget displays accurate information.
- Hotfix 6310 (JIRA 3508)
Enhancement: The OfficeScan server automatically notifies an OfficeScan client to change its GUID after it determines that there is a duplicate GUID. However, the OfficeScan server does not generate an event log if it cannot notify the client for some reason. This hotfix provides a way for users to enable the OfficeScan server if it cannot notify an OfficeScan client to change its GUID.
Procedure: To enable the OfficeScan server to generate an event log if it cannot notify an OfficeScan client to change its GUID when it detects duplicate GUIDs:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
c. Under the "INI_SERVER_SECTION" section, locate the following key and set its value to "1".
[INI_SERVER_SECTION]
Event_Log_Flag=1
d. Save the changes and close the file.
e. Restart the OfficeScan Master Service.
- Hotfix 6313 (JIRA 2354)
Issue: When users set the firewall exception rule to a single IP, the IP address does not appear on the OfficeScan agent console.
Solution: This hotfix ensures that the IP address appears on the OfficeScan agent console.
- Hotfix 6313 (JIRA 3487)
Issue: It takes a long time to export the scan exclusion list from the OfficeScan web console.
Solution: This hotfix improves the export function to enable OfficeScan to export the scan exclusion list faster.
- Hotfix 6313 (JIRA 1442)
Issue: A Microsoft Windows Security audit failure by "tmevtmgr.sys" appears in the Windows system event log.
Solution: This hotfix resolves the issue by enabling the build option in the AEGIS driver to include a "path hash".
- Hotfix 6313 (JIRA 3616)
Issue: When an OfficeScan agent downloads a file that does not have a valid digital signature, the file path information in the corresponding system event log will be truncated on the OfficeScan web console.
Solution: This hotfix ensures that system event logs display the complete file path information on the OfficeScan web console.
- Hotfix 6313 (JIRA 3016)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 starts to support the following Google Chrome versions:
- Google Chrome(TM) 57.0.2987.98
- Google Chrome(TM) 57.0.2987.110
- Hotfix 6314 (JIRA 1991, JIRA 2660)
Issue: After users install hotfixes on OfficeScan 11.0 Service Pack 1 and activate the OfficeScan Firewall on agents running Windows XP, the Firewall service encounters network access issues.
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: Restart the endpoint to update the Common Firewall module of OfficeScan agents.
- Hotfix 6315 (SBM 350467)
Enhancement: This hotfix enables the Behavior Monitoring approved list to support the asterisk (*) and question mark (?) wildcard characters in program path names and file names.
- Hotfix 6317 (JIRA 3533, JIRA 2785, JIRA 3668)
Issue: Blue screen of death (BSOD) occurs when the OfficeScan agent AEGIS module runs simultaneously with an encryption software.
Solution: This hotfix enables the AEGIS module of OfficeScan agents to work normally with encryption software.
- Hotfix 6325 (JIRA 1715)
Issue: It takes a long time for the Windows Disk Manager to start when OfficeScan's Ravage Scan feature is enabled.
Solution: This hotfix enables users to configure the OfficeScan Ravage Scan feature to skip a specific virtual hard disk to allow the Disk Manager to start normally.
Procedure: To enable the Ravage Scan feature to skip a specific virtual hard disk:
a. Install this hotfix (see "Installation").
b. Open the Registry Editor.
c. Add the following key:
Path: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters]
Type: dword
Key: SkipVirtualHarddisk
Data Value: 00000001
d. Restart the OfficeScan client computer.
- Hotfix 6325 (JIRA 2673)
Issue: PccNT.exe stops unexpectedly because the following agent registry contains a value that is larger than the maximum supported value.
Path: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
Type: dword:7fffffff
Key: TotalScanned
Solution: This hotfix updates the "fcWofieUI.dll" (for 32-bit) and "fcWofieUI_64x.dll" (for 64-bit) OfficeScan agent files to solve this issue.
- Hotfix 6325 (SBM 359608)
Issue: Users cannot run a manual sync on the "Suspicious Object List Setting" page when the "Enable Suspicious URL list" option is disabled.
Solution: This hotfix ensures that manual sync can complete successfully when the "Enable Suspicious URL list" option is disabled.
- Hotfix 6325 (JIRA 3289)
Issue: The error-handling mechanism of POP3 and SMTP scans may attempt to access tmp files which can trigger the TmListen service to stop unexpectedly.
Solution: This hotfix resolves the issue by ensuring that the error-handling mechanism accesses only valid local file paths.
- Critical Patch 6325 (VRTS-283, VRTS-393, VRTS-615)
Issue1: When the Web Reputation Service (WRS) of the OfficeScan agent program blocks access to a certain webpage, it displays the "Website blocked by Trend Micro OfficeScan" alert page instead. This alert page may be affected by XSS vulnerabilities.
Solution1: This critical patch updates the OfficeScan agent program to resolve the XSS vulnerabilities.
Issue2: Encrypted account passwords may leak out during web console operations. Unauthorized users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution2: This critical patch ensures that encrypted passwords are secure during web console operations.
Enhancement: This critical patch updates the OfficeScan agent program to improve its self-protection mechanism to protect against a local attacker to inject malicious code.
- Hotfix 6325.1 (JIRA 2812)
Issue: Garbled characters appear in POP3 email notification for malicious email message contents.
Solution: This hotfix resolves the issue by changing the text encoding format for POP3 email notifications from West Europe to shift-JIS.
Note: This time registry deployment solution is not supported in offline OfficeScan agents.
- Hotfix 6331 (SBM 358992)
Issue: Users cannot access the "Advanced Search" web page from the "Firewall Profile Settings" page of the OfficeScan web console.
Solution: This hotfix updates the OfficeScan server program files to ensure that users can access the "Advanced Search" web page from the "Firewall Profile Settings" page.
- Hotfix 6331 (JIRA 1891)
Issue: The DLP module may not work normally while other programs are uploading files to the Internet.
Solution: This hotfix ensures that the DLP module works normally when other programs are to uploading files to the Internet.
- Hotfix 6342 (JIRA 3345)
Issue: The OfficeScan agent blocks a program that has been downloaded from an email message or through HTTP even when the program is in the approved list.
Solution: This hotfix ensures that OfficeScan agents block the correct programs.
- Hotfix 6342 (JIRA 2468)
Issue: The OfficeScan web console takes longer than usual to load because of a large number of DB_FLUSH commands.
Solution: This hotfix minimizes the number of DB_FLUSH commands to ensure that the OfficeScan web console loads normally.
- Hotfix 6342 (JIRA 3919)
Issue: When enabling the OfficeScan debug log, clicking on the "Save" button twice overwrites the specified debug log path in the "ofcdebug.ini" file. When this happens, debug logs are saved in another location.
Solution: This hotfix enables OfficeScan to always use the default log path if only the log name is set on the web console.
- Hotfix 6342 (JIRA 2232)
Issue: Duplicate DLP violation logs are generated when users attempt to print a PDF file that contains sensitive information in Adobe(TM) Reader.
Solution: This hotfix applies the App White Cache mechanism according to process name to enable DLP to treat multiple print operations from "AcroRd32.exe" that occur within a one second period as one event. This helps prevent duplicate violation logs.
- Hotfix 6348 (JIRA 3931)
Issue: When DLP detects that sensitive information was sent through an email message in "outlook.com", the OfficeScan agent generates a blank "Activity/Channel" log.
Solution: This hotfix resolves this issue by updating the OfficeScan agent.
- Hotfix 6348 (JIRA 5361)
Enhancements: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 58.0.3029.81.
- Hotfix 6348 (JIRA 5633)
Enhancements: This hotfix provides a way to configure the AEGIS module in OfficeScan clients to skip Virtual Disks during scans.
Procedure: To configure the AEGIS module to skip Virtual Disks during scans:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\"folder of the OfficeScan server.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SkipVirtualHarddisk=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and click "Agents > Global Agent Settings" on the main menu to access the "Global Agent Settings" page.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to agents and adds the following registry entry on all agent computers:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters
Key: SkipVirtualHarddisk
Type: dword
Value: 1
- Hotfix 6350 (JIRA 5041)
Issue: The operating system version of registered OfficeScan servers installed on Windows Server 2012 R2 appears as "6.2 (build 9200)" instead of "6.3 (build 9600)" on the Control Manager web console.
Solution: This hotfix resolves this issue by ensuring that OfficeScan servers installed on Windows Server 2012 R2 register to the Control Manager server using operating system version "6.3 (build 9600)".
- Hotfix 6351 (JIRA 6181)
Issue: OfficeScan agents running Data Loss Prevention may experience a Blue Screen of Death (BSoD) when accessing files in shared (SMB) folders.
Solution: This hotfix resolves the BSoD issue when accessing files in shared (SMB) folders.
- Critical Patch 6355 (JIRA 6313)
Enhancement: This critical patch enables the OfficeScan agent program to support Windows 10 Creators Update RS2.
- Hotfix 6369 (SBM 360007)
Issue: The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has the Symantec Data Loss Prevention application running.
Solution: This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation feature does not conflict with the Symantec Data Loss Prevention application.
- Hotfix 6371 (JIRA 4799)
Issue: The OfficeScan Behavior Monitoring feature may cause certain computers to lock up intermittently when TMEAC is installed.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
- Hotfix 6373 (JIRA 3443)
Issue: When the OfficeScan agent connects to SSL-VPN and the MAC address field is empty, the OfficeScan agent will attempt to resolve the IP and MAC addresses repeatedly but the SSL-VPN IP address still does not appear in the network cards list on the agent console.
Solution: This hotfix updates the OfficeScan agent program to prevent it from attempting to resolve the IP and MAC addresses when the MAC address field is empty. It also helps ensure that the IP address appears on the OfficeScan agent console.
- Hotfix 6373 (JIRA 5477)
Issue: The OfficeScan agent does not successfully upgrade even after applying new hotfix files.
Solution: This hotfix resolves the OfficeScan agent upgrade issue.
- Hotfix 6373 (JIRA 6873)
Issue: The administrator cannot register USB information that includes the pound sign (#) or "and" sign (&) in the Data Loss Prevention (DLP) exception list.
Solution: This hotfix resolves this issue.
- Hotfix 6383 (TT359895)
Issue: The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings contain non-ASCII characters.
Solution: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager policies to ensure that the server can check the signature of these policies.
- Hotfix 6383 (JIRA 6323)
Issue: Enabling the NT RealTime Scan causes OfficeScan agents to freeze. This issue occurs because OpenSSL uses the AES-NI instruction set, which is not supported by some CPU types.
Solution: This hotfix resolves this issue by updating the OpenSSL component.
- Hotfix 6383 (JIRA 6391)
Issue: The Microsoft(TM) Internet Explorer browser does not interpret double-byte strings correctly. Thus, user accounts do not display correctly.
Solution: This hotfix adds a function to determine whether a string contains double-byte characters, which resolves this issue.
- Hotfix 6383 (JIRA 6528)
Issue: The Trend Micro OfficeScan Agent Console ("Pccnt.exe") may stop unexpectedly if the "Unauthorized Change Prevention Service" is enabled. When this happens, it will affect the performance of the endpoint.
Solution: This hotfix updates the OfficeScan agent program to prevent "Pccnt.exe" from stopping unexpectedly and ensures that the OfficeScan agent can work properly without affecting the performance of the endpoint.
- Hotfix 6383 (JIRA 7273)
Issue: On computers running on the Microsoft(TM) Windows(TM) 10 platform, the Data Loss Prevention (DLP) network filter driver is installed with the Transport Driver Interface (TDI) network filter driver.
Solution: This hotfix updates the operating system version determination mechanism to ensure that the correct driver is installed. This hotfix also provides a Microsoft(TM) Windows Filtering Platform (Windows) driver replacement mechanism that replaces the TDI driver with the correct driver.
- Hotfix 6383 (JIRA 8017)
Enhancements: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 to support Google(TM) Chrome version 59.0.3071.86.
- Hotfix 6390 (JIRA 7214, JIRA 8297)
Issue: A blue screen of death (BSOD) occurs when the Trend Micro Common Module (tmcomm.sys) attempts to parse the service name list of a Windows kernel device in the device tree.
Solution: This hotfix updates the Trend Micro Common Module on OfficeScan agents to resolve this issue.
- Hotfix 6396 (JIRA 7541)
Issue: OfficeScan agents installed on Windows 10 platforms may cause the endpoint to freeze or become unresponsive when both Windows Defender and the OfficeScan agent are running at the same time.
Solution: This hotfix updates compatibility support to prevent the system from freezing when the OfficeScan Agent loads.
- Hotfix 6396 (JIRA 7585)
Issue: The OfficeScan agent does not successfully update specific pattern files when the OfficeScan server and client have different build versions.
Solution: This hotfix resolves the issue concerning OfficeScan agents not successfully updating specific pattern files.
- Hotfix 6396 (JIRA 6421)
Issue: Windows Defender is not disabled automatically after the OfficeScan agent is installed on a Windows 2016 server computer.
Solution: This hotfix ensures that Windows Defender is disabled automatically after the OfficeScan agent is installed on a Windows 2016 server computer and the computer restarts.
- Hotfix 6396 (JIRA 8356)
Issue: The Virus Scan Engine (VSAPI) fails to roll back on a Microsoft(TM) Windows(TM) 10 platform.
Solution: This hotfix updates the OfficeScan agent program to ensure that VSAPI can roll back successfully on a Windows 10 platform.
- Hotfix 6396 (JIRA 7747)
Issue: The OfficeScan Master Service stops unexpectedly while receiving a huge amount of policy information from Control Manager which triggers OfficeScan to generate a large number of dump files under the "PCCSRV\Web\Service" folder.
Solution: This hotfix enables the OfficeScan Master Service to handle a huge amount of policy information from Control Manager.
- Hotfix 6396 (SBM 354095)
Issue: The firewall details page of the OfficeScan client console does not refresh automatically after the security level setting changes.
Solution: This hotfix is to show a message to prompt to close all windows of the OfficeScan client console and reopen the console in order to refresh the UI.
- Hotfix 6396 (SBM 357507)
Issue: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution: This hotfix enables OfficeScan to extend the cache time to 12 hours.
- Hotfix 6396 (SBM 355701)
Issue: An initialized issue related to the OfficeScan Control Manager Agent service ("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
- Hotfix 6396 (SBM 357054)
Issue: When there are hotfix updates, the OfficeScan server checks all client components and prompts all clients with old hotfix versions to apply the updates including those where the No Program Upgrade option is enabled. This triggers a large number of unnecessary client notifications.
Solution: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the No Program Upgrade option is enabled in the client.
- Hotfix 6396 (SBM 358532)
Issue: When an unreachable OfficeScan agent reports its onstart status to the OfficeScan server, the server does not automatically set the updateflag for the agent. As a result, the agent will not receive updates until after a file change event on the OfficeScan server.
Solution: This hotfix enables the OfficeScan server to set the updateflag of unreachable OfficeScan agents automatically once it receive the onstart status of the agents.
- Hotfix 6396 (JIRA 2143)
Issue: Exported CSV files that contain agent information do not differentiate between Windows platforms from Windows Embedded platforms.
Solution: This hotfix ensures that exported CSV files specifies if an agent runs on a Windows platform or a Windows Embedded platform.
- Hotfix 6396 (JIRA 2745)
Issue: The Vulnerability Scanner may attempt to access an invalid file path which triggers blue screen of death (BSOD) on computers running Microsoft Windows Vista(TM) or any version released after it, for example, Windows Server 2008 and later versions.
Solution: This hotfix updates the Vulnerability Scanner to prevent it from attempting to access invalid file paths.
- Hotfix 6396 (JIRA 9011)
Issue: Sometimes, the Behavior Monitoring Service module of OfficeScan 11.0 Service Pack 1 agents may conflict with the Schwab application which can trigger the Schwab application to stop unexpectedly.
Solution: This hotfix updates the Behavior Monitoring Service module and provides a way for users to configure OfficeScan to ensure that the Schwab application works properly.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "SkipKernelExceptionEvent" key and set its value to "1".
[Global Setting]
SkipKernelExceptionEvent=1
NOTE: To disable the feature, set "SkipKernelExceptionEvent=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: SkipKernelExceptionEvent
Type: REG_DWORD
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 6396 (SBM 358603)
Enhancement: This hotfix improves the checking mechanism of the OfficeScan agent program to protect the Smart Scan Agent Pattern and Virus Pattern files in endpoints from corruption.
- Hotfix 6396 (SBM 356627)
Enhancement: This hotfix adds an assessment mode for ransomware. In assessment mode, OfficeScan will not terminate the suspected ransomware process but creates a log for it.
Procedure: To enable assessment mode:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set each to "1".
[Global Setting]
EnableADCAssessMode=1
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
EnableADCAssessModeNotification=1
Value: 0 = no popup notification in the system tray icon
1 = a popup notification appears in the system tray icon
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
Key: EnableADCAssessMode
Type: DWORD
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
Key: EnableADCAssessModeNotification
Type: DWORD
Value: 0 = does not have popup notification in system tray icon
1 = have popup notification in system tray icon
- Hotfix 6404 (VRTS-392)
Issue: An issue related to the DLP file system driver may cause an RWX vulnerability in web browsers.
Solution: This hotfix updates DLP Endpoint SDK 6.0 to resolve the vulnerability.
- Hotfix 6404 (JIRA 9560)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
- Hotfix 6410 (VRTS-1012)
Issue: Remote unauthenticated attackers may be able to query NT domains through the OfficeScan XG "cgiGetNTDomain.exe" process.
Solution: This removes the vulnerability.
- Hotfix 6410 (VRTS-1022)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run "cgiRqUpd.exe" on the OfficeScan server and trigger "cgiRqUpd.exe" to stop unexpectedly. When this happens, a large number of dump files are generated which can eventually take up a large portion of disk space.
Solution: This hotfix resolves the vulnerability.
- Hotfix 6410 (JIRA 10228)
Issue: In Windows 2016 server, the Windows Defender service does not stop when the OfficeScan agent is installed or when the latest hotfix is installed on the existing OfficeScan agent.
Solution: This hotfix ensures that the Windows Defender service stops automatically after the OfficeScan client is installed or updated with the latest hotfix.
Note: You need to restart the computer after applying this hotfix.
- Hotfix 6415 (VRTS-1115)
Issue: Web server details gathered from the banner may allow attackers to search and launch automated attacks from commonly-found web sites which may lead to website defacement or denial of service.
Solution: This hotfix resolves the vulnerability.
- Hotfix 6415 (JIRA 4529)
Issue: When users enable the "ViewLogonName" parameter in "ofcscan.ini", either a user name or "system" should appear on the "logon user name" in virus logs. However, the field remains blank, sometimes.
Solution: This hotfix updates the OfficeScan agent program to ensure that the "logon user name" field in virus logs always displays the correct information.
- Hotfix 6415 (JIRA 8981)
Enhancement: This hotfix provides an option to enable OfficeScan agents to check the connection to the Smart Protection Network regularly and to update the status icons on the web console accordingly.
Procedure: To enable the feature on the OfficeScan server and to automatically deploy the setting to all OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Add the following key under the "Global Setting" section and set its value to "1".
[Global Setting]
ChkGlobalWCS=1
Note: To disable the connection checking, set "ChkGlobalWCS=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan agent program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iURL Scan.
Key: ChkGlobalWCS
Type: REG_DWORD
Value: 1
- Hotfix 6421 (JIRA 10688)
Issue: If you click on the "Update" button on the agent console while the TmListen service is stopped, the page returns an "Component update is complete" message.
Solution: This hotfix enables OfficeScan to disable the "Update" button automatically when the TmListener service stops and to display a tooltip when the mouse pointer hovers over the button.
- Hotfix 6421 (JIRA 10651)
Issue: If a newly-installed OfficeScan agent cannot connect to the OfficeScan server within a specific time period, the agent cannot report that it is online and does not appear on the OfficeScan web console.
Solution: This hotfix provides a way for users to extend the connection time to prevent this issue from occurring.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the following keys and set the preferred value for each.
[Global Setting]
EnableCheckHostLoadHttpTimeoutSecond=1
NOTE: To disable the feature, set "EnableCheckHostLoadHttpTimeoutSecond=0".
LoadHttpTimeoutSecond=30
NOTE: You can set the timeout value to 30, 60, 90, or 180 seconds based on your needs.
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path:
for x64 platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion
for x86 platform
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\
Key: EnableCheckHostLoadHttpTimeoutSecond
Type: REG_DWORD
Value: 1
Key: LoadHttpTimeoutSecond
Type: REG_DWORD
Value: 30
g. Restart the OfficeScan agents.
NOTE: If OfficeScan agents does not receive the setting from the OfficeScan server, please consider updating OfficeScan agents using Client Packager Installation or the AutoPCC utility.
- Hotfix 6421 (JIRA 6917)
Issue: The following OfficeScan 11.0 Service Pack 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
- Hotfix 6421 (JIRA 11074)
Issue: The Windows Security Center cannot recognize if the OfficeScan Antivirus is enabled when there is no antispyware license.
Solution: This hotfix updates the OfficeScan agent program to help ensure that the Windows Security Center can determine whether the OfficeScan Antivirus is enabled or not.
- Hotfix 6421 (JIRA 8988)
Issue: The OfficeScan Behavior Monitoring feature may prevent users from renaming folders on network drives.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "SkipDfsClient" key and set its value to "1".
[Global Setting]
SkipDfsClient=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters
Key: SkipDfsClient
Type: DWORD
Value: 1
- Hotfix 6421 (JIRA 10066)
Issue: An issue related to the OfficeScan Behavior Monitoring feature may cause the memory usage to increase unexpectedly on OfficeScan client computers.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 6421 (JIRA 1689)
Enhancement: This hotfix provides a way for users to configure OfficeScan agents to automatically disconnect an established connection and to re-establish a connection when the OfficeScan server triggers a network isolation function. Users can move OfficeScan agents to specific domains that are defined to apply network isolation.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set values.
[Global Setting]
PFWPolicyWithConnectionReset=1
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
PFWPolicyWithConnectionResetDomainList=Domain_Name
For example: Workgroup, Domain1
Provide a domain name or domain list use for network isolation.
PFWPolicyWithConnectionResetDurationInSec=30
Value: 0 = Disable connection reset (default value)
30 = Rest connection in 30 seconds
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
Key: PFWPolicyWithConnectionReset
Type: DWORD
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
Key: PFWPolicyWithConnectionResetDomainList
Type: String
Value: Domain_name set by user
Example: Workgroup, Domain1
Key: PFWPolicyWithConnectionResetDurationInSec
Type: DWORD
Value: 0 = Disable connection reset
30 = Rest connection in 30 seconds
- Hotfix 6421 (JIRA 7553)
Enhancement: This hotfix provides an option to configure the interval in which the OfficeScan agent sends Spyware logs to the server.
Procedure: To enable the feature on the OfficeScan server and to automatically deploy the setting to all OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan installation directory.
c. Add the following key under the "Global Setting" section and set the value ("X") to the number of minutes that the OfficeScan agent sends logs.
[Global Setting]
SpywareSendLogPeriod=X (for example 45)
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to all agents.
g. The OfficeScan agent program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp\CurrentVersion\Misc.
Key: SpywareSendLogPeriod
Type: REG_DWORD
Value: 2D
h. Restart the OfficeScan agents.
- Hotfix 6421 (JIRA10953, JIRA11404)
Enhancement: This hotfix enables Data Loss Prevention Endpoint SDK 6.0 starts to support the following Google Chrome versions:
- Google Chrome version 60.0.3112.78
- Google Chrome version 60.0.3112.90
- Hotfix 6429 (JIRA 7697)
Issue: The Trend Micro iCRC Common Module cannot perform an SSL handshake with Smart Protection Server on endpoints running Windows Server 2003 using TLS 1.2 after applying OpenSSL 1.0.2.
Solution: This hotfix updates the Trend Micro iCRC Common Module and provides a way for users to enable the Trend Micro iCRC Common Module to communicate with Smart Protection Server using TLS 1.0.
Procedure: To apply and deploy the solution globally:
a. Open the "ICRCHdler.ini" file in the "\PCCSRV\Pccnt" folder on the OfficeScan server installation directory.
b. Under the "Default" section, manually add the following key and set its value to "4".
[Default]
SSLVersion = 4
d. Save the changes and close the file.
e. Install this hotfix (see "Installation").
f. After upgrading the agent program, the OfficeScan server adds the following entries on all OfficeScan agent computers:
Path: The OfficeScan agent installation directory.
File: ICRCHdler.ini
Key: SSLVersion = 4
- Hotfix 6429 (JIRA 10748)
Issue: The error message that appears when a user provides a user name or password with an invalid character for proxy authentication does not accurately describe the issue.
Solution: This hotfix updates the error message to inform users that the provided proxy setting user name or password contains an invalid character.
- Hotfix 6429 (JIRA 10844)
Issue: When configured, the OfficeScan Agent displays the following scan pop-up dialog box when users connect to a removable storage device.
"A USB storage device was plugged in to the computer. Do you want Trend Micro OfficeScan to scan the device for security risks?"
Solution: This hotfix updates the scan pop-up dialog box to display the following message.
"A removable storage device was plugged in to the computer. Do you want Trend Micro OfficeScan to scan the device for security risks?"
- Hotfix 6429 (JIRA 10980)
Issue: The account and password setting for the external proxy server do not support the hash special character "#".
Solution: This hotfix resolves a broken jquery Ajax call to ensure that the account and password setting for the external proxy server supports special characters.
- Hotfix 6434 (JIRA 11628)
Enhancement: The hotfix provides the implementation of BIN number's regular expression and validators.
- Hotfix 6434 (JIRA 12203)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to bypass iTunes blocking and so that iPhone can still be charged while Device Control is enabled.
Procedure: To configure the new setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set its value.
[Configure]
bypass_itunes_nonstor_usb_dc = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder: bypass_itunes_nonstor_usb_dc=true
- Hotfix 6439 (JIRA 12179)
Issue: Tablets running Windows 10 (Redstone) may encounter a "Blue Screen of Death" (BSOD) when trying to enter a sleep state.
Solution: This hotfix notifies the driver to stop sending event information after entering standby mode. After the tablet comes out of standby mode, the driver starts sending event information again.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "10".
[Global Setting]
PowerMonitorTime=10
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
Key: PowerMonitorTime
Type: DWORD
Value: 10 = Set PowerMonitorTime to 10 seconds, max 60 seconds
g. Restart the OfficeScan agents.
- Hotfix 6443 (JIRA 13165)
Issue: Scheduled scan is postponed because OfficeScan detects full screen mode even when there are no windows in full screen mode.
Solution: This hotfix enables OfficeScan to ignore windows that do not have visible content during full screen mode detection.
- Hotfix 6443 (JIRA 12586)
Enhancement: This hotfix enables users to update the following registry keys to specify the sender and subject of email notifications for malicious email messages.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config
Name: DisclaimerAddress
Name: DisclaimerSubject
- Hotfix 6447 (JIRA 8096)
Issue: When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys under the TmLwf registry key, which causes the software installation to fail.
Solution: This hotfix adds a key to disable the self-protection only function of the TmLwf registry key, which resolves this issue.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SP_DisableTmLwfRegistryKeyProtection=1
Value: 1 = Disable TmLwf registry key self-protection only
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
Key: SP_DisableTmLwfRegistryKeyProtection
Type: DWORD
Value: 1 = Disable TmLwf registry key self-protection only
g. Restart the OfficeScan agents
- Hotfix 6447 (JIRA 13656)
Issue: The file description field indicates the Common Client Real-time Scan Service ("Ntrtscan.exe") is 32-bit even when it is running on a 64-bit operating system.
Solution: This hotfix updates the OfficeScan agent program to ensure that the correct information appears on the file description field.
- Hotfix 6447 (JIRA 12830)
Issue: A protected computer may stop responding or respond slowly while extracting the "AFUDOS.exe" file from a ZIP file. Sometimes, the computer may also stop unexpectedly while the Behavior Monitoring engine performs policy matching.
Solution: This hotfix removes the lock scope to prevent protected computers from stopping unexpectedly and enables OfficeScan to use the try-catch method to capture an exception and help prevent a handle leak issue.
- Hotfix 6447 (JIRA 13700)
Issue: The OfficeScan Behavior Monitoring feature may cause certain third-party programs that are in its approved list to stop responding.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "AegisSkipNotificationEvent" key and set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents
- Hotfix 6451 (JIRA 14071)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 starts to support the following Google Chrome versions:
- Google Chrome 61.0.3163.79
- Hotfix 6454 (JIRA 14058)
Issue: Virus detection logs do not appear on the agent console if the name of the agent installation folder contains multibyte characters.
Solution: This hotfix ensures that virus detection logs appear on OfficeScan agent console.
- Hotfix 6458 (JIRA 13979)
Issue: Users cannot migrate the OfficeScan database from CodeBase to an SQL server database using an SQL server account password that contains a semicolon ";"
Solution: This hotfix ensures that users can migrate the OfficeScan database under the scenario described above.
- Hotfix 6459 (JIRA 13737)
Issue: Virus log information cannot be parsed properly because the names of infected files are parsed with the tab character delimiter. As a result, virus logs cannot be displayed.
Solution: This hotfix enables OfficeScan to use a space as the delimiter character when writing virus logs. This helps ensure that it can parse and display virus logs properly.
- Hotfix 6459 (JIRA 14671)
Issue: OfficeScan 11.0 Service Pack 1 still blocks the Spyrus USB drive after it is added to the USB exception list.
Solution: This hotfix resolves the issue by updating the Data Loss Prevention(TM) (DLP) module to ensure that it can parse the device information of the Spyrus USB drive.
- Hotfix 6460 (JIRA 9629)
Issue: Some 32- or 64-bit specific information on the OfficeScan web console do not match the corresponding information on the Control Manager web console.
Solution: This hotfix ensures that the OfficeScan server sends the correct information to Control Manager so that the information it displays is always consistent with the information on the OfficeScan web console.
- Hotfix 6462 (JIRA 16832)
Issue: A Blue Screen of Death (BSOD) may occur after applying Microsoft KB4043961 on computers running on Windows 10 Fall Creators Update and protected by OfficeScan 11 Service Pack 1.
Solution: This hotfix prevents the BSOD issue on affected computers.
Back to top
8. Contact Information
A license to Trend Micro software
usually includes the right to product updates, pattern file updates, and
basic technical support for one (1) year from the date of purchase only.
After the first year, you must renew Maintenance on an annual basis at
Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone,
and email, or visit our website to download evaluation copies of Trend
Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
Note: This information is subject to
change without notice.
Back to top
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Copyright 2017, Trend Micro Incorporated. All rights reserved.
Trend Micro, OfficeScan, Data Loss Prevention, and the t-ball logo
are trademarks of Trend Micro Incorporated and are registered in
some jurisdictions. All other marks are the trademarks or
registered trademarks of their respective companies.
Back to top
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/.
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide
Back to top