Trend Micro, Inc.
June 5, 2018
Trend Micro™ OfficeScan™ 11.0 Service Pack 1 Patch 1
Critical Patch - Server Build 6540 and Agent Module Build 6258
Contents
- Critical Patch Release Information
- Document Set
- System Requirements
-
Installation/Uninstallation
- Post-installation Configuration
- Known Issues
- Release History
- Contact Information
- About Trend Micro
- License Agreement
1. Critical Patch Release Information
Resolved Known Issues
The following issue(s) is included in this critical patch:
- SEG-2184, SEG-2185, SEG-2187, SEG-2189, SEG-2443
Issue: An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution: This Critical Patch updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
Enhancements
The following enhancements are included in this Critical Patch:
- SEG-26512
Enhancement: This Critical Patch enables the OfficeScan 11 SP1 Patch 1 agent program to support Windows 10 (version 1803) April 2018 Update.
Files Included in this Release
A. Files for Current Issue(s)
-------------------------------------------------------------------
Filename Build Number
------------------------------ ------------
OfficeScan\PCCSRV\Admin\Utility\SQL\*.*
OfficeScan\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
libSQLDatabaseUpgrade.dll 11.0.0.6540
OfficeScan\PCCSRV\
-------------------------------------------------------------------
AutoPcc.exe 11.0.0.6540
AutoPccP.exe 11.0.0.6540
CGIShare.dll 11.0.0.6540
SvrSvcSetup.exe 11.0.0.6540
CGIResUTF8.dll 11.0.0.6540
OfcPIPC.dll 12.0.0.6258
OfficeScan\PCCSRV\Admin\
-------------------------------------------------------------------
Build.exe 2.85.0.1180
Build64.exe 2.85.0.1180
cert5.db
ciussi32.dll 2.0.0.2074
ciussi64.dll 2.0.0.2074
patch.exe 2.85.0.1180
patch64.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
patchw64.dll 12.20.0.0
TmUpdate.dll 2.85.0.1180
TmUpdate64.dll 2.85.0.1180
x500.db
InstReg.exe 12.0.0.6258
Wizard.exe 12.0.0.6258
Wizard_64x.exe 12.0.0.6258
OfficeScan\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
ClnExtor.ini
ClnPack.exe 11.0.0.6540
ClnPack.ini
OfficeScan\PCCSRV\Admin\Utility\listDeviceInfo\
-------------------------------------------------------------------
listDeviceInfo.exe 6.0.0.1502
OfficeScan\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
TMVS.exe 11.0.0.6540
DatFHS.dll 12.0.0.6258
OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\
-------------------------------------------------------------------
CGIResUTF8.dll 11.0.0.6540
OfficeScan\PCCSRV\Autopcc.cfg\
-------------------------------------------------------------------
ApNT.ini
ApNT_X64.ini
OfficeScan\PCCSRV\CmAgent\
-------------------------------------------------------------------
OfcCMAgent.exe 11.0.0.6540
ProductLibrary.dll 11.0.0.6540
CGIResUTF8.dll 11.0.0.6540
En_I18N.dll 5.0.0.2314
En_Utility.dll 5.0.0.2314
TrendAprWrapperDll.dll 5.0.0.2314
zlib.dll 1.2.3.0
libcurl.dll 7.43.0.0
libeay32.dll 1.0.2.14
ssleay32.dll 1.0.2.14
Microsoft.VC80.CRT.manifast
msvcm80.dll 8.0.50727.6195
msvcp80.dll 8.0.50727.6195
msvcr80.dll 8.0.50727.6195
OfficeScan\PCCSRV\Download\
-------------------------------------------------------------------
ClnPack_files.xml
OfficeScan\PCCSRV\Download\Engine\
-------------------------------------------------------------------
BMdriver_x32.sig
BMdriver_x32.zip
BMdriver_x64.sig
BMdriver_x64.zip
bmservice_x32.sig
bmservice_x32.zip
bmservice_x64.sig
bmservice_x64.zip
OfficeScan\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite_Common.zip
DlpLite_Common_x64.zip
OfficeScan\PCCSRV\Engine\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.974.0.1224
TMBMCLI.dll 2.974.0.1224
TMBMSRV.exe 2.974.0.1224
tmcomeng.dll 2.974.0.1224
tmelapi.dll 1.6.0.1004
TmEngDrv.dll 2.974.0.1224
TMPEM.dll 2.974.0.1224
tmtap.dll 6.0.0.1074
tmwlutil.dll 2.974.0.1224
tmCfwApi.dll 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmPfwRul.dll 5.83.0.1038
OfficeScan\PCCSRV\Engine\x64\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.974.0.1224
TMBMCLI.dll 2.974.0.1224
TMBMSRV.exe 2.974.0.1224
tmcomeng.dll 2.974.0.1224
tmelapi.dll 1.6.0.1004
TmEngDrv.dll 2.974.0.1224
TMPEM.dll 2.974.0.1224
tmtap.dll 6.0.0.1074
tmwlutil.dll 2.974.0.1224
tmCfwApi.dll 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmPfwRul.dll 5.83.0.1038
OfficeScan\PCCSRV\LWCS\
-------------------------------------------------------------------
Build.exe 2.85.0.1180
cert5.db
ciuas32.dll 1.0.0.2075
ciussi32.dll 2.0.0.2074
patch.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
TmUpdate.dll 2.85.0.1180
x500.db
OfficeScan\PCCSRV\Private\
-------------------------------------------------------------------
DlpClc.xml
RansomwareWidget.ini
OfficeScan\PCCSRV\Private\certificate\
-------------------------------------------------------------------
openssl.exe
OfficeScan\PCCSRV\Web\Service\
-------------------------------------------------------------------
CGIOCommon.dll 11.0.0.6540
CGIShare.dll 11.0.0.6540
CGIResUTF8.dll 11.0.0.6540
cme_dll.dll 6.0.0.1539
cme_vxe_dll_static.dll 6.0.0.1539
CmdHLClient.dll 11.0.0.6540
CmdHOConsole.dll 11.0.0.6540
DbServer.exe 11.0.0.6540
libCmdHndlrClientV2.dll 11.0.0.6540
libCmdHndlrConsoleV2.dll 11.0.0.6540
OfcNotifyQueue.dll 11.0.0.6540
OfcService.exe 11.0.0.6540
OfcCCCAUpdate.exe 12.0.0.6258
Build.exe 2.85.0.1180
cert5.db
ciuas32.dll 1.0.0.2075
ciussi32.dll 2.0.0.2074
patch.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
TmUpdate.dll 2.85.0.1180
x500.db
DatFHS.dll 12.0.0.6258
NTSvcRes.dll 11.0.0.6540
OfcHotfix.exe 11.0.0.6540
OfficeScan\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
cgiExportInfo.exe 11.0.0.6540
CGIOCommon.dll 11.0.0.6540
CGIShare.dll 11.0.0.6540
CGIResUTF8.dll 11.0.0.6540
cgiRqUpd.exe 11.0.0.6540
SSO_PKIHelper.dll 5.0.0.2314
OfficeScan\PCCSRV\Web_OSCE\Web_console\CGI\
-------------------------------------------------------------------
cgiAuthManagement.exe 11.0.0.6540
CGIOCommon.dll 11.0.0.6540
CGIResUTF8.dll 11.0.0.6540
CGIShare.dll 11.0.0.6540
cgiShowClientAdm.exe 11.0.0.6540
cgiShowSummary.exe 11.0.0.6540
cgiShowWSSAdmin.exe 11.0.0.6540
cgiWebUpdate.exe 11.0.0.6540
cgiWebUpdate.ini
cgiCmdNotify.exe 5.0.0.2314
SSO_PKIHelper.dll 5.0.0.2314
TrendAprWrapperDll.dll 5.0.0.2314
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\
-------------------------------------------------------------------
data_protection.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm
Admin_User_List.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\
-------------------------------------------------------------------
bm_settings.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall\
-------------------------------------------------------------------
agent_install.htm
WinNTChk.cab
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_list_2.htm
client_ofsc_services.htm
client_searchwindow.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
menu_common.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.dlp.js
l10n.serveradm.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\settings\
-------------------------------------------------------------------
setting.dlp.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\dlp\
-------------------------------------------------------------------
dlp_FileAttr_addedit.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\serveradm\
-------------------------------------------------------------------
server_proxy.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\
-------------------------------------------------------------------
config.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\class\common\soap\
-------------------------------------------------------------------
SoapFactory.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\class\proxy\
-------------------------------------------------------------------
HttpTalk.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\
-------------------------------------------------------------------
DeleteWidgetsFromDB.bat
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\wp[number]\inc\
-------------------------------------------------------------------
config.php
*wp[number] depends on user's environment, it would be wp1, wp2...etc
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\wp[number]\interface\
-------------------------------------------------------------------
analyzeWF.php
*wp[number] depends on user's environment, it would be wp1, wp2...etc
OfficeScan\PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI\
-------------------------------------------------------------------
CGIShare.dll 11.0.0.6540
cgiGetNTDomain.exe 11.0.0.6540
CGIOCommon.dll 11.0.0.6540
CGIResUTF8.dll 11.0.0.6540
Wizard.exe 12.0.0.6258
Wizard_64x.exe 12.0.0.6258
OfficeScan\PCCSRV\WSS\
-------------------------------------------------------------------
Build.exe 2.85.0.1180
cert5.db
ciuas32.dll 1.0.0.2075
ciussi32.dll 2.0.0.2074
patch.exe 2.85.0.1180
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
TmUpdate.dll 2.85.0.1180
x500.db
OfficeScan\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat
tmactmon.inf
tmactmon.sys 2.974.0.1223
tmevtmgr.cat
tmevtmgr.inf
tmevtmgr.sys 2.974.0.1223
tmcomm.cat
tmcomm.inf
tmcomm.sys 6.60.0.1064
tmeevw.cat
tmeevw.inf
tmeevw.sys 2.0.0.1039
tmlwf.cat
tmlwf.inf
TMLWF.sys 5.83.0.1038
tmlwfins.exe 5.83.0.1038
tmwfp.cat
tmwfp.inf
TMWFP.sys 5.83.0.1051
tmwfpins.exe 5.83.0.1038
tmusa.cat
tmusa.inf
tmusa.sys 2.0.0.1103
OfficeScan\PCCSRV\Pccnt\Drv\X64\
-------------------------------------------------------------------
tmactmon.cat
tmactmon.inf
tmactmon.sys 2.974.0.1223
tmevtmgr.cat
tmevtmgr.inf
tmevtmgr.sys 2.974.0.1223
tmcomm.cat
tmcomm.inf
tmcomm.sys 6.60.0.1064
tmeevw.cat
tmeevw.inf
tmeevw.sys 2.0.0.1039
tmlwf.cat
tmlwf.inf
TMLWF.sys 5.83.0.1038
tmlwfins.exe 5.83.0.1038
tmwfp.cat
tmwfp.inf
TMWFP.sys 5.83.0.1051
tmwfpins.exe 5.83.0.1038
tmusa.cat
tmusa.inf
tmusa.sys 2.0.0.1103
OfficeScan\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip
NTMonRes.dll 11.0.0.6540
NTRmvRC.dll 11.0.0.6540
NTRtScan.exe 12.0.0.6258
NTSvcRes.dll 11.0.0.6540
OfficeScan\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
fcWofieUI.dll 12.0.0.6258
NTRmv.exe 12.0.0.6258
OfcCCCAUpdate.exe 12.0.0.6258
OfcPfwSvc.dll 12.0.0.6258
OfcPIPC.dll 12.0.0.6258
PccNT.exe 12.0.0.6258
PccNTMon.exe 12.0.0.6258
TmListen.dll 12.0.0.6258
TmListen.exe 12.0.0.6258
TmListenShare.dll 12.0.0.6258
TmSock.dll 12.0.0.6258
Upgrade.exe 12.0.0.6258
DatFHS.dll 12.0.0.6258
CompRmv.exe 12.0.0.6258
PccNTUpd.exe 12.0.0.6258
SurrogateTmlisten.exe 12.0.0.6258
TmOPP.dll 12.0.0.6258
UpdGuide.exe 12.0.0.6258
utilPfwInstCondChecker.exe 12.0.0.6258
XPUpg.exe 12.0.0.6258
CCSF_PTN.zip
CCSF_WIN32.zip
tmCfwApi.dll 5.83.0.1038
TmFpHcEx.exe 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmPfwCtl.dll 5.83.0.1050
TmPfwCtl_xp.dll 5.83.0.1038
TmPfwRul.dll 5.83.0.1038
tmwfpapi.dll 5.83.0.1038
TmopCfg.dll 2.0.0.1100
TmoppeUrlF.dll 2.0.0.1100
TmopphPop3.dll 2.0.0.1096
TmopphSmtp.dll 2.0.0.1096
tmufeng.dll 3.9.0.1012
ICRCHdler.dll 2.7.0.1109
libeay32.dll 1.0.2.14
ssleay32.dll 1.0.2.14
com.trendmicro.tmopfirefox.ext.json
com.trendmicro.tmopfirefox.ext@trendop.xpi
TmopChromeMsgHost32.exe 2.0.0.1094
TmopExtIns.exe 2.0.0.1094
TmopIEPlg.dll 2.0.0.1094
TmOsprey.dll 2.0.0.1094
WofieLauncher.exe
libprotobuf.dll
OfficeScan\PCCSRV\Pccnt\Disk1\
-------------------------------------------------------------------
_Setup.dl 12.0.0.49974
data1.cab
data1.hdr
data2.cab
install.exe 12.0.0.58849
ISSetup.dll 12.0.0.58851
layout.bin
setup.ini
setup.inx
SETUP.ISS
OfficeScan\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
fcWofieUI.dll 12.0.0.6258
NTRmv.exe 12.0.0.6258
Ntrtscan.exe 12.0.0.6258
OfcCCCAUpdate.exe 12.0.0.6258
OfcPfwSvc_64x.dll 12.0.0.6258
PccNT.exe 12.0.0.6258
PccNTMon.exe 12.0.0.6258
TmListen.exe 12.0.0.6258
TmListen_64x.dll 12.0.0.6258
TmListenShare_64x.dll 12.0.0.6258
TmSock_64x.dll 12.0.0.6258
Upgrade.exe 12.0.0.6258
OfcPIPC_64x.dll 12.0.0.6258
DatFHS.dll 12.0.0.6258
CompRmv.exe 12.0.0.6258
PccNTUpd.exe 12.0.0.6258
SurrogateTmlisten.exe 12.0.0.6258
TmOPP_64x.dll 12.0.0.6258
UpdGuide.exe 12.0.0.6258
utilPfwInstCondChecker.exe 12.0.0.6258
XPUpg.exe 12.0.0.6258
CCSF_X64.zip
tmCfwApi.dll 5.83.0.1038
TmFpHcEx.exe 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmPfwCtl.dll 5.83.0.1050
TmPfwCtl_xp.dll 5.83.0.1038
TmPfwRul.dll 5.83.0.1038
tmwfpapi.dll 5.83.0.1038
TmopCfg.dll 2.0.0.1100
TmoppeUrlF.dll 2.0.0.1100
TmopphPop3.dll 2.0.0.1096
TmopphSmtp.dll 2.0.0.1096
tmufeng.dll 3.9.0.1012
ICRCHdler.dll 2.7.0.1109
libeay32.dll 1.0.2.14
ssleay32.dll 1.0.2.14
TmopExtIns.exe 2.0.0.1094
TmopExtIns32.exe 2.0.0.1094
TmopIEPlg.dll 2.0.0.1094
TmopIEPlg32.dll 2.0.0.1094
TmOsprey.dll 2.0.0.1094
TmOsprey32.dll 2.0.0.1094
WofieLauncher.exe
libprotobuf.dll
B. Network Traffic Required in Deployment
Estimated size (in terms of bandwidth) of deployed agent files in this Critical Patch.
- 32-bit agent total = 70.5 MB
- 64-bit agent total = 84.9 MB
Back to top
2. Document Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com.
Back to top
3. System Requirements
You must install OfficeScan 11.0 Service Pack 1 with Patch 1 before installing this critical patch.
Back to top
4. Installation/Uninstallation
Installation
To install:
- Copy the critical patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This critical patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation.
If you encounter problems after installation, do a manual rollback.
Uninstallation
To manually roll back to the previous build:
- Locate the backup folder that the critical patch package created in the "\PCCSRV\Backup\CriticalPatch_B6540" directory.
- Stop the OfficeScan Master Service.
- Stop the OfficeScan CMAgent Service.
- Copy the backup modules to the original folders.
- Start the OfficeScan CMAgent Service.
- Start the OfficeScan Master Service.
Back to top
5. Post-installation Configuration
No post-installation steps are required.
Note: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing the product.
Back to top
6. Known Issues
Before deploying this Critical Patch to OfficeScan agents running Windows 10 "April 2018 Update" (v1803), you must add some process exceptions to the Behavior Monitoring Approved List.
OfficeScan agents that do not have an updated Approved List may encounter a blue screen of death (BSOD) after applying the Critical Patch. For more details, refer to the following KB: https://success.trendmicro.com/solution/1119990
Back to top
7. Release History
Visit the following web site for more information about updates to this product:
http://www.trendmicro.com/download.
Prior Releases
Note: Only this critical patch was tested for this release. Prior hotfixes/critical patches were tested at the time of their release.
- OfficeScan 11.0
- OfficeScan 11.0 SP1
- OfficeScan 11.0 SP1 Patch1
- Hotfix 6250 (TT-356853)
Issue: Installing OfficeScan 10.5 Patch 6 by web installation also installs ActiveX on the computer, however, ActiveX uninstallation. As a result, users encounter an error is not removed during client while installing OfficeScan 11 Service Pack 1 Critical Patch 6054 by web installation. This happens because the "WinNTchk.dll" for the ActiveX component cannot be updated when a previous version of the file exists in the installation directory. When this happens, the web installation fails.
Solution: This hotfix ensures that the OfficeScan server adds the version information of the "WinNTChk.cab" file when it triggers web installation.
- Hotfix 6252 (TT-357563)
Issue: It is reported that the OfficeScan NT Listener service (TmListen.exe) in OfficeScan 11.0 Service Pack 1 Patch 1 failed to start up on endpoints running Microsoft(TM) Windows(TM) Vista or Windows Server 2008.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6252 (TT-352284)
Issue: The User Mode Hooking (UMH) driver causes an unexpected error.
Solution: This hotfix updates the UMH driver to resolve this issue.
- Hotfix 6252 (TT-357381)
Issue: When users export the Scan Exclusion Lists for the following scan types from the "Agent Management" screen of the OfficeScan web console, the generated CSV file will not contain any domain setting information for OfficeScan agents:
- Manual scans
- Real-time scans
- Scheduled scans
- Scan Now
Solution: This hotfix updates the OfficeScan server files to ensure that when users export Scan Exclusion Lists, the domain setting information for each OfficeScan agent appear on the exported CSV files.
- Hotfix 6252 (TT-355584)
Issue: In some OfficeScan agents managed by the Update Agent (UA), the T-ball logo on the bottom right portion of the screen turns red since the "NtrtScan.exe" program keeps reloading.
Solution: This hotfix configures the "Agent Connection" setting to a global setting such that when it is changed, the Setting Aggregation File (SAF) package will be updated accordingly. This update enables the OfficeScan agents (managed by the Update Agent) to send a report to the OfficeScan server and instruct it to clear the configuration flag since there is a new setting.
- Hotfix 6252 (TT-358070)
Issue: When users run the Agent Packager tool in the CLI to create setup or update packages for the OfficeScan agent, there is no way to specify a domain where all freshly-installed clients should belong to.
Solution: This hotfix updates the Agent Packager tool to enable users to specify a domain for freshly-installed agents using the "/domain" parameter when creating setup or update packages for the OfficeScan agent through the CLI.
- Hotfix 6258 (TT-354263)
Issue: The OfficeScan server database may crash if the database backup path follows the universal naming convention (UNC) and the backup username length exceeds 32 characters.
Solution: This hotfix updates the OfficeScan server files to resolve this issue.
- Hotfix 6258 (TT-357598)
Issue: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution: This hotfix enables OfficeScan to extend the cache time to 12 hours.
- Hotfix 6258 (TT-357926)
Issue: DLP does not block the most current webmail site like Outlook.com.
Solution: This hotfix resolves this issue.
- Hotfix 6258 (TT-357331)
Issue: After administrators remove or uninstall the OfficeScan agent, the OfficeScan server removes all the OfficeScan agents from the database. This situation occurs when administrators set an agent unique identifier (UID) as a root domain UID.
Solution: This hotfix updates the OfficeScan server files to add two check points to resolve this issue.
- Hotfix 6258 (TT-356698)
Enhancement: This hotfix provides a way for users to approve programs to run without checks by Meerkat (a detection improvement program that monitors newly encountered programs downloaded through HTTP or email applications).
Procedure: To approve programs to run without checking by Meerkat:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "MKWL" key and assign the encrypted string of the full program path.
[Global Setting]
MKWL="The encrypted string of the full program path"
Note: The encrypted string of the full program path needs to be provided by OfficeScan SEG engineer.
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: for x64 platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
for x86 platform
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
Key: MKWL
Type: String
Value: "The encrypted string of the full program path"
- Hotfix 6258 (TT-357554)
Enhancement: This hotfix updates the Data Loss Prevention Endpoint SDK 6.0 to support the following Google Chrome versions:
- 54.0.2840.99
- 55.0.2883.75
- Hotfix 6258 (TT-344921)
Enhancement: This hotfix enables Data Loss Prevention Endpoint SDK 6.0 Webmail channel to share the exception from Email channel.
Procedure: To configure the "apply_email_wblist_to_webmail" setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "apply_email_wblist_to_webmail" key and set its value.
[Configure]
apply_email_wblist_to_webmail = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
apply_email_wblist_to_webmail=true
g. Restart all OfficeScan agents.
- Hotfix 6258 (TT-344921)
Enhancement: This hotfix enables the Data Loss Prevention Endpoint SDK 6.0 to support Lotus Notes Webmail with its add-ons installed for Bank of Chengdu.
Procedure: To configure the "inet_enhanced_dwa_parser" setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "inet_enhanced_dwa_parser" key and set its value.
[Configure]
inet_enhanced_dwa_parser = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
inet_enhanced_dwa_parser=true
g. Restart all OfficeScan agents.
- Hotfix 6263/6281 (TT-357949)
Issue: Automatic agent grouping uses rules defined by Microsoft(TM) Windows(TM) Active Directory (AD) domains. Sometimes, after the OfficeScan server synchronizes AD information from the Windows server, the status of enabled grouping rules shows a "Warning" sign.
Solution: This hotfix updates the OfficeScan programs to ensure that the enabled grouping rules will not be effected by the synchronized AD information.
- Hotfix 6263/6281 (TT-357004)
Issue: In Microsoft(TM) Windows(TM) Vista/2008 or later clients, OfficeScan displays an incorrect firewall driver version number. The correct version number is 5.83.1003, but the version number that OfficeScan displays is 5.82.1050.
Solution: This hotfix ensures that the OfficeScan server references the "tmlwf.sys" and "tmwfp.sys" files to determine the correct version number of the common firewall driver.
- Hotfix 6263/6281 (TT-357915)
Issue: While using the "Export Scan Exclusions" button, the "Scan Exclusion List (File Extensions)" function generates a "N/A" message in the exported CSV file when the "Scan Exclusion List (Files)" value is empty. This issue only happens in the "Scan Now" configuration.
Solution: This hotfix updates the OfficeScan programs to resolve this issue so that users can generate correct information in the CSV file.
- Hotfix 6263/6281/6300 (TT-357769)
Issue: OfficeScan leaks encrypted account passwords during web console operations. Unauthorized users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution: This hotfix updates the OfficeScan server program to ensure that OfficeScan does not leak encrypted passwords.
- Hotfix 6263/6281 (TT-358146)
Issue: If user set the default browser to Chrome and click on hyperlinks from other applications, the Chrome page shows a "try to access to an unexpected site "--disable-quic"" message.
Solution: This hotfix ensures that the Chrome page will not access unexpected "--disable-quic" sites when users click hyperlinks from other applications once they set Chrome as the default browser.
- Hotfix 6263/6281 (TT-356728)
Issue: DLP blocks Exodus-jabber applications unexpectedly.
Solution: This hotfix ensures that Exodus-jabber works normally even when DLP is enabled on the endpoint machines.
- Hotfix 6263/6281 (TT-356873)
Enhancement: This hotfix enables users to generate the Secure Sockets Layer (SSL) certificate with SHA256 signature algorithm and 2048-bit public key for the OfficeScan web site which is installed on Microsoft(TM) Internet Information Services (IIS) or Apache(TM) HTTP Server through the "SvrSvcSetup.exe" tool.
Procedure: To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for manually renew the IIS SSL certificate:
a. Install this hotfix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "\PCCSRV\" directory.
c. Run the following command:
SvrSvcSetup.exe -GenIISCert
A new SSL certificate is generated and is automatically added to the IIS SSL certificate store.
d. Open the IIS Manager console (inetmgr.exe).
e. Right-click the OfficeScan web site, and then click "Edit Bindings...".
f. When the "Site Bindings" window opens, select "https type" and click "Edit...".
g. Select the newly-created SSL certificate and click "OK".
Note: Click the "View..." option to view the 2048-bit public key.
h. Click "Close".
To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for manually renew the Apache SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "\PCCSRV\" directory.
c. Run the following command:
SvrSvcSetup.exe -GenApacheCert
A new SSL certificate is generated and is automatically added to the Apache SSL certificate store.
d. Stop the following services:
- OfficeScan Master Service
- Apache Service
e. Start the following services:
- Apache Service
- OfficeScan Master Service
- Hotfix 6267/6281 (TT-358436)
Issue: OfficeScan can synchronize suspicious objects and retrieve actions against these objects from a Control Manager server. However, an expired suspicious object is still synchronized to OfficeScan that makes false detections on the agent.
Solution: This hotfix updates the OfficeScan programs to ensure that the expired suspicious objects will not be detected.
- Hotfix 6267/6281 (TT-357701)
Issue: The "Agent Management" page of the OfficeScan web console may not display all OfficeScan agents if the domain has a large number of OfficeScan agents.
Solution: This hotfix resolves the issue by updating the mechanism used by the SQL table containing the OfficeScan agent information.
- Hotfix 6267/6281 (TT-354253)
Issue: The OfficeScan 11.0 Service Pack 1 Behavior Monitoring feature may block valid programs without leaving a record of the block action in the detection log.
Solution: This hotfix updates the OfficeScan Behavior Monitoring program to ensure that it blocks the correct programs.
- Hotfix 6271/6281 (TT-354682)
Issue: On x86 platforms, the Aegis module sends Meerkat detection information to the Officescan server and displays a pop-up dialog box that allows users to click on the "Allow Once" button. However, even after users clicked on this button, Meerkat still blocks the application.
Solution: This hotfix updates Meerkat to check the payload of API events to prevent this issue from happening.
- Hotfix 6271/6281 (TT-356152)
Issue: The OfficeScan User-Mode Hooking (UMH) function prevents the "java.exe" program from working properly.
Solution: This hotfix adds "java.exe" onto the OfficeScan UMH whitelist pattern to ensure that the "java.exe" program works properly.
- Hotfix 6271/6281 (TT-357370)
Issue: The OfficeScan UMH function prevents the WebISO software from working properly.
Solution: This hotfix adds the WebISO software into the OfficeScan UMH whitelist pattern to ensure that the WebISO software works proeprly.
- Hotfix 6271/6281 (TT-358458)
Issue: Users may still be able to access web sites that the Trend Micro URL Filtering Engine (TMUFE) failed to rate because of connection issues.
Solution: This hotfix provides a way for users to configure OfficeScan to automatically block access to web sites if the TMUFE cannot rate the web sites.
Procedure: To configure OfficeScan to automatically block access to web sites that the TMUFE cannot rate:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
URLFilterErrMode=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\Scan\Common\URLFilter\config
Key: ErrMode
Type: dword
Value: 1
For Microsoft(TM) Windows(TM) 7/8/10 and Windows Server 2008 R2/2012/2016:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\URLFilter\config
Key: ErrMode
Type: dword
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 6274/6281 (TT-349044)
Issue: The detected Virus/Malware information that appears in the OfficeScan web console does not match the information in the Trend Micro Control Manager(TM) console.
Solution: This hotfix ensures that the OfficeScan server sends the correct Virus/Malware information to Control Manager so that the information in the OfficeScan web console matches the information in the Control Manager console.
Procedure: To configure OfficeScan to send the accurate information to Control Manager:
a. Install this hotfix (see "Installation").
b. Open the "Product.ini" file in the "\PCCSRV\CmAgent" folder on the OfficeScan server installation directory using a text editor.
c. Under the "Configure" section, manually add the following key and set its value to "1".
[Configure]
EnableSFCacheTimeout=1
d. Save the changes and close the file.
e. Restart the OfficeScan Control Manager Agent.
- Hotfix 6274/6281 (TT-358714)
Issue: On the "Agents > Agent Management" section of the OfficeScan web console, when users run an advanced search for OfficeScan agents running with Update Agent "Disabled" status, the search results always display both OfficeScan agents running with Update Agent "Enabled" status and "Disabled" status.
Solution: This hotfix updates the OfficeScan server program to ensure that when users run an advanced search for OfficeScan agents running with Update Agent "Disabled" status, it displays the correct result.
- Hotfix 6274/6281 (TT-359007)
Issue: OfficeScan agents report their antivirus status information to the Microsoft(TM) Windows(TM) Security Center (WSC) when the system starts. However, after the system restarts, WSC displays that the OfficeScan antivirus reports are turned off.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6274/6281 (TT-358753)
Issue: The OfficeScan NT Listener service ("TmListen.exe") may stop unexpectedly after the OfficeScan agent encounters a mismatch certificate error. When this happens, the agent update is unsuccessful.
Solution: This hotfix updates the OfficeScan agent program to prevent the "TmListen.exe" from stopping unexpectedly and ensures that the OfficeScan agent can handle the mismatch certificate error properly.
- Hotfix 6274/6281 (TT-359384)
Issue: DLP does not block the drag-and-drop of files from current Webmail sites (such as "Outlook.office.com" or "Outlook.live.com) when users use Google Chrome to access these Webmail sites.
Solution: This hotfix ensures that OfficeScan does not leak sensitive information when users use Google Chrome to access these Webmail sites.
- Hotfix 6274/6281 (TT-356731)
Issue: Enabling the Browser Exploit Protection (BEP) function causes Microsoft(TM) Internet Explorer 11 to crash when combined with Trend Micro add-ins (BEP) and the vSentry product from Bromium.
Solution: This hotfix resolves this issue.
- Hotfix 6274/6281 (TT-356199)
Enhancement: This hotfix enables the Data Loss Prevention (DLP) Endpoint SDK 6.0 module to support version 55.0.2883.87 of the Google(TM) Chrome(TM) web browser and version 50.1.0 of the Mozilla(TM) Firefox(TM) web browser.
- Hotfix 6277 (TT-354730)
Enhancement: This hotfix enhances the OfficeScan server to support Active Directory subgroups for OfficeScan user accounts.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "\PCCSRV\Private" folder on the OfficeScan installation directory.
c. Under the "INI_AD_INTEGRATION_SECTION" section, manually add the following key and set its value to "1".
[INI_AD_INTEGRATION_SECTION]
RBAMultilayerInheritanceForADUser=1
d. Save the changes and close the file.
- Hotfix 6281 (TT-359424)
Issue: After installing hotfixes on OfficeScan 11.0 Service Pack 1 and activating the OfficeScan Firewall on agents, the Firewall logs display corrupted characters on both the agent console and the OfficeScan server web console.
Solution: This hotfix updates the OfficeScan Firewall to ensure that the Firewall logs display the correct information on both the agent console and the OfficeScan server web console.
- Hotfix 6281 (TT-355684)
Issue: OfficeScan 11.0 Service Pack 1 (SP1) Critical Patch (CP) Build 6054 is unable to use the Sesame mobile application on endpoints.
Solution: This hotfix ensures that the User-Mode Hooking (UMH) does not hook the "ZWProtectVirtualMemory" API when the "Aclayer.dll" file exists.
- Hotfix 6281 (TT-358910)
Issue1: Data Loss Prevention does not block large files inside ZIP archives, even if the boundary of the file size exceeds the maximum value.
Solution1: This hotfix ensures that Data Loss Prevention properly blocks large files inside a ZIP archives.
Issue2: Microsoft Access (.mdb) files can not be recovered to USB storage from the Data Loss Prevention backup folder.
Solution2: This hotfix ensures that Data Loss Prevention can successfully recover Microsoft Access (.mdb) files.
- Hotfix 6281 (TT-355833)
Issue: The Listdeviceinfo tool cannot get information from external devices such as "LaCie Rugged THB USB3 SCSI Disk Device".
Solution: This hotfix resolves this tool issue.
- Hotfix 6281.1 (TT-357771)
Issue: An issue related to the AEGIS module of the OfficeScan agent program may cause certain operating systems to stop responding.
Solution: This hot fix updates the Behavior Monitoring Service module to resolve the issue.
- Critical Patch 6285 (TT-359321)
Issue: After installing hotfixes on OfficeScan 11.0 Service Pack 1 server, the Smart Scan Pattern may not be able to update properly from the Integrated Smart Protection Server.
Solution: This hotfix updates the OfficeScan ActiveUpdate module to ensure that the Smart Scan Pattern can be updated normally from the Integrated Smart Protection Server.
- Hotfix 6292 (TT-358489)
Issue: OfficeScan Behavior Monitoring feature is unable to get the device type correctly when users launch programs by running as administrators (using administrator privileges).
Solution: This hotfix updates the Behavior Monitoring Service module to resolve this issue.
- Hotfix 6292 (TT-359534)
Issue: An initialized issue related to the OfficeScan Control Manager Agent service ("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
- Hotfix 6292 (TT-356903)
Issue: A signature verification issue related to the AEGIS module of the OfficeScan agent program may cause certain operating systems to stop unexpectedly.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
- Hotfix 6292 (TT-360032)
Enhancement: This hotfix enables the Data Loss Prevention (DLP) Endpoint SDK 6.0 module starts to support the following Google Chrome versions:
- Google (TM) Chrome(TM) 55.0.2883.87
- Google (TM) Chrome(TM) 56.0.2924.87
- Hotfix 6292 (TT-357707)
Enhancement: This hotfix enables the Address Space Layout Randomization (ASLR) of Data Loss Prevention (DLP) Endpoint SDK 6.0 for DLL injection.
- Hotfix 6299 (TT-359477)
Issue: The OfficeScan User Mode Hooking (UMH) function may cause the "mkdir.exe" program to stop unexpectedly.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
- Hotfix 6299 (TT-357853)
Issue: When the "Protect documents against unauthorized encryption or modification" feature of Ransomware Protection is enabled, the OfficeScan agent may prevent a valid program from running if the size of the program file is too large.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6299 (TT-360097)
Issue: The Server Tuner tool optimizes the performance of the OfficeScan server. However, its Maximum Client Connections setting does not work.
Solution: This hotfix updates the OfficeScan server program to ensure that the tool's Maximum Client Connections setting works normally.
- Hotfix 6299 (TT-357054)
Issue: When there are hotfix updates, the OfficeScan server checks all client components and prompts all clients with old hotfix versions to apply the updates including those where the No Program Upgrade option is enabled. This triggers a large number of unnecessary client notifications.
Solution: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the No Program Upgrade option is enabled in the client.
- Hotfix 6299 (TT-359331)
Issue: The OfficeScan Behavior Monitoring program ("TMBMSRV.exe") crashes when the "MeerkatSkipUNC" option is enabled.
Solution: This hotfix updates the OfficeScan Behavior Monitoring program to correct this issue.
- Hotfix 6299 (TT-359521)
Issue: When users upload files from the SMB folder to the internal website and iDLP is enabled, the upload may be interrupted intermittently.
Solution: This hotfix enables iDLP to check if a file is from SMB before it attempts to access the file information. If the source file is an SMB file, iDLP will then Impersonate to download the file.
- Hotfix 6299 (TT-357721)
Issue: The library license of the third-party applicationDymola conflicts with DLP.
Solution: This hotfix adds "dymola.exe" and "license_check.exe" to the approved list to remove the conflict.
- Hotfix 6299 (TT-359522)
Issue: When OfficeScan parses the contents of a policy that it receives from Control Manager, some space characters may be removed from the policy which changes certain settings when applied to OfficeScan.
Solution: This hotfix ensures that OfficeScan can parse and apply Control Manager policies properly.
- Hotfix 6302 (SEG-1587)
Issue: The "Quarantine malware variants detected in memory" feature needs to be enabled before the Memory Inspection Pattern (MIP) can be updated on OfficeScan agents.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6302 (SEG-1781)
Issue: Sometimes, the value of the "SourceUUID" setting in the "Ofcserver.ini" file is overwritten which prevents OfficeScan from updating the suspicious object list.
Solution: This hotfix ensures that the "SourceUUID" setting is not overwritten unexpectedly.
- Hotfix 6302 (SEG-2639)
Issue: Sometimes, OfficeScan does not create system dump files when an exception error occurs.
Solution: This hotfix ensures that OfficeScan catches exception system codes and creates the corresponding system dump files when it encounters these codes.
- Hotfix 6306 (TT-359200)
Issue: The "TMBMSRV.exe" process stops responding when debug log is enabled.
Solution: This hotfix resolves the issue by ensuring that the debug log output function receives the correct information.
- Hotfix 6306 (SEG-2785)
Issue: Blue screen of death (BSOD) occurs when the OfficeScan agent AEGIS module runs simultaneously with an encryption software.
Solution: This hotfix enables the AEGIS module of OfficeScan agents to work normally with encryption software.
- Hotfix 6308 (SEG-1474)
Issue: The Agent Connectivity widget displays inaccurate total number of connected clients for each Smart Protection Server information.
Solution: This hotfix updates the OfficeScan server program to ensure that the Agent Connectivity widget displays accurate information.
- Hotfix 6310 (SEG-3508)
Enhancement: The OfficeScan server automatically notifies an OfficeScan client to change its GUID after it determines that there is a duplicate GUID. However, the OfficeScan server does not generate an event log if it cannot notify the client for some reason. This hotfix provides a way for users to enable the OfficeScan server if it cannot notify an OfficeScan client to change its GUID.
Procedure: To enable the OfficeScan server to generate an event log if it cannot notify an OfficeScan client to change its GUID when it detects duplicate GUIDs:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
c. Under the "INI_SERVER_SECTION" section, locate the following key and set its value to "1".
[INI_SERVER_SECTION]
Event_Log_Flag=1
d. Save the changes and close the file.
e. Restart the OfficeScan Master Service.
- Hotfix 6313 (SEG-2354)
Issue: When users set the firewall exception rule to a single IP, the IP address does not appear on the OfficeScan agent console.
Solution: This hotfix ensures that the IP address appears on the OfficeScan agent console.
- Hotfix 6313 (SEG-3487)
Issue: It takes a long time to export the scan exclusion list from the OfficeScan web console.
Solution: This hotfix improves the export function to enable OfficeScan to export the scan exclusion list faster.
- Hotfix 6313 (SEG-1442)
Issue: A Microsoft Windows Security audit failure by "tmevtmgr.sys" appears in the Windows system event log.
Solution: This hotfix resolves the issue by enabling the build option in the AEGIS driver to include a "path hash".
- Hotfix 6313 (SEG-3616)
Issue: When an OfficeScan agent downloads a file that does not have a valid digital signature, the file path information in the corresponding system event log will be truncated on the OfficeScan web console.
Solution: This hotfix ensures that system event logs display the complete file path information on the OfficeScan web console.
- Hotfix 6313 (SEG-3016)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 starts to support the following Google Chrome versions:
- Google Chrome(TM) 57.0.2987.98
- Google Chrome(TM) 57.0.2987.110
- Hotfix 6314 (SEG-1991, SEG-2660)
Issue: After users install hotfixes on OfficeScan 11.0 Service Pack 1 and activate the OfficeScan Firewall on agents running Windows XP, the Firewall service encounters network access issues.
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: Restart the endpoint to update the Common Firewall module of OfficeScan agents.
- Hotfix 6315 (TT-350467)
Enhancement: This hotfix enables the Behavior Monitoring approved list to support the asterisk (*) and question mark (?) wildcard characters in program path names and file names.
- Hotfix 6317 (SEG-3533, SEG-2785, SEG-3668)
Issue: Blue screen of death (BSOD) occurs when the OfficeScan agent AEGIS module runs simultaneously with an encryption software.
Solution: This hotfix enables the AEGIS module of OfficeScan agents to work normally with encryption software.
- Hotfix 6325 (SEG-1715)
Issue: It takes a long time for the Windows Disk Manager to start when OfficeScan's Ravage Scan feature is enabled.
Solution: This hotfix enables users to configure the OfficeScan Ravage Scan feature to skip a specific virtual hard disk to allow the Disk Manager to start normally.
Procedure: To enable the Ravage Scan feature to skip a specific virtual hard disk:
a. Install this hotfix (see "Installation").
b. Open the Registry Editor.
c. Add the following key:
Path: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters]
Type: dword
Key: SkipVirtualHarddisk
Data Value: 00000001
d. Restart the OfficeScan client computer.
- Hotfix 6325 (SEG-2673)
Issue: PccNT.exe stops unexpectedly because the following agent registry contains a value that is larger than the maximum supported value.
Path: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
Type: dword:7fffffff
Key: TotalScanned
Solution: This hotfix updates the "fcWofieUI.dll" (for 32-bit) and "fcWofieUI_64x.dll" (for 64-bit) OfficeScan agent files to solve this issue.
- Hotfix 6325 (TT-359608)
Issue: Users cannot run a manual sync on the "Suspicious Object List Setting" page when the "Enable Suspicious URL list" option is disabled.
Solution: This hotfix ensures that manual sync can complete successfully when the "Enable Suspicious URL list" option is disabled.
- Hotfix 6325 (SEG-3289)
Issue: The error-handling mechanism of POP3 and SMTP scans may attempt to access tmp files which can trigger the TmListen service to stop unexpectedly.
Solution: This hotfix resolves the issue by ensuring that the error-handling mechanism accesses only valid local file paths.
- Critical Patch 6325 (VRTS-283, VRTS-393, VRTS-615)
Issue1: When the Web Reputation Service (WRS) of the OfficeScan agent program blocks access to a certain webpage, it displays the "Website blocked by Trend Micro OfficeScan" alert page instead. This alert page may be affected by XSS vulnerabilities.
Solution1: This critical patch updates the OfficeScan agent program to resolve the XSS vulnerabilities.
Issue2: Encrypted account passwords may leak out during web console operations. Unauthorized users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution2: This critical patch ensures that encrypted passwords are secure during web console operations.
Enhancement: This critical patch updates the OfficeScan agent program to improve its self-protection mechanism to protect against a local attacker to inject malicious code.
- Hotfix 6325.1 (SEG-2812)
Issue: Garbled characters appear in POP3 email notification for malicious email message contents.
Solution: This hotfix resolves the issue by changing the text encoding format for POP3 email notifications from West Europe to shift-JIS.
Note: This time registry deployment solution is not supported in offline OfficeScan agents.
- Hotfix 6331 (TT-358992)
Issue: Users cannot access the "Advanced Search" web page from the "Firewall Profile Settings" page of the OfficeScan web console.
Solution: This hotfix updates the OfficeScan server program files to ensure that users can access the "Advanced Search" web page from the "Firewall Profile Settings" page.
- Hotfix 6331 (SEG-1891)
Issue: The DLP module may not work normally while other programs are uploading files to the Internet.
Solution: This hotfix ensures that the DLP module works normally when other programs are to uploading files to the Internet.
- Hotfix 6342 (SEG-3345)
Issue: The OfficeScan agent blocks a program that has been downloaded from an email message or through HTTP even when the program is in the approved list.
Solution: This hotfix ensures that OfficeScan agents block the correct programs.
- Hotfix 6342 (SEG-2468)
Issue: The OfficeScan web console takes longer than usual to load because of a large number of DB_FLUSH commands.
Solution: This hotfix minimizes the number of DB_FLUSH commands to ensure that the OfficeScan web console loads normally.
- Hotfix 6342 (SEG-3919)
Issue: When enabling the OfficeScan debug log, clicking on the "Save" button twice overwrites the specified debug log path in the "ofcdebug.ini" file. When this happens, debug logs are saved in another location.
Solution: This hotfix enables OfficeScan to always use the default log path if only the log name is set on the web console.
- Hotfix 6342 (SEG-2232)
Issue: Duplicate DLP violation logs are generated when users attempt to print a PDF file that contains sensitive information in Adobe(TM) Reader.
Solution: This hotfix applies the App White Cache mechanism according to process name to enable DLP to treat multiple print operations from "AcroRd32.exe" that occur within a one second period as one event. This helps prevent duplicate violation logs.
- Hotfix 6348 (SEG-3931)
Issue: When DLP detects that sensitive information was sent through an email message in "outlook.com", the OfficeScan agent generates a blank "Activity/Channel" log.
Solution: This hotfix resolves this issue by updating the OfficeScan agent.
- Hotfix 6348 (SEG-5361)
Enhancements: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 58.0.3029.81.
- Hotfix 6348 (SEG-5633)
Enhancements: This hotfix provides a way to configure the AEGIS module in OfficeScan clients to skip Virtual Disks during scans.
Procedure: To configure the AEGIS module to skip Virtual Disks during scans:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\"folder of the OfficeScan server.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SkipVirtualHarddisk=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and click "Agents > Global Agent Settings" on the main menu to access the "Global Agent Settings" page.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to agents and adds the following registry entry on all agent computers:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters
Key: SkipVirtualHarddisk
Type: dword
Value: 1
- Hotfix 6350 (SEG-5041)
Issue: The operating system version of registered OfficeScan servers installed on Windows Server 2012 R2 appears as "6.2 (build 9200)" instead of "6.3 (build 9600)" on the Control Manager web console.
Solution: This hotfix resolves this issue by ensuring that OfficeScan servers installed on Windows Server 2012 R2 register to the Control Manager server using operating system version "6.3 (build 9600)".
- Hotfix 6351 (SEG-6181)
Issue: OfficeScan agents running Data Loss Prevention may experience a Blue Screen of Death (BSoD) when accessing files in shared (SMB) folders.
Solution: This hotfix resolves the BSoD issue when accessing files in shared (SMB) folders.
- Critical Patch 6355 (SEG-6313)
Enhancement: This critical patch enables the OfficeScan agent program to support Windows 10 Creators Update RS2.
- Hotfix 6369 (TT-360007)
Issue: The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has the Symantec Data Loss Prevention application running.
Solution: This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation feature does not conflict with the Symantec Data Loss Prevention application.
- Hotfix 6371 (SEG-4799)
Issue: The OfficeScan Behavior Monitoring feature may cause certain computers to lock up intermittently when TMEAC is installed.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
- Hotfix 6373 (SEG-3443)
Issue: When the OfficeScan agent connects to SSL-VPN and the MAC address field is empty, the OfficeScan agent will attempt to resolve the IP and MAC addresses repeatedly but the SSL-VPN IP address still does not appear in the network cards list on the agent console.
Solution: This hotfix updates the OfficeScan agent program to prevent it from attempting to resolve the IP and MAC addresses when the MAC address field is empty. It also helps ensure that the IP address appears on the OfficeScan agent console.
- Hotfix 6373 (SEG-5477)
Issue: The OfficeScan agent does not successfully upgrade even after applying new hotfix files.
Solution: This hotfix resolves the OfficeScan agent upgrade issue.
- Hotfix 6373 (SEG-6873)
Issue: The administrator cannot register USB information that includes the pound sign (#) or "and" sign (&) in the Data Loss Prevention (DLP) exception list.
Solution: This hotfix resolves this issue.
- Hotfix 6383 (TT-359895)
Issue: The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings contain non-ASCII characters.
Solution: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager policies to ensure that the server can check the signature of these policies.
- Hotfix 6383 (SEG-6323)
Issue: Enabling the NT RealTime Scan causes OfficeScan agents to freeze. This issue occurs because OpenSSL uses the AES-NI instruction set, which is not supported by some CPU types.
Solution: This hotfix resolves this issue by updating the OpenSSL component.
- Hotfix 6383 (SEG-6391)
Issue: The Microsoft(TM) Internet Explorer browser does not interpret double-byte strings correctly. Thus, user accounts do not display correctly.
Solution: This hotfix adds a function to determine whether a string contains double-byte characters, which resolves this issue.
- Hotfix 6383 (SEG-6528)
Issue: The Trend Micro OfficeScan Agent Console ("Pccnt.exe") may stop unexpectedly if the "Unauthorized Change Prevention Service" is enabled. When this happens, it will affect the performance of the endpoint.
Solution: This hotfix updates the OfficeScan agent program to prevent "Pccnt.exe" from stopping unexpectedly and ensures that the OfficeScan agent can work properly without affecting the performance of the endpoint.
- Hotfix 6383 (SEG-7273)
Issue: On computers running on the Microsoft(TM) Windows(TM) 10 platform, the Data Loss Prevention (DLP) network filter driver is installed with the Transport Driver Interface (TDI) network filter driver.
Solution: This hotfix updates the operating system version determination mechanism to ensure that the correct driver is installed. This hotfix also provides a Microsoft(TM) Windows Filtering Platform (Windows) driver replacement mechanism that replaces the TDI driver with the correct driver.
- Hotfix 6383 (SEG-8017)
Enhancements: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 to support Google(TM) Chrome version 59.0.3071.86.
- Hotfix 6390 (SEG-7214, SEG-8297)
Issue: A blue screen of death (BSOD) occurs when the Trend Micro Common Module (tmcomm.sys) attempts to parse the service name list of a Windows kernel device in the device tree.
Solution: This hotfix updates the Trend Micro Common Module on OfficeScan agents to resolve this issue.
- Hotfix 6396 (SEG-7541)
Issue: OfficeScan agents installed on Windows 10 platforms may cause the endpoint to freeze or become unresponsive when both Windows Defender and the OfficeScan agent are running at the same time.
Solution: This hotfix updates compatibility support to prevent the system from freezing when the OfficeScan Agent loads.
- Hotfix 6396 (SEG-7585)
Issue: The OfficeScan agent does not successfully update specific pattern files when the OfficeScan server and client have different build versions.
Solution: This hotfix resolves the issue concerning OfficeScan agents not successfully updating specific pattern files.
- Hotfix 6396 (SEG-6421)
Issue: Windows Defender is not disabled automatically after the OfficeScan agent is installed on a Windows 2016 server computer.
Solution: This hotfix ensures that Windows Defender is disabled automatically after the OfficeScan agent is installed on a Windows 2016 server computer and the computer restarts.
- Hotfix 6396 (SEG-8356)
Issue: The Virus Scan Engine (VSAPI) fails to roll back on a Microsoft(TM) Windows(TM) 10 platform.
Solution: This hotfix updates the OfficeScan agent program to ensure that VSAPI can roll back successfully on a Windows 10 platform.
- Hotfix 6396 (SEG-7747)
Issue: The OfficeScan Master Service stops unexpectedly while receiving a huge amount of policy information from Control Manager which triggers OfficeScan to generate a large number of dump files under the "PCCSRV\Web\Service" folder.
Solution: This hotfix enables the OfficeScan Master Service to handle a huge amount of policy information from Control Manager.
- Hotfix 6396 (TT-354095)
Issue: The firewall details page of the OfficeScan client console does not refresh automatically after the security level setting changes.
Solution: This hotfix is to show a message to prompt to close all windows of the OfficeScan client console and reopen the console in order to refresh the UI.
- Hotfix 6396 (TT-357507)
Issue: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution: This hotfix enables OfficeScan to extend the cache time to 12 hours.
- Hotfix 6396 (TT-355701)
Issue: An initialized issue related to the OfficeScan Control Manager Agent service ("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
- Hotfix 6396 (TT-357054)
Issue: When there are hotfix updates, the OfficeScan server checks all client components and prompts all clients with old hotfix versions to apply the updates including those where the No Program Upgrade option is enabled. This triggers a large number of unnecessary client notifications.
Solution: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the No Program Upgrade option is enabled in the client.
- Hotfix 6396 (TT-358532)
Issue: When an unreachable OfficeScan agent reports its onstart status to the OfficeScan server, the server does not automatically set the updateflag for the agent. As a result, the agent will not receive updates until after a file change event on the OfficeScan server.
Solution: This hotfix enables the OfficeScan server to set the updateflag of unreachable OfficeScan agents automatically once it receive the onstart status of the agents.
- Hotfix 6396 (SEG-2143)
Issue: Exported CSV files that contain agent information do not differentiate between Windows platforms from Windows Embedded platforms.
Solution: This hotfix ensures that exported CSV files specifies if an agent runs on a Windows platform or a Windows Embedded platform.
- Hotfix 6396 (SEG-2745)
Issue: The Vulnerability Scanner may attempt to access an invalid file path which triggers blue screen of death (BSOD) on computers running Microsoft Windows Vista(TM) or any version released after it, for example, Windows Server 2008 and later versions.
Solution: This hotfix updates the Vulnerability Scanner to prevent it from attempting to access invalid file paths.
- Hotfix 6396 (SEG-9011)
Issue: Sometimes, the Behavior Monitoring Service module of OfficeScan 11.0 Service Pack 1 agents may conflict with the Schwab application which can trigger the Schwab application to stop unexpectedly.
Solution: This hotfix updates the Behavior Monitoring Service module and provides a way for users to configure OfficeScan to ensure that the Schwab application works properly.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "SkipKernelExceptionEvent" key and set its value to "1".
[Global Setting]
SkipKernelExceptionEvent=1
NOTE: To disable the feature, set "SkipKernelExceptionEvent=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: SkipKernelExceptionEvent
Type: REG_DWORD
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 6396 (TT-358603)
Enhancement: This hotfix improves the checking mechanism of the OfficeScan agent program to protect the Smart Scan Agent Pattern and Virus Pattern files in endpoints from corruption.
- Hotfix 6396 (TT-356627)
Enhancement: This hotfix adds an assessment mode for ransomware. In assessment mode, OfficeScan will not terminate the suspected ransomware process but creates a log for it.
Procedure: To enable assessment mode:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set each to "1".
[Global Setting]
EnableADCAssessMode=1
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
EnableADCAssessModeNotification=1
Value: 0 = no popup notification in the system tray icon
1 = a popup notification appears in the system tray icon
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
Key: EnableADCAssessMode
Type: DWORD
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
Key: EnableADCAssessModeNotification
Type: DWORD
Value: 0 = does not have popup notification in system tray icon
1 = have popup notification in system tray icon
- Hotfix 6404 (VRTS-392)
Issue: An issue related to the DLP file system driver may cause an RWX vulnerability in web browsers.
Solution: This hotfix updates DLP Endpoint SDK 6.0 to resolve the vulnerability.
- Hotfix 6404 (SEG-9560)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
- Hotfix 6410 (VRTS-1012)
Issue: Remote unauthenticated attackers may be able to query NT domains through the OfficeScan XG "cgiGetNTDomain.exe" process.
Solution: This removes the vulnerability.
- Hotfix 6410 (VRTS-1022)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run "cgiRqUpd.exe" on the OfficeScan server and trigger "cgiRqUpd.exe" to stop unexpectedly. When this happens, a large number of dump files are generated which can eventually take up a large portion of disk space.
Solution: This hotfix resolves the vulnerability.
- Hotfix 6410 (SEG-10228)
Issue: In Windows 2016 server, the Windows Defender service does not stop when the OfficeScan agent is installed or when the latest hotfix is installed on the existing OfficeScan agent.
Solution: This hotfix ensures that the Windows Defender service stops automatically after the OfficeScan client is installed or updated with the latest hotfix.
Note: You need to restart the computer after applying this hotfix.
- Hotfix 6415 (VRTS-1115)
Issue: Web server details gathered from the banner may allow attackers to search and launch automated attacks from commonly-found web sites which may lead to website defacement or denial of service.
Solution: This hotfix resolves the vulnerability.
- Hotfix 6415 (SEG-4529)
Issue: When users enable the "ViewLogonName" parameter in "ofcscan.ini", either a user name or "system" should appear on the "logon user name" in virus logs. However, the field remains blank, sometimes.
Solution: This hotfix updates the OfficeScan agent program to ensure that the "logon user name" field in virus logs always displays the correct information.
- Hotfix 6415 (SEG-8981)
Enhancement: This hotfix provides an option to enable OfficeScan agents to check the connection to the Smart Protection Network regularly and to update the status icons on the web console accordingly.
Procedure: To enable the feature on the OfficeScan server and to automatically deploy the setting to all OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Add the following key under the "Global Setting" section and set its value to "1".
[Global Setting]
ChkGlobalWCS=1
Note: To disable the connection checking, set "ChkGlobalWCS=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan agent program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iURL Scan.
Key: ChkGlobalWCS
Type: REG_DWORD
Value: 1
- Hotfix 6421 (SEG-10688)
Issue: If you click on the "Update" button on the agent console while the TmListen service is stopped, the page returns an "Component update is complete" message.
Solution: This hotfix enables OfficeScan to disable the "Update" button automatically when the TmListener service stops and to display a tooltip when the mouse pointer hovers over the button.
- Hotfix 6421 (SEG-10651)
Issue: If a newly-installed OfficeScan agent cannot connect to the OfficeScan server within a specific time period, the agent cannot report that it is online and does not appear on the OfficeScan web console.
Solution: This hotfix provides a way for users to extend the connection time to prevent this issue from occurring.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the following keys and set the preferred value for each.
[Global Setting]
EnableCheckHostLoadHttpTimeoutSecond=1
NOTE: To disable the feature, set "EnableCheckHostLoadHttpTimeoutSecond=0".
LoadHttpTimeoutSecond=30
NOTE: You can set the timeout value to 30, 60, 90, or 180 seconds based on your needs.
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path:
for x64 platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion
for x86 platform
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\
Key: EnableCheckHostLoadHttpTimeoutSecond
Type: REG_DWORD
Value: 1
Key: LoadHttpTimeoutSecond
Type: REG_DWORD
Value: 30
g. Restart the OfficeScan agents.
NOTE: If OfficeScan agents does not receive the setting from the OfficeScan server, please consider updating OfficeScan agents using Client Packager Installation or the AutoPCC utility.
- Hotfix 6421 (SEG-6917)
Issue: The following OfficeScan 11.0 Service Pack 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
- Hotfix 6421 (SEG-11074)
Issue: The Windows Security Center cannot recognize if the OfficeScan Antivirus is enabled when there is no antispyware license.
Solution: This hotfix updates the OfficeScan agent program to help ensure that the Windows Security Center can determine whether the OfficeScan Antivirus is enabled or not.
- Hotfix 6421 (SEG-8988)
Issue: The OfficeScan Behavior Monitoring feature may prevent users from renaming folders on network drives.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "SkipDfsClient" key and set its value to "1".
[Global Setting]
SkipDfsClient=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters
Key: SkipDfsClient
Type: DWORD
Value: 1
- Hotfix 6421 (SEG-10066)
Issue: An issue related to the OfficeScan Behavior Monitoring feature may cause the memory usage to increase unexpectedly on OfficeScan client computers.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 6421 (SEG-1689)
Enhancement: This hotfix provides a way for users to configure OfficeScan agents to automatically disconnect an established connection and to re-establish a connection when the OfficeScan server triggers a network isolation function. Users can move OfficeScan agents to specific domains that are defined to apply network isolation.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set values.
[Global Setting]
PFWPolicyWithConnectionReset=1
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
PFWPolicyWithConnectionResetDomainList=Domain_Name
For example: Workgroup, Domain1
Provide a domain name or domain list use for network isolation.
PFWPolicyWithConnectionResetDurationInSec=30
Value: 0 = Disable connection reset (default value)
30 = Rest connection in 30 seconds
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
Key: PFWPolicyWithConnectionReset
Type: DWORD
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
Key: PFWPolicyWithConnectionResetDomainList
Type: String
Value: Domain_name set by user
Example: Workgroup, Domain1
Key: PFWPolicyWithConnectionResetDurationInSec
Type: DWORD
Value: 0 = Disable connection reset
30 = Rest connection in 30 seconds
- Hotfix 6421 (SEG-7553)
Enhancement: This hotfix provides an option to configure the interval in which the OfficeScan agent sends Spyware logs to the server.
Procedure: To enable the feature on the OfficeScan server and to automatically deploy the setting to all OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan installation directory.
c. Add the following key under the "Global Setting" section and set the value ("X") to the number of minutes that the OfficeScan agent sends logs.
[Global Setting]
SpywareSendLogPeriod=X (for example 45)
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to all agents.
g. The OfficeScan agent program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp\CurrentVersion\Misc.
Key: SpywareSendLogPeriod
Type: REG_DWORD
Value: 2D
h. Restart the OfficeScan agents.
- Hotfix 6421 (SEG-10953, SEG-11404)
Enhancement: This hotfix enables Data Loss Prevention Endpoint SDK 6.0 starts to support the following Google Chrome versions:
- Google Chrome version 60.0.3112.78
- Google Chrome version 60.0.3112.90
- Hotfix 6429 (SEG-7697)
Issue: The Trend Micro iCRC Common Module cannot perform an SSL handshake with Smart Protection Server on endpoints running Windows Server 2003 using TLS 1.2 after applying OpenSSL 1.0.2.
Solution: This hotfix updates the Trend Micro iCRC Common Module and provides a way for users to enable the Trend Micro iCRC Common Module to communicate with Smart Protection Server using TLS 1.0.
Procedure: To apply and deploy the solution globally:
a. Open the "ICRCHdler.ini" file in the "\PCCSRV\Pccnt" folder on the OfficeScan server installation directory.
b. Under the "Default" section, manually add the following key and set its value to "4".
[Default]
SSLVersion = 4
d. Save the changes and close the file.
e. Install this hotfix (see "Installation").
f. After upgrading the agent program, the OfficeScan server adds the following entries on all OfficeScan agent computers:
Path: The OfficeScan agent installation directory.
File: ICRCHdler.ini
Key: SSLVersion = 4
- Hotfix 6429 (SEG-10748)
Issue: The error message that appears when a user provides a user name or password with an invalid character for proxy authentication does not accurately describe the issue.
Solution: This hotfix updates the error message to inform users that the provided proxy setting user name or password contains an invalid character.
- Hotfix 6429 (SEG-10844)
Issue: When configured, the OfficeScan Agent displays the following scan pop-up dialog box when users connect to a removable storage device.
"A USB storage device was plugged in to the computer. Do you want Trend Micro OfficeScan to scan the device for security risks?"
Solution: This hotfix updates the scan pop-up dialog box to display the following message.
"A removable storage device was plugged in to the computer. Do you want Trend Micro OfficeScan to scan the device for security risks?"
- Hotfix 6429 (SEG-10980)
Issue: The account and password setting for the external proxy server do not support the hash special character "#".
Solution: This hotfix resolves a broken jquery Ajax call to ensure that the account and password setting for the external proxy server supports special characters.
- Hotfix 6434 (SEG-11628)
Enhancement: The hotfix provides the implementation of BIN number's regular expression and validators.
- Hotfix 6434 (SEG-12203)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to bypass iTunes blocking and so that iPhone can still be charged while Device Control is enabled.
Procedure: To configure the new setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set its value.
[Configure]
bypass_itunes_nonstor_usb_dc = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder: bypass_itunes_nonstor_usb_dc=true
- Hotfix 6439 (SEG-12179)
Issue: Tablets running Windows 10 (Redstone) may encounter a "Blue Screen of Death" (BSOD) when trying to enter a sleep state.
Solution: This hotfix notifies the driver to stop sending event information after entering standby mode. After the tablet comes out of standby mode, the driver starts sending event information again.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "10".
[Global Setting]
PowerMonitorTime=10
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
Key: PowerMonitorTime
Type: DWORD
Value: 10 = Set PowerMonitorTime to 10 seconds, max 60 seconds
g. Restart the OfficeScan agents.
- Hotfix 6443 (SEG-13165)
Issue: Scheduled scan is postponed because OfficeScan detects full screen mode even when there are no windows in full screen mode.
Solution: This hotfix enables OfficeScan to ignore windows that do not have visible content during full screen mode detection.
- Hotfix 6443 (SEG-12586)
Enhancement: This hotfix enables users to update the following registry keys to specify the sender and subject of email notifications for malicious email messages.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config
Name: DisclaimerAddress
Name: DisclaimerSubject
- Hotfix 6447 (SEG-8096)
Issue: When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys under the TmLwf registry key, which causes the software installation to fail.
Solution: This hotfix adds a key to disable the self-protection only function of the TmLwf registry key, which resolves this issue.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SP_DisableTmLwfRegistryKeyProtection=1
Value: 1 = Disable TmLwf registry key self-protection only
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
Key: SP_DisableTmLwfRegistryKeyProtection
Type: DWORD
Value: 1 = Disable TmLwf registry key self-protection only
g. Restart the OfficeScan agents
- Hotfix 6447 (SEG-13656)
Issue: The file description field indicates the Common Client Real-time Scan Service ("Ntrtscan.exe") is 32-bit even when it is running on a 64-bit operating system.
Solution: This hotfix updates the OfficeScan agent program to ensure that the correct information appears on the file description field.
- Hotfix 6447 (SEG-12830)
Issue: A protected computer may stop responding or respond slowly while extracting the "AFUDOS.exe" file from a ZIP file. Sometimes, the computer may also stop unexpectedly while the Behavior Monitoring engine performs policy matching.
Solution: This hotfix removes the lock scope to prevent protected computers from stopping unexpectedly and enables OfficeScan to use the try-catch method to capture an exception and help prevent a handle leak issue.
- Hotfix 6447 (SEG-13700)
Issue: The OfficeScan Behavior Monitoring feature may cause certain third-party programs that are in its approved list to stop responding.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "AegisSkipNotificationEvent" key and set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents
- Hotfix 6451 (SEG-14071)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 starts to support the following Google Chrome versions:
- Google Chrome 61.0.3163.79
- Hotfix 6454 (SEG-14058)
Issue: Virus detection logs do not appear on the agent console if the name of the agent installation folder contains multibyte characters.
Solution: This hotfix ensures that virus detection logs appear on OfficeScan agent console.
- Hotfix 6458 (SEG-13979)
Issue: Users cannot migrate the OfficeScan database from CodeBase to an SQL server database using an SQL server account password that contains a semicolon ";"
Solution: This hotfix ensures that users can migrate the OfficeScan database under the scenario described above.
- Hotfix 6459 (SEG-13737)
Issue: Virus log information cannot be parsed properly because the names of infected files are parsed with the tab character delimiter. As a result, virus logs cannot be displayed.
Solution: This hotfix enables OfficeScan to use a space as the delimiter character when writing virus logs. This helps ensure that it can parse and display virus logs properly.
- Hotfix 6459 (SEG-14671)
Issue: OfficeScan 11.0 Service Pack 1 still blocks the Spyrus USB drive after it is added to the USB exception list.
Solution: This hotfix resolves the issue by updating the Data Loss Prevention(TM) (DLP) module to ensure that it can parse the device information of the Spyrus USB drive.
- Hotfix 6460 (SEG-9629)
Issue: Some 32- or 64-bit specific information on the OfficeScan web console do not match the corresponding information on the Control Manager web console.
Solution: This hotfix ensures that the OfficeScan server sends the correct information to Control Manager so that the information it displays is always consistent with the information on the OfficeScan web console.
- Hotfix 6462 (SEG-16832)
Issue: A Blue Screen of Death (BSOD) may occur after applying Microsoft KB4043961 on computers running on Windows 10 Fall Creators Update and protected by OfficeScan 11 Service Pack 1.
Solution: This hotfix prevents the BSOD issue on affected computers.
- Hotfix 6473 (SEG-10738)
Issue: The "viveportdesktophelper.exe" application cannot start in protected computers.
Solution: This hotfix updates the Behavior Monitoring driver and adds two settings to enable the
"viveportdesktophelper.exe" application to start normally on protected computers.
Procedure: To enable the new settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set the values to "1" to enable
both settings.
[Global Setting]
SkipVolume=1
SkipVirtualHarddisk=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the new settings to clients.
Path: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters]
Key: SkipVolume = 1 (Dword)
Key: SkipVirtualHarddisk = 1 (Dword)
g. Restart the OfficeScan client computer.
- Hotfix 6473 (SEG-12965)
Issue: A syntax error occurs when users move an OfficeScan agent
to another domain which causes the domain tree to
disappear from the agent console.
Solution: This hotfix resolves the issue by changing the flush method on the OfficeScan server.
- Hotfix 6473 (SEG-15477)
Issue: The Service Pack build version information disappears from the registry after the "SVRSVCSETUP.exe" tool runs.
Solution: This hotfix resolves the issue by enabling the "SVRSVCSETUP.exe" tool to backup and restore the registry.
- Hotfix 6473 (SEG-15975)
Issue: A vulnerability may allow remote attackers to query widget information while the specific php file runs.
Solution: This hotfix secures the information in specific php file.
- Hotfix 6473 (SEG-17239)
Issue: The EXE package of the OfficeScan agent forces the user's business software to stop unexpectedly.
Solution: This hotfix ensures that the EXE package does not affect the user's business software.
- Hotfix 6473 (SEG-15032)
Issue: When an agent update stalls, the number of agents in the update queue may reach the number of online agents.
Solution: This hotfix enables the AddNotifyRecord() function to check the status of an agent before updating the counters
and inserting the record into the queue.
- Hotfix 6475 (SEG-17726)
Issue: The wrong OfficeScan client platform information appears on the OfficeScan web console.
Solution: This hotfix updates the OfficeScan agent program to ensure that it sends the correct platform information to the server.
- Hotfix 6475 (SEG-17314)
Issue: When the Advanced Protection Service is disabled in an OfficeScan agent, smvptn files accumulate and are not cleaned promptly.
Solution: This hotfix resolves the issue by updating the NTRT module to check the current smv patterns to keep only the two most recent
versions and delete all older versions.
- Hotfix 6475 (SEG-18237)
Issue: An interoperability issue between the TDI network filter driver and Citrix XenApp on Microsoft(TM) Windows(TM) 7 can cause the
Citrix client to disconnect unexpectedly.
Solution: This hotfix enables users to change the installation of the TDI (saknet.sys) and WFP (dlpnetfltr.sys) network filter driver
based on the customized settings.
Procedure: To configure the new setting for DLP:
a. Install this hotfix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "enable_wfp" key and set its value to "true".
[Configure]
enable_wfp = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents.
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the
"\Windows\System32\dgagent\" folder:
enable_wfp=true
- Hotfix 6488 (SEG-18382)
Issue: The OfficeScan agent can be configured to use a specific IP address (IP Template) via the Windows Registry for communication with the OfficeScan server. However, the OfficeScan 11.0 Service Pack 1 agent does not support IPv6 addresses for the IP Template.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
- Hotfix 6488 (SEG-17037)
Enhancement: This hotfix updates the Trend Micro Osprey Firefox Extension and enables it to support Firefox 51 and later versions.
- Hotfix 6492 (SEG-19689)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 starts to support Google Chrome version 63.
- Hotfix 6493 (SEG-19005)
Issue: The OfficeScan Behavior Monitoring feature may trigger high CPU usage on protected computers.
Solution: This hotfix updates the Behavior Monitoring module to prevent the high CPU usage issue.
- Hotfix 6501 (SEG-19381)
Issue: The OfficeScan web console indicates that a failed suspicious object list synchronization with Control Manager was successful.
Solution: The hotfix changes the time-out value for the suspicious object list synchronization with Control Manager from 0 to 45 seconds to ensure that the correct synchronization task result appears on the OfficeScan web console.
- Hotfix 6501 (SEG-20316)
Issue: The system information, product information, product version, and entity icon do not update automatically
after users apply Critical Patch 6469 to the Corp server.
Solution: This hotfix updates the OfficeScan 11.0 Service Pack 1 server file to ensure that the system information,
product information, product version, and entity icon are updated correctly.
- Hotfix 6501 (SEG-20372)
Issue: Some information in exported Excel files do not match the information on the OfficeScan server management console.
Solution: This hotfix updates the OfficeScan server file to ensure that the exported information match the corresponding information on the OfficeScan server management console.
- Hotfix 6501 (SEG-20949)
Issue: Under certain scenarios, some OfficeScan processes may stop unexpectedly.
Solution: This hotfix updates the Behavior Monitoring module to enhance the self-protect feature of OfficeScan processes.
- Hotfix 6502 (SEG-21031)
Issue: Duplicate violation logs may be generated for certain samples.
Solution: This hotfix enables OfficeScan to limit the generation of violation events to one for each policy for each file.
Procedure: To configure the new settings for DLP:
a. Install this hotfix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the following keys and set all to "true".
[Configure]
LOG_THROTTLE=true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings >
DLP settings".
f. Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents
and adds the keys in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder.
- Hotfix_6503 (SEG-21886)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 starts to support the following Google Chrome versions:
- Google Chrome(TM) 64
- Hotfix 6504 (SEG-19753)
Issue: If multiple plug-in service (PLS) versions are available, the
OfficeScan Control Manager Agent (CMAgent) reports the version and
status information of all these available versions to the Trend
Micro Control Manager(TM) server. This prevent the Control
Manager server from determining which PLS version is currently
installed on each OfficeScan client.
Solution: This hot fix sets a filter criteria to enable the OfficeScan
CMAgent to report only the version and status information of the
PLS version that is currently installed on the OfficeScan client
to the Control Manager server.
- Hotfix 6505 (SEG-23087)
Issue: OfficeScan agents receive C&C callback detected alerts for IPs in the approved list.
Solution: This hotfix resolves a file path issue to help ensure that IPs in the approved list do not trigger C&C callback detected alerts.
- Hotfix 6505 (SEG-17611)
Issue: The Data Loss Prevention(TM) (DLP) services and IMAPI driver may stop responding or stop unexpectedly during CD/DVD burning operations in Microsoft(TM) Windows(TM) Explorer.
Solution: This hotfix resolves the issue by updating the DLP module to correct the CD/DVD burning cache
read operation in DLP services and refines the flow of the CD/DVD burning event wait in IMAPI driver.
- Hotfix 6505 (SEG-22504)
Issue: 32-bit OfficeScan processes may stop unexpectedly on 64-bit platforms.
Solution: This hotfix resolves the issue by updating how the DLP module matches path names when locating the "wow64.dll" path.
- Hotfix 6509 (SEG-23617)
Issue: The certificate of the saknet.sys" file is valid from March 23 2016 to June 28, 2017 only.
Solution: This hotfix replaces the ""saknet.sys"" file in the Trend Micro Data Loss Prevention(TM) (DLP) module with a "saknet.sys" file that contains a valid certificate.
- Hotfix 6509 (SEG-23512)
Enhancement: This hotfix provides a way for users to approve programs to run without checks by Meerkat (a detection improvement program that monitors newly encountered programs downloaded through HTTP or email applications).
- Hotfix 6515 (VRTS-2227)
Issue: The UMH driver does not check the length of incoming data when processing IOCTL requests. This can cause tmumh.sys driver exploit vulnerability.
Solution: This hotfix resolves the vulnerability by enabling the UMH driver to filter long IRP packets.
- Hotfix 6515 (VRTS-2185)
Issue: An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution: This hotfix updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
- Hotfix 6515 (SEG-21807)
Issue: Manual scans may not be able to completely scan a network drive when triggered using the "PccNt.exe filepath" command.
Solution: This hotfix resolves the issue by ensuring that the PccNt.exe process waits for the manual scan to complete.
- Hotfix 6515 (SEG-24287)
Issue: The OfficeScan server cannot apply a Trend Micro Control Manager(TM) policy if the policy settings contain any UTF-8 character.
Solution: This hotfix enables the OfficeScan server to handle UTF-8 strings in Control Manager policies to resolve the issue.
- Hotfix 6515 (SEG-24294)
Enhancement: This hotfix enables Trend Micro Data Loss Prevention(TM) (DLP) Endpoint SDK 6.0 to support Google Chrome 65.
- Hotfix 6519 (SEG-23706)
Issue: The "Offline Time" column on the OfficeScan web console displays inaccurate information.
Solution: This hotfix updates the OfficeScan server files to ensure that the correct offline time information appears in the "Offline Time" column.
- Hotfix 6519 (SEG-23706)
Issue: The OfficeScan server may export the wrong agent list information because there is not enough buffer memory.
Solution: This hotfix enlarges the buffer size to fix this issue.
- Hotfix 6519 (SEG-25099)
Issue: There is a spelling error in the "Action on Exception Rule" page of the OfficeScan agent console.
Solution: This hotfix updates the OfficeScan agent program to correct the spelling error on the page.
- Hotfix 6537 (SEG-26207), (SEG-25423)
Issue: Blue screen of death (BSOD) occurs on Microsoft(TM) Surface(TM) computers protected by OfficeScan 11.0.
Solution: This hotfix updates the OfficeScan Behavior Monitoring feature to prevent the BSOD issue on protected Microsoft Surface computers.
- Hotfix 6537 (SEG-25025)
Issue: OfficeScan client computers running on Microsoft Windows(TM) 10 slow down when opening the right-click (shell) menu.
Solution: This hotfix updates the Data Loss Prevention(TM) (DLP) module to prevent OfficeScan client computers running on Windows 10 from slowing down while opening the right-click menu.
- Hotfix 6537 (SEG-24773)
Issue: OfficeScan uninstallation may fail because certificate verification takes takes too long to complete.
Solution: This hotfix enables users to configure the timeout value for certificate verification to help ensure that uninstallation proceeds normally.
Procedure: To set the timeout value for certificate verification during OfficeScan uninstallation:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file using a text editor.
c. Under Add the following key and set its value to the preferred timeout value in seconds divided by five. For example, to set the timeout to 15 seconds, set:
[Global Setting]
WaitCheckSignTimes=3
NOTE: The default value is "3".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
- Hotfix 6537 (SEG-24846)
Issue: An issue prevents OfficeScan from detecting file attachments in Gmail.
Solution: The hotfix resolves the issue by enabling OfficeScan to parse file attachments using an HTTP and HTTP/2 parser.
- Hotfix 6537 (SEG-26522)
Issue: "DbServer.exe" stops unexpectedly because of a Scan Operation log generated when a scheduled database compression task fails.
Solution: This hotfix enables the database to delete the Scan Operation log once it has recovered successfully.
- Hotfix 6537 (SEG-21108)
Issue: A high CPU usage issue occurs when OfficeScan's Behavior Monitoring module communicates with the User-Mode Hook Event module.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 6537 (SEG-25338)
Issue: The OfficeScan Behavior Monitoring feature may cause performance issues while the OfficeScan agent unloads on a protected computer.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 6537 (SEG-24943)
Enhancement: This hotfix implements a periodic purging mechanism for open file tables to prevent a potential memory leak issue in the DLP user-mode scanning service.
- Hotfix 6537 (SEG-26977)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support Google Chrome 66.0.3359.117.
- Hotfix 6537 (SEG-27655)
Enhancement: This hotfix allows users to configure OfficeScan to automate the process of moving a large number of OfficeScan clients to another OfficeScan server or specific domain and/or to uninstall OfficeScan agents.
Procedure: To enable the new settings:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
c. Under the "Global Setting" section, manually add the following keys and set both values to "1".
[Global Setting]
EnableMoveNATClient=1
MoveNATClientRemoveEmptyDomain=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
Only "EnableMoveNATClient" will be deployed to client in the following path:
For x64 platforms:
HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
For x86 platforms:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
Key: EnableMoveNATClient
Type: DWORD
Value: 1
Back to top
8. Contact Information
A license to Trend Micro software
usually includes the right to product updates, pattern file updates, and
basic technical support for one (1) year from the date of purchase only.
After the first year, you must renew Maintenance on an annual basis at
Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone,
and email, or visit our website to download evaluation copies of Trend
Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
Note: This information is subject to
change without notice.
Back to top
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Copyright 2018, Trend Micro Incorporated. All rights reserved.
Trend Micro, OfficeScan, Data Loss Prevention, and the t-ball logo
are trademarks of Trend Micro Incorporated and are registered in
some jurisdictions. All other marks are the trademarks or
registered trademarks of their respective companies.
Back to top
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/.
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide
Back to top