Contents
1. Critical Patch Release Information 
Resolved Known Issues
This Critical Patch resolves the following issue(s):
A possible ZDI-CAN-6104 compromise may cause the OfficeScan NT RealTime Scan ("Ntrtscan.exe") service to stop unexpectedly.
Solution:
This critical patch updates the OfficeScan agent program to resolve the vulnerability.
Enhancements
There are no enhancements for this Critical Patch release.
Files Included in this Release
A. Files for Current Issue(s)
-------------------------------------------------------------------
Filename Build Number
------------------------------ ------------
OfficeScan\PCCSRV\Admin\Utility\EdgeServer\*.*
OfficeScan\PCCSRV\Admin\Utility\SQL\*.*
OfficeScan\PCCSRV\Pccnt\Disk1\*.*
OfficeScan\PCCSRV\
-------------------------------------------------------------------
AutoPcc.exe 12.0.0.5180
AutoPccP.exe 12.0.0.5180
CGIResUTF8.dll 12.0.0.5180
libNetCtrl.dll 13.0.0.5172
loadhttp.dll 13.0.0.5172
ofc_loadhttp.dll 13.0.0.5172
OfcPfwCommon.dll 13.0.0.5172
OfcPIPC.dll 13.0.0.5172
OfficeScan\PCCSRV\Admin\
-------------------------------------------------------------------
ciussi32.dll 2.0.0.2074
ciussi64.dll 2.0.0.2074
InstNTRes.dll 12.0.0.5180
InstReg.exe 13.0.0.5172
loadhttp.dll 13.0.0.5172
ofc_loadhttp.dll 13.0.0.5172
patchbld.dll 12.21.0.0
PATCHW32.DLL 12.21.0.0
patchw64.dll 12.20.0.0
pbld64.dll 12.20.0.0
SetupUsr.dll 12.0.0.5180
Wizard.exe 13.0.0.5172
Wizard_64x.exe 13.0.0.5172
OfficeScan\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
OfcPfwCommon.dll 13.0.0.5172
OfficeScan\PCCSRV\Admin\Utility\IpXfer\
-------------------------------------------------------------------
IpXfer.exe 13.0.0.5172
IpXfer_x64.exe 13.0.0.5172
OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\
-------------------------------------------------------------------
CGIResUTF8.dll 12.0.0.5180
OfficeScan\PCCSRV\Admin\Utility\SaasStorageMgr\
-------------------------------------------------------------------
ofcASMgr.exe 12.0.0.5180
OfficeScan\PCCSRV\Admin\Utility\ServerMigrationTool\
-------------------------------------------------------------------
CGIResUTF8.dll 12.0.0.5180
ServerMigrationTool.exe 12.0.0.5180
OfficeScan\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
libSQLDatabaseUpgrade.dll 12.0.0.5180
oscedbt.exe 12.0.0.5180
OfficeScan\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
DatFHS.dll 13.0.0.5172
loadhttp.dll 13.0.0.5172
TMVS.exe 12.0.0.5180
OfficeScan\PCCSRV\CmAgent\
-------------------------------------------------------------------
CGIResUTF8.dll 12.0.0.5180
ProductLibrary.dll 12.0.0.5180
ProductUI.zip *
OfficeScan\PCCSRV\Download\Engine\
-------------------------------------------------------------------
BMdriver_x32.sig *
BMdriver_x32.zip *
BMdriver_x64.sig *
BMdriver_x64.zip *
bmservice_x32.sig *
bmservice_x32.zip *
bmservice_x64.sig *
bmservice_x64.zip *
OfficeScan\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite_Common.zip *
DlpLite_Common_x64.zip *
OfficeScan\PCCSRV\Engine\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.976.0.2161
TMBMCLI.dll 2.976.0.2161
TMBMSRV.exe 2.976.0.2161
tmcomeng.dll 2.976.0.2161
TmEngDrv.dll 2.976.0.2161
TMPEM.dll 2.976.0.2161
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmSysEvt.dll 7.0.0.1160
tmtap.dll 6.0.0.1074
tmwlutil.dll 2.976.0.2161
OfficeScan\PCCSRV\Engine\x64\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.976.0.2161
TMBMCLI.dll 2.976.0.2161
TMBMSRV.exe 2.976.0.2161
tmcomeng.dll 2.976.0.2161
TmEngDrv.dll 2.976.0.2161
TMPEM.dll 2.976.0.2161
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmSysEvt.dll 7.0.0.1160
tmtap.dll 6.0.0.1074
tmwlutil.dll 2.976.0.2161
OfficeScan\PCCSRV\LWCS\
-------------------------------------------------------------------
lwcs_msg.ini *
OfficeScan\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip *
NTMonRes.dll 12.0.0.5180
NTRtScan.exe 13.0.0.5172
NTSvcRes.dll 12.0.0.5180
OfficeScan\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
ApricotCBRuleHandler.dll 2.0.0.1040
ApricotManagerModule.dll 2.0.0.1040
CCSF_WIN32.zip *
CNTAoSMgr.exe 2.3.0.4516
CompRmv.exe 13.0.0.5172
crc0filter.dll 2.82.0.1056
DatFHS.dll 13.0.0.5172
fcWofieUI.dll 13.0.0.5172
FileBrowsingRuleHandler.dll 2.0.0.1040
ICRCHdler.dll 2.82.0.1056
libApricotLog.dll 2.0.0.1040
libcurl.dll 7.55.1.0
libeay32.dll 1.0.2.14
libNetCtrl.dll 13.0.0.5172
loadhttp.dll 13.0.0.5172
NTRmv.exe 13.0.0.5172
ofc_loadhttp.dll 13.0.0.5172
OfcCCCAUpdate.exe 13.0.0.5172
OfcPfwCommon.dll 13.0.0.5172
OfcPfwSvc.dll 13.0.0.5172
OfcPIPC.dll 13.0.0.5172
PccNT.exe 13.0.0.5172
PccNTMon.exe 13.0.0.5172
PccNTUpd.exe 13.0.0.5172
ssleay32.dll 1.0.2.14
SurrogateTmListen.exe 13.0.0.5172
TmListen.dll 13.0.0.5172
TmListen.exe 13.0.0.5172
TmListenShare.dll 13.0.0.5172
TmOPP.dll 13.0.0.5172
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmPfwCtl.dll 5.83.0.1050
TmSock.dll 13.0.0.5172
TmSSClient.exe 13.0.0.5172
UpdGuide.exe 13.0.0.5172
Upgrade.exe 13.0.0.5172
utilPfwInstCondChecker.exe 13.0.0.5172
WofieLauncher.exe *
xpupg.exe 13.0.0.5172
OfficeScan\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat *
tmactmon.inf *
tmactmon.sys 2.976.0.2150
tmcomm.cat *
tmcomm.inf *
tmcomm.sys 7.0.0.1160
tmevtmgr.cat *
tmevtmgr.inf *
tmevtmgr.sys 2.976.0.2150
tmlwf.cat *
tmlwf.inf *
tmlwf.sys 5.83.0.1055
tmusa.cat *
tmusa.inf *
tmusa.sys 3.0.0.1047
tmwfp.cat *
tmwfp.inf *
tmwfp.sys 5.83.0.1055
OfficeScan\PCCSRV\Pccnt\Drv\x64\
-------------------------------------------------------------------
tmactmon.cat *
tmactmon.inf *
tmactmon.sys 2.976.0.2150
tmcomm.cat *
tmcomm.inf *
tmcomm.sys 7.0.0.1160
tmevtmgr.cat *
tmevtmgr.inf *
tmevtmgr.sys 2.976.0.2150
tmlwf.cat *
tmlwf.inf *
tmlwf.sys 5.83.0.1055
tmusa.cat *
tmusa.inf *
tmusa.sys 3.0.0.1047
tmwfp.cat *
tmwfp.inf *
tmwfp.sys 5.83.0.1055
OfficeScan\PCCSRV\Pccnt\Win64\x64\
-------------------------------------------------------------------
ApricotCBRuleHandler.dll 2.0.0.1040
ApricotManagerModule.dll 2.0.0.1040
CCSF_X64.zip *
CompRmv.exe 13.0.0.5172
crc0filter.dll 2.82.0.1056
DatFHS.dll 13.0.0.5172
fcWofieUI.dll 13.0.0.5172
FileBrowsingRuleHandler.dll 2.0.0.1040
ICRCHdler.dll 2.82.0.1056
libApricotLog.dll 2.0.0.1040
libcurl.dll 7.55.1.0
libeay32.dll 1.0.2.14
libNetCtrl_64x.dll 13.0.0.5172
loadhttp_64x.dll 13.0.0.5172
NTRmv.exe 13.0.0.5172
Ntrtscan.exe 13.0.0.5172
ofc_loadhttp_64x.dll 13.0.0.5172
OfcCCCAUpdate.exe 13.0.0.5172
OfcPfwCommon_64x.dll 13.0.0.5172
OfcPfwSvc_64x.dll 13.0.0.5172
OfcPIPC_64x.dll 13.0.0.5172
PccNT.exe 13.0.0.5172
PccNTMon.exe 13.0.0.5172
PccNTUpd.exe 13.0.0.5172
ssleay32.dll 1.0.2.14
SurrogateTmListen.exe 13.0.0.5172
TmListen.exe 13.0.0.5172
TmListen_64x.dll 13.0.0.5172
TmListenShare_64x.dll 13.0.0.5172
TmOPP_64x.dll 13.0.0.5172
TmPfw.exe 5.83.0.1050
TmPfwApi.dll 5.83.0.1050
TmPfwCtl.dll 5.83.0.1050
TmSock_64x.dll 13.0.0.5172
TmSSClient.exe 13.0.0.5172
UpdGuide.exe 13.0.0.5172
Upgrade.exe 13.0.0.5172
utilPfwInstCondChecker.exe 13.0.0.5172
WofieLauncher.exe *
xpupg.exe 13.0.0.5172
OfficeScan\PCCSRV\Private\
-------------------------------------------------------------------
DlpClc.xml *
OfficeScan\PCCSRV\Private\certificate\
-------------------------------------------------------------------
libeay32.dll 1.0.2.12
openssl.exe *
ssleay32.dll 1.0.2.12
OfficeScan\PCCSRV\Private\LogServer\
-------------------------------------------------------------------
OfcPIPC.dll 13.0.0.5172
OfficeScan\PCCSRV\Web\Service\
-------------------------------------------------------------------
AosProxy.exe 12.0.0.5180
CGIOCommon.dll 12.0.0.5180
CGIResUTF8.dll 12.0.0.5180
CmdHLClient.dll 12.0.0.5180
CmdHOConsole.dll 12.0.0.5180
cme_dll.dll 6.2.0.1196
cme_vxe_dll_static.dll 6.2.0.1196
DatFHS.dll 13.0.0.5172
DbServer.exe 12.0.0.5180
libCmdHndlrClientV2.dll 12.0.0.5180
libCmdHndlrConsoleV2.dll 12.0.0.5180
loadhttp.dll 13.0.0.5172
LogCache.dll 12.0.0.5180
NTSvcRes.dll 12.0.0.5180
ofc_loadhttp.dll 13.0.0.5172
OfcCCCAUpdate.exe 13.0.0.5172
OfcDBBackup.exe 12.0.0.5180
OfcDownload.dll 12.0.0.5180
OfcHotFix.exe 12.0.0.5180
OfcNotifyQueue.dll 12.0.0.5180
OfcPfwCommon.dll 13.0.0.5172
OfcService.exe 12.0.0.5180
VerConn.exe 12.0.0.5180
OfficeScan\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
cgiExportInfo.exe 12.0.0.5180
CGIResUTF8.dll 12.0.0.5180
loadhttp.dll 13.0.0.5172
OfcPfwCommon.dll 13.0.0.5172
OfficeScan\PCCSRV\Web_OSCE\Web_Console\CGI\
-------------------------------------------------------------------
cgiAuthManagement.exe 12.0.0.5180
cgiChkMasterPwd.exe 12.0.0.5180
CGIOCommon.dll 12.0.0.5180
CGIResUTF8.dll 12.0.0.5180
cgiShowActiveDirectory.exe 12.0.0.5180
cgiShowClientAdm.exe 12.0.0.5190
cgiShowLogs.exe 12.0.0.5180
cgiShowServerAdm.exe 12.0.0.5180
cgiShowSummary.exe 12.0.0.5180
cgiShowUpdate.exe 12.0.0.5180
fcgiOfcDDA.exe 12.0.0.5180
loadhttp.dll 13.0.0.5172
OfcPfwCommon.dll 13.0.0.5172
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\
-------------------------------------------------------------------
device_control.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm *
admin_account_menu.htm *
Admin_Role_Add.htm *
Admin_User_List.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\
-------------------------------------------------------------------
bm_settings.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_cfg_wtp.htm *
client_globalsetting.htm *
client_list_2.htm *
client_urlfiltering_profiles.htm *
install_remote.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\cloud_service\
-------------------------------------------------------------------
import_bw_list.htm *
scan_source.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
js-clientmag.js *
ln_cloud.js *
ln_common.js *
trend-ui-opt_list.js *
trend-ui.domaintree.js *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\css\
-------------------------------------------------------------------
index.css *
l10n-style.css *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.clientmag.js *
l10n.dlp.js *
l10n.global.js *
l10n.logs.js *
l10n.update.js *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\util\
-------------------------------------------------------------------
common.js *
osce.menubar.js *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\
-------------------------------------------------------------------
compliance_report.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\dlp\
-------------------------------------------------------------------
dlp_FileAttr_addedit.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\logs\
-------------------------------------------------------------------
logs_pfw.htm *
logs_pfw_detail.htm *
logs_pfw_view.htm *
logs_trendx_view.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\outbreak\
-------------------------------------------------------------------
opp_mutex_block.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\root\
-------------------------------------------------------------------
help_start.htm *
logon.htm *
menu.html *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\serveradm\
-------------------------------------------------------------------
edge_server.htm *
server_cmagent_saas.htm *
server_migration.htm *
server_proxy.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\tools\
-------------------------------------------------------------------
tools_admin_clients.htm *
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\
-------------------------------------------------------------------
osce_proxy.php *
OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\repository\widgetPool\product\
-------------------------------------------------------------------
config.php *
OfficeScan\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\
-------------------------------------------------------------------
cgiRemoteInstall.exe 12.0.0.5180
CGIResUTF8.dll 12.0.0.5180
loadhttp.dll 13.0.0.5172
Wizard.exe 13.0.0.5172
Wizard_64x.exe 13.0.0.5172
B. Network Traffic Required in Deployment
-------------------------------------------------------------------
Estimated size (in terms of bandwidth) of deployed agent files
in this critical patch.
- 32-bit agent total = 80.0 MB
- 64-bit agent total = 113.2 MB
2. Documentation Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
- Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
- To access the Support Portal, go to http://esupport.trendmicro.com
3. System Requirements
4. Installation/Uninstallation
Installing
To install:
- Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This Critical Patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.
Uninstalling
To manually roll back to the previous build:
- Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\Critical Patch_B5180" directory.
- Stop the OfficeScan Master Service.
- Stop the OfficeScan CMAgent Service.
- Copy the backup modules to the original folders.
- Start the OfficeScan CMAgent Service.
- Start the OfficeScan Master Service.
5. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
6. Known Issues
Known issues in this release:
Before deploying this Critical Patch to OfficeScan agents running Windows 10 "April 2018 Update" (v1803), you must add some process exceptions to the Behavior Monitoring Approved List. OfficeScan agents that do not have an updated Approved List may encounter a blue screen of death (BSOD) after applying the Critical Patch. For more details, refer to the following KB: https://success.trendmicro.com/solution/1119990
7. Release History
Prior Hotfixes
Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.
(SEG-17879)
After upgrading to OfficeScan XG Service Pack 1, the OfficeScan agent program and some other applications (for example, Print spooler) may encounter an HTTP service issue.
Solution:
This critical patch ensures that OfficeScan agents do not stop the HTTP service allowing other applications to function normally after upgrading to OfficeScan XG Service Pack 1.
(SEG-18068)
The Trend Micro Control Manager(TM) server SQL database grows rapidly because the OfficeScan server sends a large number of plug-in service (PLS) status logs to the Control Manager server.
Solution:
This critical patch resolves the issue by ensuring that the OfficeScan server does not send old PLS status logs repeatedly to the Control Manager server.
(SEG-18115)
The Behavior Monitoring approved list does not work on files specified by a network path.
Solution:
This critical patch updates the logic for the Behavior Monitoring approved list to ensure that it works on files specified by a network path.
(SEG-18460)
After upgrading to OfficeScan XG Service Pack 1, the system may be unable to access certain third-party application files if Predictive Machine Learning is enabled.
Solution:
This hotfix updates the Behavior Monitoring service to not block valid third-party applications.
(SEG-18096)
When Trend Micro Smart Feedback is enabled, it shares anonymous threat information with the SPN. However, Predictive Machine Learning does not use anonymous information when sending the SPN feedback information.
Solution:
This hotfix updates the Falcon Core Engine and the OfficeScan agent program to resolve the issue.
(SEG-19719)
The OfficeScan Behavior Monitoring feature may cause high CPU usage on protected computers.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-19626)
The OfficeScan server cannot add UNC paths to the approved list in the Behavior Monitoring Settings.
Solution:
This hotfix updates the OfficeScan server file to enable it to add UNC paths in the Behavior Monitoring approved list.
(SEG-20254)
This hotfix provides a way for users to generate an installation package for coexisting OfficeScan agents on the On-Premise OfficeScan server.
Procedure:
To generate the installation package for coexisting OfficeScan agents:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- SupportCoexistMode=1
- Save the changes and close the file.
- Restart the OfficeScan Master Service.
- After the OfficeScan Master service is running, open a command prompt with administrator privilege, and navigate to the "\PCCSRV\Admin\Utility\ClientPackager\" directory.
- Run the following command to create Windows installation package for OfficeScan agents using coexist mode:
- For 32-bit:
- Clnpack.exe /m /av /as /pfw /com /dcs /smart /o x86 /coexist /d "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Download\agent_coexist_x86.msi" /s "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV"
- For 64-bit:
- Clnpack.exe /m /av /as /pfw /com /dcs /smart /o x64 /coexist /d "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Download\agent_coexist_x64.msi" /s "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV"
Administrators can retrieve the following installation packages for coexisting OfficeScan agents from the "\PCCSRV\Download" folder on the OfficeScan server installation directory.
- agent_coexist_x86.msi
- agent_coexist_x64.msi
(SEG-20164)
An issue prevents the OfficeScan server from deploying the correct local language settings to agents.
Solution:
This hotfix resolves the issue by updating the OfficeScan agent program.
(SEG-20301)
OfficeScan stops generating logs unexpectedly after users enable the "Schedule scan connection verification" setting.
Solution:
This hotfix updates the logic flow from the check timer to solve this issue.
(SEG-20997)
The OfficeScan Behavior Monitoring feature may cause high CPU usage on protected endpoints when Sysmon.exe is running.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-20954)
Under certain scenarios, some OfficeScan processes may stop unexpectedly.
Solution:
This hotfix updates the Behavior Monitoring module to enhance the self-protect feature of OfficeScan processes.
(SEG-21322)
After upgrading to OfficeScan XG Service Pack 1, the OfficeScan web console will display the connection status of all OfficeScan agents as "independent".
Solution:
This hotfix resolves the issue by ensuring that the OfficeScan server can successfully retrieve the correct agent connection status.
(SEG-20549)
Data Loss Prevention(TM) (DLP) blocks the Skype application.
Solution:
This hotfix updates the DLP module that contains the improved process flow to prevent false positive alerts when the Skype application conducts file access events on its temporary files.
(SEG-20076), (SEG-20983)
32-bit OfficeScan processes may stop unexpectedly on 64-bit platforms.
Solution:
This hotfix resolves the issue by updating how the DLP module matches path names when locating the "wow64.dll" path.
(SEG-19818)
An interoperability issue between the VMware Horizon agent and the User-Mode Hooking feature of OfficeScan agents triggers a black screen when a protected computer restarts after agent installation.
Solution:
This hotfix updates the User-Mode Hooking driver to solve this issue.
(SEG-20121)
The firewall's "Quarantine" action in medium security level blocks the FTP session.
Solution:
This hotfix changes the "Quarantine" action to "Drop" in medium security level to resolve the issue.
(SEG-19174)
The Virus/Malware logs that agents send to the OfficeScan server disappear unexpectedly after administrators migrate the OfficeScan database from CodeBase to an SQL Server database using the SQL Server Migration Tool.
Solution:
This hotfix updates the OfficeScan server program to ensure that OfficeScan keeps security risk logs after migrating the database.
(VRTS-1181)
An attacker may be able to use the "Sc.exe" file to run unauthorized commands on a computer protected by OfficeScan.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-20630)
This hotfix enables the SQLMIGRATION.LOG in the OfficeScan XG Service Pack 1 server. By default, the SQLMIGRATION.LOG file is in the "\PCCSRV\Admin\Utility\SQL" folder on the OfficeScan server installation directory.
(SEG-20474)
An issue prevents the "showunlockbutton" feature from working on OfficeScan XG Service Pack 1.
Solution:
This hotfix updates the OfficeScan XG Service Pack 1 server file to ensure that the "showunlockbutton" feature works normally.
(SEG-21429)
OfficeScan does not propagate the OfficeScan Predictive Machine Learning settings to the clients or domains when applying the settings at the root level and using the Microsoft(TM) SQL database.
Solution:
This hotfix resolves this issue by using the correct parameter based on the implementation of the database APIs.
(SEG-21638)
An issue may prevent the OfficeScan agent from downloading pattern files.
Solution:
This hotfix updates the OfficeScan XG Service Pack 1 server file to ensure that the OfficeScan agent updates files normally.
(SEG-21643)
The OfficeScan agent downloads the SAL pattern file even if the current pattern file is already updated.
Solution:
This hotfix updates the OfficeScan XG Service Pack 1 server files to ensure that the OfficeScan agent only gets updated pattern files from the server.
(SEG-19769)
The OfficeScan server widget queries Data Loss Prevention(TM) (DLP) logs using the "root" account. This situation causes backend processes to always return all logs to any user.
Solution:
This hotfix resolves the issue by adding a method that allows administrators to check all viewable domains of currently logged-on users if the request comes from a widget. The hotfix adds a hidden key to enable or disable this feature.
Procedure:
To configure the new setting for "ofcserver.ini":
- Install this hotfix (see "Installation").
- Open the "ofcserver.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "SERVER_CONSOLE_SECTION" section, manually configure the following:
- [SERVER_CONSOLE_SECTION]
- ShowDLPLogByAccountPermission=1
- Save the changes and close the file.
- Reload the browser.
(SEG-21508)
The OfficeScan Predictive Machine Learning feature may prevent users from printing Microsoft(TM) Office files or from downloading these files through a web browser normally.
Solution:
This hotfix provides a way for users to approve programs to run with deferred scanning by Predictive Machine Learning to prevent these issues.
Procedure:
To approve programs to run with deferred scanning by Predictive Machine Learning:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following keys and specify each approved program separately.
- [Global Setting]
- DS_ProcessCount=the number of programs in the approved list, supports any integer from 1 to 1000
- DS_ProcessName000=process name of the approved program, where "000" notes the first item on the list
For example:
- [Global Setting]
- DS_ProcessCount=4
- DS_ProcessName000=iexplore.exe
- DS_ProcessName001=Chrome.exe
- DS_ProcessName002=FireFox.exe
- DS_ProcessName003=WINWORD.EXE
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following entries of TXS.ini on all OfficeScan agent computers:
- [TrendX_Settings]
- DS_ProcessCount=4
- DS_ProcessName000="The encrypted string of the preferred program"
- DS_ProcessName001="The encrypted string of the preferred program"
- DS_ProcessName002="The encrypted string of the preferred program"
- DS_ProcessName003="The encrypted string of the preferred program"
(SEG-22955)
The system information, product information, product version, and entity icon do not update automatically.
Solution:
This hotfix updates the OfficeScan 12.0 Service Pack 1 server file to ensure that the system information, product information, product version, and entity icon are updated correctly.
(VRTS-1974)
A time-of-check/time-of-use privilege escalation vulnerability exists with the "tmusa.sys" kernel file (Osprey).
Solution:
This hotfix updates the kernel files for Osprey to address the vulnerability.
(SEG-22406)
The certificate of the "saknet.sys" file is valid from March 23, 2016 to June 28, 2017 only.
Solution:
This hotfix replaces the "saknet.sys" file in the Trend Micro Data Loss Prevention(TM) (DLP) module with a "saknet.sys" file that contains a valid certificate.
(SEG-21120)
Some unexpected hostname IPs may be resolved during the drag-and-drop and open file dialog upload for supported web services and "facebook.com" IP resolution is not supported during browser file upload.
Solution:
This hotfix updates the DLP module to enable it to first check if a hostname belongs to the supported web services list before attempting to resolve the IP address during the drag-and-drop and open file dialog upload. This hotfix also adds support for "facebook.com" in the supported web services list.
(SEG-21805)
A protected computer may stop unexpectedly when an invalid policy is set for the DLP services.
Solution:
This hotfix updates the DLP module to add restrictions, particularly for operations, to the DLP XML policy validators to help prevent the issue.
(SEG-22771)
When an OfficeScan XG client performs the "Clean" action on certain backup files, it may also transfer the files to the "Virus" folder. The files in this folder are sent to the OfficeScan server along with quarantined files.
Solution:
This hotfix prevents OfficeScan XG clients from saving a copy of cleaned BR0 to BRF backup files, for example XXX.BR0, XXX.BR1, XXX.BR2 to XXX.BRF, in the suspected virus folder. This ensures that cleaned files are not sent to the OfficeScan server.
(SEG-21714)
This hotfix helps ensure that DLP violation logs displays the correct channel name and file path for Google Drive.
(SEG-21808)
The hotfix enables the DLP module to support Microsoft(TM) Windows(TM) 10 Redstone 4 Insider Preview (10.0.17083).
(SEG-21560)
The Data Loss Prevention(TM) (DLP) module does not monitor upload transfers in https://wetransfer.com.
Solution:
This hotfix adds https://wetransfer.com to the DLP module's "browser_pattern.xml" file to enable the module to monitor open file dialog and drag and drop operations on the website.
(SEG-20549)
The Data Loss Prevention(TM) (DLP) module blocks the Skype application.
Solution:
This hotfix updates the DLP module that contains the improved process flow to prevent false positive alerts when the Skype application conducts file access events on its temporary files.
(SEG-24020)
A protected computer stops responding when the Trend Micro Endpoint Sensor triggers frequent file scans.
Solution:
The hotfix ensures that a protected computer runs normally when the Trend Micro Endpoint Sensor triggers file scans frequently.
(SEG-23740)
Certain Dell computers freeze after installing the OfficeScan agent.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-22052)
Ntrtscan stops unexpectedly while patterns are reloaded and OfficeScan still waits for the scan to stop. This happens when there are too many manual scan context instances.
Solution:
This hotfix resolves the issue by preventing OfficeScan from waiting for Ntrtscan to finish when it has already stopped and removes unused manual scan context instances from OfficeScan computers.
(SEG-23862)
The Certified Safe Software Service may not work properly on OfficeScan XG Service Pack 1 agents if users enabled the Smart Protection Service Proxy for service queries.
Solution:
This hotfix updates the OfficeScan agent program to ensure that the Certified Safe Software Service works as expected.
(SEG-13780)
The "ClientUUID" information in the "OfcCCCAUpdate.ini" file of OfficeScan XG clients is one character shorter than the correct value and contains garbled characters.
Solution:
This hotfix updates the OfficeScan XG client files to ensure that OfficeScan clients retrieves and stores the correct "ClientUUID" information.
(SEG-13780)
Communication between OfficeScan and Trend Micro Control Manager(TM) stops when the "SourceUUID" information in the "ofcDdaSrv.ini" file changes.
Solution:
This hotfix updates OfficeScan XG server files to ensure that the communication between OfficeScan XG and Control Manager is not interrupted when the "SourceUUID" information changes.
(SEG-21136)
When OfficeScan integrates with an Active Directory (AD) Server, users on the first layer will have the same domain management scope. While users on the second layer can login to the OfficeScan web console normally, they do not have privileges to view and manage the domains under the OfficeScan server.
Solution:
This hotfix changes the method to get all AD groups from the logon token and allow each AD user account to query all groups and manage domains under the same OfficeScan server.
(SEG-17659)
The Behavior Monitor re-entry on the PostCreate event may trigger a blue scree of death (BOSD) on Microsoft(TM) Windows(TM) XP embedded systems.
Solution:
This hotfix adds an anti-re-entry checking mechanism to the ActMonFilePostCreate task to resolve the issue.
(SEG-24160)
A network bandwidth issue occurs while Update Now is running.
Solution:
This hotfix adds the following conditions to prevent the OfficeScan agent from querying the Active Directory (AD) to prevent the network bandwidth issue.
- AegisEnableDac=1
- service switch of AEGIS or DLP=1
(VRTS-2185)
An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution:
This hotfix updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
(SEG-24468)
An issue prevents OfficeScan from blocking sensitive information sent through the HTTP(S) in "dlptest.com".
Solution:
This hotfix ensures that OfficeScan can block sensitive information in "dlptest.com" by adding a new formdata pattern for the site.
(SEG-22060)
This hotfix updates the OfficeScan Data Loss Prevention(TM) (DLP) module to enable its Device Control feature to work on portable devices with read-only permission.
Procedure:
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- InstallDLPWpdDriver=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- Key: InstallDLPWpdDriver
- Type: DWORD
- Value:
- 0 = Device Control does not work on portable devices with read-only permission
- 1 = Device Control works on portable devices with read-only permission
(SEG-20334)
An OfficeScan agent computer stops responding when the Data Loss Prevention(TM) (DLP) service is enabled while OneDrive for Business is running.
Solution:
This hotfix resolves the issue by updating the DLP module to improve the OneDrive for Business synchronization folder checking mechanism.
(SEG-25098)
There is a spelling error in the "Action on Exception Rule" page of the OfficeScan agent console.
Solution:
This hotfix updates the OfficeScan agent program to correct the spelling error on the page.
(SEG-25326)
Users may experience long loading times for websites when Web Reputation is enabled. This happens because OfficeScan XG agents that use a Proxy Auto-Configuration (PAC) file to establish proxy connection with a Smart Protection Server do not connect to the expected proxy.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-24934)
The "Offline Time" column on the OfficeScan web console displays inaccurate information.
Solution:
This hotfix updates the OfficeScan server files to ensure that the correct offline time information appears in the "Offline Time" column.
(SEG-24934)
The OfficeScan server may export the wrong agent list information because there is not enough buffer memory.
Solution:
This hotfix enlarges the buffer size to fix this issue.
(SEG-23999)
Users may encounter an "Update Failed" alert when they try to update the product license through the OfficeScan management console.
Solution:
This hotfix updates the OfficeScan server program to ensure that users can update the product license successfully through the OfficeScan management console.
(SEG-21635)
This hotfix enables DLP to support UnionPay credit cards.
(SEG-24756)
The Security Threat URL information in Virus/Malware logs do not appear in search results.
Solution:
The hotfix updates the OfficeScan server program and the "Virus_Encyclopedia_URL" to ensure that the correct Virus/Malware information appears on the redirected Threat Encyclopedia web page.
(SEG-23762)
The OfficeScan agent's memory usage increases when users open and close sub windows too many times.
Solution:
This hotfix allows users to configure OfficeScan to monitor the pccnt memory usage and to close the pccnt console automatically once the memory usage reaches 512 MB.
Procedure:
To configure OfficeScan to monitor the pccnt memory usage and to close the pccnt console automatically once the memory usage reaches 512 MB:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- MonitorPccntMemory=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro \PC-cillinNTCorp\CurrentVersion\Misc.
- Key: MonitorPccntMemoryUsage
- Type: DWORD
- Value: 1 = OfficeScan supports pccnt console will be closed automatically if pccnt memory usage is over 512 MB.
(SEG-22489)
The assessment function lists OfficeScan agent computers under the "No OfficeScan agent installed".
Solution:
This hotfix resolves the issue by enabling the assessment engine to try both HTTPS and HTTP to connect to clients.
(SEG-25336)
When the HTTPS communication port of OfficeScan XG Service Pack 1 agents is not configured correctly, these agents will not be able to connect to an OfficeScan XG Service Pack 1 server that was upgraded from an OfficeScan 11 server.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-25670)
There are spelling errors in the French version of the OfficeScan agent console's "Console Flyover" page.
Solution:
This hotfix updates the OfficeScan agent program to correct the spelling error on the page.
(SEG-24585)
OfficeScan agents in conventional scan mode without Internet connection cannot send Predictive Machine Learning threat queries when the "Use configured Smart Protection Sources for service queries" feature is enabled.
Solution:
This hotfix resolves the issue generating the necessary registry values to properly configure the Predictive Machine Learning and the "Use configured Smart Protection Sources for service queries" feature.
(SEG-25901), (SEG-21738)
Microsoft(TM) added a feature in Microsoft Windows(TM) 10 Fall Creators Update (RS3). After this update, the Windows Defender Security Center can no longer recognize the status of the OfficeScan antivirus and firewall.
Solution:
This hotfix enables the OfficeScan agent to report the "substatus" of both the antivirus and firewall to the Windows Security Center so that the Windows Defender Security Center displays the correct antivirus product status.
(SEG-25109)
In Microsoft Internet Explorer(TM) 11, illegal attachments in Yahoo Mail US attached using the "attached" button are not blocked.
Solution:
The hotfix enables OfficeScan to recognize the attachment filename in Yahoo Mail encoded in UTF-8 MIME.
(SEG-25911)
Trend Micro Endpoint Encryption (TMEE) cannot encrypt files normally when iDLP is enabled.
Solution:
The hotfix adds the new TMEE build (6.0.2023) in the approved list of the DLP module to resolve this issue.
(SEG-25802)
The Microsoft(TM) Windows(TM) 10 services do not start when a protected computer starts.
Solution:
This hotfix implements customized configurations to allow users to enable or disable the VMware ThinApp application detection feature which can help ensure that Windows 10 services start normally.
Procedure:
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the "check_vmware_thinapp" key and set its value to "false".
- [Configure]
- check_vmware_thinapp=false
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- check_vmware_thinapp=false
(SEG-24426)
The "Agents Connected to the Edge Relay Server" widget may display inaccurate date information if the server and browser are both set to time zone earlier than UTC-1, for example, UTC-6.
Solution:
This hotfix implements the following to resolve this issue:
- When collecting data, the widget will start from the midnight of the sixth day before the present day based on the local time zone.
- When adding a timestamp to information, the widget will set it to midnight of the same day based on the local time zone.
(SEG-24123)
Scans triggered by the PccNT command may not be able to scan a file on a network drive.
Solution:
This hotfix updates the OfficeScan client program to ensure that it can scan files in a network drive normally.
(SEG-19783)
Samples are sent to the Deep Discovery Analyzer server without any host name information.
Solution:
This hotfix ensures that OfficeScan server sends samples to the Deep Discovery Analyzer with the correct source host information.
(SEG-21124), (SEG-5076), (SEG-19481)
This hotfix enables users to configure OfficeScan to allow a user with restricted access to connect to an approved wireless SSID and to block these users from connecting to any wired network. This helps ensure that the user does not connect to both a wireless and a wired network at the same time.
Procedure:
To enable restricted users to connect to an approved wireless SSID and block these users from using any wired network:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set the preferred value for each.
- [Global Setting]
- EnableWhiteListSSID=y
- 1, enables the approved SSID list
- 0, (default) disables the approved SSID list
- WhiteListSSIDCount=x, the number of approved SSID on the list
- WhiteListSSID_0=abcd, first SSID
- WhiteListSSID_1=1111, subsequent SSID
- WhiteListSSID(x-1)=2222, any SSID specified after this key will not be used
- EnableBlockWiredNetwork=z
- 1, blocks all wired network interfaces
- 0, opens all wired network interfaces
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
NOTES:
- After blocking wired network interfaces and unloading the agent, you can reconnect these interfaces through the \Windows\Control Panel\Network and Internet\Network Connections\ page.
- When the SSID approved list is enabled, you can see the available wireless network SSIDs after unloading the agent.
(SEG-25901), (SEG-19481)
The OfficeScan web console does not display an alert when the Smart Scan Pattern is out-of-date.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- PatternTooOldSmartScan=1 NOTE: To disable the setting, set this key to "0" or delete it.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path:
- 32-bit: HKEYLOCALMACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternTooOldSmartScan
- 64-bit: HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternTooOldSmartScan
- Key: PatternTooOldSmartScan
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-23501)
This hotfix updates the DLP module to support API hooking in Windows 10 RS4 (10.0.17133)
(SEG-25807)
The hotfix enables OfficeScan to monitor file upload traffic for "uploadfiles.io" and "file.io" by adding the related file upload patterns for specific websites.
(SEG-24608)
This hotfix extends the capacity of the Control Device USB Exception list to support up to 100,000 entries.
(SEG-25160)
Microsoft(TM) Surface(TM) computers where the OfficeScan agent is installed may stop unexpectedly and experience blue screen of death (BSOD) when the Behavior Monitoring feature is enabled.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-23490), (SEG-19697)
The performance of protected computers slows down when the engine processes a PostClose event in "\Device\Volume".
Solution:
This hotfix provides a way to configure OfficeScan to skip PreClose and PostClose events in "\Device\Volume".
Procedure:
To enable OfficeScan to skip PreClose and PostClose events in "\Device\Volume":
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- tmevtmgr_SkipDeviceVolume=1
- NOTE: To disable the setting, set this key to "0" or delete it.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmevtmgr\Parameters
- Key: SkipDeviceVolume
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-23490), (SEG-14536)
The Keyparc Business program may take one minute to open a newly-created file on an encrypted drive on OfficeScan client computers.
Solution:
This hotfix imports new tmcomm drivers to help ensure that the Keyparc Business program can open newly-created files on encrypted drives normally.
Procedure:
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- TmCommBypassVolDevNormalizeReparse=1
- NOTE: Setting this key to "1" prevents OfficeScan from reparsing path normalization to prevent performance drop issues, BSOD, and other performance issues.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmcomm\Parameters
- Key: BypassVolDevNormalizeReparse
- Type: DWORD
- Value: 1 = OfficeScan skips reparsing of path normalization to prevent certain performance issues
- Restart the OfficeScan agents.
(SEG-23542)
After a session times out, an Active Directory (AD) account user can logon to the OfficeScan web console again without providing a username and password by refreshing the web page.
Solution:
This hotfix resolves the issue to ensure that AD account users are required to provide the login credentials again after refreshing the web page.
(SEG-25939)
OfficeScan's CPU usage may rise when uploading files to Citrix "sharefile.com" website.
Solution:
This hotfix helps keep OfficeScan's CPU usage within the manageable levels when it uploads files to "sharefile.com".
(SEG-26513)
The Data Loss Prevention(TM) (DLP) module stops unexpectedly while processing General Data Protection Regulation (GDPR) information.
Solution:
This hotfix ensures that the DLP module can process GDPR strings normally.
(SEG-24694)
The DLP module uses a large amount of CPU resources.
Solution:
The hotfix keeps the DLP module's CPU usage within normal levels.
(SEG-25427)
The CPU usage of the Trend Micro Data Protection Service reaches up to 25 to 30 percent when users upload an .mp4 file to Google Drive through a web browser.
Solution:
The hotfix provides a way to prevent the CPU usage of the Data Protection Services from rising when users upload .mp4 files to Google Drive and Dropbox.
Procedure:
To configure the new setting for DLP on Google Drive and Dropbox:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add its value.
- [Configure]
- cloudstorage_http2_check=false
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents". The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- cloudstorage_http2_check=false
- Find a target machine for verification
(SEG-23571)
OfficeScan agents with duplicate IP addresses are not removed automatically after the server-agent connection is verified.
Solution:
The hotfix ensures that OfficeScan automatically removes older agents with duplicate IP addresses after verifying the server-agent connection.
(SEG-15460)
The OfficeScan Firewall service may block the connection of a new generation NIC interface on Miracast devices.
Solution:
This hotfix provides a way to adopt the new NIC interface settings from Miracast devices.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EventTriggerIPChange=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent endpoints:
- Path:
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key: EventTriggerIPChange
- Type: REG_DWORD
- Value: 1
(SEG-26381)
OfficeScan agents with the program inspection feature enabled may encounter issues with third-party programs due to a conflict with the Memory Scan Trigger pattern (tmmst.ptn/tmmst64.ptn).
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-24736)
The OfficeScan User Mode Hooking (UMH) function may prevent the system from shutting down normally.
Solution:
This hotfix updates the OfficeScan UMH module to resolve this issue.
(SEG-23873)
The User Mode Hooking (UMH) module exclusion list does not accept UNC paths that contain any wildcard character.
Solution:
This hotfix enables the UMH module exclusion list to accept UNC paths that contain wildcard characters.
(SEG-22908)
The Scan Exclusion Directories and Scan Exclusion Files lists allow users to add more than 256 items.
Solution:
This hotfix ensures that OfficeScan only allows users to add up to 256 items to the lists which is the limitation indicated in the Administrator's Guide.
(SEG-27028)
After users apply Hotfix 5110, the "Role" column disappears from the "User Accounts" screen of the web console.
Solution:
This hotfix resolves the issue to ensure that the "Role" column appears on the "User Accounts" screen.
(SEG-27218)
Trend Micro Vulnerability Scanner (TMVS) stop working when users select more than two endpoints to install Trend Micro OfficeScan agent(s).
Solution:
This hotfix resolves the issue and provides a way to ensure that the correct port is used in "TMVS.ini" and "Schedule.ini".
Procedure:
To modify "TMVS.ini" and "Schedule.ini" so that both use the correct port:
- Install this hotfix (see "Installation").
- Open the "TMVS.ini" file in the "\PCCSRV\Admin\Utility\TMVS\" folder of the OfficeScan server installation directory using a text editor.
- Under the "OfficeScan Server Setting" section, manually delete the host name of the OfficeScan server from the key below:
- [OfficeScan Server Setting]
- OsceServer=
- Save the changes and close the file.
- Run "TMVS.exe". The "OsceServerPort" key under the "OfficeScan Server Setting" section in "TMVS.ini" will automatically be set to the SSL port.
- [OfficeScan Server Setting]
- OsceServerPort= SSL port
NOTE: "TMVS.exe" can be used for Manual Scan after modifying "TMVS.ini". If you have already created a scheduled scan record before applying this hotfix, proceed to the next step.
- Open the "Schedule[number].ini" file in the "\PCCSRV\Admin\Utility\TMVS\" folder of the OfficeScan server installation directory using a text editor.
NOTES:
- [number] depends on the user's environment, it may be Schedule1, Schedule2...
- All "Schedule[number].ini" files created before applying this hotfix should be modified.
- Under the "OfficeScan Server Setting" section, manually delete the host name of the OfficeScan server from the following key
- [OfficeScan Server Setting]
- OsceServer=
- Save the changes and close the file.
- Repeat steps 6 to 8 for each "Schedule[number].ini" file.
- Run "TMVS.exe". The "OsceServerPort" under the "OfficeScan Server Setting" section in "Schedule[number].ini" will be set to the SSL port.
- [OfficeScan Server Setting]
- OsceServerPort= SSL port
NOTE: "TMVS.exe" can be used for Scheduled Scan after modifying "TMVS.ini" and "Schedule.ini".
(SEG-20456)
When an Edge Server is installed and used in an environment and users deploy gateway IPs to an OfficeScan agent machine, and if the assigned gateway IPs and gateway IPs on the machine do not match, the OfficeScan agent will only connect to Edge Server even when the agent can connect to the OfficeScan Server in the same network.
Solution:
The hotfix updates the "Synchronize" registry key in the Misc file for Client/Server Communication so that when it is set to "0", the agent will connect to the OfficeScan server under the scenario described above.
(SEG-2847)
OfficeScan agents may appear "Offline" on the OfficeScan web console but "Online" when viewing the OfficeScan agent icon.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-25982)
The Data Loss Prevention(TM) (DLP) service of the OfficeScan agent may not be installed or started properly.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-26122)
The Dashboard Summary on the OfficeScan web console shows that there are violation logs generated within the last 24 hours but a manual check indicates that no logs were generated in the same time frame.
Solution:
This hotfix updates the OfficeScan server program to ensure that the Dashboard Summary displays accurate information.
(SEG-25595), (SEG-26902)
When users log on to any non-English version of the OfficeScan web console with a created user account, the Dashboard pages show English content.
Solution:
The hotfix ensures that the Dashboard pages display in the correct language when users log on to the OfficeScan web console using user accounts created after installing this hotfix.
(SEG-27050)
An agent's connection status icon is grayed-out in the agent console flyover when the agent uses conventional scan mode and only Real-time Scan is enabled.
Solution:
The hotfix ensures that the connection status icon is green when agents use conventional scan mode and only Real-time Scan is enabled. The connection status signal will be grayed-out only if all modules are disabled even when agents are connected to the OfficeScan server.
(SEG-24168)
A SQL exception occurs when the OfficeScan agent GUID field is empty.
Solution:
The hotfix enables OfficeScan to handle the exception to resolve the issue.
(SEG-25661)
The PccNtMon service does not apply updates to the Local Area Network (LAN) proxy settings to the proxy settings of Predictive Machine Learning when both the Smart Protection Service and Smart Scan are disabled.
Solution:
This hotfix ensures that changes to the LAN proxy settings are automatically applied to the Predictive Machine Learning proxy settings.
NOTE: If you experience this issue, you need to manually save the LAN proxy setting again after applying this hotfix.
(SEG-27168)
This hotfix adds the "MAX_FILE_SIZE" and "MAX_TXT_FILE_SIZE" parameters to enable users to set the file size limitation for DLP content scanning.
(SEG-26791)
This hotfix enables OfficeScan to monitor open file dialog and drag and drop events for Sugarsync and Hightail.
(SEG-25643)
A user requests for an API to automate the move and uninstall agent processes.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following keys and set both values to "1".
- [Global Setting]
- EnableMoveNATClient=1
- MoveNATClientRemoveEmptyDomain=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Only "EnableMoveNATClient" will be deployed to client, the path:
- For x64 platforms:
- HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- For x86 platforms:
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key:
- EnableMoveNATClient
- Type: REGDWORD
- Value: 1
(SEG-26800)
This hotfix enables OfficeScan to detect "Italy: CF – Codice Fiscale (Tax Code)" keywords that do not contain any space.
(SEG-27830)
An issue prevents OfficeScan from detecting file attachments in Gmail.
Solution:
The hotfix resolves the issue by enabling OfficeScan to parse file attachments using an HTTP and HTTP/2 parser.
(VRTS-2184), (VRTS-2185), (VRTS-2187), (VRTS-2189), (VRTS-2443)
An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution:
This critical patch updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
(SEG-26512)
This critical patch enables the OfficeScan XG Service Pack 1 agent program to support Windows 10 (version 1803) April 2018 Update.
(SEG-27828)
The Common Firewall driver generates incorrect and outdated search results on the OfficeScan web console.
Solution:
This hotfix updates the OfficeScan server program to prevent this issue from occurring.
(SEG-29180)
Users can enable "Export Scan Exclusions" to save the scan exclusions list in a CSV format on the OfficeScan server. However, the exclusion lists are not displayed correctly in the German version of OfficeScan.
Solution:
This hotfix updates the OfficeScan server files to resolve this issue.
(SEG-25101)
Even if users have local administrator privileges with their user accounts, the following error message still appears when installing OfficeScan XG Service Pack 1 agent using AUTOPCC via the login script:
"To install/uninstall the OfficeScan Agent, you must have administrator privileges to this computer."
Solution:
This hotfix updates the OfficeScan server program to resolve this issue.
(SEG-27809)
When Data Loss Prevention(TM) (DLP) Service is enabled on a virtual Windows Server, it causes the endpoint to freeze or become unresponsive within intervals of a few minutes.
Solution:
This hotfix resolves the issue by updating the DLP module.
(SEG-28172)
When users perform a fresh installation of an OfficeScan agent with conventional scan mode using an "*.exe" package or the "AutoPcc.exe" file, the system does not generate some registry keys required by the Predictive Machine Learning feature.
Solution:
This hotfix ensures that the system generates all necessary registry keys when an OfficeScan agent is installed with conventional scan mode.
(SEG-23277)
A compatibility issue between "Optimus5.exe" and OfficeScan Behavior Monitoring may cause "Optimus5.exe" to become unresponsive.
Solution:
This hotfix resolves the issue by updating the Behavior Monitoring module.
(SEG-29538)
Trend Micro Vulnerability Scanner (TMVS) stops unexpectedly when users configure Scheduled Scan tasks that exceed 16 characters.
Solution:
This hotfix resolves the issue so users can configure Scheduled Scan tasks normally.
(SEG-28362)
Trend X alerts are disabled unexpectedly.
Solution:
The hotfix prevents OfficeScan from resetting the TrendxAlert registry key when the TmListen service starts if the agent is not a fresh installation.
(SEG-28559)
OfficeScan agents send a sample file even when sample submission is disabled.
Solution:
This hotfix enables OfficeScan agents to always check the "EnableSampleSubmission" key and apply the correct setting so that these agents do not send out sample files when sample submission is disabled.
(SEG-27256)
In some user environments where Windows Updates are not applied, OfficeScan agents may not be able to update their Smart Scan Pattern properly.
Solution:
This hotfix resolves the issue by updating the Active Update module.
(SEG-28180)
When an OfficeScan client detects a sample virus file (EICAR.COM), it may not be able to send the file to the OfficeScan server. This happens when a Windows socket error prevents it from extracting the correct IP address.
Solution:
This hotfix resolves this issue so that the OfficeScan client can retrieve the correct IP address and send the files out normally.
(SEG-25566)
This hotfix provides a way for users to force the HTTPS communication protocol of OfficeScan agents and the OfficeScan server to convert to the HTTP communication protocol. Moreover, OfficeScan deletes the "ofcsslagent" certificate at the same time.
Procedure:
To enable the feature for OfficeScan agents and the OfficeScan server:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following keys and set the preferred value for each.
- [Global Setting]
- UseSocketHTTPAdapter=1
- ASE=0
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
- Path:
- for x64 platform
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion
- for x86 platform
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\
- Key: UseSocketHTTPAdapter
- Type: REG_DWORD
- Value: 1
- Key: ASE
- Type: REG_DWORD
- Value: 0
NOTE: OfficeScan agents will restart automatically to apply the new setting.
(SEG-27748)
The hotfix enables the Integrated Data Loss Prevention (DLP) module to support PGP Desktop 10.3.2 by adding the PGP 10.3.2 API pattern.
(SEG-28957)
This hotfix enables Data Loss Prevention(TM) (DLP) Endpoint SDK 6.2 to skip the Domain Name System (DNS) from resolving customized web sites.
Procedure:
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Configure" section, manually add the "BYPASS_DNS_RESOLVE_WEBSITES" key and set its value.
- [Configure]
- BYPASS_DNS_RESOLVE_WEBSITES=example1.com,example2.com
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Agent Management > Select domains or agents > Settings > DLP settings" screen.
- Click "Save" to deploy the setting to agents". The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- BYPASS_DNS_RESOLVE_WEBSITES=example1.com,example2.com
(SEG-28228)
Users have "Full Control" permission on the OfficeScan client folder because the Osprey function resets the OfficeScan client folder permission from "Read&Execute" to "Full Control".
Solution:
This hotfix resolves this issue by adjusting the OfficeScan client folder permission to "Read&Execute" right after the Osprey function runs.
(SEG-30730)
The Recent file list is missing from the right-click menu on the Microsoft(TM) Windows(TM) taskbar and from the "Start" menu when the Data Loss Prevention(TM) (DLP) Service is enabled.
Solution:
This hotfix resolves this issue by updating the file event scanning procedure for "RuntimeBroker.exe" with the Microsoft Windows Jump List under the "automaticdestinations-ms" folder.
(SEG-26606)
Users are unable to eject encrypted flash drives when the system enables Trend Micro Predictive Machine Learning on coexisting OfficeScan agents.
Solution:
This hotfix updates the OfficeScan agent program to prevent this issue from occurring.
Procedure:
To enable the feature for OfficeScan agents and the OfficeScan server:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- MonitorFixedDrive=1
- NOTE: To disable the setting, set this key to "0".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
- Path:
- for x64 platform
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- for x86 platform
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: MonitorFixedDrive
- Type: REG_DWORD
- Value: 1
(SEG-29206)
DLP Service may not be able to block devices properly if users enable these devices in the Device Manager function of the computer.
Solution:
This hotfix resolves the issue by updating the DLP module.
(SEG-23539)
Administrators cannot set a registry key when installing third- party applications, which is caused by the OfficeScan Self-protection function.
Solution:
This hotfix exempts the "Msiexec.exe" installer from the OfficeScan Self-protection function and ensures that administrators can successfully install third-party applications.
(SEG-26683)
Detection notification does not pop up and there is no record in the security risk log when users try to open a malware file from the network drive.
Solution:
This hotfix updates the OfficeScanNT real-time scan ("Ntrtscan.exe") function and enables the real-time scan to go through the correct process, ensuring that the real-time scan accesses and scans files located on network drives.
(SEG-29225)
Users experience PsTools interference issues because Windows cannot access "C:\Windows\System32\sc.exe" program on x86 platforms.
Solution:
The hotfix amends the Unauthorized Change Prevention policy to resolve this issue.
(SEG-30736)
The DLP version appears as 0.0.0 on both the management console and agent console.
Solution:
This hotfix ensures that the correct DLP version appears on both the management console and agent console.
(SEG-26869)
OfficeScan off-premises agents connected to the OfficeScan Edge Relay server fail to send virus/spyware logs to the OfficeScan server.
Solution:
The hotfix resolves this issue by enabling OfficeScan to resend the HTTP request while receiving the "ERROR_WINHTTP_RESEND_REQUEST" message.
(SEG-29928)
When the Advanced Protection Service is disabled in an OfficeScan agent, smvptn files accumulate and are not cleaned promptly.
Solution:
This hotfix resolves the issue by updating the NTRT module to check the current smv patterns to keep only the two most recent versions and delete all older versions.
(SEG-27626)
This hotfix provides administrators a way to adjust the header size limit and number of entities to detect risky emails.
Procedure:
To adjust the header size limit and number of entities to detect risky email messages:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following keys and set the values.
- [Global Setting]
- BytesPerEntHdr=size of all header fields allowed in each entity
- EntPerMsg=number of entities allowed in each mail message
For example:
- [Global Setting]
- BytesPerEntHdr=32768
- EntPerMsg=64
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and set the following registry entry on all OfficeScan agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config
- Key: BytesPerEntHdr
- Type: DWORD
- Value: For example: 0x00008000 (32768)
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config
- Key: EntPerMsg
- Type: DWORD
- Value: For example: 0x00000040 (64)
(SEG-30242)
This hotfix enables DLP Endpoint SDK 6.2 to support the device type exception keys for USB devices in the DLP Device Control mode.
(SEG-26570)
Users may not be able to print files normally on a protected endpoint when both the OfficeScan Predictive Machine Learning feature and the Behavior Monitoring feature are enabled.
Solution:
This hotfix resolves the issue by updating the Behavior Monitoring module.
(SEG-27727)
The Behavior Monitoring feature may prevent users from opening Microsoft(TM) Office programs normally if the OfficeScan agent cannot connect to the Trend Micro Census Server properly.
Solution:
This hotfix resolves the issue by updating the Behavior Monitoring module.
(SEG-30296)
The Data Loss Prevention(TM) (DLP) Service may prevent users from accessing Microsoft(TM) Excel files normally.
Solution:
This hotfix resolves the issue by updating the DLP module.
(SEG-24733)
Microsoft Internet Explorer(TM) (IE) stops unexpectedly because of a Browser Exploit Prevention memory allocation failure when users browse files through a 3rd-party web application.
Solution:
This hotfix updates the Browser Exploit Prevention module to prevent it from stopping unexpectedly when it encounters issues while allocating memory.
(SEG-30241)
Users encounter an "Update Failed" message after clicking the "Update Information" button on the product license page.
Solution:
This hotfix resolves the issue by enabling OfficeScan to clear existing garbage data in the structures.
(SEG-29900)
Sometimes, the database cannot retrieve strings with special characters when the server queries the Domain Name. When this happens, garbage characters appear on the "Agent Component Update Details" page.
Solution:
This hotfix updates the related database modules to ensure that the database can retrieve strings with special characters while resolving domain names.
(SEG-31152)
After users apply Hotfix 5158 included in version 6.2.1208 of the DLP module, the list of approved devices does not work until after the DLP service restarts.
Solution:
The hotfix updates the DLP module to resolve the issue.
(VRTS-2465), (VRTS-2466), (VRTS-2467)
An attacker may craft a malicious request and cause AMSP to help on creating a process that provides SYSTEM privileges to the attackers.
Solution:
This hotfix updates the AMSP file ("coreCommandmanager.dll") to resolve this issue.
(SEG-25083)
This hotfix adds a new configuration key to allow users to manually add websites to the monitored list.
Procedure:
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the "monitor_file_upload_websites" key and set its value to the specific website.
- [Configure]
- monitor_file_upload_websites=web.airdroid.com
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- monitor_file_upload_websites=web.airdroid.com
(SEG-31393)
Scheduled scan is postponed because OfficeScan detects full screen mode even when there are no windows in full screen mode.
Solution:
This hotfix enables OfficeScan to ignore windows that do not have visible content during full screen mode detection.
(SEG-31525)
The OfficeScan NT Listener service ("TmListen.exe") may stop unexpectedly after the OfficeScan XG Service Pack 1 agent restarts. When this happens, the agent update fails.
Solution:
This hotfix updates the OfficeScan agent program to prevent the "TmListen.exe" from stopping unexpectedly.
(SEG-28309)
When the OfficeScan agent detects a virus/malware, it may not be able to move the quarantined file to the OfficeScan server. This happens when the OfficeScan agent could not resolve the hostname of the OfficeScan server properly.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-29948)
After upgrading to OfficeScan XG Service Pack 1, the default communication port between the OfficeScan agent and the server changed to SSL port 4343. For OfficeScan agents with the firewall enabled, the firewall continues to use the older port 8080 as a trusted port and prevents the OfficeScan agent from connecting to the server.
Solution:
This hotfix resolves this issue by ensuring that updated OfficeScan agents add port 4343 to the OfficeScan firewall trusted port list. To ensure that the network quarantine feature continues to function, this hotfix also adds the IPv4 DNS and WINS ports to the trusted port list.
(SEG-32267), (SEG-31314), (SEG-31312)
Users cannot move OfficeScan XG Service Pack 1 agents using either the Agent Mover Tool (IpXfer.exe) or the Move Agent function, from an OfficeScan XG Service Pack 1 server to another OfficeScan XG Service Pack 1 server if both OfficeScan servers have converted to the HTTP communication protocol.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-30980)
User encounter an "Invalid Session…" error when making changes to the OfficeScan settings through the web console using an Active Directory (AD) user account that belongs to a sub group.
Solution:
This hotfix resolves the issue by adding the caller function "checkingRBAMenuRoles" to use the AD token to get information from all domain layers.
(SEG-31880)
In assessment mode, Web Reputation logs display the "Action" results as "Assess" on the OfficeScan web console but shows "Block" in the Trend Micro Control Manager(TM) web console.
Solution:
This hotfix updates the OfficeScan Web Reputation module to ensure that the "Action" results in Web Reputation logs on the OfficeScan web console are consistent with the information on the Control Manager web console in assessment mode.
(SEG-32171)
When OfficeScan agents are configured not to upgrade the OfficeScan agent program or deploy hotfixes, inaccurate minor version information appears for the Advanced Threat Scan Engine (ATSE) on the agent console after ATSE updates from the ActiveUpdate (AU) Server. For example, the minor version number is displayed as "10.2.1006" instead of "10.200.1006".
Solution:
This hotfix ensures that the agent console displays the ATSE version information accurately.
(SEG-27671)
An exception error triggers the OfficeScan Master Service to stop unexpectedly while extracting a pattern file from a compressed file.
Solution:
This hotfix updates the OfficeScan Master Service to enable it to handle the exception.
(SEG-23154)
This hotfix improves OfficeScan's security checking feature for digital signatures during program deployment in air gap network environments by allowing users to configure the interval of the uploading digital signature check failure logs. This hotfix also decommissions the following settings:
- CheckDigitalSignatureForHotfix
- CheckDigitalSignatureForUpgrade
- DOVF
Procedure:
To configure the interval of the uploading digital signature check failure logs:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set it to the time interval in seconds.
- [Global Setting]
- DSInvalidLogUploadInterval=3600(default, sec)
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: DSInvalidLogUploadInterval
- Type: DWORD
- Value: 3600
(SEG-27559)
This hotfix enables users to configure the Behavior Monitoring autorun function to skip devices in the Device Access Control (DAC) approved list.
Procedure:
To configure the Behavior Monitoring autorun function to skip devices in the DAC approved list:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- SkipDACAutorunJunctionPointerChecking=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipDACAutorunJunctionPointerChecking
- Type: REG_DWORD
- Value: 1
8. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2018, Trend Micro Incorporated. All rights reserved.
Trend Micro, OfficeScan, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide