Trend Micro, Inc.
October 03, 2017
Trend Micro™ OfficeScan™ XG Patch 1
Critical Patch - Server Build 1737 and Agent Module Build 1612
Contents
- Critical Patch Release Information
- Document Set
- System Requirements
-
Installation/Uninstallation
- Post-installation Configuration
- Known Issues
- Release History
- Contact Information
- About Trend Micro
- License Agreement
1. Critical Patch Release Information
Resolved Known Issues
This critical patch resolves the following issue(s):
- (JIRA 12946)
Issue: After moving an OfficeScan agent from one OfficeScan server to another through the web console, the agent might not able to upgrade successfully.
Solution: This critical patch updates the OfficeScan agent program to resolve the issue.
Enhancements
There are no enhancements in this critical patch.
Files Included in this Release
A. Files for Current Issue(s)
-------------------------------------------------------------------
Filename Build Number
------------------------------ ------------
OfficeScan\PCCSRV\
-------------------------------------------------------------------
CGIResUTF8.dll 12.0.0.1737
libeay32.dll 1.0.2.10
OfficeScan\PCCSRV\Admin\
-------------------------------------------------------------------
tmxfalcon.cfg
OfficeScan\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
ClnPack.ini
OfficeScan\PCCSRV\Admin\Utility\EdgeServer\
-------------------------------------------------------------------
*.*
OfficeScan\PCCSRV\Admin\Utility\listDeviceInfo\
-------------------------------------------------------------------
listDeviceInfo.exe 6.2.0.1050
OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\
-------------------------------------------------------------------
CGIResUTF8.dll 12.0.0.1737
OfficeScan\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
*.*
libSQLDatabaseUpgrade.dll 12.0.0.1737
OfficeScan\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\Admin\Autopcc.cfg\
-------------------------------------------------------------------
ApNT.ini
ApNT_X64.ini
OfficeScan\PCCSRV\CmAgent\
-------------------------------------------------------------------
CGIResUTF8.dll 12.0.0.1737
libeay32.dll 1.0.2.10
ProductLibrary.dll 12.0.0.1737
ssleay32.dll 1.0.2.10
zlib.dll 1.2.3.0
OfficeScan\PCCSRV\Download\
-------------------------------------------------------------------
ClnPack_files.xml
OfficeScan\PCCSRV\Download\Engine\
-------------------------------------------------------------------
falcon32.sig
falcon32.zip
falcon64.sig
falcon64.zip
OfficeScan\PCCSRV\Download\Pattern\
-------------------------------------------------------------------
falconcfg.zip
OfficeScan\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite_Common.zip
DlpLite_Common_x64.zip
OfficeScan\PCCSRV\Engine\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.976.0.1239
TMBMCLI.dll 2.976.0.1239
TMBMSRV.exe 2.976.0.1239
tmcomeng.dll 2.976.0.1239
TmEngDrv.dll 2.976.0.1239
TMPEM.dll 2.976.0.1239
tmwlutil.dll 2.976.0.1239
tmCfwApi.dll 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwRul.dll 5.83.0.1038
tmxfalcon.dll 1.2.0.1028
OfficeScan\PCCSRV\Engine\CCSF\TrxHandler\
-------------------------------------------------------------------
libeay32.dll 1.0.2.10
OfficeScan\PCCSRV\Engine\X64\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.976.0.1239
TMBMCLI.dll 2.976.0.1239
TMBMSRV.exe 2.976.0.1239
tmcomeng.dll 2.976.0.1239
TmEngDrv.dll 2.976.0.1239
TMPEM.dll 2.976.0.1239
tmwlutil.dll 2.976.0.1239
tmCfwApi.dll 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwRul.dll 5.83.0.1038
tmxfalcon.dll 1.2.0.1028
OfficeScan\PCCSRV\Engine\x64\CCSF\TrxHandler
-------------------------------------------------------------------
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\LWCS\
-------------------------------------------------------------------
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\SRS\
-------------------------------------------------------------------
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\PLM\PHP\
-------------------------------------------------------------------
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip
NTRtScan.exe 13.0.0.1612
OfficeScan\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
com.trendmicro.tmopfirefox.ext.json
com.trendmicro.tmopfirefox.ext@trendop.xpi
CCSF_WIN32.zip
libeay32.dll 1.0.2.10
NTRmv.exe 13.0.0.1612
OfcPfwSvc.dll 13.0.0.1612
Pccnt.exe 13.0.0.1612
PccNTMon.exe 13.0.0.1612
ssleay32.dll 1.0.2.10
TmListen.exe 13.0.0.1612
TmListenShare.dll 13.0.0.1612
TmopCfg.dll 3.0.0.1038
TmopChromeMsgHost32.exe 2.0.0.1094
TmopExtIns.exe 2.0.0.1094
TmopIEPlg.dll 2.0.0.1094
TmOsprey.dll 2.0.0.1094
TmopsmHttp.dll 3.0.0.1038
TmSock.dll 3.0.0.1542
Upgrade.exe 13.0.0.1612
tmCfwApi.dll 5.83.0.1038
TmFpHcEx.exe 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwCtl.dll 5.83.0.1038
TmPfwCtl_xp.dll 5.83.0.1038
TmPfwRul.dll 5.83.0.1038
tmwfpapi.dll 5.83.0.1038
OfficeScan\PCCSRV\\Pccnt\Disk1\
-------------------------------------------------------------------
*.*
setup.inx
OfficeScan\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat
tmactmon.inf
tmactmon.sys 2.976.0.1207
tmevtmgr.cat
tmevtmgr.inf
tmevtmgr.sys 2.976.0.1207
tmcomm.cat
tmcomm.inf
tmcomm.sys 7.0.0.1126
tmeevw.cat
tmeevw.inf
tmeevw.sys 3.0.0.1005
tmncieco.dll 3.0.0.1064
tmnciesc.cat
tmnciesc.inf
tmnciesc.sys 3.0.0.1064
tmlwf.cat
tmlwf.inf
TMLWF.sys
tmlwfins.exe 5.83.0.1038
tmwfp.cat
tmwfp.inf
TMWFP.sys
tmwfpins.exe 5.83.0.1038
OfficeScan\PCCSRV\Pccnt\Drv\X64\
--------------------------------------------------------------------
tmactmon.cat
tmactmon.inf
tmactmon.sys 2.976.0.1207
tmevtmgr.cat
tmevtmgr.inf
tmevtmgr.sys 2.976.0.1207
tmcomm.cat
tmcomm.inf
tmcomm.sys 7.0.0.1126
tmeevw.cat
tmeevw.inf
tmeevw.sys 3.0.0.1005
tmncieco.dll 3.0.0.1064
tmnciesc.cat
tmnciesc.inf
tmnciesc.sys 3.0.0.1064
tmlwf.cat
tmlwf.inf
TMLWF.sys
tmlwfins.exe 5.83.0.1038
tmwfp.cat
tmwfp.inf
TMWFP.sys
tmwfpins.exe 5.83.0.1038
OfficeScan\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
CCSF_X64.zip
fcWofieUI.dll 13.0.0.1612
libeay32.dll 1.0.2.10
NTRmv.exe 13.0.0.1612
NtrtScan.exe 13.0.0.1612
OfcPfwSvc_64x.dll 13.0.0.1612
Pccnt.exe 13.0.0.1612
PccNTMon.exe 13.0.0.1612
ssleay32.dll 1.0.2.10
TmListen.exe 13.0.0.1612
TmListenShare_64x.dll 13.0.0.1612
TmopCfg.dll 3.0.0.1038
TmopExtIns.exe 2.0.0.1094
TmopExtIns32.exe 2.0.0.1094
TmopIEPlg.dll 2.0.0.1094
TmopIEPlg32.dll 2.0.0.1094
TmOsprey.dll 2.0.0.1094
TmOsprey32.dll 2.0.0.1094
TmopsmHttp.dll 3.0.0.1038
TmSock_64x.dll 13.0.0.1612
upgrade.exe 13.0.0.1612
tmCfwApi.dll 5.83.0.1038
TmFpHcEx.exe 5.83.0.1038
tmHash.dll 5.83.0.1038
TmPfw.exe 5.83.0.1038
TmPfwApi.dll 5.83.0.1039
TmPfwCtl.dll 5.83.0.1038
TmPfwCtl_xp.dll 5.83.0.1038
TmPfwRul.dll 5.83.0.1038
tmwfpapi.dll 5.83.0.1038
OfficeScan\PCCSRV\Web\Service\
-------------------------------------------------------------------
CGIOCommon.dll 12.0.0.1737
CGIResUTF8.dll 12.0.0.1737
CmdHOConsole.dll 12.0.0.1737
DbServer.exe 12.0.0.1767
libCmdHndlrClientV2.dll 12.0.0.1737
libCmdHndlrConsoleV2.dll 12.0.0.1737
libeay32.dll 1.0.2.10
LogCache.dll 12.0.0.1737
OfcNotifyQueue.dll 12.0.0.1737
OfcEdgeAgent.exe 12.0.0.1737
OfcDownload.dll 12.0.0.1737
OfcService.exe 12.0.0.1737
OSCEIntegrationService.exe 12.0.0.1737
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
CGIOCommon.dll 12.0.0.1737
CGIResUTF8.dll 12.0.0.1737
cgiRqUpd.exe 12.0.0.1737
libeay32.dll 1.0.2.10
OfficeScan\PCCSRV\Web_OSCE\Web_console\CGI\
-------------------------------------------------------------------
CGIOCommon.dll 12.0.0.1737
CGIResUTF8.dll 12.0.0.1737
cgiShowClientAdm.exe 12.0.0.1737
cgiShowLogs.exe 12.0.0.1737
cgiShowServerAdm.exe 12.0.0.1737
cgiShowActiveDirectory.exe 12.0.0.1737
cgiShowNotify.exe 12.0.0.1737
cgiShowComplianceReport.exe 12.0.0.1737
cgiWebUpdate.ini
libeay32.dll 1.0.2.10
ssleay32.dll 1.0.2.10
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\
-------------------------------------------------------------------
data_protection.htm
OfficeScan\PCCSRV\\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_ofsc_services.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
ln_clientmag.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.serveradm.js
l10n.logs.js
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\dlp\
-------------------------------------------------------------------
dlp_FileAttr_addedit.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\serveradm\
-------------------------------------------------------------------
server_proxy.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\logs\
-------------------------------------------------------------------
logs_bm_view.htm
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\
-------------------------------------------------------------------
help_proxy.php
db_controller.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\inc\class\proxy\
-------------------------------------------------------------------
HttpTalk.php
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\wp[number]\inc\
-------------------------------------------------------------------
config.php
*wp[number] depends on user's environment, it would be wp1, wp2...etc
OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\repository\widgetPool\wp[number]\interface\
-------------------------------------------------------------------
analyzeWF.php
*wp[number] depends on user's environment, it would be wp1, wp2...etc
OfficeScan\PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI\
-------------------------------------------------------------------
cgiGetNTDomain.exe 12.0.0.1737
CGIResUTF8.dll 12.0.0.1737
B. Network Traffic Required in Deployment
Estimated size (in terms of bandwidth) of deployed agent files in this critical patch.
- 32-bit agent total = 69.3 MB
- 64-bit agent total = 90.4 MB
Back to top
2. Document Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com.
Back to top
3. System Requirements
You must install OfficeScan XG Patch 1 before installing this critical patch.
Back to top
4. Installation/Uninstallation
Installation
To install:
- Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This Critical Patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation.
If you encounter problems after installation, do a manual rollback.
Uninstallation
To manually roll back to the previous build:
- Locate the backup folder that the critical patch package created in the "\PCCSRV\Backup\CriticalPatch_B1737" directory.
- Stop the OfficeScan Master Service.
- Stop the OfficeScan CMAgent Service.
- Copy the backup modules to the original folders.
- Start the OfficeScan CMAgent Service.
- Start the OfficeScan Master Service.
Back to top
5. Post-installation Configuration
No post-installation steps are required.
Note: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing the product.
Back to top
6. Known Issues
There are no known issues for this critical patch release.
Back to top
7. Release History
Visit the following web site for more information about updates to this product:
http://www.trendmicro.com/download.
Prior Releases
Note: Only this critical patch was tested for this release. Prior hotfixes were tested at the time of their release.
- OfficeScan XG (October 2016)
- OfficeScan XG Patch 1 (April 2017)
- Hotfix 1640 (JIRA 1256)
Issue: The OfficeScan Behavior Monitoring feature may cause certain computers to lock up intermittently.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
- Hotfix 1640 (JIRA 3260)
Issue: The OfficeScan Behavior Monitoring feature may block Adobe Acrobat Reader intermittently.
Solution: This hotfix updates the Behavior Monitoring UMH addon module to resolve the issue.
- Hotfix 1640 (JIRA 4711)
Issue: The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings contain non-ASCII characters.
Solution: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager policies to ensure that the server can check the signature of these policies.
- Hotfix 1640 (JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a specific website.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
- Hotfix 1640 (JIRA 4824)
Issue: DLP generates duplicate violation event logs when users send an email message using Outlook.
Solution: This hotfix enables the DLP multipart feature in Outlook to prevent duplicate violation event logs when users send email messages in Outlook.
- Hotfix 1640 (JIRA 4985)
Issue: This hotfix aim at resolving the application failure due to Personal Firewall of Trend. The failure is about executable image hashing take too much time and cause a timeout on application connection to its server.
Solution: This hot fix updates the Network Security Components to ensure that Trend Micro's firewall will asynchronously compute the hash value of the executable image that initiated a connection. While the firewall computes the hash, all rules of the Application Filter will be unavailable until the hash value is computed, preventing the system from blocking the application from its connection.
- Hotfix 1640 (JIRA 4008)
Issue: The information in the "Message" field in Administrator Notifications cannot be saved successfully if the field contains a tab delimiter.
Solution: This hotfix updates the OfficeScan server files to ensure that the information can be saved successfully.
- Hotfix 1640 (TT359239)
Issue: The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has the Symantec Data Loss Prevention application running.
Solution: This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation feature does not conflict with the Symantec Data Loss Prevention application.
- Hotfix 1640 (JIRA 1266)
Issue: The UMH driver may block a certain application from running from a UNC path when the "Enable program inspection to detect and blocked compromised executable files" option is enabled.
Solution: This hotfix updates the UMH driver to ensure that the application can run from a UNC path while the "Enable program inspection to detect and blocked compromised executable files" option is enabled.
- Hotfix 1640 (JIRA 2425)
Issue: It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution: This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
- Hotfix 1640 (JIRA 4948)
Issue: The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution: This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then Impersonates to facilitate the download.
- Hotfix 1640 (JIRA 4800)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
- Hotfix 1640 (JIRA 5807)
Issue: The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device.
- Seagate(R) Backup+ Hub BK SCSI Disk Device.
- Seagate BUP BL SCSI Disk Device.
Solution: This hotfix resolves this tool issue.
- Hotfix 1640 (JIRA 3749)
Issue: The TmListen.exe service of the OfficeScan agent stops unexpectedly when Web Reputation Service is running.
Solution: This hotfix updates the OfficeScan agent programs to prevent TmListen.exe from stopping unexpectedly.
- Hotfix 1640 (JIRA 4620)
Issue: The agent grouping status switches off unexpectedly after AD synchronization.
Solution: This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains the same after AD synchronization.
- Hotfix 1640 (JIRA 5561)
Issue: The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution: This hotfix ensures that the TmListen service checks the "hotfix_history.ini" file and updates the build number during start up.
- Hotfix 1640 (JIRA 5527)
Issue: On computers running on the Microsoft(TM) Windows(TM) 10 platform, the DLP network filter driver is installed with the TDI network filter driver.
Solution: This hotfix updates the operating system version determination mechanism to ensure that the correct driver is installed. This hotfix also provides a WFP driver replacement mechanism that replaces the TDI driver with the correct driver.
- Hotfix 1640 (JIRA 6408)
Issue: The DLP module may not work normally while other programs are uploading files to the Internet.
Solution: This hotfix ensures that the DLP module works normally when other programs are to uploading files to the Internet.
- Hotfix 1640 (JIRA 5843)
Issue: When the DLP multipart scan feature is enabled, all violations triggered in Microsoft Outlook for different users appear under the first login user.
Solution: This hotfix enables the DLP module to check the process owner according to process ID before scanning to ensure that each violation appears under the correct user account.
- Hotfix 1640 (JIRA 2791)
Issue: BSOD occurs when the "Suspicious Connection Settings" are enabled.
Solution: This hotfix updates the Network Content Inspection Engine to prevent the BSOD issue.
- Hotfix 1640 (JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a specific website.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
- Hotfix 1640 (JIRA 5202)
Issue: The OfficeScan Behavior Monitoring feature may cause certain operating systems to stop unexpectedly when users launch an Intel driver packed as a self-extracting RAR file.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
- Hotfix 1640 (JIRA 4800)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
- Hotfix 1640 (JIRA 2425)
Issue: It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution: This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
- Hotfix 1640 (TT348875)
Issue: A USB floppy disk drive cannot be added into the exception list of removable storage devices in the DLP Policy Settings.
Solution: This hotfix ensures that users can add USB floppy disk drives into the DLP exception list of removable storage in the DLP Policy Settings.
- Hotfix 1640 (TT355419)
Issue: The Lumension Heat patching software may stop unexpectedly when DLP is enabled.
Solution: This hotfix resolves the issue by preventing DLP from excluding the following two processes:
- XMLDeltaParser.exe
- DAgent.exe
- Hotfix 1640 (JIRA 5807)
Issue: The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device
- Seagate(R) Backup+ Hub BK SCSI Disk Device
- Seagate BUP BL SCSI Disk Device
Solution: This hotfix resolves this tool issue.
- Hotfix 1640 (TT357926)
Issue: DLP does not block the most current webmail sites like "Outlook.com".
Solution: This hotfix resolves this issue.
- Hotfix 1640 (TT356728)
Issue: DLP blocks the Exodus Jabber program unexpectedly.
Solution: This hotfix ensures that the Exodus Jabber program works normally when DLP is enabled on the endpoint machines.
- Hotfix 1640 (TT358910)
Issue: Microsoft Access (.mdb) files cannot be recovered to USB storage from the DLP backup folder.
Solution: This hotfix ensures that DLP can successfully recover Microsoft Access (.mdb) files.
- Hotfix 1640 (JIRA 4948)
Issue: The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution: This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then Impersonates to facilitate the download.
- Hotfix 1640 (TT358095)
Issue: DLP does not block users from dragging and dropping files on to current webmail sites such as "Outlook.office.com" or "Outlook.live.com in Google Chrome.
Solution: This hotfix ensures that OfficeScan can effectively block sensitive information from leaking when users use Google Chrome to access webmail sites.
- Hotfix 1640 (JIRA 6008)
Issue: The 32-bit installer generated by the Client Packager tool does not work.
Solution: This hotfix ensures that users can install OfficeScan clients using the 32-bit installer package generated by the Client Packager tool.
- Hotfix 1640 (JIRA 3077)
Issue: The "Suspicious Object List Setting page" has a wording error.
Solution: This hotfix corrects the wording of the "Suspicious Object List Setting" page.
- Hotfix 1640 (JIRA 7326)
Issue: When using the Microsoft(TM) SQL database, OfficeScan may receive ADO exception errors caused by a NULL value passing onto a stored procedure.
Solution: This hotfix updates the OfficeScan file to prevent this issue from occurring.
- Hotfix 1640 (JIRA 5414)
Issue: Microsoft(TM) Internet Explorer stops responding when it transfers files using Microsoft(TM) SharePoint.
Solution: This hotfix resolves this issue.
- Hotfix 1640 (JIRA 7410)
Issue: When Data Loss Prevention (DLP) detects that sensitive information was sent through an email message, the OfficeScan agent generates a blank "Activity/Channel" log.
Solution: This hotfix resolves this issue.
- Hotfix 1640 (JIRA 7412)
Issue: Multiple Data Loss Prevention (DLP) violation events appear after the first user justification window. This issue occurs when users send sensitive content using Microsoft(TM) Outlook.
Solution: This hotfix resolves this issue by refining the timestamp recording mechanism of the sent email item. After applying this hotfix, the system only records the timestamp after it returns the user justification action to filter out the incorrect triggered email event caused by Microsoft Outlook.
- Hotfix 1640 (JIRA 6632)
Issue: The agent grouping status switches off unexpectedly after AD synchronization.
Solution: This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains the same after AD synchronization.
- Hotfix 1640 (JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a specific website.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
- Hotfix 1640 (JIRA 7326)
Issue: When using the Microsoft(TM) SQL database, OfficeScan may receive ADO exception errors caused by a NULL value passing onto a stored procedure.
Solution: This hotfix updates the OfficeScan file to prevent this issue from occurring.
- Hotfix 1640 (VRTS 1014)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run "fcgiOfcDDA.exe" on the OfficeScan server and trigger " fcgiOfcDDA.exe " to stop unexpectedly. When this happens, a large number of dump files are generated which can eventually take up a large portion of disk space.
Solution: This hotfix resolves the vulnerability.
- Hotfix 1640 (VRTS 1022)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run "cgiRqUpd.exe" on the OfficeScan server and trigger "cgiRqUpd.exe" to stop unexpectedly. When this happens, a large number of dump files are generated which can eventually take up a large portion of disk space.
Solution: This hotfix resolves the vulnerability.
- Hotfix 1640 (JIRA 7829)
Issue: The list of supported platforms in the "Additional Service Settings" page of the OfficeScan XG web console does not include the new Windows Server 2016 platform.
Solution: This hotfix adds the new Windows Server 2016 platform to the supported platform list on the "Additional Service Settings" page.
- Hotfix 1640 (JIRA 7354)
Issue: The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution: This hotfix ensures that the TmListen service checks the "hotfix_history.ini" file and updates the build number during start up.
- Hotfix 1640 (VRTS 994)
Issue: Attackers may be able to launch Pre-Auth Server Side Request Forgery attacks through the "help_Proxy.php" functionality.
Solution: This hotfix resolves this issue by updating the "help_Proxy.php" file and hard-coding it to connect to the Trend Online Help page.
- Hotfix 1640 (JIRA 4418)
Issue: OfficeScan clients running on Windows platforms stop responding while shutting down or restarting.
Solution: This hotfix prevents this issue by improving the way processes read information using the lookaside list when the Unauthorized Change Prevention Service is de-initializing.
- Hotfix 1640 (JIRA 7825)
Issue: The Outbreak Prevention Policy cannot block access to SMB shared folders.
Solution: This hotfix enables OfficeScan to terminate the current connection when enabling the Outbreak Prevention Policy to help ensure that the policy can block access to SMB folders successfully.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder
on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually
add the following key and set its value to "1".
[Global Setting]
cnqConnectionTermination=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the
"Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro
\PC-cillinNTCorp\CurrentVersion\Misc.
Key: cnqConnectionTermination
Type: DWORD
Value:
0 = OfficeScan does not support network re-establish
1 = OfficeScan supports network re-establish
Note: This function works only on computers that
retrieve its IP address from the DHCP server
automatically.
- Hotfix 1640 (JIRA 7580)
Issue: An issue prevents users from adding another gateway IP address for an endpoint location.
Solution: This hotfix ensures that users can configure additional gateway IP addresses for an endpoint location.
- Hotfix 1640 (VRTS 986)
Issue: A vulnerability may allow a remote unauthenticated attacker to download the "crypt.key" file from the OfficeScan server through HTTP requests.
Solution: This hotfix resolves the vulnerability.
- Hotfix 1640 (JIRA 5670)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 58.0.3029.81.
- Hotfix 1640 (JIRA 6057)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 to support Chrome 58.0.3029.81.
- Hotfix 1640 (JIRA 4910)
Enhancement: This hotfix enables Administrators to use an apostrophe (') in the "Description" text box when they add or modify a web console account.
- Hotfix 1640 (JIRA 6057)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 to support Chrome 58.0.3029.81.
- Hotfix 1640 (JIRA 7327)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 to support Google(TM) Chrome version 59.0.3071.86
- Hotfix 1640 (JIRA 7223)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to bypass iTunes blocking and so that iPhone can still be charged while Device Control is enabled.
To configure the new setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set its value.
[Configure]
bypass_itunes_nonstor_usb_dc = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents.
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
bypass_itunes_nonstor_usb_dc=true
- Hotfix 1640 (JIRA 4973)
Enhancement: This hot fix provides additional details in the Component Update Details log files. It includes the following information:
- Domain Hierarchy of endpoint
- IP Address of endpoint
- Hotfix 1640 (JIRA 8495)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to support the following Google(TM) Chrome versions:
- Google(TM) Chrome version 58.0.3029.110m.
- Google(TM) Chrome version 59.0.3071.86
- Hotfix 1640 (JIRA 9269)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to support the following Google(TM) Chrome versions:
- Google(TM) Chrome version 58.0.3029.110m.
- Google(TM) Chrome version 59.0.3071.86
- Hotfix 1640 (SBM 356627)
Enhancement: This hotfix adds an assessment mode for ransomware. In assessment mode, OfficeScan will not terminate the suspected ransomware process but creates a log for it.
Procedure: To enable assessment mode:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set each to "1".
[Global Setting]
EnableADCAssessMode=1
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
EnableADCAssessModeNotification=1
Value: 0 = no popup notification in the system tray icon
1 = a popup notification appears in the system tray icon
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
Key: EnableADCAssessMode
Type: DWORD
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
Key: EnableADCAssessModeNotification
Type: DWORD
Value: 0 = does not have popup notification in system tray icon
1 = have popup notification in system tray icon
- Critical Patch 1641r1 (VRTS 972)
Issue: The 3rd party AmMap application has multiple cross-site scripting (XSS) vulnerabilities that allows remote attackers to inject arbitrary web or HTML scripts.
Solution: This hot fix resolves the XSS vulnerability.
- Hotfix 1656 (JIRA 9014)
Issue: An issue related to the OfficeScan UMH driver triggers BSOD.
Solution: This hotfix updates the UMH driver to resolve the issue.
- Hotfix 1656 (VRTS 1012)
Issue: Remote unauthenticated attackers may be able to query NT domains through the OfficeScan XG "cgiGetNTDomain.exe" process.
Solution: This removes the vulnerability.
- Hotfix 1660 (JIRA 7249)
Issue: The OfficeScan Predictive Machine Learning feature blocks users from publishing documents from Microsoft Outlook.
Solution: This hotfix changes the share write property of the ATSE to resolve this issue.
- Hotfix 1660 (JIRA 7730)
Issue: BSOD occurs when users run Microsoft Office on OfficeScan client computers.
Solution: This hotfix removes an unnecessary string comparison step to ensure that Microsoft Office runs normally on protected computers.
- Hotfix 1660 (JIRA 8631)
Issue: Sometimes, the Windows Security Center indicates that OfficeScan is not running even when it is enabled and running and sends users an important message to enable the OfficeScan Antivirus.
Solution: This hotfix updates the OfficeScan agent file to resolve the issue.
- Hotfix 1660 (JIRA 9007)
Issue: OfficeScan agents display the following message even when the program components are up-to-date.
"Update Now: You have not received a new update in 1 days."
Solution: This hotfix updates the OfficeScan agent program to resolve the issue.
- Hotfix 1666 (VRTS 1115)
Issue: Web server details gathered from the banner may allow attackers to search and launch automated attacks from commonly-found web sites which may lead to website defacement or denial of service.
Solution: This hotfix resolves the vulnerability.
- Hotfix 1666 (JIRA 10356)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This hotfix changes to add some sharing mode for the file open.
- Hotfix 1666 (JIRA 9016)
Issue: An issue related to the Unauthorized Change Prevention service can prevent the OfficeScan Device Control feature from applying the correct policies in computers running on the Windows 10 platform.
Solution: This hotfix allows users to enable OfficeScan to support the detection and termination of processes on USB drives using the "run as admin" feature. This helps resolve the issue.
Procedure: To enable the new settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder
on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually
add the following key and set its value to "1".
[Global Setting]
EnableDACTerminate=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the
"Agents > Global Agent Settings" screen.
g. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: EnableDACTerminate
Type: DWORD
Value: 1
f. Restart the Behavior Monitoring service on clients.
- Critical Patch 1680 (VRTS 989)
Issue: A PHP file in OfficeScan XG may be vulnerable to an MITM/RCE vulnerability.
Solution: This Critical Patch resolves the potential vulnerability.
- Critical Patch 1680 (VRTS 1018)
Issue: A vulnerability may allow remote attackers to query PHP information while the "analyzeWF.php" file runs.
Solution: This Critical Patch secures the information in "analyzeWF.php".
- Critical Patch 1680 (VRTS 1020)
Issue: The OfficeScan XG program may be affected by a host header injection vulnerability.
Solution: This Critical Patch resolves the vulnerability by enabling OfficeScan to use "$_SERVER['SERVER_NAME']" instead of "$_SERVER['HTTP_HOST']" in the "db_controller.php" file.
- Critical Patch 1680 (VRTS 1052)
Issue: A vulnerability may allow a remote unauthenticated attacker to trigger the EXE process to stop unexpectedly by forcing the "LogonUser" parameter to exceed the 256-character limit.
Solution: This Critical Patch resolves the vulnerability.
- Critical Patch 1680 (SEG 11451)
Issue: The Realtime Scan is disabled unexpectedly after Autopcc runs.
Solution: This Critical Patch ensures that Real-time Scan is not disabled unexpectedly after Autopcc runs.
- Critical Patch 1680 (SEG 10130)
Issue: The contents of the CCSF ZIP file cannot be extracted successfully which prevents some OfficeScan agents from updating successfully.
Solution: This Critical Patch enables OfficeScan to attempt to extract the contents of the CCSF ZIP file continuously even when other process are using the file.
- Hotfix 1692 (VRTS 1284)
Issue: A Use-After-Free vulnerability affecting the firewall driver may cause the computer to stop unexpectedly.
Solution: This hotfix resolves the vulnerability.
- Hotfix 1692 (JIRA 11492)
Issue: When DLP is enabled on Microsoft(TM) Windows(TM) 10.14393 platforms, "mscorsvw.exe" stops responding.
Solution: This hotfix resolves the issue by updating the iDLP module to add "mscorsvw.exe" to its approved list.
- Hotfix 1692 (JIRA 10631)
Issue: The extension names of quarantined files disappear after these files are restored from the quarantine folder. This happens because the file extension name exclusion list is overwritten with an empty string during file restoration.
Solution: This hotfix enables OfficeScan to restore the complete file extension name exclusion list to ensure that quarantined files are restored with the correct extension names.
- Hotfix 1692 (JIRA 11771)
Issue: The "file extensions" field under the "File Attributes DLP identifier" section does not accept entries that contain an underscore "_".
Solution: This hotfix updates the Trend Micro Data Loss Prevention(TM) (DLP) module to enable the "file extensions" field to support the underscore character "_".
- Hotfix 1692 (JIRA 6439)
Issue: When DLP is enabled on Windows 8.1 platforms, some programs may stop unexpectedly.
Solution: This hotfix resolves the issue by updating the iDLP module to enable it to retrieve the correct path to the Microsoft "wow64.dll" module.
- Hotfix 1692 (JIRA 8975)
Issue: An issue prevents the DLP module from parsing sender email address information on OWA web mail.
Solution: This hotfix add a function in the iDLP module which helps ensure that it can parse sender information in Office 365 web mail correctly.
- Hotfix 1692 (JIRA 10980)
Issue: The account and password setting for the external proxy server do not support the hash special character "#".
Solution: This hotfix resolves a broken jquery Ajax call to ensure that the account and password setting for the external proxy server supports special characters.
- Hotfix 1692 (JIRA 11342)
Issue: An issue related to the Anti-exploit Protection function might cause Internet Explorer to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Agent files to resolve the issue.
- Hotfix 1692 (JIRA 12076)
Issue: The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues and application connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
- Hotfix 1692 (JIRA 7783)
Issue: The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues and application connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
- Hotfix 1692 (JIRA 7318)
Issue: The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues and application connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
- Hotfix 1692 (JIRA 9646)
Issue: There is a compatibility issue between some printers and OfficeScan predictive machine learning.
Solution: This hotfix fixed the compatibility issue.
- Hotfix 1692 (JIRA 11404)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support the following Google Chrome versions:
- Google Chrome 60.0.3112.78
- Google Chrome 60.0.3112.90
- Hotfix 1692 (JIRA 12182)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support the following Google Chrome versions:
- Google Chrome 60.0.3112.78
- Google Chrome 60.0.3112.90
- Hotfix 1692 (JIRA 4974)
Enhancement: This hotfix enables OfficeScan to send detected pattern information to the Control Manager server to add to the "Detailed Virus/Malware Information" data view of ad hoc queries. This feature also requires the application of Control Manager Hotfix 3630 or any later hotfix on the Control Manager server.
- critical patch 1708 (JIRA 9298)
Issue: A sharing violation prevents Autopcc from working on computers where the OfficeScan agent is already installed.
Solution: This critical patch creates a new backup folder to prevent the sharing violation and ensure that Autopcc works normally on OfficeScan agent computers.
- critical patch 1708 (JIRA 12165)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This critical patch changes to add some sharing mode for the file open.
- critical patch 1708 (JIRA 12255)
Issue: In the Windows Server 2003 platform, OfficeScan agents display the following message even when the program components are up-to-date.
"Update Now: You have not received a new update in 1 days."
Solution: This critical patch updates the OfficeScan agent program to resolve the issue.
- critical patch 1708 (JIRA 11606)
Issue: OfficeScan agents receive C&C callback detected alerts for IPs in the approved list.
Solution: This critical patch resolves a file path issue to help ensure that IPs in the approved list do not trigger C&C callback detected alerts.
- critical patch 1708 (JIRA 11651) / (JIRA 3758)
Issue: The OfficeScan server cannot register to the EdgeServer when TLS 1.0 is disabled.
Solution: This critical patch enables the EdgeServer to support TLS 1.1 and 1.2.
- critical patch 1708 (JIRA 9066)
Enhancement: This critical patch enhances the Behavior Monitoring and Predictive Machine Learning features to better detect and prevent ransomware infections from files, and improves the protection against ransomware threats during outbreak situations.
- critical patch 1708 (JIRA 11754)
Enhancement: This critical patch speeds up the approved and blocked list comparison for supported web services, including Dropbox, Google Drive, Gmail, and others.
- critical patch 1708 (JIRA 11495)
Enhancement: This critical patch adds the "Japan: Driving License Number" validator.
- Hotfix 1714 (JIRA 10553)
Issue: The OfficeScan agent status information on the Control Manager web console does not match the information in the OfficeScan web console.
Solution: This hotfix ensures that the OfficeScan agent status information on the Control Manager web console is consistent with the information on the OfficeScan web console.
- Hotfix 1714 (JIRA 10964)
Issue: The OfficeScan Predictive Machine Learning feature blocks users from publishing documents from Microsoft Outlook.
Solution: This hotfix moves the file property extraction step to a later stage to ensure that users can publish documents from Microsoft Outlook.
- Hotfix 1714 (JIRA 11381)
Issue: The OfficeScan agent reports a false positive detection after enabling the Anti-exploit Protection feature.
Solution: This hotfix updates the OfficeScan agent to prevent the false positive detection.
- Hotfix 1714 (JIRA 11966)
Issue: BSOD occurs on protected computers running on unsupported Windows versions.
Solution: This hotfix removes the API hooking mechanism for unsupported Windows versions to prevent BSOD in these computers.
- Hotfix 1714 (JIRA 9408)
Issue: An issue prevents users from browsing through folders in Huawei smart phones connected to a protected computer when the OfficeScan Data Protection Service is enabled.
Solution: This hotfix enables OfficeScan to discard Huawei smart phone cdrom device instance to ensure that users can browse folders in a connected Huawei smart phone in MTP mode.
- Hotfix 1714 (JIRA 9246)
Issue: An issue prevents users from using the Huawei Mobile Broadband Airtel 4G Model device connected to a protected computer when the OfficeScan Data Protection Service is enabled.
Solution: This hotfix enables OfficeScan to discard the Huawei Mobile Broadband Airtel 4G Model device instance to ensure that users can browse the Internet using the device when the OfficeScan Data Protection Service is enabled.
- Hotfix 1714 (JIRA 11396)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 to use the Data Protection Application Pattern to support Google Chrome and the list of approved processes.
- Hotfix 1714 (JIRA 10766)
Enhancement: This hotfix updates the pop-up message that appears when OfficeScan agents that are being moved to another OfficeScan server have mismatched certificates.
- Hotfix 1714 (JIRA 12808)
Enhancement: This hotfix adds the ""Nigeria: Verve IIN (Issuer Identification Number"" validator.
- Hotfix 1717 (JIRA 10791)
Issue: The OfficeScan Behavior Monitoring feature may cause certain third-party programs that are in its approved list to stop responding.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "SkipNotificationEvent" key and set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 1717 (JIRA 11327)
Issue: The OfficeScan Behavior Monitoring feature may cause a protected computer to stop responding while the feature checks the file signature on a UNC path.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 1717 (JIRA 11705)
Issue: The OfficeScan Behavior Monitoring feature may cause performance issues while the protected computer runs certain programs that are in the Behavior Monitoring approved list.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder
on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the
"SkipNotificationEvent" key and set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the
"Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry
entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 1717 (JIRA 13146/JIRA 13181)
Issue: BSOD occurs while a protected computer starts up because the UMH driver attempts to access a corrupted cache.
Solution: This hotfix updates the UMH module to resolve the issue.
- Hotfix 1717 (JIRA 13293)
Issue: The MPS feature of iDLP cannot be disabled on OfficeScan agents.
Solution: This hotfix provides a way for users to disable the MPS feature on OfficeScan agents.
Procedure: To disable the email multi part scan mode in the DLP
function and globally deploy this setting to all
OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder
of the OfficeScan server.
c. Under the "Global Setting" section, manually add the
following key and set its value to "0".
[Global Setting]
EnableDlpMPScan=0
NOTE: To enable the setting again, set
"EnableDlpMPScan=1".
d. Save the changes and close the file.
e. Open the OfficeScan server management console and
click "Agents > Global Agent Settings" on the main
menu to access the "Global Agent Settings" page.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to agents
and adds the following registry entry on all agent
computers:
Path: HKLM\SYSTEM\SOFTWARE\Wow6432Node\TrendMicro\
PC-cillinNTCorp\CurrentVersion\DlpLite
Key: EnableMPScan
Type: dword
Value: 0
Note: The OfficeScan agent needs to reload after enabling/disabling the MPS feature.
- Hotfix 1717 (JIRA 13723)
Issue: The DLP version appears as 0.0.0 on both the management console and agent console.
Solution: This hotfix ensures that the correct DLP version appears on both the management console and agent console.
- Hotfix 1721 (JIRA 4624)
Issue: The OfficeScan Behavior Monitoring feature may cause certain approved third-party programs to take longer to load on protected computers.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 1721 (JIRA 11500/JIRA 12079)
Issue: DLP Endpoint SDK 6.2 sometimes cannot block users from uploading files that contain sensitive information to "outlook.live.com" and "facebook.com".
Solution: This hotfix updates the DLP module to enhance support for both websites to ensure that the module can block files with sensitive information from being uploaded onto these websites.
- Hotfix 1721 (JIRA 12101/JIRA 12045)
Issue: The Trend Micro Unauthorized Change Prevention Service uses up a large amount of CPU resources.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
- Hotfix 1721 (JIRA 12552)
Issue: The OfficeScan manual scan exclusion feature may not work properly while the suspected malware process is still running.
Solution: This hotfix updates the OfficeScan agent program to resolve the issue.
- Hotfix 1721 (JIRA 13772/13380)
Issue: When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys under the TmLwf registry key, which causes the software installation to fail.
Solution: This hotfix adds a key to disable the self-protection only function of the TmLwf registry key, which resolves this issue.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SP_DisableTmLwfRegistryKeyProtection=1
Value: 1 = Disable TmLwf registry key self-protection only
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
Key: SP_DisableTmLwfRegistryKeyProtection
Type: DWORD
Value: 1 = Disable TmLwf registry key self-protection only
g. Restart the OfficeScan agents
- Hotfix 1721 (JIRA 12859)
Issue: A user requests for a way to add the following information into DLP log notifications under the digital asset email notifications:
- Process
- Source
- Destination
- Incident ID
Solution: This hotfix updates the OfficeScan Master Service to support the following tokens in DLP log notifications.
- %PROCESS%
- %SOURCE%
- %DESTINATION%
- %VIOLATIONID%
- Hotfix 1721 (JIRA 12080)
Enhancements: This hotfix provides a way for users to configure OfficeScan agents to automatically disconnect an established connection and to re-establish a connection when the OfficeScan server triggers a network isolation function. Users can move OfficeScan agents to specific domains that are defined to apply network isolation.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set values.
[Global Setting]
PFWPolicyWithConnectionReset=1
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
PFWPolicyWithConnectionResetDomainList=Domain_Name
For example: Workgroup, Domain1
Provide a domain name or domain list use for network isolation.
PFWPolicyWithConnectionResetDurationInSec=30
Value: 0 = Disable connection reset
30 = Rest connection in 30 seconds (default value)
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
Key: PFWPolicyWithConnectionReset
Type: DWORD
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
Key: PFWPolicyWithConnectionResetDomainList
Type: String
Value: Domain_name set by user
Example: Workgroup, Domain1
Key: PFWPolicyWithConnectionResetDurationInSec
Type: DWORD
Value: 0 = Disable connection reset
30 = Rest connection in 30 seconds
Note: Restart the endpoint to update the Common Firewall module of OfficeScan agents.
- Hotfix 1721 (JIRA 4976)
Enhancements: This hotfix enables the OfficeScan Update Agent to check and verify the MD5 component of all downloaded program files and to automatically re-download or continue the transmission if it detects corrupted files.
Procedure: To enable the Update Agent to check and verify the MD5
component of downloaded program files and
automatically re-download or continue the transmission
if it detects corrupted files:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\"
folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add
the following keys and set each to "1".
[Global Setting]
UAProgramZipFullCheck=1 (Enabled).
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the
"Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
PC-cillinNTCorp\CurrentVersion\Misc.\
or
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
TrendMicro\PC-cillinNTCorp\
CurrentVersion\Misc.\
Key: UAProgramZipFullCheck
Type: DWORD
Value: 0 = Disable
1 = Enable
- Hotfix 1721 (JIRA 13686/JIRA 13667/JIRA 13707)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 starts to support the following Google Chrome versions:
- Google Chrome 60.0.3112.90
- Google Chrome 60.0.3112.113
- Google Chrome 61.0.3163.79
- Google Chrome 61.0.3163.91
- Hotfix 1729 (JIRA 13054)
Issue: Some OfficeScan agents may not be able to retrieve settings completely from an update agent when there are special characters in the BM exception list.
Solution: This hotfix ensures that the agents can retrieve the complete settings from an update agent.
- Hotfix 1729 (JIRA 1056)
Enhancements: This hotfix updates the Trend Micro Osprey Firefox Extension and enables it to support Firefox 51 and later versions.
- Hotfix 1736 (JIRA 14538)
Issue: Enabling the Browser Exploit Prevention (BEP) feature causes Microsoft Internet Explorer to crash when opening certain websites that were added to the Web Reputation Approved List.
Solution: This hotfix updates the Browser Exploit Prevention component to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "\PCCSRV\" folder
on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the
"DisableJSHook" key and set its value to "1".
[Global Setting]
DisableJSHook=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the
"Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry
entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP\SAL
Key: DisableJSHook
Type: DWORD
Value: 1
g. Restart the OfficeScan agents.
- Hotfix 1736 (JIRA 14855)
Issue: Enabling the Browser Exploit Prevention (BEP) feature may cause customers to encounter an error when accessing certain websites that were added to the Web Reputation Approved List.
Solution: This hotfix updates the Browser Exploit Prevention component to resolve the issue.
- Hotfix 1736 (JIRA 13231)
Issue: DLP Endpoint SDK 6.2 blocks VirtualBox from launching in Headless Mode.
Solution: This hotfix updates the DLP module to skip API event inspection from all VirtualBox processes.
Back to top
8. Contact Information
A license to Trend Micro software
usually includes the right to product updates, pattern file updates, and
basic technical support for one (1) year from the date of purchase only.
After the first year, you must renew Maintenance on an annual basis at
Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone,
and email, or visit our website to download evaluation copies of Trend
Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
Note: This information is subject to
change without notice.
Back to top
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Copyright 2017, Trend Micro Incorporated. All rights reserved.
Trend Micro, OfficeScan, Data Loss Prevention, and the t-ball logo
are trademarks of Trend Micro Incorporated and are registered in
some jurisdictions. All other marks are the trademarks or
registered trademarks of their respective companies.
Back to top
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/.
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide
Back to top