<> Trend Micro Incorporated January 18, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) XG Hotfix - Server Build 1308 and Agent Module Build 1200 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: Trend Micro developed this hotfix as a workaround or solution to a problem reported by customers. As such, this hotfix has received limited testing and has not been certified as an official product update. Consequently, THIS HOTFIX IS PROVIDED "AS IS". TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS HOTFIX NOR DOES TREND MICRO WARRANT THIS HOTFIX AS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Hotfix Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Hotfix Release Information ====================================================================== 1.1 Issues =================================================================== This hotfix resolves the following issues: (TT352397) Issue 1: The "Last Spyware Detection(Real-time)" agent information column name shows as "Last Spyware Scan(Real-time)" in the exported CSV file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the program and modifies the "Last Spyware Scan(Real-time)" column name to "Last Spyware Detection(Real-time)" in the CSV file. (TT358345) Issue 2: SQL exceptions somehow continue to occur in the system event log and causes Internet Information Services (IIS) to crash. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the OfficeScan server files to ensure that the OfficeScan server and IIS server works properly. (TT358044) Issue 3: The Microsoft(TM) Windows(TM) Event Log generates too many messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix enables OfficeScan to extend the cache time to 12 hours. (TT358404) Issue 4: On some OfficeScan agents managed by the Update Agent (UA), the OfficeScan agent icon on the Microsoft(TM) Windows(TM) task bar may be shaded red and blue repeatedly and shows a "Protection at Risk" message. This issue occurs since the Real-time Scan service is not functional. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix updates the OfficeScan server and agent programs to ensure that the OfficeScan agents managed by the Update Agent can work normally without errors. (TT358940) Issue 5: Compatibility issues occur between the third-party OpenSSL libraries used in the new types of processors (for example, the Apollo Lake Intel(TM) Pentium(R) processor). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix replaces the OfficeScan server files to resolve this issue. (TT358516) Issue 6: A performance enhancement introduced a negative side effect that causes a memory leak on "NTRtScan.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix disables the performance enhancement to resolve this issue. (TT358095) Issue 7: DLP does not block the drag-and-drop of files from current Webmail sites (such as "Outlook.office.com" or "Outlook.live.com) when users use Google Chrome to access these Webmail sites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix ensures that OfficeScan does not leak sensitive information when users use Google Chrome to access these Webmail sites. 1.2 Enhancements =================================================================== The following enhancement is included in this hotfix: (TT357444) Enhancement: This hotfix enables users to generate the Secure Sockets Layer (SSL) certificate with SHA-256 signature algorithm and 2048-bit public key for the OfficeScan web site, which is installed on Microsoft(TM) Internet Information Services (IIS) through the "SvrSvcSetup.exe" tool. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To generate the SSL certificate with SHA-256 signature algorithm and 2048-bit public key, and manually renew the IIS SSL certificate: a. Install this hot fix (see "Installation"). b. Log on as administrator, open a command prompt, and navigate to the "\PCCSRV\" directory. c. Run the following command: SvrSvcSetup.exe -GenIISCert A new SSL certificate is generated and is automatically added to the IIS SSL certificate store. d. Open the IIS Manager console (inetmgr.exe). e. Right-click the OfficeScan web site, and then click "Edit Bindings...". f. When the "Site Bindings" window opens, select "https type" and click "Edit...". g. Select the newly-created SSL certificate and click "OK". Note: Click the "View..." option to view the SHA256 signature algorithm and 2048-bit public key. h. Click "Close". 1.3 Files Included in this Release =================================================================== A. Files for Current Issue ------------------------------------------------------------------- Filename Build Number --------------------------------- ------------ PCCSRV\Admin\Utility\SQL\*.* CGIResUTF8.dll 12.0.0.1308 CmdHLClient.dll 12.0.0.1308 CmdHOConsole.dll 12.0.0.1308 DbServer.exe 12.0.0.1308 libCmdHndlrConsoleV2.dll 12.0.0.1308 libCmdHndlrDda.dll 12.0.0.1308 libSQLDatabaseUpgrade.dll 12.0.0.1308 OfcService.exe 12.0.0.1308 cgiExportInfo.exe 12.0.0.1308 cgiOnQueryClientBindPort.exe 12.0.0.1308 SvrSvcSetup.exe 12.0.0.1308 out_of_management_scope.htm fcWofieUI.dll (32/64-bit) 13.0.0.1200 NTRmv.exe (32/64-bit) 13.0.0.1200 NTRtScan.exe (32/64-bit) 13.0.0.1200 OfcCCCAUpdate.exe (32/64-bit) 13.0.0.1200 OfcPIPC.dll 13.0.0.1200 OfcPIPC_64x.dll 13.0.0.1200 PccNTMon.exe (32/64-bit) 13.0.0.1200 TmListen.exe (32/64-bit) 13.0.0.1200 TmSock.dll 13.0.0.1200 TmSock_64x.dll 13.0.0.1200 Upgrade.exe (32/64-bit) 13.0.0.1200 tmxfalcon.dll (32/64-bit) 1.0.0.1086 ICRCHdler.dll (32/64-bit) 2.82.0.1025 libcurl.dll (32/64-bit) 7.49.1.0 libeay32.dll (32/64-bit) 1.0.2.10 perfiCrcPerfMonMgr.dll (32/64-bit) 2.82.0.1025 ssleay32.dll (32/64-bit) 1.0.2.10 CCSF_WIN32.zip CCSF_X64.zip falcon32.zip falcon32.sig falcon64.zip falcon64.sig DlpLite_Common.zip DlpLite_Common_x64.zip B. Files for Previous Issues ------------------------------------------------------------------- Not applicable. C. Network Traffic Required in Deployment ------------------------------------------------------------------- Estimated size (in terms of bandwidth) of deployed agent files in this hot fix. - 32-bit agent total = 44.5 MB - 64-bit agent total = 60.4 MB 2. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com. 3. System Requirements ====================================================================== Trend Micro recommends installing OfficeScan XG server build before installing this hotfix. 4. Installation ====================================================================== This section explains key steps for installing the hotfix. 4.1 Installing =================================================================== To install: 1. Copy the hotfix executable file to a temporary folder on the server, for example, "C:\temp". 2. Double-click the file. The modules are automatically copied to the correct destination. This hotfix installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback. 4.2 Uninstalling =================================================================== To manually roll back to the previous build: 1. Locate the backup folder that the hotfix package created in the "\PCCSRV\Backup\HotFix_B1308" directory. 2. Stop the OfficeScan Master Service. 3. Stop the OfficeScan CMAgent Service. 4. Copy the backup modules to the original folders. 5. Start the OfficeScan CMAgent Service. 6. Start the OfficeScan Master Service. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ====================================================================== There are no known issues for this hotfix release. 7. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, OfficeScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide