<<<>>> Trend Micro Incorporated August 9, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) 5.80 English Version for Microsoft(TM) Windows(TM) and Novell(TM) Netware(TM) Patch 4 - Build 1510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents =================================================================== 1. About ServerProtect 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About ServerProtect ====================================================================== ServerProtect is an award-winning software that protects file servers on corporate networks. It is specifically designed to protect the entire network from viruses of any kind by adopting advanced virus-catching technology to help ensure that your network stays virus-free. ServerProtect detects new file infections, identifies viruses in existing files, and detects activity indicating that an unknown virus may have entered the network environment on either the server or workstation. 1.1 Overview of this Release =================================================================== This Patch includes all modifications released since ServerProtect 5.80 General Release Build 1116. 1.2 Who Should Install this Release =================================================================== You should install this Patch if you are running ServerProtect 5.80 for Microsoft Windows and Netware Build 1116 or any higher version. 2. What's New ====================================================================== NOTE: Please install this Patch before completing any procedure in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [Hotfix 1485 EN] [Hotfix 1487 JP] Virus Names - This patch enables ServerProtect 5.8 for Windows Server and NetWare to display the long virus names instead of the short virus names to provide users with more accurate information. Enhancement 2: [Hotfix 1494 JP] Management Communication Protocol - This patch updates Management Communication Protocol (MCP) SDK to version 5.0.0.2270 to enable the system to provide several cipher suites when starting an HTTPS connection. 2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: The Normal Server tray icon refreshes frequently and sometimes causes performance issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1372 JP] [Hotfix 1407 EN] This patch provides a hidden key that allows users to configure the frequency of refreshing the tray icon. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: a. Install this patch (see "Installation"). b. Open a registry editor on the Normal Server. c. Add the following key and set the preferred value. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: TrayRefreshIntervalInSecond Type: DWORD Value: This is the preferred interval of refreshing the tray icon and supports any value from 0 to 86,400. Setting this key to 0 means the tray icon never refreshes. d. Restart the Normal Server to make the hidden key available. Issue 2: Sometimes, Trend Micro Control Manager(TM) displays a message stating that it failed to deploy pattern or engine files to the ServerProtect Normal Server, even when the Normal Server updated the pattern or engine files successfully. This occurs because if the ServerProtect Control Manager Agent (CMAgent) does not receive the deploy result in one minute, it sends an update failed result to Control Manager without checking the actual update result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1373 JP] This patch enables users to configure the time-out value of the CMAgent for ServerProtect. Users should configure this value depending on their current network conditions to help resolve this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure the time-out value: a. Install this patch (see "Installation). b. Open a registry editor on the Information Server. c. Add the following registry key and set its value to the preferred time-out value in seconds depending on the current network conditions. This key supports values between 60 and 600 seconds. Path: - 32-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - 64-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\ SPNT Key: SocketTimeoutSeconds Type: DWORD Value: preferred timeout value between 60 and 600 seconds Issue 3: An issue prevents the Management Communication Protocol (MCP) CMAgent in ServerProtect from syncing empty domain entities with Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1439 EN] This patch resolves the issue so that the ServerProtect MCP CMAgent can successfully sync empty domain entities with Control Manager. Issue 4: An issue prevents Control Manager from updating the status of a ServerProtect Information Server immediately after the server starts or stops, as a result, the wrong server status may appear on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1445 JP] This patch resolves the issue to ensure that Control Manager updates the status of ServerProtect Information Servers immediately after the servers start or stop. Issue 5: ServerProtect 5.80 for Windows Patch 5 sends the wrong SNMP trap OID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1447 JP] This patch ensures that ServerProtect 5.80 for Windows Patch 5 sends the correct SNMP trap OID. Issue 6: The CMAgent for ServerProtect 5.8 sends the version information of the Damage Cleanup Engine (DCE) to Control Manager in the wrong format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1448 EN] This patch ensures that the CMAgent for ServerProtect 5.8 sends the DCE version information to Control Manager in the correct format. Issue 7: The CMAgent for ServerProtect 5.8 sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the wrong format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1450 EN] This patch ensures that the CMAgent for ServerProtect 5.8 sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the correct format. Issue 8: The CMAgent for ServerProtect 5.8 may timeout while registering to Control Manager when the Information Server is connected to a large number of Normal Servers and some of these Normal Servers are off-line or are experiencing network connection issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1450 EN] This patch reduces the waiting time for retrieving information from each Normal Server to reduce the possibility of CMAgent for ServerProtect 5.8 timeout under the scenario described above. Issue 9: If the Windows Server does not contain the "msvcr71.dll" library after applying ServerProtect 5.80 for Windows Japanese Version Patch 5, the MCP CMAgent service will not install successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1451 JP] This patch adds the "msvcr71.dll" library to the "[Product Folder]\Trend\SProtect\CMAgent" folder. Issue 10: The CMAgent for ServerProtect 5.8 for Windows sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the wrong format. As a result, up-to-date Normal Server components appear out-dated on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1452 JP] This patch ensures that the CMAgent for ServerProtect 5.8 for Windows sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the correct format to ensure that the correct Normal Server component status appears on the Control Manager console. Issue 11: After ServerProtect 5.8 for Microsoft Windows registers to a Control Manager server, its MCP CMAgent service cannot start when the Control Manager server is not available. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1453 EN] This patch ensures that the MCP CMAgent service can start successfully in the scenario described above by enabling it to attempt to register to the Control Manager server every 20 seconds until it can successfully register to the server. Issue 12: If a domain name in ServerProtect for Windows 5.8 contains Japanese characters, the "CMAgent.exe" process may stop unexpectedly while the MCP CMAgent registers to a Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 1455 JP] This patch enables the MCP CMAgent to handle Japanese characters in the domain name correctly to ensure that it can register to a Control Manager server successfully. Issue 13: The image path for the ServerProtect CMAgent service is not enclosed in quotation marks. This may trigger a CWE-428 issue that can prevent the CMAgent service from starting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Hotfix 1455 JP] This patch enables ServerProtect to check if the image path of its CMAgent is enclosed in quotation marks and to add these to the path when necessary. This patch also ensures that ServerProtect uses quotation marks to enclose the image path of the CMAgent during CMAgent installation. Issue 14: The ServerProtect Normal Server may stop unexpectedly when users stop a manual scan through the management console. This happens because under this scenario, the ServerProtect Normal Server may attempt to access a memory resource that has just been released from the manual scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: [SPEMC Hotfix 1460 EN] [Hotfix 1459 JP] This patch ensures that ServerProtect releases memory resources properly when terminating a manual scan. Issue 15: An issue prevents the exclusion extensions setting from working normally after the Normal Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: [Hotfix 1465 EN] This patch resolves the issue to ensure that the exclusion extensions setting works normally. Issue 16: The CMAgent for ServerProtect may stop unexpectedly while running vulnerability scanner tools. This happens if the CMAgent receives unexpected data from any of the vulnerability scanner tools which then trigger an exception error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Hotfix 1467 JP] This patch enables the ServerProtect CMAgent to handle the exception which helps prevent it from stopping unexpectedly when it receives unexpected data from vulnerability scanner tools. Issue 17: The CMAgent of ServerProtect stops unexpectedly after starting simultaneously with Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Hotfix 1468 JP] This patch ensures that the ServerProtect CMAgent works normally. Issue 18: An issue prevents the exclusion extensions setting from working normally after the Normal Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [Hotfix 1470 JP] This patch resolves the issue to ensure that the exclusion extensions setting works normally. Issue 19: Before scanning a compressed file, ServerProtect first determines whether the file can be scanned or not by checking if the content file size exceeds the maximum content file size configured by the user. There is no limitation to the value that users can set the maximum content file size to. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [Hotfix 1471 JP] This patch limits the value of the maximum content size to 2 GB. After applying this patch, the Management Console will not allow users to set the maximum content size to any value larger than 2 GB. Issue 20: If the CMAgent service starts before the EarthAgent service, the Normal Server may appear offline in the Control Manager status bar even when it is actually online. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: [Hotfix 1473 JP] This patch enables CMAgent to continuously register to the Information Server while it starts up and to check if the Module_Active task has been completed when the Information Server service starts. This helps ensure that the correct Normal Server status appears on the Control Manager status bar. Issue 21: When ServerProtect 5.8 for Windows Server and NetWare Patch 3 is installed on Microsoft Windows Server 2016, the wrong platform version appears on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: [Hotfix 1489 EN] This patch ensures that the correct platform version appears on the Management Console. Issue 22: When ServerProtect 5.8 for Windows Server and NetWare Patch 3 is installed on Microsoft Windows Server 2016 and registered to Control Manager, the wrong operating system information appears on the Control Manager web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: [Hotfix 1489 EN] This patch ensures that the correct operating system information appears on the Control Manager web console. Issue 23: When ServerProtect 5.8 for Windows Server and NetWare Patch 5 is installed on Microsoft Windows Server 2016 and registered to Control Manager, the wrong operating system information appears on the Control Manager web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: [Hotfix 1491 JP] This patch ensures that the correct operating system information appears on the Control Manager web console. Issue 24: When ServerProtect 5.8 for Windows Server and NetWare Patch 5 is installed on Microsoft Windows Server 2016, the wrong platform version appears on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: [Hotfix 1491 JP] This patch ensures that the correct platform version appears on the Management Console. Issue 25: After installing ServerProtect 5.80 for Network Appliance Filers Service Pack 1 Patch 1, garbled characters appear in the "action" field of email alerts for virus detected by the RPC scanner. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: [SPNAF Hotfix 1240 EN] This patch ensures that email alerts display information properly. Issue 26: When the first action fails, the second action does not appear in email virus notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [SPFS Hotfix 1126 EN] This patch ensures that the action description in email virus notifications are consistent with the information in the corresponding log records. Issue 27: The way TmNotify decides whether it should send an "EHLO" or a "HELO" command to an SMTP server does not comply with RFC 2821. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: [SPEMC Hotfix 1436 EN] This patch changes the behavior of TmNotify when deciding whether to send a "EHLO" or a "HELO" command to an SMTP server to comply with RFC 2821. Issue 28: Some SMTP servers send the response message for the "EHLO" command in two parts. However, since the TmNotify module attempts to process the response immediately after receiving the first half of the response without waiting for the second half, TmNotify would not be able to properly handle the response message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: [SPEMC Hotfix 1436 EN] This patch enables the TmNotify module to wait until it receives both parts of the response message for the "EHLO" command before processing it. Issue 29: The wrong time information appears in email notifications because TmNotify cannot handle the summer time zone correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: [SPEMC Hotfix 1436 EN] This patch enables TmNotify to correctly handle the summer time zone to ensure that the correct time information appears in email notifications. Issue 30: When ServerProtect for Storage 6.0 restarts, the corresponding item on the Control Manager console appears yellow and does not go back to green until after the MCP CMAgent service has restarted again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: [SPFS Hotfix 1150 EN] Installing this hotfix ensures that the Information Server restarts before the MCP CMAgent so that ServerProtect for Storage 6.0 appears in green on the Control Manager console after it restarts. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. To access the Online Help, go to http://docs.trendmicro.com - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get ServerProtect "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Refer to the ServerProtect for Microsoft Windows and Netware 5.80 readme file for the complete list of system requirements. 5. Installation ====================================================================== This section explains key steps for installing the patch. 5.1 Installing =================================================================== To apply this patch from the same computer as the Information Server: 1. Close the management console. If this is not running at the time of installation, proceed with the next step. 2. Copy the "spnt_580_win_en_patch4_b1510.exe" patch installation file to a temporary folder. 3. Run the patch file. The license screen appears. 4. If you disagree with the terms of the legal agreement, choose the "I do not agree with the terms of the legal agreement." option and click "Cancel" to abort the installation. Otherwise, choose the "I accept the terms of the legal agreement" and click "Next". The "readme" appears. 5. Read the contents of the readme carefully and click "Install". A message-box may appear to remind you that the Trend Micro Infrastructure (TMI) CMAgent will be migrated to MCP CMAgent only when the TMI CMAgent is installed on the Information Server. 6. If you prefer not to upgrade the TMI CMAgent to the MCP CMAgent, click "No" and the installation aborts. Otherwise, click "Yes". NOTES: - Once the TMI CMAgent is installed on the Information Server, the TMI agent will be automatically upgraded to the MCP CMAgent. - If the TMI CMAgent is not installed on the Information Server, or MCP CMAgent is not installed on the Information Server, a "Trend Micro strongly recommends installing MCP CMAgent for ServerProtect. Click "Yes" to install the MCP CMAgent now, or click "No" to install it later." message box appears after copying all patch files. If you want to install the MCP CMAgent click "Yes", otherwise, click "No". The "MCP_CMAgent.exe" installation package will be copied to the ".\SProtect\SMS\CMAgent\" folder. You can run the package to install the MCP CMAgent. - The Information Server deploys the Patch to Normal Servers 30 seconds after the installation is completed and restarts the ServerProtect services. If the installation does not complete successfully, contact Trend Micro technical support. To apply this patch to a management console that is not associated with the computer hosting the Information Server: 1. Apply the patch to the Information Server. 2. Close the management console. 3. Go to the management console home directory and backup the following files to another location. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 4. On the Information Server, copy the following files from the Information Server home directory to the management console home directory to overwrite the local files. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 5.2 Uninstallation =================================================================== To roll back to the previous build: 5.2.1 Uninstallation of Information Server and Normal Server ------------------------------------------------------------------- 1. On the Normal Server, if the Normal Server is a Microsoft Normal Server, run the following shell command to stop the Normal Server service: net stop spntsvc If the Normal Server is a NetWare Normal Server, press the "Esc" to stop the Normal Server service. 2. On the Information Server, run the following shell commands to stop the Information Server service and MCP CMAgent service: net stop earthagent net stop ServerProtectCMAgent 3. On the Normal Server, if the Normal Server is a Microsoft Normal Server, rename the backup files in the ServerProtect home directory and use them to replace the current files. The names of the backup files have "bak" in the extension. If the Normal Server is a NetWare Normal Server, open the "sys\SPROTECT\SERVICE" folder and copy the "sys\SPROTECT" folder to it to overwrite the "lprotect.nlm" file. 4. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\filegroup10" folder to the current directory. 5. On the Normal Server, if the Normal Server is a Microsoft Normal Server, run the following command to start the Normal Server service: net start spntsvc If the Normal Server is a NetWare Normal Server, run the following command to start the Normal Server service: SPNW.NCF 6. On the Information Server, run the following commands to start the Information Server service: net start earthagent 5.2.2 Uninstallation of MCP CMAgent ------------------------------------------------------------------- 5.2.2.1 Rollback to the TMI CMAgent on ServerProtect GM build ------------------------------------------------------------------- 1. On the Information Server, uninstall the MCP CMAgent from the Control Panel manually. 2. On the Information Server, open the "\SProtect\SMS\CMAgent" folder, rename "setup.exe.bak" to "setup.exe". 3. Double click "setup.exe" to reinstall the CMAgent. 5.2.2.2 Rollback to the previous MCP CMAgent version ------------------------------------------------------------------- NOTE: You do not need to rollback to the previous MCP CMAgent version if you are installing this patch. If you rollback to the previous MCP CMAgent version, you need to register to the Control Manager server again after the rollback. 1. On the Information Server, uninstall the MCP CMAgent from the Control Panel manually. 2. On the Information Server, open the "Trend\SProtect\backup\filegroup12" folder. 3. Double click "setup.exe" to reinstall the MCP CMAgent. 5.2.3 Uninstalling the Management Console ------------------------------------------------------------------- NOTE: It is not necessary to rollback the Management Console separately. You should rollback the Management Console only when it is not installed on the same machine as the Information Server. 1. On Management Console, open the backup directory of the following files in the installation section: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 2. Copy the files in the list above to the management console home directory to overwrite the local files. 6. Post-installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== The following are the known issues in this release: 7.1 Anti-Rootkit driver may not be installed successfully if users do not restart the computer after a Microsoft Windows update. =================================================================== To resolve this issue, users need to restart the computer after a Microsoft Windows update. This allows a successful Anti-Rootkit driver installation. 7.2 ServerProtect may display an incorrect group folder name on CMAgent Settings screen on Management Console. =================================================================== This patch upgrades the TMI CMAgent for ServerProtect to MCP CMAgent. Since the group folder name of ServerProtect entities is saved in the Control Manager database, ServerProtect is unable to retrieve the folder name after the upgrade, and displays the folder name as "New Entity". However, ServerProtect keeps all the entities under the original folder. To resolve this known issue: 1. Unregister ServerProtect from Control Manager through the ServerProtect Management Console. 2. Rename the group folder name. 3. Register ServerProtect to Control Manager again. 8. Release History ====================================================================== Previous releases include the following: - ServerProtect for Microsoft Windows and Netware 5.80 Patch 3, July 23, 2014 - ServerProtect for Microsoft Windows and Netware 5.80 Patch 2, January 14, 2011 - ServerProtect for Microsoft Windows and Netware 5.80 Patch 1, May 21, 2010 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: Log-purging Based on Database Size/Age - The "SpntLog.dbf" file records ServerProtect logs. Users can now configure ServerProtect to create a backup for this file when the database file exceeds the specified size or number of days, After ServerProtect creates the backup file, it generates an empty database file and renames the backup file using the time when the backup file was created in the following format: Spnt(YYYYMMDDhhmmss)_S.dbf (if triggered by database size) Spnt(YYYYMMDDhhmmss)_D.dbf (if triggered by database age) where "YYYYMMDDhhmmss" is year, month, day, hour, minute, and seconds. For example, if the backup file for "SpntLog.dbf" is created on October 24, 2001, 12 seconds after 10:53 am, and the database size exceeds the specified size, ServerProtect will rename the backup file as "Spnt20011024105312_S.dbf". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: a. Open a registry editor on normal server. b. Add the following keys and set the appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: MaxDbSize (maximum database size, in MB) MaxDbDay (maximum database age, in days) Type: DWORD Default Value: if the keys do not exist, ServerProtect purges logs when the database exceeds 10 MB c. Restart the Normal Server. Note: These two keys are independent of each other, which means that you can add one or both keys. Enhancement 2: Extension Exclusion: Patch 2 enables users to configure ServerProtect to exclude certain file name extensions from scans through the management console. 8.1.2 Resolved Known Issues =================================================================== The following known issues are resolved in this release: Issue 1: For the Information Server, users can use the scan profile as a template when they configure ServerProtect to run "Scan Now" tasks. Using the template allows the user to exclude the quarantine and backup folders from task scans. Users can enable the function by setting "RecordBack&Move=1" manually. However, a user requests that this key be enabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The "RecordBack&Move" option has been removed and users can now configure ServerProtect to exclude the quarantine and backup folders from task scans by default using the "Scan Now" settings. Issue 2: When users right-click the "Virus Cleanup Engine" column on the management console, the corresponding details are shown correctly. However, when users close and reopen the management console, the "Virus Cleanup Engine" column disappears. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: The Normal Server restarts when the deploy task includes the Rootkit Common Module (RCM) even when all components are up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. Issue 4: The Information Server encounters a general protection fault (GPF) while decrypting Remote Procedure Call (RPC) commands from the Normal Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The Information Server can now successfully decrypt RPC commands from the Normal Server. Issue 5: The following issues occur during ServerProtect pattern deployment: - NetWare needs to allocate 30 to 50 MB of memory for the deployment which may cause memory allocation failure. - While the Information Server is sending the pattern file to NetWare and the network connection is interrupted, there is no re-send process to ensure the success of the transfer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The "SPNT" ServerProtect pattern deployment process has been added to enable: - NetWare to allocate only 4 KB of memory at a time to pattern deployment. - the Information Server to re-send the pattern file to NetWare when the network connection is interrupted during transfer. Issue 6: The Normal Server stops unexpectedly when users click the Normal Server to view logs from the management console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The multi-thread mutex mechanism for querying the log database has been improved to resolve the issue. Issue 7: When a user restores the Information Server from the backup data, the created Task Data cannot be restored successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This issue has been resolved. Issue 8: Some users encounter a high CPU usage issue after a pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: Users can now disable "tsc.exe" to prevent the high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To disable "tsc.exe", open the registry editor, create the following key, and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: DisableTSCAfterPatternUpdate Type: DWORD Values: "1" = disables "tsc.exe" "0" = enables "tsc.exe" Issue 9: After migrating ServerProtect from version 5.7 or 5.58 to 5.8, a "No spyware detected" log is created in the scan results on the Normal Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This issue has been resolved. Issue 10: The generated email notification message IDs are incorrect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This issue has been resolved. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== There are no enhancements in this release. 8.2.2 Resolved Known Issues =================================================================== The following known issues are resolved in this release: Issue 1: When a pattern file update runs before a previous update task completes, the pattern file update fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: ServerProtect can now support multiple update tasks running simultaneously and now uses a time-out mechanism for update tasks. ServerProtect now also automatically terminates update tasks that do not complete within 30 minutes and creates new update tasks for these. Issue 2: Trend Micro Vulnerability Scanner can only detect ServerProtect versions released before version 5.8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: ServerProtect 5.8 now processes specific unencrypted RPC commands from the Trend Micro Vulnerability Scanner. This enables the Trend Micro Vulnerability Scanner to detect ServerProtect 5.8. Issue 3: To provide better protection, Trend Micro has made some improvements on the virus pattern file. However, this upgrade may introduce performance issues. To prevent these issues, users need to enable the Pattern Off-Load (POL) feature of the VSAPI virus scan engine, but the POL feature is not configurable in ServerProtect on a Novell NetWare Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Users cannot configure the VSAPI POL feature in ServerProtect on a Novell NetWare Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure the POL feature: a. On the Novell Netware Server, open the "spnwopt.ini" using a text editor. b. Add the "POLEnable" key and set the appropriate value. POLEnable = "1" = enables the POL feature = "0" or when the key does not exist = disables the POL feature c. Save the changes and close the file. Issue 4: Some unreadable characters may be inserted in the subject headers of SMTP notification email messages when these subject headers are encoded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Users can now enable or disable the encoding of email subject headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To enable or disable the encoding of email subject headers, add the following key to the registry and set the appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Notification Key: EnableEncode Type: DWORD Value: "0", disables the encoding of email subject headers "1", enables the encoding of email subject headers Issue 5: ServerProtect 5.80 Information Servers cannot deploy pattern information to managed ServerProtect 5.58 Normal Servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This issue has been resolved. Issue 6: BSOD may occur in "SpntSvc.exe" when a Normal Server tries to retrieve pattern file information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: ServerProtect now uses an exclusion algorithm for pattern-related APIs which resolves the issue. Issue 7: Sometimes, some unreadable characters are inserted in the message body of SMTP notification email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The message body of SMTP notification email messages are translated from Shift-JIS format to JIS format. Issue 8: "Spntsvc.exe" stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The RPC communication process between Information Servers and Normal Servers has been improved to resolve this issue. Issue 9: ServerProtect for Microsoft Windows and Novell Netware 5.8 uses the SSAPTN pattern (component id = 0x20000400) to scan for spyware and grayware. However, status logs that the ServerProtect agent sends to the Control Manager server contain the following incorrect line:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: Users can now configure the ServerProtect agent to use "SLF_TMASSA" instead of "SLF_SpywareVersion" in status logs that it sends to the Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure the ServerProtect agent to use "SLF_TMASSA" in status logs that it sends to the Control Manager Server, open a registry editor, create the following key, and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT Key: EnableTMASSA Type: DWORD Value: "0", use "SLF_SpywareVersion" "1", use "SLF_TMASSA" Issue 10: When ServerProtect for Microsoft Windows and Novell Netware attempts to perform a component update, the update fails and a "20110013" error occurs. This causes a soft abend (abnormal termination) in ServerProtect for Microsoft Windows and Novell Netware. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This issue has been resolved. Issue 11: By default, when "SpntSvc" starts, it waits for the Damage Cleanup Engine (DCE) to complete its scan before continuing with its own start up process. If DCE takes too long to scan, "SpntSvc" times out and does not start. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This issue has been resolved. Issue 12: After ServerProtect Microsoft Windows and Novell Netware registers to the Control Manager server, ServerProtect for Microsoft Windows and Novell Netware command log and virus log entries are sent to the Control Manager server's "tb_AVVirusLog" table. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: Now, only ServerProtect for Microsoft Windows and Novell Netware virus log entries are sent to the Control Manager server's "tb_AVVirusLog" table. Issue 13: ServerProtect for Microsoft Windows and Novell Netware cannot record a "ssaptn pattern out of date" message for pattern files that have version numbers above 997 even if the pattern file has been out-of-date for some time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: ServerProtect for Microsoft Windows and Novell Netware now uses the "last modify time" information of the pattern file instead of the internal timestamp information to resolve this issue. Issue 14: When the Information Server starts up, the system generally produces a new GUID, which is used to encrypt an RPC package and cannot be configured. Every time the Information Server starts up, the system changes the GUID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: Users can now prevent the system from changing the GUID during startup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To configure the GUID setting: a. Open the registry editor on the Information Server. b. Add the following key and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer Key: GUIDSwith Type: DWORD Value: "1", to Disable GUID change "0", enables GUID change Issue 15: ServerProtect 5.8 is unable to update the spyware pattern from version 0.9xx.00 to 1.xxx.00 or higher. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: ServerProtect 5.8 can now update the spyware pattern from version 0.9xx.00 to 1.xxx.00 or higher. Issue 16: When a computer restarts, the RCM will be uninstalled and the "PermCount" registry key of RCM is sometimes lost or its value increases to more than two. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: The installation type of RCM has been modified so the installation keeps the driver after using RCM or restarting. RCM is no longer uninstalled automatically when the computer restarts and "PermCount" remain normal. Issue 17: The Control Manager agent of ServerProtect 5.80 encounters a GPF when sending event logs to the Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This issue has been resolved. 8.3 Patch 3 =================================================================== 8.3.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: Normal Server Updates - Users can now configure an Information Server to regularly check the build version of Normal Servers and to automatically send a command to a Normal Server to download and apply the latest hotfix or patch if it detects that the Normal Server's build version is lower than the latest hotfix or patch on the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: a. Open a registry editor on the Information Server. b. Add the following keys and set the appropriate values. Paths: - 32-bit Information Servers: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion - 64-bit Information Servers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion Keys: - AutoUpdateNS=1, enables the feature =0, (default) disables the feature - AutoUpdateNSTime= frequency at which the Information checks the build version of Normal Servers in minutes divided by two, the default value is 30 which means 30*2=60 minutes or 1 hour Type: DWORD Enhancement 2: Product Information Updates - ServerProtect now regularly sends product information updates to the BIF server. These updates contain product information including the activation keys for ServerProtect and use the "template.xml" file. Enhancement 3: ServerProtect Icon - Users can now set whether the ServerProtect for Microsoft Windows Server and Novell Netware Icon appears or does not appear in the taskbar of Windows versions higher than Windows Server 2003. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure this option: a. Open a registry editor on the Normal Server. b. Add the following key and set the preferred value. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: isServiceTrayDisabled Type: DWORD Value: 1 = the ServerProtect icon does not appear in the Windows taskbar 0 = (default) ServerProtect icon appears in the Windows taskbar d. Restart ServerProtect. Enhancement 4: MCP - ServerProtect for Microsoft Windows Server and Novell Netware now supports MCP and allows users to register it to Control Manager through the ServerProtect Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure this option: a. Install this patch and install MCP CMAgent or migrate TMI CMAgent to MCP CMAgent. b. Click "Start > ServerProtect Management Console". c. Do one of the following -Click CMAgent Setting on the side bar. -Click "Do > CMAgent Setting" on the main menu. d. Input the corresponding information, and register to Control Manager(see online help of ServerProtect Management Console for details). NOTE: Install the "tmcm-55-win-en-sp1-patch4" update or higher version release for Control Manager 5.5, or install "tmcm_60_sp1_win_en_hfb2182" update or higher version release for Control Manager 6.0. ServerProtect may display a wrong group folder name on Management Console. See Known Issues for details. 8.3.2 Resolved Known Issues =================================================================== The following known issues are resolved in this release: Issue 1: Hotfix versions recorded in the Information Server change to incorrect values after the ServerProtect for Microsoft Windows and Netware Normal Server updates files from the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The correct hotfix versions are now recorded in the Information Server. Issue 2: Sometimes the ServerProtect for Microsoft Windows Normal Server cannot load the Rootkit Common Module (RCM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The ServerProtect for Microsoft Windows Normal Server to load the RCM without issues. Issue 3: A component update fails when the Normal Server does not create an RPC binding with the Information Server. While the Information Server has multiple IP addresses, it only uses one IP address in this situation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The Normal Server can now be configured to create an RPC binding using a fixed IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To set the Information Server's fixed IP address: a. Add the following key to the registry and set an appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\RPC Key: FIXAgentAddress Type: REG_SZ Value: Information Server's fixed IP address b. Open the "SPNSOPT.dat" file and set the value of the "HostName" key under the "FixedComputerIP" section to the preferred IP address: For example [FixedComputerIP] HostName=172.31.0.80 Issue 4: A handle leak issue occurs on "SpntSvc.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The handle leak issue is resolved. Issue 5: The Management Console receives a failed update message when the Information Server deploys a pattern update to the Normal Server while the Normal Server's pattern file is up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This issue has been resolved. Issue 6: Users cannot uninstall the ServerProtect Management Console if it is installed on a computer where both the Information and Normal Servers are installed and the installation directory is not the default folder "C:\Program Files\Trend". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: Users can now uninstall the ServerProtect Management Console from affected computers. Issue 7: While ServerProtect is deploying a hotfix, the command line for the hotfix process starts with a double quote '"' but does not end with a corresponding double quote '"'. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: ServerProtect now ensures that the command line always ends with a double quote. Issue 8: Before scanning a compressed file, ServerProtect first determines whether the file can be scanned or not by checking if the content file size exceeds the maximum content file size configured by the user. There is no limitation to the value that users can set the maximum content file size to. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ServerProtect now limits the maximum content file size value to 2 GB only. Issue 9: When the ServerProtect Normal Server is installed in the same folder as the Control Manager Server and users uninstall the ServerProtect Normal Sever, the Control Manager binaries will also be removed. This causes the Control Manager Server to behave abnormally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The ServerProtect uninstallation program no longer removes the Control Manager binaries. Issue 10: The date information in the header of ServerProtect email notifications use GMT time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The date information in the ServerProtect email notification header now uses the computer's local time. Issue 11: A vulnerability in the "mrf.exe" module of the TMI service may allow an attacker to execute arbitrary codes on vulnerable installations of CMAgent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The vulnerability has been resolved. Issue 12: Control Manager receives incorrect ServerProtect pattern and engine deployment status information. This causes the Control Manager console to display the pattern and engine deployment status as "failed" even when the components were deployed successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: ServerProtect now sends the correct pattern and engine deployment status to Control Manager. This ensures that the correct component deployment status appear on the Control Manager console. The solution requires that users install a corresponding Control Manager hotfix first and is disabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To enable this solution: a. Install this patch (see "Installation) and the Control Manager 6.0 GM or Control Manager 5.5 Hotfix 1600 (tmcm_55_win_en_hfb1600.exe ). If a higher build has been released, you need to install the latest Control Manager patch. b. Open a registry editor on the Information Server. c. Create the following registry key and set its value to "1". Paths: - For 32-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - For 64-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\ SPNT Key: FixCommandStatus Type: DWORD Value: "1", enables the solution "0", disables the solution d. Restart the following services on the Information Server: - Trend Micro Management Infrastructure - Trend ServerProtect Agent Issue 13: The Management Console cannot display the exclusion list correctly when Trend Micro ScanMail(TM) (for Microsoft Exchange) is in the exclusion list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The Management Console can now display the exclusion list without issues. Issue 14: An online Normal Server installed on a Windows Storage Server 2008 operating system displays a red stop icon on the Management Console. This issue occurs when the TCP connection between the Management Console and Information Server is broken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This issue has been resolved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To enable the solution: a. Open a registry editor on the Information Server. b. Create the following registry key and set its value to "1". Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion Key: EnableReConIS Type: DWORD Value: "1", to enable the solution "0", to disable the solution Issue 15: After Control Manager updates the ServerProtect scan engine or pattern file, ServerProtect sends the wrong "last update" time entries for the scan engine or pattern file to Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: ServerProtect now sends the correct "last update" time entries to Control Manager after it updates the ServerProtect scan engine or pattern file. This ensures that Control Manager can display the correct engine and pattern "last update" time information. NOTE: The existing pattern and engine "last update time" information in Control Manager will be updated after the next successful engine or pattern file update. Issue 16: Control Manager shows "56" in the "Event Type" column of ad hoc queries when it receives a "spyware pattern out-of-date" event log from ServerProtect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This issue has been resolved but requires users to install Control Manager 5.5 Hotfix 1636 (tmcm_55_win_en_hfb1636.exe) to work. If a higher build has been released, you need to apply the latest Control Manager patch. Issue 17: The ServerProtect Management Console may display the version number of the Virus Scan Engine for the NetWare Server in the wrong format. This issue affects Virus Scan Engine 10 and higher versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: The ServerProtect Management Console now displays the version number of the Virus Scan Engine for NetWare Servers in the correct format. Issue 18: The quarantine folder exclusion settings do not apply to task scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: ServerProtect for Microsoft Windows now applies the quarantine folder exclusion settings to task scans. Issue 19: "SpntSvc.exe" encounters a handle leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: The handle leak issue has been resolved and "SpntSvc.exe" now runs without issues. Issue 20: Sometimes, ServerProtect event logs show the "Clean Success" action result but the corresponding email notifications report that the action result is "Clean Fail". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: The action results displayed in ServerProtect event logs and the corresponding email notifications are now consistent and correct. Issue 21: Control Manager receives incorrect ServerProtect hotfix deployment status information. This causes the Control Manager console to display the hotfix deployment status as "failed" even when the hotfix was deployed successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: ServerProtect can now send the correct hotfix deployment status to Control Manager. This ensures that the correct hotfix deployment status appear on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 21: To enable this solution: a. Apply this patch and any of the following Control Manager builds: - Hotfix 1600 (tmcm_55_win_jp_hfb1600.exe ) - the latest Control Manager patch, if a higher build has been released b. Open a registry editor on the Information Server. c. Create the following registry key and set its value to "1". Paths: For 32-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT For 64-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\SPNT Key: FixCommandStatus Type: DWORD Value: "1", to enable this solution "0", to disable the solution d. Restart the following services on the Information Server: - TMI - Trend ServerProtect Agent Issue 22: The management console displays a task's "Last Perform Time" information in UTC format instead of based on the local time. This occurs when the task runs immediately after the Management Console is opened. The issue can be resolved by reopening the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: A synchronizing mechanism has been added to ensure that the time zone information is properly initialized before allowing the system to use this information. Issue 23: When a new pattern version is available and the Normal Server attempts to update, an API issue that occurs under certain conditions can cause the update to fail and the corresponding ServerProtect event log to incorrectly state that there is no need to update the pattern. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: The API issue has been resolved to ensure that Normal Servers can successfully update the pattern file without issues and that the corresponding event log is generated with the correct information. Issue 24: When CMAgent is at debug level "2", some logs are added to the debug log each time the CMAgent sends a status log for a Normal Server to Control Manager. This can cause the size of the "Agent_SPNT.log" file to increase rapidly when a large number of Normal Servers are connected to the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: The level of these debug logs has been changed from "FATAL" to "INFO". Since only the fatal logs are recorded in the debug log when the debug level is set to "2", this can prevent the "Agent_SPNT.log" file from growing rapidly while the debug level is set to "2" and a large number of Normal Servers are connected to the Information Server. Issue 25: The "entitymain.exe" process stops unexpectedly when it receives a command that does not match its request. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: "entitymain.exe" can now handle incorrectly-formatted commands so it does not stop unexpectedly when it receives such commands. Issue 26: Sometimes, Control Manager cannot deploy engine files to two or more Normal Servers simultaneously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: Normal Servers can now successfully receive engine file deployment commands from Control Manager. Issue 27: Control Manager shows the wrong operating system name for Information Servers and Normal Servers that are deployed on the Windows Server 2012 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: Control Manager now shows the correct operating system name for each Information Server and Normal Server. Issue 28: Outbreak Prevention Services cannot be deployed from Control Manager to Normal Servers that have been deployed on the Windows Server 2008 or Windows Server 2012 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: The Outbreak Prevention Services can now be successfully deployed from Control Manager to Normal Servers that have been deployed on the Windows Server 2008 or Windows Server 2012 platform. Issue 29: The wrong platform information appears for Normal Servers and Information Servers running on the Windows Server 2012 R2 platform on both the Management Console and the Control Manager server console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: The correct platform information for Normal Servers and Information Servers now appear on the Management Console and Control Manager server console. Issue 30: The Control Manager server shows the incorrect product version number for the ServerProtect Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: The resource file of project "EarthAgent" has been changed with build project binaries that have the correct file version number. Issue 31: Under certain conditions, ServerProtect may stop unexpectedly while running a manual or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: ServerProtect no longer stops unexpectedly while running manual and scheduled scans. Issue 32: The "entitymain.exe" process stops unexpectedly while attempting to access an invalid handle. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: "entitymain.exe" no longer attempts to access invalid handles. Issue 33: Sometimes, users cannot remotely install ServerProtect for Microsoft Windows and Novell NetWare because the remote installation tasks attempts to start ServerProtect on the remote machine before the VSAPI engine on the machine can successfully load the VSAPI pattern. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: Users can now configure the amount of time the remote installation task should wait for the target machine to receive the VSAPI pattern successfully before it attempts to start ServerProtect on the remote machine. Users should configure this value depending on their current network conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 33: To configure the timeout value: a. Open a registry editor on the source Normal Server. b. Add the following registry key and set its value to the preferred timeout value in seconds depending on the current network conditions. This key supports values between 10 and 120 seconds. Path: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: RemoteInstallWaitSeconds Type: DWORD Value: preferred timeout value between 10 and 120 seconds Issue 34: Control Manager sometimes shows a message stating that it failed to deploy pattern or engine files to the ServerProtect Normal Server, even though the Normal Server updated the pattern or engine files successfully. If the Control Manager Agent for ServerProtect does not receive the deploy result in one minute, it sends an update failed result to Control Manager without checking the actual update result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: Users can now configure the timeout value of the CMAgent for ServerProtect. Users should configure this value depending on their current network conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 34: To configure the timeout value: a. Open a registry editor on Information Server. b. Add the following registry key and set its value to the preferred time-out value in seconds depending on current network conditions. This key supports values between 60 and 600 seconds. Path: - 32-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - 64-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\SPNT Key: SocketTimeoutSeconds Type: DWORD Value: Preferred timeout value is between 60 and 600 seconds 9. Files Included in this Release ====================================================================== Filename Build No. ------------------------------------------------------------------- Management Console Admin.exe 5.80.0.1510 Adm_enu.dll 5.80.0.1510 AgentClient.dll 5.80.0.1510 spuninst.exe 5.80.0.1510 Spuninstrc.dll 5.80.0.1510 ADM_ENU.chm n/a Control Manager Agent libEN_Product.dll 5.80.0.1510 Uninst.dll 5.80.0.1510 Entitymain.exe 2.50.0.1411 EN_Utility.dll 2.50.0.1411 LibEN_Conf.dll 2.50.0.1411 LibEN_Logger.dll 2.50.0.1411 libEN_SendLog.dll 2.50.0.1411 data1.cab n/a data1.hdr n/a setup.ilg n/a setup.inx n/a MCP_CMAgent.exe 12.0.0.58849 MigrationToolEn.exe 12.0.0.58849 cgiCmdNotify.exe 5.0.0.2270 En_BlobConvertUtility.dll 5.0.0.2270 En_I18N.dll 5.0.0.2270 En_Utility.dll 5.0.0.2270 libapr-1.dll 1.1.1.0 libcurl.dll 7.43.0.0 libeay32.dll 1.0.2.10 ssleay32.dll 1.0.2.10 SSO_PKIHelper.dll 5.0.0.2270 TrendAprWrapperDll.dll 5.0.0.2270 zlib.dll 1.2.3.0 CMAgent.exe 5.80.0.1510 ProductLibrary.dll 5.80.0.1510 Information Server DeployTool.exe 5.80.0.1510 Earthagent.exe 5.80.0.1510 StRpcCln.dll 5.80.0.1510 Spuninst.exe 5.80.0.1510 Spuninstrc.dll 5.80.0.1510 AgentClient.dll 5.80.0.1510 TmNotify.dll 5.80.0.1510 EventMsg2.dll 5.80.0.1510 CheckEVC.dll 5.80.0.1510 RemoteInstall.exe 5.80.0.1510 StCommon.dll 5.80.0.1510 StUpdate.exe 5.80.0.1510 Notification.dll 5.80.0.1510 GetRemoteVer.dll 5.80.0.1510 msvcr71.dll 7.10.3052.4 ADM_ENU.chm n/a BIFSender.exe 5.80.0.1510 libcurl.dll 7.17.1.0 libeay32.dll 1.0.0.1 ssleay32.dll 1.0.0.1 zlib.dll 1.2.2.0 32-bit Normal Server AgentClient.dll 5.80.0.1510 AgRpcCln.dll 5.80.0.1510 CheckEVC.dll 5.80.0.1510 DCE.dll 5.80.0.1510 eng50.dll 5.80.0.1510 EventMsg2.dll 5.80.0.1510 GetRemoteVer.dll 5.80.0.1510 LogDb.dll 5.80.0.1510 LogDBTool.dll 5.80.0.1510 LogMaster.dll 5.80.0.1510 LogViewer.exe 5.80.0.1510 Notification.dll 5.80.0.1510 Quarantine.exe 5.80.0.1510 SpntSvc.exe 5.80.0.1510 spuninst.exe 5.80.0.1510 Spuninstrc.dll 5.80.0.1510 StCommon.dll 5.80.0.1510 StRpcCln.dll 5.80.0.1510 StRpcSrv.dll 5.80.0.1510 StUpdate.exe 5.80.0.1510 TmNotify.dll 5.80.0.1510 TmOpp.dll 5.80.0.1510 64-bit Normal Server AgentClient.dll 5.80.0.1510 AgRpcCln.dll 5.80.0.1510 CheckEVC.dll 5.80.0.1510 DCE.dll 5.80.0.1510 eng50.dll 5.80.0.1510 EventMsg2.dll 5.80.0.1510 GetRemoteVer.dll 5.80.0.1510 LogDb.dll 5.80.0.1510 LogDBTool.dll 5.80.0.1510 LogMaster.dll 5.80.0.1510 LogViewer.exe 5.80.0.1510 Notification.dll 5.80.0.1510 Quarantine.exe 5.80.0.1510 SpntSvc.exe 5.80.0.1510 spuninst.exe 5.80.0.1510 Spuninstrc.dll 5.80.0.1510 StCommon.dll 5.80.0.1510 StRpcCln.dll 5.80.0.1510 StRpcSrv.dll 5.80.0.1510 StUpdate.exe 5.80.0.1510 StUpadte_32.exe 5.80.0.1510 TmNotify.dll 5.80.0.1510 TmOpp.dll 5.80.0.1510 TrendMicro Infrastructure libMRF_AP.dll 1.12.0.1156 libMRF_CM.dll 1.12.0.1156 libMRF_Common.dll 1.12.0.1156 libMRF_DM.dll 1.12.0.1156 libMRF_Entity.dll 1.12.0.1156 libTMI_DataMarshal.dll 1.12.0.1156 mrf.exe 1.12.0.1156 MRF_CM.dll 1.12.0.1156 NetWare Normal Server lprotect.nlm 5.80.0.1510 Patch files Tmpatch.exe 2.2.0.1046 readme.txt n/a hotfix.ini n/a license.txt n/a 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Control Manager, ScanMail, ServerProtect, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide