<> Trend Micro Incorporated March 04, 2025 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) PortalProtect(TM) for Microsoft(TM) SharePoint(TM) 2.6 Patch 1 - Build 1061 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ===================================================================== 1. About PortalProtect for Microsoft SharePoint 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Resolved Issues in 2.6 Patch 1 Repack 1 2.2 Enhancements 2.3 Resolved Known Issues in 2.6 Patch 1 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ===================================================================== 1. About PortalProtect for Microsoft SharePoint ======================================================================== Trend Micro PortalProtect for Microsoft SharePoint represents a significant advancement in antivirus protection and web content security for SharePoint environments. PortalProtect protects your SharePoint Servers from undesirable content like: virus-infected files, offensive web content, and malicious URLs. PortalProtect is designed to provide real-time protection by scanning both web content and files. PortalProtect incorporates antivirus scanning, file blocking, content filtering, data loss prevention, and Web Reputation services to filter into one cohesive solution. 1.1 Overview of this Release ===================================================================== PortalProtect 2.6 Patch 1 enables users to configure the Security Scan filter to scan large files up to 2047 MB. This patch supports Microsoft Edge browser and Google Chrome browser. 1.2 Who Should Install this Release ===================================================================== Administrators currently running PortalProtect 2.6 can install this release. 2. What's New ======================================================================== NOTE: Please install this Patch before completing any procedures in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancement: 2.1 Resolved Issues in 2.6 Patch 1 Repack 1 ===================================================================== This release resolves the following issues: Issue 1: The patch could not be installed on Windows Server Core. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This repacked patch resolves this issue and can now be successfully installed on Windows Server Core. 2.2 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [Hotfix: 1039-2.6 EN][SEG-59308] Security Scan Filter - This Patch allows users to configure the Security Scan filter in PortalProtect to scan large files up to 2047 MB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To enable the Security Scan filter to scan files larger than 100MB: 1. Install this Patch (see "Installation"). 2. Open the Registry Editor. 3. Locate the following key and set the value to the preferred maximum file size in bytes: * Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PortalProtect\CurrentVersion * Key: MaxAllowedFileSize * Value: maximum file size in bytes, the maximum supported size is 7ff00000 (Hex) 4. Clear the browser cache and login to the PortalProtect web console. 5. Navigate to the "Security Risk Scan" filter and set the same value for the "File size exceeds:" setting. The maximum size is 2047 MB. NOTE: On the SharePoint 2019 console, Microsoft has set the maximum file size to 25 MB by default. To configure this setting, run the following commands on the SharePoint Management Shell: $cs=[Microsoft.SharePoint.Administration.SPWebService] ::ContentService $cs.AntivirusSettings.MaxScanFileSize = (maximum file size for scanning in bytes, the maximum size is Int64.MaxSize) $cs.Update() Enhancement 2: [Hotfix: NA] Browser Support - This Patch enables PortalProtect to support the Microsoft Edge(TM) and Google(TM) Chrome(TM) web browsers. 2.3 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [Hotfix: 1039-2.6 EN][SEG-57653] PortalProtect 2.6 sends the wrong product version to Trend Micro Control Manager(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch ensures that PortalProtect 2.6 sends the correct product version to Control Manager. Issue 2: [Hotfix: 1039-2.6 EN][SEG-57824] PortalProtect 2.6 does not scan files when the file size is "0" in Microsoft SharePoint 2019. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch ensures that PortalProtect scans these files normally. Issue 3: [Hotfix: 1041-2.6 EN][VRTS-3869] The OpenSSL and libcurl modules in PortalProtect are affected by a Code Injection vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch updates the following related common modules to resolve the vulnerability. * PR * CMAgent * iCRC Issue 4: [Hotfix: 1042-2.6 EN][SEG-74066] PortalProtect cannot register to Trend Micro Apex Central(TM) through port 443 if the Control Manager server supports TLS 1.2 only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch resolves the issue so PortalProtect can register to Apex Central normally. Issue 5: [Critical Patch: 1043-2.6 EN][VRTS-4871] A directory traversal vulnerability occurs when PortalProtect downloads engine files or pattern files from the local ActiveUpdate (AU) server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch updates the Trend Micro ActiveUpdate modules to resolve this issue. Issue 6: [Hotfix: 1044-2.6 EN][SEG-85249] The terms "white list" and "black list" appear in some PortalProtect HTML pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch removes both keywords from the affected HTML pages. Issue 7: [Hotfix: 1046-2.6 EN][SEG-101827] When the system locale is set to "French (France)", the date format switches to "dd/mm/yyyy" which prevents PortalProtect from searching for and retrieving the correct logs for log queries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Patch resolves the issue to ensure that log queries return the correct logs under the scenario described above. Issue 8: [Hotfix: 1047-2.6 EN][SEG-127125] When only IPV6 is enabled, Portal Protect will be able to register to Apex Central but users will not be able to Single Sign-on (SSO) from Apex Central to PortalProtect through IPv6. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Patch enables users to SSO to Portal Protect from Apex Central. Issue 9: [Hotfix: NA][VRTS-6471/VRTS-6472] The ICRC module is currently using OpenSSL 1.0.2u and 1.1.1k which are affected by a vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch updates the ICRC module to resolve the vulnerability. Issue 10: [Hotfix: NA][SEG-129466] Some pages of the PortalProtect web console may not work normally after the "X-Content-Type-Options: nosniff" HTTP Response Header is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This Patch enables the PortalProtect web console to work well after the "X-Content-Type-Options: nosniff" HTTP Response Header is enabled. Issue 11: [Hotfix: NA][SEG-128965] User requests for a way to disable the "Autocomplete" feature for sensitive HTML form fields and the HTTP "OPTIONS" method. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This Patch enables users to disable the "Autocomplete" feature for sensitive HTML form fields and the HTTP "OPTIONS" method. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To disable the "Autocomplete" feature for sensitive HTML form fields: 1. Install this Patch (see "Installation"). 2. Open an Internet Explorer window. 3. Go to the "Internet Options > Content" tab and click "Settings" for AutoComplete. 4. De-select the "User Names and passwords on forms" option. Issue 12: [Hotfix: 1249-2.5 SP1 Patch1 EN][SEG-75199] An issue related to the release of locked variables causes a memory leak issue in "serMScan.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This Patch resolves the issue to prevent the memory leak. 3. Documentation Set ======================================================================== In addition to this readme file, the documentation set for this product includes the following: - Administrator's Guide -- A PDF document that contains a product overview, configuration instructions, and detailed information for managing the product. - Installation and Upgrade Guide -- A PDF document that discusses requirements and procedures for installing and upgrading the product. - Online help -- Context-sensitive help screens that provide guidance for performing a task. Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download/ 4. System Requirements ======================================================================== There are no changes to system requirements. 5. Installation ======================================================================== This section explains key steps for installing and uninstalling this patch. 5.1 Installing ===================================================================== To install: 1. Log on using an account with local administrator and domain privileges. 2. Run "pp_26_win_en_patch1_b1061.exe" and select "Install". The framework automatically installs the patch to the appropriate directory, replaces the outdated files, and updates the database. The "Successfully completed" count increases upon the completion of the installation. 3. Clear the browser cache and re-launch the browser. 4. Refer to "Post-Installation Configuration". 5.2 Uninstalling ===================================================================== To roll back to the previous build: - Run "pp_26_win_en_patch1_b1061.exe" and select "uninstall"; or - Run "uninstall.bat" in the following patch folder: {PP_HOME}\Patch\Patch1 for PortalProtect 2.6\uninstall The framework automatically rolls back to the previous build and a confirmation message indicating a successful uninstallation is displayed on the setup screen. 6. Post-Installation Configuration ======================================================================== NOTE: Trend Micro recommends that updating all components immediately after installing the product. 6.1 If your PortalProtect server has an antivirus product installed, configure it so that it does not scan the following folders under the installation folder, for example, "C:\Program Files\Trend Micro\ PortalProtect", by adding the folders to the approved list. - Temp folder: C:\Program Files\Trend Micro\PortalProtect\temp - Backup folder, whose default location is: C:\Program Files\Trend Micro\PortalProtect\storage\Backup - Shared Resource Pool folder, whose default location is: C:\Program Files\Trend Micro\PortalProtect\SharedResPool 7. Known Issues ======================================================================== There are no known issues in this release. 8. Release History ======================================================================== Previous releases include the following: PortalProtect 2.5 Service Pack 1 Patch 1, December 2019 PortalProtect 2.6, August 2019 PortalProtect 2.5 Service Pack 1, June 2018 PortalProtect 2.5, March 2017 PortalProtect 2.1 R2, June 2013 PortalProtect 2.1, July 2011 PortalProtect 2.0, June 2010 PortalProtect 1.8, July 2009 PortalProtect 1.7, May 2007 PortalProtect 1.6, April 2005 PortalProtect 1.5, September 2004 PortalProtect 1.0, February 2002 9. Files Included in This Release ======================================================================== This is a full package release. For a detailed list of files, refer to the PortalProtect 2.6 installation package. 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2025, Trend Micro Incorporated. All rights reserved. Trend Micro, PortalProtect, Control Manager, Apex Central, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide