Readme Last Update: November 10th, 2020
Trend Micro OfficeScan XG Service Pack 1
English - Windows - 32-bit / 64-bit
Critical Patch - Server Build 5702(next) and Agent Build 5671
1. Critical Patch Release Information
Resolved Known Issues
This Critical Patch resolves the following issue(s):
Issue 1
(SEG-89098)
OfficeScan XG Service Pack 1 servers and agents may stop unexpectedly while handling HTTP requests.
Solution
This Critical Patch updates the OfficeScan program to prevent the issue.
Issue 2
(SEG-89363)
OfficeScan agent manual updates cannot bypass the proxy server even when the bypass setting has been added in the Microsoft™ Windows™ proxy settings.
Solution
This Critical Patch updates the OfficeScan program to prevent the issue.
Issue 3
(SEG-91539)
An issue related to the OfficeScan Data Protection Service can disable the Wireless NIC interface unexpectedly while opening the Mozilla(R) Firefox(R) web browser.
Solution
This Critical Patch updates the Data Protection module to resolve this issue.
Issue 4
(SEG-87120)
An issue related to OfficeScan Data Loss Prevention™ (DLP) service may trigger false positive detections when users drag a file into a web browser window and the action is not "upload".
Solution
This Critical Patch updates the OfficeScan DLP service to prevent the issue.
Issue 5
(SEG-87166)
When the Generic Stream Scan (GSS) firewall feature is disabled on an agent computer, the version of the Common Firewall Pattern appears as "0" on the "Component Versions" page of the agent console and "N/A" on the agent tree on the server console.
Solution
This Critical Patch updates the firewall module to resolve this issue.
Enhancements
The following enhancements are included in this Critical Patch:
Enhancement 1
(SEG-91150)
This Critical Patch updates the DLP service to improve its stability on computers running Windows 7.
Enhancement 2
(SEG-89465)
This Critical Patch provides a registry configuration for OfficeScan agents to work around interoperability or false alarm issues when the Anti-exploit Protection feature is enabled under the OfficeScan User-Mode Hooking settings.
Procedure
To enable users to specify the registry configuration for OfficeScan agents:
- Install this Critical Patch (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value
- [Global Setting]
- SysUmExploitDefault=(hexadecimal value)
- NOTE: This key supports any hexadecimal value between 00000000 and FFFFFFFF. To disable all the features, set "SysUmExploitDefault=00000000". To enable all the features, set "SysUmExploitDefault=FFFFFFFF".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path:
- For x64 platforms:
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\AEGIS\
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
- For x86 platforms:
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
- Key: SysUmExploitDefault
- Type: DWORD
- Value: 0x00000000 ~ 0xFFFFFFFF
Files Included in This Release
A. Files for Current Issue(s) ------------------------------------------------------------------- Filename Build Number ------------------------------ ------------ OfficeScan\PCCSRV\Admin\Utility\EdgeServer\*.* OfficeScan\PCCSRV\Admin\Utility\SQL\*.* OfficeScan\PCCSRV\Pccnt\Disk1\*.* OfficeScan\PCCSRV\ ------------------------------------------------------------------- AutoPcc.exe 12.0.0.5702 AutoPccP.exe 12.0.0.5702 CGIResUTF8.dll 12.0.0.5702 CGIShare.dll 12.0.0.5702 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 libNetCtrl.dll 13.0.0.5671 loadhttp.dll 13.0.0.5671 ofc_loadhttp.dll 13.0.0.5671 OfcPfwCommon.dll 13.0.0.5671 OfcPIPC.dll 13.0.0.5671 ssleay32.dll 1.0.2.21 SvrSvcSetup.exe 12.0.0.5702 OfficeScan\PCCSRV\Admin\ ------------------------------------------------------------------- Build.exe 2.86.0.1113 Build64.exe 2.86.0.1113 cert5.db * ciussi32.dll 2.0.0.2074 ciussi64.dll 2.0.0.2074 InstNTRes.dll 12.0.0.5702 InstReg.exe 13.0.0.5671 loadhttp.dll 13.0.0.5671 ofc_loadhttp.dll 13.0.0.5671 OSCETSCLog.dll 13.0.0.5671 patch.exe 2.86.0.1113 patch64.exe 2.86.0.1113 patchbld.dll 12.21.0.0 PATCHW32.DLL 12.22.0.0 patchw64.dll 12.22.0.0 pbld64.dll 12.20.0.0 SetupMan.dll 12.0.0.5702 SetupUsr.dll 12.0.0.5702 TmUpdate.dll 2.86.0.1113 TmUpdate64.dll 2.86.0.1113 TSC.exe 7.5.0.1154 TSC64.exe 7.5.0.1154 Wizard.exe 13.0.0.5671 Wizard_64x.exe 13.0.0.5671 OfficeScan\PCCSRV\Admin\Utility\CertificateManager\ ------------------------------------------------------------------- CertificateManager.exe 12.0.0.5702 OfficeScan\PCCSRV\Admin\Utility\ClientPackager\ ------------------------------------------------------------------- CLIENTMSISETUP_MSI * ClnPack.ini * OfcPfwCommon.dll 13.0.0.5671 OfficeScan\PCCSRV\Admin\Utility\IpXfer\ ------------------------------------------------------------------- IpXfer.exe 13.0.0.5671 IpXfer_x64.exe 13.0.0.5671 OfficeScan\PCCSRV\Admin\Utility\ListDeviceInfo\ ------------------------------------------------------------------- listDeviceInfo.conf.ini * listDeviceInfo.exe 6.2.0.1341 OfficeScan\PCCSRV\Admin\Utility\OSCEResetPW\ ------------------------------------------------------------------- OSCEResetPW.exe 12.0.0.5702 OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.5702 OfficeScanSettingsExportTool.exe 12.0.0.5702 ServerMigrationTool.ex_ 12.0.0.5702 OfficeScan\PCCSRV\Admin\Utility\SaasStorageMgr\ ------------------------------------------------------------------- ofcASMgr.exe 12.0.0.5702 OfficeScan\PCCSRV\Admin\Utility\ServerMigrationTool\ ------------------------------------------------------------------- CGIOCommon.dll 12.0.0.5702 CGIResUTF8.dll 12.0.0.5702 OfcPfwCommon.dll 13.0.0.5671 ServerMigrationTool.exe 12.0.0.5702 OfficeScan\PCCSRV\Admin\Utility\SQL\ ------------------------------------------------------------------- libSQLDatabaseUpgrade.dll 12.0.0.5702 oscedbt.exe 12.0.0.5702 TmNotify.dll 1.5.0.1056 OfficeScan\PCCSRV\Admin\Utility\TCacheGen\ ------------------------------------------------------------------- TCacheGen.exe 12.0.0.5702 TCacheGen_x64.exe 12.0.0.5702 TCacheGenCli.exe * TCacheGenCli_x64.exe * OfficeScan\PCCSRV\Admin\Utility\TMVS\ ------------------------------------------------------------------- DatFHS.dll 13.0.0.5671 libeay32.dll 1.0.2.21 loadhttp.dll 13.0.0.5671 msvcr71.dll 7.10.3052.4 ssleay32.dll 1.0.2.21 TmNotify.dll 1.5.0.1056 TMVS.exe 12.0.0.5702 OfficeScan\PCCSRV\Admin\Utility\VSEncrypt\ ------------------------------------------------------------------- VSEncode.exe 12.0.0.5702 OfficeScan\PCCSRV\CmAgent\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.5702 En_BlobConvertUtility.dll 5.0.0.2373 En_I18N.dll 5.0.0.2373 En_Utility.dll 5.0.0.2373 libapr-1.dll 1.1.1.0 libcrypto-1_1.dll 1.1.1.7 libcurl.dll 7.70.0.0 libssl-1_1.dll 1.1.1.7 msvcr71.dll 7.10.3052.4 ProductLibrary.dll 12.0.0.5702 ProductUI.zip * TrendAprWrapperDll.dll 5.0.0.2373 zlib.dll 1.2.3.0 zlibwapi.dll 1.2.3.0 OfficeScan\PCCSRV\Download\ ------------------------------------------------------------------- ClnPack_files.xml * OfficeScan\PCCSRV\Download\Engine\ ------------------------------------------------------------------- ATSE32.sig * atse32.zip * ATSE64.sig * atse64.zip * falcon32.sig * falcon32.zip * falcon64.sig * falcon64.zip * TMEBC32.sig * TMEBC32.zip * TMEBC64.sig * TMEBC64.zip * TSC.sig * TSC.zip * TSC64.sig * TSC64.zip * OfficeScan\PCCSRV\Download\Product\ ------------------------------------------------------------------- DlpLite.sig * DlpLite.zip * DlpLite_3rdParty.zip * DlpLite_3rdParty_x64.zip * DlpLite_Common.sig * DlpLite_Common.zip * DlpLite_Common_x64.sig * DlpLite_Common_x64.zip * DlpLite_x64.sig * DlpLite_x64.zip * OfficeScan\PCCSRV\Engine\ ------------------------------------------------------------------- atse32.dll 12.0.0.1008 ssapi32.dll 6.2.1.4035 TmAegisSysEvt.dll 2.976.0.2267 TMBMCLI.dll 2.976.0.2267 TMBMSRV.exe 2.976.0.2267 tmCfwApi.dll 5.83.0.1070 tmcomeng.dll 2.976.0.2267 TmEngDrv.dll 2.976.0.2267 tmHash.dll 5.83.0.1070 TMPEM.dll 2.976.0.2267 TmPfw.exe 5.83.0.1070 TmPfwApi.dll 5.83.0.1070 TmPfwRul.dll 5.83.0.1070 TmSysEvt.dll 7.0.0.1181 tmtap.dll 6.0.0.1074 tmwlutil.dll 2.976.0.2267 tmxfalcon.dll 1.5.0.1018 OfficeScan\PCCSRV\Engine\CCSF\TrxHandler\ ------------------------------------------------------------------- curl-ca-bundle.crt * libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 ssleay32.dll 1.0.2.21 trxhandler.dll 1.100.0.1073 OfficeScan\PCCSRV\Engine\x64\ ------------------------------------------------------------------- atse64.dll 12.0.0.1008 ssapi64.dll 6.2.1.4035 TmAegisSysEvt.dll 2.976.0.2267 TMBMCLI.dll 2.976.0.2267 TMBMSRV.exe 2.976.0.2267 tmCfwApi.dll 5.83.0.1070 tmcomeng.dll 2.976.0.2267 TmEngDrv.dll 2.976.0.2267 tmHash.dll 5.83.0.1070 TMPEM.dll 2.976.0.2267 TmPfw.exe 5.83.0.1070 TmPfwApi.dll 5.83.0.1070 TmPfwRul.dll 5.83.0.1070 TmSysEvt.dll 7.0.0.1181 tmtap.dll 6.0.0.1074 tmwlutil.dll 2.976.0.2267 tmxfalcon.dll 1.5.0.1018 TSC64.exe 7.5.0.1154 OfficeScan\PCCSRV\Engine\x64\CCSF\TrxHandler\ ------------------------------------------------------------------- curl-ca-bundle.crt * libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 ssleay32.dll 1.0.2.21 trxhandler.dll 1.100.0.1073 OfficeScan\PCCSRV\LWCS\ ------------------------------------------------------------------- AU_WRS.exe 3.1.0.1081 aucfg.ini * Build.exe 2.86.0.1023 BWListMgmt.exe 3.1.0.1081 BWListSearch.exe 3.1.0.1081 CCCAUpdate.exe 3.1.0.1081 cert5.db * ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 icrcauapi.dll 2.5.0.1115 libBWListFilter.dll 3.1.0.1081 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 liblwtpciu32.dll 1.0.0.1005 lwcs_msg.ini * lwcsctrl.exe 3.1.0.1081 LWCSService.exe 3.1.0.1081 MigrateBWList.exe 3.1.0.1081 patch.exe 2.86.0.1023 patchbld.dll 12.21.0.0 PATCHW32.DLL 12.21.0.0 pcre.dll * perfLWCSPerfMonMgr.dll 3.1.0.1081 perfLWCSPerfMonMgr.ini * placeholder.txt * ssleay32.dll 1.0.2.21 sym_perfLWCSPerfMonMgr.h * tmufeng.dll 3.9.0.1004 TmUpdate.dll 2.86.0.1023 x500.db * zlib1.dll 1.2.4.0 OfficeScan\PCCSRV\Pccnt\ ------------------------------------------------------------------- aoshtml.zip * aoshtml.zip.cat * ClientConsole.zip * ClientConsole.zip.cat * clienthelp.zip * clienthelp.zip.cat * NTMonRes.dll 12.0.0.5702 NTRtScan.exe 13.0.0.5671 NTSvcRes.dll 12.0.0.5702 TmNotify.dll 1.5.0.1056 OfficeScan\PCCSRV\Pccnt\Common\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 7z.exe 18.5.0.0 ApricotCBRuleHandler.dll 2.0.0.1049 ApricotManagerModule.dll 2.0.0.1049 ccsf_ptn.zip * ccsf_ptn.zip.cat * CCSF_WIN32.zip * CCSF_WIN32.zip.cat * CNTAoSMgr.exe 2.3.0.5130 CompRmv.exe 13.0.0.5671 crc0filter.dll 2.82.0.1117 DatFHS.dll 13.0.0.5671 fcWofieUI.dll 13.0.0.5671 FileBrowsingRuleHandler.dll 2.0.0.1049 ICRCHdler.dll 2.82.0.1117 lib7zWrapper.dll * libApricotLog.dll 2.0.0.1049 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 libNetCtrl.dll 13.0.0.5671 libprotobuf.dat * libprotobuf.dll * loadhttp.dll 13.0.0.5671 msvcm80.dll 8.0.50727.762 msvcp80.dll 8.0.50727.762 msvcr80.dll 8.0.50727.762 NTRmv.exe 13.0.0.5671 ofc_loadhttp.dll 13.0.0.5671 OfcCCCAUpdate.exe 13.0.0.5671 OfcPfwCommon.dll 13.0.0.5671 OfcPfwSvc.dll 13.0.0.5671 OfcPIPC.dll 13.0.0.5671 PccNT.exe 13.0.0.5671 PccNTMon.exe 13.0.0.5671 PccNTUpd.exe 13.0.0.5671 ssleay32.dll 1.0.2.21 SurrogateTmListen.exe 13.0.0.5671 tmCfwApi.dll 5.83.0.1070 tmeectv.dll 3.0.0.1015 tmeesent.dll 3.0.0.1015 TmFpHcEx.exe 5.83.0.1070 tmHash.dll 5.83.0.1070 TmListen.dll 13.0.0.5671 TmListen.exe 13.0.0.5671 TmListenShare.dll 13.0.0.5671 TmopCfg.dll 3.0.0.1058 Tmopcfscan.dll 3.0.0.1058 TmopCtl.dll 3.0.0.1058 TmopDbg.dll 3.0.0.1058 TmOPP.dll 13.0.0.5671 TmoppeEvts.dll 3.0.0.1058 TmoppeHosF.dll 3.0.0.1058 TmoppePDP.dll 3.0.0.1058 TmoppeSAL.dll 3.0.0.1058 TmoppeSsF.dll 3.0.0.1058 TmoppeUrlF.dll 3.0.0.1058 TmoppeVS.dll 3.0.0.1058 TmopphHttp.dll 3.0.0.1058 TmopphMsn.dll 3.0.0.1058 TmopphPop3.dll 3.0.0.1058 TmopphSmtp.dll 3.0.0.1058 TmopphYmsg.dll 3.0.0.1058 TmopPlgAdp.dll 3.0.0.1058 Tmopsent.dll 3.0.0.1058 TmopsmHttp.dll 3.0.0.1058 TmopsmIm.dll 3.0.0.1058 TmopsmMail.dll 3.0.0.1058 TmPac.dll 13.0.0.5671 TmPfw.exe 5.83.0.1070 TmPfwApi.dll 5.83.0.1070 TmPfwCtl.dll 5.83.0.1070 TmPfwCtl_xp.dll 5.83.0.1070 TmPfwRul.dll 5.83.0.1070 TmSock.dll 13.0.0.5671 TmSSClient.exe 13.0.0.5671 tmwfpapi.dll 5.83.0.1070 UpdGuide.exe 13.0.0.5671 Upgrade.exe 13.0.0.5671 utilPfwInstCondChecker.exe 13.0.0.5671 WofieLauncher.exe 13.0.0.5671 XPUpg.exe 13.0.0.5671 OfficeScan\PCCSRV\Pccnt\Drv\ ------------------------------------------------------------------- tmactmon.cat * tmactmon.inf * tmactmon.sys 2.976.0.2267 tmcomm.cat * tmcomm.inf * tmcomm.sys 7.0.0.1181 tmebc.cat * TMEBC.inf * TMEBC32.sys 1.5.0.1045 tmeevw.cat * tmeevw.inf * tmeevw.sys 3.0.0.1015 tmevtmgr.cat * tmevtmgr.inf * tmevtmgr.sys 2.976.0.2267 tmlwf.cat * tmlwf.inf * TMLWF.sys 5.83.0.1066 tmlwfins.exe 5.83.0.1066 tmncieco.dll 3.0.0.1069 tmnciesc.cat * tmnciesc.inf * tmnciesc.sys 3.0.0.1071 tmusa.cat * tmusa.inf * tmusa.sys 3.0.0.1047 tmwfp.cat * tmwfp.inf * TMWFP.sys 5.83.0.1066 tmwfpins.exe 5.83.0.1066 OfficeScan\PCCSRV\Pccnt\Drv\X64\ ------------------------------------------------------------------- tmactmon.cat * tmactmon.inf * tmactmon.sys 2.976.0.2267 tmcomm.cat * tmcomm.inf * tmcomm.sys 7.0.0.1181 tmebc.cat * TMEBC.inf * TMEBC64.sys 1.5.0.1045 tmeevw.cat * tmeevw.inf * tmeevw.sys 3.0.0.1015 tmevtmgr.cat * tmevtmgr.inf * tmevtmgr.sys 2.976.0.2267 tmlwf.cat * tmlwf.inf * TMLWF.sys 5.83.0.1066 tmlwfins.exe 5.83.0.1066 tmncieco.dll 3.0.0.1069 tmnciesc.cat * tmnciesc.inf * tmnciesc.sys 3.0.0.1071 tmusa.cat * tmusa.inf * tmusa.sys 3.0.0.1047 tmwfp.cat * tmwfp.inf * TMWFP.sys 5.83.0.1066 tmwfpins.exe 5.83.0.1066 OfficeScan\PCCSRV\Pccnt\Win64\X64\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 7z.exe 18.5.0.0 ApricotCBRuleHandler.dll 2.0.0.1049 ApricotManagerModule.dll 2.0.0.1049 CCSF_X64.zip * CCSF_X64.zip.cat * CompRmv.exe 13.0.0.5671 crc0filter.dll 2.82.0.1117 DatFHS.dll 13.0.0.5671 fcWofieUI.dll 13.0.0.5671 FileBrowsingRuleHandler.dll 2.0.0.1049 ICRCHdler.dll 2.82.0.1117 lib7zWrapper_64x.dll * libApricotLog.dll 2.0.0.1049 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 libNetCtrl_64x.dll 13.0.0.5671 libprotobuf.dat * libprotobuf.dll * loadhttp_64x.dll 13.0.0.5671 msvcm80.dll 8.0.50727.762 msvcp80.dll 8.0.50727.762 msvcr80.dll 8.0.50727.762 NTRmv.exe 13.0.0.5671 Ntrtscan.exe 13.0.0.5671 ofc_loadhttp_64x.dll 13.0.0.5671 OfcCCCAUpdate.exe 13.0.0.5671 OfcPfwCommon_64x.dll 13.0.0.5671 OfcPfwSvc_64x.dll 13.0.0.5671 OfcPIPC_64x.dll 13.0.0.5671 OSCETSCLog_64x.dll 13.0.0.5671 PccNT.exe 13.0.0.5671 PccNTMon.exe 13.0.0.5671 PccNTUpd.exe 13.0.0.5671 ssleay32.dll 1.0.2.21 SurrogateTmListen.exe 13.0.0.5671 tmCfwApi.dll 5.83.0.1070 tmeectv.dll 3.0.0.1015 tmeesent.dll 3.0.0.1015 TmFpHcEx.exe 5.83.0.1070 tmHash.dll 5.83.0.1070 TmListen.exe 13.0.0.5671 TmListen_64x.dll 13.0.0.5671 TmListenShare_64x.dll 13.0.0.5671 TmNotify.dll 1.5.0.1056 TmopCfg.dll 3.0.0.1058 Tmopcfscan.dll 3.0.0.1058 TmopCtl.dll 3.0.0.1058 TmopDbg.dll 3.0.0.1058 TmOPP_64x.dll 13.0.0.5671 TmoppeEvts.dll 3.0.0.1058 TmoppeHosF.dll 3.0.0.1058 TmoppePDP.dll 3.0.0.1058 TmoppeSAL.dll 3.0.0.1058 TmoppeSsF.dll 3.0.0.1058 TmoppeUrlF.dll 3.0.0.1058 TmoppeVS.dll 3.0.0.1058 TmopphHttp.dll 3.0.0.1058 TmopphMsn.dll 3.0.0.1058 TmopphPop3.dll 3.0.0.1058 TmopphSmtp.dll 3.0.0.1058 TmopphYmsg.dll 3.0.0.1058 TmopPlgAdp.dll 3.0.0.1058 Tmopsent.dll 3.0.0.1058 TmopsmHttp.dll 3.0.0.1058 TmopsmIm.dll 3.0.0.1058 TmopsmMail.dll 3.0.0.1058 TmPac_64x.dll 13.0.0.5671 TmPfw.exe 5.83.0.1070 TmPfwApi.dll 5.83.0.1070 TmPfwCtl.dll 5.83.0.1070 TmPfwCtl_xp.dll 5.83.0.1070 TmPfwRul.dll 5.83.0.1070 TmSock_64x.dll 13.0.0.5671 TmSSClient.exe 13.0.0.5671 tmwfpapi.dll 5.83.0.1070 UpdGuide.exe 13.0.0.5671 Upgrade.exe 13.0.0.5671 utilPfwInstCondChecker.exe 13.0.0.5671 WofieLauncher.exe 13.0.0.5671 xpupg.exe 13.0.0.5671 OfficeScan\PCCSRV\Private\ ------------------------------------------------------------------- DlpClc.xml * OfficeScan\PCCSRV\Private\certificate\ ------------------------------------------------------------------- libeay32.dll 1.0.2.21 openssl.exe * ssleay32.dll 1.0.2.21 OfficeScan\PCCSRV\Private\LogServer\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 7z.exe 18.5.0.0 OfcPIPC.dll 13.0.0.5671 OfficeScan\PCCSRV\SRS\ ------------------------------------------------------------------- libApricotLog.dll 3.1.0.1081 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 makecert.exe 5.131.3617.0 RelayRuleHandler.dll 3.1.0.1081 RelayRulePerfCounter.dll 3.1.0.1081 RelayServicePerfCounter.dll 3.1.0.1081 SRSCli.exe 3.1.0.1081 SRService.exe 3.1.0.1081 ssleay32.dll 1.0.2.21 zlib1.dll 1.2.4.0 OfficeScan\PCCSRV\Web\Service\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 AosProxy.exe 12.0.0.5702 AosShare.dll 2.3.0.5130 Build.exe 2.86.0.1113 cert5.db * CGIOCommon.dll 12.0.0.5702 CGIResUTF8.dll 12.0.0.5702 CGIShare.dll 12.0.0.5702 ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 CmdHAoSMgr.dll 2.3.0.5130 CmdHLClient.dll 12.0.0.5702 CmdHOConsole.dll 12.0.0.5702 cme_dll.dll 6.2.0.1426 cme_vxe_dll_static.dll 6.2.0.1426 DatFHS.dll 13.0.0.5671 DbServer.exe 12.0.0.5702 lib7zWrapper.dll * libCmdHndlrClientV2.dll 12.0.0.5702 libCmdHndlrConsoleV2.dll 12.0.0.5702 libCmdHndlrDda.dll 12.0.0.5702 libcurl.dll 7.66.0.0 libcurl_ofc.dll 7.66.0.0 libeay32.dll 1.0.2.21 libLogHandler.dll 12.0.0.5702 loadhttp.dll 13.0.0.5671 LogCache.dll 12.0.0.5702 msvcr71.dll 7.10.3052.4 NTSvcRes.dll 12.0.0.5702 ofc_loadhttp.dll 13.0.0.5671 OfcAosMgr.exe 2.3.0.5130 OfcCCCAUpdate.exe 13.0.0.5671 OfcDBBackup.exe 12.0.0.5702 OfcDownload.dll 12.0.0.5702 OfcEdgeAgent.exe 12.0.0.5702 OfcHotFix.exe 12.0.0.5702 OfcNotify.dll 12.0.0.5702 OfcNotifyQueue.dll 12.0.0.5702 OfcPfwCommon.dll 13.0.0.5671 OfcPurgeLog.dll 12.0.0.5702 OfcService.exe 12.0.0.5702 patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 PATCHW32.dll 12.22.0.0 ssleay32.dll 1.0.2.21 TmNotify.dll 1.5.0.1056 TmUpdate.dll 2.86.0.1113 VerConn.exe 12.0.0.5702 OfficeScan\PCCSRV\Web\Service\PLM\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 OfficeScan\PCCSRV\Web_OSCE\Web\CGI\ ------------------------------------------------------------------- cgiCheckIP.exe 12.0.0.5702 cgiExportInfo.exe 12.0.0.5702 cgiGetClient.exe 12.0.0.5702 cgiImportInfo.exe 12.0.0.5702 cgiLog.exe 12.0.0.5702 CGIOCommon.dll 12.0.0.5702 cgiOnMSCfg.exe 12.0.0.5702 cgiOnPSCfg.exe 12.0.0.5702 cgiOnQueryClientBindPort.exe 12.0.0.5702 cgiOnRTCfg.exe 12.0.0.5702 cgiOnSpecialLog.exe 12.0.0.5702 cgiOnStart.exe 12.0.0.5702 cgiOnUnst.exe 12.0.0.5702 cgiRecvFile.exe 12.0.0.5702 CGIResUTF8.dll 12.0.0.5702 cgiRqHotFix.exe 12.0.0.5702 CGIShare.dll 12.0.0.5702 fcgiOfcDDA.exe 12.0.0.5702 FlowControl_64x.dll 12.0.0.5702 isapiClient.dll 12.0.0.5702 isapiClientX64.dll 12.0.0.5702 isapiClientX86.dll 12.0.0.5702 jdkNotify.exe 12.0.0.5702 libcrypto-1_1.dll 1.1.1.7 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 libssl-1_1.dll 1.1.1.7 loadhttp.dll 13.0.0.5671 msvcr71.dll 7.10.3052.4 OfcPfwCommon.dll 13.0.0.5671 OfcPfwCommon_64x.dll 13.0.0.5671 ssleay32.dll 1.0.2.21 SSO_PKIHelper.dll 5.0.0.2373 zlibwapi.dll 1.2.3.0 OfficeScan\PCCSRV\Web_OSCE\Web_Console\CGI\ ------------------------------------------------------------------- cgiAuthManagement.exe 12.0.0.5702 cgiChkMasterPwd.exe 12.0.0.5702 cgiCmdNotify.exe 5.0.0.2373 CGIOCommon.dll 12.0.0.5702 CGIResUTF8.dll 12.0.0.5702 CGIShare.dll 12.0.0.5702 cgiShowActiveDirectory.exe 12.0.0.5702 cgiShowAoS.exe 2.3.0.5135 cgiShowCAV.exe 12.0.0.5702 cgiShowClientAdm.exe 12.0.0.5702 cgiShowComplianceReport.exe 12.0.0.5702 cgiShowLogs.exe 12.0.0.5702 cgiShowNotify.exe 12.0.0.5702 cgiShowOPP.exe 12.0.0.5702 cgiShowPFW.exe 12.0.0.5702 cgiShowServerAdm.exe 12.0.0.5702 cgiShowSummary.exe 12.0.0.5702 cgiShowUpdate.exe 12.0.0.5702 cgiShowWSSAdmin.exe 12.0.0.5702 cgiTurnLog.exe 12.0.0.5702 DdaIsapiFilter.dll 12.0.0.5702 DdaIsapiFilter64.dll 12.0.0.5702 fcgiOfcDDA.exe 12.0.0.5702 libapr-1.dll 1.1.1.0 libcrypto-1_1.dll 1.1.1.7 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 libssl-1_1.dll 1.1.1.7 loadhttp.dll 13.0.0.5671 msvcr71.dll 7.10.3052.4 OfcPfwCommon.dll 13.0.0.5671 ssleay32.dll 1.0.2.21 SSO_PKIHelper.dll 5.0.0.2373 TmNotify.dll 1.5.0.1056 TmUpdate.dll 2.86.0.1113 TrendAprWrapperDll.dll 5.0.0.2373 OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\ad_integration\ ------------------------------------------------------------------- ad_integration.htm * client_grouping.htm * edit_sorting_rules.htm * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\Addon\ ------------------------------------------------------------------- aos_service_management.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\ ------------------------------------------------------------------- data_protection.htm * device_control.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\ ------------------------------------------------------------------- admin_account_domain.htm * admin_account_info.htm * admin_account_menu.htm * Admin_Role_Add.htm * Admin_User_List.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\ ------------------------------------------------------------------- bm_settings.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ ------------------------------------------------------------------- client_cfg_manualscan.htm * client_cfg_privileage.htm * client_cfg_realtimelscan.htm * client_cfg_scannow.htm * client_cfg_schedulescan.htm * client_cfg_wtp.htm * client_globalsetting.htm * client_list_2.htm * client_ofsc_services.htm * client_searchwindow.htm * client_urlfiltering_profiles.htm * install_remote.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\cloud_service\ ------------------------------------------------------------------- import_bw_list.htm * scan_ip_range_edit.htm * scan_source.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\ ------------------------------------------------------------------- js-clientmag.js * ln_cloud.js * ln_common.js * page_init.js * trend-ui-opt_list.js * trend-ui.domaintree.js * x_localization.xml * x_view_status.xsl * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\css\ ------------------------------------------------------------------- index.css * l10n-style.css * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\ ------------------------------------------------------------------- l10n.aegis.js * l10n.behavior_monitoring.js * l10n.clientmag.js * l10n.dlp.js * l10n.global.js * l10n.logs.js * l10n.update.js * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\settings\ ------------------------------------------------------------------- setting.ad_integration.js * setting.addon.js * setting.aegis.js * setting.behavior_monitoring.js * setting.clientmag.js * setting.cloud_service.js * setting.compliance_report.js * setting.dlp.js * setting.logon.js * setting.logs.js * setting.menu.js * setting.notify.js * setting.outbreak.js * setting.pfw.js * setting.rba.js * setting.root.js * setting.serveradm.js * setting.update.js * setting.vdi.js * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\util\ ------------------------------------------------------------------- common.js * osce.menubar.js * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\ ------------------------------------------------------------------- compliance_report.htm * scheduled_compliance_report.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\dlp\ ------------------------------------------------------------------- dlp_compliance_tpl_addedit.htm * dlp_display_ac.htm * dlp_Entities_addedit.htm * dlp_FileAttr_addedit.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\help\webhelp\ ------------------------------------------------------------------- Using-Authentication.html * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\logs\ ------------------------------------------------------------------- log_maintenance.htm * logs_bm_view.htm * logs_dac_view.htm * logs_delete.htm * logs_network_malware_view.htm * logs_pfw.htm * logs_pfw_detail.htm * logs_pfw_view.htm * logs_spyware_view.htm * logs_suspicious_file_view.htm * logs_trendx_view.htm * logs_virus_view.htm * logs_WebSecurity_view.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\outbreak\ ------------------------------------------------------------------- opp_deny_write.htm * opp_mutex_block.htm * opp_port_blocking.htm * opp_port_blocking_add.htm * opp_port_blocking_edit.htm * opp_restore.htm * opp_settings.htm * opp_shared_folder.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\PFW\ ------------------------------------------------------------------- profile_edit.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\root\ ------------------------------------------------------------------- help_start.htm * logon.htm * menu.html * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\serveradm\ ------------------------------------------------------------------- edge_server.htm * server_cmagent_saas.htm * server_migration.htm * server_pr_detail.htm * server_pr_single_detail.htm * server_proxy.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\tools\ ------------------------------------------------------------------- tools_admin_clients.htm * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\update\ ------------------------------------------------------------------- update_rollback.htm * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\vdi\ ------------------------------------------------------------------- vdi_display_ac.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\widget\ ------------------------------------------------------------------- osce_proxy.php * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\repository\widgetPool\product\ ------------------------------------------------------------------- config.php * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\repository\widgetPool\wp%RETCODE%\widget\modOSCESecurityRiskDetection\ ------------------------------------------------------------------- module.js * OfficeScan\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\ ------------------------------------------------------------------- cgiGetNTClient.exe 12.0.0.5702 CGIOCommon.dll 12.0.0.5702 cgiRemoteInstall.exe 12.0.0.5702 CGIResUTF8.dll 12.0.0.5702 CGIShare.dll 12.0.0.5702 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.21 loadhttp.dll 13.0.0.5671 SetupMan.dll 12.0.0.5702 ssleay32.dll 1.0.2.21 Wizard.exe 13.0.0.5671 Wizard_64x.exe 13.0.0.5671 B. Network Traffic Required in Deployment ------------------------------------------------------------------- Estimated size (in terms of bandwidth) of deployed agent files in this critical patch. - 32-bit agent total = 105.1 MB - 64-bit agent total = 148.8 MB
2. Documentation Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
- Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
- To access the Support Portal, go to http://success.trendmicro.com
3. System Requirements
1. Trend Micro OfficeScan 12.0 XG - Service Pack 1 Build 4345 - English - Windows - x32-x64
4. Installation
Installing
To install:
- Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This Critical Patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.
Uninstalling
To manually roll back to the previous build:
- Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\Critical Patch_B5702" directory.
- Stop the OfficeScan Master Service.
- Stop the OfficeScan CMAgent Service.
- Copy the backup modules to the original folders.
- Start the OfficeScan CMAgent Service.
- Start the OfficeScan Master Service.
5. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
6. Known Issues
There are no known issues for this Critical Patch release.
7. Release History
Prior Hotfixes
Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release.
Issue
Critical Patch 4406
(SEG-17879)
After upgrading to OfficeScan XG Service Pack 1, the OfficeScan agent program and some other applications (for example, Print spooler) may encounter an HTTP service issue.
Solution
This critical patch ensures that OfficeScan agents do not stop the HTTP service allowing other applications to function normally after upgrading to OfficeScan XG Service Pack 1.
Issue
Critical Patch 4406
(SEG-18068)
The Trend Micro Control Manager™ server SQL database grows rapidly because the OfficeScan server sends a large number of plug-in service (PLS) status logs to the Control Manager server.
Solution
This critical patch resolves the issue by ensuring that the OfficeScan server does not send old PLS status logs repeatedly to the Control Manager server.
Issue
Critical Patch 4406
(SEG-18115)
The Behavior Monitoring approved list does not work on files specified by a network path.
Solution
This critical patch updates the logic for the Behavior Monitoring approved list to ensure that it works on files specified by a network path.
Issue
Hotfix 4417
(SEG-18460)
After upgrading to OfficeScan XG Service Pack 1, the system may be unable to access certain third-party application files if Predictive Machine Learning is enabled.
Solution
This hotfix updates the Behavior Monitoring service to not block valid third-party applications.
Issue
Hotfix 4417
(SEG-18096)
When Trend Micro Smart Feedback is enabled, it shares anonymous threat information with the SPN. However, Predictive Machine Learning does not use anonymous information when sending the SPN feedback information.
Solution
This hotfix updates the Falcon Core Engine and the OfficeScan agent program to resolve the issue.
Issue
Hotfix 4423
(SEG-19719)
The OfficeScan Behavior Monitoring feature may cause high CPU usage on protected computers.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 4423
(SEG-19626)
The OfficeScan server cannot add UNC paths to the approved list in the Behavior Monitoring Settings.
Solution
This hotfix updates the OfficeScan server file to enable it to add UNC paths in the Behavior Monitoring approved list.
Enhancement
Hotfix 4423
(SEG-20254)
This hotfix provides a way for users to generate an installation package for coexisting OfficeScan agents on the On-Premise OfficeScan server.
Procedure
To generate the installation package for coexisting OfficeScan agents:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- SupportCoexistMode=1
- Save the changes and close the file.
- Restart the OfficeScan Master Service.
- After the OfficeScan Master service is running, open a command prompt with administrator privilege, and navigate to the "\PCCSRV\Admin\Utility\ClientPackager\" directory.
- Run the following command to create Windows installation package for OfficeScan agents using coexist mode:
- For 32-bit:
- Clnpack.exe /m /av /as /pfw /com /dcs /smart /o x86 /coexist /d "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Download\agent_coexist_x86.msi" /s "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV"
- For 64-bit:
- Clnpack.exe /m /av /as /pfw /com /dcs /smart /o x64 /coexist /d "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Download\agent_coexist_x64.msi" /s "C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV"
Administrators can retrieve the following installation packages for coexisting OfficeScan agents from the "\PCCSRV\Download" folder on the OfficeScan server installation directory.
- agent_coexist_x86.msi
- agent_coexist_x64.msi
Issue
Hotfix 4428
(SEG-20164)
An issue prevents the OfficeScan server from deploying the correct local language settings to agents.
Solution
This hotfix resolves the issue by updating the OfficeScan agent program.
Issue
Hotfix 4428
(SEG-20301)
OfficeScan stops generating logs unexpectedly after users enable the "Schedule scan connection verification" setting.
Solution
This hotfix updates the logic flow from the check timer to solve this issue.
Issue
Hotfix 4432
(SEG-20997)
The OfficeScan Behavior Monitoring feature may cause high CPU usage on protected endpoints when Sysmon.exe is running.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 4432
(SEG-20954)
Under certain scenarios, some OfficeScan processes may stop unexpectedly.
Solution
This hotfix updates the Behavior Monitoring module to enhance the self-protect feature of OfficeScan processes.
Issue
Hotfix 4440
(SEG-21322)
After upgrading to OfficeScan XG Service Pack 1, the OfficeScan web console will display the connection status of all OfficeScan agents as "independent".
Solution
This hotfix resolves the issue by ensuring that the OfficeScan server can successfully retrieve the correct agent connection status.
Issue
Hotfix 4440
(SEG-20549)
Data Loss Prevention™ (DLP) blocks the Skype application.
Solution
This hotfix updates the DLP module that contains the improved process flow to prevent false positive alerts when the Skype application conducts file access events on its temporary files.
Issue
Hotfix 4440
(SEG-20076), (SEG-20983)
32-bit OfficeScan processes may stop unexpectedly on 64-bit platforms.
Solution
This hotfix resolves the issue by updating how the DLP module matches path names when locating the "wow64.dll" path.
Issue
Hotfix 4440
(SEG-19818)
An interoperability issue between the VMware Horizon agent and the User-Mode Hooking feature of OfficeScan agents triggers a black screen when a protected computer restarts after agent installation.
Solution
This hotfix updates the User-Mode Hooking driver to solve this issue.
Issue
Hotfix 4440
(SEG-20121)
The firewall's "Quarantine" action in medium security level blocks the FTP session.
Solution
This hotfix changes the "Quarantine" action to "Drop" in medium security level to resolve the issue.
Issue
Hotfix 4440
(SEG-19174)
The Virus/Malware logs that agents send to the OfficeScan server disappear unexpectedly after administrators migrate the OfficeScan database from CodeBase to an SQL Server database using the SQL Server Migration Tool.
Solution
This hotfix updates the OfficeScan server program to ensure that OfficeScan keeps security risk logs after migrating the database.
Issue
Hotfix 4440
(VRTS-1181)
An attacker may be able to use the "Sc.exe" file to run unauthorized commands on a computer protected by OfficeScan.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Enhancement
Hotfix 4440
(SEG-20630)
This hotfix enables the SQLMIGRATION.LOG in the OfficeScan XG Service Pack 1 server. By default, the SQLMIGRATION.LOG file is in the "\PCCSRV\Admin\Utility\SQL" folder on the OfficeScan server installation directory.
Issue
Hotfix 4445
(SEG-20474)
An issue prevents the "showunlockbutton" feature from working on OfficeScan XG Service Pack 1.
Solution
This hotfix updates the OfficeScan XG Service Pack 1 server file to ensure that the "showunlockbutton" feature works normally.
Issue
Hotfix 4449
(SEG-21429)
OfficeScan does not propagate the OfficeScan Predictive Machine Learning settings to the clients or domains when applying the settings at the root level and using the Microsoft™ SQL database.
Solution
This hotfix resolves this issue by using the correct parameter based on the implementation of the database APIs.
Issue
Hotfix 4449
(SEG-21638)
An issue may prevent the OfficeScan agent from downloading pattern files.
Solution
This hotfix updates the OfficeScan XG Service Pack 1 server file to ensure that the OfficeScan agent updates files normally.
Issue
Hotfix 4449
(SEG-21643)
The OfficeScan agent downloads the SAL pattern file even if the current pattern file is already updated.
Solution
This hotfix updates the OfficeScan XG Service Pack 1 server files to ensure that the OfficeScan agent only gets updated pattern files from the server.
Issue
Hotfix 4453
(SEG-19769)
The OfficeScan server widget queries Data Loss Prevention™ (DLP) logs using the "root" account. This situation causes backend processes to always return all logs to any user.
Solution
This hotfix resolves the issue by adding a method that allows administrators to check all viewable domains of currently logged-on users if the request comes from a widget. The hotfix adds a hidden key to enable or disable this feature.
Procedure
To configure the new setting for "ofcserver.ini":
- Install this hotfix (see "Installation").
- Open the "ofcserver.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "SERVER_CONSOLE_SECTION" section, manually configure the following:
- [SERVER_CONSOLE_SECTION]
- ShowDLPLogByAccountPermission=1
- Save the changes and close the file.
- Reload the browser.
Issue
Hotfix 4456
(SEG-21508)
The OfficeScan Predictive Machine Learning feature may prevent users from printing Microsoft™ Office files or from downloading these files through a web browser normally.
Solution
This hotfix provides a way for users to approve programs to run with deferred scanning by Predictive Machine Learning to prevent these issues.
Procedure
To approve programs to run with deferred scanning by Predictive Machine Learning:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following keys and specify each approved program separately.
- [Global Setting]
- DS_ProcessCount=the number of programs in the approved list, supports any integer from 1 to 1000
- DS_ProcessName000=process name of the approved program, where "000" notes the first item on the list
For example:
- [Global Setting]
- DS_ProcessCount=4
- DS_ProcessName000=iexplore.exe
- DS_ProcessName001=Chrome.exe
- DS_ProcessName002=FireFox.exe
- DS_ProcessName003=WINWORD.EXE
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following entries of TXS.ini on all OfficeScan agent computers:
- [TrendX_Settings]
- DS_ProcessCount=4
- DS_ProcessName000="The encrypted string of the preferred program"
- DS_ProcessName001="The encrypted string of the preferred program"
- DS_ProcessName002="The encrypted string of the preferred program"
- DS_ProcessName003="The encrypted string of the preferred program"
Issue
Hotfix 4456
(SEG-22955)
The system information, product information, product version, and entity icon do not update automatically.
Solution
This hotfix updates the OfficeScan 12.0 Service Pack 1 server file to ensure that the system information, product information, product version, and entity icon are updated correctly.
Issue
Hotfix 4456
(VRTS-1974)
A time-of-check/time-of-use privilege escalation vulnerability exists with the "tmusa.sys" kernel file (Osprey).
Solution
This hotfix updates the kernel files for Osprey to address the vulnerability.
Issue
Hotfix 4456
(SEG-22406)
The certificate of the "saknet.sys" file is valid from March 23, 2016 to June 28, 2017 only.
Solution
This hotfix replaces the "saknet.sys" file in the Trend Micro Data Loss Prevention™ (DLP) module with a "saknet.sys" file that contains a valid certificate.
Issue
Hotfix 4456
(SEG-21120)
Some unexpected hostname IPs may be resolved during the drag-and-drop and open file dialog upload for supported web services and "facebook.com" IP resolution is not supported during browser file upload.
Solution
This hotfix updates the DLP module to enable it to first check if a hostname belongs to the supported web services list before attempting to resolve the IP address during the drag-and-drop and open file dialog upload. This hotfix also adds support for "facebook.com" in the supported web services list.
Issue
Hotfix 4456
(SEG-21805)
A protected computer may stop unexpectedly when an invalid policy is set for the DLP services.
Solution
This hotfix updates the DLP module to add restrictions, particularly for operations, to the DLP XML policy validators to help prevent the issue.
Issue
Hotfix 4456
(SEG-22771)
When an OfficeScan XG client performs the "Clean" action on certain backup files, it may also transfer the files to the "Virus" folder. The files in this folder are sent to the OfficeScan server along with quarantined files.
Solution
This hotfix prevents OfficeScan XG clients from saving a copy of cleaned BR0 to BRF backup files, for example XXX.BR0, XXX.BR1, XXX.BR2 to XXX.BRF, in the suspected virus folder. This ensures that cleaned files are not sent to the OfficeScan server.
Enhancement
Hotfix 4456
(SEG-21714)
This hotfix helps ensure that DLP violation logs displays the correct channel name and file path for Google Drive.
Enhancement
Hotfix 4456
(SEG-21808)
The hotfix enables the DLP module to support Microsoft™ Windows™ 10 Redstone 4 Insider Preview (10.0.17083).
Issue
Hotfix 4461
(SEG-21560)
The Data Loss Prevention™ (DLP) module does not monitor upload transfers in https://wetransfer.com.
Solution
This hotfix adds https://wetransfer.com to the DLP module's "browser_pattern.xml" file to enable the module to monitor open file dialog and drag and drop operations on the website.
Issue
Hotfix 4465
(SEG-20549)
The Data Loss Prevention™ (DLP) module blocks the Skype application.
Solution
This hotfix updates the DLP module that contains the improved process flow to prevent false positive alerts when the Skype application conducts file access events on its temporary files.
Issue
Hotfix 4465
(SEG-24020)
A protected computer stops responding when the Trend Micro Endpoint Sensor triggers frequent file scans.
Solution
The hotfix ensures that a protected computer runs normally when the Trend Micro Endpoint Sensor triggers file scans frequently.
Issue
Hotfix 4470
(SEG-23740)
Certain Dell computers freeze after installing the OfficeScan agent.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 4470
(SEG-22052)
Ntrtscan stops unexpectedly while patterns are reloaded and OfficeScan still waits for the scan to stop. This happens when there are too many manual scan context instances.
Solution
This hotfix resolves the issue by preventing OfficeScan from waiting for Ntrtscan to finish when it has already stopped and removes unused manual scan context instances from OfficeScan computers.
Issue
Hotfix 4470
(SEG-23862)
The Certified Safe Software Service may not work properly on OfficeScan XG Service Pack 1 agents if users enabled the Smart Protection Service Proxy for service queries.
Solution
This hotfix updates the OfficeScan agent program to ensure that the Certified Safe Software Service works as expected.
Issue
Hotfix 4470
(SEG-13780)
The "ClientUUID" information in the "OfcCCCAUpdate.ini" file of OfficeScan XG clients is one character shorter than the correct value and contains garbled characters.
Solution
This hotfix updates the OfficeScan XG client files to ensure that OfficeScan clients retrieves and stores the correct "ClientUUID" information.
Issue
Hotfix 4470
(SEG-13780)
Communication between OfficeScan and Trend Micro Control Manager™ stops when the "SourceUUID" information in the "ofcDdaSrv.ini" file changes.
Solution
This hotfix updates OfficeScan XG server files to ensure that the communication between OfficeScan XG and Control Manager is not interrupted when the "SourceUUID" information changes.
Issue
Hotfix 4470
(SEG-21136)
When OfficeScan integrates with an Active Directory (AD) Server, users on the first layer will have the same domain management scope. While users on the second layer can login to the OfficeScan web console normally, they do not have privileges to view and manage the domains under the OfficeScan server.
Solution
This hotfix changes the method to get all AD groups from the logon token and allow each AD user account to query all groups and manage domains under the same OfficeScan server.
Issue
Hotfix 4476
(SEG-17659)
The Behavior Monitor re-entry on the PostCreate event may trigger a blue scree of death (BOSD) on Microsoft™ Windows™ XP embedded systems.
Solution
This hotfix adds an anti-re-entry checking mechanism to the ActMonFilePostCreate task to resolve the issue.
Issue
Hotfix 4476
(SEG-24160)
A network bandwidth issue occurs while Update Now is running.
Solution
This hotfix adds the following conditions to prevent the OfficeScan agent from querying the Active Directory (AD) to prevent the network bandwidth issue.
- AegisEnableDac=1
- service switch of AEGIS or DLP=1
Issue
Hotfix 4476
(VRTS-2185)
An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution
This hotfix updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
Issue
Hotfix 4476
(SEG-24468)
An issue prevents OfficeScan from blocking sensitive information sent through the HTTP(S) in "dlptest.com".
Solution
This hotfix ensures that OfficeScan can block sensitive information in "dlptest.com" by adding a new formdata pattern for the site.
Enhancement
Hotfix 4476
(SEG-22060)
This hotfix updates the OfficeScan Data Loss Prevention™ (DLP) module to enable its Device Control feature to work on portable devices with read-only permission.
Procedure
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- InstallDLPWpdDriver=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- Key: InstallDLPWpdDriver
- Type: DWORD
- Value:
- 0 = Device Control does not work on portable devices with read-only permission
- 1 = Device Control works on portable devices with read-only permission
Issue
Hotfix 4480
(SEG-20334)
An OfficeScan agent computer stops responding when the Data Loss Prevention™ (DLP) service is enabled while OneDrive for Business is running.
Solution
This hotfix resolves the issue by updating the DLP module to improve the OneDrive for Business synchronization folder checking mechanism.
Issue
Hotfix 4480
(SEG-25098)
There is a spelling error in the "Action on Exception Rule" page of the OfficeScan agent console.
Solution
This hotfix updates the OfficeScan agent program to correct the spelling error on the page.
Issue
Hotfix 4480
(SEG-25326)
Users may experience long loading times for websites when Web Reputation is enabled. This happens because OfficeScan XG agents that use a Proxy Auto-Configuration (PAC) file to establish proxy connection with a Smart Protection Server do not connect to the expected proxy.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 4480
(SEG-24934)
The "Offline Time" column on the OfficeScan web console displays inaccurate information.
Solution
This hotfix updates the OfficeScan server files to ensure that the correct offline time information appears in the "Offline Time" column.
Issue
Hotfix 4480
(SEG-24934)
The OfficeScan server may export the wrong agent list information because there is not enough buffer memory.
Solution
This hotfix enlarges the buffer size to fix this issue.
Issue
Hotfix 4480
(SEG-23999)
Users may encounter an "Update Failed" alert when they try to update the product license through the OfficeScan management console.
Solution
This hotfix updates the OfficeScan server program to ensure that users can update the product license successfully through the OfficeScan management console.
Enhancement
Hotfix 4480
(SEG-21635)
This hotfix enables DLP to support UnionPay credit cards.
Issue
Hotfix 5110
(SEG-24756)
The Security Threat URL information in Virus/Malware logs do not appear in search results.
Solution
The hotfix updates the OfficeScan server program and the "Virus_Encyclopedia_URL" to ensure that the correct Virus/Malware information appears on the redirected Threat Encyclopedia web page.
Issue
Hotfix 5110
(SEG-23762)
The OfficeScan agent's memory usage increases when users open and close sub windows too many times.
Solution
This hotfix allows users to configure OfficeScan to monitor the pccnt memory usage and to close the pccnt console automatically once the memory usage reaches 512 MB.
Procedure
To configure OfficeScan to monitor the pccnt memory usage and to close the pccnt console automatically once the memory usage reaches 512 MB:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- MonitorPccntMemory=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro \PC-cillinNTCorp\CurrentVersion\Misc.
- Key: MonitorPccntMemoryUsage
- Type: DWORD
- Value: 1 = OfficeScan supports pccnt console will be closed automatically if pccnt memory usage is over 512 MB.
Issue
Hotfix 5110
(SEG-22489)
The assessment function lists OfficeScan agent computers under the "No OfficeScan agent installed".
Solution
This hotfix resolves the issue by enabling the assessment engine to try both HTTPS and HTTP to connect to clients.
Issue
Hotfix 5110
(SEG-25336)
When the HTTPS communication port of OfficeScan XG Service Pack 1 agents is not configured correctly, these agents will not be able to connect to an OfficeScan XG Service Pack 1 server that was upgraded from an OfficeScan 11 server.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5110
(SEG-25670)
There are spelling errors in the French version of the OfficeScan agent console's "Console Flyover" page.
Solution
This hotfix updates the OfficeScan agent program to correct the spelling error on the page.
Issue
Hotfix 5110
(SEG-24585)
OfficeScan agents in conventional scan mode without Internet connection cannot send Predictive Machine Learning threat queries when the "Use configured Smart Protection Sources for service queries" feature is enabled.
Solution
This hotfix resolves the issue generating the necessary registry values to properly configure the Predictive Machine Learning and the "Use configured Smart Protection Sources for service queries" feature.
Issue
Hotfix 5110
(SEG-25901), (SEG-21738)
Microsoft™ added a feature in Microsoft Windows™ 10 Fall Creators Update (RS3). After this update, the Windows Defender Security Center can no longer recognize the status of the OfficeScan antivirus and firewall.
Solution
This hotfix enables the OfficeScan agent to report the "substatus" of both the antivirus and firewall to the Windows Security Center so that the Windows Defender Security Center displays the correct antivirus product status.
Issue
Hotfix 5110
(SEG-25109)
In Microsoft Internet Explorer™ 11, illegal attachments in Yahoo Mail US attached using the "attached" button are not blocked.
Solution
The hotfix enables OfficeScan to recognize the attachment filename in Yahoo Mail encoded in UTF-8 MIME.
Issue
Hotfix 5110
(SEG-25911)
Trend Micro Endpoint Encryption (TMEE) cannot encrypt files normally when iDLP is enabled.
Solution
The hotfix adds the new TMEE build (6.0.2023) in the approved list of the DLP module to resolve this issue.
Issue
Hotfix 5110
(SEG-25802)
The Microsoft™ Windows™ 10 services do not start when a protected computer starts.
Solution
This hotfix implements customized configurations to allow users to enable or disable the VMware ThinApp application detection feature which can help ensure that Windows 10 services start normally.
Procedure
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the "check_vmware_thinapp" key and set its value to "false".
- [Configure]
- check_vmware_thinapp=false
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- check_vmware_thinapp=false
Issue
Hotfix 5110
(SEG-24426)
The "Agents Connected to the Edge Relay Server" widget may display inaccurate date information if the server and browser are both set to time zone earlier than UTC-1, for example, UTC-6.
Solution
This hotfix implements the following to resolve this issue:
- When collecting data, the widget will start from the midnight of the sixth day before the present day based on the local time zone.
- When adding a timestamp to information, the widget will set it to midnight of the same day based on the local time zone.
Issue
Hotfix 5110
(SEG-24123)
Scans triggered by the PccNT command may not be able to scan a file on a network drive.
Solution
This hotfix updates the OfficeScan client program to ensure that it can scan files in a network drive normally.
Issue
Hotfix 5110
(SEG-19783)
Samples are sent to the Deep Discovery Analyzer server without any host name information.
Solution
This hotfix ensures that OfficeScan server sends samples to the Deep Discovery Analyzer with the correct source host information.
Enhancement
Hotfix 5110
(SEG-21124), (SEG-5076), (SEG-19481)
This hotfix enables users to configure OfficeScan to allow a user with restricted access to connect to an approved wireless SSID and to block these users from connecting to any wired network. This helps ensure that the user does not connect to both a wireless and a wired network at the same time.
Procedure
To enable restricted users to connect to an approved wireless SSID and block these users from using any wired network:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set the preferred value for each.
- [Global Setting]
- EnableWhiteListSSID=y
- 1, enables the approved SSID list
- 0, (default) disables the approved SSID list
- WhiteListSSIDCount=x, the number of approved SSID on the list
- WhiteListSSID_0=abcd, first SSID
- WhiteListSSID_1=1111, subsequent SSID
- WhiteListSSID(x-1)=2222, any SSID specified after this key will not be used
- EnableBlockWiredNetwork=z
- 1, blocks all wired network interfaces
- 0, opens all wired network interfaces
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
NOTES:
- After blocking wired network interfaces and unloading the agent, you can reconnect these interfaces through the \Windows\Control Panel\Network and Internet\Network Connections\ page.
- When the SSID approved list is enabled, you can see the available wireless network SSIDs after unloading the agent.
Enhancement
Hotfix 5110
(SEG-25901), (SEG-19481)
The OfficeScan web console does not display an alert when the Smart Scan Pattern is out-of-date.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- PatternTooOldSmartScan=1 NOTE: To disable the setting, set this key to "0" or delete it.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path:
- 32-bit: HKEYLOCALMACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternTooOldSmartScan
- 64-bit: HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternTooOldSmartScan
- Key: PatternTooOldSmartScan
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
Enhancement
Hotfix 5110
(SEG-23501)
This hotfix updates the DLP module to support API hooking in Windows 10 RS4 (10.0.17133)
Enhancement
Hotfix 5110
(SEG-25807)
The hotfix enables OfficeScan to monitor file upload traffic for "uploadfiles.io" and "file.io" by adding the related file upload patterns for specific websites.
Enhancement
Hotfix 5110
(SEG-24608)
This hotfix extends the capacity of the Control Device USB Exception list to support up to 100,000 entries.
Issue
Hotfix 5122
(SEG-25160)
Microsoft™ Surface™ computers where the OfficeScan agent is installed may stop unexpectedly and experience blue screen of death (BSOD) when the Behavior Monitoring feature is enabled.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 5122
(SEG-23490), (SEG-19697)
The performance of protected computers slows down when the engine processes a PostClose event in "\Device\Volume".
Solution
This hotfix provides a way to configure OfficeScan to skip PreClose and PostClose events in "\Device\Volume".
Procedure
To enable OfficeScan to skip PreClose and PostClose events in "\Device\Volume":
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- tmevtmgr_SkipDeviceVolume=1
- NOTE: To disable the setting, set this key to "0" or delete it.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmevtmgr\Parameters
- Key: SkipDeviceVolume
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
Issue
Hotfix 5122
(SEG-23490), (SEG-14536)
The Keyparc Business program may take one minute to open a newly-created file on an encrypted drive on OfficeScan client computers.
Solution
This hotfix imports new tmcomm drivers to help ensure that the Keyparc Business program can open newly-created files on encrypted drives normally.
Procedure
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- TmCommBypassVolDevNormalizeReparse=1
- NOTE: Setting this key to "1" prevents OfficeScan from reparsing path normalization to prevent performance drop issues, BSOD, and other performance issues.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmcomm\Parameters
- Key: BypassVolDevNormalizeReparse
- Type: DWORD
- Value: 1 = OfficeScan skips reparsing of path normalization to prevent certain performance issues
- Restart the OfficeScan agents.
Issue
Hotfix 5122
(SEG-23542)
After a session times out, an Active Directory (AD) account user can logon to the OfficeScan web console again without providing a username and password by refreshing the web page.
Solution
This hotfix resolves the issue to ensure that AD account users are required to provide the login credentials again after refreshing the web page.
Issue
Hotfix 5122
(SEG-25939)
OfficeScan's CPU usage may rise when uploading files to Citrix "sharefile.com" website.
Solution
This hotfix helps keep OfficeScan's CPU usage within the manageable levels when it uploads files to "sharefile.com".
Issue
Hotfix 5122
(SEG-26513)
The Data Loss Prevention™ (DLP) module stops unexpectedly while processing General Data Protection Regulation (GDPR) information.
Solution
This hotfix ensures that the DLP module can process GDPR strings normally.
Issue
Hotfix 5122
(SEG-24694)
The DLP module uses a large amount of CPU resources.
Solution
The hotfix keeps the DLP module's CPU usage within normal levels.
Issue
Hotfix 5122
(SEG-25427)
The CPU usage of the Trend Micro Data Protection Service reaches up to 25 to 30 percent when users upload an .mp4 file to Google Drive through a web browser.
Solution
The hotfix provides a way to prevent the CPU usage of the Data Protection Services from rising when users upload .mp4 files to Google Drive and Dropbox.
Procedure
To configure the new setting for DLP on Google Drive and Dropbox:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add its value.
- [Configure]
- cloudstorage_http2_check=false
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents". The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- cloudstorage_http2_check=false
- Find a target machine for verification
Issue
Hotfix 5122
(SEG-23571)
OfficeScan doesn't automatically remove older offline agents with same computer name and IP addresses after verifying the server-agent connection.
Solution
The hotfix ensures that OfficeScan automatically removes older offline agents with same computer name and IP addresses after verifying the server-agent connection.
Issue
Hotfix 5122
(SEG-15460)
The OfficeScan Firewall service may block the connection of a new generation NIC interface on Miracast devices.
Solution
This hotfix provides a way to adopt the new NIC interface settings from Miracast devices.
Procedure
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EventTriggerIPChange=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent endpoints:
- Path:
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key: EventTriggerIPChange
- Type: REG_DWORD
- Value: 1
Issue
Hotfix 5122
(SEG-26381)
OfficeScan agents with the program inspection feature enabled may encounter issues with third-party programs due to a conflict with the Memory Scan Trigger pattern (tmmst.ptn/tmmst64.ptn).
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5122
(SEG-24736)
The OfficeScan User Mode Hooking (UMH) function may prevent the system from shutting down normally.
Solution
This hotfix updates the OfficeScan UMH module to resolve this issue.
Issue
Hotfix 5122
(SEG-23873)
The User Mode Hooking (UMH) module exclusion list does not accept UNC paths that contain any wildcard character.
Solution
This hotfix enables the UMH module exclusion list to accept UNC paths that contain wildcard characters.
Issue
Hotfix 5130
(SEG-22908)
The Scan Exclusion Directories and Scan Exclusion Files lists allow users to add more than 256 items.
Solution
This hotfix ensures that OfficeScan only allows users to add up to 256 items to the lists which is the limitation indicated in the Administrator's Guide.
Issue
Hotfix 5130
(SEG-27028)
After users apply Hotfix 5110, the "Role" column disappears from the "User Accounts" screen of the web console.
Solution
This hotfix resolves the issue to ensure that the "Role" column appears on the "User Accounts" screen.
Issue
Hotfix 5130
(SEG-27218)
Trend Micro Vulnerability Scanner (TMVS) stop working when users select more than two endpoints to install Trend Micro OfficeScan agent(s).
Solution
This hotfix resolves the issue and provides a way to ensure that the correct port is used in "TMVS.ini" and "Schedule.ini".
Procedure
To modify "TMVS.ini" and "Schedule.ini" so that both use the correct port:
- Install this hotfix (see "Installation").
- Open the "TMVS.ini" file in the "\PCCSRV\Admin\Utility\TMVS\" folder of the OfficeScan server installation directory using a text editor.
- Under the "OfficeScan Server Setting" section, manually delete the host name of the OfficeScan server from the key below:
- [OfficeScan Server Setting]
- OsceServer=
- Save the changes and close the file.
- Run "TMVS.exe". The "OsceServerPort" key under the "OfficeScan Server Setting" section in "TMVS.ini" will automatically be set to the SSL port.
- [OfficeScan Server Setting]
- OsceServerPort=(SSL port)
NOTE: "TMVS.exe" can be used for Manual Scan after modifying "TMVS.ini". If you have already created a scheduled scan record before applying this hotfix, proceed to the next step.
- Open the "Schedule[number].ini" file in the "\PCCSRV\Admin\Utility\TMVS\" folder of the OfficeScan server installation directory using a text editor.
NOTES:
- [number] depends on the user's environment, it may be Schedule1, Schedule2...
- All "Schedule[number].ini" files created before applying this hotfix should be modified.
- Under the "OfficeScan Server Setting" section, manually delete the host name of the OfficeScan server from the following key
- [OfficeScan Server Setting]
- OsceServer=
- Save the changes and close the file.
- Repeat steps 6 to 8 for each "Schedule[number].ini" file.
- Run "TMVS.exe". The "OsceServerPort" under the "OfficeScan Server Setting" section in "Schedule[number].ini" will be set to the SSL port.
- [OfficeScan Server Setting]
- OsceServerPort=(SSL port)
NOTE: "TMVS.exe" can be used for Scheduled Scan after modifying "TMVS.ini" and "Schedule.ini".
Issue
Hotfix 5130
(SEG-20456)
When an Edge Server is installed and used in an environment and users deploy gateway IPs to an OfficeScan agent machine, and if the assigned gateway IPs and gateway IPs on the machine do not match, the OfficeScan agent will only connect to Edge Server even when the agent can connect to the OfficeScan Server in the same network.
Solution
The hotfix updates the "Synchronize" registry key in the Misc file for Client/Server Communication so that when it is set to "0", the agent will connect to the OfficeScan server under the scenario described above.
Issue
Hotfix 5130
(SEG-2847)
OfficeScan agents may appear "Offline" on the OfficeScan web console but "Online" when viewing the OfficeScan agent icon.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5130
(SEG-25982)
The Data Loss Prevention™ (DLP) service of the OfficeScan agent may not be installed or started properly.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5130
(SEG-26122)
The Dashboard Summary on the OfficeScan web console shows that there are violation logs generated within the last 24 hours but a manual check indicates that no logs were generated in the same time frame.
Solution
This hotfix updates the OfficeScan server program to ensure that the Dashboard Summary displays accurate information.
Issue
Hotfix 5130
(SEG-25595), (SEG-26902)
When users log on to any non-English version of the OfficeScan web console with a created user account, the Dashboard pages show English content.
Solution
The hotfix ensures that the Dashboard pages display in the correct language when users log on to the OfficeScan web console using user accounts created after installing this hotfix.
Issue
Hotfix 5130
(SEG-27050)
An agent's connection status icon is grayed-out in the agent console flyover when the agent uses conventional scan mode and only Real-time Scan is enabled.
Solution
The hotfix ensures that the connection status icon is green when agents use conventional scan mode and only Real-time Scan is enabled. The connection status signal will be grayed-out only if all modules are disabled even when agents are connected to the OfficeScan server.
Issue
Hotfix 5130
(SEG-24168)
A SQL exception occurs when the OfficeScan agent GUID field is empty.
Solution
The hotfix enables OfficeScan to handle the exception to resolve the issue.
Issue
Hotfix 5130
(SEG-25661)
The PccNtMon service does not apply updates to the Local Area Network (LAN) proxy settings to the proxy settings of Predictive Machine Learning when both the Smart Protection Service and Smart Scan are disabled.
Solution
This hotfix ensures that changes to the LAN proxy settings are automatically applied to the Predictive Machine Learning proxy settings.
NOTE: If you experience this issue, you need to manually save the LAN proxy setting again after applying this hotfix.
Enhancement
Hotfix 5130
(SEG-27168)
This hotfix adds the "MAX_FILE_SIZE" and "MAX_TXT_FILE_SIZE" parameters to enable users to set the file size limitation for DLP content scanning.
Enhancement
Hotfix 5130
(SEG-26791)
This hotfix enables OfficeScan to monitor open file dialog and drag and drop events for Sugarsync and Hightail.
Enhancement
Hotfix 5130
(SEG-25643)
A user requests for an API to automate the move and uninstall agent processes.
Procedure
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following keys and set both values to "1".
- [Global Setting]
- EnableMoveNATClient=1
- MoveNATClientRemoveEmptyDomain=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Only "EnableMoveNATClient" will be deployed to client, the path:
- For x64 platforms:
- HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- For x86 platforms:
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key:
- EnableMoveNATClient
- Type: REGDWORD
- Value: 1
Enhancement
Hotfix 5130
(SEG-26800)
This hotfix enables OfficeScan to detect "Italy: CF – Codice Fiscale (Tax Code)" keywords that do not contain any space.
Issue
Hotfix 5137
(SEG-27830)
An issue prevents OfficeScan from detecting file attachments in Gmail.
Solution
The hotfix resolves the issue by enabling OfficeScan to parse file attachments using an HTTP and HTTP/2 parser.
Issue
Critical Patch 5147
(VRTS-2184), (VRTS-2185), (VRTS-2187), (VRTS-2189), (VRTS-2443)
An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution
This critical patch updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
Enhancement
Critical Patch 5147
(SEG-26512)
This critical patch enables the OfficeScan XG Service Pack 1 agent program to support Windows 10 (version 1803) April 2018 Update.
Issue
Hotfix 5154
(SEG-27828)
The Common Firewall driver generates incorrect and outdated search results on the OfficeScan web console.
Solution
This hotfix updates the OfficeScan server program to prevent this issue from occurring.
Issue
Hotfix 5154
(SEG-29180)
Users can enable "Export Scan Exclusions" to save the scan exclusions list in a CSV format on the OfficeScan server. However, the exclusion lists are not displayed correctly in the German version of OfficeScan.
Solution
This hotfix updates the OfficeScan server files to resolve this issue.
Issue
Hotfix 5154
(SEG-25101)
Even if users have local administrator privileges with their user accounts, the following error message still appears when installing OfficeScan XG Service Pack 1 agent using AUTOPCC via the login script:
"To install/uninstall the OfficeScan Agent, you must have administrator privileges to this computer."
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5154
(SEG-27809)
When Data Loss Prevention™ (DLP) Service is enabled on a virtual Windows Server, it causes the endpoint to freeze or become unresponsive within intervals of a few minutes.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5154
(SEG-28172)
When users perform a fresh installation of an OfficeScan agent with conventional scan mode using an "*.exe" package or the "AutoPcc.exe" file, the system does not generate some registry keys required by the Predictive Machine Learning feature.
Solution
This hotfix ensures that the system generates all necessary registry keys when an OfficeScan agent is installed with conventional scan mode.
Issue
Hotfix 5154
(SEG-23277)
A compatibility issue between "Optimus5.exe" and OfficeScan Behavior Monitoring may cause "Optimus5.exe" to become unresponsive.
Solution
This hotfix resolves the issue by updating the Behavior Monitoring module.
Issue
Hotfix 5154
(SEG-29538)
Trend Micro Vulnerability Scanner (TMVS) stops unexpectedly when users configure Scheduled Scan tasks that exceed 16 characters.
Solution
This hotfix resolves the issue so users can configure Scheduled Scan tasks normally.
Issue
Hotfix 5154
(SEG-28362)
Trend X alerts are disabled unexpectedly.
Solution
The hotfix prevents OfficeScan from resetting the TrendxAlert registry key when the TmListen service starts if the agent is not a fresh installation.
Issue
Hotfix 5154
(SEG-28559)
OfficeScan agents send a sample file even when sample submission is disabled.
Solution
This hotfix enables OfficeScan agents to always check the "EnableSampleSubmission" key and apply the correct setting so that these agents do not send out sample files when sample submission is disabled.
Issue
Hotfix 5154
(SEG-27256)
In some user environments where Windows Updates are not applied, OfficeScan agents may not be able to update their Smart Scan Pattern properly.
Solution
This hotfix resolves the issue by updating the Active Update module.
Issue
Hotfix 5154
(SEG-28180)
When an OfficeScan client detects a sample virus file (EICAR.COM), it may not be able to send the file to the OfficeScan server. This happens when a Windows socket error prevents it from extracting the correct IP address.
Solution
This hotfix resolves this issue so that the OfficeScan client can retrieve the correct IP address and send the files out normally.
Enhancement
Hotfix 5154
(SEG-27748)
The hotfix enables the Integrated Data Loss Prevention (DLP) module to support PGP Desktop 10.3.2 by adding the PGP 10.3.2 API pattern.
Enhancement
Hotfix 5154
(SEG-28957)
This hotfix enables Data Loss Prevention™ (DLP) Endpoint SDK 6.2 to skip the Domain Name System (DNS) from resolving customized web sites.
Procedure
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Configure" section, manually add the "BYPASS_DNS_RESOLVE_WEBSITES" key and set its value.
- [Configure]
- BYPASS_DNS_RESOLVE_WEBSITES=example1.com,example2.com
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Agent Management > Select domains or agents > Settings > DLP settings" screen.
- Click "Save" to deploy the setting to agents". The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- BYPASS_DNS_RESOLVE_WEBSITES=example1.com,example2.com
Issue
Hotfix 5158
(SEG-28228)
Users have "Full Control" permission on the OfficeScan client folder because the Osprey function resets the OfficeScan client folder permission from "Read&Execute" to "Full Control".
Solution
This hotfix resolves this issue by adjusting the OfficeScan client folder permission to "Read&Execute" right after the Osprey function runs.
Issue
Hotfix 5158
(SEG-30730)
The Recent file list is missing from the right-click menu on the Microsoft™ Windows™ taskbar and from the "Start" menu when the Data Loss Prevention™ (DLP) Service is enabled.
Solution
This hotfix resolves this issue by updating the file event scanning procedure for "RuntimeBroker.exe" with the Microsoft Windows Jump List under the "automaticdestinations-ms" folder.
Issue
Hotfix 5158
(SEG-26606)
Users are unable to eject encrypted flash drives when the system enables Trend Micro Predictive Machine Learning on coexisting OfficeScan agents.
Solution
This hotfix updates the OfficeScan agent program to prevent this issue from occurring.
Procedure
To enable the feature for OfficeScan agents and the OfficeScan server:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- MonitorFixedDrive=1
- NOTE: To disable the setting, set this key to "0".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
- Path:
- for x64 platform
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- for x86 platform
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: MonitorFixedDrive
- Type: REG_DWORD
- Value: 1
Issue
Hotfix 5158
(SEG-29206)
DLP Service may not be able to block devices properly if users enable these devices in the Device Manager function of the computer.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5158
(SEG-23539)
Administrators cannot set a registry key when installing third- party applications, which is caused by the OfficeScan Self-protection function.
Solution
This hotfix exempts the "Msiexec.exe" installer from the OfficeScan Self-protection function and ensures that administrators can successfully install third-party applications.
Issue
Hotfix 5158
(SEG-26683)
Detection notification does not pop up and there is no record in the security risk log when users try to open a malware file from the network drive.
Solution
This hotfix updates the OfficeScanNT real-time scan ("Ntrtscan.exe") function and enables the real-time scan to go through the correct process, ensuring that the real-time scan accesses and scans files located on network drives.
Issue
Hotfix 5158
(SEG-29225)
Users experience PsTools interference issues because Windows cannot access "C:\Windows\System32\sc.exe" program on x86 platforms.
Solution
The hotfix amends the Unauthorized Change Prevention policy to resolve this issue.
Issue
Hotfix 5158
(SEG-30736)
The DLP version appears as 0.0.0 on both the management console and agent console.
Solution
This hotfix ensures that the correct DLP version appears on both the management console and agent console.
Issue
Hotfix 5158
(SEG-26869)
OfficeScan off-premises agents connected to the OfficeScan Edge Relay server fail to send virus/spyware logs to the OfficeScan server.
Solution
The hotfix resolves this issue by enabling OfficeScan to resend the HTTP request while receiving the "ERROR_WINHTTP_RESEND_REQUEST" message.
Issue
Hotfix 5158
(SEG-29928)
When the Advanced Protection Service is disabled in an OfficeScan agent, smvptn files accumulate and are not cleaned promptly.
Solution
This hotfix resolves the issue by updating the NTRT module to check the current smv patterns to keep only the two most recent versions and delete all older versions.
Enhancement
Hotfix 5158
(SEG-27626)
This hotfix provides administrators a way to adjust the header size limit and number of entities to detect risky emails.
Procedure
To adjust the header size limit and number of entities to detect risky email messages:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following keys and set the values.
- [Global Setting]
- BytesPerEntHdr=size of all header fields allowed in each entity
- EntPerMsg=number of entities allowed in each mail message
For example:
- [Global Setting]
- BytesPerEntHdr=32768
- EntPerMsg=64
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and set the following registry entry on all OfficeScan agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config
- Key: BytesPerEntHdr
- Type: DWORD
- Value: For example: 0x00008000 (32768)
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Osprey\Scan\Common\MailManager\config
- Key: EntPerMsg
- Type: DWORD
- Value: For example: 0x00000040 (64)
Enhancement
Hotfix 5158
(SEG-30242)
This hotfix enables DLP Endpoint SDK 6.2 to support the device type exception keys for USB devices in the DLP Device Control mode.
Issue
Hotfix 5167
(SEG-26570)
Users may not be able to print files normally on a protected endpoint when both the OfficeScan Predictive Machine Learning feature and the Behavior Monitoring feature are enabled.
Solution
This hotfix resolves the issue by updating the Behavior Monitoring module.
Issue
Hotfix 5167
(SEG-27727)
The Behavior Monitoring feature may prevent users from opening Microsoft™ Office programs normally if the OfficeScan agent cannot connect to the Trend Micro Census Server properly.
Solution
This hotfix resolves the issue by updating the Behavior Monitoring module.
Issue
Hotfix 5167
(SEG-30296)
The Data Loss Prevention™ (DLP) Service may prevent users from accessing Microsoft™ Excel files normally.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5167
(SEG-24733)
Microsoft Internet Explorer™ (IE) stops unexpectedly because of a Browser Exploit Prevention memory allocation failure when users browse files through a 3rd-party web application.
Solution
This hotfix updates the Browser Exploit Prevention module to prevent it from stopping unexpectedly when it encounters issues while allocating memory.
Issue
Hotfix 5167
(SEG-30241)
Users encounter an "Update Failed" message after clicking the "Update Information" button on the product license page.
Solution
This hotfix resolves the issue by enabling OfficeScan to clear existing garbage data in the structures.
Issue
Hotfix 5167
(SEG-29900)
Sometimes, the database cannot retrieve strings with special characters when the server queries the Domain Name. When this happens, garbage characters appear on the "Agent Component Update Details" page.
Solution
This hotfix updates the related database modules to ensure that the database can retrieve strings with special characters while resolving domain names.
Issue
Hotfix 5167
(SEG-31152)
After users apply Hotfix 5158 included in version 6.2.1208 of the DLP module, the list of approved devices does not work until after the DLP service restarts.
Solution
The hotfix updates the DLP module to resolve the issue.
Issue
Hotfix 5167
(VRTS-2465), (VRTS-2466), (VRTS-2467)
An attacker may craft a malicious request and cause AMSP to help on creating a process that provides SYSTEM privileges to the attackers.
Solution
This hotfix updates the AMSP file ("coreCommandmanager.dll") to resolve this issue.
Enhancement
Hotfix 5167
(SEG-25083)
This hotfix adds a new configuration key to allow users to manually add websites to the monitored list.
Procedure
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the "monitor_file_upload_websites" key and set its value to the specific website.
- [Configure]
- monitor_file_upload_websites=web.airdroid.com
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- monitor_file_upload_websites=web.airdroid.com
Issue
Hotfix 5180
(SEG-31393)
Scheduled scan is postponed because OfficeScan detects full screen mode even when there are no windows in full screen mode.
Solution
This hotfix enables OfficeScan to ignore windows that do not have visible content during full screen mode detection.
Issue
Hotfix 5180
(SEG-31525)
The OfficeScan NT Listener service ("TmListen.exe") may stop unexpectedly after the OfficeScan XG Service Pack 1 agent restarts. When this happens, the agent update fails.
Solution
This hotfix updates the OfficeScan agent program to prevent the "TmListen.exe" from stopping unexpectedly.
Issue
Hotfix 5180
(SEG-28309)
When the OfficeScan agent detects a virus/malware, it may not be able to move the quarantined file to the OfficeScan server. This happens when the OfficeScan agent could not resolve the hostname of the OfficeScan server properly.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5180
(SEG-29948)
After upgrading to OfficeScan XG Service Pack 1, the default communication port between the OfficeScan agent and the server changed to SSL port 4343. For OfficeScan agents with the firewall enabled, the firewall continues to use the older port 8080 as a trusted port and prevents the OfficeScan agent from connecting to the server.
Solution
This hotfix resolves this issue by ensuring that updated OfficeScan agents add port 4343 to the OfficeScan firewall trusted port list. To ensure that the network quarantine feature continues to function, this hotfix also adds the IPv4 DNS and WINS ports to the trusted port list.
Issue
Hotfix 5180
(SEG-30980)
User encounter an "Invalid Session…" error when making changes to the OfficeScan settings through the web console using an Active Directory (AD) user account that belongs to a sub group.
Solution
This hotfix resolves the issue by adding the caller function "checkingRBAMenuRoles" to use the AD token to get information from all domain layers.
Issue
Hotfix 5180
(SEG-31880)
In assessment mode, Web Reputation logs display the "Action" results as "Assess" on the OfficeScan web console but shows "Block" in the Trend Micro Control Manager™ web console.
Solution
This hotfix updates the OfficeScan Web Reputation module to ensure that the "Action" results in Web Reputation logs on the OfficeScan web console are consistent with the information on the Control Manager web console in assessment mode.
Issue
Hotfix 5180
(SEG-32171)
When OfficeScan agents are configured not to upgrade the OfficeScan agent program or deploy hotfixes, inaccurate minor version information appears for the Advanced Threat Scan Engine (ATSE) on the agent console after ATSE updates from the ActiveUpdate (AU) Server. For example, the minor version number is displayed as "10.2.1006" instead of "10.200.1006".
Solution
This hotfix ensures that the agent console displays the ATSE version information accurately.
Issue
Hotfix 5180
(SEG-27671)
An exception error triggers the OfficeScan Master Service to stop unexpectedly while extracting a pattern file from a compressed file.
Solution
This hotfix updates the OfficeScan Master Service to enable it to handle the exception.
Enhancement
Hotfix 5180
(SEG-23154)
This hotfix improves OfficeScan's security checking feature for digital signatures during program deployment in air gap network environments by allowing users to configure the interval of the uploading digital signature check failure logs. This hotfix also decommissions the following settings:
- CheckDigitalSignatureForHotfix
- CheckDigitalSignatureForUpgrade
- DOVF
Procedure
To configure the interval of the uploading digital signature check failure logs:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set it to the time interval in seconds.
- [Global Setting]
- DSInvalidLogUploadInterval=3600(default, sec)
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: DSInvalidLogUploadInterval
- Type: DWORD
- Value: 3600
Enhancement
Hotfix 5180
(SEG-27559)
This hotfix enables users to configure the Behavior Monitoring autorun function to skip devices in the Device Access Control (DAC) approved list.
Procedure
To configure the Behavior Monitoring autorun function to skip devices in the DAC approved list:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- SkipDACAutorunJunctionPointerChecking=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipDACAutorunJunctionPointerChecking
- Type: REG_DWORD
- Value: 1
Issue
Critical Patch 5180
(VRTS-2485)
A possible ZDI-CAN-6104 compromise may cause the OfficeScan NT RealTime Scan ("Ntrtscan.exe") service to stop unexpectedly.
Solution
This critical patch updates the OfficeScan agent program to resolve the vulnerability.
Issue
Hotfix 5182
(SEG-31268)
The "Channel" results in Data Loss Protection™ (DLP) logs appear as "FileWrite" on the OfficeScan agent console but are displayed as "IM (Skype for Business)" on the OfficeScan web console.
Solution
This hotfix updates the OfficeScan agent program to ensure that "Channel" results in DLP logs on the OfficeScan agent console are consistent with the information on the OfficeScan web console.
Issue
Hotfix 5182
(SEG-30308)
Some OfficeScan agents keep sending requests to the server frequently which causes a high CPU usage issue on the OfficeScan server.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Enhancement
Hotfix 5182
(SEG-32176)
This hotfix enables users to specify a registry configuration for OfficeScan agents to work around interoperability or false alarm issues when the Anti-exploit Protection feature is enabled under the OfficeScan User-Mode Hooking settings.
Procedure
To enable users to specify the registry configuration for OfficeScan agents:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value
- [Global Setting]
- SysUmExploitDefault=(hexadecimal value)
- NOTE: This key supports any hexadecimal value between 00000000 and FFFFFFFF. To disable all the features, set "SysUmExploitDefault=00000000". To enable all the features, set "SysUmExploitDefault=FFFFFFFF".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
- Key: SysUmExploitDefault
- Type: DWORD
- Value: 0x00000000 ~ 0xFFFFFFFF
Enhancement
Hotfix 5182
(SEG-32394)
This hotfix updates OfficeScan NT Listener and allows users to configure OfficeScan to automatically remove the Trend Micro NT Firewall Service (tmpfw.exe) and Trend Micro Network Driver Interface Specification Filter driver (tmlwf.sys) after OfficeScan Firewall service is disabled.
Procedure
To configure OfficeScan to automatically remove the Trend Micro NT Firewall Service (tmpfw.exe) and Trend Micro Network Driver Interface Specification Filter driver (tmlwf.sys) after OfficeScan Firewall service is disabled:
- Install this hotfix (see "Installation") with Trend Micro NT Firewall Service enabled.
- Open OfficeScan web console and go to "Administration > Settings > Product License" > "Additional Services"
- Under "Additional Services", click the "Disable" button to stop the firewall service.
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value.
- [Global Setting]
- RmvPFWifDisabled=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
- Key: RmvPFWifDisabled
- Type: DWORD
- Value: 1
- Unload and then reload OfficeScan agents.
Issue
Hotfix 5186
(SEG-30786)
Sometimes, Microsoft™ Windows™ Defender is not enabled automatically after uninstalling the OfficeScan agent even when configured to do so.
Solution
This hotfix ensures that when configured to do so, Windows Defender is enabled automatically after uninstalling an OfficeScan agent.
Issue
Hotfix 5186
(SEG-25062)
When an OfficeScan agent detects a file on the Volume Shadow copy, the "Action" result in the Suspicious File logs on the agent console and on the Trend Micro Control Manager™ web console appears as "Unable to quarantine the file", but displays as "Quarantined" on the OfficeScan web console.
Solution
This hotfix updates the OfficeScan NT Listener service ("TmListen.exe") to ensure that the "Action" results in Suspicious File logs on the OfficeScan web console matches the information on the agent console and Control Manager web console.
Issue
Hotfix 5186
(SEG-28350)
An OfficeScan agent may take a long time to complete an update while Device Control is enabled in a complicated Active Directory (AD) environment.
Solution
The hotfix resolves the issue by enabling users to configure the OfficeScan agent to skip AD synchronization during updates.
Procedure
To configure the OfficeScan agent to skip AD synchronization during updates:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- DisableUserBasedDC=1
- Save the changes and close the file.
Issue
Hotfix 5194
(SEG-31231)
An issue related to the Data Loss Prevention™ (DLP) module may cause a platform's performance to slow down when multiple users login at the same time.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5194
(SEG-33714)
After applying Hotfix 5180, the "Scan Now" and "Agent Uninstallation" pages display all OfficeScan agents even when users select only one or a few agents before clicking "Scan Now" or "Agent Uninstallation".
Solution
This hotfix ensures that the "Scan Now" and "Agent Uninstallation" pages display only the selected agents.
Issue
Hotfix 5194
(SEG-31333)
A process stops responding while starting up when DLP API hooking events logs are enabled.
Solution
The hotfix resolves the issue by adding non-interested Microsoft™ Windows™ processes into the API hooking approved list.
Issue
Hotfix 5202
(SEG-33648)
Users cannot add a Firewall Profile with the "Logon name" criterion on the OfficeScan web console.
Solution
This hotfix enables users to add Firewall Profiles with the "Logon name" criterion.
Issue
Hotfix 5202
(SEG-34165)
The "RelayClientGetHotfixFrom" setting in OfficeScan agents always indicate "HTTP" even when update agents communicate with other OfficeScan agents by HTTPS.
Solution
This hotfix ensures that the "RelayClientGetHotfixFrom" registry key always indicates the correct setting.
Issue
Hotfix 5202
(SEG-32040)
Device Control cannot block iPhones on Microsoft™ Windows™ 10 RS3 and any higher version.
Solution
This hotfix updates the OfficeScan Data Loss Prevention™ (DLP) module to enable Device Control to block iPhones on Windows 10 RS3 and any higher version.
Issue
Hotfix 5202
(SEG-32288)
The OfficeScan Predictive Machine Learning feature does not use anonymous information when sending threat information queries to the Trend Micro Backend Machine Learning Service and the Behavior Monitoring feature may share non-anonymous threat information with the Trend Micro Smart Protection Network (SPN).
Solution
This hotfix updates the OfficeScan agent program and the Behavior Monitoring module to resolve this issue.
Issue
Hotfix 5202
(SEG-32490)
Copying files from a shared folder to a USB flash drive may generate multiple copies of forensic data in the DLP forensic quarantine folder which may eventually take up too much disk space in both the OfficeScan server and client computers.
Solution
This hotfix updates DLP Endpoint SDK 6.2 to add a log throttling feature to help prevent the issue from occurring.
Procedure
To enable the log throttling feature:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Configure" section, manually add the "log_throttle" key and set its value to "true".
- [Configure]
- log_throttle=true
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Agent Management > Select domains or agents > Settings > DLP settings" screen.
- Click "Save" to deploy the setting to agents". The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- log_throttle=true
- Restart the OfficeScan agents.
Issue
Hotfix 5221
(SEG-33508)
An issue related to the OfficeScan Behavior Monitoring feature may prevent protected computers from accessing remote folders.
Solution
This hotfix updates the Behavior Monitoring module and enables users to configure the feature to skip file events related to "desktop.ini" and remote directories to help resolve the issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "AegisSkipDesktopINI" key and "AegisSkipRemoteDirectory" key and set both to "1".
- [Global Setting]
- AegisSkipDesktopINI=1
- AegisSkipRemoteDirectory=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipDesktopINI
- Key: SkipRemoteDirectory
- Type: DWORD
- Value: 1
- Restart the OfficeScan agent
Issue
Hotfix 5221
(SEG-34473)
Microsoft™ Internet Explorer™ (IE) stops unexpectedly because of a Browser Exploit Prevention memory allocation failure when users browse files through a 3rd-party web application.
Solution
This hotfix updates the Browser Exploit Prevention module (version 9.2.2066) to prevent it from stopping unexpectedly when it encounters issues while allocating memory.
Issue
Hotfix 5221
(SEG-27901)
The OfficeScan Data Loss Prevention™ (DLP) module cannot block users from uploading file attachments in Gmail on Mozilla(R) Firefox(R).
Solution
This hotfix updates the DLP module to enable it to block the upload of file attachments in Gmail on Firefox.
Issue
Hotfix 5221
(SEG-31609)
The OfficeScan DLP module still monitors non-monitored domain email messages.
Solution
This hotfix ensures that the DLP module skips non-monitored domain email messages.
Issue
Hotfix 5221
(SEG-34167)
On the OfficeScan web console, the tooltips in the "Behavior Monitoring Settings" under the "Global Agent Settings" may confuse users.
Solution
This hotfix updates the tooltips to prevent confusion.
Before:
"For "newly encountered program" handling, the maximum prompt timer is 25 seconds. If the timer is set to a value greater than 25 seconds, the newly encountered program prompt defaults to 25. For normal Behavior Monitoring program access, the configured time is used."
After:
"For "newly encountered program" handling, the maximum prompt timer is 25 seconds, If the timer is set to a value greater than 25 seconds, the newly encountered program prompt defaults to 25. For "Ask when necessary" action of "Event Monitor" handling, the configured time is used."
Issue
Hotfix 5221
(SEG-33615)
Endpoints may stop unexpectedly or experience a blue screen of death (BSOD) while accessing Microsoft Excel files when DLP is enabled on the OfficeScan agent.
Solution
This hotfix updates the Data Protection module to resolve this issue.
Issue
Hotfix 5221
(SEG-30856)
OfficeScan still receives false positive C&C callback alerts for IP addresses that have been added into the Network Content Inspection Engine (NCIE) approved list.
Solution
This hotfix resolves this issue by enabling users to create a list of IP addresses exempted from C&C callback alerts.
Procedure
To create a list and add IP addresses to the C&C callback alert exception list:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "INI_STANDARD_ALERT_CCCA_SECTION" section, add IP address in the following format:
- [INI_STANDARD_ALERT_CCCA_SECTION]
- Skip_CCCA_Addr_Count=5 (the total number of IP addreses on the list)
- Skip_CCCA_Addr_1=xx.xx.xx.xx
- Skip_CCCA_Addr_2=xx.xx.xx.xx
- Skip_CCCA_Addr_3=xx.xx.xx.xx
- Skip_CCCA_Addr_4=xx.xx.xx.xx
- Skip_CCCA_Addr_5=xx.xx.xx.xx
- Save the changes and close the file.
- Restart the OfficeScan Master Service.
Issue
Hotfix 5221
(SEG-33598)
In certain non-English versions of the OfficeScan web console, clicking on the "Web Reputation" link under the known threats section in the "Overall Threat Detections and Policy Violations" widget opens a blank browser window.
Solution
This hotfix updates the OfficeScan server files to ensure that the information can be displayed normally.
Issue
Hotfix 5221
(SEG-31178)
A deployment cache error may cause the Trend Micro Control Manager™ server to display inaccurate OfficeScan agent policy deployment status.
Solution
This hotfix updates the policy cache handler in the policy cache to ensure that the most updated policy deployment status appears on the Control Manager console.
Issue
Hotfix 5221
(SEG-34904)
OfficeScan agents block the Think-cell application used in the Microsoft Powerpoint and Excel when the User Mode Hooking (UMH) function enabled.
Solution
This hotfix updates the OfficeScan UMH module to resolve this issue.
Issue
Hotfix 5221
(SEG-34810)
The OfficeScan server cannot apply a Control Manager policy if the policy settings contain any UTF-8 character.
Solution
This hotfix enables the OfficeScan server to handle UTF-8 strings in Control Manager policies to resolve the issue.
Issue
Hotfix 5221
(SEG-34625)
Users encounter the "Unable to establish connection. Verify the connection settings and try again." error message after specifying an Active Directory (AD) domain password that contains a plus sign "+" in "Administration > Active Directory > Active Directory Integration > Specify Domain Credential > Input Domain Credential > Save and Synchronize" on the OfficeScan web console.
Solution
This hotfix updates the OfficeScan server file to resolve the issue.
Issue
Hotfix 5221
(SEG-33179)
The Threat Type of Security Risk Detections Over Time widget displays inaccurate information after users click on an item if the web console time zone is set to any time zone west of GMT.
Solution
This hotfix resolves this issue by enabling the widget to use the local time zone to calculate the starting time stamp of "00:00" when exporting the database.
Issue
Hotfix 5221
(SEG-35114)
After applying Hotfix 5186/5194/5202, certain OfficeScan processes may stop unexpectedly under certain scenarios.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Procedure
To configure the OfficeScan agent to skip AD synchronization during updates before applying this hotfix:
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- DisableUserBasedDC=1
- Save the changes and close the file.
- Install this hotfix (see "Installation").
- Trigger agent update.
- Ensure all agent are upgraded to 5221 version.
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, locate the following key and set its value to "0".
- [Global Setting]
- DisableUserBasedDC=0
- Save the changes and close the file.
Enhancement
Hotfix 5221
(SEG-34133)
This hotfix enables OfficeScan to check if the following DLP PE files contain the Trend Micro Signature.
- dsagent.exe
- dbghelp.dll
- dten600.dll (x86 platform)
- dtengine64.dll (x64 platform)
- icudt48.dll
- icuin48.dll
- icuuc48.dll
- Microsoft Kernel-Mode Driver Framework Install-v1.9-Vista.msu
- Microsoft Kernel-Mode Driver Framework Install-v1.9-Win2k-WinXP-Win2k3.exe
- Microsoft User-Mode Driver Framework Install-v1.9-Vista.msu
- Microsoft User-Mode Driver Framework Install-v1.9-WinXP-Srv03.exe
- msvcm80.dll
- msvcp80.dll
- msvcr80.dll
- WinUSB.exe
- WinUSB_1.9.msu
Issue
Hotfix 5225
(SEG-31399)
After the OfficeScanNT Real-time Scan ("Ntrtscan.exe") service restarts, it scans folders in the exclusion list.
Solution
This hotfix updates the OfficeScanNT Real-time Scan ("Ntrtscan.exe") service to ensure that it skips folders and files in the exclusion list.
Issue
Hotfix 5225
(SEG-33051)
After an OfficeScan agent computer shuts down, its connection status on the OfficeScan web console remains as "Online" instead of automatically changing to "Offline". This happens because an agent computer may not be able to report its status to the OfficeScan server when it shuts down too fast.
Solution
This hotfix updates the OfficeScan agent program to ensure that the agent status on the OfficeScan web console is updated promptly after the agent computer shuts down.
Issue
Hotfix 5225
(SEG-33331)
OfficeScan agent computers may experience blue screen of death (BSOD) while running the IBM ClearCase third-party program when Trend Micro Data Loss Prevention™ (DLP) is enabled.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5225
(SEG-33396)
The DLP module cannot detect sensitive keywords that were specified using XML escape characters, for example &, <, >, followed by spaces in the Keyword List of Data Identifier.
Solution
This hotfix updates the DLP module to ensure that it can catch these sensitive keywords normally.
Issue
Hotfix 5225
(SEG-35771)
The OfficeScan server may hang because there are too many "cgiOnScan.exe" processes almost running at the same time. This situation occurs when the schedule scan runs on many OfficeScan agents.
Solution
The hotfix resolves this issue by adding a random waiting time function for OfficeScan agents while calling the "cgiOnScan.exe" function.
Issue
Hotfix 5225
(SEG-33081)
A DLP Endpoint SDK hotfix may not be deployed to OfficeScan XG Service Pack 1 agents properly when the "EnforceAuSign" setting is enabled.
Solution
This hotfix updates the hotfix patch mechanism and the OfficeScan agent program to ensure that hotfixes are deployed successfully to OfficeScan XG Service Pack 1 agents when the "EnforceAuSign" setting is enabled.
Enhancement
Hotfix 5225
(SEG-29275)
This hotfix enables users to configure customized update source lists by sending a command from Trend Micro Control Manager™ to a managed OfficeScan server. The customized update source list can be applied to all agents under the OfficeScan server.
NOTE: You need to apply Control Manager Hotfix 2964 to enable Control Manager to support this feature.
Issue
Hotfix 5229
(SEG-33038)
When the "PrivilegeContolSetting" global setting is enabled on an OfficeScan agent, users cannot delete files from some folders, for example "FLog/HLog/Suspect", because of insufficient permissions.
Solution
This hotfix resolves this issue by giving users the required read and write permissions for the "FLog/HLog/Suspect" folders when "PrivilegeContolSetting" is enabled.
Issue
Hotfix 5229
(SEG-31091)
Issues related to the OfficeScan Behavior Monitoring feature may prevent users from accessing network drives and cause Microsoft™ Outlook™ to stop responding.
Solution
This hotfix resolves the issues by updating the Behavior Monitoring module and enabling users to configure certain settings in the registry.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following three keys and set all to "1".
- [Global Setting]
- AegisSkipDesktopINI=1
- AegisSkipRemoteDirectory=1
- AegisSkipRemoteDirectoryByPath=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipDesktopINI
- Key: SkipRemoteDirectory
- Key: SkipRemoteDirectoryByPath
- Type: DWORD
- Value: 1
- Restart the OfficeScan agent
Issue
Hotfix 5229
(SEG-34837)
On the Trend Micro Control Manager™ console, the value on the "Pattern/Rule Version" field in Virus/Malware information grid table reports is always "0".
Solution
This hotfix resolves the issue to ensure that Virus/Malware information grid table reports on the Control Manager console display accurate "Pattern/Rule Version" information.
Issue
Hotfix 5239
(SEG-32940)
When the server migration tool imports settings from OfficeScan 11 to OfficeScan XG Service Pack 1, the Behavior Monitoring settings of the root/domain level are not migrated successfully.
Solution
This hotfix resolves the issue by ensuring that the server migration tool retrieves the Behavior Monitoring settings of the root/domain level from the correct configuration file (ofcscan.ini).
Issue
Hotfix 5239
(SEG-33922)
In Microsoft™ Windows™ 10, the "Windows Security and Maintenance" page indicates that the "Trend Micro Personal Firewall" is "Off" after the Trend Micro NT Firewall Service has been removed manually.
Solution
This hotfix updates the OfficeScan NT Listener service ("TmListen.exe") to ensure that the "Trend Micro Personal Firewall" no longer appears on the "Windows Security and Maintenance" page when it has been removed.
Procedure
To configure OfficeScan to automatically remove "Trend Micro Personal Firewall" from the "Windows Security and Maintenance" page after the Trend Micro NT Firewall Service is removed:
- Install this hotfix (see "Installation") with Trend Micro NT Firewall Service enabled.
- Check if the "TrendMicro Personal Firewall" is "On" in "Windows Security and Maintenance".
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set each value to "1".
- [Global Setting]
- RmvPFWbyCommand=1
- RmvPFWifSSPFWDisabled=1
- RmvPFWifDisabled=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
- Key: RmvPFWbyCommand=1
- Key: RmvPFWifSSPFWDisabled=1
- Key: RmvPFWifDisabled=1
- Type: DWORD
- Value: 1
- On the OfficeScan web console, go to "Administration > Settings > Product License > Additional Services".
- Under "Additional Services", click the "Disable" button to stop the firewall service.
- Wait for the agent to reload automatically on the client and check that the "TrendMicro Personal Firewall" entry does not appear in "Windows Security and Maintenance".
Issue
Hotfix 5239
(SEG-35872)
The information in the "action" column on Data Loss Prevention™ (DLP) logs in OfficeScan is not consistent with the corresponding information in the DLP logs on Trend Micro Control Manager™.
Solution
This hotfix resolves the issue by modifying the wording in the "action" column in DLP logs on both the OfficeScan server and agents.
Issue
Hotfix 5239
(SEG-35951)
Regular expressions that contain a newline delimiter in a DLP policy do not work.
Solution
The hotfix updates the DLP module to resolve the issue.
Issue
Hotfix 5239
(SEG-34341)
The Data Loss Prevention™ (DLP) module does not work properly when the DLP policy is configured with multiple DLP templates.
Solution
This hotfix updates the DLP module to ensure that it works normally when the DLP policy has multiple DLP templates.
Enhancement
Hotfix 5239
(SEG-30843)
This hotfix updates the OfficeScan server files to speed up the performance of the OfficeScan web console in running an Advanced Search when there is a large number of multi-layered domains.
Procedure
To improve the OfficeScan web console Advanced Search performance:
- Install this hotfix (see "Installation").
- Open the "ofcserver.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "INI_DBE_ENGINE_SECTION" section, manually add the following key and set it to "1":
- [INI_DBE_ENGINE_SECTION]
- UpAdvancedSearch=1
- Save the changes and close the file.
- Restart the OfficeScan Master Service
Enhancement
Hotfix 5239
(SEG-36300)
This hotfix enables OfficeScan to send the Data Protection Status on the agent management tree to the Control Manager server and allows the Control Manager server to query the Data Protection Status in Product Status logs to ensure that the information is consistent at both ends.
NOTE: This feature also requires the installation of a corresponding Control Manager hotfix.
Enhancement
Hotfix 5239
(SEG-33760)
This hotfix updates the DLP module to support the new Gmail interface.
Issue
Critical Patch 5261
(SEG-37086)
If an OfficeScan agent endpoint machine uses EAP-TLS authentication to connect to the network but does not specify a certificate for EAP-TLS authentication, its operating system may refer to the ofcsslagent certificate instead of the certificate for Radius verification. When this happens, the OfficeScan agent endpoint will not be able to connect to the network.
Solution
This critical patch updates the OfficeScan agent program and moves the ofcsslagent certificate from the "Personal" folder to the "OfficeScan SSL Agent" folder to resolve this issue.
Issue
Critical Patch 5261
(SEG-37386)
OfficeScan agents may experience a performance issue if a query to the Certified Safe Software Service is unsuccessful.
Solution
This critical patch updates Behavior Monitoring to limit the number of queries sent to the Certified Safe Software Service. If Behavior Monitoring is unable to successfully query the Certified Safe Software Service 5 times, the query is queued for 180 seconds to reduce the performance impact.
Procedure
To configure the maximum number of unsuccessful queries and the amount of time the query stays in the queue:
- Install this critical patch (see "Installation").
- Unload the OfficeScan agent.
- Add and modify the following keys to change the default values:
- \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS\
- NFCSuspFailCnt=dword:00000010; maximum number of failed attempts
- NFCSuspPeriod=dword:00000001; amount of time the query stays in the queue NOTE: The settings above means that if a query to the Certified Safe Software Service has been unsuccessful ten consecutive times, Behavior Monitoring will ignore the query for one second.
- Reload the OfficeScan agent.
Enhancement
Critical Patch 5261
(SEG-38464)
This critical patch enables the OfficeScan XG Service Pack 1 agent program to support Microsoft™ Windows™ 10 (version 1809) October 2018 Update.
Issue
Hotfix 5272
(SEG-36453)
Trend Micro Control Manager™ cannot deploy component updates to the OfficeScan server successfully, because the OfficeScan Control Manager Agent (CMAgent) service starts before the OfficeScan Master Service can start completely.
Solution
This hotfix changes the startup type of the OfficeScan CMAgent service to "Automatic (Delayed Start)" to resolve this issue.
Issue
Hotfix 5272
(SEG-35076)
The OfficeScan agent icon disappears from the system tray because the OfficeScan Monitor (PccNTMon.exe) module did not start properly.
Solution
This hotfix updates the Behavior Monitoring module to prevent the OfficeScan client self-protection feature from blocking "explorer.exe", "svchost.exe" and "runonce.exe".
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "AegisDetectPccntmonLaunching" key and set its value to "1".
- [Global Setting]
- AegisDetectPccntmonLaunching=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: DetectPccntmonLaunching
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
Issue
Hotfix 5272
(SEG-37664)
The timestamp on the "Last Spyware Scan (Manual)" column in the "Agent Management" page is not updated after OfficeScan runs a manual scan on an agent computer.
Solution
This hotfix updates the OfficeScan server files to ensure that the timestamp on the "Last Spyware Scan (Manual)" column is updated promptly after a manual scan.
Issue
Hotfix 5272
(SEG-39618), (SEG-37781)
The update source for the Integrated Smart Protection Server is automatically set to "Trend Micro Control Manager" when users view the "Control Manager" settings page.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5272
(SEG-36364)
Data Loss Prevention™ (DLP) Service cannot be installed successfully after the operating system restarts.
Solution
This hotfix resolves the issue by updating the DLP Endpoint SDK 6.2 module.
Issue
Hotfix 5272
(SEG-37476)
OfficeScan agents may stop unexpectedly or encounter blue screen of death (BSOD) when the Behavior Monitoring feature is enabled.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 5272
(SEG-36069)
"Assessment > Unmanaged Endpoints" query results do not list down endpoints in any Active Domain subdomain.
Solution
This hotfix updates the "osp_cb_dbAD_GetSelectedManagementScope" stored procedure to ensure that all relevant endpoints appear in "Unmanaged Endpoints" query results.
Issue
Hotfix 5272
(SEG-36619)
Users cannot Single Sign-on (SSO) to the OfficeScan web console from Control Manager because "isapiClient.dll" stops unexpectedly during the process.
Solution
This hotfix enables OfficeScan to verify the data to ensure that it does not attempt to convert null data during wildcard string conversion.
Issue
Hotfix 5272
(SEG-38700)
The "HLog" folder disappeared from OfficeScan agent installation folder which prevents the TmListen service from creating the "HLog\Cgi" folder during startup.
Solution
This hotfix updates "TmLIsten.exe" to enable it to create the "HLog" folder before creating the "HLog\Cgi" folder.
Issue
Hotfix 5272
(SEG-35218)
OfficeScan still receives false positive C&C callback alerts for IP addresses that have been added into the Network Content Inspection Engine (NCIE) approved list.
Solution
This hotfix adds a checking mechanism that allows OfficeScan to ignore skipped C&C callback for outbreak notifications.
Issue
Hotfix 5272
(SEG-38092)
An issue prevents OfficeScan from detecting virus in files and folders on Linux™ format USB devices driven by third-party software and mounted as a disk on Microsoft™ Windows™.
Solution
This hotfix provides a way to enable the third-party tool to be full by-the-book on file attribute to solve this issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- ScanZeroAttributeFile=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Manual Scan Configuration
- Key: ScanZeroAttributeFile=1
- Type: DWORD
- Value: 1
Issue
Hotfix 5272
(SEG-32652)
When Trend Micro Vulnerability Scanner (TMVS) Schedule Scan searches for unprotected computers, the OfficeScan client status of computers where the OfficeScan agent is installed is marked as "Not installed" in the results. This happens because the SSL checkbox setting under the scheduled scan settings is not saved properly.
Solution
This hotfix resolves the issue by ensuring that the SSL checkbox setting is saved successfully.
Issue
Hotfix 5272
(SEG-35902)
The OfficeScan agent port does not respond normally after users run a vulnerability diagnosis using a third-party software on the agent computer.
Solution
This hotfix updates the OfficeScan agent module and provides a way for users to configure OfficeScan to use the queue length limit in Windows instead of the default value in OfficeScan.
Procedure
To configure OfficeScan to use the queue length limit in Windows:
- Install this hotfix (see "Installation").
- Open the "apricot_config.xml" file in the "\PCCSRV\Pccnt\Common" folder on the OfficeScan server.
- Under the "<server_max_queue_length>5000</server_max_queue_length>", manually add the following tag and set its value to "0":
- <server_max_queue_mode>y</server_max_queue_mode>
- 0, Use the maximum queue length from Windows (Do not use <server_max_queue_length>)
- 1, Use the default maximum queue length for the server
- Modify the "<log_level>40000</log_level> to "<log_level>0</log_level>" to enable and display all the Apricot logs.
- Save the changes and close the file.
- Wait for the OfficeScan agent reload to complete the update.
NOTES:
- If the agent does not reload automatically, please unload and reload agent manually.
- To verify and ensure functionality:
- Open OfficeScan web console and go to the "Agents > Connection Verification" and click "Verify Now".
- Open the "apricot.log" file in OfficeScan client folder on the agent computer. The following Apricot log must be recorded:
[Apricot::CWinHTTPHandler::CallbackRequest]QueueLengthMode: 0or[Apricot::CWinHTTPHandler::CallbackRequest]QueueLengthMode: 1
Issue
Hotfix 5272
(SEG-38748)
Some un-used dialog boxes for the PccNtMon service are pushed to the foreground when the OfficeScan agent computer restarts.
Solution
This hotfix resolves the issue by updating the OfficeScan agent program.
Issue
Hotfix 5272
(SEG-36654)
Mobile Devices monitored by DLP may block the connection to the Cisco AnyConnect Network Adapter.
Solution
This hotfix updates DLP Endpoint SDK 6.2 to prevent this issue.
Issue
Hotfix 5272
(SEG-39246)
Scheduled Scan is triggered unexpectedly when OfficeScan detects the Google Drive File Stream desktop application on an agent computer.
Solution
This hotfix updates the OfficeScan agent program to ensure that scheduled scan works normally on agent computers.
Issue
Hotfix 5272
(SEG-35122)
OfficeScan agents cannot download pattern files from the OfficeScan server normally because the agents are identified as individual agents and are made to connect to the Update Agent (UA).
Solution
This hotfix updates the OfficeScan NT Listener service ("TmListen.exe") to ensure that OfficeScan agents can retrieve pattern files directly from the OfficeScan server.
Issue
Hotfix 5272
(SEG-36907)
An exception error triggers the OfficeScan Master Service to stop unexpectedly while querying the Ransomware Logs of the Ransomware Widget from the OfficeScan web console.
Solution
This hotfix updates the OfficeScan server program to resolve the issue.
Issue
Hotfix 5272
(SEG-37350)
The "Scans Network Drive" feature of Manual Scan may not work properly on OfficeScan agent computers.
Solution
This hotfix updates the OfficeScan agent program to make sure Manual Scan can scan network drives and folders mapped to OfficeScan agent endpoints.
Issue
Hotfix 5272
(SEG-34800), (SEG-39742)
Trend Micro Unauthorized Change Prevention Service may stop unexpectedly while accessing Adobe Acrobat/Reader on Windows 10 agent computers. When this happens, Adobe Acrobat/Reader also stops unexpectedly.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 5272
(SEG-37749)
The "file extensions" field under the "File Attributes DLP identifier" section does not accept entries that contain an underscore "_".
Solution
This hotfix updates the DLP module to enable the "file extensions" field to support the underscore character "_".
Issue
Hotfix 5272
(SEG-39747)
The Trend Micro Common Module (EYES) may cause a high CPU usage issue on protected computers.
Solution
This hotfix updates the Trend Micro Common Module to prevent the high CPU usage issue.
Issue
Hotfix 5272
(SEG-37052)
OfficeScan 10.6 Service Pack 2 Hotfix Build 3435 allows OfficeScan servers to deploy the "NTRtScanInitSleep" key globally to all OfficeScan agents. However, when a user manually configures the "NTRtScanInitSleep" key on a specific agent, the "NTRtScanInitSleep" setting reverts to "0" automatically once the "NTRtScanInitSleep" key is deployed globally from the OfficeScan server.
Solution
This hotfix updates the OfficeScan agent program to ensure that the "NTRtScanInitSleep" setting in agents that have been manually configured will remain the same after the server deploys the setting globally.
Issue
Hotfix 5272
(SEG-39772)
The OfficeScan server may not be able to apply Control Manager policies to OfficeScan agents if there is a large amount of OfficeScan agents. When this happens, it will show the policy is in "Pending" status in the Policy Management page of the Control Manager web console.
Solution
This hotfix updates the OfficeScan server program to ensure that OfficeScan servers apply Control Manager policies normally.
Enhancement
Hotfix 5272
(SEG-34355)
This hotfix enables users to configure OfficeScan to send notifications to administrators after automatically removing inactive agents.
Procedure
To configure the notifications for when OfficeScan removes inactive agents:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor.
- Manually add the "[INI_STANDARD_ALERT_CLIENT_PURGE_SECTION]" section.
- [INI_STANDARD_ALERT_CLIENT_PURGE_SECTION]
- Std_Alert_Enable_SMTP=1; Enable notification by email, 0; Disable notification by email
- Std_Alert_Enable_SMTP_RBA=1; Send notifications to users with agent tree domain permissions, 0; Do not send notifications to users with agent tree domain permissions
- Std_Alert_SMTP_Send_To= Email address(es) of recipients separated by a comma
- Std_Alert_SMTP_Subject=Inactive Agent Purged
- Std_Alert_SMTP_Message=Purged Endpoint: %COMPUTER%\nIP Address: %IP%\nGUID: %GUID%\nDomain: %DOMAIN%\nInactive Since: %DATETIME%\n
- Std_Alert_Enable_NTEvent=1; Enable notification by NT Event Log, 0; Disable notification by NT Event Log
- Std_Alert_NTEvent_Message=Inactive Agent Purged\nPurged Endpoint: %COMPUTER%\nIP Address: %IP%\nGUID: %GUID%\nDomain: %DOMAIN%\nInactive Since: %DATETIME%\n
- Std_Alert_Enable_SNMP=1; Enable notification by SNMP trap, 0; Disable notification by SNMP trap
- Std_Alert_SNMP_Message=Inactive Agent Purged\nPurged Endpoint: %COMPUTER%\nIP Address: %IP%\nGUID: %GUID%\nDomain: %DOMAIN%\nInactive Since: %DATETIME%\n
For example:
- [INI_STANDARD_ALERT_CLIENT_PURGE_SECTION]
- Std_Alert_Enable_SMTP=1
- Std_Alert_Enable_SMTP_RBA=1
- Std_Alert_SMTP_Send_To=test@trendmicro.com
- Std_Alert_SMTP_Subject=Inactive Agent Purged
- Std_Alert_SMTP_Message=Purged Endpoint: %COMPUTER%\nIP Address: %IP%\nGUID: %GUID%\nDomain: %DOMAIN%\nInactive Since: %DATETIME%\n
- Std_Alert_Enable_NTEvent=1
- Std_Alert_NTEvent_Message=Inactive Agent Purged\nPurged Endpoint: %COMPUTER%\nIP Address: %IP%\nGUID: %GUID%\nDomain: %DOMAIN%\nInactive Since: %DATETIME%\n
- Std_Alert_Enable_SNMP=1
- Std_Alert_SNMP_Message=Inactive Agent Purged\nPurged Endpoint: %COMPUTER%\nIP Address: %IP%\nGUID: %GUID%\nDomain: %DOMAIN%\nInactive Since: %DATETIME%\n
NOTE: Token variables for removing inactive agents notification
- %COMPUTER%: Target agent that been removed
- %IP%: IP address of the targeted agent that been removed
- %GUID%: GUID of the targeted agent that been removed
- %DOMAIN%: Tree domain of the targeted agent that been removed
- %DATETIME%: Since when the targeted agent that been removed is inactive
Enhancement
Hotfix 5272
(SEG-39089)
This hotfix enables the OfficeScan XG Service Pack 1 Software-as-a-Service (SaaS) feature to support the APEX One all-in-one activation code (AC) key.
Issue
Hotfix 5275
(SEG-39018)
A large number of "SECURITY_PRODUCT_STATE_ON" Windows Event Logs are generated on Windows 10 RS3 computers.
Solution
This hotfix updates the conditions for Windows Security Center un-registration to help prevent too many "SECURITY_PRODUCT_STATE_ON" Windows Event Logs.
Issue
Hotfix 5275
(SEG-36214)
The Data Loss Prevention™ (DLP) feature does not block the file transmission from Skype for Business.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5275
(SEG-40440)
The OfficeScan server may send invalid date records to Trend Micro Control Manager™.
Solution
This hotfix updates the OfficeScan server program and SQL package to resolve the issue.
Issue
Hotfix 5280
(SEG-37610)
In a closed network, Ntrtscan.exe stops unexpectedly after the OfficeScan NT RealTime Scan service starts.
Solution
This hotfix resolves the issue by enabling OfficeScan to check the value of the "LocalScanServerAddress" key under [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iCRC Scan\Scan Server] and to skip iCRC handler initialization if the value is valid.
Issue
Hotfix 5280
(SEG-37153)
The OfficeScan agent status becomes offline because the status is checked every 50 hours.
Solution
This hotfix resolves the issue by enabling OfficeScan to update the agent status hourly.
Issue
Hotfix 5280
(SEG-39321)
The OfficeScan Master Service stops unexpectedly while the OfficeScan server parses the spyware log initialization file if it encounters a user login name that exceeds the default limit.
Solution
This hotfix updates the OfficeScan Master Service to resolve this issue.
Issue
Hotfix 5280
(SEG-39062)
The OfficeScan Data Loss Prevention™ (DLP) module does not work in Google Chrome with HTTPS.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5280
(SEG-32248)
A compatibility issue between the ClickOnce application and the OfficeScan Behavior Monitoring feature may slow down the ClickOnce application log on process.
Solution
This hotfix updates the Behavior Monitoring module to prevent the issue.
Issue
Hotfix 5280
(SEG-36727)
OfficeScan agents that update domain settings from the Update Agent cannot be isolated from the network through the Trend Micro Control Manager™ console.
Solution
This hotfix enables these OfficeScan agents to retrieve their individual settings from the OfficeScan server to ensure that these agents can be isolated successfully through the Control Manager console.
Issue
Hotfix 5280
(SEG-41293)
Users cannot change the default date format of the OfficeScan server and agent consoles to "DD/MM/YYYY".
Solution
This hotfix updates the OfficeScan agent program to ensure that users can change the default date format of the OfficeScan server and agent consoles to "DD/MM/YYYY".
Issue
Hotfix 5280
(SEG-41327)
The "Administration > Account Management > User Accounts" page of the OfficeScan web console is blank.
Solution
This hotfix resolves an issue related to internal data buffer handling to ensure that the "User Accounts" page displays information normally.
Issue
Hotfix 5280
(SEG-35357)
An issue prevents the DLP services from detecting when files from a ZIP file are being copied and burned to a CD or DVD.
Solution
This hotfix resolves the issue so that DLP can detect and block these events.
Issue
Hotfix 5280
(SEG-37474)
When the Behavior Monitoring module is enabled, users cannot save Microsoft™ Office™ files in the "Documents" folder that is synchronized with the mapped drive "Z:\" and are prompted that the path does not exist.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 5280
(SEG-37056)
Protected computers stop responding when certain third-party processes send out queries but do not respond when the Behavior Monitoring feature attempts to retrieve the file information.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Issue
Hotfix 5280
(SEG-37255)
When users sync specific pptx files to the cloud in Evernote, the DLP module generates a large number of unnecessary temp files which fill up the disk space.
Solution
The hotfix resolves the issue by adding Evernote for Desktop to the DLP module's approved list.
Enhancement
Hotfix 5281
(SEG-39967)
This hotfix updates the OfficsScan Server Files to support a maximum limit of 30 characters for file extensions in the "Scan Settings" function.
Issue
Critical Patch 5294
(SEG-40849)
The following NT Event Log is generated when an OfficeScan agent computer shuts down or restarts.
Event ID: 7043
Level: Error
Message: The OfficeScan NT Listener service did not shut down properly after receiving a preshutdown control.
Solution
This critical patch updates OfficeScan agent program to resolve the problem.
Issue
Critical Patch 5294
(SEG-38313)
It may take up to 15 minutes to log on to Microsoft™ Windows™ when Data Loss Prevention™ (DLP) is enabled.
Solution
This critical patch allows users to disable the digital signature check during the process launch to help prevent the performance issue.
Procedure
To disable the digital signature check during the process launch:
- Install this critical patch (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add following setting:
- [Configure]
- SKIP_PROC_LAUNCH_SIGN_CHECK = true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents.
- The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- SKIP_PROC_LAUNCH_SIGN_CHECK = true
Issue
Critical Patch 5294
(SEG-41167)
The digital signature of Data Loss Prevention™ (DLP) module is incomplete.
Solution
This critical patch updates the DLP module with the complete digital signature.
Issue
Critical Patch 5294
(SEG-35608)
Exported violation logs do not contain the serial numbers of blocked mobile devices.
Solution
This critical patch updates the DLP module to ensure that the logs contain the serial numbers of blocked mobile devices.
Issue
Critical Patch 5294
(SEG-40917)
An issue prevents the Data Loss Prevention™ (DLP) module from monitoring the Gmail traffic properly in Microsoft Internet Explorer™ 11 on the Windows 7 platform.
Solution
This critical patch resolves the issue by updating the DLP module to enhance the protocol compatibility when parsing Gmail traffic.
Issue
Critical Patch 5294
(SEG-42347)
The "InstDate" and "InstTime" registry keys on the OfficeScan agent registry are blank.
Solution
This critical patch updates OfficeScan agent program to ensure that the registry keys are set properly on OfficeScan agents.
Issue
Critical Patch 5294
(SEG-42619)
The "Agent Management" page of the OfficeScan web console takes a long time to load and does not display any information.
Solution
This critical patch updates the OfficeScan server program to handle an exception so the "Agent Management" page displays normally.
Issue
Critical Patch 5294
(SEG-43248)
The OfficeScan Predictive Machine Learning feature may prevent users from saving Microsoft™ Office files normally.
Solution
This critical patch mitigates the probability of this issue by enabling OfficeScan to allow Office programs to run with deferred scanning by Predictive Machine Learning.
Enhancement
Critical Patch 5294
(SEG-42429)
This critical patch updates the OfficeScan server files to enable the OfficeScan server to receive response headers with empty Internet Information Server(IIS) version. This helps prevent "OfcEdgeAgent.exe" from stopping unexpectedly while registering or unregistering to the OfficeScan Edge Relay server.
Issue
Hotfix 5298
(SEG-34043)
Data Loss Prevention™ (DLP) blocks a CD when users attempt to launch a file from the CD.
Solution
This hotfix improves the process flow in the DLP module to prevent false positive alerts on file access events on CDs.
Issue
Hotfix 5298
(SEG-42431)
The OfficeScan server may not report the "Last Startup" information of OfficeScan agents to the registered Trend Micro Control Manager™ server.
Solution
This hotfix resolves the issue to ensure that the "Last Startup" information of OfficeScan agents are sent to the Control Manager server so the information appears on the Control Manager web console.
Enhancement
Hotfix 5298
(SEG-41668)
This hotfix updates Trend Micro Vulnerability Scanner (TMVS) to enable it to detect OfficeScan agents that use the HTTP protocol when scanning with the SSL option enabled.
Issue
Hotfix 5303
(SEG-43270)
The following obsolete warning message still appears in the Data Loss Prevention™ (DLP) section of the "Additional Setting" dialogue:
"WARNING: Enabling or disabling the Data Protection service temporarily disconnects endpoints from the network. Ensure that you change the settings only during non-critical hours to minimize connection disruptions."
Solution
This hotfix updates the OfficeScan server files to remove the warning from the dialogue.
Issue
Hotfix 5303
(SEG-41004)
The status information, for example, the "File Reputation Services URL" of the off-premise agents on the "Agent Management" page of the web console do not match the information on the agent console.
Solution
This hotfix updates the OfficeScan agent program to ensure that the information on the web console matches the information on the agent console.
Enhancement
Hotfix 5303
(SEG-40670)
OfficeScan Agent Platform Support - This Hotfix enables the OfficeScan agent program to support Microsoft™ Windows™ Server 2019.
Issue
Hotfix 5309
(SEG-41821)
An issue prevents the OfficeScan Data Loss Prevention™ (DLP) module from retrieving the serial number of portable hard disks.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5309
(SEG-41619)
Changes in the Update Agent Settings cannot be saved using an account role with "View" and "Configure" permissions.
Solution
This hotfix updates the role-based access (RBA) permission to solve this issue.
Issue
Hotfix 5309
(SEG-32754)
In a large Active Domain environment, the defined scope for unmanaged endpoints is not stored after Active Domain synchronization.
Solution
This hotfix updates certain SQL stored procedures to solve this issue.
Enhancement
Hotfix 5309
(SEG-40549)
This hotfix allows users to configure OfficeScan to generate an un-scanned files log during manual scans.
Procedure
To enable OfficeScan to generate an un-scanned file log during manual scans:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EnableManualScanUnscanFileLog = 1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- [On x64 system]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
- "EnableManualScanUnscanFileLog" = dword:00000001
- [On x86 system]
- [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
- "EnableManualScanUnscanFileLog" = dword:00000001
Issue
Hotfix 5312
(VRTS-3017)
The OfficeScan web console may be vulnerable to a storage Cross-site Scripting (XSS) attack when users add or modify agent domain names using cross-site scripts.
Solution
This hotfix updates the OfficeScan server file to resolve the vulnerability.
Issue
Hotfix 5312
(SEG-44679)
It may take a long time to log on to OfficeScan agent computers after start up.
Solution
This hotfix allows users to set the following three drivers that are related to the Virus Scan Engine to "on-demand start" on the OfficeScan agent:
- TmFilter.sys
- TmPreFilter.sys
- VSApiNt.sys
Procedure
To set the three drivers related to Virus Scan Engine to "on-demand start" on OfficeScan agents:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- VSAPIServiceStartOnDemand=1 NOTE: To disable the setting, set this key to "0". The three drivers will be set to the default action "automatic start".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and changes the following registry values from "2" (default) to "3" on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmFilter
- Key: Start
- Type: DWORD
- Value: 3
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TmPreFilter
- Key: Start
- Type: DWORD
- Value: 3
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSApiNt
- Key: Start
- Type: DWORD
- Value: 3
- Restart the OfficeScan agent computers.
Issue
Hotfix 5312
(SEG-42281)
The OfficeScan utility tool "VSEncode.exe" cannot decrypt multiple files.
Solution
This hotfix updates the OfficeScan utility tool to enable it to decrypt multiple files.
Issue
Hotfix 5312
(SEG-43662)
When endpoints with OfficeScan agents (integrated with Active Directory) resume from Sleep mode, the OfficeScan agents are moved to the "Default" domain and all policy settings are overwritten by the default policy.
Solution
This hotfix updates the OfficeScan NT Listener service ("TmListen.exe") to resolve this issue.
Enhancement
Hotfix 5312
(SEG-38669)
This hotfix moves the Device Control Notification settings to a different page on the OfficeScan web console for better visibility.
Enhancement
Hotfix 5312
(SEG-45121)
This hotfix removes a redundant slash (/) in the HTML file of the "Outbreak Prevention Settings" page.
Issue
Hotfix 5317
(VRTS-2441)
The "root" account in the OfficeScan web console can be deleted through a Cross-site Request Forgery (CSRF) attack.
Solution
This hotfix updates the OfficeScan server file to remove this vulnerability.
Issue
Hotfix 5317
(SEG-38523)
Garbled characters appear in SNMP messages in the Russian version of the OfficeScan web console.
Solution
This hotfix enables OfficeScan to encode SNMP messages in UTF-8 format to prevent this issue.
Issue
Hotfix 5317
(SEG-44734)
When users move an OfficeScan 11 agent to an OfficeScan XG Service Pack 1 server, the agent will not be able to update agent programs to version XG Service Pack 1 using the OfficeScan XG Service Pack 1 Update Agent.
Solution
This hotfix ensures that the OfficeScan XG Service Pack 1 Update Agent can download the agent update files from the OfficeScan XG Service Pack 1 server.
Enhancement
Hotfix 5317
(SEG-40493)
This hotfix enables the OfficeScan agent to skip a scheduled scan when the battery life of a protected computer is below the configured percentage.
Procedure
To configure the new setting:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EnableSkipScanWhenBatteryLow=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- [On x64 system]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
- "EnableSkipScanWhenBatteryLow" = dword:00000001
- [On x86 system]
- [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
- "EnableSkipScanWhenBatteryLow" = dword:00000001
Issue
Hotfix 5325
(SEG-36693)
OfficeScan cannot set the database backup path to a UNC path if the server computer's name has changed.
Solution
This hotfix resolves the issue by updating "OfcDBBackup.exe" to enable it to query the database backup account name using the server computer name.
Issue
Hotfix 5325
(SEG-40819)
An issue prevents users from sending out email messages while the OfficeScan Data Loss Prevention™ (DLP) service is running on agent computers.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5325
(SEG-46487)
OfficeScan agents that have been moved to another OfficeScan server through the "Administration > Settings > Agent Connection" page still appear on the source OfficeScan web console.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5325
(SEG-46697)
Inactive OfficeScan agents are not removed automatically when the automatic removal of inactive agents function is enabled.
Solution
This hotfix updates the OfficeScan server program to ensure that inactive agents are removed automatically when the function is enabled.
Issue
Hotfix 5325
(SEG-39217)
In certain environments, the Behavior Monitoring feature may add the "csrss.exe" file to the kernel exception later than expected which can then cause an interoperability issue that can trigger OfficeScan agent computers to stop unexpectedly.
Solution
This hotfix updates the Behavior Monitoring module and enables users to configure the Behavior Monitoring feature to add "csrss.exe" to the kernel exception earlier to prevent the interoperability issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "AegisAsyncCsrssEvent" key and set its value to "1".
- [Global Setting]
- AegisAsyncCsrssEvent=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: AsyncCsrssEvent
- Type: DWORD
- Value: 1
- Restart the OfficeScan agent
Issue
Critical Patch 5338
(VRTS-3005)
Cookie security is not enabled in the OfficeScan web console's HTTP response.
Solution
This critical patch updates the OfficeScan server files to ensure that cookie security is enabled in HTTP responses.
Issue
Critical Patch 5338
(VRTS-3171)
A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.
Solution
This critical patch updates the OfficeScan server program to remove the vulnerability.
Issue
Critical Patch 5338
(SEG-46708)
The OfficeScan agent domain name in the Trend Micro Control Manager™ server web console is not updated promptly after the information is changed on the OfficeScan web console.
Solution
This critical patch updates the OfficeScan server files to ensure that the OfficeScan agent domain name information on the Control Manager server web console is updated promptly after any changes in the information on the OfficeScan web console.
Issue
Critical Patch 5338
(SEG-46930)
An error that resulted from a previous action prevents the OfficeScan agent console from opening.
Solution
This critical patch updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5345
(SEG-43864)
An issue prevents users from accessing internal websites while the OfficeScan Data Loss Prevention™ (DLP) service is running on agent computers.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5345
(SEG-37168)
In certain environments, an interoperability issue occurs between the Behavior Monitoring feature and "rdbss.sys" while the engine collects file information from a UNC path. This may cause a massive performance issue.
Solution
This hotfix updates the Behavior Monitoring module and enables users to configure the feature to skip UNC paths to help prevent the performance issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "AegisTrueAPISkipUNC" and "AegisReputationAsyncUNC" keys and set their value to "1".
- [Global Setting]
- AegisTrueAPISkipUNC=1
- AegisReputationAsyncUNC=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: TrueAPISkipUNC
- Type: DWORD
- Value: 1
- Key: ReputationAsyncUNC
- Type: DWORD
- Value: 1
Issue
Hotfix 5345
(SEG-45981), (SEG-46259)
The Connection Status (Online/Offline) of an OfficeScan client on the web console changes each time a user logs on or off from the client computer.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5345
(SEG-46590)
After importing the settings from an OfficeScan 11 server to an OfficeScan XG Service Pack 1 server, the "CVE Exploit" option disappears from the "Real-time Scan Settings > Action tab > Virus/Malware > Use a specific action for each virus/malware type" page. This option is not available in OfficeScan 11.
Solution
This hotfix enables the OfficeScan XG Service Pack 1 server to retrieve this setting from its own "ofcscan.ini" file if this is not specified in the exported settings.
Issue
Hotfix 5345
(SEG-43029)
The OfficeScan agent cannot upload DLP forensic data larger than 20 MB to the OfficeScan server.
Solution
This hotfix updates the OfficeScan agent program to extend the DLP data upload size limit to 40 MB.
Issue
Hotfix 5345
(SEG-43589)
If users are given "Read and Execute" permission to USB storage devices under the Device Control Settings, four folders will be created in a USB storage device when users create one folder in the device through Windows Explorer.
Solution
This hotfix updates the Behavior Monitoring module and allows users to configure it to block the create folder function when the permission to USB storage devices is set to "Read and Execute".
Procedure
To enable the Behavior Monitoring module to block the create folder function when the permission to USB storage devices is set to "Read and Execute" and to deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "TmactmonSendFolderByOption" key and set their value to "1".
- [Global Setting]
- TmactmonSendFolderByOption=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmactmon\Parameters]
- "SendFolderByOption"=dword:00000001
Issue
Hotfix 5345
(SEG-46379)
An interoperability issue between the 64-bit OfficeScan agent and the 64-bit "unzip.dll" file prevents a 64-bit agent from loading "unzip.dll" and triggers it to reset the "ClientConsoleZipTimeStamp" registry key to "NULL". When this happens, the agent will automatically decompress "ClientConsole.zip" during startup which may cause a performance issue.
Solution
This hotfix updates the OfficeScan agent program to prevent the 64-bit agent from resetting the "ClientConsoleZipTimeStamp" registry key to "NULL".
Enhancement
Hotfix 5345
(SEG-43254)
This hotfix provides a way to configure OfficeScan to keep track of when USB storage devices are plugged into OfficeScan agent computers. These events are recorded in the "UsbInsert_yyyymmdd.log" file on the OfficeScan server "\PCCSRV\Log" folder.
NOTES:
- The logs in the file will appear in the following format: [Timestamp] [Log Generation Time] [Agent GUID] [Computer Name] [Action] [USB:Vendor:Model:Serial ID]
- The "UsbInsert_yyyymmdd.log" file will be deleted regularly according to the "Logs to Delete" and "Log Deletion Schedule" settings in the "Log Maintenance" page on the OfficeScan web console. You need to ensure that the "Enable scheduled deletion of logs" feature is enabled with the “Device Control Logs” log type selected.
Procedure
To configure OfficeScan to keep track of when USB storage devices are plugged into OfficeScan agent computers:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EnableUsbLogging=1
NOTE: To disable the setting, set this key to "0".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path:
- 32-bit: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- 64-bit: \HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- Key: EnableUsbLogging
- Type: DWORD
- Value: 1
Enhancement
Hotfix 5345
(SEG-41758), (SEG-41759)
This hotfix enables the OfficeScan server to download the list of approved mobile devices and USB storage devices from the Device Control settings in the Trend Micro Control Manager™ server and to deploy the list to OfficeScan agents.
Procedure
To configure OfficeScan to download and deploy the Device Control approved list of mobile devices and USB storage devices from the Control Manager server to all OfficeScan clients:
- Run the Device List Tool (listDeviceInfo.exe) to retrieve the device information. The tool provides Vendor, Model, Serial ID, and Device information for each device.
- Make a Device Control approved list in CSV file format specifying the Vendor, Model, Serial ID, and Device information of mobile devices and USB storage devices.
For example:
- 05AC,12A8,35AD13C948ECD47904B2B7AD4D5E8AFBF4C70C48,Mobile Devices
- ADATA,DC1A,285252344010000C,USB Storage Devices
NOTE: The "Device" field is optional, if there is no device type listed in the CSV file, it will be treated as "USB Storage Devices".
- Copy the CSV file to the Control Manager server in the "\Trend Micro\Control Manager\WebUI\WebApp\widget\repository\widgetPool\product\OSCE\" folder and rename the CSV file as "dc_dev_exception.csv".
NOTE: Users can apply Control Manager Hotfix 3073 to import the Device Control approved list from the "Policies > Policy Resource > Device Control Approved Device List" page of the Control Manager console.
- Deploy an OfficeScan Agent policy with Device Control setting to agents from the Control Manager console. All agents will receive the approved list.
NOTE: On the OfficeScan server, users can check the "DC_GLOBAL_DEV_EXCEPTION" section in "dlp.ini" file under the "\PCCSRV\Private" folder.
For example:
- [DC_GLOBAL_DEV_EXCEPTION]
- DevExceptionGlobalCount=2
- DevExceptionGlobal_00000000= VendorName,Model,serialNo,1(USB Storage Devices)
- DevExceptionGlobal_00000001=VendorName,Model,serialNo,2097152(Mobile Devices)
On the OfficeScan agent, users can check the "dc_in.xml" and "dc_out.xml" file under the "\OfficeScan Client\dlplite" folder.
For example:
- <usbException exceptionDeviceType="0x00000001"(USB Storage Devices) serialNo="xxxxxxxx" model=" xxxxxxxx " vendorName="xxxxxxxx "/>
- <usbException exceptionDeviceType="0x00200000"(Mobile Devices) serialNo=" xxxxxxxx " model=" xxxxxxxx " vendorName="xxxxxxxx "/>
Enhancement
Hotfix 5345
(SEG-43345)
This hotfix enables OfficeScan agents to support long virus names in the Damage Cleanup Template of the Damage Cleanup Services.
Issue
Hotfix 5350
(SEG-48036)
The OfficeScan server cannot delete duplicate agents by connection verification.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5350
(SEG-43656)
Coexisting OfficeScan agents cannot set the server information of the Smart Protection Service Proxy correctly. When this happens, the coexisting agents do not send query requests through the Smart Protection Service proxy but directly to the Trend Micro Smart Protection Network instead. This may cause a connection issue if the agents cannot connect to the Internet.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5350
(SEG-44462)
The OfficeScan Common Client Solution Framework service stops unexpectedly when it encounters a malformed process name that is written when the buffer size has not been allocated correctly.
Solution
This hotfix updates the Behavior Monitoring module to resolve this issue.
Issue
Hotfix 5350
(SEG-38909)
The OfficeScanNT RealTime Scan service stops unexpectedly after upgrading to OfficeScan XG Service Pack 1 Critical Patch 5147 from OfficeScan 11.0 Service Pack 1 Critical Patch 6469 when the agent or computer restarts.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set it to "1".
- [Global Setting]
- AEGIS_Avoid_Double_Init_WList=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: AvoidDobuleInitWList
- Type: DWORD
- Value: 1
Issue
Hotfix 5350
(SEG-45795)
The OfficeScan Master Service may stop unexpectedly under certain scenarios.
Solution
This hotfix updates the OfficeScan server program to prevent the OfficeScan Master Service from stopping unexpectedly.
Issue
Hotfix 5350
(SEG-47887)
The OfficeScan Control Manager™ Agent (CMAgent) service may stop unexpectedly and the OfficeScan server unregisters from the Control Manager server automatically if OfficeScan uploads any Web Reputation Log that contains an empty URL to the Control Manager server.
Solution
This hotfix updates the OfficeScan server program to prevent this issue from occurring.
Issue
Hotfix 5350
(SEG-43435)
An issue related to the dynamic unloading of the cURL library may cause the OfficeScan NT RealTime Scan service ("Ntrtscan.exe") to stop unexpectedly.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5350
(SEG-48037)
The 3rd-party Virtual Machine, Virtualbox, cannot be launched while Data Loss Prevention™ (DLP) is running.
Solution
This hotfix updates DLP module to resolve this issue.
Issue
Hotfix 5350
(SEG-41157)
An OfficeScan agent may appear "Offline" on the OfficeScan web console if the agent IP address changes and it cannot successfully update the information on the OfficeScan server.
Solution
This hotfix resolves the issue by updating the OfficeScan agent program.
Issue
Hotfix 5350
(SEG-48765)
An OfficeScan agent sends a status update with the firewall policy ID "0" to the OfficeScan server if it cannot detect any network interface controller.
Solution
This hotfix updates the OfficeScan agent program to skip the status update if it does not detect a network interface controller.
Issue
Hotfix 5350
(SEG-44261), (SEG-46030)
Data Loss Prevention is unable to detect sensitive data sent through Gmail when using the Chrome 73 browser due to Google API changes.
Solution
This hotfix updates Data Loss Prevention to support the "Http/Https" and "Open file dialog" functionality in Google Chrome 73.
Enhancement
Hotfix 5350
(SEG-46636)
This hotfix provides a way to configure OfficeScan to regularly delete quarantined files in the "\PCCSRV\Virus" folder on the OfficeScan server installation directory according to the "Logs to Delete" and "Log Deletion Schedule" settings in the "Log Maintenance" page on the OfficeScan web console.
Procedure
To configure OfficeScan to regularly delete quarantined files in the "\PCCSRV\Virus" folder on OfficeScan server installation directory:
- Install this hotfix (see "Installation").
- Manually add the following registry entry and set its value to "1" on the OfficeScan server computer.
- Path: \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\OfficeScan\service\Scheduled_Delete_Log
- Key: PurgeQuarantineFiles
- Type: DWORD
- Value: 1
NOTE: To disable the setting, set this key to "0".
- Open the OfficeScan web console and click "Logs > Log Maintenance". Ensure the "Enable scheduled deletion of logs" feature is enabled.
Issue
Hotfix 5357
(SEG-47035)
The Data Loss Prevention™ (DLP) module cannot detect violations through the WebMail channel on Mozilla(R) Firefox(R).
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5357
(SEG-47892)
The DLP module blocks Alternate Data Stream (ADS) files unexpectedly on Dropbox.
Solution
This hotfix prevents this issue by allowing the DLP module to skip ADS files on Dropbox during scans.
Issue
Hotfix 5357
(SEG-47522)
In Endpoints view of the Top Ransomware Detections Widget, some records do not contain any "Endpoint" and "Last Logon User" information.
Solution
This hotfix prevents the Top Ransomware Detections Widget from displaying records of removed endpoints to ensure that it displays information normally.
Enhancement
Hotfix 5357
(SEG-49470)
This hotfix adds the new era name of Japan to the DLP template.
Enhancement
Hotfix 5357
(SEG-48677)
This hotfix adds an error message that is triggered when users attempt to add an invalid path to the Behavior Monitoring exception list.
Issue
Hotfix 5361
(SEG-47313)
The NT listener service stops unexpectedly when it encounters certain corrupted information in the database.
Solution
This hotfix resolves this issue by preventing a buffer overflow issue when the NT listener service encounters corrupted information in the database.
Issue
Hotfix 5361
(SEG-49936)
After applying Critical Patch 5338, Microsoft™ Excel files with macro content cannot be saved to a network shared folder from an endpoint.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5361
(SEG-49361)
The Trend Micro OfficeScan Data Protection Service may stop unexpectedly when users access Gmail.
Solution
This hotfix updates the Data Protection module to resolve this issue.
Issue
Hotfix 5361
(SEG-45300), (SEG-47213)
The OfficeScan agent does not send Virus/Malware logs to the OfficeScan server when the "PrivilegeContolSetting" setting is enabled on the OfficeScan agent.
Solution
This hotfix resolves this issue by enabling OfficeScan to grant the required permissions for the "HLog" folder when "PrivilegeContolSetting" is enabled.
Issue
Hotfix 5361
(SEG-50344)
An issue related to the Microsoft Windows™ Defender Security Center causes the "Trend Micro Personal Firewall" component to appear in "Off" status on the "Windows Security and Maintenance" page after users remove the Trend Micro NT Firewall Service.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation")
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set each value to "1".
- [Global Setting]
- RmvPFWbyCommand=1
- RmvPFWifSSPFWDisabled=1
- RmvPFWifDisabled=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
- Key: RmvPFWbyCommand=1
- Key: RmvPFWifSSPFWDisabled=1
- Key: RmvPFWifDisabled=1
- Type: DWORD
- Value: 1
- On the OfficeScan web console, go to "Administration > Settings > Product License > Additional Services".
- Under "Additional Services", click the "Disable" button to stop the firewall service.
- Unload and reload the agent on the client and check that the "TrendMicro Personal Firewall" entry does not appear in "Windows Security and Maintenance".
Issue
Hotfix 5361
(VRTS-3162)
An attacker may be able to force the OfficeScan agent to load a malicious .dll file.
Solution
This hotfix updates the OfficeScan agent program to resolve this DLL injection vulnerability.
Issue
Hotfix 5365
(SEG-49847)
An issue related to the Microsoft™ Excel™ files with macro content cannot be saved to a network shared folder from an endpoint, some Microsoft Excel temp files cannot be deleted after trying to save the files.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5365
(SEG-49569)
On the x64 platform, a time comparison issue triggers the OfficeScan agent to send heartbeats to the OfficeScan server when the heartbeat function is disabled.
Solution
This hotfix updates the OfficeScan agent program to resolve the problem.
Procedure
This solution will not be deployed to agents that are not running at the time this hotfix is installed. As a result, these agents may still experience this issue since the heartbeat event is sent during start up. You need to restart the OfficeScan Master Service after all the agents are updated to the latest version to apply this solution to all agents.
Issue
Hotfix 5365
(SEG-50788)
The Suspicious Object List (file) does not appear on the OfficeScan agent.
Solution
This hotfix resolves this issue by updating the related database transaction.
Enhancement
Hotfix 5365
(SEG-46635)
This hotfix enables users to search for multiple agents on the "Agent Management" page by specifying multiple agent names in the "Search for endpoints" text box.
NOTES:
- Use a blank character " " delimiter to separate each agent name in the "Search for endpoints" text box.
- The field supports wildcard characters. Use a question mark "?" to represent a single character and an asterisk "*" to represent several characters.
- The field supports a maximum of 256 characters.
Enhancement
Hotfix 5365
(SEG-50338)
This hotfix adds new Regular Expressions to the Trend Micro Data Loss Prevention™ (DLP) Data Identifiers.
Enhancement
Hotfix 5365
(SEG-47952)
This hotfix adds a scheduled log purge function to purge un-scanned file logs older than a specified number of days, this is set to 15 days by default.
Procedure
To configure OfficeScan to purge un-scanned file logs that are older than a specific number of days:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to the number of days.
- [Global Setting]
- ClientUnScanLogKeepDays=15
- NOTE: This is set to 15 by default.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- [On x64 system]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
- "ClientUnScanLogKeepDays" = dword:0000000f (15)
- [On x86 system]
- [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
- "ClientUnScanLogKeepDays" = dword:0000000f (15)
Issue
Critical Patch 5383
(SEG-45703)
Trend Micro Unauthorized Change Prevention Service uses a large amount of CPU resources when users open the Task Manager.
Solution
This critical patch updates the Behavior Monitoring module and enables users to configure OfficeScan to skip certain events to help prevent the issue.
Procedure
To configure OfficeScan to skip certain events to help prevent the issue and deploy the solution globally:
- Install this critical patch (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "AegisSkipTaskmgrCreateMutant" key and set its value to "1".
- [Global Setting]
- AegisSkipTaskmgrCreateMutant=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipTaskmgrCreateMutant
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
Issue
Critical Patch 5383
(SEG-52959)
After applying Critical Patch 5377, users may not be able to unload OfficeScan agents with the unload password enabled. This issue occurs because the encryption and decryption algorithm changed with a dynamic share key for OfficeScan agents.
Solution
This critical patch ensures that users are able to unload password-protected OfficeScan agents successfully.
Enhancement
Critical Patch 5383
(SEG-50774)
This critical patch enables the OfficeScan agent program to support Microsoft™ Windows™ 10 (version 1903) May 2019 Update.
Enhancement
Critical Patch 5383
(SEG-34470)
This critical patch enables users to configure the OfficeScan server to record server console login failure events in the Windows Event Log and the OfficeScan server system event log.
Procedure
To configure the OfficeScan server to record server console login failure events in the Windows Event Log and the OfficeScan server system event log:
- Install this critical patch (see "Installation").
- Open the "ofcserver.ini " file in the "\PCCSRV\Private" folder in the OfficeScan server installation directory.
- Under the "INI_SERVER_SECTION" section, manually add the "EnableLoginFailAuditing" key and set its value to "1".
- [INI_SERVER_SECTION]
- EnableLoginFailAuditing=1
- NOTE: This is set to "0" by default which disables the option.
- Save the changes and close the file.
Issue
Hotfix 5388
(SEG-47791)
The OfficeScan Master Service stops unexpectedly while restarting if the length of the OfficeScan agent's full domain name exceeds the maximum length.
Solution
This hotfix updates the OfficeScan server program to prevent the OfficeScan Master Service from stopping unexpectedly.
Issue
Hotfix 5388
(SEG-50248)
Online OfficeScan agents may appear as "Offline" on the OfficeScan web console. Users need to restart the agents for the correct connection status to appear.
Solution
This hotfix resolves the issue by updating the OfficeScan agent module.
Issue
Hotfix 5388
(SEG-49047)
After changing an agent's connection setting on the web console, the agent is not moved to the target server because the server SSL port information is incorrect.
Solution
This hotfix ensures that the correct server SSL port is assigned when the agent connection setting is modified.
Issue
Hotfix 5388
(SEG-50140)
The OfficeScan agent does not change to offline status when the computer shuts down. This happens because the SSL function cannot be initialized while the computer is shutting down.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5388
(SEG-50917)
The OfficeScan agent does not send the "Logon User" information to the OfficeScan server when the OfficeScan server restricts the user's access to the OfficeScan agent console from the system tray or from the Microsoft™ Windows™ "Start" menu.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5388
(SEG-49321)
An issue related to the OfficeScan NT Listener service ("TmListen.exe") may cause the OfficeScan agent GUID to change unexpectedly.
Solution
This hotfix updates the OfficeScan agent program to prevent this issue from occurring.
Issue
Hotfix 5388
(SEG-44729)
An OfficeScan agent still uses the proxy server to connect to Trend Micro servers even when it has been configured not to use one in the Windows Internet Options.
Solution
This hotfix ensures that OfficeScan agents check the proxy server exception configured in Windows Internet Options to enable these agents to bypass proxy servers when connecting to Trend Micro servers when configured to do so.
Issue
Hotfix 5388
(SEG-49267)
A specific keyword triggers the DLP template that does not have any criteria specified.
Solution
This hotfix updates the DLP template to resolve this issue.
Issue
Hotfix 5388
(SEG-48094), (SEG-51995)
The Data Loss Prevention (DLP) module still blocks unmonitored domains.
Solution
This hotfix resolves the issue by updating the DLP module.
Issue
Hotfix 5388
(SEG-53688)
When the login after the "isPrototype" configuration is enabled, the OfficeScan web console displays incorrectly.
Solution
This hotfix removes the "isPrototype" configuration and related contents to resolve this issue.
Issue
Hotfix 5388
(SEG-52050)
A compatibility issue between Microsoft Outlook and the OfficeScan Behavior Monitoring feature may cause the system to crash or freeze.
Solution
This hotfix updates the Behavior Monitoring module to prevent this issue.
Issue
Hotfix 5388
(SEG-51962)
The version number of the Advanced Threat Correlation Pattern is displayed as "0.000.00" on the OfficeScan agent's user interface. This issue occurs after the OfficeScan agent upgraded from OSCE 11.0 Service Pack 1 Patch 1 to OfficeScan XG Service Pack 1 by the Client Packager.
Solution
This hotfix updates OfficeScan agent programs to resolve this issue.
Issue
Hotfix 5388
(SEG-53993)
Administrators are unable to change the database password of the edge server using "OfcEdgeCfg.exe", the OfficeScan tool.
Solution
This hotfix updates OfficeScan server program to solve this issue.
Issue
Hotfix 5388
(SEG-53180)
When the agents call "cgiOnScan.exe" and fails, the system keeps resending the request without waiting. This issue generates lots of records in the IIS log.
Solution
This hotfix updates the OfficeScan agent program to wait for few seconds before retrying.
Issue
Hotfix 5388
(SEG-47832)
When the agents with the same IP address but with different computer name/Media Access Control Address (MAC)/GUID, the OfficeScan web console does not purge the duplicate agents.
Solution
This hotfix updates the OfficeScan server program to remove the duplicate agents on the web console.
Procedure
To apply the solution:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "INI_SERVER_SECTION" section, locate the following key and set its value to "1":
- [INI_SERVER_SECTION]
- VerifyConnectionIPOnly=1
- Save the changes and close the file.
- Open OfficeScan web console and go to the "Agents" > "Connection Veriffication" > Click "Verify Now".
Issue
Hotfix 5388
(SEG-54168)
When upgrading an OfficeScan client computer to Microsoft™ Windows™ 10 April 2018 Update (Redstone 4), the Trend Micro Early Boot Clean driver may add unnecessary blank lines to the "ServiceGroupOrder" registry value. This can cause blue screen of death (BSOD) after the agent computer restarts.
Solution
This hotfix updates the OfficeScan agent program to prevent the Trend Micro Early Boot Clean driver from adding unnecessary blank lines to the "ServiceGroupOrder" registry value.
Enhancement
Hotfix 5388
(SEG-36792), (VRTS-3326), (VRTS-3314)
This hotfix adds a dynamic share key for OfficeScan agents in the encryption and decryption algorithm.
Issue
Hotfix 5391
(SEG-52432)
After an update, OfficeScan agents may use the old virus pattern to perform Scan Now instead of using the new virus pattern when the "Perform Scan Now after update (Independent agents excluded)" feature is enabled.
Solution
This hotfix ensures that OfficeScan agents use the new pattern to perform Scan Now once the new pattern has been reloaded after an update.
Issue
Hotfix 5391
(SEG-52356)
The OfficeScan server process may stop unexpectedly when the CPU or memory utilization is high.
Solution
This hotfix prevents the OfficeScan server process from stopping unexpectedly when the CPU or memory utilization is high.
Issue
Hotfix 5391
(SEG-48966)
The 3rd-party ICE WebStart program cannot be launched while the OfficeScan Firewall service is running.
Solution
This hotfix updates the Trend Micro OfficeScan Firewall driver and provides a way to prevent this issue from occurring.
Procedure
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "256".
- [Global Setting]
- PFW_KEventMaxCount=256
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmWfp\Parameters
- Key: KEventMaxCount
- Type: REG_DWORD
- Value: 256 (0x100)
- Restart the OfficeScan agents.
Issue
Hotfix 5391
(SEG-50445)
On the 64-bit Microsoft ™ Windows ™ 7 platform, an error occurs while running a 64-bit debug script in Microsoft Visual Studio 2017.
Solution
This hotfix updates the Behavior Monitoring Module to prevent the error.
Issue
Hotfix 5391
(SEG-54165)
The ASE setting on the agent side switches to "0" unexpectedly.
Solution
This hotfix updates the OfficeScan agent program to prevent this issue.
Issue
Hotfix 5391
(SEG-54238)
The wrong user name information appears in spyware notifications after users logon using RDP.
Solution
This hotfix updates the OfficeScan agent program to ensure that the correct user name appears in spyware notifications.
Issue
Hotfix 5391
(SEG-54612)
The VDI Pre-Scan Template Generation Tool does not work even with the correct agent unload/unlock password.
Solution
This hotfix updates the tool to resolve this issue.
Enhancement
Hotfix 5391
(SEG-43254)
This hotfix provides a way to configure OfficeScan to keep track of when USB storage devices are plugged into OfficeScan agent computers. The logs can be queried in the Device Control violations on the Control Manager server console. These events are also recorded in the "UsbInsert_yyyymmdd.log" file on the OfficeScan server "\PCCSRV\Log" folder.
NOTES:
- This feature requires the installation of a corresponding Control Manager hotfix to enable Control Manager to support this feature.
- The logs in the "UsbInsert_yyyymmdd.log" file will appear in the following format: [Timestamp] [Log Generation Time] [Agent GUID] [Computer Name] [Action] [USB:Vendor:Model:Serial ID]
- The "UsbInsert_yyyymmdd.log" file will be deleted regularly according to the "Logs to Delete" and "Log Deletion Schedule" settings in the "Log Maintenance" page on the OfficeScan web console. You need to ensure that the "Enable scheduled deletion of logs" feature is enabled with the “Device Control Logs” log type selected.
Procedure
To configure OfficeScan to keep track of when USB storage devices are plugged into OfficeScan agent computers:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EnableUsbLogging=1
NOTE: To disable the setting, set this key to "0".
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path:
- 32-bit: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- 64-bit: \HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- Key: EnableUsbLogging
- Type: DWORD
- Value: 1
Issue
Hotfix 5392
(SEG-53970)
The OfficeScan NT real-time scan service stops unexpectedly because the iCRC module cannot handle an empty response from the Smart Protection Service correctly.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5392
(SEG-44088)
A third-party application cannot run when the Behavior Monitoring service is enabled.
Solution
This hotfix updates the Behavior Monitoring module to resolve this interoperability issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- AegisSkipCreateProcessWithCmdLineEvent=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipCreateProcessWithCmdLineEvent
- Type: DWORD
- Value: 1
Issue
Hotfix 5392
(SEG-54270)
Endpoints may experience a blue screen of death (BSOD) while the Virus Scan Engine (VSAPI) driver is updating.
Solution
This issue updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5400
(SEG-54909)
The Data Loss Prevention™ (DLP) module cannot properly block users from uploading file attachments in version 75 of the Google Chrome web browser.
Solution
This hotfix updates the DLP module to enable it to block the upload of file attachments on Google Chrome 75.
Issue
Hotfix 5400
(SEG-55588), (SEG-55777)
OfficeScan agents running on Microsoft™ Windows ™ 10 cannot upgrade to build 1903.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5400
(SEG-47970)
An out-of-memory issue related to the function that adds IP exceptions can cause the Network Content Inspection Engine (NCIE) driver to stop unexpectedly and trigger blue screen of death (BSOD) on endpoints.
Solution
This hotfix updates the NCIE module to resolve this issue.
Issue
Hotfix 5400
(SEG-53769)
An OfficeScan agent may stop unexpectedly while calculating the SHA1 value for a large file.
Solution
This hotfix resolves the issue by improving the algorithm for calculating the SHA1 value of files.
Issue
Hotfix 5400
(SEG-46006)
An issue prevents the OfficeScan agent from adding program names to the Web Reputation Service approved list. As a result, websites cannot be blocked normally.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5400
(SEG-54694)
The OfficeScan agent cannot download large files when User-Mode Hooking (UMH) is enabled.
Solution
This hotfix updates the Web Reputation Service module to resolve the problem.
Issue
Hotfix 5400
(SEG-48009)
An issue prevents the Data Loss Prevention™ (DLP) license from being deployed from Trend Micro OfficeScan to Trend Micro Control Manager.
Solution
This hotfix adds support for the DLP AC key type to solve this issue.
Issue
Hotfix 5400
(SEG-50758)
A race condition between Trend Micro Unauthorized Change Prevention Service and Trend Micro Contextual Intelligence Engine may cause Trend Micro Unauthorized Change Prevention Service to stop unexpectedly.
Solution
This hotfix updates the Trend Micro Contextual Intelligence Engine module to prevent the race condition.
Enhancement
Hotfix 5400
(SEG-53304)
This hotfix enables OfficeScan SP1 to send "Dropped" and "Accepted" action results in firewall violation logs to Control Manager. This ensures that both action results display normally on Control Manager instead of being displayed as "unknown".
Enhancement
Hotfix 5400
(SEG-55805)
This hotfix adds support for SSH File Transfer Protocol (SFTP).
Issue
Hotfix 5403
(SEG-55881)
OfficeScan XG agents may be unable to properly communicate with the server when using a proxy server for network communication.
Solution
This hotfix updates the proxy setting information to allow proper communication with the OfficeScan server.
Issue
Hotfix 5403
(SEG-56417)
Sample files are not sent to the Trend Micro Deep Discovery Analyzer server because the OfficeScan Deep Discovery service has stopped unexpectedly.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Enhancement
Hotfix 5406
(SEG-56591)
This hotfix updates the OfficeScan Master Service to change the callback address token in C&C callback alert email notifications from "http/https" to "hxxp/hxxps".
Procedure
To apply the solution:
- Install this hotfix (see "Installation").
- Open the "ofcserver.ini" file in the "\PCCSRV\Private" folder in the OfficeScan server installation directory.
- Under the "CCCA" section, manually add the following key and set it to "1":
- [CCCA]
- EnabledReplaceURL=1
- Save the changes and close the file.
- Restart the OfficeScan Master Service
Issue
Hotfix 5411
(SEG-54310)
The Data Loss Prevention™ (DLP) module does not work on the Microsoft Edge web browser.
Solution
This hotfix updates the DLP module to resolve this issue.
Procedure
To enable OfficeScan agents to block sensitive information on the Edge web browser.
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following key and value.
- [Configure]
- ENABLE_DYNAMIC_CODE_POLICY=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- enable_dynamic_code_policy=true
Issue
Hotfix 5411
(SEG-56009), (SEG-56900)
An issue prevents users from rolling back OfficeScan agents to a previously installed version after applying OfficeScan XG Service Pack 1 Critical Patch 5383.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5411
(SEG-54796)
The OfficeScan master service stops unexpectedly and creates multiple dump files.
Solution
This hotfix truncates a string that exceeded the buffer size to solve this issue.
Issue
Hotfix 5411
(SEG-51597)
The "Network isolation" command from Trend Micro Control Manager™ may not be applied on the OfficeScan agent immediately.
Solution
This hotfix solves this issue by ensuromh that the "Network isolation" command and other commands are not sent to OfficeScan clients in parallel.
Issue
Hotfix 5411
(SEG-57945)
Sometimes, Google Chrome 75 stops responding while Trend Micro Data Loss Prevention™ (DLP) is enabled.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5415
(SEG-56567)
Users cannot export policies using the Policy Export Tool because the default protocol buffer size has been exceeded.
Solution
This issue updates the Server Migration Tool to resolve this issue.
Issue
Hotfix 5415
(SEG-55261)
The SQL server may become unresponsive when navigating to the Device Control Settings screen on the OfficeScan web console.
Solution
This hotfix applies additional error handling to prevent unsuccessful SQL queries from affecting the database server.
Enhancement
Hotfix 5415
(SEG-54287)
This hotfix adds a new configurable key "remove_dlp_outlook_addin" to allow users to configure OfficeScan agents to remove the "dlpexaddin.x86.dll" or "dlpexaddin.x64.dll" library from the Microsoft™ Outlook Add-ins.
Procedure
To configure OfficeScan agents to remove the "dlpexaddin.dll" library from Outlook:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following key and value.
- [Configure]
- remove_dlp_outlook_addin=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- remove_dlp_outlook_addin=true
Issue
Hotfix 5417
(SEG-51172)
When the Trend Micro Data Loss Prevention™ (DLP) module sends a DLP violation log for an email message in Lotus Notes, the log will indicate the email subject as "N/A".
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5417
(SEG-48442)
An OfficeScan XG Service Pack 1 agent installed on Microsoft™ Windows™ Server 2016 may appear "Offline" on the OfficeScan web console. This happens because the HTTPS communication port of the agent cannot be successfully initialized for listening while the protected computer starts.
Solution
This hotfix updates the OfficeScan agent program to prevent this issue from occurring.
Issue
Hotfix 5417
(SEG-57984)
An issue prevents users from uninstalling OfficeScan agents with the correct agent uninstallation password through Windows Installer (msiexec.exe) after applying OfficeScan XG Service Pack 1 Critical Patch 5383.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5417
(SEG-55457)
An OfficeScan agent does not block file transmission from a network drive to Skype™ through the Server Message Block channel.
Solution
This hotfix updates the DLP module to enable OfficeScan agents to support file transmission through a network drive.
Issue
Hotfix 5417
(SEG-56856)
Digital Asset Control logs may contain the wrong Email Subject information.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5417
(SEG-58341)
In Google Chrome and certain versions of Internet Explorer, some pages of the OfficeScan web console display as blank pages after Hotfix 5388 is applied.
Solution
This hotfix updates the OfficeScan server files to resolve this issue.
Issue
Hotfix 5417
(SEG-57928)
When the Trend Micro Data Loss Prevention™ (DLP) service is enabled on OfficeScan agent computers, Google Chrome version 75 and higher versions may stop unexpectedly while accessing certain URLs.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5417
(VRTS-3537)
The "Active Directory Integration" page may expose the credential key when the page is opened with developer tools on a web browser.
Solution
This hotfix updates the OfficeScan server program to remove the vulnerability.
Enhancement
Hotfix 5417
(SEG-39049)
This hotfix updates the certificate handling process for both Trend Micro Smart Scan Server service and Trend Micro Smart Protection Query Handler service to allow users to assign friendly names to SSL Certificates based on Microsoft Internet Information Services (IIS). Once set, the SSL certificate of the OfficeScan website with friendly name will not be removed after the server restarts.
Procedure
To ensure that the certificate with friendly name will not be replaced randomly:
- Stop the following services:
- OfficeScan Master Service
- OfficeScan Active Directory Integration Service
- Trend Micro Smart Protection Server
- Trend Micro Smart Protection Query Handler
- Open the "<Server installation folder>\PCCSRV\WSS\Service.ini" file.
- Locate the "HTTPS_CERT" setting, add the following new setting and set tit to the certificate friendly name, for the example "OfficeScan Server NTSG".
- HTTPS_CERT_FRIENDLY_NAME=(certificate friendly name)
- Save the changes and close the file.
- Open the "<Server installation folder>\PCCSRV\SRS\apricot_config" file.
- Locate the "<cert_cn></cert_cn>" option tag, add the new option tag "<cert_friendly_name></cert_friendly_name>" under it, and specify the friendly name inside this new tag.
- Save the changes in the file.
- Restart the services you stopped in step 1.
Issue
Hotfix 5419
(SEG-58523)
In the SQL Server Migration Tool settings, the recipient email address for the "SQL Database Unavailable Alert" reappears after users have removed it to disable the alert.
Solution
This hotfix updates the SQL Server Migration Tool to ensure that users can successfully remove the recipient email address for the "SQL Database Unavailable Alert" to disable the alert.
Issue
Hotfix 5422
(SEG-58154)
Some OfficeScan agents cannot update the Contextual Intelligence Query Handler.
Solution
This hotfix updates the agent program to resolve the issue.
Issue
Hotfix 5422
(SEG-39025)
In the Japanese language version, the agent console menu language changes to English unexpectedly after a program update.
Solution
This hotfix updates the agent program to resolve the issue.
Issue
Hotfix 5422
(SEG-57434)
When users log in using a non-root account, connection verification log query results display very few logs even when there are more than 100 OfficeScan clients on the client tree.
Solution
This hotfix updates the query function to ensure that all the query results contain all relevant connection verification logs.
Enhancement
Hotfix 5422
(SEG-58614)
This enhancement hides the unload/uninstall password in the OfficeScan web console.
Issue
Critical Patch 5427
(VRTS-3681)
A directory traversal vulnerability may allow an attacker to log on to the OfficeScan Management Console as a root user.
Solution
This critical patch updates the OfficeScan server program to remove the vulnerability.
Issue
Critical Patch 5427
(VRTS-3670)
A directory traversal vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in OfficeScan server.
Solution
This critical patch updates the OfficeScan server program to remove the vulnerability.
Issue
Critical Patch 5427
(SEG-57704)
An issue prevents OfficeScan agents running on the Microsoft™ Windows™ 10 platform from reporting their correct status to the OfficeScan server. As a result, these agents appear as "Endpoints with Non-compliant Services" on the OfficeScan web console.
Solution
This critical patch updates OfficeScan agent program to resolve this issue.
Issue
Critical Patch 5427
(SEG-54354)
If a network attached storage (NAS) allows only a dedicated user account to access it, the Data Loss Prevention™ (DLP) module does not generate a log when files from this NAS is burned to CD/DVD using an account that does not have access rights to the NAS.
Solution
This critical patch updates the DLP module to ensure that it generates a DLP log under the scenario described above.
Issue
Critical Patch 5427
(SEG-58850)
An error occurs while the Certificate Authentication Manager Tool re-establishes communication between the OfficeScan server and managed OfficeScan agents.
Solution
This critical patch updates the OfficeScan server program to resolve this issue.
Enhancement
Critical Patch 5427
(SEG-59817)
This critical patch updates the DLP module to ensure that it can block drag-and-drop file operations in Google Chrome 76 and 77.
Issue
Hotfix 5429
(SEG-51054)
The customized Suspicious Object Lists (File) may not work on files that contain the digital signature of a company that is on the good company list.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5429
(SEG-57953)
Users cannot save Microsoft™ Excel™ files in the network shared folder from OfficeScan agents.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Procedure
To update the registry configuration on OfficeScan agents to resolve the issue:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1":
- [Global Setting]
- AegisSkipEventTupleUpdateObjFileStat=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS]
- "SkipEventTupleUpdateObjFileStat"=dword:00000001
Issue
Hotfix 5431
(SEG-61262)
An MSI installer generated using the Client Packager Tool with the "ForceRefresh=1" parameter does not record the installation results in the "OFCNTINST.log" file.
Solution
This hotfix updates the OfficeScan agent program to ensure that installation results are logged into the "OFCNTINST.log" file.
Issue
Hotfix 5431
(SEG-60015)
Duplicate entries appear in the Behavior Monitoring approved programs list.
Solution
This hotfix updates the OfficeScan server program to delete duplicate entries in the Behavior Monitoring approved programs list.
Procedure
To apply this solution:
- Install this hotfix (see "Installation").
- Open OfficeScan web console and go to the "Agents" > "Agent Management" > "Settings" >" Behavior Monitoring Settings" > Click "Save".
Issue
Hotfix 5434
(VRTS-3562)
A potential vulnerability may allow a non-administrator to access information on other OfficeScan users by changing a parameter in a specific URL.
Solution
This hotfix updates the OfficeScan server programs to prevent a user that does not have sufficient privileges from viewing other OfficeScan user information.
Issue
Hotfix 5434
(SEG-61333)
An issue related to the Smart Relay Service may trigger a high CPU usage issue in OfficeScan sever and it may also cause the Smart Relay Service to stop unexpectedly.
Solution
This hotfix updates the Smart Relay Service to resolve this issue.
Issue
Hotfix 5434
(VRTS-3564)
On the OfficeScan web console, users may be able to view the user account that have just been logged out by pressing the back button of the web browser.
Solution
This hotfix updates the OfficeScan server program to prevent this issue from occurring.
Issue
Hotfix 5434
(VRTS-3605), (VRTS-3567)
On the OfficeScan web console, the "PHPSESSID" and "wf_CSRF_token" cookies are the same for every logon session.
Solution
This hotfix ensures that the widget framework generates new "PHPSESSID" and "wf_CSRF_token" cookies for each new logon session.
Issue
Hotfix 5434
(SEG-61757)
A blank page appears after users press the "Restore Settings" button on the OfficeScan web console.
Solution
This hotfix updates the XML files related to the Outbreak Prevention feature to solve this issue.
Issue
Hotfix 5434
(SEG-61215)
Security Agents should use the configured Smart Protection Service Proxy settings when querying Smart Protection sources for the Predictive Machine Learning and the Behavior Monitoring features. However, Security Agents still use the proxy settings configured in Microsoft™ Internet Explorer™ to access the network even when the Smart Protection Service Proxy is enabled.
Solution
This hotfix updates OfficeScan agent program to resolve this issue.
Issue
Hotfix 5435
(SEG-62117)
The scan exclusion setting does not work properly when the exclusion is empty at the root level while using a Microsoft SQL database.
Solution
This hotfix updates certain SQL stored procedures to solve this issue.
Enhancement
Hotfix 5437
(SEG-52163)
For external agents, this hotfix reduces the delay time in applying the firewall profile after an agent’s IP is changed.
Procedure
To enable the settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EventTriggerIPChange=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent endpoints:
- Path:
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: EventTriggerIPChange
- Type: REG_DWORD
- Value: 1
- Restart the OfficeScan agent computers.
Issue
Hotfix 5441
(SEG-57094)
In the Japanese version of OfficeScan XG Service Pack 1, the logs screen displays abnormally if users update widgets and then click a node on the Security Risk Detections Over Time widget to open the logs screen for the highlighted threat type on the list.
Solution
This hotfix resolves this issue by updating the files related to the Security Risk Detections Over Time widget.
Enhancement
Hotfix 5441
(SEG-57981)
The Connection Verification program may automatically delete OfficeScan agents that send multiple IP addresses which causes a significant change in the agent count information. This hotfix enables the program to skip the original deletion logic for multiple IP address scenarios.
Procedure
To enable the Connection Verification program to skip the original deletion logic for multiple IP address scenarios:
- Install this hotfix (see "Installation").
- Open the "ofcserver.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "INI SERVER SECTION" section, manually add the following key and set its value to "1".
- [INI_SERVER_SECTION]
- EnableSkipVerConDoubleIPCheck=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Connection Verification" screen.
- Click "Verify Now"
- Verify that agents are not purged.
Issue
Patch 5464
(SEG-61561)
Miracast connections may be blocked by the OfficeScan Firewall.
Solution
This patch updates the anchor rule for the pass action and controls this feature through use of a hidden key.
Procedure
To enable the settings:
- Install this patch (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key.
- [Global Setting]
- EnableGlobalPfwBypassRule=1
- EnableTempBypassRule=0
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent endpoints:
- Path:
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
- Key: EnableGlobalPfwBypassRule
- Type: REG_DWORD
- Value: 1
- Key: EnableTempBypassRule
- Type: REG_DWORD
- Value: 0
Issue
Patch 5464
(SEG-56737)
OfficeScan agents may encounter a blue screen of death (BSOD) when the Osprey kernel file (tmusa.sys) is unloaded unexpectedly.
Solution
This patch updates the Trend Micro EagleEye Driver to resolve this issue.
Issue
Patch 5464
(SEG-61560)
OfficeScan agent endpoints with Web Reputation enabled may experience a performance decrease due to a driver issue.
Solution
This patch updates the Trend Micro EagleEye Driver to resolve this issue.
Enhancement
Patch 5464
(SEG-49033)
This patch updates the program update checking logic on OfficeScan agents to help ensure that only authentic program updates are applied.
Enhancement
Patch 5464
(SEG-63171)
This patch enables the OfficeScan XG SP1 agent program to support Microsoft Windows™ 10 (version 1909) November 2019 Update.
Issue
Hotfix 5467
(SEG-63494)
Data Loss Prevention (DLP) sometimes misidentifies imaging devices with mobile devices.
Solution
This hotfix updates the Data Loss Prevention (DLP) module to resolve this issue.
Issue
Hotfix 5467
(SEG-66261)
Data Loss Prevention™ (DLP) feature may slow down the performance of certain web applications on the OfficeScan agent.
Solution
This hotfix updates the DLP module to resolve this issue.
NOTE: Please refer to the following link for the steps to manually set the monitored websites if customer need: https://success.trendmicro.com/intkb/solution/1120248
Issue
Hotfix 5468
(SEG-64492)
Users may encounter a "Windows upgrade failed" error on an OfficeScan agent computer running on the Microsoft™ Windows™ 10 platform. This happens when the OfficeScan agent ever acted as an Update Agent (UA) and some existing files match the blocking software range in Microsoft Windows.
Solution
This hotfix updates the OfficeScan agent program and adds a folder checking mechanism to resolve the issue.
Issue
Hotfix 5468
(SEG-65278)
The exceed unmanaged agents IP ranges logs cannot be displayed when there are more than 201 sets of IP ranges.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5468
(SEG-55824)
The OfficeScan Data Loss Prevention™ (DLP) module cannot block users from uploading certain file types on Microsoft Skype.
Solution
This hotfix resolves this issue by updating the DLP module.
Issue
Hotfix 5471
(SEG-58586)
The OfficeScan Firewall service may block the connection to version 12.1.51.19 of the Citrix Gateway.
Solution
This hotfix updates the OfficeScan agent program to ensure that the firewall policy exception list works normally.
Issue
Hotfix 5471
(SEG-61200)
OfficeScan agents cannot immediately upgrade an applied hotfix version update if the agents get the update notifications twice within a short amount of time.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5471
(SEG-66363)
Copying compressed ZIP files takes too much time for systems affected by the Trend Micro Data Loss Prevention (DLP).
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Critical Patch 5474
(VRTS-3677)
A potential process communication risk in the agent exists in the OfficeScan server.
Solution
This critical patch updates the OfficeScan server program to remove this vulnerability.
Issue
Critical Patch 5474
(VRTS-3745), (VRTS-3746)
A potential file deletion issue with system privileges exists via a DirectoryTraversal vulnerability in OfficeScan agents.
Solution
This critical patch updates the OfficeScan server program to remove this vulnerability.
Issue
Critical Patch 5474
(VRTS-3790)
A potential issue with file uploads exists via a Directory Traversal vulnerability in OfficeScan agents.
Solution
This critical patch updates the OfficeScan server program to remove this vulnerability.
Issue
Critical Patch 5474
(SEG-74203)
The Trend Micro Data Loss Prevention™ (DLP) service may cause a high memory usage issue when users copy files from a ZIP file.
Solution
This hotfix updates the DLP module to resolve this issue.
Enhancement
Critical Patch 5474
(VRTS-4061)
This critical patch enhances the security of the Server Migration Tool.
Enhancement
Critical Patch 5474
(VRTS-4060)
This critical patch updates the program update checking logic on OfficeScan agents to help ensure that only authentic program updates are applied.
Issue
Hotfix 5476
(SEG-66266)
The OfficeScan Data Loss Prevention™ (DLP) module does not work on the OneDrive website on Mozilla(R) Firefox(R) 71.0.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5476
(SEG-61983)
When users apply the sample submission setting to multiple agents through the Trend Micro Control Manager™ policy, the setting is applied on the first agent only.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5476
(SEG-70190)
The OfficeScan DLP module skips certain directory paths and as a result, users are able to copy files that contain sensitive information from these locations to Skype™.
Solution
This hotfix updates the DLP module to ensure that it can detect and block users from copying files that contain sensitive information to Skype.
Issue
Hotfix 5476
(SEG-66978)
The OfficeScan DLP module slows down file transmissions by SFTP.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5476
(SEG-68629)
An issue prevents the OfficeScan DLP module from blocking files in USB storage devices.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5476
(SEG-70098)
The OfficeScan DLP notification displays when users click the "Add files/Add a file" button in Skype after applying OfficeScan Hotfix 5468.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5476
(SEG-64124)
The Trend Micro OfficeScan Data Protection Service may prevent users from transferring files to the internal server successfully.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Patch 5502
(SEG-69592)
OfficeScan agents installed in folders that use certain Japanese characters may be unable to update pattern files after applying Hotfix 5464.
Solution
This patch updates the ActiveUpdate module to resolve the issue.
Issue
Patch 5502
(SEG-68522)
The OfficeScan Master Service may stop unexpectedly when the OfficeScan server attempts to generate local signature files.
Solution
This patch updates the Trend Micro ActiveUpdate module to ensure that the OfficeScan Master Service is not interrupted during the generation of local signature files.
Issue
Patch 5502
(SEG-73858)
The following two issues related to the OfficeScan Data Protection Service may occur on protected computers:
- Users may have trouble accessing the https://fast.com website.
- Agents cannot connect to VPN through the Cisco AnyConnect Secure Mobility Client.
Solution
This patch updates the Data Loss Prevention™ (DLP) module to resolve this issue.
Issue
Patch 5502
(SEG-71711)
An issue related to the OfficeScan Behavior Monitoring feature may increase the memory usage on protected computers.
Solution
This patch updates the Behavior Monitoring module to resolve this issue.
Issue
Patch 5502
(SEG-65841)
Virus/Malware Logs display the "Result" as "Access denied" on the OfficeScan web console but shows "File Passed" on the Trend Micro Control Manager™ web console.
Solution
This patch updates the OfficeScan server program to resolve this issue.
Enhancement
Patch 5502
(SEG-70427), (SEG-70432)
This patch applies updates to improve the security of OfficeScan server operations.
Issue
Hotfix 5509
(SEG-69956)
Email addresses specified in the Scheduled Assessment Report settings in Security Compliance cannot be deleted.
Solution
This hotfix updates the OfficeScan server program to ensure that email addresses in Scheduled Assessment Report settings can be deleted normally.
Issue
Hotfix 5509
(SEG-71720)
Sometimes, an issue prevents users from logging onto the OfficeScan Server web console successfully.
Solution
This hotfix updates the OfficeScan server program to fix this issue.
Issue
Hotfix 5509
(SEG-65913)
When users deploy domain settings through the Update Agent, the Scan Settings may disappear from the agent console.
Solution
This hotfix updates the OfficeScan server program to fix this issue.
Issue
Hotfix 5509
(SEG-75023)
Advanced Search does not display any results for the "Update Agent" search criterion.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5509
(SEG-71542)
The OfficeScan Master Service stops unexpectedly and cannot be restarted.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5509
(SEG-70752)
Sometimes, in the Traditional Chinese language version of the agent console, the menu language changes to English unexpectedly after a program update.
Solution
This hotfix updates the OfficeScan agent program to resolve the issue.
Issue
Hotfix 5509
(SEG-66642)
An OfficeScan agent switches to offline status after upgrading from OfficeScan 11 Service Pack 1 to OfficeScan XG Service Pack 1.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5509
(SEG-70205)
The Device Control feature may block certain types of internal disk drives unexpectedly after users configure the "USB storage devices" setting to "Block".
Solution
This hotfix updates the data protection module to resolve this issue.
Issue
Hotfix 5509
(SEG-73722)
The Data Loss Prevention feature may cause Microsoft™ Windows™ 10 endpoints to become unresponsive before users logon when the User Justification setting is enabled.
Solution
This hotfix resolves the issue by updating the data protection module.
Issue
Hotfix 5509
(SEG-71236)
The OfficeScan Predictive Machine Learning (PML) feature may prevent users from running scripts to write files normally.
Solution
This hotfix resolves the issue by allowing PML to follow the Real-time Scan Exclusion settings to bypass certain file I/O events that are hooked by the Behavior Monitoring module.
Issue
Hotfix 5509
(SEG-69582)
Sometimes, the OfficeScan agent does not prompt the "Restart Computer" message to appear after updating the agent program.
Solution
This hotfix resolves the issue by updating the OfficeScan agent program.
Issue
Hotfix 5509
(SEG-65162)
The OfficeScan server switches the status of unreachable agents to "offline" even when these agents have sent a heartbeat out.
Solution
This hotfix updates the OfficeScan server program to fix this issue.
Issue
Hotfix 5509
(SEG-74354)
An issue prevents the OfficeScan server from writing content to temporary files which may make source hotfix files invalid. When this happens, digital signature checking fails.
Solution
This hotfix updates the OfficeScan server program to fix this issue.
Issue
Hotfix 5509
(SEG-71942)
The "Enable Suspicious URL list" setting check box in the "Suspicious Object List Setting" page of the OfficeScan web console becomes unchecked after users click the "Save" button on the "Smart Protection Server" page.
Solution
This hotfix updates the OfficeScan server program to fix this issue.
Issue
Hotfix 5509
(SEG-69492)
Clients that have been set to "Unreachable Network" status do not appear with the "Unreachable" status on the product tree when the IP Template setting has been configured at the same time.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5509
(SEG-74531)
The DLP module cannot block printing tasks from Microsoft PowerPoint for Office 365.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5509
(SEG-73015)
The DLP module cannot block third-party burning software from burning files to a CD/DVD.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5509
(SEG-74795)
When disabling Windows Defender, the OfficeScan agent program always checks whether it is still running or has stopped. If it is still running, the OfficeScan agent calls the API to disable it and displays a "Restart Required" message on the OfficeScan agent console.
Solution
This hotfix updates the OfficeScan agent program to remove this checking mechanism so it does not trigger the "Restart Required" message on the OfficeScan agent console.
Issue
Hotfix 5509
(SEG-68812)
An issue prevents the DLP module from blocking the transmission of sensitive information through a RAR file that was compressed from a certain hierarchy directory with a directory name that contains Chinese characters.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5509
(SEG-76240)
Duplicate records in the database may cause the agent connection status to switch to "Independent".
Solution
This hotfix checks and removes duplicate records from the database to resolve this issue.
Issue
Hotfix 5509
(SEG-75111)
After upgrading to OSCE XG Service Pack1 Patch 2 Build 5502 and any higher version, users cannot OSCE server register successfully to Trend Micro Control Manager using certificates.
Solution
After applying the hotfix, users can successfully register OSCE server to Trend Micro Control Manager using certificates.
Enhancement
Hotfix 5509
(SEG-67982)
This hotfix updates the DLP module to extend the upload file size limit in "File Attributes" of Data Identifiers to 1024 GB.
Issue
Hotfix 5516
(SEG-73236)
The Trend Micro Data Loss Prevention™ (DLP) module generates two violation logs for a single printing action.
Solution
This hotfix updates the DLP module to resolve this issue.
Procedure
To configure the Sync mode cache (for blocking action) setting:
- Install this hotfix (see "Installation")
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following setting.
- [Configure]
- SYNC_MODE_FILE_CACHE=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents.
- The OfficeScan server deploys the settings to OfficeScan agents.
Issue
Hotfix 5516
(SEG-76917)
Manual Scan detection results do not display any information.
Solution
This hotfix updates the OfficeScan server program to ensure that Manual Scan detection results display complete and accurate information.
Issue
Hotfix 5516
(SEG-75767)
A log timeout issue may cause OfficeScan agents to send a large amount of duplicated Data Loss Prevention logs in a short time.
Solution
This hotfix updates the Data Protection module to resolve this issue.
Procedure
To configure the Sync mode cache (for blocking action) setting:
- Install this hotfix (see "Installation")
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following setting.
- [Configure]
- SYNC_MODE_FILE_CACHE=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents.
- The OfficeScan server deploys the settings to OfficeScan agents.
Issue
Hotfix 5516
(SEG-75570)
A third-party application automatically disables bluetooth adapters and LTP devices on agent computers while the Data Protection module keeps on enabling the same devices. Repeated enabling and disabling of these devices triggers a high CPU usage issue related to the "WMI Provider Host" process.
Solution
This hotfix updates the Data Protection module to resolve this issue.
Issue
Hotfix 5516
(SEG-71068), (SEG-71070)
OfficeScan agents installed on a Japanese directory cannot access the "NcieEcp.ini" and "ConnLog\Conn_XXXXXXXX.log" files.
Solution
This hotfix resolves the issue by updating the OfficeScan agent program.
Issue
Hotfix 5519
(SEG-74249)
The OfficeScan firewall service may block the connection to version 2.4.8 of OpenVPN.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5519
(SEG-77209)
The OfficeScan NT Real-time Scan Service (Ntrtscan) stops unexpectedly.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Enhancement
Hotfix 5519
(SEG-75270)
This hotfix enables the OfficeScan DLP module to monitor all file uploads to any website.
Procedure
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add its value.
- [Configure]
- monitor_file_upload_websites=*
- parser_monitor_list=*
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents". The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- monitor_file_upload_websites=*
- parser_monitor_list=*
Issue
Hotfix 5525
(SEG-70962)
When users burn files into a CD or DVD, the DLP module may not be able to detect certain files and as a result, may report an inaccurate DLP violation log count.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5525
(SEG-77788)
Security Agents with the Behavior Monitoring feature enabled may experience a memory resource issue.
Solution
This hotfix updates the Behavior Monitoring module to resolve this issue.
Issue
Hotfix 5525
(SEG-77542)
When the OfficeScan Server is installed in an air-gapped network environment, users may not be able to renew the OfficeScan Data Protection product license while managing the OfficeScan server from the Trend Micro Control Manager™ web console.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5525
(SEG-78972)
When the OfficeScan server is managed from the Control Manager web console, Data Loss Prevention™ (DLP) incident reviewers may not be able to decrypt the DLP forensic data from the "Incident Details" screen of the Control Manager web console.
Solution
This hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5525
(SEG-77924)
Endpoints may stop unexpectedly when the OfficeScan Behavior Monitoring feature is enabled.
Solution
This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "AegisK2UC" key and set its value to "2".
- [Global Setting]
- AegisK2UC=2
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: K2UC
- Type: REG_DWORD
- Value: 2
- Restart the OfficeScan agent computers.
Issue
Hotfix 5525
(SEG-71752)
The Trend Micro Unauthorized Change Prevention Service may slow down the performance of Microsoft™ Word applications when the officeatwork Add-In is enabled.
Solution
This hotfix updates the Behavior Monitoring module and enables users to configure OfficeScan to skip certain events to help prevent the issue.
Procedure
To configure OfficeScan to skip certain events to help prevent the issue and deploy the solution globally:
- Install this critical patch (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "DisableLoadImageNotify" key and "AegisDisablePostCloseSync" key and set both to "1".
- [Global Setting]
- DisableLoadImageNotify=1
- AegisDisablePostCloseSync=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: DisablePostCloseSync
- Key: DisableLoadImageNotify
- Type: DWORD
- Value: 1
- Restart the OfficeScan agent
Issue
Hotfix 5525
(SEG-77822)
Users may receive false positive C&C callback alerts on OfficeScan agents. This happens because the Network Content Inspection Engine (NCIE) reloads every few seconds.
Solution
This hotfix resolves the issue by updating the OfficeScan agent program.
Issue
Patch 5684
(SEG-71510)
When the Smart Protection Service Proxy is enabled, Security Agents should use the configured Smart Protection Service Proxy settings when querying Smart Protection sources for the Predictive Machine Learning feature. However, Security Agents do not apply the proxy settings when Security Agents are configured to use Conventional Scan to scan for security risks by default.
Solution
This patch updates the OfficeScan agent program to resolve this issue.
Issue
Patch 5684
(SEG-70281)
When the OfficeScan server is installed on a multiple network interface cards (NICs) environment and the administrator notification settings are configured to allow OfficeScan to send notifications through SNMP Trap, the wrong Source IP address information appears in the trap information section of the notifications.
Solution
This patch updates the Notification Module to resolve this issue.
Issue
Patch 5684
(SEG-60319)
Sometimes, the OfficeScan server loses its connection to the SQL database unexpectedly.
Solution
This patch updates the SQL package to resolve the issue.
Issue
Patch 5684
(SEG-72240)
An issue related to the weekly Scheduled Scan mechanism triggers a high CPU usage issue.
Solution
This patch updates the OfficeScan program to resolve this issue.
Issue
Patch 5684
(SEG-77827)
An issue prevents OfficeScan agents from retrieving the latest version of the Early Boot Cleanup Driver from the OfficeScan server.
Solution
This patch updates the OfficeScan agent program to resolve this issue.
Issue
Patch 5684
(SEG-81203)
An OfficeScan agent switches to offline status after upgrading from OfficeScan 11 Service Pack 1 to OfficeScan XG Service Pack 1.
Solution
This patch updates the OfficeScan agent program to resolve this issue.
Issue
Patch 5684
(VRTS-4192)
Agent notifications that display when a virus or malware is detected on the client may be vulnerable to code injection.
Solution
This patch updates the OfficeScan server program to remove the vulnerability.
Issue
Patch 5684
(VRTS-4228)
Except for the administrator account created during installation, user account passwords for the web console can be updated even when users have provided the wrong current password.
Solution
This patch updates the OfficeScan server program to remove the vulnerability.
Issue
Patch 5684
(SEG-80215)
After applying OfficeScan XG Service Pack 1 Patch 5502, the OfficeScan server cannot successfully register to the Edge server because the OsceOPA certificate cannot be deployed from the Edge server to the OfficeScan server.
Solution
This patch updates the OfficeScan server program to resolve this issue.
Issue
Patch 5684
(SEG-77324)
A database exception that may occur when an agent restarts may cause the agent domain GUID information to disappear from the database.
Solution
This patch prevents this issue.
Issue
Patch 5684
(SEG-82676)
An issue prevents users from accessing the detailed license information page.
Solution
This patch updates the OfficeScan program to resolve this issue.
Issue
Patch 5684
(SEG-79248)
Under certain conditions, off-premise OfficeScan agents that are connected to the OfficeScan Edge Relay server may not be able to send security risk logs to the OfficeScan server.
Solution
This patch updates the OfficeScan agent program to resolve this issue.
Issue
Patch 5684
(SEG-78107)
The OfficeScan agent IP address information on the web console may be updated to the previous value after the OfficeScan server syncs with the Edge server.
Solution
This patch updates the OfficeScan program to resolve this issue.
Procedure
To configure OfficeScan to prevent the issue and deploy the solution globally:
- Install this critical patch (see "Installation").
- Open the "ofcserver.ini" file in the "\PCCSRV\Private" folder in the OfficeScan server installation directory.
- Under the "INI_SERVER_SECTION" section, manually add the "ResetStampStart" key and set both to "1".
- [INI_SERVER_SECTION]
- ResetStampStart = 1
- Save the changes and close the file.
Enhancement
Patch 5684
(SEG-77644)
This patch enables OfficeScan to write Windows event logs on both servers and agents for the following events:
- An OfficeScan agent is uninstalled
- An OfficeScan agent is moved to another server
- The web console password is changed
If the OfficeScan server is registered to Trend Micro Control Manager™, the related windows event log will also show in the Product Auditing Event log on the Control Manager web console.
Enhancement
Patch 5684
(SEG-77645)
This patch applies the following enhanced password complexity requirements for better security:
- Unload and Uninstall OfficeScan Agent password
- OfficeScan server web console User Accounts password
Enhancement
Patch 5684
(SEG-77981)
This patch enables the OfficeScan web console to support Microsoft Edge (Chromium).
Enhancement
Patch 5684
(VRTS-4587), (VRTS-4586), (SEG-77636)
This patch applies updates to improve the security of OfficeScan server and agent operations.
Enhancement
Patch 5684
(VRTS-4456)
This patch imports the latest cURL binary to prevent a vulnerability issue.
Enhancement
Patch 5684
(VRTS-4654)
This patch improves the 7-Zip file archiver process in OfficeScan agents to prevent a possible vulnerability related to the OfficeScan Agent Self-protection feature.
Enhancement
Patch 5684
(SEG-77642)
This patch enhances the security check mechanism that works when OfficeScan moves agents to another OfficeScan server through the "Agents > Agent Management > Select agents > Move Agent" or "Administration > Settings > Agent Connection" page.
Enhancement
Patch 5684
(SEG-77641)
This patch enables the OfficeScan agent program to support Microsoft™ Windows™ 10 (version 2004) May 2020 Update.
Enhancement
Patch 5684
(SEG-77641), (SEG-48964)
This patch applies updates to improve the security of OfficeScan server operations.
Enhancement
Patch 5684
(SEG-78480)
This patch applies updates to improve the security in OfficeScan agents.
Enhancement
Patch 5684
(VRTS-4089)
This patch updates the OfficeScan OpenSSL to version 1.0.2u.
Enhancement
Patch 5684
(SEG-77632)
This patch makes the associated private key for the OfficeScan Server Authentication Certificate for communication with OfficeScan agents as non-exportable for better security.
Issue
Hotfix 5685
(SEG-71789)
Users may still be able to access USB storage devices even after setting the Device Control permissions for USB Storage Devices to "Block".
Solution
This hotfix updates DLP Endpoint SDK 6.2 to add a switch that responds when a device status changes to help prevent the issue from occurring.
Procedure
To enable the switch to respond when the device status changes:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Configure" section, manually add the "DEVICE_CHANGE_QUICK_RESP" key and set its value to "true".
- [Configure]
- DEVICE_CHANGE_QUICK_RESP=true
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Agent Management > Select domains or agents > Settings > DLP settings" screen.
- Click "Save" to deploy the setting to agents". The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- DEVICE_CHANGE_QUICK_RESP=true
- Restart the OfficeScan agents.
Issue
Hotfix 5690
(SEG-78287)
The size of the Data Loss Prevention™ (DLP) log always appears as 2147483647 on the OfficeScan server web console when the triggering file on the endpoint is larger than 2GB.
Solution
This hotfix updates the OfficeScan server and agent programs to resolve this issue.
Issue
Hotfix 5690
(SEG-74834)
The "Enable Suspicious URL list" option on the "Suspicious Object List Settings" page of the web console is disabled even when the OfficeScan server has registered to the Edge Relay Server if Integrated Smart Protection Server is not installed on the OfficeScan server.
Solution
This hotfix allows users to configure the "Enable Suspicious URL list" setting and provide User-Defined Suspicious URLs to off-premises agents.
Issue
Hotfix 5690
(SEG-74834)
On the off-premise agent console, the timestamps on the "Suspicious Object List" on the "Component Versions" page do not update promptly.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Issue
Hotfix 5690
(SEG-84409)
OfficeScan XG Service Pack 1 agent program supports Microsoft™ Windows™ Server 2019, however, the agents appear as "Windows Server 2016" if managed on the Apex Central server console.
Solution
This hotfix updates the OfficeScan server program to ensure that OfficeScan uploads the correct product information to the managed Apex Central server.
Issue
Hotfix 5690
(SEG-71789), (SEG-85175)
Users may still be able to access USB storage devices even after setting the Device Control permissions for USB Storage Devices to "Block".
Solution
This hotfix updates DLP Endpoint SDK 6.2 to add a switch that responds when a device status changes to help prevent the issue from occurring.
Procedure
To enable the switch to respond when the device status changes:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Configure" section, manually add the "DEVICE_CHANGE_QUICK_RESP" key and set its value to "true".
- [Configure]
- DEVICE_CHANGE_QUICK_RESP=true
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Agent Management > Select domains or agents > Settings > DLP settings" screen.
- Click "Save" to deploy the setting to agents". The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- DEVICE_CHANGE_QUICK_RESP=true
- Restart the OfficeScan agents.
Issue
Hotfix 5690
(SEG-83024)
After applying OfficeScan XG Service Pack 1 Patch 2, users may not be able to save new custom OfficeScan Agent domain names or group names on the "Add IP Address Grouping" screen if the name contains certain characters. Existing domains containing the characters may also appear garbled on the "Add IP Address Grouping" screen.
Solution
This hotfix updates the OfficeScan server program to prevent this issue.
Issue
Hotfix 5690
(SEG-81228)
An issue related to the OfficeScan Behavior Monitor (BM) feature may cause blue screen of death (BSOD) on agent computers.
Solution
This hotfix updates the OfficeScan BM module to prevent this issue.
Issue
Hotfix 5690
(SEG-79761)
End users may still be able to copy sensitive image files to DVDs even when the DLP policy is set to "Block".
Solution
This hotfix updates the Data Protection module to resolve this issue.
Issue
Hotfix 5690
(SEG-78289)
Sometimes, an issue prevents the DLP feature from blocking the transfer of large sensitive files using the Server Message Block (SMB) protocol.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5690
(SEG-82166)
An issue related to the DLP module enables the Wireless NIC interface unexpectedly on client computers.
Solution
This hotfix updates the DLP module to prevent the issue from occurring.
Issue
Hotfix 5690
(SEG-79416)
Endpoints may stop unexpectedly or experience BSOD when the DLP service is enabled on OfficeScan agent computers.
Solution
This hotfix resolves this issue by updating the DLP module.
Issue
Hotfix 5690
(SEG-80225)
When burning files on Nero Burning application triggers a DLP violation, the contents of the corresponding DLP logs may not display properly.
Solution
This hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5690
(SEG-84012)
After applying OfficeScan XG Service Pack 1 Patch 3, users cannot move OfficeScan agents to another server using the EnableMoveNATClient feature. This happens due to an enhanced security check mechanism for moving OfficeScan agents in Patch 3.
Solution
This hotfix updates the security check mechanism to ensure that you can move OfficeScan agents using the EnableMoveNATClient feature.
Issue
Hotfix 5690
(SEG-83636)
DLP logs contain inaccurate file path information.
Solution
This hotfix updates the Data Protection module to resolve this issue.
Issue
Hotfix 5690
(SEG-72155)
In virus logs, the security threat information is displayed in short name format if the scan type is "DCS".
Solution
This hotfix updates the OfficeScan agent program to display the security threat name in long name format.
Issue
Hotfix 5693
(SEG-84914)
An issue prevents users from restarting or stopping the WMI service (winmgmt) on endpoints where the Security Agent is installed. The Security Agent tmlisten service is dependent on the WMI service.
Solution
This Hotfix updates the Security Agent program to remove the WMI service dependency.
Issue
Hotfix 5693
(SEG-85188)
Endpoints may stop unexpectedly or experience a blue screen of death (BSOD) after updating the Data Protection service on OfficeScan agents.
Solution
This Hotfix resolves this issue by updating the Data Protection module.
Issue
Hotfix 5693
(PDGJIRA-83124), (PDGJIRA-81389)
When the Data Loss Prevention™ (DLP) module is configured to block the transfer of password-protected .rar or .zip files through selected network channels, it also blocks .7z files that are not password-protected.
Solution
This Hotfix updates the DLP module to resolve this issue.
Issue
Hotfix 5693
(SEG-84673)
The space character cannot be displayed normally in exported CSV files of Virus/Malware logs.
Solution
This Hotfix updates the OfficeScan server program to resolve this issue.
Issue
Hotfix 5693
(SEG-84834)
Users cannot move agents to a specific domain on the target server using the EnableMoveNATClient feature in the following command format:
- #moveto_<target Server IP or hostname>:HTTP port|HTTPS port\targetdomain
This happens because the backslash "\" prevents the feature from retrieving the full domain name from the SQL database.
Solution
This hotfix updates the OfficeScan agent program to resolve this issue.
Enhancement
Hotfix 5693
(SEG-78900)
This Hotfix updates the Data Protection module to extend the maximum supported forensic data size on clients.
Procedure
To set the maximum supported forensic data size:
- Install this Hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Configure" section, manually add the "MAX_FORENSIC_DATA_SIZE" key and set its value to the preferred maximum size in KB. this key supports values from 1 to 1073741824.
- [Configure]
- MAX_FORENSIC_DATA_SIZE=1073741824
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Agent Management > Select domains or agents > Settings > DLP settings" screen.
- Click "Save" to deploy the setting to agents". The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- MAX_FORENSIC_DATA_SIZE=1073741824
- Restart the OfficeScan agents.
Enhancement
Hotfix 5693
(SEG-84834)
This hotfix allows administrators to move agents to a specific domain on the target server using the EnableMoveNATClient feature by creating domain hierarchy under the "#moveto_<target Server IP or hostname>:HTTP port|HTTPS port" domain on the source server.
Procedure
To move agents to a specific domain on the target server using the EnableMoveNATClient feature:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Add the following keys under the "Global Setting" section and set the following values:
- [Global Setting]
- EnableMoveNATClient=1, enables administrators to move unreachable clients between servers
- MoveNATClientDomainPrefix=#moveto_, (default) domain prefix for moving unreachable clients
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
- Path: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key: EnableMoveNATClient
- Value: 1
- Path: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key: MoveNATClientDomainPrefix
- Value: #moveto_
- Open the OfficeScan web console and go to the "Agents > Agent Management > Manage Agent Tree > Add Domain" page.
- Specify the domain name "#moveto_<target Server IP or hostname>:HTTP port|HTTPS port". For example, "#moveto_10.1.1.1:80|443" or "#moveto_serverB:8080|4343".
- NOTES:
- Use the target Server IP if OfficeScan agents identify the server by IP while installing the target server.
- Use the target Server hostname if OfficeScan agents identify the server by hostname while installing the target server.
- Create the domain hierarchy under "#moveto_<target Server IP or hostname>:HTTP port|HTTPS port" domain or drop existing domain to "#moveto_<target Server IP or hostname>:HTTP port|HTTPS port" domain.
For example,
- OfficeScan Server
- ----- #moveto_serverB:8080|4343
- ---------- | subdomain1 |
- --------------- | subdomain2 |
- Move the agent to the specific domain in the domain hierarchy created in step 9.
For example, put agent in subdomain2 domain
- OfficeScan Server
- ----- #moveto_serverB:8080|4343
- ---------- | subdomain1 |
- --------------- | subdomain2 | agent
- NOTES: You may skip this step if you drop existing domain in step 9 and the agent has existed in the domain.
- The agent will be moved to the specific domain on the target server.
For example,
- OfficeScan Server
- ----- | subdomain1 |
- ---------- | subdomain2 | agent
Issue
Critical Patch 5698
(VRTS-5023), (SEG-85097)
An Out-Of-Bounds Read vulnerability may cause the agent program to stop unexpectedly.
Solution
This Critical Patch updates the OfficeScan agent program to remove the vulnerability.
Issue
Critical Patch 5698
(SEG-86121)
Sometimes, OfficeScan agents cannot perform a Manual Scan or download pattern files from the OfficeScan server normally because the OfficeScan Real-time Scan ("Ntrtscan.exe") service runs into a deadlock issue.
Solution
This Critical Patch updates the OfficeScan agent program to resolve the issue.
Issue
Critical Patch 5698
(SEG-85904)
After applying Hotfix 5516 or Patch 3 5684 on the Japanese version of OfficeScan XG Service Pack 1, garbled characters appear in blocked websites that trigger Web Reputation rules.
Solution
This Critical Patch updates the OfficeScan agent program to resolve this issue.
Issue
Critical Patch 5698
(SEG-86718)
It may take a long time to share files between protected computers over a network when the OfficeScan Data Protection Service is enabled on the OfficeScan agent.
Solution
This Critical Patch updates the Data Protection module to resolve this issue.
Issue
Critical Patch 5698
(VRTS-4923), (VRTS-4927), (VRTS-4891), (VRTS-4893), (VRTS-4889), (VRTS-5116), (VRTS-5117), (VRTS-5118)
OfficeScan is affected by an Improper Access Control Information Disclosure vulnerability.
Solution
This Critical Patch updates the OfficeScan server program to remove the vulnerability.
Issue
Critical Patch 5698
(SEG-85284)
When the Data Loss Prevention™ (DLP) module is configured to block the transfer of password-protected compressed files, it may not be able to detect the transfer of sensitive information in selected System and Application Channels or Network Channels.
Solution
This Critical Patch updates the Data Protection module to resolve this issue.
Issue
Critical Patch 5698
(SEG-85491)
An issue related to the OfficeScan Behavior Monitoring feature triggers blue screen of death (BSOD) on protected computers running Microsoft™ Windows™ 10 May 2020 Update (20H1).
Solution
This Critical Patch updates the Behavior Monitoring module to resolve the issue.
Issue
Critical Patch 5698
(VRTS-4618), (VRTS-4619)
OfficeScan is affected by the ServerMigrationTool DAT File Parsing Double Free Remote Code Execution Vulnerability.
Solution
This Critical Patch updates the ServerMigrationTool program to resolve the vulnerability.
Issue
Critical Patch 5698
(VRTS-4661), (VRTS-4662)
OfficeScan is affected by the ServerMigrationTool ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.
Solution
This Critical Patch updates the ServerMigrationTool program to resolve the vulnerability.
Issue
Critical Patch 5698
(VRTS-4842), (VRTS-5083)
The OfficeScan agent installation mechanism that uses an MSI package to install the agent may be affected by a certain vulnerability.
Solution
This Critical Patch updates the OfficeScan agent program to resolve the vulnerability.
Issue
Critical Patch 5698
(VRTS-4475), (VRTS-5112)
OfficeScan may be affected by an authentication bypass vulnerability.
Solution
This Critical Patch updates the OfficeScan agent program to resolve the vulnerability.
Issue
Critical Patch 5698
(VRTS-4573), (VRTS-5113)
An issue related to the Trend Micro Browser Exploit Prevention module may cause an Out-of-bounds Read vulnerability.
Solution
This Critical Patch updates the Trend Micro Browser Exploit Prevention module to resolve the vulnerability.
Issue
Critical Patch 5698
(VRTS-5110), (VRTS-4792)
A possible vulnerability existed that could allow an attacker to inject arbitrary files into an update file path if the OfficeScan XG SP1 server updated from a local directory.
Solution
This Critical Patch updates the OfficeScan program to resolve this issue.
Enhancement
Critical Patch 5698
(SEG-71805)
This Critical Patch enables OfficeScan to support the application filter hash matching feature for the Firewall Policy Exception so that users are able to specify applications to use the file hash value on.
Procedure
To enable the new settings:
- Install this Critical Patch (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the "EnableHashMatch" key and set its value to "1".
- [Global Setting]
- EnableHashMatch=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Path:
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW\
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW\
- Key: EnableHashMatch
- Type: REG_DWORD
- Value: 1
Enhancement
Critical Patch 5698
(VRTS-4530), (VRTS-4586), (VRTS-4754), (VRTS-5119)
This Critical Patch applies updates to improve the security of OfficeScan server and agent operations.
8. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
https://www.trendmicro.com/en_us/contact.html
NOTE: This information is subject to change without notice.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
https://www.trendmicro.com/en_us/contact.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
Smart, simple, security that fits.
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2020, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2020, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
10. License Agreement
View information about your license agreement with Trend Micro at:
https://www.trendmicro.com/en_us/about/legal.html
Third-party licensing agreements can be viewed:
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide