Contents
1. Critical Patch Release Information
Resolved Known Issues
This Critical Patch resolves the following issue(s):
A directory traversal vulnerability may allow an attacker to log on to the OfficeScan Management Console as a root user.
Solution:
This critical patch updates the OfficeScan server program to remove the vulnerability.
A directory traversal vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in OfficeScan server.
Solution:
This critical patch updates the OfficeScan server program to remove the vulnerability.
Enhancements
There are no enhancements for this Critical Patch release.
Files Included in this Release
A. Files for Current Issue(s) ------------------------------------------------------------------- Filename Build Number ------------------------------ ------------ OfficeScan\PCCSRV\Admin\Utility\EdgeServer\*.* OfficeScan\PCCSRV\Admin\Utility\SQL\*.* OfficeScan\PCCSRV\Pccnt\Disk1\*.* OfficeScan\PCCSRV\ ------------------------------------------------------------------- AutoPcc.exe 12.0.0.1962 AutoPccP.exe 12.0.0.1962 CGIResUTF8.dll 12.0.0.1962 CGIShare.dll 12.0.0.1962 libcurl.dll 7.58.0.0 libeay32.dll 1.0.2.16 libNetCtrl.dll 13.0.0.1863 OfcPfwCommon.dll 13.0.0.1863 ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Admin\ ------------------------------------------------------------------- loadhttp.dll 13.0.0.1863 OSCETSCLog.dll 13.0.0.1863 tmxfalcon.cfg * Wizard.exe 13.0.0.1863 Wizard_64x.exe 13.0.0.1863 OfficeScan\PCCSRV\Admin\Utility\ClientPackager\ ------------------------------------------------------------------- CLIENTMSISETUP_MSI * ClnExtor.ini * ClnPack.ini * OfcPfwCommon.dll 13.0.0.1863 OfficeScan\PCCSRV\Admin\Utility\IpXfer\ ------------------------------------------------------------------- IpXfer.exe 13.0.0.1863 IpXfer_x64.exe 13.0.0.1863 OfficeScan\PCCSRV\Admin\Utility\ListDeviceInfo\ ------------------------------------------------------------------- listDeviceInfo.conf.ini * listDeviceInfo.exe 6.2.0.1249 OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.1962 OfficeScan\PCCSRV\Admin\Utility\ServerMigrationTool\ ------------------------------------------------------------------- CGIOCommon.dll 12.0.0.1962 ServerMigrationTool.exe 12.0.0.1962 OfficeScan\PCCSRV\Admin\Utility\SQL\ ------------------------------------------------------------------- libSQLDatabaseUpgrade.dll 12.0.0.1962 OfficeScan\PCCSRV\Admin\Utility\TCacheGen\ ------------------------------------------------------------------- TCacheGen.exe 12.0.0.1962 TCacheGen_x64.exe 12.0.0.1962 TCacheGenCli.exe * TCacheGenCli_x64.exe * OfficeScan\PCCSRV\Admin\Utility\TMVS\ ------------------------------------------------------------------- libeay32.dll 1.0.2.16 ssleay32.dll 1.0.2.16 TMVS.exe 12.0.0.1962 OfficeScan\PCCSRV\Admin\Utility\VSEncrypt\ ------------------------------------------------------------------- VSEncode.exe 12.0.0.1962 OfficeScan\PCCSRV\Autopcc.cfg\ ------------------------------------------------------------------- ApNT.ini * ApNT_X64.ini * OfficeScan\PCCSRV\CmAgent\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.1962 libcurl.dll 7.43.0.0 libeay32.dll 1.0.2.16 OfcCMAgent.exe 12.0.0.1962 ProductLibrary.dll 12.0.0.1962 ProductUI.zip * ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Download\ ------------------------------------------------------------------- ClnPack_files.xml * OfficeScan\PCCSRV\Download\Engine\ ------------------------------------------------------------------- bmdriver_x32.sig * bmdriver_x32.zip * bmdriver_x64.sig * bmdriver_x64.zip * bmservice_x32.sig * bmservice_x32.zip * bmservice_x64.sig * bmservice_x64.zip * falcon32.sig * falcon32.zip * falcon64.sig * falcon64.zip * TMEBC32.sig * TMEBC32.zip * TMEBC64.sig * TMEBC64.zip * OfficeScan\PCCSRV\Download\Pattern\ ------------------------------------------------------------------- falconcfg.zip * OfficeScan\PCCSRV\Download\Product\ ------------------------------------------------------------------- DlpLite_Common.zip * DlpLite_Common_x64.zip * OfficeScan\PCCSRV\Engine\ ------------------------------------------------------------------- TmaegisSysEvt.dll 2.976.0.1326 TMBMCLI.dll 2.976.0.1326 TMBMSRV.exe 2.976.0.1326 tmCfwApi.dll 5.83.0.1059 tmcomeng.dll 2.976.0.1326 TmEngDrv.dll 2.976.0.1326 tmHash.dll 5.83.0.1059 TMPEM.dll 2.976.0.1326 TmPfw.exe 5.83.0.1059 TmPfwApi.dll 5.83.0.1059 TmPfwRul.dll 5.83.0.1059 TmSysEvt.dll 7.0.0.1162 tmwlutil.dll 2.976.0.1326 tmxfalcon.dll 1.2.0.1031 OfficeScan\PCCSRV\Engine\CCSF\TrxHandler\ ------------------------------------------------------------------- curl-ca-bundle.crt * libcurl.dll 7.49.1.0 libeay32.dll 1.0.2.10 ssleay32.dll 1.0.2.10 trxhandler.dll 1.100.0.1060 OfficeScan\PCCSRV\Engine\x64\ ------------------------------------------------------------------- TmaegisSysEvt.dll 2.976.0.1326 TMBMCLI.dll 2.976.0.1326 TMBMSRV.exe 2.976.0.1326 tmCfwApi.dll 5.83.0.1059 tmcomeng.dll 2.976.0.1326 TmEngDrv.dll 2.976.0.1326 tmHash.dll 5.83.0.1059 TMPEM.dll 2.976.0.1326 TmPfw.exe 5.83.0.1059 TmPfwApi.dll 5.83.0.1059 TmPfwRul.dll 5.83.0.1059 TmSysEvt.dll 7.0.0.1162 tmwlutil.dll 2.976.0.1326 tmxfalcon.dll 1.2.0.1031 OfficeScan\PCCSRV\Engine\x64\CCSF\TrxHandler\ ------------------------------------------------------------------- curl-ca-bundle.crt * libcurl.dll 7.49.1.0 libeay32.dll 1.0.2.10 ssleay32.dll 1.0.2.10 trxhandler.dll 1.100.0.1060 OfficeScan\PCCSRV\LWCS\ ------------------------------------------------------------------- libcurl.dll 7.55.1.0 libeay32.dll 1.0.2.16 ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Pccnt\ ------------------------------------------------------------------- ClientConsole.zip * NTMonRes.dll 12.0.0.1962 ntrtscan.exe 13.0.0.1863 OfficeScan\PCCSRV\Pccnt\Common\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 7z.exe 18.5.0.0 CCSF_WIN32.zip * CNTAoSMgr.exe 2.3.0.1422 com.trendmicro.tmopfirefox.ext.json * com.trendmicro.tmopfirefox.ext@trendop.xpi * fcWofieUI.dll 13.0.0.1863 ICRCHdler.dll 2.82.0.1063 lib7zWrapper.dll * libcurl.dll 7.64.0.0 libeay32.dll 1.0.2.16 libNetCtrl.dll 13.0.0.1863 libprotobuf.dat * libprotobuf.dll * loadhttp.dll 13.0.0.1863 NTRmv.exe 13.0.0.1863 ofc_loadhttp.dll 13.0.0.1863 OfcCCCAUpdate.exe 13.0.0.1863 OfcPfwCommon.dll 13.0.0.1863 OfcPfwSvc.dll 13.0.0.1863 PccNT.exe 13.0.0.1863 PccNTMon.exe 13.0.0.1863 perfiCrcPerfMonMgr.dll 2.82.0.1036 ssleay32.dll 1.0.2.16 tmCfwApi.dll 5.83.0.1059 TmFpHcEx.exe 5.83.0.1059 tmHash.dll 5.83.0.1059 TmListen.dll 13.0.0.1863 TmListen.exe 13.0.0.1863 TmListenShare.dll 13.0.0.1863 TmopCfg.dll 3.0.0.1044 Tmopcfscan.dll 3.0.0.1044 TmopChromeMsgHost32.exe 2.0.0.1094 TmopCtl.dll 3.0.0.1044 TmopDbg.dll 3.0.0.1044 TmopExtIns.exe 2.0.0.1094 TmopIEPlg.dll 2.0.0.1094 TmoppeEvts.dll 3.0.0.1044 TmoppeHosF.dll 3.0.0.1044 TmoppePDP.dll 3.0.0.1044 TmoppeSAL.dll 3.0.0.1044 TmoppeSsF.dll 3.0.0.1044 TmoppeUrlF.dll 3.0.0.1044 TmoppeVS.dll 3.0.0.1044 TmopphHttp.dll 3.0.0.1044 TmopphMsn.dll 3.0.0.1044 TmopphPop3.dll 3.0.0.1044 TmopphSmtp.dll 3.0.0.1044 TmopphYmsg.dll 3.0.0.1044 TmopPlgAdp.dll 3.0.0.1044 Tmopsent.dll 3.0.0.1044 TmopsmHttp.dll 3.0.0.1044 TmopsmIm.dll 3.0.0.1044 TmopsmMail.dll 3.0.0.1044 TmOsprey.dll 2.0.0.1094 TmPfw.exe 5.83.0.1059 TmPfwApi.dll 5.83.0.1059 TmPfwCtl.dll 5.83.0.1059 TmPfwCtl_xp.dll 5.83.0.1059 TmPfwRul.dll 5.83.0.1059 TmSock.dll 13.0.0.1863 TmSSClient.exe 13.0.0.1863 tmufeng.dll 3.9.0.1012 tmwfpapi.dll 5.83.0.1059 Upgrade.exe 13.0.0.1863 OfficeScan\PCCSRV\Pccnt\Drv\ ------------------------------------------------------------------- tmactmon.cat * tmactmon.inf * tmactmon.sys 2.976.0.1321 tmcomm.cat * tmcomm.inf * tmcomm.sys 7.0.0.1169 tmebc.cat * TMEBC.inf * TMEBC32.sys 1.5.0.1045 tmeevw.cat * tmeevw.inf * tmeevw.sys 3.0.0.1005 tmevtmgr.cat * tmevtmgr.inf * tmevtmgr.sys 2.976.0.1321 tmlwf.cat * tmlwf.inf * TMLWF.sys 5.83.0.1059 tmlwfins.exe 5.83.0.1059 tmncieco.dll 3.0.0.1064 tmnciesc.cat * tmnciesc.inf * tmnciesc.sys 3.0.0.1064 tmusa.cat * tmusa.inf * tmusa.sys 3.0.0.1047 tmwfp.cat * tmwfp.inf * TMWFP.sys 5.83.0.1059 tmwfpins.exe 5.83.0.1059 OfficeScan\PCCSRV\Pccnt\Drv\x64\ ------------------------------------------------------------------- tmactmon.cat * tmactmon.inf * tmactmon.sys 2.976.0.1321 tmcomm.cat * tmcomm.inf * tmcomm.sys 7.0.0.1169 tmebc.cat * TMEBC.inf * TMEBC64.sys 1.5.0.1045 tmeevw.cat * tmeevw.inf * tmeevw.sys 3.0.0.1005 tmevtmgr.cat * tmevtmgr.inf * tmevtmgr.sys 2.976.0.1321 tmlwf.cat * tmlwf.inf * TMLWF.sys 5.83.0.1059 tmlwfins.exe 5.83.0.1059 tmncieco.dll 3.0.0.1064 tmnciesc.cat * tmnciesc.inf * tmnciesc.sys 3.0.0.1064 tmusa.cat * tmusa.inf * tmusa.sys 3.0.0.1047 tmwfp.cat * tmwfp.inf * TMWFP.sys 5.83.0.1059 tmwfpins.exe 5.83.0.1059 OfficeScan\PCCSRV\Pccnt\Win64\X64\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 7z.exe 18.5.0.0 CCSF_X64.zip * fcWofieUI.dll 13.0.0.1863 ICRCHdler.dll 2.82.0.1063 lib7zWrapper_64x.dll * libcurl.dll 7.64.0.0 libeay32.dll 1.0.2.16 libNetCtrl_64x.dll 13.0.0.1863 libprotobuf.dat * libprotobuf.dll * loadhttp_64x.dll 13.0.0.1863 NTRmv.exe 13.0.0.1863 ntrtscan.exe 13.0.0.1863 ofc_loadhttp_64x.dll 13.0.0.1863 OfcCCCAUpdate.exe 13.0.0.1863 OfcPfwCommon_64x.dll 13.0.0.1863 OfcPfwSvc_64x.dll 13.0.0.1863 OSCETSCLog_64x.dll 13.0.0.1863 PccNT.exe 13.0.0.1863 PccNTMon.exe 13.0.0.1863 perfiCrcPerfMonMgr.dll 2.82.0.1036 ssleay32.dll 1.0.2.16 tmCfwApi.dll 5.83.0.1059 TmFpHcEx.exe 5.83.0.1059 tmHash.dll 5.83.0.1059 TmListen.exe 13.0.0.1863 TmListen_64x.dll 13.0.0.1863 TmListenShare_64x.dll 13.0.0.1863 TmopCfg.dll 3.0.0.1044 Tmopcfscan.dll 3.0.0.1044 TmopCtl.dll 3.0.0.1044 TmopDbg.dll 3.0.0.1044 TmopExtIns.exe 2.0.0.1094 TmopExtIns32.exe 2.0.0.1094 TmopIEPlg.dll 2.0.0.1094 TmopIEPlg32.dll 2.0.0.1094 TmoppeEvts.dll 3.0.0.1044 TmoppeHosF.dll 3.0.0.1044 TmoppePDP.dll 3.0.0.1044 TmoppeSAL.dll 3.0.0.1044 TmoppeSsF.dll 3.0.0.1044 TmoppeUrlF.dll 3.0.0.1044 TmoppeVS.dll 3.0.0.1044 TmopphHttp.dll 3.0.0.1044 TmopphMsn.dll 3.0.0.1044 TmopphPop3.dll 3.0.0.1044 TmopphSmtp.dll 3.0.0.1044 TmopphYmsg.dll 3.0.0.1044 TmopPlgAdp.dll 3.0.0.1044 Tmopsent.dll 3.0.0.1044 TmopsmHttp.dll 3.0.0.1044 TmopsmIm.dll 3.0.0.1044 TmopsmMail.dll 3.0.0.1044 TmOsprey.dll 2.0.0.1094 TmOsprey32.dll 2.0.0.1094 TmPfw.exe 5.83.0.1059 TmPfwApi.dll 5.83.0.1059 TmPfwCtl.dll 5.83.0.1059 TmPfwCtl_xp.dll 5.83.0.1059 TmPfwRul.dll 5.83.0.1059 TmSock_64x.dll 13.0.0.1863 TmSSClient.exe 13.0.0.1863 tmufeng.dll 3.9.0.1012 tmwfpapi.dll 5.83.0.1059 Upgrade.exe 13.0.0.1863 OfficeScan\PCCSRV\Private\ ------------------------------------------------------------------- DlpClc.xml * OfficeScan\PCCSRV\Private\certificate\ ------------------------------------------------------------------- libeay32.dll 1.0.2.16 openssl.exe * ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Private\LogServer\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 7z.exe 18.5.0.0 OfficeScan\PCCSRV\SRS\ ------------------------------------------------------------------- libcurl.dll 7.55.1.0 libeay32.dll 1.0.2.16 SRService.exe 3.1.0.1035 ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Web\Service\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 CGIOCommon.dll 12.0.0.1962 CGIResUTF8.dll 12.0.0.1962 CGIShare.dll 12.0.0.1962 CmdHLClient.dll 12.0.0.1962 CmdHOConsole.dll 12.0.0.1962 cme_dll.dll 6.2.0.1196 cme_vxe_dll_static.dll 6.2.0.1196 DBServer.exe 12.0.0.1962 lib7zWrapper.dll * libCmdHndlrClientV2.dll 12.0.0.1962 libCmdHndlrConsoleV2.dll 12.0.0.1962 libcurl.dll 7.58.0.0 libcurl_ofc.dll 7.58.0.0 libeay32.dll 1.0.2.16 LogCache.dll 12.0.0.1962 OfcCCCAUpdate.exe 13.0.0.1863 OfcDownload.dll 12.0.0.1962 OfcEdgeAgent.exe 12.0.0.1962 OfcHotFix.exe 12.0.0.1962 OfcNotifyQueue.dll 12.0.0.1962 OfcPfwCommon.dll 13.0.0.1863 OfcService.exe 12.0.0.1962 OSCEIntegrationService.exe 12.0.0.1962 ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Web\Service\PLM\ ------------------------------------------------------------------- 7z.dll 18.5.0.0 OfficeScan\PCCSRV\Web_OSCE\Web\CGI\ ------------------------------------------------------------------- cgiExportInfo.exe 12.0.0.1962 cgiGetClient.exe 12.0.0.1962 cgiImportInfo.exe 12.0.0.1962 CGIOCommon.dll 12.0.0.1962 cgiRecvFile.exe 12.0.0.1962 CGIResUTF8.dll 12.0.0.1962 cgiRqUpd.exe 12.0.0.1962 CGIShare.dll 12.0.0.1962 isapiClient.dll 12.0.0.1962 isapiClientX64.dll 12.0.0.1962 isapiClientX86.dll 12.0.0.1962 libcurl.dll 7.58.0.0 libeay32.dll 1.0.2.16 OfcPfwCommon.dll 13.0.0.1863 ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Web_OSCE\Web_Console\CGI\ ------------------------------------------------------------------- cgiChkMasterPwd.exe 12.0.0.1962 cgiFindClient.exe 12.0.0.1962 CGIOCommon.dll 12.0.0.1962 CGIResUTF8.dll 12.0.0.1962 CGIShare.dll 12.0.0.1962 cgiShowActiveDirectory.exe 12.0.0.1962 cgiShowClientAdm.exe 12.0.0.1962 cgiShowComplianceReport.exe 12.0.0.1962 cgiShowLogs.exe 12.0.0.1962 cgiShowNotify.exe 12.0.0.1962 cgiShowServerAdm.exe 12.0.0.1962 cgiShowSummary.exe 12.0.0.1962 cgiWebUpdate.ini * fcgiOfcDDA.exe 12.0.0.1962 libcurl.dll 7.58.0.0 libeay32.dll 1.0.2.16 OfcPfwCommon.dll 13.0.0.1863 ssleay32.dll 1.0.2.16 OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\ ------------------------------------------------------------------- data_protection.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\ ------------------------------------------------------------------- admin_account_info.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\ ------------------------------------------------------------------- bm_settings.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ ------------------------------------------------------------------- client_ofsc_services.htm * client_searchwindow.htm * client_urlfiltering_profiles.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\ ------------------------------------------------------------------- ln_clientmag.js * x_localization.xml * x_view_status.xsl * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\ ------------------------------------------------------------------- l10n.clientmag.js * l10n.dlp.js * l10n.logs.js * l10n.serveradm.js * OfficeScan\PCCSRV\WEB_OSCE\Web_console\HTML\dlp\ ------------------------------------------------------------------- dlp_FileAttr_addedit.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\logs\ ------------------------------------------------------------------- log_client_update_detail.htm * logs_bm_view.htm * logs_dac_view.htm * logs_network_malware_view.htm * logs_pfw_view.htm * logs_spyware_view.htm * logs_suspicious_file_view.htm * logs_trendx_view.htm * logs_virus_view.htm * logs_WebSecurity_view.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\notify\ ------------------------------------------------------------------- notify_standardalert.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\root\ ------------------------------------------------------------------- logon.htm * OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\serveradm\ ------------------------------------------------------------------- server_proxy.htm * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\ ------------------------------------------------------------------- db_controller.php * help_proxy.php * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\inc\class\proxy\ ------------------------------------------------------------------- HttpTalk.php * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\repository\widgetPool\ ------------------------------------------------------------------- DeleteWidgetsFromDB.bat * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\repository\widgetPool\wp%RETCODE%\inc\ ------------------------------------------------------------------- config.php * OfficeScan\PCCSRV\WEB_OSCE\Web_Console\HTML\widget\repository\widgetPool\wp%RETCODE%\interface\ ------------------------------------------------------------------- analyzeWF.php * OfficeScan\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\ ------------------------------------------------------------------- cgiGetNTDomain.exe 12.0.0.1962 CGIOCommon.dll 12.0.0.1962 CGIResUTF8.dll 12.0.0.1962 CGIShare.dll 12.0.0.1962 libcurl.dll 7.58.0.0 libeay32.dll 1.0.2.16 ssleay32.dll 1.0.2.16 Wizard.exe 13.0.0.1863 Wizard_64x.exe 13.0.0.1863 OfficeScan\PCCSRV\WSS\ ------------------------------------------------------------------- iCRCService.exe 3.1.0.1035 B. Network Traffic Required in Deployment ------------------------------------------------------------------- Estimated size (in terms of bandwidth) of deployed agent files in this critical patch. - 32-bit agent total = 105.9 MB - 64-bit agent total = 139.1 MB
2. Documentation Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
- Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
- To access the Support Portal, go to http://esupport.trendmicro.com
3. System Requirements
4. Installation/Uninstallation
Installing
To install:
- Copy the hotfix executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This hotfix installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.
Uninstalling
To manually roll back to the previous build:
- Locate the backup folder that the hotfix package created in the "\PCCSRV\Backup\Critical Patch_B1962" directory.
- Stop the OfficeScan Master Service.
- Stop the OfficeScan CMAgent Service.
- Copy the backup modules to the original folders.
- Start the OfficeScan CMAgent Service.
- Start the OfficeScan Master Service.
5. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
6. Known Issues
Known issues in this release:
Before deploying this Critical Patch to OfficeScan agents running Windows 10 "April 2018 Update" (v1803), you must add some process exceptions to the Behavior Monitoring Approved List. OfficeScan agents that do not have an updated Approved List may encounter a blue screen of death (BSOD) after applying the Critical Patch. For more details, refer to the following KB: https://success.trendmicro.com/solution/1119990
7. Release History
Prior Hotfixes
Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.
(SEG-1256)
The OfficeScan Behavior Monitoring feature may cause certain computers to lock up intermittently.
Solution:
This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(SEG-3260)
The OfficeScan Behavior Monitoring feature may block Adobe Acrobat Reader intermittently.
Solution:
This hotfix updates the Behavior Monitoring UMH addon module to resolve the issue.
(SEG-4711)
The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings contain non-ASCII characters.
Solution:
This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager policies to ensure that the server can check the signature of these policies.
(SEG-3830)
The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a specific website.
Solution:
This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(SEG-4824)
Data Loss Prevention(TM) (DLP) generates duplicate violation event logs when users send an email message using Outlook.
Solution:
This hotfix enables the DLP multipart feature in Outlook to prevent duplicate violation event logs when users send email messages in Outlook.
(SEG-4985)
The executable image hashing takes too much time to complete which may cause a timeout issue while an application connects to its server.
Solution:
This hotfix updates the Network Security Components to ensure that Trend Micro's firewall will asynchronously compute the hash value of the executable image that initiated a connection. While the firewall computes the hash, all rules of the Application Filter will be unavailable until the hash value is computed, preventing the system from blocking the application from its connection.
(SEG-4008)
The information in the "Message" field in Administrator Notifications cannot be saved successfully if the field contains a tab delimiter.
Solution:
This hotfix updates the OfficeScan server files to ensure that the information can be saved successfully.
(TT-359239)
The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has the Symantec Data Loss Prevention application running.
Solution:
This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation feature does not conflict with the Symantec Data Loss Prevention application.
(SEG-1266)
The UMH driver may block a certain application from running from a UNC path when the "Enable program inspection to detect and blocked compromised executable files" option is enabled.
Solution:
This hotfix updates the UMH driver to ensure that the application can run from a UNC path while the "Enable program inspection to detect and blocked compromised executable files" option is enabled.
(SEG-2425)
It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution:
This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
(SEG-4948)
The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution:
This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then Impersonates to facilitate the download.
(SEG-4800)
It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution:
This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
(SEG-5807)
The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device.
- Seagate(R) Backup+ Hub BK SCSI Disk Device.
- Seagate BUP BL SCSI Disk Device.
Solution:
This hotfix resolves this tool issue.
(SEG-3749)
The TmListen.exe service of the OfficeScan agent stops unexpectedly when Web Reputation Service is running.
Solution:
This hotfix updates the OfficeScan agent programs to prevent TmListen.exe from stopping unexpectedly.
(SEG-4620)
The agent grouping status switches off unexpectedly after AD synchronization.
Solution:
This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains the same after AD synchronization.
(SEG-5561)
The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution:
This hotfix ensures that the TmListen service checks the "hotfix_history.ini" file and updates the build number during start up.
(SEG-5527)
On computers running on the Microsoft(TM) Windows(TM) 10 platform, the DLP network filter driver is installed with the TDI network filter driver.
Solution:
This hotfix updates the operating system version determination mechanism to ensure that the correct driver is installed. This hotfix also provides a WFP driver replacement mechanism that replaces the TDI driver with the correct driver.
(SEG-6408)
The DLP module may not work normally while other programs are uploading files to the Internet.
Solution:
This hotfix ensures that the DLP module works normally when other programs are to uploading files to the Internet.
(SEG-5843)
When the DLP multipart scan feature is enabled, all violations triggered in Microsoft Outlook for different users appear under the first login user.
Solution:
This hotfix enables the DLP module to check the process owner according to process ID before scanning to ensure that each violation appears under the correct user account.
(SEG-2791)
BSOD occurs when the "Suspicious Connection Settings" are enabled.
Solution:
This hotfix updates the Network Content Inspection Engine to prevent the BSOD issue.
(SEG-3830)
The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a specific website.
Solution:
This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(SEG-5202)
The OfficeScan Behavior Monitoring feature may cause certain operating systems to stop unexpectedly when users launch an Intel driver packed as a self-extracting RAR file.
Solution:
This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(SEG-4800)
It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution:
This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
(SEG-2425)
It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution:
This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
(TT-348875)
A USB floppy disk drive cannot be added into the exception list of removable storage devices in the DLP Policy Settings.
Solution:
This hotfix ensures that users can add USB floppy disk drives into the DLP exception list of removable storage in the DLP Policy Settings.
(TT-355419)
The Lumension Heat patching software may stop unexpectedly when DLP is enabled.
Solution:
This hotfix resolves the issue by preventing DLP from excluding the following two processes:
- XMLDeltaParser.exe
- DAgent.exe
(SEG-5807)
The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device
- Seagate(R) Backup+ Hub BK SCSI Disk Device
- Seagate BUP BL SCSI Disk Device
Solution:
This hotfix resolves this tool issue.
(TT-357926)
DLP does not block the most current webmail sites like "Outlook.com".
Solution:
This hotfix resolves this issue.
(TT-356728)
DLP blocks the Exodus Jabber program unexpectedly.
Solution:
This hotfix ensures that the Exodus Jabber program works normally when DLP is enabled on the endpoint machines.
(TT-358910)
Microsoft Access (.mdb) files cannot be recovered to USB storage from the DLP backup folder.
Solution:
This hotfix ensures that DLP can successfully recover Microsoft Access (.mdb) files.
(SEG-4948)
The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution:
This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then Impersonates to facilitate the download.
(TT-358095)
DLP does not block users from dragging and dropping files on to current webmail sites such as "Outlook.office.com" or "Outlook.live.com in Google Chrome.
Solution:
This hotfix ensures that OfficeScan can effectively block sensitive information from leaking when users use Google Chrome to access webmail sites.
(SEG-6008)
The 32-bit installer generated by the Client Packager tool does not work.
Solution:
This hotfix ensures that users can install OfficeScan clients using the 32-bit installer package generated by the Client Packager tool.
(SEG-3077)
The "Suspicious Object List Setting page" has a wording error.
Solution:
This hotfix corrects the wording of the "Suspicious Object List Setting" page.
When using the Microsoft SQL database, OfficeScan may receive ADO exception errors caused by a NULL value passing onto a stored procedure.
Solution:
This hotfix updates the OfficeScan file to prevent this issue from occurring.
Microsoft Internet Explorer stops responding when it transfers files using Microsoft SharePoint.
Solution:
This hotfix resolves this issue.
(SEG-7410)
When DLP detects that sensitive information was sent through an email message, the OfficeScan agent generates a blank "Activity/Channel" log.
Solution:
This hotfix resolves this issue.
(SEG-7412)
Multiple DLP violation events appear after the first user justification window. This issue occurs when users send sensitive content using Microsoft Outlook.
Solution:
This hotfix resolves this issue by refining the timestamp recording mechanism of the sent email item. After applying this hotfix, the system only records the timestamp after it returns the user justification action to filter out the incorrect triggered email event caused by Microsoft Outlook.
(SEG-6632)
The agent grouping status switches off unexpectedly after AD synchronization.
Solution:
This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains the same after AD synchronization.
(SEG-3830)
The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a specific website.
Solution:
This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
When using the Microsoft SQL database, OfficeScan may receive ADO exception errors caused by a NULL value passing onto a stored procedure.
Solution:
This hotfix updates the OfficeScan file to prevent this issue from occurring.
(VRTS-1014)
A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run "fcgiOfcDDA.exe" on the OfficeScan server and trigger " fcgiOfcDDA.exe " to stop unexpectedly. When this happens, a large number of dump files are generated which can eventually take up a large portion of disk space.
Solution:
This hotfix resolves the vulnerability.
(VRTS-1022)
A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run "cgiRqUpd.exe" on the OfficeScan server and trigger "cgiRqUpd.exe" to stop unexpectedly. When this happens, a large number of dump files are generated which can eventually take up a large portion of disk space.
Solution:
This hotfix resolves the vulnerability.
(SEG-7829)
The list of supported platforms in the "Additional Service Settings" page of the OfficeScan XG web console does not include the new Windows Server 2016 platform.
Solution:
This hotfix adds the new Windows Server 2016 platform to the supported platform list on the "Additional Service Settings" page.
(SEG-7354)
The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution:
This hotfix ensures that the TmListen service checks the "hotfix_history.ini" file and updates the build number during start up.
(VRTS-994)
Attackers may be able to launch Pre-Auth Server Side Request Forgery attacks through the "help_Proxy.php" functionality.
Solution:
This hotfix resolves this issue by updating the "help_Proxy.php" file and hard-coding it to connect to the Trend Online Help page.
(SEG-4418)
OfficeScan clients running on Windows platforms stop responding while shutting down or restarting.
Solution:
This hotfix prevents this issue by improving the way processes read information using the lookaside list when the Unauthorized Change Prevention Service is de-initializing.
(SEG-7825)
The Outbreak Prevention Policy cannot block access to SMB shared folders.
Solution:
This hotfix enables OfficeScan to terminate the current connection when enabling the Outbreak Prevention Policy to help ensure that the policy can block access to SMB folders successfully.
Procedure:
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- cnqConnectionTermination=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro \PC-cillinNTCorp\CurrentVersion\Misc.
- Key: cnqConnectionTermination
- Type: DWORD
- Value:
- 0 = OfficeScan does not support network re-establish
- 1 = OfficeScan supports network re-establish
NOTE: This function works only on computers that retrieve its IP address from the DHCP server automatically.
(SEG-7580)
An issue prevents users from adding another gateway IP address for an endpoint location.
Solution:
This hotfix ensures that users can configure additional gateway IP addresses for an endpoint location.
(VRTS-986)
A vulnerability may allow a remote unauthenticated attacker to download the "crypt.key" file from the OfficeScan server through HTTP requests.
Solution:
This hotfix resolves the vulnerability.
(SEG-5670)
This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 58.0.3029.81.
(SEG-6057)
This hotfix enables DLP Endpoint SDK 6.2 to support Chrome 58.0.3029.81.
(SEG-4910)
This hotfix enables Administrators to use an apostrophe (') in the "Description" text box when they add or modify a web console account.
(SEG-6057)
This hotfix enables DLP Endpoint SDK 6.2 to support Chrome 58.0.3029.81.
This hotfix enables DLP Endpoint SDK 6.0 to support Google(TM) Chrome version 59.0.3071.86
This hotfix enables DLP Endpoint SDK 6.2 to bypass iTunes blocking and so that iPhone can still be charged while Device Control is enabled.
Procedure:
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set its value.
- [Configure]
- bypass_itunes_nonstor_usb_dc=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder: bypass_itunes_nonstor_usb_dc=true
This hotfix provides additional details in the Component Update Details log files. It includes the following information:
- Domain Hierarchy of endpoint
- IP Address of endpoint
This hotfix enables DLP Endpoint SDK 6.2 to support the following Google(TM) Chrome versions:
- Google Chrome 58.0.3029.110m.
- Google Chrome 59.0.3071.86
This hotfix enables DLP Endpoint SDK 6.2 to support the following Google Chrome versions:
- Google Chrome 58.0.3029.110m.
- Google Chrome 59.0.3071.86
(SEG-9014)
An issue related to the OfficeScan UMH driver triggers BSOD.
Solution:
This hotfix updates the UMH driver to resolve the issue.
(VRTS-1012)
Remote unauthenticated attackers may be able to query NT domains through the OfficeScan XG "cgiGetNTDomain.exe" process.
Solution:
This hotfix removes the vulnerability.
(SEG-7249)
The OfficeScan Predictive Machine Learning feature blocks users from publishing documents from Microsoft Outlook.
Solution:
This hotfix changes the share write property of the ATSE to resolve this issue.
(SEG-7730)
BSOD occurs when users run Microsoft Office on OfficeScan client computers.
Solution:
This hotfix removes an unnecessary string comparison step to ensure that Microsoft Office runs normally on protected computers.
(SEG-8631)
Sometimes, the Windows Security Center indicates that OfficeScan is not running even when it is enabled and running and sends users an important message to enable the OfficeScan Antivirus.
Solution:
This hotfix updates the OfficeScan agent file to resolve the issue.
(SEG-9007)
OfficeScan agents display the following message even when the program components are up-to-date. "Update Now: You have not received a new update in 1 days."
Solution:
This hotfix updates the OfficeScan agent program to resolve the issue.
(VRTS-1115)
Web server details gathered from the banner may allow attackers to search and launch automated attacks from commonly-found web sites which may lead to website defacement or denial of service.
Solution:
This hotfix resolves the vulnerability.
(SEG-10356)
Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution:
This hotfix changes to add some sharing mode for the file open.
(SEG-9016)
An issue related to the Unauthorized Change Prevention service can prevent the OfficeScan Device Control feature from applying the correct policies in computers running on the Windows 10 platform.
Solution:
This hotfix allows users to enable OfficeScan to support the detection and termination of processes on USB drives using the "run as admin" feature. This helps resolve the issue.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EnableDACTerminate=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Restart the Behavior Monitoring service on clients.
(VRTS-986)
A vulnerability may allow an attacker to download the specific file from the OfficeScan server through HTTP requests.
Solution:
This critical patch resolves the vulnerability.
(VRTS-989)
A PHP file in OfficeScan XG may be vulnerable to an MITM/RCE vulnerability.
Solution:
This critical patch resolves the potential vulnerability.
(VRTS-994)
Attackers may be able to launch Pre-Auth Server Side Request Forgery attacks through the specific php functionality.
Solution:
This critical patch resolves this issue by updating the specific php file and hard-coding it to connect to the Trend Online Help page.
(VRTS-1012)
An attacker may be able to query NT domains through the OfficeScan XG process.
Solution:
This critical patch removes the vulnerability.
(VRTS-1014), (VRTS-1022)
A vulnerability may allow an attacker to send CGI requests to run and stop the OfficeScan XG process unexpectedly.
Solution:
This critical patch resolves the vulnerability.
(VRTS-1018)
A vulnerability may allow remote attackers to query PHP information while the specific php file runs.
Solution:
This critical patch secures the information in specific php file.
(VRTS-1020)
The OfficeScan XG program may be affected by a host header injection vulnerability.
Solution:
This critical patch resolves the vulnerability.
(VRTS-1052)
A vulnerability may allow a attacker to stop the OfficeScan XG process unexpectedly by forcing the specific parameter to exceed that limit.
Solution:
This critical patch resolves the vulnerability.
(SEG-11451)
The Realtime Scan is disabled unexpectedly after Autopcc runs.
Solution:
This critical patch ensures that Real-time Scan is not disabled unexpectedly after Autopcc runs.
The contents of the CCSF ZIP file cannot be extracted successfully which prevents some OfficeScan agents from updating successfully.
Solution:
This critical patch enables OfficeScan to attempt to extract the contents of the CCSF ZIP file continuously even when other processes are using the file.
(SEG-11492)
When Data Loss Prevention(TM) (DLP) is enabled on Microsoft(TM) Windows(TM) 10.14393 platforms, "mscorsvw.exe" stops responding.
Solution:
This hotfix resolves the issue by updating the iDLP module to add "mscorsvw.exe" to its approved list.
(SEG-10631)
The extension names of quarantined files disappear after these files are restored from the quarantine folder. This happens because the file extension name exclusion list is overwritten with an empty string during file restoration.
Solution:
This hotfix enables OfficeScan to restore the complete file extension name exclusion list to ensure that quarantined files are restored with the correct extension names.
(SEG-11771)
The "file extensions" field under the "File Attributes DLP identifier" section does not accept entries that contain an underscore "_".
Solution:
This hotfix updates the DLP module to enable the "file extensions" field to support the underscore character "_".
(SEG-6439)
When DLP is enabled on Windows 8.1 platforms, some programs may stop unexpectedly.
Solution:
This hotfix resolves the issue by updating the iDLP module to enable it to retrieve the correct path to the Microsoft "wow64.dll" module.
(SEG-8975)
An issue prevents the DLP module from parsing sender email address information on OWA web mail.
Solution:
This hotfix adds a function in the iDLP module which helps ensure that it can parse sender information in Office 365 web mail correctly.
(SEG-10980)
The account and password setting for the external proxy server do not support the hash special character "#".
Solution:
This hotfix resolves a broken jquery Ajax call to ensure that the account and password setting for the external proxy server supports special characters.
(SEG-11342)
An issue related to the Anti-exploit Protection function might cause Internet Explorer to stop unexpectedly.
Solution:
This hotfix updates the OfficeScan Agent files to resolve the issue.
(SEG-12076)
The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues and application connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution:
This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Procedure:
You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
(SEG-7783)
The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues and application connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution:
This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Procedure:
You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
(SEG-7318)
The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan Firewall module which may cause the Firewall service to encounter network access issues and application connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution:
This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Procedure:
You must restart the endpoint after applying this hotfix to update the Common Firewall module on affected OfficeScan agents.
(SEG-9646)
There is a compatibility issue between some printers and OfficeScan predictive machine learning.
Solution:
This hotfix fixed the compatibility issue.
(SEG-11404)
This hotfix enables DLP Endpoint SDK 6.0 to support the following Google Chrome versions:
- Google Chrome 60.0.3112.78
- Google Chrome 60.0.3112.90
(SEG-12182)
This hotfix enables DLP Endpoint SDK 6.0 to support the following Google Chrome versions:
- Google Chrome 60.0.3112.78
- Google Chrome 60.0.3112.90
(SEG-4974)
This hotfix enables OfficeScan to send detected pattern information to the Control Manager server to add to the "Detailed Virus/Malware Information" data view of ad hoc queries. This feature also requires the application of Control Manager Hotfix 3630 or any later hotfix on the Control Manager server.
(SEG-9298)
A sharing violation prevents Autopcc from working on computers where the OfficeScan agent is already installed.
Solution:
This critical patch creates a new backup folder to prevent the sharing violation and ensure that Autopcc works normally on OfficeScan agent computers.
(SEG-12165)
Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution:
This critical patch changes to add some sharing mode for the file open.
(SEG-12255)
In the Windows Server 2003 platform, OfficeScan agents display the following message even when the program components are up-to-date. "Update Now: You have not received a new update in 1 days."
Solution:
This critical patch updates the OfficeScan agent program to resolve the issue.
(SEG-11606)
OfficeScan agents receive C&C callback detected alerts for IPs in the approved list.
Solution:
This critical patch resolves a file path issue to help ensure that IPs in the approved list do not trigger C&C callback detected alerts.
(SEG-11651), (SEG-3758)
The OfficeScan server cannot register to the EdgeServer when TLS 1.0 is disabled.
Solution:
This critical patch enables the EdgeServer to support TLS 1.1 and 1.2.
(SEG-9066)
This critical patch enhances the Behavior Monitoring and Predictive Machine Learning features to better detect and prevent ransomware infections from files, and improves the protection against ransomware threats during outbreak situations.
(SEG-11754)
This critical patch speeds up the approved and blocked list comparison for supported web services, including Dropbox, Google Drive, Gmail, and others.
(SEG-11495)
This critical patch adds the "Japan: Driving License Number" validator.
(SEG-11641)
This hotfix allows Trend Micro Predictive Machine Learning to detect emerging unknown security risks threats found in suspicious processes or files originating from any channels.
(SEG-10553)
The OfficeScan agent status information on the Control Manager web console does not match the information in the OfficeScan web console.
Solution:
This hotfix ensures that the OfficeScan agent status information on the Control Manager web console is consistent with the information on the OfficeScan web console.
(SEG-10964)
The OfficeScan Predictive Machine Learning feature blocks users from publishing documents from Microsoft Outlook.
Solution:
This hotfix moves the file property extraction step to a later stage to ensure that users can publish documents from Microsoft Outlook.
(SEG-11381)
The OfficeScan agent reports a false positive detection after enabling the Anti-exploit Protection feature.
Solution:
This hotfix updates the OfficeScan agent to prevent the false positive detection.
(SEG-11966)
BSOD occurs on protected computers running on unsupported Windows versions.
Solution:
This hotfix removes the API hooking mechanism for unsupported Windows versions to prevent BSOD in these computers.
(SEG-9246)
An issue prevents users from browsing through folders in Huawei smart phones connected to a protected computer when the OfficeScan Data Protection Service is enabled.
Solution:
This hotfix enables OfficeScan to discard Huawei smart phone CD ROM device instance to ensure that users can browse folders in a connected Huawei smart phone in MTP mode.
(SEG-9408)
An issue prevents users from using the Huawei Mobile Broadband Airtel 4G Model device connected to a protected computer when the OfficeScan Data Protection Service is enabled.
Solution:
This hotfix enables OfficeScan to discard the Huawei Mobile Broadband Airtel 4G Model device instance to ensure that users can browse the Internet using the device when the OfficeScan Data Protection Service is enabled.
This hotfix enables DLP Endpoint SDK 6.2 to use the Data Protection Application Pattern to support Google Chrome and the list of approved processes.
(SEG-10766)
This hotfix updates the pop-up message that appears when OfficeScan agents that are being moved to another OfficeScan server have mismatched certificates
(SEG-12808)
This hotfix adds the ""Nigeria: Verve IIN (Issuer Identification Number"" validator.
The OfficeScan Behavior Monitoring feature may cause certain third-party programs that are in its approved list to stop responding.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "SkipNotificationEvent" key and set its value to "1".
- [Global Setting]
- AegisSkipNotificationEvent=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipNotificationEvent
- Type: DWORD
- Value: 1
- Restart the OfficeScan agent.
(SEG-11327)
The OfficeScan Behavior Monitoring feature may cause a protected computer to stop responding while the feature checks the file signature on a UNC path.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-11705)
The OfficeScan Behavior Monitoring feature may cause performance issues while the protected computer runs certain programs that are in the Behavior Monitoring approved list.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "SkipNotificationEvent" key and set its value to "1".
- [Global Setting]
- AegisSkipNotificationEvent=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipNotificationEvent
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-13146), (SEG-13181)
BSOD occurs while a protected computer starts up because the UMH driver attempts to access a corrupted cache.
Solution:
This hotfix updates the UMH module to resolve the issue.
(SEG-13293)
The MPS feature of iDLP cannot be disabled on OfficeScan agents.
Solution:
This hotfix provides a way for users to disable the MPS feature on OfficeScan agents.
Procedure:
To disable the email multi part scan mode in the DLP function and globally deploy this setting to all OfficeScan agents:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server.
- Under the "Global Setting" section, manually add the following key and set its value to "0".
- [Global Setting]
- EnableDlpMPScan=0 NOTE: To enable the setting again, set "EnableDlpMPScan=1".
- Save the changes and close the file.
- Open the OfficeScan server management console and click "Agents > Global Agent Settings" on the main menu to access the "Global Agent Settings" page.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to agents and adds the following registry entry on all agent computers:
- Path: HKLM\SYSTEM\SOFTWARE\Wow6432Node\TrendMicro\ PC-cillinNTCorp\CurrentVersion\DlpLite
- Key: EnableMPScan
- Type: dword
- Value: 0 NOTE: The OfficeScan agent needs to reload after enabling/disabling the MPS feature.
(SEG-13723)
The DLP version appears as 0.0.0 on both the management console and agent console.
Solution:
This hotfix ensures that the correct DLP version appears on both the management console and agent console.
(SEG-4624)
The OfficeScan Behavior Monitoring feature may cause certain approved third-party programs to take longer to load on protected computers.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-11500), (SEG-12079)
DLP Endpoint SDK 6.2 sometimes cannot block users from uploading files that contain sensitive information to "outlook.live.com" and "facebook.com".
Solution:
This hotfix updates the DLP module to enhance support for both websites to ensure that the module can block files with sensitive information from being uploaded onto these websites.
(SEG-12101), (SEG-12045)
The Trend Micro Unauthorized Change Prevention Service uses up a large amount of CPU resources.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-12552)
The OfficeScan manual scan exclusion feature may not work properly while the suspected malware process is still running.
Solution:
This hotfix updates the OfficeScan agent program to resolve the issue.
(SEG-13772), (SEG-13380)
When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys under the TmLwf registry key, which causes the software installation to fail.
Solution:
This hotfix adds a key to disable the self-protection only function of the TmLwf registry key, which resolves this issue.
Procedure:
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- SP_DisableTmLwfRegistryKeyProtection=1
- Value: 1 = Disable TmLwf registry key self-protection only
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: SP_DisableTmLwfRegistryKeyProtection
- Type: DWORD
- Value: 1 = Disable TmLwf registry key self-protection only
7.Restart the OfficeScan agents.
(SEG-12859)
A user requests for a way to add the following information into DLP log notifications under the digital asset email notifications:
- Process
- Source
- Destination
- Incident ID
Solution:
This hotfix updates the OfficeScan Master Service to support the following tokens in DLP log notifications.
- %PROCESS%
- %SOURCE%
- %DESTINATION%
- %VIOLATIONID%
(SEG-12080)
This hotfix provides a way for users to configure OfficeScan agents to automatically disconnect an established connection and to re-establish a connection when the OfficeScan server triggers a network isolation function. Users can move OfficeScan agents to specific domains that are defined to apply network isolation.
Procedure:
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set values.
- [Global Setting]
- PFWPolicyWithConnectionReset=1
- Value:
- 0 = OfficeScan does not support network isolation
- 1 = OfficeScan supports network isolation
- PFWPolicyWithConnectionResetDomainList=Domain_Name For example: Workgroup, Domain1 Provide a domain name or domain list use for network isolation.
- PFWPolicyWithConnectionResetDurationInSec=30
- Value:
- 0 = Disable connection reset
- 30 = Rest connection in 30 seconds (default value)
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: PFWPolicyWithConnectionReset
- Type: DWORD
- Value:
- 0 = OfficeScan does not support network isolation
- 1 = OfficeScan supports network isolation
- Key: PFWPolicyWithConnectionResetDomainList
- Type: String
- Value: Domain_name set by user
- Example: Workgroup, Domain1
- Key: PFWPolicyWithConnectionResetDurationInSec
- Type: DWORD
- Value:
- 0 = Disable connection reset
- 30 = Rest connection in 30 seconds
NOTE: Restart the endpoint to update the Common Firewall module of OfficeScan agents.
(SEG-4976)
This hotfix enables the OfficeScan Update Agent to check and verify the MD5 component of all downloaded program files and to automatically re-download or continue the transmission if it detects corrupted files.
Procedure:
To enable the Update Agent to check and verify the MD5 component of downloaded program files and automatically re-download or continue the transmission if it detects corrupted files:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set each to "1".
- [Global Setting]
- UAProgramZipFullCheck=1 (Enabled).
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp\CurrentVersion\Misc.\ or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\PC-cillinNTCorp\ CurrentVersion\Misc.\
- Key: UAProgramZipFullCheck
- Type: DWORD
- Value:
- 0 = Disable
- 1 = Enable
(SEG-13686), (SEG-13667), (SEG-13707)
This hotfix enables DLP Endpoint SDK 6.2 starts to support the following Google Chrome versions:
- Google Chrome 60.0.3112.90
- Google Chrome 60.0.3112.113
- Google Chrome 61.0.3163.79
- Google Chrome 61.0.3163.91
(SEG-13054)
Some OfficeScan agents may not be able to retrieve settings completely from an update agent when there are special characters in the BM exception list.
Solution:
This hotfix ensures that the agents can retrieve the complete settings from an update agent.
(SEG-1056)
This hotfix updates the Trend Micro Osprey Firefox Extension and enables it to support Firefox 51 and later versions.
(SEG-14538)
Enabling the Browser Exploit Prevention (BEP) feature causes Microsoft Internet Explorer to crash when opening certain websites that were added to the Web Reputation Approved List.
Solution:
This hotfix updates the Browser Exploit Prevention component to resolve the issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "DisableJSHook" key and set its value to "1".
- [Global Setting]
- DisableJSHook=1
- Save the changes and close the file.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AMSP\SAL
- Key: DisableJSHook
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-14855)
Enabling the Browser Exploit Prevention (BEP) feature may cause customers to encounter an error when accessing certain websites that were added to the Web Reputation Approved List.
Solution:
This hotfix updates the Browser Exploit Prevention component to resolve the issue.
(SEG-13231)
DLP Endpoint SDK 6.2 blocks VirtualBox from launching in Headless Mode.
Solution:
This hotfix updates the DLP module to skip API event inspection from all VirtualBox processes.
(SEG-12946)
After moving an OfficeScan agent from one OfficeScan server to another through the web console, the agent might not able to upgrade successfully.
Solution:
This critical patch updates the OfficeScan agent program to resolve the issue.
(SEG-15121), (SEG-14693)
BSOD occurs when the DLP Endpoint SDK 6.2 module starts the "sftlist.exe" process.
Solution:
This hotfix resolves the issue by updating the DLP module to add a path checking mechanism in Wow64ApcRoutine and enable API event inspection to skip "sftlist.exe" processes.
(SEG-15268)
Users cannot migrate the OfficeScan database from CodeBase to an SQL server database using an SQL server account password that contains a semicolon ";".
Solution:
This hotfix ensures that users can migrate the OfficeScan database under the scenario described above.
(SEG-14634)
The Unauthorized Change Prevention Service generates false ransomware alarms and as a result, may block or terminate approved third-party programs.
Solution:
This hotfix prevents the false alarms by removing the file existence check and enabling the Unauthorized Change Prevention Service to match ransomware actions only when an existing file does not have any content.
(SEG-15119)
OfficeScan cannot register to the Edge Server after the server is upgraded to version 1708. This does not affect freshly-installed Edge Server 1708.
Solution:
This hotfix ensures that OfficeScan can successfully register to the Edge Server.
(SEG-13409)
This hotfix adds a tool that signs the certificate of the OfficeScan Edge Relay Server.
Procedure:
To sign the certificate of the OfficeScan Edge Relay Server:
- Install this hotfix (see "Installation").
- Copy the "\PCCSRV\Admin\Utility\EdgeServer" folder from OfficeScan installation directory to the OfficeScan Edge Relay server.
- Run the "setup.exe" file on the OfficeScan Edge Relay server.
- Remove the original root certificate authority (CA) "OsceEdgeRoot".
- Create a new root CA "OsceEdgeRoot" by running the following command in a single line:
makecert.exe -n CN=OsceEdgeRoot -pe -a sha256 -len 2048 -is root -ss root -sr localmachine -ir localmachine -cy authority -in "CustomerCA"
- Renew the CA using the "keeprootca" parameter with "renewcert" by running the following command in a single line:
OfcEdgeCfg.exe --renewcert --keeprootca --certpwd "YourPassword"
(SEG-12728)
An issue related to the Behavior Monitoring module causes documents to load slowly.
Solution:
This hotfix resolves the issue so that documents load normally.
(SEG-15447)
OfficeScan 11.0 Service Pack 1 still blocks the Spyrus USB drive after it is added to the USB exception list.
Solution:
This hotfix resolves the issue by updating the Data Loss Prevention(TM) (DLP) module to ensure that it can parse the device information of the Spyrus USB drive.
(SEG-15468)
Repeated detections of a specific virus in the same file path may cause the Damage Clean Engine (DCE) to merge and create logs incorrectly.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-9262)
The Behavior Monitoring approved list allows all approved programs to run. However, it may not function properly for approved programs started from remote resources, such as UNC paths or mapped drives.
Solution:
This hotfix resolves the issue by updating the Behavior Monitoring service module.
(SEG-12630)
The Trend Micro Unauthorized Change Prevention Service ("TMBMSRV.exe") may trigger a high CPU usage issue when it receives a large number of event notifications from Windows.
Solution:
This hotfix updates the Behavior Monitoring service module to resolve the issue.
(SEG-14897)
A new line character in the "Event" column on OfficeScan server System Event Logs may cause the OfficeScan Master Service to stop unexpectedly.
Solution:
This hotfix resolves the issue so that System Event Logs load normally and the OfficeScan Master Service runs properly.
(SEG-15370)
When the EYES component is updated and the UMH component is not updated, Internet Explorer crashes.
Solution:
This hotfix ensures that the EYES version is checked by the TMUMH Registry and a notification appears if the updated versions are different.
(SEG-14967)
The DLP module generates some unexpected results while detecting files inside a large compressed file.
Solution:
This hotfix resolves the issue by updating the DLP module and divide the DLP size limitation into parts:
- For normal files, the file attribute detection upper bound is 10 GB (For CD/DVD, USB and SMB channels only).
- For files inside compressed files, the file attribute detection upper bound will still be 2 GB.
- For content detection, the upper bound will remain at 76 MB (For all channels).
(SEG-8729)
An interoperability issue between the TDI network filter driver and Citrix XenApp on Microsoft(TM) Windows(TM) 7 can cause the Citrix client to disconnect unexpectedly.
Solution:
This hotfix enables users to change the installation of the TDI (saknet.sys) and WFP (dlpnetfltr.sys) network filter driver based on the customized settings.
Procedure:
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server. 3 Under the "Configure" section, manually add the "enable_wfp" key and set its value to "true".
- [Configure]
- enable_wfp = true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents".
- The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- enable_wfp=true
(SEG-15685)
This hotfix enables the DLP module to support Windows 10 RS 3 possible RTM build (16299).
This hotfix enables the DLP module to support Windows 10 RS 3 Cloud Files Awareness and prevents Data Discovery scan from causing any cloud files (placeholders) to be hydrated.
(SEG-16832)
Blue Screen of Death (BSOD) may occur after applying Microsoft KB4043961 on computers running on Windows 10 Fall Creators Update (Redstone 3) and protected by OfficeScan XG
Solution:
This hotfix prevents the BSOD issue on affected computers.
(SEG-14686)
When Trend Micro Smart Feedback is enabled, it shares anonymous threat information with the SPN. However, Predictive Machine Learning does not use anonymous information when sending the SPN feedback information.
Solution:
This hotfix updates the Falcon Core Engine and the OfficeScan agent program to resolve the issue.
(SEG-14528)
An issue in the DLP module causes a file leak issue for the OneDrive desktop application on Windows 10 RS3.
Solution:
This hotfix updates the DLP module to fix the issue.
(SEG-14845)
When an agent update stalls, the number of agents in the update queue may reach the number of online agents.
Solution:
This hotfix enables the AddNotifyRecord() function to check the status of an agent before updating the counters and inserting the record into the queue.
(SEG-5076)
This hotfix enables users to configure OfficeScan to allow a user with restricted access to connect to an approved wireless SSID and to block these users from connecting to any wired network. This helps ensure that the user does not connect to both a wireless and a wired network at the same time.
Procedure:
To enable restricted users to connect to an approved wireless SSID and block these users from using any wired network:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following keys and set the preferred value for each.
- [Global Setting]
- EnableWhiteListSSID=y
- 1, enables the approved SSID list
- 0, (default) disables the approved SSID list
- WhiteListSSIDCount=x, the number of approved SSID on the list
- WhiteListSSID_0=abcd, first SSID
- WhiteListSSID_1=1111, subsequent SSID
- WhiteListSSID(x-1)=2222, any SSID specified after this key will not be used
- EnableBlockWiredNetwork=z
- 1, blocks all wired network interfaces
- 0, opens all wired network interfaces
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
NOTES:
- After blocking wired network interfaces and unloading the agent, you can reconnect these interfaces through the "Windows\Control Panel\Network and Internet\Network Connections" page.
- When the SSID approved list is enabled, you can see the available wireless network SSIDs after unloading the agent.
(SEG-14528)
This hotfix improves the fine event filtering mechanism for Dropbox to help prevent a high CPU usage issue.
(SEG-11939)
This hotfix adds the following new keys:
- USB_NONSTOR_EXCEPTION for adding USB non-storage devices into the approved list.
- FREQ_DEVCTRL_LOGONLY_EVENT to prevent redundant device control violation logs within the specified period in hours.
(SEG-16146)
This hotfix enables DLP Endpoint SDK 6.2 to support version 62 of the Google Chrome web browser.
(SEG-15209)
This hotfix improves the launch speed of Google Chrome on protected computers by removing an unnecessary 32-bit API hook search on the 64-bit platform.
(SEG-11512)
Internal websites may load slowly when the Unauthorized Change Prevention Service is enabled.
Solution:
This hotfix resolves the issue by updating the Behavior Monitoring service module.
(SEG-14568)
The OfficeScan Behavior Monitoring feature may cause high CPU usage on protected computers.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-16240)
A protected computer may stop unexpectedly when an incorrect policy configuration extension (*.class) is deployed to the DLP services.
Solution:
This hotfix updates the DLP module to update the policy evaluation flow and help ensure that policies are deployed correctly.
(SEG-14053)
Some Drag-and-Drop and Open File Dialog upload events through a favorite website cannot be blocked in the Google Chrome web browser.
Solution:
This hotfix updates the DLP module to update the Google Chrome URL retrieving procedures and improve the stability of intercepting both Drag-and-Drop and Open File Dialog upload events in Chrome.
(SEG-13686)
When users enable the file attribute file extension checking, OfficeScan adds an extra "0" after the setting in the configuration file which prevents the settings after this line from working.
Solution:
This hotfix updates the DLP module to prevent it from adding the unexpected file type 0.
(SEG-17174)
This critical patch enables the OfficeScan XG agent program to support Windows 10 Fall Creators Update.
(SEG-14536)
The Keyparc Business program may take one minute to open a newly-created file on an encrypted drive on OfficeScan client computers.
Solution:
This hotfix imports new tmcomm drivers to help ensure that the Keyparc Business program can open newly-created files on encrypted drives normally.
Procedure:
To enable the new service settings:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- TmCommBypassVolDevNormalizeReparse=1 NOTE: Setting this key to "1" prevents OfficeScan from reparsing path normalization to prevent performance drop issues, Blue Screen of Death (BSoD), and other performance issues.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\tmcomm\Parameters
- Key: BypassVolDevNormalizeReparse
- Type: DWORD
- Value: 1 = OfficeScan skips reparsing of path normalization to prevent certain performance issues
- Restart the OfficeScan agents.
(SEG-15975)
A vulnerability may allow remote attackers to query widget information while the specific php file runs.
Solution:
This hotfix secures the information in specific php file.
(SEG-16144)
The OfficeScan server cannot apply a Control Manager policy if the policy settings contain UTF-8 character.
Solution:
This hotfix enables the OfficeScan server to handle UTF-8 strings in Control Manager policies to resolve the issue.
(SEG-16824)
An issue prevents the OfficeScan server from deploying the correct local language settings to agents.
Solution:
This hotfix updates the OfficeScan agent program to resolve the issue.
(VRTS-1771)
An attacker can use clickjacking on the OfficeScan web management console to trick users into accessing malicious URLs.
Solution:
This Critical Patch resolves the clickjacking vulnerability.
(SEG-18260)
It may take between five and 10 seconds to upload a file to websites in Microsoft(TM) Internet Explorer(TM).
Solution:
This hotfix resolves the issue by updating the DLP module to allow a user mode response immediately after setting the mapping between the module handle and the URL before uploading a file.
(SEG-18055)
It may take several minutes to upload a file to websites from a Server Message Block (SMB).
Solution:
This hotfix resolves the issue by updating the DLP module with a re-designed process flow to match with the approved list of websites before scanning.
(SEG-16168)
OfficeScan blocks a 4G internet modem Alfa 4G Dongle that has been added to the exception list.
Solution:
This hotfix resolves the issue by updating the DLP module to allow users to add USB COM/LPT Ports and USB Modems into the approved list of devices.
Procedure:
To configure the new settings for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following keys and set all to "true".
- [Configure]
- usb_cdrom_exception=true
- usb_modem_exception=true
- usb_ports_com_lpt_exception=true
- USB_NONSTOR_EXCEPTION=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the keys in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder.
- Logon to the OfficeScan Server Administration Console.
- Navigate to "Agents > Agent Management".
- Find and select a target agent machine, then go to "Settings > Device Control Settings".
- Edit the "Approved devices" under USB storage devices.
- For the Huawei 4G ethernet card, please add following information to approved device(s):
- Device 1 (For HUAWEI Mass Storage USB Device)
- Vendor: HUAWEI
- Model: *
- Serial ID: 11A5622E
- Device 2 (For HUAWEI TF CARD Storage USB Device)
- Vendor: HUAWEI
- Model: *
- Serial ID: 3A867B90*
- Device 3 (For HUAWEI Mobile Connect - Modem,
- HUAWEI Mobile Connect - PC UI Interface (COM4))
- Vendor: HUAWEI
- Model: *
- Serial ID: 55B0D40
- Save and deploy the device control settings to the target agent.
- Restart the OfficeScan agents.
(SEG-17178), (SEG-17479)
This hotfix updates the "listDeviceInfo.exe" to enable it to export the report files in CSV format and to generate both "dlpDeviceReport.htm" and "dlpDeviceReport.csv" in the same folder. The date format in "dlpDeviceReport.csv" is configurable through "ListDeviceInfoFormat.ini".
Procedure:
To configure the date format in "dlpDeviceReport.csv":
- Install this hotfix (see "Installation").
- Copy the file "\Windows\System32\dgagent\ListDeviceInfo.exe" in any temp folder.
- Create a file "ListDeviceInfoFormat.ini" file in the same temp folder. Add or locate the following section:
- [Format]
- CustomizeDateFormat=MM/DD-YYYY
NOTES:
- Default Date format: YYYY/MM/DD, e.g. 2017/11/06
- CustomizeDateFormat uses YYYY to represent Year, MM for Month and DD for Date
- YYYY, MM and DD should be included in "CustomizeDateFormat", otherwise it is invalid.
- Supports up to 10 characters only.
- Separator is not necessary but could be any character, maximum is two characters. For example, MM/DD/YYYY or DD-MM-YYYY
(SEG-12411)
The Control Manager Endpoint Protection Verification widget displays the status of some OfficeScan agents as "N/A". This happens because Control Manager calls the OfficeScan "cgiGetClient.exe" process to retrieve the agent list but the process can retrieve information about agents in the first layer of a domain only.
Solution:
This hotfix resolves the issue by updating "cgiGetClient.exe" to support multi-layer domains. This does not affect the current settings because OfficeScan no longer uses this process.
(SEG-15823)
OfficeScan agents that have been registered to the Edge server and had switched offline before being moved to an office network remain offline. This happens because these agents always attempt to connect to the Edge server instead of to the OfficeScan server.
Solution:
This hotfix ensures that these agents will connect to the OfficeScan server.
(SEG-17606)
Duplicate violation logs may be generated for certain samples.
Solution:
This hotfix enables OfficeScan to limit the generation of violation events to one for each policy for each file.
Procedure:
To configure the new settings for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following keys and set all to "true".
- [Configure]
- LOG_THROTTLE=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan agents and adds the keys in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder.
(SEG-18012)
OfficeScan may stop unexpectedly while uploading specific Microsoft(TM) PowerPoint(TM) files (.ppt) as an attachment in Gmail using the x64 version of Google Chrome 62.
Solution:
This hotfix resolves the issue by enhancing a checking mechanism to prevent the dsagent from attempting to parse the .ppt file as a header.
(SEG-18090)
On OfficeScan agents, the "Ntrtscan.exe" process stops repeatedly because it cannot start the VSAPI driver.
Solution:
This hotfix updates the OfficeScan agent program to ensure that "Ntrtscan.exe" starts and works normally.
(SEG-18356)
On the OfficeScan web console "Data Identifiers" page, the "File Attribute File Extensions" option is always unchecked.
Solution:
This hotfix updates the page script to ensure that the "File Attribute File Extensions" checkbox displays the correct setting.
(SEG-9205)
The Windows Security Center may not be able to recognize OfficeScan as an antivirus software when OfficeScan Agent Access Restriction is enabled.
Solution:
This hotfix resolves the issue by updating the way an OfficeScan agent reports to the Windows Security Center.
(SEG-14508)
A high disk I/O utilization performance issue occurs on OfficeScan agents while restarting certain machines.
Solution:
This hotfix adds an option to delay the buildup of the digital signature cache to reduce I/O usage while machines restart.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "DelayLoadGCLCacheEnable" key and set its value to "1".
- [Global Setting]
- DelayLoadGCLCacheEnable=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.
- Key: DelayLoadGCLCacheEnable
- Type: DWORD
- Value: 1
(SEG-14967)
The DLP module generates some unexpected results while detecting files inside a large compressed file.
Solution:
This hotfix resolves the issue by updating the DLP module and divide the DLP size limitation into parts:
- For normal files, the file attribute detection upper bound is 10 GB (For CD/DVD, USB and SMB channels only).
- For files inside compressed files, the file attribute detection upper bound will still be 2 GB.
- For content detection, the upper bound will remain at 76 MB (For all channels).
(SEG-16997)
Data Loss Prevention (DLP) blocks the Skype application.
Solution:
This hotfix updates the DLP module that contains the improved process flow to prevent false positive alerts when the Skype application conducts file access events on its temporary files.
(SEG-17157)
The DLP module does not catch Gmail draft emails with sensitive information.
Solution:
The hotfix updates the DLP module that enables it to monitor the event when users draft emails in Gmail.
Procedure:
To configure the new setting for DLP:
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add its value.
- [Configure]
- monitor_webmail_draft=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents". The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- monitor_webmail_draft=true
- Find a target machine for verification.
(SEG-12388)
This hotfix enables OfficeScan agents to check the pattern version during startup and to compare the pattern version from the registry key with the latest pattern file version in the client's folder. If the two versions are different, OfficeScan agents will then send a component update log specifying the update source as "Manual applied".
Procedure:
To enable the pattern version checking and allow OfficeScan agents to send the component update log with "Manual applied" update source:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, manually add the following key and set it to "1".
- [Global Setting]
- ReportPatternFileUpdateManually=1 NOTE: To disable the checking, set " ReportPatternFileUpdateManually=0" or delete the key.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to clients.
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key: ReportPatternFileUpdateManually
- Type: DWORD
- Value: 1
(SEG-15635)
After importing the settings from an OfficeScan 11 server to an OfficeScan XG server, the "CVE Exploit" option disappears from the "Real-time Scan Settings > Action tab > Virus/Malware > Use a specific action for each virus/malware type" page. This option is not available in OfficeScan 11.
Solution:
This hotfix enables the OfficeScan XG server to retrieve this setting from its own "ofcscan.ini" file if this is not specified in the exported settings.
(SEG-15917)
Restoring quarantined files fails with ".blob" files due to permission issues.
Solution:
This hotfix resolves the issue by opening files using the "rb" (Open file for read) option instead of "r+b" (Open a file for update) to prevent permission issues.
(SEG-19169)
This hotfix enables DLP Endpoint SDK 6.2 starts to support Google Chrome version 63.
(SEG-19783)
Samples are sent to the Deep Discovery Analyzer server without any host name information.
Solution:
This hotfix ensures that OfficeScan server sends samples to the Deep Discovery Analyzer with the correct source host information.
(SEG-16028)
When scheduled scan is set to run "Monthly, on the First week day" in a specific time zone, the scheduled scan will run repeatedly in the last daylight saving month.
Solution:
This hotfix helps ensure that the next scheduled scan time is calculated accurately in the last daylight saving month.
(SEG-18629)
The device control function blocks a USB storage device that is in the approved list.
Solution:
This hotfix updates the OfficeScan program to ensure that the device control function runs normally.
(SEG-19697)
The performance of protected computers slows down when the engine processes a PostClose event in "\Device\Volume".
Solution:
This hotfix enables OfficeScan to skip PreClose and PostClose events in "\Device\Volume".
Procedure:
To enable enables OfficeScan to skip PreClose and PostClose events in "\Device\Volume":
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- tmevtmgr_SkipDeviceVolume=1 NOTE: To disable the setting, set this key to "0" or delete it.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmevtmgr\Parameters
- Key: SkipDeviceVolume
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-19613)
The DLP module skips information after an asterisk(*) in the list of approved USB devices under the device control and content filtering feature.
Solution:
This hotfix updates the DLP module to implement wildcard matching with enhanced dynamic programming to enable it to match USB devices correctly.
(SEG-16164)
If the contents of the Extension File Attribute of a policy exceeds 100 characters, the DLP module on endpoints may not be able to load the policy.
Solution:
This hotfix updates the DLP module to change the current limitation from 100 characters to 512 characters.
(SEG-20777)
The title on exported Data Loss Prevention(TM) (DLP) Log CSV files generated from non-English OfficeScan versions appear garbled.
Solution:
This hotfix ensures that the title of DLP log CSV files exported from non-English OfficeScan versions display normally.
(SEG-20367)
An issue related to the OfficeScan Behavior Monitoring feature may cause a protected computer to start slowly.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "SkipDfsClient" key and set its value to "1".
- [Global Setting]
- SkipDfsClient=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tmactmon\Parameters
- Key: SkipDfsClient
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-20952)
Under certain scenarios, some OfficeScan processes may stop unexpectedly.
Solution:
This hotfix updates the Behavior Monitoring module to enhance the self-protect feature of OfficeScan processes.
(SEG-21496)
The firewall's "Quarantine" action in medium security level blocks the FTP session.
Solution:
This hotfix changes the "Quarantine" action to "Drop" in medium security level to resolve the issue.
(SEG-17840)
The DLP violation log generated for a single violation triggered by Microsoft(TM) Outlook(TM) contains two sets of "activity" and "channelid", one for "Email" and one for "Exchange Client Email".
Solution:
This hotfix removes the information for the parent activity from DLP violation logs.
(SEG-20881)
32-bit OfficeScan processes may stop unexpectedly on 64-bit platforms.
Solution:
This hotfix resolves the issue by updating how the DLP module matches path names when locating the "wow64.dll" path.
(SEG-20042)
When an OfficeScan XG client performs the "Clean" action on certain backup files, it may also transfer the files to the "Virus" folder. The files in this folder are sent to the OfficeScan server along with quarantined files.
Solution:
This hotfix prevents OfficeScan XG clients from saving a copy of cleaned BR0 to BRF backup files, for example XXX.BR0, XXX.BR1, XXX.BR2 to XXX.BRF, in the suspected virus folder. This ensures that cleaned files are not sent to the OfficeScan server.
(SEG-19481)
The OfficeScan web console does not display an alert when the Smart Scan Patter is out-of-date.
Procedure:
To enable OfficeScan to show an alert when the Smart Scan Pattern is out-dated and indicate the number of days since the last pattern update:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- PatternTooOldSmartScan=1 NOTE: To disable the setting, set this key to "0" or delete it.
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path:
- 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternTooOldSmartScan
- 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\PatternTooOldSmartScan
- Key: PatternTooOldSmartScan=1
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-19646)
If administrators install the OfficeScan agent in another drive other than the C: drive, OfficeScan cannot correctly apply the Data Loss Prevention (DLP) hotfix files. Administrators may also lose some file permissions.
Solution:
This hotfix resolves the issue by updating the DLP module by adjusting the working flow when copying and installing DLP hotfix files.
NOTE: Run the batch file ("grant-permission.bat") prior to installing the hotfix. The batch file corrects the necessary DLP file permissions in preparation for the hotfix installation.
(SEG-19079)
When the firewall security level is set to "High", users can still access websites that are not in the approved list. This happens because the local WCS port is assigned as a trusted port by mistake.
Solution:
This hotfix resolves the issue to ensure that users will be able to access only websites from the approved list when the firewall security level is "High".
(SEG-19068)
The Plug-in Manager (PLM) agent uses the proxy setting of the system even if a proxy server is unavailable. Thus, the PLM agent connects to an unavailable proxy server and fails to communicate with the OfficeScan server.
Solution:
This hotfix resolves the issue to ensure that OfficeScan agents do not use any proxy setting if there is no proxy server.
(SEG-16923)
When users click on any "Threat Type" classification in the "Security Risk Detections Over Time" widget, new browser windows do not display properly in the Japanese (JP) version of the Microsoft(TM) Windows(TM) operating system.
Solution:
This hotfix updates the OfficeScan XG server files to resolve this issue.
(SEG-21008)
This hotfix enhances OfficeScan agent automatic network isolation when agent detects the virus by scan engine, the agent will count the virus number in a configurable time range, if the total virus number reach the trigger criteria, the agent will block all incoming and outgoing network traffic.
Procedure:
To enable OfficeScan agent automatic network isolation:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the following keys and set its value.
- [Global Setting]
- AutoNetworkIsolation=1
NOTE:
- 0 : disables the automatic network isolation feature (default)
- 1 : enables the automatic network isolation feature.
- AutoNetworkIsolationVirusTriggerCount=1 NOTE:
- 1 : Triggers network isolation when agent detects a virus (default), accepted value 1~1000
- AutoNetworkIsolationCountTimeRangeInMinutes=10 NOTE: 10: Time range for virus counting is 10 minutes (default), accepted value 1~43200 (30days)
- AutoNetworkIsolationVirusTypeExceptionList= NOTE: Virus type exception for virus counting, for example, Virus, Joke, Trojans (Default value is empty)
- AutoNetworkIsolationDurationInMinutes=30
- Keep network isolation status for 30 minutes (default), accepted value 1~43200 (30days)
- AutoNetworkIsolationAgentExceptionList=
- Agent host name exception for network isolation.(Default value is empty)
- Example: ComputerA,ComputerB
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents.
- The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path:
- 32-bit:
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\cnqDisableWarning
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolation
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationVirusTriggerCount
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationCountTimeRangeInMinutes
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationDurationInMinutes
- Type: DWORD
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationVirusTypeExceptionList
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationAgentExceptionList
- Type: String
64-bit:
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\cnqDisableWarning
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolation
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationVirusTriggerCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationCountTimeRangeInMinutes
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationDurationInMinutes
- Type: DWORD
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationVirusTypeExceptionList
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\AutoNetworkIsolationAgentExceptionList
- Type: String
(SEG-20787)
This hotfix enables DLP to dump full DLP violation logs onto the "dgagent\dumpdir" folder for troubleshooting.
Procedure:
To configure the new settings for DLP troubleshooting:
- Add "dump_violation_log=true" to "dsa.pro" and "discovery.pro" before starting the DLP services.
- Replicate the scenario where DLP violation occurs.
- The violation logs are saved in the following:
- Content Filter Mode
- ..\dgagent\dumpdir\DlpViolation.log
- Data Discovery Mode
- ..\dgagent\dumpdir\DlpDDViolation.log
(SEG-19074)
The Ransomware widget dashboard displays inaccurate date information.
Solution:
This hotfix updates the widget time zone setting to resolve this issue.
(SEG-22245)
OfficeScan deletes the wireless LAN (WLAN) profile using the "Netsh" command.
Solution:
This hotfix verifies if the following registry key exists and to take the necessary actions when applicable:
- [...\Misc.\WhiteSSID]
- EnableWhiteListSSID
- EnableBlockWiredNetwork
- if the key exists: the system will apply the "Netsh" command to flush the WLAN filter list.
- if the key does not exist: OfficeScan will not apply the "Netsh" command.
(SEG-22041)
After a session times out, an Active Directory (AD) account user can logon to the OfficeScan web console again without providing a username and password by refreshing the web page.
Solution:
This hotfix resolves the issue to ensure that AD account users are required to provide the login credentials again after refreshing the web page.
(SEG-21589)
The Data Loss Prevention(TM) (DLP) module cannot block multiple files transferred by FTP at the same time.
Solution:
This hotfix updates the DLP module to handle the FTP requests correctly.
(SEG-13599)
When multipart scan is enabled, some information may not appear completely in the violation logs.
Solution:
This hotfix updates the DLP module to ensure that the information in the violation logs are complete.
(SEG-21896)
Sensitive files may leak from Microsoft(TM) Outlook(TM) Web Application (OWA) 2016.
Solution:
This hotfix updates the DLP module to support OWA 2016 to enable it to prevent sensitive file leakage through this application.
(SEG-23620)
The DLP services and IMAPI driver may stop responding or stop unexpectedly during CD/DVD burning operations in Microsoft(TM) Windows(TM) Explorer.
Solution:
This hotfix resolves the issue by updating the DLP module to correct the CD/DVD burning cache read operation in DLP services and refines the flow of the CD/DVD burning event wait in IMAPI driver.
(SEG-22674)
OfficeScan XG EN Hotfix 1842 prevents the OfficeScan agent from deleting the WLAN Profile by checking and configuring the "EnableWhiteListSSID" and "EnableBlockWiredNetwork" settings in "ofcscan.ini". However, the feature will not work if these settings have been configured previously and users need to remove both keys to disable the feature.
Solution:
This hotfix enables users to disable the feature by setting one or both settings to "2".
(SEG-22812)
An issue prevents the Data Loss Prevention(TM) (DLP) module from detecting violations in Yahoo(TM) mail.
Solution:
The hotfix resolves the issue by enabling the DLP module to perform UTF-8 MIME decoding in Yahoo mail.
(SEG-23954)
The system information, product information, product version, and entity icon on the OfficeScan web console do not update automatically.
Solution:
This hotfix updates the OfficeScan XG Patch 1 server file to ensure that the system information, product information, product version, and entity icon are updated promptly.
(SEG-23641)
This hotfix enables OfficeScan XG Patch 1 to monitor the web browser's file upload behavior (Open File Dialog and Drag-n-Drop) for the following websites:
- uploadfiles.io
- Files.im
- smallpdf.com
(SEG-24106)
OfficeScan agents using conventional scan mode and no Internet connection are unable to send Predictive Machine Learning threat queries when 'Use configured Smart Protection Sources for service queries' is enabled.
Solution:
The hotfix resolves the issue by generating the necessary registry values to properly configure the Predictive Machine Learning and 'Use configured Smart Protection Sources for service queries' features.
(SEG-23578)
The DLP module blocks sensitive data from being saved to Gmail Drafts using Microsoft(TM) Internet Explorer(TM).
Solution:
This hotfix disables the monitor_webmail_draft feature by default so OfficeScan does not block sensitive information from being saved to Gmail Drafts.
Procedure:
To configure the monitor_webmail_draft setting:
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Locate the following setting under the "Configure" section and set the preferred value.
- [Configure]
- monitor_webmail_draft=false
- (default) OfficeScan does not block sensitive information in webmail drafts
- monitor_webmail_draft=true
- OfficeScan blocks sensitive information in webmail drafts
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents". The OfficeScan server deploys the settings to OfficeScan agents.
(SEG-19828)
The Microsoft(TM) Windows(TM) 10 services do not start when a protected computer starts.
Solution:
This hotfix implements customized configurations to allow users to enable or disable the VMware ThinApp application detection feature which can help ensure that Windows 10 services start normally.
(SEG-24227)
When OfficeScan detects a violation in Yahoo Mail US, the email address in the "destination" field on the corresponding violation log is preceded by a comma ",".
Solution:
This hotfix enables OfficeScan to run a null field check to remove the extra comma from the email address in the "destination" field of the violation logs.
(SEG-24543)
An issue prevents OfficeScan from blocking sensitive information sent through the HTTP(S) in "dlptest.com".
Solution:
This hotfix ensures that OfficeScan can block sensitive information in "dlptest.com" by adding a new formdata pattern for the site.
(SEG-22651)
An OfficeScan agent computer may stop responding when a certain 3rd-party software is running.
Solution:
This hotfix updates the OfficeScan server files to ensure that the 3rd-party software can run normally in a protected computer.
(SEG-21738)
Microsoft(TM) added a feature in Microsoft Windows(TM) 10 Fall Creators Update (RS3). After this update, the Windows Defender Security Center can no longer recognize the status of the OfficeScan antivirus and firewall.
Solution:
This hotfix enables the OfficeScan agent to report the "substatus" of both the antivirus and firewall to the Windows Security Center so that the Windows Defender Security Center displays the correct antivirus product status.
(SEG-25661)
The PccNtMon service does not apply updates to the Local Area Network (LAN) proxy settings to the proxy settings of Predictive Machine Learning when both the Smart Protection Service and Smart Scan are disabled.
Solution:
This hotfix ensures that changes to the LAN proxy settings are automatically applied to the Predictive Machine Learning proxy settings.
NOTE: If you experience this issue, you need to manually save the LAN proxy setting again after applying this hotfix.
(SEG-26077)
Trend X alerts are disabled unexpectedly.
Solution:
The hotfix prevents OfficeScan from resetting the TrendxAlert registry key when the TmListen service starts if the agent is not a fresh installation.
(SEG-20967)
The Browser Exploit Prevention (BEP) URL history feature may determine that URL A's parent is URL B and then URL B's parent is URL A. This leads to a dead loop when BEP attempts to retrieve the URL chain.
Solution:
This hotfix resolves the issue to prevent the dead loop.
(SEG-25651)
Microsoft(TM) Surface(TM) computers where the OfficeScan agent is installed may stop unexpectedly and experience blue screen of death (BSOD) when the Behavior Monitoring feature is enabled.
Solution:
This hotfix updates the Behavior Monitoring module to resolve the issue.
(SEG-24486)
OfficeScan agents send a sample file even when sample submission is disabled.
Solution:
This hotfix enables OfficeScan agents to always check the "EnableSampleSubmission" key and apply the correct setting so that these agents do not send out sample files when sample submission is disabled.
(SEG-27518)
OfficeScan agents with the program inspection feature enabled may encounter issues with third-party programs due to a conflict with the Memory Scan Trigger pattern (tmmst.ptn/tmmst64.ptn).
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-27654)
A user requests for an API to automate the move and uninstall agent processes.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following keys and set both values to "1".
- [Global Setting]
- EnableMoveNATClient=1
- MoveNATClientRemoveEmptyDomain=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Only "EnableMoveNATClient" will be deployed to client, the path:
- For x64 platforms:
- HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- For x86 platforms:
- HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\
- Key:
- EnableMoveNATClient
- Type: REGDWORD
- Value: 1
(SEG-2184), (SEG-2185), (SEG-2187), (SEG-2189), (SEG-2443)
An issue related to the Trend Micro OfficeScan Firewall driver may cause multiple Privilege Escalation and Pool Corruption vulnerabilities.
Solution:
This critical patch updates the Trend Micro OfficeScan Firewall driver to resolve the vulnerabilities.
(SEG-26512)
This critical patch enables the OfficeScan XG Patch 1 agent program to support Windows 10 (version 1803) April 2018 Update.
(SEG-26986)
When users perform a fresh installation of an OfficeScan agent with conventional scan mode using an ".exe" package or "AutoPcc.exe", the system does not generate some registry keys required by the Predictive Machine Learning feature.
Solution:
This hotfix ensures that the system generates all necessary registry keys when users install an OfficeScan agent with conventional scan mode.
(SEG-28405)
A protected computer may stop responding when "intelNit.sys" and the Behavior Monitoring driver lock onto each other.
Solution:
This hotfix updates the Behavior Monitoring module to enable it to skip an event if "IntelNit.sys" is on the call stack, which resolves this issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory.
- Under the "Global Setting" section, manually add the "SkipIntelNit" key and set its value to "1".
- [Global Setting]
- AegisSkipIntelNit=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipIntelNit
- Type: DWORD
- Value: 1
- Restart the OfficeScan agents.
(SEG-28441)
This hotfix updates the Data Loss Prevention(TM) (DLP) service to support more file uploading sharing websites.
(SEG-21682)
This hotfix updates the DLP service to enable it to detect the sync folder of OneDrive for Business.
(SEG-29454)
The Control Manager server may display an incorrect OfficeScan agent policy deployment status due to a deployment cache error.
Solution:
This hotfix resolves the policy cache handler in the policy cache to ensure that the most updated policy deployment status appears on the Control Manager console.
(SEG-30835)
The Recent file list is missing from the right-click menu on the Microsoft(TM) Windows(TM) taskbar and from the "Start" menu when the Data Loss Prevention(TM) (DLP) Service is enabled.
Solution:
This hotfix resolves this issue by updating the file event scanning procedure for "RuntimeBroker.exe" with the Microsoft Windows Jump List under the "automaticdestinations-ms" folder.
(SEG-28975)
"listDeviceInfo.exe" stops unexpectedly when users connect to any of the following devices:
- Pocket WiFi LTE GL04P
- SoftBank 203HW
Solution:
This hotfix updates the flow of the device instance path information retrieval to solve this issue.
(SEG-26786)
When the "Start Microsoft OneDrive automatically when I sign in to Windows" option is enabled for Microsoft OneDrive, a protected computer locks up and will not respond during the initial sync with OneDrive.
Solution:
This hotfix updates the Behavior Monitoring function to support the Microsoft OneDrive Files On-Demand feature.
(SEG-30810)
Users cannot view device control logs on the Trend Micro Control Manager(TM) console because the OfficeScan server does not upload these logs to Control Manager.
Solution:
This hotfix enables the OfficeScan server to upload device control logs to Control Manager so that users can view these logs on the Control Manager console.
(VRTS-2474), (VRTS-2476), (VRTS-2478)
An attacker may craft a malicious request and cause AMSP to help on creating a process that provides SYSTEM privileges to the attackers.
Solution:
This hotfix updates the AMSP file ("coreCommandmanager.dll") to resolve this issue.
(SEG-27980)
The Behavior Monitoring configuration changes unexpectedly after users import the configuration file using the Server Migration Tool from OfficeScan 11 to OfficeScan XG.
Solution:
This hotfix ensures that the configuration file (ofcscan.ini) records the correct Behavior Monitoring settings retrieved from the root level during server migration to solve this issue.
(SEG-32118)
The Data Loss Prevention(TM) (DLP) module blocks PDF attachments sent through Microsoft(TM) Outlook(TM).
Solution:
This hotfix updates the "DlpClc.xml" DLP template file to solve this issue.
(SEG-33935)
When users register an OfficeScan server to Trend Micro Control Manager(TM) through the OfficeScan web console, the notification message about the integrated Smart Scan server does not appear.
Solution:
This hotfix resolves the issue by updating the related comparison statement to use the correct variable, "iSupportMajorVersion" instead of "iMajorVersion".
(SEG-32547)
Device Control cannot block iPhones on Microsoft(TM) Windows(TM) 10 RS3 and any higher version.
Solution:
This hotfix updates the OfficeScan Data Loss Prevention(TM) (DLP) module to enable Device Control to block iPhones on Windows 10 RS3 and any higher version.
(SEG-32770)
The Device Control setting does not work with USB3.0 CRW-SD/MS USB device drives which have multiple device interfaces.
Solution:
This hotfix resolves the issue by updating the serial number retrieval process to ensure that the DLP Device Control feature captures the correct serial number for the particular USB card reader.
(SEG-31239)
A large number of "SECURITY_PRODUCT_STATE_ON" Windows Event Logs are generated on Windows 10 RS3 computers.
Solution:
This hotfix updates the conditions for Windows Security Center un-registration to help prevent too many "SECURITY_PRODUCT_STATE_ON" Windows Event Logs.
(SEG-32034)
The OfficeScan Predictive Machine Learning feature does not use anonymous information when sending threat information queries to the Trend Micro Backend Machine Learning Service and the Behavior Monitoring feature may share non-anonymous threat information with the Trend Micro Smart Protection Network (SPN).
Solution:
This hotfix updates the OfficeScan agent program and the Behavior Monitoring module to resolve this issue.
(SEG-34168)
After OfficeScan XG Patch 1 Hotfix 1876 is applied, garbled characters appear in the OfficeScan domain information field on the Trend Micro Control Manager(TM) web console.
Solution:
This hotfix updates the OfficeScan server files to ensure that the OfficeScan domain information displays correctly on the Control Manager web console.
Procedure:
To remove the garbled characters that may appear on the Control Manager web console:
- Install this hotfix (see "Installation").
- On the OfficeScan web console, go to "Administration > Settings > Control Manager" and select "Unregister" under the "Connection Status".
- Click " OK" to proceed.
- Specify the Control Manager server IP in "Control Manager Server Settings" and select "Register" to register again.
(SEG-34649)
The alternate update source information remains in the "ous.ini" file after users delete the information from the OfficeScan web console.
Solution:
This hotfix removes an unnecessary entry for the alternate update source information from the "ous.ini" file to solve this issue.
(SEG-29016)
The OfficeScan agent firewall blocks IPv4 broadcast packets.
Solution:
This hotfix adds rules to enable the firewall to accept IPv4 broadcast packets.
(SEG-35281)
This hotfix enables users to configure the Behavior Monitoring autorun function to skip devices in the Device Access Control (DAC) approved list.
Procedure:
To configure the Behavior Monitoring autorun function to skip devices in the DAC approved list:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- SkipDACAutorunJunctionPointerChecking=1
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: SkipDACAutorunJunctionPointerChecking
- Type: REG_DWORD
- Value: 1
(SEG-35784)
When users export a list of agents to a CSV file, domain names that contain a comma (,) or double quotes(") do not display correctly.
Solution:
This hotfix updates the OfficeScan server files to resolve this issue.
(SEG-36626)
Some un-used dialog boxes for the PccNtMon service are pushed to the foreground when the OfficeScan agent computer restarts.
Solution:
This hotfix resolves the issue by updating the OfficeScan agent program.
(SEG-38464)
This critical patch enables the OfficeScan XG agent program to support Microsoft(TM) Windows(TM) 10 (version 1809) October 2018 Update.
(SEG-34901)
The Trend Micro Common Module (EYES) may cause a high CPU usage issue on protected computers.
Solution:
This hotfix updates the Trend Micro Common Module to prevent the high CPU usage issue.
(SEG-40569)
The OfficeScan Master Service may stop unexpectedly if the OfficeScan server cannot parse the domain hierarchy of OfficeScan agents before generating the debug log.
Solution:
This hotfix updates the OfficeScan server program to resolve the issue.
(SEG-38895)
Certain driver files are copied into the "C:\Windows\System32\drivers" folder unexpectedly during Data Loss Prevention(TM) (DLP) updates and as a result, the Data Protection Uninstallation Tool in "DLP_Endpoint_SDK_6.2_Uninstaller.zip" cannot locate and delete these driver files.
Solution:
This hotfix updates the DLP module to ensure that driver files are copied to the correct folder and are not copied unexpectedly into the "C:\Windows\System32\drivers" folder.
(SEG-38653)
The DLP module sends a CD device information query input/output (I/O) control signal to a virtual CD/DVD ROM device created by a Fujisoft USB modem/ethernet card. This type of non-standard CD/DVD device does not support standard CD/DVD ROM I/O control signals.
Solution:
This hotfix updates the DLP module to remove the CD/DVD device information query for virtual CD/DVD ROM devices created by a Fujisoft USB modem/ethernet card.
(SEG-40928)
Duplicate virus detection logs are generated when a real-time scan results in a "Deny access" action or when a manual scan results in a "Pass" action.
Solution:
This hotfix updates the OfficeScan agent program to prevent duplicate virus detection logs.
(SEG-43251)
OfficeScan agents that have been moved to another OfficeScan server through the "Administration > Settings > Agent Connection" page still appear on the source OfficeScan web console.
Solution:
This hotfix updates the OfficeScan agent program to resolve the issue.
(SEG-44624)
The Web Reputation feature blocks suspicious websites even when OfficeScan is in Assessment Mode.
Solution:
This hotfix updates the OfficeScan agent program to prevent it from blocking websites in Assessment Mode.
(SEG-46215)
When users move an OfficeScan 11 agent to an OfficeScan XG Patch 1 server, the agent will not be able to update agent programs to version XG Patch 1 using the OfficeScan XG Patch 1 Update Agent.
Solution:
This hotfix ensures that the OfficeScan XG Patch 1 Update Agent can download the agent update files from the OfficeScan XG Patch 1 server.
(SEG-45053)
After an OfficeScan agent moves to a new OfficeScan server, a mismatched certificate error appears in the OfficeScan system event logs and Windows application event log in both the agent and new server. This happens because the agent sends the move results to the previous server using the new authentication certificate.
Solution:
This hotfix enables the OfficeScan agent to use the original authentication certificate to report the move results to the previous server after it moves to a new server.
(VRTS-3189)
A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.
Solution:
This critical patch updates the OfficeScan server program to remove the vulnerability.
(SEG-39162)
This hotfix enables OfficeScan agents to support the "Scan Exclusions" feature of Real-time Scan in scanning process image files when the "Process Image File Scan" function is enabled.
(SEG-42339)
An OfficeScan agent sends a status update with the firewall policy ID "0" to the OfficeScan server if it cannot detect any network interface controller.
Solution:
This hotfix updates the OfficeScan agent program to skip the status update if it does not detect a network interface controller.
(SEG-48062)
The OfficeScan server may stop responding because there are too many "cgiOnScan.exe" processes running at almost the same time. This occurs when scheduled scan runs on a large number of OfficeScan agents simultaneously.
Solution:
This hotfix resolves this issue by adding a random waiting time function for when OfficeScan agents calls the "cgiOnScan.exe" function.
(SEG-47198)
In a closed network, Ntrtscan.exe stops unexpectedly after the OfficeScan NT RealTime Scan service starts.
Solution:
This hotfix resolves the issue by enabling OfficeScan to check the value of the "LocalScanServerAddress" key under [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\iCRC Scan\Scan Server] and to skip iCRC handler initialization if the value is valid.
(SEG-49674)
This hotfix updates the OfficeScan web console to ensure that invalid UNC paths cannot be added into the Behavior Monitoring exception list.
(SEG-51965)
An issue related to the dynamic unloading of the cURL library may cause the OfficeScan NT RealTime Scan service ("Ntrtscan.exe") to stop unexpectedly.
Solution:
This critical patch updates the OfficeScan agent program to resolve the issue.
(SEG-48892)
When upgrading an OfficeScan client computer to Microsoft(TM) Windows(TM) 10 April 2018 Update (Redstone 4), the Trend Micro Early Boot Clean driver may add unnecessary blank lines to the "ServiceGroupOrder" registry value. This can cause blue screen of death (BSOD) after the agent computer restarts.
Solution:
This critical patch updates the OfficeScan agent program to prevent the Trend Micro Early Boot Clean driver from adding unnecessary blank lines to the "ServiceGroupOrder" registry value.
(SEG-50774)
This critical patch enables the OfficeScan agent program to support Microsoft(TM) Windows(TM) 10 (version 1903) May 2019 Update.
(SEG-53705)
OfficeScan agents running on Microsoft(TM) Windows (TM) 10 cannot upgrade from build 1803 to 1809.
Solution:
This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-46280)
A heap corruption issue in CMAgent causes the OfficeScan "OfcCMAgent.exe" process to stop unexpectedly.
Solution:
This hotfix ensures that the "m_SpyItem11SP1" parameter is initialized properly to prevent the CMAgent heap corruption.
(SEG-53577)
The 3rd-party ICE WebStart program cannot be launched while the OfficeScan Firewall service is running.
Solution:
This hotfix updates the Trend Micro OfficeScan Firewall driver and provides a way to prevent this issue from occurring.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "256".
- [Global Setting]
- PFW_KEventMaxCount=256
- Save the changes and close the file.
- Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmWfp\Parameters
- Key: KEventMaxCount
- Type: REG_DWORD
- Value: 256 (0x100)
- Restart the OfficeScan agents.
(SEG-53947)
The Ransomware count in the "Ransomware Summary" query results does not match the information in "Top Ransomware Detection" query results.
Solution:
This hotfix updates the OfficeScan sever program to ensure that the information in both reports is consistent.
(SEG-54434)
The NTRTScan process stops unexpectedly when a compressed file email attachment is scanned and accessed at the same time.
Solution:
This hotfix updates the OfficeScan agent program to prevent the issue.
(SEG-53943)
The Data Loss Prevention(TM) (DLP) module does not work on the Microsoft Edge web browser.
Solution:
This hotfix updates the DLP module to resolve this issue.
Procedure:
To enable OfficeScan agents to block sensitive information on the Edge web browser.
- Install this hotfix (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the OfficeScan server.
- Under the "Configure" section, manually add the following key and value.
- [Configure]
- ENABLE_DYNAMIC_CODE_POLICY=true
- Save the changes and close the file.
- Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents". The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- enable_dynamic_code_policy=true
(SEG-57173)
An issue prevents users from rolling back OfficeScan agents to a previously installed version after applying OfficeScan XG Patch 1 Critical Patch 1952.
Solution:
This hotfix updates the OfficeScan server program to resolve this issue.
(SEG-59110)
This hotfix updates OfficeScan XG Patch 1 to support OfficeScan agent installation on the Microsoft(TM) Windows(TM) Server 2019 platform.
8. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2019, Trend Micro Incorporated. All rights reserved.
Trend Micro, OfficeScan, Data Loss Prevention, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide