<<<>>> Trend Micro Incorporated August 28, 2020 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for EMC(R) Celerra(TM) 5.8 Critical Patch - Build 1566 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Overview of this Critical Patch Release ======================================================================== 1.1 Resolved Known Issues ===================================================================== This critical patch resolves the following issues: Issue 1: [SPFS Hotfix 1152 JP] Under certain conditions, a heap corruption issue triggers the Japanese version of ServerProtect to stop unexpectedly while its spntsvc service attempts to send an email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch ensures that ServerProtect allocates enough memory to operate to prevent the heap corruption issue so it can send out email notifications normally. Issue 2: [SPNAF Hotfix 1242 EN] A protected computer may encounter blue screen of death (BSoD) when certain virus pattern operations are called at the same time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This critical patch adds the RWLock feature for certain VSAPI functions to make sure that these APIs do not call virus patterns at the same time. Issue 3: [SPFS Hotfix 1169 EN] CMAgent stops responding when it receives certain abnormal commands. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This critical patch enables CMAgent to handle abnormal commands. Issue 4: [SPFS Hotfix 1205 EN] The Message Box notifications have been disabled since Microsoft Windows Server 2008. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This critical patch replaces the "NetMessageBufferSend" function with Windows Terminal Services (WTS) API to re-enable Message Box notifications on Windows Server 2008 and any later versions. Please refer to the following KB link for more details on how to use this feature: https://success.trendmicro.com/intkb/solution/1120585 Issue 5: [SPFS Hotfix 1214 JP] Sometimes, the SPNTSVC process stops unexpectedly because of an invalid memory access issue in "tmnotify.dll". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This critical patch resolves the issue by preventing the invalid memory access issue. Issue 6: [SPFS Hotfix 1216 JP] Sometimes, the "Message-ID" column in notification email messages display duplicate message IDs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This critical patch resolves the issue by ensuring that ServerProtect generates and assigns unique message IDs. Issue 7: [SPFS Hotfix 1220 JP] ServerProtect cannot deploy pattern files if there is a "Program" file in the "C:" drive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This critical patch resolves the issue by ensuring that ServerProtect can deploy pattern files successfully. Issue 8: [SPFS Hotfix 1266 JP] Sometimes, a pattern or engine update fails when it runs while a scheduled scan or manual scan is running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This critical patch resolves this issue by optimizing the pattern lock logic that runs before the specific pattern is loaded. Issue 9: [SPNAF Service Pack 1 Patch 2 1281 EN] The Information Server version disappears from the management console after the Information Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This critical patch resolves this issue by enabling the management console to refresh the version information after the Information Server restarts. Issue 10: [SPNAF Service Pack 1 Patch 2 1281 EN] The Management Communication Protocol (MCP) CMAgent installation fails when the system checks the ServerProtect Information Server version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This critical patch resolves this issue by updating the version information of the "CMAgent.exe" function. Issue 11: The Tmcomm engine file "tmcomm.sys" is not updated in the system driver directory after a new Tmcomm engine version is deployed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This critical patch resolves this issue by ensuring that "tmcomm.sys" is copied to the system driver directory when the Tmcomm engine is updated. Issue 12: The Damage Cleanup Engine (DCE) is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This critical patch updates the DCE engine files to remove the vulnerabilities. Issue 13: The Tmcomm engine is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This critical patch updates the Tmcomm engine files to remove certain vulnerabilities. Issue 14: The Active Update module is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This critical patch updates the Active Update module to remove the vulnerabilities. 1.2 Enhancements ===================================================================== This critical patch includes the following enhancements: Enhancement 1: [Critical Patch 1548 EN] This critical patch enables ServerProtect to use HTTPS for component updates by Active Update. Refer to the following KB for information on how to configure customized security options: https://success.trendmicro.com/solution/000253323 Enhancement 2: [SPFS Hotfix 1179 JP] This critical patch allows users to set the sleep time between scanning each folder during a manual scan or scheduled scan. Adjusting this time interval can help balance ServerProtect's CPU usage with its scan speed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To set the sleep time between scanning each folder during a manual scan or scheduled scan: 1. Install this critical patch (see "Installation"). 2. Open the Registry Editor on the Normal Server. 3. Add the following key and set the time interval in milliseconds. *Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService *Key: ManualScanWaitTime *Type: DWORD *Value: The default value is "0", the unit is milliseconds 4. Restart the Normal Server service. Enhancement 3: [SPFS Patch 1 1194 EN] This critical patch enables ServerProtect to exclude processes during real-time scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure the Exclude Process List: 1. Install this critical patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key: *Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ Exception *Key: ProcessList *Type: Multi-String Value *Value: specify the process full path to this ProcessList Enhancement 4: [SPFS Hotfix 1214 JP] This critical patch enables the Information Server to verify the version information of any Management Console that attempts to connect to it. This helps ensure that the correct Management Console version connects to the Information Server. NOTE: If your Management Console is not installed in the same path as the Information Server, please refer to specific hotfix readme for steps to replace files for the Management Console. Enhancement 5: [SPFS Hotfix 1214 JP] This critical patch enables the Information Server to display its version information in the Management Console middle tree control list by default. NOTE: The Management Console will be able to connect only to an Information Server with the same version. Enhancement 6: [SPFS Hotfix 1224 JP] This critical patch adds an alert log for instances when the last manual scan or task scan did not complete normally. Enhancement 7: [SPNAF Hotfix 1269 EN] This critical patch enables the Normal Server to generate scan fail logs for Manual/Scheduled Scan and Real-time Scan. Enhancement 8: [SPNAF Service Pack 1 Patch 2 1281 EN] This critical patch enables the network send/receive timeout configuration for ActiveUpdate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To configure this feature: 1. Install this critical patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key in Information Server: *32-bit OS: *Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer *64-bit OS: *Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion\ InformationServer *Key: AUNetworkTimeout *Type: String(REG_SZ) *Value: timeout value (Seconds) Enhancement 9: [SPNAF Service Pack 1 Patch 2 1281 EN] This patch enables the network connection timeout configuration for ActiveUpdate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure this feature: 1. Install this critical patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key in the Information Server: *32-bit OS: *Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer *64-bit OS: *Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion\ InformationServer *Key: AUConnectTimeout *Type: String(REG_SZ) *Value: timeout value (Seconds) 1.3 Files Included in this Release ===================================================================== A. Files for Current Issue --------------------------------------------------------------------- Module File Name Build No. ------------------------------------------------------------------ 32-bit Normal Server SpntSvc.exe 5.80.0.1566 StRpcSrv.dll 5.80.0.1566 AgentClient.dll 5.80.0.1566 Build.exe 2.86.0.1113 cert5.db n/a ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 eng50.dll 5.80.0.1566 expapply.dll 8.4.2.0 expbuild.dll 8.4.2.0 icrcauapi.dll 2.5.0.1115 liblwtpciu32.dll 1.0.0.1005 Patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 patchw32.dll 12.21.0.0 psmc.dll 8.4.2.0 StUpdate.exe 5.80.0.1566 TmUpdate.dll 2.86.0.1113 x500.db n/a Notification.dll 5.80.0.1566 StCommon.dll 5.80.0.1566 StOPP.exe 5.80.0.1566 TmNotify.dll 5.80.0.1566 EventMsg2.dll 5.80.0.1566 LogDb.dll 5.80.0.1566 LogDbTool.dll 5.80.0.1566 SPCommonLog.dll 5.80.0.1566 SPLog.conf 5.80.0.1566 log4cxx.dll 5.80.0.1566 DCE.dll 5.80.0.1566 spuninst.exe 5.80.0.1566 Spuninstrc.dll 5.80.0.1566 StRpcCln.dll 5.80.0.1566 TmOpp.dll 5.80.0.1566 SP5NSLst.ini n/a tsc.exe 7.5.0.1152 64-bit Normal Server SpntSvc.exe 5.80.0.1566 StRpcSrv.dll 5.80.0.1566 AgentClient.dll 5.80.0.1566 Build.exe 2.86.0.1113 cert5.db n/a ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 eng50.dll 5.80.0.1566 expapply.dll 8.4.2.0 expbuild.dll 8.4.2.0 icrcauapi.dll 2.5.0.1115 liblwtpciu32.dll 1.0.0.1005 Patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 patchw32.dll 12.21.0.0 psmc.dll 8.4.2.0 StUpdate.exe 5.80.0.1566 StUpdate_32.exe 5.80.0.1566 TmUpdate.dll 2.86.0.1113 x500.db n/a Notification.dll 5.80.0.1566 StCommon.dll 5.80.0.1566 StOPP.exe 5.80.0.1566 TmNotify.dll 5.80.0.1566 EventMsg2.dll 5.80.0.1566 LogDb.dll 5.80.0.1566 LogDbTool.dll 5.80.0.1566 SPCommonLog.dll 5.80.0.1566 SPLog.conf 5.80.0.1566 log4cxx.dll 5.80.0.1566 DCE.dll 5.80.0.1566 spuninst.exe 5.80.0.1566 Spuninstrc.dll 5.80.0.1566 StRpcCln.dll 5.80.0.1566 TmOpp.dll 5.80.0.1566 SP5NSLst.ini n/a tsc.exe 7.5.0.1152 tsc64.exe 7.5.0.1152 Management Console Adm_enu.dll 5.80.0.1566 AgentClient.dll 5.80.0.1566 Admin.exe 5.80.0.1566 expapply.dll 8.4.2.0 expbuild.dll 8.4.2.0 icrcauapi.dll 2.5.0.1115 liblwtpciu32.dll 1.0.0.1005 Patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 patchw32.dll 12.21.0.0 psmc.dll 8.4.2.0 StUpdate.exe 5.80.0.1566 TmUpdate.dll 2.86.0.1113 x500.db n/a spuninst.exe 5.80.0.1566 Spuninstrc.dll 5.80.0.1566 ADM_ENU.chm n/a Information Server AgentClient.dll 5.80.0.1566 EarthAgent.exe 5.80.0.1566 _Setup.dll 12.0.0.49974 data1.cab n/a data1.hdr n/a data2.cab n/a GetRemoteVer.dll 5.80.0.1566 ISSetup.dll 12.0.0.58851 setup.exe 12.0.0.58849 setup.inx n/a Build.exe 2.86.0.1113 cert5.db n/a ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 Notification.dll 5.80.0.1566 TmNotify.dll 5.80.0.1566 StCommon.dll 5.80.0.1566 StUpdate.exe 5.80.0.1566 EventMsg2.dll 5.80.0.1566 StRpcCln.dll 5.80.0.1566 Spuninst.exe 5.80.0.1566 Spuninstrc.dll 5.80.0.1566 msvcr71.dll 7.10.3052.4 BIFSender.exe 5.80.0.1566 libcurl.dll 7.17.1.0 libeay32.dll 1.0.0.1 ssleay32.dll 1.0.0.1 zlib.dll 1.2.2.0 SP5NSLst.ini n/a dce-exe-mssign-v75-1152.zip n/a dce-exe-mssign-x64-v75-1152.zip n/a tmcomm265-1020.zip n/a MCP CMAgent ProductLibrary.dll 5.80.0.1566 CMAgent.exe 5.80.0.1566 cgiCmdNotify.exe 5.0.0.2363 En_BlobConvertUtility.dll 5.0.0.2363 En_I18N.dll 5.0.0.2363 En_Utility.dll 5.0.0.2363 libapr-1.dll 1.1.1.0 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 ssleay32.dll 1.0.2.20 SSO_PKIHelper.dll 5.0.0.2363 TrendAprWrapperDll.dll 5.0.0.2363 zlib.dll 1.2.3.0 CMAgentLog.dll 5.80.0.1566 MySplashScreen.dll 5.80.0.1566 Patch Files Tmpatch.exe 2.2.0.1057 Setup.ini n/a Hotfix.ini n/a readme.txt n/a license.txt n/a B. Files for Previous Issues --------------------------------------------------------------------- Module File Name Build No. ------------------------------------------------------------------ 32-bit Normal Server LogMaster.dll 5.80.0.1566 LogViewer.exe 5.80.0.1566 NtApRPC.dll 5.80.0.1566 64-bit Normal Server LogMaster.dll 5.80.0.1566 LogViewer.exe 5.80.0.1566 NtApRPC.dll 5.80.0.1566 MCP CMAgent ProductUI.zip n/a msvcr71.dll 7.10.3052.4 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com 3. System Requirements ======================================================================== Install this critical patch only on endpoints protected by ServerProtect 5.8 for EMC Celerra English Version Patch 2. You can download this patch from: http://www.trendmicro.com/download 4. Installation ======================================================================== This section explains key steps for installing the critical patch. 4.1 Installing ===================================================================== To install: 1. Close the Management Console. If this is not running at the time of installation, proceed with the next step. 2. If your Information Servers are running on Windows Server 2008 R2 or below, install the x86 version of "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" on your Information Servers before applying this patch. Download the Microsoft package from the following location: https://www.microsoft.com/en-us/download/details.aspx?id=26347 3. If your Normal Servers are running on Windows Server 2008 R2 or below, install "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" on your Normal Servers before applying this patch. The package version depends on the version of the Microsoft Windows Server. 4. Copy the "spemc_580_win_en_criticalpatch1566.exe" critical patch installation file to a temporary folder. 5. Run the critical patch file. The license screen appears. 6. If you disagree with the terms of the legal agreement, choose the "I do not agree with the terms of the legal agreement." option and click "Cancel" to abort the installation. Otherwise, choose the "I accept the terms of the legal agreement" and click "Next". The "readme" appears. 7. Read the contents of the readme carefully and click "Install". The Information Server deploys the patch to Normal Servers 30 seconds after the installation is completed and restarts the ServerProtect services. NOTE: If the installation does not complete successfully, contact Trend Micro technical support. 8. If your Information Server manages a Normal Server that is in a 32-bit OS, open the Management Console, click "Deploy Now" in the "Update" panel to deploy "Anti-rootkit Driver(32 bit)" manually. To apply this critical patch to a Management Console that is not associated with the computer hosting the Information Server: 1. Apply the critical patch to the Information Server. 2. Close the Management Console. 3. Go to the Management Console home directory and backup the following files to another location. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL - ADMIN.INI 4. On the Information Server, copy the following files from the Information Server home directory to the Management Console home directory to overwrite the local files. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 5. Go to the Management Console home directory, add the following key under the section "[ADMINServer]" of the file ADMIN.INI if this key does not exist. If this key exists but its value is not "1", please change its value to "1". ShowISVersion=1 4.2 Uninstalling ===================================================================== To roll back to the previous build: 4.2.1 Uninstallation of Information Server and Normal Server ------------------------------------------------------------------- 1. On the Normal Server, run the following shell command to stop the Normal Server service: net stop spntsvc 2. On the Information Server, run the following shell commands to stop the Trend Micro Management Communication Protocol (MCP) CMAgent service: net stop ServerProtectCMAgent 3. On the Information Server, run the following shell commands to stop the Information Server service: net stop earthagent 4. On the Normal Server, rename the backup files in the ServerProtect home directory and use these to replace the current files. The names of the backup files have ".bak" in the extension. 5. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\criticalpatch1566\filegroup100" folder to the ".\CMAgent" folder. 6. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\criticalpatch1566\filegroup10\" folder to the current directory. 7. On the Normal Server, run the following command to start the Normal Server service: net start spntsvc 8. On the Information Server, run the following commands to start the MCP CMAgent service: net start ServerProtectCMAgent 9. On the Information Server, run the following commands to start the Information Server service: net start earthagent 4.2.2 Uninstalling the Management Console ------------------------------------------------------------------- NOTE: It is not necessary to rollback the Management Console separately. You should rollback the Management Console only when it is not installed on the same machine as the Information Server. 1. On Management Console, open the backup directory of the following files in the installation section: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL - ADMIN.INI 2. Copy the files in the list above to the Management Console home directory to overwrite the local files. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this critical patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2020, Trend Micro Incorporated. All rights reserved. Trend Micro, ServerProtect, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide