<> Trend Micro Incorporated November 14th, 2023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect for Network Appliance Filers 5.8 - Service Pack 1 Patch 2 English - Windows - 32-bit / 64-bit Critical Patch - Build 1324 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Overview of This Critical Patch Release 1.1. Issues 1.2. Enhancements 1.3. Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1. Installing 4.2. Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Overview of This Critical Patch Release ======================================================================== 1.1. Issues ==================================================================== This Critical Patch resolves the following issue(s): Issue 1: Process StOPP started unexpectedly and might cause service crash sometimes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves the issue. Issue 2: ServerProtect reported several virus alerts in Real-time Scan about virus "+" in "?." after the Virus Scan Engine had upgraded to 22.610-1017. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch resolves the issue. 1.2. Enhancements ==================================================================== The following enhancements are included in this Critical Patch: Enhancement 1: This Critical Patch upgrades the ActiveUpdate and CMAgent SDK module to remove some vulnerabilities. 1.3. Files Included in This Release ==================================================================== -------------------------------------------------------------------- Module File Name Build No. ----------------------------------------------------------------- 32-bit Normal Server AgentClient.dll 5.80.0.1324 Build.exe 2.86.0.1132 DCE.dll 5.80.0.1324 Notification.dll 5.80.0.1324 NtApRPC.dll 5.80.0.1324 Patch.exe 2.86.0.1132 SP5NSLst.ini n/a SPCommonLog.dll 5.80.0.1324 SpntSvc.exe 5.80.0.1324 StCommon.dll 5.80.0.1324 StRpcSrv.dll 5.80.0.1324 StUpdate.exe 5.80.0.1324 TmUpdate.dll 2.86.0.1132 cert5.db n/a ciuas32.dll 0.0.2075 ciussi32.dll 0.0.2074 eng50.dll 5.80.0.1324 expapply.dll 4.2.0 expbuild.dll 4.2.0 icrcauapi.dll 2.83.0.1044 liblwtpciu32.dll 1.0.0.1005 patchbld.dll 12.21 patchw32.dll 12.22 psmc.dll 8.42 spuninst.exe 5.80.0.1324 spuninstrc.dll 5.80.0.1324 tsc.exe 7.5.0.1178 x500.db n/a 64-bit Normal Server AgentClient.dll 5.80.0.1324 Build.exe 2.86.0.1132 DCE.dll 5.80.0.1324 Notification.dll 5.80.0.1324 NtApRPC.dll 5.80.0.1324 Patch.exe 2.86.0.1132 SP5NSLst.ini n/a SPCommonLog.dll 5.80.0.1324 SpntSvc.exe 5.80.0.1324 StCommon.dll 5.80.0.1324 StRpcSrv.dll 5.80.0.1324 StUpdate.exe 5.80.0.1324 StUpdate_32.exe 5.80.0.1324 TmUpdate.dll 2.86.0.1132 cert5.db n/a ciuas32.dll 0.0.2075 ciussi32.dll 0.0.2074 eng50.dll 5.80.0.1324 expapply.dll 4.2.0 expbuild.dll 4.2.0 icrcauapi.dll 2.83.0.1044 liblwtpciu32.dll 1.0.0.1005 patchbld.dll 12.21 patchw32.dll 12.22 psmc.dll 8.42 spuninst.exe 5.80.0.1324 spuninstrc.dll 5.80.0.1324 tsc.exe 7.5.0.1178 tsc64.exe 7.5.0.1178 x500.db n/a Information Server and Management Console Adm_enu.dll 5.80.0.1324 Admin.exe 5.80.0.1324 AgentClient.dll 5.80.0.1324 AgentClient.dll 5.80.0.1324 BIFSender.exe 5.80.0.1324 Build.exe 2.86.0.1132 EarthAgent.exe 5.80.0.1324 ISSetup.dll 28.0.759 Notification.dll 5.80.0.1324 Patch.exe 2.86.0.1132 Quarantine.exe 5.80.0.1324 RemoteInstall.exe 5.80.0.1324 SP5NSLst.ini n/a SP5NSLst.ini n/a StCommon.dll 5.80.0.1324 StUpdate.exe 5.80.0.1324 TmUpdate.dll 2.86.0.1132 cert5.db n/a ciuas32.dll 0.0.2075 ciussi32.dll 0.0.2074 data1.cab n/a data1.hdr n/a data2.cab n/a dce-exe-mssign-v75-1178.zip n/a dce-exe-mssign-x64-v75-1178.zip n/a expapply.dll 4.2.0 expbuild.dll 4.2.0 icrcauapi.dll 2.83.0.1044 libcrypto-3.dll 3.0.8 libcurl.dll 7.88.1 liblwtpciu32.dll 1.0.0.1005 libssl-3.dll 3.0.8 patchbld.dll 12.21 patchw32.dll 12.22 psmc.dll 8.42 setup.exe 5.8 setup.inx n/a spuninst.exe 5.80.0.1324 spuninst.exe 5.80.0.1324 spuninstrc.dll 5.80.0.1324 spuninstrc.dll 5.80.0.1324 tmcomm265-1020.zip n/a x500.db n/a zlibwapi.dll 1.2.11 MCP CMAgent CMAgent.exe 5.80.0.1324 En_BlobConvertUtility.dll 5.0.0.2621 En_I18N.dll 5.0.0.2621 En_Utility.dll 5.0.0.2621 ProductLibrary.dll 5.80.0.1324 SSO_PKIHelper.dll 5.0.0.2621 TrendAprWrapperDll.dll 5.0.0.2621 cgiCmdNotify.exe 5.0.0.2621 libapr-1.dll 1.1.1 libcrypto-3.dll 3.0.8 libcurl.dll 7.88.1 libssl-3.dll 3.0.8 zlibwapi.dll 1.2.11 Patch Files License.txt n/a UpdateComponent.cmd n/a hotfix.ini n/a readme.txt n/a setup.ini n/a tmpatch.exe 2.2.0.1057 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Trend Micro ServerProtect for Network Appliance Filers 5.8 Service Pack 1 Patch 2 Build 1281 - English - Windows - x32-x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1. Installing ==================================================================== To install: This Critical Patch must be installed on the Information Server. After the installation is completed, the Information Server automatically deploys this Critical Patch to all the Normal Servers. NOTE: Do not install this Critical Patch directly on the Normal Server or on the Management Console server. If the installation is unsuccessful, please contact Trend Micro technical support. To apply this Critical Patch on the Information Server: 1. Extract the contents of the "spnaf_580_win_en_hfb1324.zip" Critical Patch file to a temporary folder on the Information Server. 2. If needed, define the target server: a. Open the "hotfix.ini" file in the "filegroup1" folder using a text editor. b. In the "Common" section of "hotfix.ini", locate the "Server=Server_Name" string. c. Replace "Server_Name" with the target server name(s), separating multiple server names with a comma. NOTE: If "Server_Name" is left blank, the hotfix deploys to all Normal Servers managed by the Information Server. d. Save the changes and close the "hotfix.ini" file. 3. Close the Management Console. 4. Run "TmPatch.exe" to copy the Critical Patch files to the correct destination. The License Agreement appears. 5. Read the License Agreement and click "OK" if you agree with the license conditions to finish the installation. NOTES: The setup will not continue if you do not agree to the setup license conditions. The Critical Patch files are automatically deployed to all scan servers managed by the Information Server. To apply this Critical Patch to a Management Console that is not associated with the computer hosting the Information Server or is not installed in the same folder with the Information Server: 1. Apply the Critical Patch to the Information Server. 2. Close the Management Console. 3. Go to the Management Console home directory and back up the following files to another location. admin.exe Adm_enu.dll AgentClient.dll ADM_ENU.chm EventMsg2.dll spuninst.exe spuninstrc.DLL 4. On the Information Server, copy the following files from the Information Server home directory to the Management Console home directory to overwrite the local files. admin.exe Adm_enu.dll AgentClient.dll ADM_ENU.chm EventMsg2.dll spuninst.exe spuninstrc.DLL 4.2. Uninstalling ==================================================================== To roll back to the previous build: 1. On the Normal Server, run the following shell command to stop the Normal Server service: net stop spntsvc 2. On the Information Server, run the following shell command to stop the Trend Micro Management Communication Protocol (MCP) CMAgent service: net stop ServerProtectCMAgent 3. On the Information Server, run the following shell command to stop the Information Server service: net stop earthagent 4. If the Management Console is installed on the same server with the Information Server, open the Information Server's home directory and copy the files from the ".\backup\hfb1324\filegroup10" folder to the current directory. If the Management Console is not installed on the same server with the Information Server, open the Management Console's home directory, and then roll back the following files: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - EventMsg2.dll - spuninst.exe - spuninstrc.DLL 5. On the Information Server, open the Information Server's home directory and copy the files from the applicable subfolder (32-bit or 64-bit) in the ".\backup\hfb1324\filegroup1" folder to the Normal Server's home directory. 6. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\hfb1324\filegroup100" folder to the ".\CMAgent" folder. 7. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\hfb1324\filegroup10\" folder to the current directory. 8. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\hfb1324\filegroup11" folder to the ".\BIF" folder. 9. On the Normal Server, run the following command to start the Normal Server service: net start spntsvc 10. On the Information Server, run the following command to start the MCP CMAgent service: net start ServerProtectCMAgent 11. On the Information Server, run the following command to start the Information Server service: net start earthagent 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1310] Issue 1: Sometimes, virus or spyware pattern update cannot succeed with error code 46 reported. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue. Issue 2: If the sender or recipient address set for notifications exceeds 49 bytes, issues may occur: * The sender address will be truncated on the Management Console. * Notifications cannot be sent to the recipient successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves the issues. Issue 3: Some customers reported that they could not open the management console when port 1000 was occupied by other programs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves this issue. Issue 4: The Normal Server may exit abnormally upon the failure to create the DCE engine process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves this issue. Enhancement 1: This hotfix upgrades the ActiveUpdate module to remove some vulnerabilities. Enhancement 2: This hotfix upgrades the CMAgent SDK module to remove some vulnerabilities. [Critical Patch 1307] Issue 1: Sometimes, the Management Console stops unexpectedly when it receives certain illegal messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves the issue by adding some validity checks to ensure that the Management Console can handle these messages. Issue 2: CMAgent sends incorrect operating system information to Trend Micro Control Manager(TM) when the current operating system is Microsoft(TM) Windows(TM) Server 2022. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch makes sure that CMAgent sends the correct operating system information to Control Manager. Issue 3: The wrong Security Alert title displays on the Message box for ServerProtect for Network Appliance Filers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Critical Patch resolves this issue. Issue 4: Notifications cannot be sent successfully to preferred email addresses that exceed 49 bytes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Critical Patch resolves this issue. Enhancement 1: This Critical Patch resolves some vulnerabilities in the ServerProtect for Network Appliance Filers program. Enhancement 2: This Critical Patch removes some strings that contain password information from the debug log. Enhancement 3: This Critical Patch updates the error string in the Message Box that is triggered when an engine or pattern file update fails. [Critical Patch 1299] Issue 1: Sometimes, users cannot successfully add a freshly-installed Normal Server to an Information Server with a higher version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves this issue. Issue 2: Sometimes, the Normal Server cannot start because the Damage Cleanup Engine (DCE) runs for too long after the system restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch resolves this issue by setting a time-out value for waiting for the DCE to complete its run after the system restarts. Issue 3: Sometimes, RPC scan results are not sent to NetApp ONTAP Antivirus Connector when there are too many scan requests. Some of the scan requests remain in the scan queue until time-out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Critical Patch ensures that all the scan results are sent to NetApp ONTAP Antivirus Connector. Enhancement 1: This Critical Patch removes some vulnerabilities from ServerProtect. [Critical Patch 1295] Enhancement 1: This Critical Patch updates the Virus Scan Engine files to remove certain vulnerabilities. [Hotfix 1294] Issue 1: Sometimes, the spntsvc service stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue. [Critical Patch 1292] Issue 1: The Active Update module is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch updates the Active Update module to resolve the issue. [Critical Patch 1290] Enhancement 1: This critical patch updates the Damage Cleanup Engine (DCE) engine files to remove certain vulnerabilities. Enhancement 2: This critical patch updates the Tmcomm engine files to remove certain vulnerabilities. 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2023, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide