<> Trend Micro Incorporated December 31, 2024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for Storage 6.0 Patch 3 - Build 1816 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About Trend Micro ServerProtect for Storage 6.0 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 6.1 Post-Installation Configuration (from Previous Versions) 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About Trend Micro ServerProtect for Storage 6.0 ======================================================================== ServerProtect for Storage 6.0 is an enhanced version of ServerProtect developed exclusively to provide antivirus solutions for NetApp devices, EMC Celerra, VNX/VNXe series and storage devices supporting Internet Content Adaptation Protocol (ICAP) antivirus scanner. 1.1 Overview of this Release =================================================================== This Patch includes all modifications released since ServerProtect for Storage 6.0 General Release Build 1095. 1.2 Who Should Install this Release =================================================================== You should install this patch if you are currently running ServerProtect 5.80 for Microsoft Windows and Netware Patch 5 (English version) Build 1567 or higher. 2. What's New ======================================================================== Note: Please install the Patch/SP before completing any procedures in this section (see "Installation"). This patch addresses the following issues and/or includes the following enhancement(s): 2.1 Enhancements ==================================================================== Enhancement 1: [VRTS-7422][Hotfix 1307 EN] This patch upgrades the ActiveUpdate module to remove some vulnerabilities. Enhancement 2: [VRTS-7412][Hotfix 1307 EN] This patch upgrades the CMAgent SDK module to remove some vulnerabilities. Enhancement 3: [SEG-160182][Hotfix 1329 EN] This patch fixes the issues reported by the Fortify Static Code Analyzer tool. Enhancement 4: [SEG-160181][Hotfix 1329 EN] In some network environments, the Normal Server (NS) cannot resolve the hostname of the Information Server (IS). This patch adds the FIXAgentAddress hidden key to resolve the issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure this feature: 1. Go to the NS machine. 2. Run Regedit to open the Registry Editor. 3. Go to key HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProt ect\CurrentVersion\RPC. 4. Add a key entry (REG_SZ) named "FIXAgentAddress". 5. Set the value of this entry to the IP address of the IS machine. The following is an example: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect \CurrentVersion\RPC Key: FIXAgentAddress Kind: REG_SZ Value: 192.168.0.1 6. Restart the Trend Micro ServerProtect service on the NS machine. Enhancement 5: [TMINTERNAL-217][Critical Patch 1416 EN] This version of ServerProtect for Storage runs with Microsoft Visual C++ 2015 Redistributable Package, which brings an adaptability update for common components. Enhancement 6: [PCT-7980][Hotfix 1424 EN] For certain storage devices, a mechanism to modify the response type is provided to match the standard ICAP protocol. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To modify the response type of the ICAP encapsulated header: 1. Apply this hotfix. 2. Set Regedit on the NS server: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect \CurrentVersion\Engine\IcapSetting] "ResponseType"=dword:00000002 3. Restart the Spntsvc service. Enhancement 7: [PCT-4406][Hotfix 1424 EN] A feature is added to support setting the notification email sending port to 587. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure this feature: 1. Open the Registry Editor. 2. Set Regedit on the NS server: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerPr otect\CurrentVersion\Notification] "SMTPMailServerPort"=dword:0x0000024b 3. Restart the Trend Micro ServerProtect service on the NS server. Enhancement 8: [PCT-18560][Hotfix 1430 EN] This patch reduces the time to get the engine/pattern information to improve the ICAP scan performance. Enhancement 9: This patch supports to upgrade SPNT with version Patch 5 1567 or later to SPFS. 2.2 Resolved Known Issues ===================================================================== NOTE: Please install the release before completing any procedures in this section (see "Installation"). This release resolves the following issue(s): Issue 1: [SEG-136848][Hotfix 1307 EN] Sometimes, virus or spyware pattern updates cannot succeed with error code 46 reported. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch resolves this issue. Issue 2: [SEG-142345][Hotfix 1307 EN] If the sender or recipient address set for notifications exceeds 49 bytes, issues may occur: * The sender address will be truncated on the Management Console. * Notifications cannot be sent to the recipient successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves the issues. Issue 3: [SEG-135026][Hotfix 1307 EN] Some customers reported that they could not open the management console when port 1000 was occupied by other programs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch resolves this issue. Issue 4: [SEG-140254][Hotfix 1307 EN] The Normal Server may exit abnormally upon the failure to create the DCE engine process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch resolves this issue. Issue 5: [SEG-139356][Hotfix 1329 EN] Sometimes, tsc64.exe crashes during startup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch upgrades the DCE module to resolve the issue. Issue 6: [SEG-158693][Hotfix 1329 EN] Spyware alerts could not work properly in storage scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch resolves this issue. Issue 7: [SEG-159874][Hotfix 1329 EN] Users could not save the device list after providing correct username and password in the device list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch extends the password length support from 32 to 48 bytes to resolve the issue. Issue 8: [SEG-190399][Hotfix 1341 EN] ServerProtect reported several virus alerts in Real-time Scan about virus "+" in "?." after the Virus Scan Engine had upgraded to 22.610-1017. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch resolves this issue. Issue 9: [SEG-177705][Hotfix 1341 EN] Process StOPP started unexpectedly and might cause service crash sometimes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch resolves this issue. Issue 10: [PCT-7602][Hotfix 1424 EN] SPFS did not send the latest pattern information to the ONTAP AV Connector after a pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch resolves this issue. Issue 11: [PCT-9846][Hotfix 1424 EN] Sometimes, ICAP scanning causes a Normal Server crash. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch resolves this issue. Issue 12: [SEG-184008][Hotfix 1424 EN] Sometimes, ICAP scanning leads to over 90% of CPU usage by the SpntSvc service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch resolves this issue. Issue 13: [PCT-12467][Hotfix 1428 EN] When scan requests are received with no preview and an empty file, Normal Server returns an error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch resolves this issue. Issue 14: [PCT-9580][Hotfix 1430 EN] When Apex Central only allows specific SSL Cipher list, SPFS failed to register with Apex Central. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch enables SPFS to the "SSL_Cipher_List" value from agent.ini when it tries to connect to Apex Central. Issue 15: [PCT-21706][Hotfix 1430 EN] Occasionally, RPC scanning triggers a Normal Server crash every 30 minutes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch resolves this issue. Issue 16: [PCT-20257][Hotfix 1430 EN] ServerProtect returns "400 Bad Request" if the actual file size does not match the value set in "Content-Length" of the ICAP header. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: ServerProtect supports ignoring the error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 16: Add the following registry key. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\ CurrentVersion\Engine\IcapSetting Key: isCheckingChunkSize Type: DWORD Value: 0 If isCheckingChunkSize is set to 0, the error will be ignored; otherwise the error will not be ignored. Issue 17: [PCT-23907][Hotfix 1430 EN] Though the Named Pipe protocol is not used, the Named Pipe names are still added to "Network access: Named Pipes that can be accessed anonymously". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: If the Named Pipe protocol is not enabled, the Named Pipe names are not added to "Network access: Named Pipes that can be accessed anonymously". Issue 18: [PCT-22921][Hotfix 1430 EN] The ServerProtect service crashes when the "Host" field of the ICAP request is NULL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch resolves this issue. Issue 19: [PCT-25925][Hotfix 1430 EN] In ICAP mode, high CPU utilization occurs on SPFS servers when the filename contains special characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch resolves this issue. Issue 20: [PCT-24094][Hotfix 1431 JP] There are garbled characters in "Match scan actions with the virus type" on the SPFS management console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch resolves this issue. Issue 21: [PCT-38948] If the Normal Server (NS) was remoted installed with a source version between 6.0.1416 and 6.0.1430, the NS may fail to be updated to a higher version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch resolves this issue by removing the requirement of file "tmeng.dll" during the NS update. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining . To access the Online Help, go to http://docs.trendmicro.com - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to https://success.trendmicro.com 4. System Requirements ======================================================================== 4.1 Normal Server: ------------------ * CPU: 2.5-GHz Intel Pentium IV processor or 3.0-GHz EM64T Intel processor or 2.0-GHz AMD Athlon 64-bit processor(or equivalent) * DRAM: Minimum 1-GB, 2-GB recommended * Operating System: - Microsoft Windows Server 2012 Foundation, Essentials, Standard or Datacenter (x64) - Microsoft Windows Server 2012 R2 Foundation, Essentials, Standard or Datacenter (x64) - Microsoft Windows Storage Server 2012 Standard or Workgroup (x64) - Microsoft Windows Storage Server 2012 R2 Standard or Workgroup (x64) - Microsoft Windows Server 2016 Essentials, Standard or Datacenter (x64) - Microsoft Windows Storage Server 2016 Standard or Workgroup (x64) - Microsoft Windows Server 2019 Essentials, Standard, Datacenter (x64) - Microsoft Windows Server IoT 2019 - Microsoft Windows Server 2022 Essentials, Standard, Datacenter (x64) - Microsoft Windows Server IoT 2022 * Disk Space: 1-GB * A CD-ROM drive if local installation is intended. * Network protocols and services: TCP/IP, Microsoft Network and RPC services must be running on Windows Server family operating system. 4.2 Information Server: ----------------------- * CPU: 3.0-GHz Intel Pentium IV processor or 3.0-GHz EM64T Intel processor or 2.0-GHz AMD Athlon 64-bit processor (or equivalent) * DRAM: Minimum 1-GB, 2-GB recommended * Operating System: - Microsoft Windows Server 2012 Foundation, Essentials, Standard or Datacenter (x64) - Microsoft Windows Server 2012 R2 Foundation, Essentials, Standard or Datacenter (x64) - Microsoft Windows Storage Server 2012 Standard or Workgroup (x64) - Microsoft Windows Storage Server 2012 R2 Standard or Workgroup (x64) - Microsoft Windows Server 2016 Essentials, Standard or Datacenter (x64) - Microsoft Windows Storage Server 2016 Standard or Workgroup (x64) - Microsoft Windows Server 2019 Essentials, Standard, Datacenter (x64) - Microsoft Windows Server IoT 2019 - Microsoft Windows Server 2022 Essentials, Standard, Datacenter (x64) - Microsoft Windows Server IoT 2022 * Disk Space: 1-GB * A CD-ROM drive if local installation is intended. * Network protocols and services: TCP/IP, Microsoft Network and RPC services must be running on Windows Server family operating system. * The previously listed services must be running on the installed machine. Trend Micro recommends a minimum bandwidth of 128 kilobits per second to optimize the deployment of component updates between ServerProtect Information Server and Normal Server. If RPC over the named pipe protocol, or TCP is non-functional, ServerProtect 6.0 will automatically switch to another protocol, either named pipe or TCP. To manage Windows Server, an Information Server must be installed. 4.3 Management Console: ----------------------- * CPU: 2.5 GHz Intel Pentium IV processor or 3.0 GHz EM64T Intel processor or 2.0 GHz AMD Athlon 64-bit processor (or equivalent) For Server Environment: * DRAM: Minimum 1-GB, 2-GB recommended * Operating System: - Microsoft Windows Server 2012 Foundation, Essentials, Standard or Datacenter (x64) - Microsoft Windows Server 2012 R2 Foundation, Essentials, Standard or Datacenter (x64) - Microsoft Windows Storage Server 2012 Standard or Workgroup (x64) - Microsoft Windows Storage Server 2012 R2 Standard or Workgroup (x64) - Microsoft Windows Server 2016 Essentials, Standard or Datacenter (x64) - Microsoft Windows Storage Server 2016 Standard or Workgroup (x64) - Microsoft Windows Server 2019 Essentials, Standard, Datacenter (x64) - Microsoft Windows Server IoT 2019 - Microsoft Windows Server 2022 Essentials, Standard, Datacenter (x64) - Microsoft Windows Server IoT 2022 For Client Environment: * DRAM: Minimum 512-MB, 1-GB recommended * Operating System: - Microsoft Windows 8 Professional/Enterprise (x86) - Microsoft Windows 8 Professional/Enterprise (x64) - Microsoft Windows 10 Professional/Enterprise (x86) - Microsoft Windows 10 Professional/Enterprise (x64) - Microsoft Windows 11 Professional/Enterprise * Disk Space: 500-MB * A monitor with a resolution of 1024x768 or higher. * A CD-ROM drive. * Network protocols and services: TCP/IP, Microsoft Network and RPC services must be running on Windows Server family operating system. 4.4 Storage Devices: -------------------- * EMC VNX/VNXe * EMC Celerra * EMC Isilon * EMC Unity * EMC PowerScale * NetApp Storage Devices running Data ONTAP 7.x and 8.x * NetApp Storage Devices running Data ONTAP 9.x * NetApp ONTAP Select 9.x * NetApp Cloud Volumes ONTAP 9.x * Amazon FSx for NetApp ONTAP * IBM N Series running Data ONTAP * Hitachi NAS * HP 3PAR File Persona * Nutanix Files 3.5.2 or later * Huawei OceanStor Storage 4.5 Trend Micro Control Manager: --------------------------------------- * Trend Micro Control Manager 7.0 * Trend Micro Apex Central 2019 5. Installation ======================================================================== 5.1 Installation =================================================================== This Patch must be installed on the Information Server. After the installation is completed, the Information Server automatically deploys this Patch to all the Normal Servers. Important: Do not install this Patch directly on the Normal Server or on the Management Console server. If the installation is unsuccessful, contact Trend Micro technical support. To apply this Patch on the Information Server: 1. Close the Management Console. If the Management Console is not running at the time of installation, proceed to the next step. 2. Check the operating system of your Information Server. If your Information Servers are running on Windows Server 2012 R2 or an earlier version, install "Visual C++ Redistributable for Visual Studio 2015" on your Information Servers before applying this patch. Download the Microsoft package from the following location: https://www.microsoft.com/en-us/download/details.aspx?id=48145 3. Check the operating system of your Normal Server. If your Normal Servers are running on Windows Server 2012 R2 or below, install "Visual C++ Redistributable for Visual Studio 2015" on your Normal Servers before applying this patch. The package version depends on the version of the Microsoft Windows Server. 4. On your Information Server, do the following: a. Copy the "spfs_600_win_en_patch3_b1816_for_spnt.exe" patch installation file to a temporary folder. b. Run the Patch file. The license screen appears. c. Choose the "I accept the terms of the legal agreement" and click "Next". The "readme" appears. d. Click "Install" to start the installation. Wait until the installation is successfully completed. Once the installation is completed, the Information Server automatically deploys this Patch to all the Normal Servers. During the deployment, the Normal Server service will be restarted. Make sure you do not interrupt the service restart. If your Management Console is not associated with the computer hosting the Information Server or is not installed in the same folder with the Information Server, you need to apply the patch on the Management Console server. To apply this Patch on your Management Console server: 1. Make sure you have applied the Patch to the Information Server. 2. Close the Management Console. 3. Go to the Management Console home directory and back up the following files to another location. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - EventMsg2.dll - spuninst.exe - spuninstrc.DLL 4. On the Information Server, copy the following files from the Information Server home directory to the Management Console home directory to overwrite the local files. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - EventMsg2.dll - spuninst.exe - spuninstrc.DLL 5. Go to the Management Console home directory, add the following key under the section "[ADMINServer]" of the file ADMIN.INI if this key does not exist. If this key exists but its value is not "1", please change its value to "1". ShowISVersion=1 5.2 Uninstallation =================================================================== To roll back to the previous build: 5.2.1 Uninstallation of Information Server and Normal Server ------------------------------------------------------------------- 1. On the Normal Server, run the following Shell command to stop the Normal Server service: net stop spntsvc 2. On the Information Server, run the following Shell command to stop the Information Server service: net stop earthagent 3. On the Information Server, run the following Shell command to stop the CMAgent service: net stop ServerProtectCMAgent 4. On the Normal Server, rename the backup files in the ServerProtect home directory and use them to replace the current files. The names of the backup files have "bak" in the extension. 5. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\patch3\ filegroup10" folder to the current directory. 6. On the Information Server, open CMAgent's home directory and copy the files from the "..\backup\patch3\filegroup100" folder to the current directory. 7. On the Information Server, a. Open "Agent.ini" in CMAgent's home directory. b. Set the "Agent_BuildNumber" key in the "Common" section to the previous version. c. Set the "Agent_Version" key in the "Common" section to the previous version. d. Open "Product.ini" in CMAgent's home directory. e. Set the "UpdateInfo" key in the "Product_Info" section to 1. f. Set the "MenuVersion" key in the "Product_Info" section to the previous version. The previous version can be verified in the following file: .\backup\patch3\filegroup100\ProductUI.zip\ProductInfo.xml 8. On the Normal Server, run the following command to start the Normal Server service: net start spntsvc 9. On the Information Server, run the following command to start the Information Server service: net start earthagent 10.On the Information Server, run the following command to start the CMAgent service: net start ServerProtectCMAgent 5.2.2 Uninstalling the Management Console ------------------------------------------------------------------- NOTE: It is not necessary to roll back the Management Console separately. You should roll back the Management Console only when it is not installed on the same machine as the Information Server or when it is not installed in the same folder as the Information Server. 1. On Management Console, open the backup directory of the following files in the installation section: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - EventMsg2.dll - spuninst.exe - spuninstrc.DLL 2. Copy the files in the list above to the management console home directory to overwrite the local files. 6. Post-Installation Configuration ======================================================================== No special post-installation steps are required. NOTE: Trend Micro recommends updating all components immediately after installing the product. 7. Known Issues ======================================================================== Here are the known issues in this release: 7.1 When the delete file feature for HDI storage is enabled, it is possible for a user to access a file before the file is deleted from HDI. =================================================================== ServerProtect for Storage implements this feature after the Real-time Scan Callback function. Since the Callback function is called asynchronously after the scan completes, there is a time gap (shorter than 500ms during testing) between the HDI allowing file access and deleting the file from HDI. Users are able to access files that are to be deleted during the time gap. 7.2 When the delete file feature for HDI storage is enabled, files in HDI may not be deleted successfully if another user is accessing it. =================================================================== Related to Known Issue 7.4, if ServerProtect for Storage deletes files on HDI storage while someone is accessing the file, the file may not be deleted successfully. 7.3 When the delete file feature for HDI storage is enabled, files in HDI may not be deleted successfully if the same files are copied to HDI again within a short period of time. =================================================================== Because of the Windows SMB cache, when the same file is copied to an HDI storage again within a short time, Hitachi Server Protect Agent (HSPA) will not process the file and does not trigger the delete action. Refer to the following KB to disable all three kinds of caches to work around this known issue: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro /windows-7/ff686200(v=ws.10) 7.4 When the delete file feature for HDI storage is enabled and users copy a large number of files to HDI, some of the files that are to be deleted are left on the HDI storage. =================================================================== This is because HSPA misses some files while copying a large number of files to HDI, which prevents ServerProtect from scanning any missing file and triggering the delete action. This issue can be fixed by adding more servers where HSPA is installed to balance the load. 7.5 When the delete file feature for HDI storage is enabled, target files may still be copied from HDI before being deleted. =================================================================== Since HDI does not block the file access before HSPA touches files, there is a short period of time when the files that are to be deleted can still be copied. This issue can be fixed by configuring the "Deny access" setting to "Procedure if scanning fails" under the HDI Scanner servers' scan condition. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Previous releases include the following: - ServerProtect for Storage 6.0 Patch 2, January 12, 2022 - ServerProtect for Storage 6.0 Patch 1, June 19, 2018 - ServerProtect for Storage 6.0, July 13, 2015 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in Patch 1: Enhancement 1: [Hotfix 1107 EN] Asynchronous input/output has been implemented to improve the accepting thread for ICAP servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure the maximum number of threads that can be handled by the accepting thread: 1. Open a registry editor on the Normal Server. 2. Add the following key and set its value to "4": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ IcapSetting Key: AcceptorHandlerThreadsNumber Type: DWORD Value: The default value is 4, but it is sufficient to improve the performance of the accepting thread. 3. Restart the Normal Server service. Enhancement 2: [Hotfix 1124 EN] The ICAP Scanner in ServerProtect for Storage 6.0 now supports ICAP REQMOD requests. The service name for REQMOD requests is "SPFS-AV-REQ" and should be in the following URI format: icap://[IP][:PORT]/SPFS-AV-REQ Enhancement 3: [Hotfix 1135 EN] ServerProtect for Storage 6.0 now displays the long virus names instead of the short virus names. Enhancement 4: [Critical Patch 1164 EN] A special antivirus program compatibility registry key has been added to the Normal Server and Information Server. Microsoft checks for this special registry key value on the computer before running the next Security Update for Windows. Microsoft KB4056892 was released on January 4, 2018 and requires the new registry key be installed before you can apply the update. For more information about Microsoft KB4056892, refer to the following link: https://support.microsoft.com/en-us/help/4056892/ windows-10-update-kb4056892 This registry is created automatically each time spntsvc restarts even after this key has been deleted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To disable this behavior: 1. Open the Registry Editor. 2. Add the following key: Key="HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService" Name="DisableSUVPCompat" Type="REG_DWORD" Value="0x00000001" Enhancement 5: [Hotfix 1178 EN] ServerProtect for Storage can now locate and delete files on HDI storage by true file type. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To enable ServerProtect for Storage to locate and delete files on HDI storage by true file type: 1. On the Normal Server: For 64-bit operating systems, open ".\Trend\SProtect\x64\TFTD.ini". For 32-bit operating systems, open ".\Trend\SProtect\TFTD.ini". 2. Locate "EnableDeleteAction" and set it to "1". NOTE: Set "EnableDeleteAction=0" to disable the feature. 3. Set the HDI server count in the "Count" key under the "ServerList" section. 4. Set HDI server information in the "Server1" key under the "ServerList" section. NOTE: To add more than one HDI server, set the information in "Server2" and so on. 5. Set the true file type count in the "Count" key under the "TrueFileTypeList" section. 6. Set the true file type value in the "FileType1" key. NOTE: To add more than one true file type, set the information in "FileType2" and so on. The true file type value table is defined in "TFTD.ini". Enhancement 6: [Hotfix 1179 EN] Users can now set the sleep time between scanning each folder during a manual scan or scheduled scan. Adjusting this time interval can help balance ServerProtect for Storage's CPU usage with its scan speed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To set the sleep time between scanning each folder during a manual scan or scheduled scan: 1. Open a registry editor on the Normal Server. 2. Add the following key and set the time interval in milliseconds: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: ManualScanWaitTime Type: DWORD Value: The default value is "0", the unit is milliseconds 3. Restart the Normal Server service. Enhancement 7: [SPNT Hotfix 1494 EN] After updating MCP SDK to version 5.0.0.2270, ServerProtect for Storage provides many cipher suites when starting an HTTPS connection. Enhancement 8: [Patch 1 1194 EN] Virus Scan Engine (user mode) has been updated to version 10.000.0.1040 to support more true file type detections. Enhancement 9: [Patch 1 1194 EN] The ICAP client now sends requests without passing the file size by "Content-Length" header or ICAP_HEAD_X_SCAN_FILE_LENGTH. Enhancement 10: [Patch 1 1194 EN] Some ICAP debug level logs have been adjusted to error level logs. Enhancement 11: [Patch 1 1194 EN] ServerProtect for Storage now downloads and deploys Virus Scan Engine (user mode) from the ActiveUpdate server. Enhancement 12: [Patch 1 1194 EN] ServerProtect for Storage can now be configured to exclude processes during real-time scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To configure the Exclude Process List: 1. Open the Registry Editor. 2. Add the following key: Path: "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ Exception" Key: ProcessList Type: Multi-String Value Value: add the process full path to this ProcessList 3. Restart the Normal Server Service "Spntsvc". Enhancement 13: [Patch 1 1194 EN] ServerProtect for Storage now shows the ellipsis sign (...) in server names that are too long in logs. 8.1.2 Resolved Known Issues =================================================================== The following known issues are resolved in Patch 1: Issue 1: [Hotfix 1099 EN] ServerProtect for Storage 6.0 cannot establish connections when it receives 215 or more connection requests within a short period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: ServerProtect for Storage 6.0 now processes connection requests faster to ensure that it can handle up to 500 connection requests received within a short period of time. Issue 2: [Hotfix 1120 EN] A previous hotfix changed the IP string format. As a result, ServerProtect for Storage cannot perform ICAP client validation by IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: ServerProtect for Storage can now perform ICAP client validation by IP address successfully. Issue 3: [Hotfix 1120 EN] If the ServerProtect Normal Server with ICAP mode is installed on the Japanese version of the Windows server, Japanese characters appear in the "Date" header of ICAP responses. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Japanese characters no longer appear in ICAP responses under the scenario described above. Issue 4: [Hotfix 1126 EN] When the C-mode Filer has been removed or unregistered from ServerProtect for Storage but the scanner server is still configured in the C-mode Filer, AV-Connect will still send scan requests to ServerProtect for Storage. As a result, the C-mode Filer may stop responding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The RPC Scanner in ServerProtect for Storage now rejects requests from the AV-Connector if the filer has been removed or unregistered from ServerProtect for Storage. Issue 5: [Hotfix 1126 EN] When the first action fails, the second action does not appear in email virus notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The action description in email virus notifications are now consistent with the information in the corresponding log records. Issue 6: [Hotfix 1133 EN] The ICAP Scanner records a large number of compress violation logs as virus logs, which makes it difficult for users to manage virus logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The ICAP Scanner no longer records compress violation logs as virus logs. If any file in a compressed file is skipped during a scan because of a compress scan policy in ICAP Scanner, the ICAP scanner will record a warning event log. By default, ServerProtect will send these warning event logs to users, but users can prevent ServerProtect from sending these logs through the registry. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To prevent ServerProtect from sending these warning event logs: 1. Open a registry editor on the Normal Server. 2. Add the following key and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ IcapSetting Key: DisableCompressWanLog Type: DWORD Value: 1 NOTE: To receive the logs again, set the key to "0". 3. Restart the Normal Server. Issue 7: [Hotfix 1145 EN] When ServerProtect for Storage 6.0 is installed on Windows Server 2016, the wrong platform version appears on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The correct platform version now appears on the Management Console. Issue 8: [Hotfix 1145 EN] When ServerProtect for Storage 6.0 is installed on Windows Server 2016 and registered to Control Manager, the wrong operating system information appears on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The correct operating system information now appears on the Control Manager console. Issue 9: [Hotfix 1147 EN] When ServerProtect for Storage 6.0 runs, the "SPNTSVC.exe" process goes up to over 90% of CPU utilization, and it remains at that level. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The CPU usage of the "SPNTSVC.exe" process has been reduced to ensure that the program works normally. Issue 10: [Hotfix 1148 EN] When ServerProtect for Storage 6.0 is running, the file name with a leading space is sent to the scanner through a scan request, and the scanner returns a "400 bad request" response to HNAS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The scanner now treats the request as a normal scan request. Issue 11: [Hotfix 1150 EN] When ServerProtect for Storage 6.0 restarts, the corresponding item on the Control Manager console appears yellow and does not go back to green until after the Trend Micro Management Communication Protocol (MCP) Control Manager Agent (CMAgent) service has restarted again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The Information Server now restarts before the MCP CMAgent so that ServerProtect for Storage 6.0 appears in green on the Control Manager console after it restarts. Issue 12: [Hotfix 1152 JP] Under certain conditions, a heap corruption issue triggers the Japanese version of ServerProtect for Storage 6.0 to stop unexpectedly while its spntsvc service attempts to send an email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: ServerProtect for Storage now allocates enough memory to operate to prevent the heap corruption issue so it can send out email notifications normally. Issue 13: [Hotfix 1154 JP] Before scanning a compressed file, ServerProtect first determines whether the file can be scanned or not by checking if the contents exceed the maximum size configured by the user. There is no limit to the value that users can set the maximum content size to on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The Management Console no longer allows users to set the maximum content size to any value larger than 2 GB. Issue 14: [Hotfix 1158 EN] In ICAP mode, the ICAP server returns a code "400 bad request" error if it receives an ICAP request containing a file name with illegal characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: The workflow has been updated to enable ServerProtect for Storage to create a temporary file after receiving an ICAP request to make sure that the ICAP server works normally when the request contains a file name with illegal characters. Issue 15: [Hotfix 1158 EN] In ICAP mode, the ICAP server returns a code "400 bad request" error if it receives an ICAP request with certain file names from an ICAP client. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: The workflow for extracting file names from ICAP requests has been updated to ensure that file names are extracted correctly. Issue 16: [Hotfix 1158 EN] When an ICAP client uses an HTTP persistent connection in ICAP mode, the ICAP server closes the connection to this ICAP client after it sends a "400 bad request" response to the ICAP client. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: The ICAP server now closes the connection to an ICAP client on an HTTP persistent connection in ICAP mode only after it sends a "408 request timeout" response to the ICAP client. Issue 17: [Hotfix 1160 EN] When ServerProtect for Storage receives a large number of RPC scan requests during a pattern update, the RPC scan threads might stall and running scans may fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: A read-write lock has been added for pattern operations to help ensure that scans proceed normally during pattern updates. Issue 18: [Hotfix 1163 JP] When ServerProtect for Storage scans files in a C-mode filer, it will request to set up an SMB session each time it opens a file. As a result, it takes longer to scan files in C-mode filers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: All scan threads now establish a persistent network connection for every C-mode filer address sent from the AV connector. This eliminates the need to set up an SMB session each time ServerProtect for Storage opens a file in a C-mode filer for scanning. Issue 19: [Hotfix 1169 EN] The CMAgent stops responding when it receives certain abnormal commands. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: CMAgent can now handle these abnormal commands. Issue 20: [SPNT Hotfix 1465 EN] An issue prevents the exclusion extensions setting from working normally after the Normal Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: The issue has been resolved to ensure that the exclusion extensions setting works normally. Issue 21: [SPNT Hotfix 1467 JP] The CMAgent for ServerProtect may stop unexpectedly while running vulnerability scanner tools. This happens if the CMAgent receives unexpected data from any of the vulnerability scanner tools which then trigger an exception error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: The ServerProtect CMAgent can now handle the exception, which helps prevent it from stopping unexpectedly when it receives unexpected data from vulnerability scanner tools. Issue 22: [SPNT Hotfix 1468 JP] The ServerProtect CMAgent stops unexpectedly after starting simultaneously with Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: The ServerProtect CMAgent now works normally. Issue 23: [SPNAF Hotfix 1244 JP] The "spntsvc.exe" service may stop unexpectedly while attempting to free the "NtApRpc.dll" library when the RPC scan threads are handling scan requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: ServerProtect now forces RPC scan threads to exit in time when the"spntsvc.exe" service frees the "NtApRpc.dll" library. Issue 24: [Patch 1 1194 EN] In email notifications of the ICAP storage, the "Infection Source" section shows the Normal Server's computer name. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: The "Infection Source" field now displays the IP address of the storage server. Issue 25: [Patch 1 1194 EN] In log records of the ICAP storage, the "Infection Source" section shows "None", and the "User" section shows the IP address of the storage server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: The "Infection Source" field now shows the IP address of the storage server while the "User" field shows the IP address of the storage server in log records of the ICAP storage. Issue 26: [Patch 1 1194 EN] Control Manager 7.0 cannot manually download the patchagent for ServerProtect for Storage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: The patchagent information has been added to the profile that is sent to Control Manager. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== The following enhancements are included in Patch 2: Enhancement 1: [SEG-32649][Hotfix 1214 JP] Information Server - This patch enables the Information Server to verify the version information of any Management Console that attempts to connect to it. This helps ensure that the correct Management Console version connects to the Information Server. NOTE: If your Management Console is not installed in the same path as the Information Server, please refer to Section 5.1 Installation for the steps to replace files for the Management Console. Enhancement 2: [SEG-32649][Hotfix 1214 JP] Management Console - This patch enables the Information Server to display its version information in the Management Console middle tree control list by default. NOTE: The Management Console will be able to connect only to an Information Server with the same version. Enhancement 3: [SEG-32258][Hotfix 1214 JP] CMAgent - This patch enables CMAgent to keep its previous status (registered/unregistered) after a hotfix is applied. Enhancement 4: [SEG-40399][Hotfix 1224 JP] Manual/Scheduled Scan - This patch adds an alert log for instances when the last manual scan or task scan did not complete normally. Enhancement 5: [SEG-42430][Hotfix 1227 JP] ICAP scan - This patch removes the file name validation in ICAP mode. Enhancement 6: [VRTS-3827][VRTS-5859][VRTS-6664] [Critical Patch 1256 EN][Critical Patch 1284 EN] This patch resolves some vulnerabilities. Enhancement 7: [SEG-78499][Hotfix 1266 JP] Storage Scan - This patch improves the scan performance by allowing users to set the maximum number of threads for sending scan results to each storage device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To configure this option: 1. Install this patch (see "Installation"). 2. Open a registry editor on the Normal Server. 3. Add the following key and set it to the preferred maximum number of threads. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ Filers Key: SendResultThreadsNumberForEachFiler Type: DWORD Value: maximum number of threads, the default value is "1", supports any integer from 1 to 64. 4. Restart the Normal Server. Enhancement 8: [VRTS-4737][VRTS-6226][Critical Patch 1268 EN] Damage Cleanup Engine - This patch updates the Damage Cleanup Engine (DCE) engine files to remove certain vulnerabilities. Enhancement 9: [VRTS-4600][Critical Patch 1268 EN] Tmcomm Engine - This patch updates the Tmcomm engine files to remove certain vulnerabilities. Enhancement 10: [SEG-27595][SPNT Hotfix 1518 JP] Management Console - This patch enables ServerProtect to use an ellipsis (...) when displaying server names that are too long in logs. Enhancement 11: [SEG-60808][SPNT Critical Patch 1548 EN] ActiveUpdate - This patch enables ServerProtect to use HTTPS for component updates by Active Update. Refer to the following KB for information on how to configure customized security options: https://success.trendmicro.com/solution/000253323 Enhancement 12: [SEG-48873][SPNAF Hotfix 1269 EN] Scan Fail Log - This patch enables the Normal Server to generate scan fail logs for Manual/Scheduled Scan, Real-time Scan and Netapp Storage Scan. Enhancement 13: [SEG-66143][SPNAF Service Pack 1 Patch 2 1281 EN] ActiveUpdate - This patch enables the network send/receive timeout configuration for ActiveUpdate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 13: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key in the Information Server: 32-bit Operating System: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer 64-bit Operating System: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion\ InformationServer Key: AUNetworkTimeout Type: String(REG_SZ) Value: timeout value (Seconds) Enhancement 14: [SEG-66143][SPNAF Service Pack 1 Patch 2 1281 EN] ActiveUpdate - This patch enables the network connection timeout configuration for ActiveUpdate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key in the Information Server: 32-bit Operating System: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer 64-bit Operating System: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion\ InformationServer Key: AUConnectTimeout Type: String(REG_SZ) Value: timeout value (Seconds) Enhancement 15: [SEG-122871] Debug Log - This patch removes some strings that contain password information from the debug log. Enhancement 16: [SEG-123670] Normal server Dump generation - This patch adds dump generation feature when Normal Server crashes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 16: To enable this behavior: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following keys: Path: LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ SpntService Key: EnableDumpGeneration Type: REG_DWORD Value: The default value is "0", which disables dump generation. Setting this key to "1" enables dump generation. Key: DumpPath Type: REG_SZ Value: Dump generation path (eg."C:\DumpFiles") 4. Restart the Normal Server service. NOTES: 1. The feature works only when both keys are set. 2. "DumpPath" should be set to an existing path. Enhancement 17: [SEG-123670][SEG-127109] Log Database File - This patch enables ServerProtect to send a Windows event log notification when the log database file behaves abnormally. Enhancement 18: [SEG-123138] ActiveUpdate - This patch updates the error string in the Message Box an engine or pattern file update fails. 8.2.2 Resolved Known Issues =================================================================== The following known issues are resolved in Patch 2: Issue 1: [SEG-28895][Hotfix 1205 EN] The Message Box notifications is disabled since Microsoft(TM) Windows(TM) Server 2008. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch replaces the "NetMessageBufferSend" function with Windows Terminal Services (WTS) API to re-enable Message Box notifications on Windows Server 2008 and any later versions. Please refer to the following KB link for more details on how to use this feature: https://success.trendmicro.com/solution/1120585 Issue 2: [SEG-34307][Hotfix 1214 JP] Sometimes, the SPNTSVC process stops unexpectedly because of an invalid memory access issue in "tmnotify.dll". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves the issue by preventing the invalid memory access issue. Issue 3: [SEG-38240][Hotfix 1216 JP] Sometimes, the "Message-ID" column in notification email messages display duplicate message IDs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch resolves the issue by ensuring that ServerProtect for Storage generates and assigns unique message IDs. Issue 4: [SEG-39038][Hotfix 1218 EN] When users choose to deploy only pattern updates from the Information Server to the Normal Server, the pattern version in the "ISTag" key of the corresponding ICAP response is not updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch ensures that the ICAP server responds with the correct pattern version in the "ISTag" key under the scenario described above. Issue 5: [SEG-37036][Hotfix 1220 JP] ServerProtect for Storage cannot deploy pattern files if there is "Program" file under the C drive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch resolves the issue by ensuring that ServerProtect for Storage could deploy pattern files successfully. Issue 6: [SEG-43807][Hotfix 1226 EN] CMAgent sends incorrect operating system information to Trend Micro Control Manager(TM) when the current operating system is Windows Server 2019. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch makes sure that CMAgent submits the correct operating system information. Issue 7: [SEG-42430][Hotfix 1227 JP] The ICAP Scanner of ServerProtect for Storage sometimes cannot extract the correct file name when the full file path contains Japanese characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch ensures that ServerProtect for Storage extracts the filenames correctly. Issue 8: [SEG-52883][Hotfix 1243 EN] Sometimes, file scan fails on Network Appliance Cluster-Mode devices when the server name for ServerProtect for Storage contains lowercase letters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that file scans are successful even when the server name for ServerProtect for Storage contains lowercase letters. Issue 9: [SEG-45992][Hotfix 1243 EN] A "The specified network password is not correct" error appears when users add devices with long domain names on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch resolves this issue by extending the size of the array that holds domain names. Issue 10: [SEG-49268][Hotfix 1243 EN] In "keep-alive" mode, ServerProtect for Storage may respond with an "ICAP/1.0 501 Not implemented" message even when the error occurred in the previous ICAP request. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch enables ServerProtect for Storage to close the TCP connection after it sends the ICAP error code response. Issue 11: [SEG-67526][Critical Patch 1256 EN] The Normal Server uninstallation mechanism does not notify the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch ensures that the Information Server is always notified of Normal Server uninstallation. Issue 12: [SEG-70066][Hotfix 1259 EN] The Normal Server notifies the EMC storage to flush old pattern or engine files even if the pattern or engine was not be updated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch ensures that the Normal Server notifies the EMC storage to flush old pattern or engine files only after a successful pattern or engine update. Issue 13: [SEG-82190][Critical Patch 1268 EN] The ICAP server returns a "500 Server Error" code to Nutanix when scanning certain zero size files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch resolves this issue by updating the scanning process. Issue 14: [VRTS-4962][Critical Patch 1270 EN] The ActiveUpdate module is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch updates the ActiveUpdate module to resolve the issue. Issue 15: [SEG-91075][Hotfix 1273 EN] A stack overflow issue causes the spntsvc service to stop unexpectedly and prevents it from restarting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch resolves the stack overflow issue. Issue 16: [SEG-98502][Hotfix 1279 EN] Sometimes, the following error displays after users click the "Download Now" icon on the Management Console. "Failed to complete this operation. Your file waiting to be printed was deleted." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch resolves this issue by enabling ServerProtect to dynamically load the "TmUpdate.dll" ActiveUpdate library. Issue 17: [SEG-98747][Hotfix 1279 EN] Sometimes, when a pattern or engine update runs during a scheduled scan or manual scan, and fails, some related files remain locked. This can cause the Normal Server to stop responding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch resolves this issue by enabling ServerProtect to release locked resources completely after a pattern or engine update fails. Issue 18: [SEG-100881][Hotfix 1279 EN] Virus infection logs are not recorded in the Windows Event log for the ICAP Scanner of ServerProtect for Storage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch ensures that virus infection logs are recorded in the Windows Event log for the ICAP Scanner. Issue 19: [SEG-105031][Critical Patch 1284 EN] Sometimes, users cannot successfully add a freshly-installed Normal Server to an Information Server with a higher version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch resolves this issue. Issue 20: [SEG-107349][Critical Patch 1284 EN] Sometimes, the Normal Server cannot start because the DCE runs for too long after the system restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch resolves this issue by setting a time-out value for waiting for the DCE to complete its run after the system restarts. Issue 21: [SEG-114346][Critical Patch 1284 EN] Sometimes, RPC scan results are not sent to NetApp ONTAP Antivirus Connector when there are too many scan requests. Some of the scan requests remain in the scan queue until time-out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch ensures that all the scan results are sent to NetApp ONTAP Antivirus Connector. Issue 22: [SEG-32642][SPNT Hotfix 1518 JP] When the Information Server's home path is added to the scan exclusion folder, it will be deleted unexpectedly after ServerProtect downloads a component update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch ensures that the Information Server's home path is not deleted unexpectedly from the scan exclusion folder while ServerProtect downloads component updates. Issue 23: [SEG-45591][SPNT Hotfix 1521 JP] When the Information Server password is longer than 16 characters, silent installation fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch ensures that silent installation runs normally under the scenario described above. Issue 24: [SEG-51168][SPNT Hotfix 1528 JP] The status of a Normal Server appears as "service stop" on the Control Manager web console but the ServerProtect web console indicates that the Normal Server is working normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch resolves the issue by adding a validity check when the MCP CMAgent receives the response for the CMD_REGISTER command from the Information Server. Issue 25: [SPFS-247][SPNAF Service Pack 1 Patch 2 1281 EN] The Information Server version disappears from the Management Console after the Information Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch resolves this issue by enabling the Management Console to refresh the version information after the Information Server restarts. Issue 26: [SEG-86584][SPNAF Hotfix 1294 EN] Sometimes, the spntsvc service stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch resolves this issue. Issue 27: [SEG-127881] CMAgent sends incorrect operating system information to Control Manager when the current operating system is Windows Server 2022. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch makes sure that CMAgent submits the correct operating system information. Issue 28: [SEG-127460] Sometimes, the Management Console stops unexpectedly when it receives certain illegal messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch resolves the issue by adding some validity checks to ensure that the Management Console can handle these messages. 9. Files Included in This Release ======================================================================== Module Filename Build No. ------------------------------------------------------------------- 32-bit Normal Server AgRpcCln.dll 6.00.0.1816 AgentClient.dll 6.00.0.1816 Build.exe 2.86.0.4044 CheckEVC.dll 6.00.0.1816 CheckSecurityPatch.dll 6.00.0.1816 CheckUsr.dll 6.00.0.1816 DCE.dll 6.00.0.1816 DCEEvent.dll 6.00.0.1816 DCEOut.dll 6.00.0.1816 DllForWin2008.dll 6.00.0.1816 EventMsg2.dll 6.00.0.1816 GetRemoteVer.dll 6.00.0.1816 HDITakeAction.exe 6.00.0.1816 LogDb.dll 6.00.0.1816 LogDbTool.dll 6.00.0.1816 LogMaster.dll 6.00.0.1816 LogViewer.exe 6.00.0.1816 NetworkTrap.exe 6.00.0.1816 Notification.dll 6.00.0.1816 NtApRPC.dll 6.00.0.1816 NtIcapServer.dll 6.00.0.1816 Patch.exe 2.86.0.4044 RpcCrypt.dll 6.00.0.1816 SP5NSLst.ini n/a SPCommonLog.dll 6.00.0.1816 SPLog.conf n/a ScanNow.exe 6.00.0.1816 ServiceTray.exe 6.00.0.1816 SetDefaultMsg.dll 6.00.0.1816 SetDefaultMsgRc.dll 6.00.0.1816 SetUserInfo.exe 6.00.0.1816 SpTrace.dll 6.00.0.1816 SpntSvc.exe 6.00.0.1816 StCommon.dll 6.00.0.1816 StHotFix.exe 6.00.0.1816 StOPP.exe 6.00.0.1816 StRpcCln.dll 6.00.0.1816 StRpcSrv.dll 6.00.0.1816 StUpdate.exe 6.00.0.1816 StWatchDog.exe 6.00.0.1816 TMNotify.dll 6.00.0.1816 TmOpp.dll 6.00.0.1816 TmRpcSrv.dll 6.00.0.1816 TmUpdate.dll 2.86.0.4044 TmdMon.exe 6.00.0.1816 cert5.db n/a ciuas32.dll 0.0.2075 ciussi32.dll 0.0.2074 eng50.dll 6.00.0.1816 expapply.dll 5.2.0 expbuild.dll 4.2.0 icrcauapi.dll 2.83.0.1044 libcrypto-3.dll 3.1.0 liblwtpciu32.dll 1.0.0.1005 libssl-3.dll 3.1.0 loadhttp.dll 1.32.0.1018 log4cxx.dll 10.0.1 log.conf n/a TFTD.ini n/a mfc140u.dll 14.0.23026.0 msvcp140.dll 14.00.23026.0 patchbld.dll 12.21 patchw32.dll 12.22 psmc.dll 8.42 rmvnssvc.exe 6.00.0.1816 spuninst.exe 6.00.0.1816 spuninstrc.dll 6.00.0.1816 startnssvc.exe 6.00.0.1816 tmeng.dll 6.800-1034 tsc.exe 7.5.0.1186 vcruntime140.dll 14.00.23026.0 VSAPI32.dll 21.600.0.1007 x500.db n/a 64-bit Normal Server AgRpcCln.dll 6.00.0.1816 AgentClient.dll 6.00.0.1816 Build.exe 2.86.0.4044 CheckEVC.dll 6.00.0.1816 CheckSecurityPatch.dll 6.00.0.1816 CheckUsr.dll 6.00.0.1816 DCE.dll 6.00.0.1816 DCEEvent.dll 6.00.0.1816 DCEOut.dll 6.00.0.1816 DCEOut64.dll 6.00.0.1816 DllForWin2008.dll 6.00.0.1816 EventMsg2.dll 6.00.0.1816 GetRemoteVer.dll 6.00.0.1816 HDITakeAction.exe 6.00.0.1816 LogDb.dll 6.00.0.1816 LogDbTool.dll 6.00.0.1816 LogMaster.dll 6.00.0.1816 LogViewer.exe 6.00.0.1816 NetworkTrap.exe 6.00.0.1816 Notification.dll 6.00.0.1816 NtApRPC.dll 6.00.0.1816 NtIcapServer.dll 6.00.0.1816 Patch.exe 2.86.0.4044 RpcCrypt.dll 6.00.0.1816 SP5NSLst.ini n/a SPCommonLog.dll 6.00.0.1816 SPLog.conf n/a ScanNow.exe 6.00.0.1816 ServiceTray.exe 6.00.0.1816 SetDefaultMsg.dll 6.00.0.1816 SetDefaultMsgRc.dll 6.00.0.1816 SetUserInfo.exe 6.00.0.1816 SpTrace.dll 6.00.0.1816 SpTrace32.dll 6.00.0.1816 SpntSvc.exe 6.00.0.1816 StCommon.dll 6.00.0.1816 StHotFix.exe 6.00.0.1816 StOPP.exe 6.00.0.1816 StRpcCln.dll 6.00.0.1816 StRpcSrv.dll 6.00.0.1816 StUpdate.exe 6.00.0.1816 StUpdate_32.exe 6.00.0.1816 StWatchDog.exe 6.00.0.1816 TMNotify.dll 6.00.0.1816 TmOpp.dll 6.00.0.1816 TmRpcSrv.dll 6.00.0.1816 TmUpdate.dll 2.86.0.4044 TmdMon.exe 6.00.0.1816 cert5.db n/a ciuas32.dll 0.0.2075 ciussi32.dll 0.0.2074 eng50.dll 6.00.0.1816 expapply.dll 5.2.0 expbuild.dll 4.2.0 icrcauapi.dll 2.83.0.1044 libcrypto-3-X64.dll 3.1.0 liblwtpciu32.dll 1.0.0.1005 libssl-3-X64.dll 3.1.0 loadhttp.dll 1.32.0.1018 log4cxx.dll 10.0.1 log.conf n/a TFTD.ini n/a mfc140u.dll 14.0.23026.0 msvcp140.dll 14.00.23026.0 patchbld.dll 12.21 patchw32.dll 12.22 psmc.dll 8.42 rmvnssvc.exe 6.00.0.1816 spuninst.exe 6.00.0.1816 startnssvc.exe 6.00.0.1816 tsc.exe 7.5.0.1186 tsc64.exe 7.5.0.1186 vcruntime140.dll 14.00.23026.0 VSAPI32.dll 21.600.0.1007 VSAPI64.dll 21.600.0.1007 x500.db n/a Information Server and Management Console Adm_enu.dll 6.00.0.1816 Admin.exe 6.00.0.1816 AgentClient.dll 6.00.0.1816 BIFSender.exe 6.00.0.1816 Build.exe 2.86.0.4044 CheckEVC.dll 6.00.0.1816 CheckSecurityPatch.dll 6.00.0.1816 CheckUsr.dll 6.00.0.1816 DeployTool.exe 6.00.0.1816 EarthAgent.exe 6.00.0.1816 EventMsg2.dll 6.00.0.1816 GetRemoteVer.dll 6.00.0.1816 ISReg.dll 1.0.0.1007 ISSetup.dll 28.0.759 NotifMsg.ini n/a Notification.dll 6.00.0.1816 Patch.exe 2.86.0.4044 Quarantine.exe 6.00.0.1816 RemoteInstall.exe 6.00.0.1816 Rpc4Setup.dll 6.00.0.1816 RpcCrypt.dll 6.00.0.1816 SP5NSLst.ini n/a SetUserInfo.exe 6.00.0.1816 SpTrace.dll 6.00.0.1816 SpnwClient.dll 6.00.0.1816 StCommon.dll 6.00.0.1816 StHotFix.exe 6.00.0.1816 StRpcCln.dll 6.00.0.1816 StUpdate.exe 6.00.0.1816 TMCrypt.dll 1.0.0.1007 TMNotify.dll 6.00.0.1816 TMReg.dll 1.0.0.1007 TmRpcSrv.dll 6.00.0.1816 TmUpdate.dll 2.86.0.4044 TmdMon.exe 6.00.0.1816 Tmnotify_v1.dll 6.00.0.1816 cert5.db n/a ciuas32.dll 0.0.2075 ciussi32.dll 0.0.2074 data1.cab n/a data1.hdr n/a data2.cab n/a dce-exe-mssign-v75-1186.zip n/a dce-exe-mssign-x64-v75-1186.zip n/a expapply.dll 5.2.0 expbuild.dll 4.2.0 icrcauapi.dll 2.83.0.1044 layout.bin n/a libcrypto-3.dll 3.0.8 libcurl.dll 7.88.1 liblwtpciu32.dll 1.0.0.1005 libssl-3.dll 3.0.8 loadhttp.dll 1.32.0.1018 mfc140u.dll 14.0.23026.0 mfc80u.dll 8.00.50727.762 msvcp140.dll 14.00.23026.0 msvcp80.dll 8.00.50727.762 msvcr80.dll 8.00.50727.762 patchbld.dll 12.21 patchw32.dll 12.22 psmc.dll 8.42 rmvagsvc.exe 6.00.0.1816 setup.exe 6.0.0.0 setup.iss n/a setup.inx n/a 0x0409.ini n/a spuninst.exe 6.00.0.1816 spuninstrc.dll 6.00.0.1816 startagsvc.exe 6.00.0.1816 tmeng.dll 6.800-1034 tsc.exe 7.5.0.1186 tsc64.exe 7.5.0.1186 vcruntime140.dll 14.00.23026.0 x500.db n/a zlibwapi.dll 1.2.11 Server+Protect+for+Storage+6.0+3P+Licenses+11.13.14.docx ADM_ENU.chm n/a MCP CMAgent CMAgent.exe 6.00.0.1816 CMAgentLog.dll 6.00.0.1816 En_BlobConvertUtility.dll 5.0.0.2614 En_I18N.dll 5.0.0.2614 En_Utility.dll 5.0.0.2614 MySplashScreen.dll 6.00.0.1816 ProductLibrary.dll 6.00.0.1816 SSO_PKIHelper.dll 5.0.0.2614 TrendAprWrapperDll.dll 5.0.0.2614 cgiCmdNotify.exe 5.0.0.2614 libapr-1.dll 1.5.2 libcrypto-3.dll 3.0.8 libcurl.dll 7.88.1 libssl-3.dll 3.0.8 msvcp140.dll 14.00.23026.0 vcruntime140.dll 14.00.23026.0 zlibwapi.dll 1.2.11 ProductUI.zip Patch Files License.txt n/a Readme.txt n/a TMPatch.exe 2.2.0.1057 UpdateComponent.cmd n/a hotfix.ini n/a setup.ini n/a 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2024, Trend Micro Incorporated. All rights reserved. Trend Micro, ServerProtect, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide