<<<>>> Trend Micro Incorporated August 31, 2020 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) 5.80 English Version for Microsoft(TM) Windows(TM) and Novell(TM) Netware(TM) Patch 5 - Build 1567 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About ServerProtect 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About ServerProtect ====================================================================== ServerProtect is an award-winning software that protects file servers on corporate networks. It is specifically designed to protect the entire network from viruses of any kind by adopting advanced virus-catching technology to help ensure that your network stays virus-free. ServerProtect detects new file infections, identifies viruses in existing files, and detects activity indicating that an unknown virus may have entered the network environment on either the server or workstation. 1.1 Overview of this Release =================================================================== This Patch includes all modifications released since ServerProtect 5.80 General Release Build 1116. 1.2 Who Should Install this Release =================================================================== You should install this Patch if you are running ServerProtect 5.80 for Microsoft Windows and Netware Build 1116 or any higher version. 2. What's New ====================================================================== NOTE: Please install this Patch before completing any procedure in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== The following enhancements are included in this release: Enhancement 1: [Critical Patch 1515 EN] [Critical Patch 1517 JP] Antivirus Program Compatibility - This patch adds a special antivirus program compatibility registry key to the Normal Server and Information Server. Microsoft checks for this special registry key value on the computer before running the next Security Update for Windows. Microsoft KB4056892 was released in January 4, 2018 and requires the new registry key installed before you can apply the update. For more information about Microsoft KB4056892, refer to the following link: https://support.microsoft.com/en-us/help/4056892/ windows-10-update-kb4056892 This registry is created automatically each time spntsvc restarts even after this key has been deleted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To disable this behavior: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key: * Path: "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ SpntService" * Key = "DisableSUVPCompat" * Type="REG_DWORD" * Value="0x00000001" Enhancement 2: [Hotfix 1518 JP] Management Console - This patch enables ServerProtect to use an ellipsis (...) when displaying server names that are too long in logs. Enhancement 3: [Hotfix 1528 JP] Product Profile - This patch updates the ServerProtect for Windows/Netware product profile to remove redundant information about the old ProductID. Enhancement 4: [Critical Patch 1548 EN] ActiveUpdate - This patch enables ServerProtect to use HTTPS for component updates by Active Update. Refer to the following KB for information on how to configure customized security options: https://success.trendmicro.com/solution/000253323 Enhancement 5: [SPFS Hotfix 1179 JP] Manual/Scheduled Scans - This patch allows users to set the sleep time between scanning each folder during a manual scan or scheduled scan. Adjusting this time interval can help balance ServerProtect for Windows/Netware's CPU usage with its scan speed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To set the sleep time between scanning each folder during a manual scan or scheduled scan: 1. Install this patch (see "Installation"). 2. Open the Registry Editor on the Normal Server. 3. Add the following key and set the time interval in milliseconds. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: ManualScanWaitTime Type: DWORD Value: The default value is "0", the unit is milliseconds 4. Restart the Normal Server service. Enhancement 6: [SPFS Patch 1 1194 EN] Real-Time Scan - This patch enables ServerProtect for Windows/Netware to exclude processes during real-time scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To configure the Exclude Process List: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ Exception Key: ProcessList Type: Multi-String Value Value: specify the process full path to this ProcessList Enhancement 7: [SPFS Hotfix 1214 JP] Management Console - This patch enables the Information Server to verify the version information of any Management Console that attempts to connect to it. This helps ensure that the correct Management Console version connects to the Information Server. NOTE: If your Management Console is not installed in the same path as the Information Server, please refer to Section 5.1 Installation for the steps to replace files for the Management Console. Enhancement 8: [SPFS Hotfix 1214 JP] Management Console - This patch enables the Information Server to display its version information in the Management Console middle tree control list by default. NOTE: The Management Console will be able to connect only to an Information Server with the same version. Enhancement 9: [SPFS Hotfix 1224 JP] Alert Log - This patch adds an alert log for instances when the last manual scan or task scan did not complete normally. Enhancement 10: [SPNAF Hotfix 1269 EN] Scan Fail Log - This patch enables the Normal Server to generate scan fail logs for Manual/Scheduled Scan and Real-time Scan. Enhancement 11: [SPNAF Service Pack 1 Patch 2 1281 EN] ActiveUpdate - This patch enables the network send/receive timeout configuration for ActiveUpdate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 11: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key in Information Server: 32-bit OS: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer 64-bit OS: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion\ InformationServer Key: AUNetworkTimeout Type: String(REG_SZ) Value: timeout value (Seconds) Enhancement 12: [SPNAF Service Pack 1 Patch 2 1281 EN] ActiveUpdate - This patch enables the network connection timeout configuration for ActiveUpdate. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To configure this feature: 1. Install this patch (see "Installation"). 2. Open the Registry Editor. 3. Add the following key in the Information Server: 32-bit OS: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer 64-bit OS: Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion\ InformationServer Key: AUConnectTimeout Type: String(REG_SZ) Value: timeout value (Seconds) 2.2 Resolved Known Issues =================================================================== This release resolves the following issues: Issue 1: [Hotfix 1518 JP] When the Information Server's home path is added to the scan exclusion folder, it will be deleted unexpectedly after ServerProtect downloads a component update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch ensures that the Information Server's home path is not deleted unexpectedly from the scan exclusion folder while ServerProtect downloads component updates. Issue 2: [Hotfix 1519 EN] CMAgent sends incorrect operating system information to Trend Micro Control Manager(TM) when the current operating system is Windows Server 2019. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch makes sure that CMAgent submits the correct operating system information. Issue 3: [Hotfix 1521 JP] Silent installation fails when the Information Server password is longer than 16 characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch ensures that silent installation proceeds normally under the scenario described above. Issue 4: [Hotfix 1524 JP] Normal Server silent installation fails on a target server running Windows Server 2016 if the corresponding source server (Information Server) was installed using any installation package released before ServerProtect 5.8 Repack 3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch ensures that users can silently install the Normal Server on a target server running Windows Server 2016. Issue 5: [Hotfix 1528 JP] The status of a Normal Server appears as "service stop" on the Control Manager web console but the ServerProtect web console indicates that the Normal Server is working normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch resolves the issue by adding a validity check when the MCP CMAgent receives the response for the CMD_REGISTER command from the Information Server. Issue 6: [Critical Patch 1538 EN] A silent installation may fail if administrators install ServerProtect using a Repack 4 package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch ensures that a silent installation proceeds normally when using ServerProtect Repack 4 package. Issue 7: [Critical Patch 1538 EN] The MCP Agent SDK is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This patch upgrades the MCP Agent SDK to remove certain vulnerabilities. Issue 8: [SPFS Hotfix 1152 JP] Under certain conditions, a heap corruption issue triggers the Japanese version of ServerProtect for Windows/Netware 5.8 to stop unexpectedly while its spntsvc service attempts to send an email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that ServerProtect for Windows/Netware allocates enough memory to operate to prevent the heap corruption issue so it can send out email notifications normally. Issue 9: [SPNAF Hotfix 1242 EN] A protected computer may encounter blue screen of death (BSoD) when certain virus pattern operations are called at the same time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch adds the RWLock feature for certain VSAPI functions to make sure that these APIs do not call virus patterns at the same time. Issue 10: [SPFS Hotfix 1169 EN] CMAgent stops responding when it receives certain abnormal commands. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch enables CMAgent to handle abnormal commands. Issue 11: [SPFS Hotfix 1205 EN] The Message Box notifications are disabled since Microsoft Windows Server 2008. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch replaces the "NetMessageBufferSend" function with Windows Terminal Services (WTS) API to re-enable Message Box notifications on Windows Server 2008 and any later versions. Please refer to the following KB link for more details on how to use this feature: http://intkb.trendmicro.com/solution/ default.aspx?alttemplate= esupportenhancesolution&mode= preview&locale=en-US&solutionId=1120585 Issue 12: [SPFS Hotfix 1214 JP] Sometimes, the SPNTSVC process stops unexpectedly because of an invalid memory access issue in "tmnotify.dll". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch resolves the issue by preventing the invalid memory access issue. Issue 13: [SPFS Hotfix 1216 JP] Sometimes, the "Message-ID" column in notification email messages display duplicate message IDs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch resolves the issue by ensuring that ServerProtect for Windows and Netware generates and assigns unique message IDs. Issue 14: [SPFS Hotfix 1220 JP] ServerProtect for Windows/Netware cannot deploy pattern files if there is a "Program" file in the "C:" drive. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch resolves the issue by ensuring that ServerProtect for Windows/Netware can deploy pattern files successfully. Issue 15: [SPFS Hotfix 1266 JP] Sometimes, a pattern or engine update fails when it runs while a scheduled scan or manual scan is running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch resolves this issue by optimizing the pattern lock logic that runs before the specific pattern is loaded. Issue 16: [SPNAF Service Pack 1 Patch 2 1281 EN] The Information Server version disappears from the management console after the Information Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch resolves this issue by enabling the management console to refresh the version information after the Information Server restarts. Issue 17: [SPNAF Service Pack 1 Patch 2 1281 EN] The Management Communication Protocol (MCP) CMAgent installation fails when the system checks the ServerProtect Information Server version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch resolves this issue by updating the version information of the "CMAgent.exe" function. Issue 18: The Tmcomm engine file "tmcomm.sys" is not updated in the system driver directory after a new Tmcomm engine version is deployed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch resolves this issue by ensuring that "tmcomm.sys" is copied to the system driver directory when the Tmcomm engine is updated. Issue 19: The default AU source switches to "https" after the Information Server restarts even when it has been manually set to "http". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch resolves this issue by ensuring that the default AU source can be changed to "https" only when the patch is freshly installed. Issue 20: The Damage Cleanup Engine (DCE) is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch updates the DCE engine files to remove certain vulnerabilities. Issue 21: The Tmcomm engine is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch updates the Tmcomm engine files to remove certain vulnerabilities. Issue 22: The Active Update module is affected by certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch updates the Active Update module to remove certain vulnerabilities. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining ServerProtect. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get ServerProtect "up and running". - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Refer to the ServerProtect for Microsoft Windows and Netware 5.80 readme file for the complete list of system requirements. 5. Installation/Uninstallation ====================================================================== 5.1 Installation =================================================================== To apply this Patch from the same computer as the Information Server: 1. Close the Management Console. If this is not running at the time of installation, proceed with the next step. 2. If your Information Servers are running on Windows Server 2008 R2 or below, install the x86 version of "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" on your Information Servers before applying this patch. Download the Microsoft package from the following location: https://www.microsoft.com/en-us/download/details.aspx?id=26347 3. If your Normal Servers are running on Windows Server 2008 R2 or below, install "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" on your Normal Servers before applying this patch. The package version depends on the version of the Microsoft Windows Server. 4. If the current version of your Information Server is not ServerProtect for Microsoft Windows and Novell NetWare 5.8 Patch 4 (English Version), install it before applying this patch. 5. Copy the "spnt_580_win_en_patch5_b1567.exe" patch installation file to a temporary folder. 6. Run the Patch file. The license screen appears. 7. If you disagree with the terms of the legal agreement, choose the "I do not agree with the terms of the legal agreement." option and click "Cancel" to abort the installation. Otherwise, choose the "I accept the terms of the legal agreement" and click "Next". The "readme" appears. 8. Read the contents of the readme carefully and click "Install". A message-box may appear to remind you that the Trend Micro Management Communication Protocol (MCP) Control Manager Agent (CMAgent) for ServerProtect will be installed when the MCP CMAgent is not installed on the Information Server. 9. If your Information Server manages a Normal Server that is in a 32-bit OS, open the Management Console, click "Deploy Now" in the "Update" panel to deploy "Anti-rootkit Driver(32 bit)" manually. To apply this Patch to a Management Console that is not associated with the computer hosting the Information Server: 1. Apply the Patch to the Information Server. 2. Close the Management Console. 3. Go to the Management Console home directory and backup the following files to another location. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL - ADMIN.INI 4. On the Information Server, copy the following files from the Information Server home directory to the Management Console home directory to overwrite the local files. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 5. Go to the Management Console home directory, add the following key under the section "[ADMINServer]" of the file ADMIN.INI if this key does not exist. If this key exists but its value is not "1", please change its value to "1". ShowISVersion=1 5.2 Uninstallation =================================================================== To roll back to the previous build: 5.2.1 Uninstallation of Information Server and Normal Server ------------------------------------------------------------------- 1. On the Normal Server, if the Normal Server is a Microsoft Normal Server, run the following Shell command to stop the Normal Server service: net stop spntsvc If the Normal Server is a NetWare Normal Server, press the "Esc" to stop the Normal Server service. 2. On the Information Server, run the following Shell command to stop the Information Server service: net stop earthagent 3. On the Information Server, run the following Shell command to stop the CMAgent service: net stop ServerProtectCMAgent 4. On the Normal Server, if the Normal Server is a Microsoft Normal Server, rename the backup files in the ServerProtect home directory and use them to replace the current files. The names of the backup files have "bak" in the extension. If the Normal Server is a NetWare Normal Server, open the "sys\SPROTECT\SERVICE" folder and copy the "sys\SPROTECT" folder to it to overwrite the "lprotect.nlm" file. 5. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup_patch5\filegroup10" folder to the current directory. 6. On the Information Server, open CMAgent's home directory and copy the files from the "..\backup_patch5\filegroup103" folder to the current directory. 7. On the Information Server, a. Open "Agent.ini" in CMAgent's home directory. b. Set the "Agent_BuildNumber" key in the "Common" section to the previous version. c. Set the "Agent_Version" key in the "Common" section to the previous version. d. Open "Product.ini" in CMAgent's home directory. e. Set the "UpdateInfo" key in the "Product_Info" section to "1". f. Set the "MenuVersion" key in the "Product_Info" section to the previous version. The previous version can be verified in the following file: .\backup_patch5\filegroup103\ProductUI.zip\ProductInfo.xml 8. On the Normal Server, if the Normal Server is a Microsoft Normal Server, run the following command to start the Normal Server service: net start spntsvc If the Normal Server is a NetWare Normal Server, run the following command to start the Normal Server service: SPNW.NCF 9. On the Information Server, run the following command to start the Information Server service: net start earthagent 10.On the Information Server, run the following command to start the CMAgent service: net start ServerProtectCMAgent 5.2.2 Uninstallation of MCP CMAgent ------------------------------------------------------------------- Since MCP CMAgent will be installed by default from this patch, Trend Micro does NOT recommend uninstalling MCP CMAgent. 5.2.3 Uninstalling the Management Console ------------------------------------------------------------------- NOTE: It is not necessary to rollback the Management Console separately. You should rollback the Management Console only when it is not installed on the same machine as the Information Server. 1. On Management Console, open the backup directory of the following files in the installation section: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL - ADMIN.INI 2. Copy the files in the list above to the Management Console home directory to overwrite the local files. 6. Post-installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There is no known issue in this release. 8. Release History ====================================================================== Previous releases include the following: - ServerProtect for Microsoft Windows and Netware 5.80 Patch 4, August 18, 2017 - ServerProtect for Microsoft Windows and Netware 5.80 Patch 3, July 23, 2014 - ServerProtect for Microsoft Windows and Netware 5.80 Patch 2, January 14, 2011 - ServerProtect for Microsoft Windows and Netware 5.80 Patch 1, May 21, 2010 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== The following enhancements are included in Patch 1: Enhancement 1: Log-purging Based on Database Size/Age - The "SpntLog.dbf" file records ServerProtect logs. Users can now configure ServerProtect to create a backup for this file when the database file exceeds the specified size or number of days, After ServerProtect creates the backup file, it generates an empty database file and renames the backup file using the time when the backup file was created in the following format: Spnt(YYYYMMDDhhmmss)_S.dbf (if triggered by database size) Spnt(YYYYMMDDhhmmss)_D.dbf (if triggered by database age) where "YYYYMMDDhhmmss" is year, month, day, hour, minute, and seconds. For example, if the backup file for "SpntLog.dbf" is created on October 24, 2001, 12 seconds after 10:53 am, and the database size exceeds the specified size, ServerProtect will rename the backup file as "Spnt20011024105312_S.dbf". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: 1. Open a registry editor on normal server. 2. Add the following keys and set the appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: MaxDbSize (maximum database size, in MB) MaxDbDay (maximum database age, in days) Type: DWORD Default Value: if the keys do not exist, ServerProtect purges logs when the database exceeds 10 MB 3. Restart the Normal Server. Note: These two keys are independent of each other, which means that you can add one or both keys. Enhancement 2: Extension Exclusion: Patch 2 enables users to configure ServerProtect to exclude certain file name extensions from scans through the management console. 8.1.2 Resolved Known Issues =================================================================== The following known issues are resolved in Patch 1: Issue 1: For the Information Server, users can use the scan profile as a template when they configure ServerProtect to run "Scan Now" tasks. Using the template allows the user to exclude the quarantine and backup folders from task scans. Users can enable the function by setting "RecordBack&Move=1" manually. However, a user requests that this key be enabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The "RecordBack&Move" option has been removed and users can now configure ServerProtect to exclude the quarantine and backup folders from task scans by default using the "Scan Now" settings. Issue 2: When users right-click the "Virus Cleanup Engine" column on the management console, the corresponding details are shown correctly. However, when users close and reopen the management console, the "Virus Cleanup Engine" column disappears. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: The Normal Server restarts when the deploy task includes the Rootkit Common Module (RCM) even when all components are up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. Issue 4: The Information Server encounters a general protection fault (GPF) while decrypting Remote Procedure Call (RPC) commands from the Normal Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The Information Server can now successfully decrypt RPC commands from the Normal Server. Issue 5: The following issues occur during ServerProtect pattern deployment: - NetWare needs to allocate 30 to 50 MB of memory for the deployment which may cause memory allocation failure. - While the Information Server is sending the pattern file to NetWare and the network connection is interrupted, there is no re-send process to ensure the success of the transfer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The "SPNT" ServerProtect pattern deployment process has been added to enable: - NetWare to allocate only 4 KB of memory at a time to pattern deployment. - the Information Server to re-send the pattern file to NetWare when the network connection is interrupted during transfer. Issue 6: The Normal Server stops unexpectedly when users click the Normal Server to view logs from the management console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The multi-thread mutex mechanism for querying the log database has been improved to resolve the issue. Issue 7: When a user restores the Information Server from the backup data, the created Task Data cannot be restored successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This issue has been resolved. Issue 8: Some users encounter a high CPU usage issue after a pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: Users can now disable "tsc.exe" to prevent the high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To disable "tsc.exe", open the registry editor, create the following key, and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: DisableTSCAfterPatternUpdate Type: DWORD Values: "1" = disables "tsc.exe" "0" = enables "tsc.exe" Issue 9: After migrating ServerProtect from version 5.7 or 5.58 to 5.8, a "No spyware detected" log is created in the scan results on the Normal Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This issue has been resolved. Issue 10: The generated email notification message IDs are incorrect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This issue has been resolved. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== There are no enhancements in Patch 2. 8.2.2 Resolved Known Issues =================================================================== The following known issues are resolved in Patch 2: Issue 1: When a pattern file update runs before a previous update task completes, the pattern file update fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: ServerProtect can now support multiple update tasks running simultaneously and now uses a time-out mechanism for update tasks. ServerProtect now also automatically terminates update tasks that do not complete within 30 minutes and creates new update tasks for these. Issue 2: Trend Micro Vulnerability Scanner can only detect ServerProtect versions released before version 5.8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: ServerProtect 5.8 now processes specific unencrypted RPC commands from the Trend Micro Vulnerability Scanner. This enables the Trend Micro Vulnerability Scanner to detect ServerProtect 5.8. Issue 3: To provide better protection, Trend Micro has made some improvements on the virus pattern file. However, this upgrade may introduce performance issues. To prevent these issues, users need to enable the Pattern Off-Load (POL) feature of the VSAPI virus scan engine, but the POL feature is not configurable in ServerProtect on a Novell NetWare Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Users cannot configure the VSAPI POL feature in ServerProtect on a Novell NetWare Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure the POL feature: 1. On the Novell Netware Server, open the "spnwopt.ini" using a text editor. 2. Add the "POLEnable" key and set the appropriate value. POLEnable = "1" = enables the POL feature = "0" or when the key does not exist, disables the POL feature 3. Save the changes and close the file. Issue 4: Some unreadable characters may be inserted in the subject headers of SMTP notification email messages when these subject headers are encoded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Users can now enable or disable the encoding of email subject headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To enable or disable the encoding of email subject headers, add the following key to the registry and set the appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Notification Key: EnableEncode Type: DWORD Value: "0", disables the encoding of email subject headers "1", enables the encoding of email subject headers Issue 5: ServerProtect 5.80 Information Servers cannot deploy pattern information to managed ServerProtect 5.58 Normal Servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This issue has been resolved. Issue 6: BSOD may occur in "SpntSvc.exe" when a Normal Server tries to retrieve pattern file information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: ServerProtect now uses an exclusion algorithm for pattern-related APIs which resolves the issue. Issue 7: Sometimes, some unreadable characters are inserted in the message body of SMTP notification email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The message body of SMTP notification email messages are translated from Shift-JIS format to JIS format. Issue 8: "Spntsvc.exe" stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The RPC communication process between Information Servers and Normal Servers has been improved to resolve this issue. Issue 9: ServerProtect for Microsoft Windows and Novell Netware 5.8 uses the SSAPTN pattern (component id = 0x20000400) to scan for spyware and grayware. However, status logs that the ServerProtect agent sends to the Control Manager server contain the following incorrect line:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: Users can now configure the ServerProtect agent to use "SLF_TMASSA" instead of "SLF_SpywareVersion" in status logs that it sends to the Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure the ServerProtect agent to use "SLF_TMASSA" in status logs that it sends to the Control Manager Server, open a registry editor, create the following key, and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT Key: EnableTMASSA Type: DWORD Value: "0", use "SLF_SpywareVersion" "1", use "SLF_TMASSA" Issue 10: When ServerProtect for Microsoft Windows and Novell Netware attempts to perform a component update, the update fails and a "20110013" error occurs. This causes a soft abend (abnormal termination) in ServerProtect for Microsoft Windows and Novell Netware. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This issue has been resolved. Issue 11: By default, when "SpntSvc" starts, it waits for the Damage Cleanup Engine (DCE) to complete its scan before continuing with its own start up process. If DCE takes too long to scan, "SpntSvc" times out and does not start. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This issue has been resolved. Issue 12: After ServerProtect Microsoft Windows and Novell Netware registers to the Control Manager server, ServerProtect for Microsoft Windows and Novell Netware command log and virus log entries are sent to the Control Manager server's "tb_AVVirusLog" table. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: Now, only ServerProtect for Microsoft Windows and Novell Netware virus log entries are sent to the Control Manager server's "tb_AVVirusLog" table. Issue 13: ServerProtect for Microsoft Windows and Novell Netware cannot record a "ssaptn pattern out of date" message for pattern files that have version numbers above 997 even if the pattern file has been out-of-date for some time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: ServerProtect for Microsoft Windows and Novell Netware now uses the "last modify time" information of the pattern file instead of the internal timestamp information to resolve this issue. Issue 14: When the Information Server starts up, the system generally produces a new GUID, which is used to encrypt an RPC package and cannot be configured. Every time the Information Server starts up, the system changes the GUID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: Users can now prevent the system from changing the GUID during startup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To configure the GUID setting: 1. Open the registry editor on the Information Server. 2. Add the following key and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer Key: GUIDSwith Type: DWORD Value: "1", to Disable GUID change "0", enables GUID change Issue 15: ServerProtect 5.8 is unable to update the spyware pattern from version 0.9xx.00 to 1.xxx.00 or higher. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: ServerProtect 5.8 can now update the spyware pattern from version 0.9xx.00 to 1.xxx.00 or higher. Issue 16: When a computer restarts, the RCM will be uninstalled and the "PermCount" registry key of RCM is sometimes lost or its value increases to more than two. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: The installation type of RCM has been modified so the installation keeps the driver after using RCM or restarting. RCM is no longer uninstalled automatically when the computer restarts and "PermCount" remain normal. Issue 17: The Control Manager agent of ServerProtect 5.80 encounters a GPF when sending event logs to the Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This issue has been resolved. 8.3 Patch 3 =================================================================== 8.3.1 Enhancements =================================================================== The following enhancements are included in Patch 3: Enhancement 1: Normal Server Updates - Users can now configure an Information Server to regularly check the build version of Normal Servers and to automatically send a command to a Normal Server to download and apply the latest hotfix or patch if it detects that the Normal Server's build version is lower than the latest hotfix or patch on the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: 1. Open a registry editor on the Information Server. 2. Add the following keys and set the appropriate values. Paths: - 32-bit Information Servers: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion - 64-bit Information Servers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion Keys: - AutoUpdateNS=1, enables the feature =0, (default) disables the feature - AutoUpdateNSTime= frequency at which the Information checks the build version of Normal Servers in minutes divided by two, the default value is 30 which means 30*2=60 minutes or 1 hour Type: DWORD Enhancement 2: Product Information Updates - ServerProtect now regularly sends product information updates to the BIF server. These updates contain product information including the activation keys for ServerProtect and use the "template.xml" file. Enhancement 3: ServerProtect Icon - Users can now set whether the ServerProtect for Microsoft Windows Server and Novell Netware Icon appears or does not appear in the taskbar of Windows versions higher than Windows Server 2003. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure this option: 1. Open a registry editor on the Normal Server. 2. Add the following key and set the preferred value. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: isServiceTrayDisabled Type: DWORD Value: 1 = the ServerProtect icon does not appear in the Windows taskbar 0 = (default) ServerProtect icon appears in the Windows taskbar 3. Restart ServerProtect. Enhancement 4: MCP - ServerProtect for Microsoft Windows Server and Novell Netware now supports MCP and allows users to register it to Control Manager through the ServerProtect Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure this option: 1. Install this patch and install MCP CMAgent or migrate TMI CMAgent to MCP CMAgent. 2. Click "Start > ServerProtect Management Console". 3. Do one of the following -Click CMAgent Setting on the side bar. -Click "Do > CMAgent Setting" on the main menu. 4. Input the corresponding information, and register to Control Manager (see online help of ServerProtect Management Console for details). NOTE: Install the "tmcm-55-win-en-sp1-patch4" update or higher version release for Control Manager 5.5, or install "tmcm_60_sp1_win_en_hfb2182" update or higher version release for Control Manager 6.0. ServerProtect may display a wrong group folder name on Management Console. See Known Issues for details. 8.3.2 Resolved Known Issues =================================================================== The following known issues are resolved in Patch 3: Issue 1: Hotfix versions recorded in the Information Server change to incorrect values after the ServerProtect for Microsoft Windows and Netware Normal Server updates files from the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The correct hotfix versions are now recorded in the Information Server. Issue 2: Sometimes the ServerProtect for Microsoft Windows Normal Server cannot load the Rootkit Common Module (RCM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The ServerProtect for Microsoft Windows Normal Server to load the RCM without issues. Issue 3: A component update fails when the Normal Server does not create an RPC binding with the Information Server. While the Information Server has multiple IP addresses, it only uses one IP address in this situation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The Normal Server can now be configured to create an RPC binding using a fixed IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To set the Information Server's fixed IP address: 1. Add the following key to the registry and set an appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\RPC Key: FIXAgentAddress Type: REG_SZ Value: Information Server's fixed IP address 2. Open the "SPNSOPT.dat" file and set the value of the "HostName" key under the "FixedComputerIP" section to the preferred IP address: For example [FixedComputerIP] HostName=172.31.0.80 Issue 4: A handle leak issue occurs on "SpntSvc.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The handle leak issue is resolved. Issue 5: The Management Console receives a failed update message when the Information Server deploys a pattern update to the Normal Server while the Normal Server's pattern file is up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This issue has been resolved. Issue 6: Users cannot uninstall the ServerProtect Management Console if it is installed on a computer where both the Information and Normal Servers are installed and the installation directory is not the default folder "C:\Program Files\Trend". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: Users can now uninstall the ServerProtect Management Console from affected computers. Issue 7: While ServerProtect is deploying a hotfix, the command line for the hotfix process starts with a double quote '"' but does not end with a corresponding double quote '"'. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: ServerProtect now ensures that the command line always ends with a double quote. Issue 8: Before scanning a compressed file, ServerProtect first determines whether the file can be scanned or not by checking if the content file size exceeds the maximum content file size configured by the user. There is no limitation to the value that users can set the maximum content file size to. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: ServerProtect now limits the maximum content file size value to 2 GB only. Issue 9: When the ServerProtect Normal Server is installed in the same folder as the Control Manager Server and users uninstall the ServerProtect Normal Sever, the Control Manager binaries will also be removed. This causes the Control Manager Server to behave abnormally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The ServerProtect uninstallation program no longer removes the Control Manager binaries. Issue 10: The date information in the header of ServerProtect email notifications use GMT time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The date information in the ServerProtect email notification header now uses the computer's local time. Issue 11: A vulnerability in the "mrf.exe" module of the TMI service may allow an attacker to execute arbitrary codes on vulnerable installations of CMAgent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The vulnerability has been resolved. Issue 12: Control Manager receives incorrect ServerProtect pattern and engine deployment status information. This causes the Control Manager console to display the pattern and engine deployment status as "failed" even when the components were deployed successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: ServerProtect now sends the correct pattern and engine deployment status to Control Manager. This ensures that the correct component deployment status appear on the Control Manager console. The solution requires that users install a corresponding Control Manager hotfix first and is disabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To enable this solution: 1. Install this patch (see "Installation) and the Control Manager 6.0 GM or Control Manager 5.5 Hotfix 1600 (tmcm_55_win_en_hfb1600.exe ). If a higher build has been released, you need to install the latest Control Manager patch. 2. Open a registry editor on the Information Server. 3. Create the following registry key and set its value to "1". Paths: - For 32-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - For 64-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\ SPNT Key: FixCommandStatus Type: DWORD Value: "1", enables the solution "0", disables the solution 4. Restart the following services on the Information Server: - Trend Micro Management Infrastructure - Trend ServerProtect Agent Issue 13: The Management Console cannot display the exclusion list correctly when Trend Micro ScanMail(TM) (for Microsoft Exchange) is in the exclusion list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The Management Console can now display the exclusion list without issues. Issue 14: An online Normal Server installed on a Windows Storage Server 2008 operating system displays a red stop icon on the Management Console. This issue occurs when the TCP connection between the Management Console and Information Server is broken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This issue has been resolved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To enable the solution: 1. Open a registry editor on the Information Server. 2. Create the following registry key and set its value to "1". Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion Key: EnableReConIS Type: DWORD Value: "1", to enable the solution "0", to disable the solution Issue 15: After Control Manager updates the ServerProtect scan engine or pattern file, ServerProtect sends the wrong "last update" time entries for the scan engine or pattern file to Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: ServerProtect now sends the correct "last update" time entries to Control Manager after it updates the ServerProtect scan engine or pattern file. This ensures that Control Manager can display the correct engine and pattern "last update" time information. NOTE: The existing pattern and engine "last update time" information in Control Manager will be updated after the next successful engine or pattern file update. Issue 16: Control Manager shows "56" in the "Event Type" column of ad hoc queries when it receives a "spyware pattern out-of-date" event log from ServerProtect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This issue has been resolved but requires users to install Control Manager 5.5 Hotfix 1636 (tmcm_55_win_en_hfb1636.exe) to work. If a higher build has been released, you need to apply the latest Control Manager patch. Issue 17: The ServerProtect Management Console may display the version number of the Virus Scan Engine for the NetWare Server in the wrong format. This issue affects Virus Scan Engine 10 and higher versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: The ServerProtect Management Console now displays the version number of the Virus Scan Engine for NetWare Servers in the correct format. Issue 18: The quarantine folder exclusion settings do not apply to task scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: ServerProtect for Microsoft Windows now applies the quarantine folder exclusion settings to task scans. Issue 19: "SpntSvc.exe" encounters a handle leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: The handle leak issue has been resolved and "SpntSvc.exe" now runs without issues. Issue 20: Sometimes, ServerProtect event logs show the "Clean Success" action result but the corresponding email notifications report that the action result is "Clean Fail". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: The action results displayed in ServerProtect event logs and the corresponding email notifications are now consistent and correct. Issue 21: Control Manager receives incorrect ServerProtect hotfix deployment status information. This causes the Control Manager console to display the hotfix deployment status as "failed" even when the hotfix was deployed successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: ServerProtect can now send the correct hotfix deployment status to Control Manager. This ensures that the correct hotfix deployment status appear on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 21: To enable this solution: 1. Apply this patch and any of the following Control Manager builds: - Hotfix 1600 (tmcm_55_win_jp_hfb1600.exe ) - the latest Control Manager patch, if a higher build has been released 2. Open a registry editor on the Information Server. 3. Create the following registry key and set its value to "1". Paths: For 32-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT For 64-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\SPNT Key: FixCommandStatus Type: DWORD Value: "1", to enable this solution "0", to disable the solution 4. Restart the following services on the Information Server: - TMI - Trend ServerProtect Agent Issue 22: The management console displays a task's "Last Perform Time" information in UTC format instead of based on the local time. This occurs when the task runs immediately after the Management Console is opened. The issue can be resolved by reopening the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: A synchronizing mechanism has been added to ensure that the time zone information is properly initialized before allowing the system to use this information. Issue 23: When a new pattern version is available and the Normal Server attempts to update, an API issue that occurs under certain conditions can cause the update to fail and the corresponding ServerProtect event log to incorrectly state that there is no need to update the pattern. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: The API issue has been resolved to ensure that Normal Servers can successfully update the pattern file without issues and that the corresponding event log is generated with the correct information. Issue 24: When CMAgent is at debug level "2", some logs are added to the debug log each time the CMAgent sends a status log for a Normal Server to Control Manager. This can cause the size of the "Agent_SPNT.log" file to increase rapidly when a large number of Normal Servers are connected to the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: The level of these debug logs has been changed from "FATAL" to "INFO". Since only the fatal logs are recorded in the debug log when the debug level is set to "2", this can prevent the "Agent_SPNT.log" file from growing rapidly while the debug level is set to "2" and a large number of Normal Servers are connected to the Information Server. Issue 25: The "entitymain.exe" process stops unexpectedly when it receives a command that does not match its request. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: "entitymain.exe" can now handle incorrectly-formatted commands so it does not stop unexpectedly when it receives such commands. Issue 26: Sometimes, Control Manager cannot deploy engine files to two or more Normal Servers simultaneously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: Normal Servers can now successfully receive engine file deployment commands from Control Manager. Issue 27: Control Manager shows the wrong operating system name for Information Servers and Normal Servers that are deployed on the Windows Server 2012 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: Control Manager now shows the correct operating system name for each Information Server and Normal Server. Issue 28: Outbreak Prevention Services cannot be deployed from Control Manager to Normal Servers that have been deployed on the Windows Server 2008 or Windows Server 2012 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: The Outbreak Prevention Services can now be successfully deployed from Control Manager to Normal Servers that have been deployed on the Windows Server 2008 or Windows Server 2012 platform. Issue 29: The wrong platform information appears for Normal Servers and Information Servers running on the Windows Server 2012 R2 platform on both the Management Console and the Control Manager server console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: The correct platform information for Normal Servers and Information Servers now appear on the Management Console and Control Manager server console. Issue 30: The Control Manager server shows the incorrect product version number for the ServerProtect Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: The resource file of project "EarthAgent" has been changed with build project binaries that have the correct file version number. Issue 31: Under certain conditions, ServerProtect may stop unexpectedly while running a manual or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: ServerProtect no longer stops unexpectedly while running manual and scheduled scans. Issue 32: The "entitymain.exe" process stops unexpectedly while attempting to access an invalid handle. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: "entitymain.exe" no longer attempts to access invalid handles. Issue 33: Sometimes, users cannot remotely install ServerProtect for Microsoft Windows and Novell NetWare because the remote installation tasks attempts to start ServerProtect on the remote machine before the VSAPI engine on the machine can successfully load the VSAPI pattern. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: Users can now configure the amount of time the remote installation task should wait for the target machine to receive the VSAPI pattern successfully before it attempts to start ServerProtect on the remote machine. Users should configure this value depending on their current network conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 33: To configure the timeout value: 1. Open a registry editor on the source Normal Server. 2. Add the following registry key and set its value to the preferred timeout value in seconds depending on the current network conditions. This key supports values between 10 and 120 seconds. Path: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: RemoteInstallWaitSeconds Type: DWORD Value: preferred timeout value between 10 and 120 seconds Issue 34: Control Manager sometimes shows a message stating that it failed to deploy pattern or engine files to the ServerProtect Normal Server, even though the Normal Server updated the pattern or engine files successfully. If the Control Manager Agent for ServerProtect does not receive the deploy result in one minute, it sends an update failed result to Control Manager without checking the actual update result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: Users can now configure the timeout value of the CMAgent for ServerProtect. Users should configure this value depending on their current network conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 34: To configure the timeout value: 1. Open a registry editor on Information Server. 2. Add the following registry key and set its value to the preferred time-out value in seconds depending on current network conditions. This key supports values between 60 and 600 seconds. Path: - 32-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - 64-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\SPNT Key: SocketTimeoutSeconds Type: DWORD Value: Preferred timeout value is between 60 and 600 seconds 8.4 Patch 4 =================================================================== 8.4.1 Enhancements =================================================================== The following enhancements are included in Patch 4: Enhancement 1: Virus Names - ServerProtect 5.8 for Windows Server and NetWare now displays the long virus names instead of the short virus names to provide users with more accurate information. Enhancement 2: Management Communication Protocol - MCP SDK has been updated to version 5.0.0.2270 to enable the system to provide several cipher suites when starting an HTTPS connection. 8.4.2 Resolved Known Issues =================================================================== The following known issues are resolved in Patch 4: Issue 1: The Normal Server tray icon refreshes frequently and sometimes causes performance issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: A hidden key has been provided to allow users to configure the frequency of refreshing the tray icon. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: 1. Open a registry editor on the Normal Server. 2. Add the following key and set the preferred value. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: TrayRefreshIntervalInSecond Type: DWORD Value: This is the preferred interval of refreshing the tray icon and supports any value from 0 to 86,400. Setting this key to 0 means the tray icon never refreshes. 3. Restart the Normal Server to make the hidden key available. Issue 2: Sometimes, Control Manager displays a message stating that it failed to deploy pattern or engine files to the ServerProtect Normal Server, even when the Normal Server updated the pattern or engine files successfully. This occurs because if the ServerProtect CMAgent does not receive the deploy result in one minute, it sends an update failed result to Control Manager without checking the actual update result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: Users can now configure the time-out value of the CMAgent for ServerProtect depending on their current network conditions to help resolve this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To configure the time-out value: 1. Open a registry editor on the Information Server. 2. Add the following registry key and set its value to the preferred time-out value in seconds depending on the current network conditions. This key supports values between 60 and 600 seconds. Path: - 32-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - 64-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\ SPNT Key: SocketTimeoutSeconds Type: DWORD Value: preferred timeout value between 60 and 600 seconds Issue 3: An issue prevents the MCP CMAgent in ServerProtect from syncing empty domain entities with Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The issue has been resolved so that the ServerProtect MCP CMAgent can successfully sync empty domain entities with Control Manager. Issue 4: An issue prevents Control Manager from updating the status of a ServerProtect Information Server immediately after the server starts or stops, as a result, the wrong server status may appear on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Control Manager now updates the status of ServerProtect Information Servers immediately after the servers start or stop. Issue 5: ServerProtect 5.80 for Windows Patch 5 sends the wrong SNMP trap OID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: ServerProtect 5.80 for Windows Patch 5 now sends the correct SNMP trap OID. Issue 6: The CMAgent for ServerProtect 5.8 sends the version information of the Damage Cleanup Engine (DCE) to Control Manager in the wrong format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: CMAgent for ServerProtect 5.8 now sends the DCE version information to Control Manager in the correct format. Issue 7: The CMAgent for ServerProtect 5.8 sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the wrong format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: CMAgent for ServerProtect 5.8 now sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the correct format. Issue 8: The CMAgent for ServerProtect 5.8 may timeout while registering to Control Manager when the Information Server is connected to a large number of Normal Servers and some of these Normal Servers are off-line or are experiencing network connection issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The waiting time for retrieving information from each Normal Server has been reduced to mitigate the possibility of CMAgent for ServerProtect 5.8 timeout under the scenario described above. Issue 9: If the Windows Server does not contain the "msvcr71.dll" library after applying ServerProtect 5.80 for Windows Japanese Version Patch 5, the MCP CMAgent service will not install successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The "msvcr71.dll" library has been added to the "[Product Folder]\Trend\SProtect\CMAgent" folder. Issue 10: The CMAgent for ServerProtect 5.8 for Windows sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the wrong format. As a result, up-to-date Normal Server components appear out-dated on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: CMAgent for ServerProtect 5.8 for Windows now sends the Normal Server's "SLF_LastStartupTime" information to Control Manager in the correct format to ensure that the correct Normal Server component status appears on the Control Manager console. Issue 11: After ServerProtect 5.8 for Microsoft Windows registers to a Control Manager server, its MCP CMAgent service cannot start when the Control Manager server is not available. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The MCP CMAgent service can now start successfully in the scenario described above because it will attempt to register to the Control Manager server every 20 seconds until it can successfully register to the server. Issue 12: If a domain name in ServerProtect for Windows 5.8 contains Japanese characters, the "CMAgent.exe" process may stop unexpectedly while the MCP CMAgent registers to a Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: The MCP CMAgent can now handle Japanese characters in the domain name correctly which ensures that it can register to a Control Manager server successfully. Issue 13: The image path for the ServerProtect CMAgent service is not enclosed in quotation marks. This may trigger a CWE-428 issue that can prevent the CMAgent service from starting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: ServerProtect now checks if the image path of its CMAgent is enclosed in quotation marks and to add these to the path when necessary. ServerProtect now also uses quotation marks to enclose the image path of the CMAgent during CMAgent installation. Issue 14: The ServerProtect Normal Server may stop unexpectedly when users stop a manual scan through the management console. This happens because under this scenario, the ServerProtect Normal Server may attempt to access a memory resource that has just been released from the manual scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: ServerProtect now releases memory resources properly when terminating a manual scan. Issue 15: An issue prevents the exclusion extensions setting from working normally after the Normal Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch resolves the issue to ensure that the exclusion extensions setting works normally. Issue 16: The CMAgent for ServerProtect may stop unexpectedly while running vulnerability scanner tools. This happens if the CMAgent receives unexpected data from any of the vulnerability scanner tools which then trigger an exception error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: The ServerProtect CMAgent can now handle the exception so it no longer stops unexpectedly when it receives unexpected data from vulnerability scanner tools. Issue 17: The CMAgent of ServerProtect stops unexpectedly after starting simultaneously with Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: The ServerProtect CMAgent now works normally. Issue 18: An issue prevents the exclusion extensions setting from working normally after the Normal Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: The issue has been resolved to ensure that the exclusion extensions setting works normally. Issue 19: Before scanning a compressed file, ServerProtect first determines whether the file can be scanned or not by checking if the content file size exceeds the maximum content file size configured by the user. There is no limitation to the value that users can set the maximum content file size to. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: The value of the maximum content size is now limited to 2 GB so that the Management Console will not allow users to set the maximum content size to any value larger than 2 GB. Issue 20: If the CMAgent service starts before the EarthAgent service, the Normal Server may appear offline in the Control Manager status bar even when it is actually online. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: CMAgent now continuously registers to the Information Server while it starts up and checks if the Module_Active task has been completed when the Information Server service starts. This helps ensure that the correct Normal Server status appears on the Control Manager status bar. Issue 21: When ServerProtect 5.8 for Windows Server and NetWare Patch 3 is installed on Microsoft Windows Server 2016, the wrong platform version appears on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: The correct platform version now appears on the Management Console. Issue 22: When ServerProtect 5.8 for Windows Server and NetWare Patch 3 is installed on Microsoft Windows Server 2016 and registered to Control Manager, the wrong operating system information appears on the Control Manager web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: The correct operating system information now appears on the Control Manager web console. Issue 23: When ServerProtect 5.8 for Windows Server and NetWare Patch 5 is installed on Microsoft Windows Server 2016 and registered to Control Manager, the wrong operating system information appears on the Control Manager web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: The correct operating system information now appears on the Control Manager web console. Issue 24: When ServerProtect 5.8 for Windows Server and NetWare Patch 5 is installed on Microsoft Windows Server 2016, the wrong platform version appears on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: The correct platform version now appears on the Management Console. Issue 25: After installing ServerProtect 5.80 for Network Appliance Filers Service Pack 1 Patch 1, garbled characters appear in the "action" field of email alerts for virus detected by the RPC scanner. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: Email alerts now display information properly. Issue 26: When the first action fails, the second action does not appear in email virus notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: The action description in email virus notifications are now consistent with the information in the corresponding log records. Issue 27: The way TmNotify decides whether it should send an "EHLO" or a "HELO" command to an SMTP server does not comply with RFC 2821. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: The behavior of TmNotify when deciding whether to send a "EHLO" or a "HELO" command to an SMTP server has been updated to comply with RFC 2821. Issue 28: Some SMTP servers send the response message for the "EHLO" command in two parts. However, since the TmNotify module attempts to process the response immediately after receiving the first half of the response without waiting for the second half, TmNotify would not be able to properly handle the response message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: The TmNotify module now waits until it receives both parts of the response message for the "EHLO" command before processing it. Issue 29: The wrong time information appears in email notifications because TmNotify cannot handle the summer time zone correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: TmNotify can now correctly handle the summer time zone so correct time information appears in email notifications. Issue 30: When ServerProtect 5.8 for Windows Server and NetWare restarts, the corresponding item on the Control Manager console appears yellow and does not go back to green until after the MCP CMAgent service has restarted again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: The Information Server now restarts before the MCP CMAgent so that ServerProtect 5.8 for Windows Server and NetWare appears in green on the Control Manager console after it restarts. 9. Files Included in this Release ====================================================================== Module Filename Build No. ------------------------------------------------------------------- 32-bit Normal Server SpntSvc.exe 5.80.0.1567 StRpcSrv.dll 5.80.0.1567 AgentClient.dll 5.80.0.1567 Build.exe 2.86.0.1113 cert5.db n/a ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 eng50.dll 5.80.0.1567 expapply.dll 8.4.2.0 expbuild.dll 8.4.2.0 icrcauapi.dll 2.5.0.1115 liblwtpciu32.dll 1.0.0.1005 Patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 patchw32.dll 12.22.0.0 psmc.dll 8.4.2.0 StUpdate.exe 5.80.0.1567 TmUpdate.dll 2.86.0.1113 x500.db n/a Notification.dll 5.80.0.1567 StCommon.dll 5.80.0.1567 StOPP.exe 5.80.0.1567 TmNotify.dll 5.80.0.1567 EventMsg2.dll 5.80.0.1567 LogDb.dll 5.80.0.1567 LogDbTool.dll 5.80.0.1567 LogMaster.dll 5.80.0.1567 SPCommonLog.dll 5.80.0.1567 SPLog.conf n/a log4cxx.dll 5.80.0.1567 AgRpcCln.dll 5.80.0.1567 CheckEVC.dll 5.80.0.1567 DCE.dll 5.80.0.1567 GetRemoteVer.dll 5.80.0.1567 LogViewer.exe 5.80.0.1567 Quarantine.exe 5.80.0.1567 spuninst.exe 5.80.0.1567 Spuninstrc.dll 5.80.0.1567 StRpcCln.dll 5.80.0.1567 TmOpp.dll 5.80.0.1567 SP5NSLst.ini n/a tsc.exe 7.5.0.1152 64-bit Normal Server SpntSvc.exe 5.80.0.1567 StRpcSrv.dll 5.80.0.1567 AgentClient.dll 5.80.0.1567 Build.exe 2.86.0.1113 cert5.db n/a ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 eng50.dll 5.80.0.1567 expapply.dll 8.4.2.0 expbuild.dll 8.4.2.0 icrcauapi.dll 2.5.0.1115 liblwtpciu32.dll 1.0.0.1005 Patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 patchw32.dll 12.22.0.0 psmc.dll 8.4.2.0 StUpdate.exe 5.80.0.1567 StUpdate_32.exe 5.80.0.1567 TmUpdate.dll 2.86.0.1113 x500.db n/a Notification.dll 5.80.0.1567 StCommon.dll 5.80.0.1567 StOPP.exe 5.80.0.1567 TmNotify.dll 5.80.0.1567 EventMsg2.dll 5.80.0.1567 LogDb.dll 5.80.0.1567 LogDbTool.dll 5.80.0.1567 LogMaster.dll 5.80.0.1567 SPCommonLog.dll 5.80.0.1567 SPLog.conf n/a log4cxx.dll 5.80.0.1567 AgRpcCln.dll 5.80.0.1567 CheckEVC.dll 5.80.0.1567 DCE.dll 5.80.0.1567 GetRemoteVer.dll 5.80.0.1567 LogViewer.exe 5.80.0.1567 Quarantine.exe 5.80.0.1567 spuninst.exe 5.80.0.1567 Spuninstrc.dll 5.80.0.1567 StRpcCln.dll 5.80.0.1567 TmOpp.dll 5.80.0.1567 SP5NSLst.ini n/a tsc.exe 7.5.0.1152 tsc64.exe 7.5.0.1152 Management Console AgentClient.dll 5.80.0.1567 Admin.exe 5.80.0.1567 expapply.dll 8.4.2.0 expbuild.dll 8.4.2.0 icrcauapi.dll 2.5.0.1115 liblwtpciu32.dll 1.0.0.1005 Patch.exe 2.86.0.1113 patchbld.dll 12.21.0.0 patchw32.dll 12.22.0.0 psmc.dll 8.4.2.0 StUpdate.exe 5.80.0.1567 TmUpdate.dll 2.86.0.1113 x500.db n/a Adm_enu.dll 5.80.0.1567 spuninst.exe 5.80.0.1567 Spuninstrc.dll 5.80.0.1567 ADM_ENU.chm n/a Information Server AgentClient.dll 5.80.0.1567 EarthAgent.exe 5.80.0.1567 _Setup.dll 12.0.0.49974 data1.cab n/a data1.hdr n/a data2.cab n/a GetRemoteVer.dll 5.80.0.1567 ISSetup.dll 12.0.0.58851 setup.exe 12.0.0.58849 setup.inx n/a Build.exe 2.86.0.1113 cert5.db n/a ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 Notification.dll 5.80.0.1567 TmNotify.dll 5.80.0.1567 StCommon.dll 5.80.0.1567 Quarantine.exe 5.80.0.1567 StUpdate.exe 5.80.0.1567 EventMsg2.dll 5.80.0.1567 DeployTool.exe 5.80.0.1567 StRpcCln.dll 5.80.0.1567 Spuninst.exe 5.80.0.1567 Spuninstrc.dll 5.80.0.1567 CheckEVC.dll 5.80.0.1567 RemoteInstall.exe 5.80.0.1567 msvcr71.dll 7.10.3052.4 ADM_ENU.chm n/a BIFSender.exe 5.80.0.1567 libcurl.dll 7.17.1.0 libeay32.dll 1.0.0.1 ssleay32.dll 1.0.0.1 zlib.dll 1.2.2.0 SP5NSLst.ini n/a dce-exe-mssign-v75-1152.zip n/a dce-exe-mssign-x64-v75-1152.zip n/a tmcomm265-1020.zip n/a MCP CMAgent ProductLibrary.dll 5.80.0.1567 CMAgent.exe 5.80.0.1567 ProductUI.zip n/a cgiCmdNotify.exe 5.0.0.2363 En_BlobConvertUtility.dll 5.0.0.2363 En_I18N.dll 5.0.0.2363 En_Utility.dll 5.0.0.2363 libapr-1.dll 1.1.1.0 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 ssleay32.dll 1.0.2.20 SSO_PKIHelper.dll 5.0.0.2363 TrendAprWrapperDll.dll 5.0.0.2363 zlib.dll 1.2.3.0 CMAgentLog.dll 5.80.0.1567 MySplashScreen.dll 5.80.0.1567 MCP_CMAgent.exe 12.0.0.58849 Normal Server Hot Fix File Hotfix.ini n/a NetWare Normal Server lprotect.nlm 5.80.0.1567 Patch Files Tmpatch.exe 2.2.0.1057 Setup.ini n/a Hotfix.ini n/a readme.txt n/a license.txt n/a 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2020, Trend Micro Incorporated. All rights reserved. Trend Micro, ServerProtect, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide