Trend Micro, Inc.
May 2011
Trend Micro
Version 10.5
This readme file is current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at http://www.trendmicro.com/download/.
Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at http://olr.trendmicro.com.
Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.
Trend Micro
OfficeScan is powered by the
Trend Micro
OfficeScan includes the following new features and enhancements:
Active Directory Integration
OfficeScan leverages Microsoft
Smart Protection Solutions
Smart protection network solutions is a next-generation, in-the-cloud based, endpoint protection solution. At the core of these solutions is an advanced scanning architecture that leverages anti-malware signatures and Web reputation data that are stored in-the-cloud.
Security Compliance
Ensure that OfficeScan client services, settings, scanning, and components comply with security settings for overall endpoint protection. Administrators can use this feature to do the following:
Generate reports on non-compliant clients
Determine and ensure compliance for endpoints in the network that are not managed by OfficeScan servers
Trend Micro Virtual Desktop Support
Regulate virtual machines that form part of the server to limit the number of virtual desktops that perform updates or scanning at the same time. This ensures proper management of resources for virtual machines with OfficeScan clients. Separately obtain the license for this feature and then manage virtual desktop scanning and updating tasks from Plug-in Manager.
Trend Micro Virtual Desktop supports the following platforms:
VMware vCenter� 4 (VMware View� 4)
Citrix� XenServer�5.5 and 5.6 (Citrix XenDesktop� 4 and 5)
Granular Role-based Administration
Delegate Web console management tasks to other administrators and allow non-administrators to view Web console items. Start by creating user roles with certain access privileges to OfficeScan Web console functions and then assign these roles to users. Manage users by creating custom user accounts or using existing Active Directory accounts.
Single sign-on support enables users to
log on to the OfficeScan Web console from Trend Micro Control Manager
Product Enhancements
This product release includes the following enhancements:
Update Agent
Allow Update Agents to separately download components, domain settings, and programs and hot fixes. Also, download the Update Agent Analytical Report that contains more detailed information about the Update Agents in the network.
Exception Lists
The previous OfficeScan version used the Behavior Monitoring exception list for both Behavior Monitoring and Device Control. With this version of OfficeScan, users can now separately configure the Behavior Monitoring and Device Control exception lists.
Firewall
Users can now configure application exceptions or the Certified Safe Software List to enable or disable network connections for specified applications.
Logs
This feature ensures time consistency between OfficeScan server, clients, and Trend Micro Control Manager. OfficeScan will have the same time stamp when sending logs despite time factors like Daylight Saving Time (DST) or time zones.
Scan Settings
Users can now configure the following for the scan settings:
Note: These settings only apply to clients with the privilege to configure scan exclusions.
Overwrite, add, or remove files or directories from the client scan exclusion list
Configure OLE exploit detection settings
Configure settings and action for probable virus/malware
Clean spyware/grayware in zipped files
Use wildcards in the exclusion list
Granular Web Reputation Settings
Configure Web reputation policies and assign them to one, several, or all OfficeScan clients.
Plug-in Program Updates
OfficeScan can now automatically download plug-in program updates from the first update source in the Server Update Source screen, including Trend Micro Control Manager.
The document set for the OfficeScan server includes:
Installation and Upgrade Guide: A PDF document that discusses requirements and procedures for installing and upgrading the OfficeScan server
Administrator's Guide: A PDF document that discusses getting started information, client installation procedures, and OfficeScan server and client management
Smart Protection Server for OfficeScan Getting Started Guide: A PDF document that helps users understand smart scan concepts, prepare the environment needed to use smart protection, and manage smart protection clients
Help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information. The Help is accessible from the OfficeScan server, client, and Policy Server consoles, and from the OfficeScan Master Setup.
Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the online or printed documentation.
Knowledge Base is a searchable database of known product issues, including specific problem-solving and troubleshooting topics.
http://esupport.trendmicro.com
Download the latest versions of the PDF documents and readme at http://downloadcenter.trendmicro.com/.
|
Resource |
Requirement |
|
Operating System |
Windows 2003
Windows 2008
Notes: OfficeScan cannot be installed if Windows 2008 runs on the Server Core environment. |
|
Virtualization |
OfficeScan supports server installation on guest Windows 2003 or 2008 operating systems hosted on the following virtualization applications:
|
|
Hardware (for Windows Server 2008) |
Processor
RAM
Available disk space
Others
|
|
Hardware (for all other platforms) |
Processor
RAM
Available disk space
Others
|
|
Web server |
|
|
Others |
|
| OfficeScan server to be upgraded | The
following OfficeScan versions can be upgraded to this version:
|
|
Resource |
Requirement |
|
Hardware |
Processor 300MHz Intel Pentium processor or equivalent RAM 128MB minimum Available disk space 30MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors or higher |
|
Browser |
Microsoft Internet
Explorer |
4.3. OfficeScan client on Windows XP/2003, 32-bit version
|
Resource |
Requirement |
|
Operating System |
Note: OfficeScan automatically disables some features on server platforms. Refer to the OfficeScan Administrators Guide for more information. |
|
Hardware |
Processor
RAM 256MB minimum, 512MB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Others |
|
4.4. OfficeScan client on Windows XP/2003, 64-bit version
|
Resource |
Requirement |
|
Operating System |
Note: OfficeScan automatically disables some features on server platforms. Refer to the OfficeScan Administrators Guide for more information. |
|
Hardware |
Processor AMD64 and Intel 64 processor architectures RAM 256MB minimum, 512MB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Others |
|
4.5. OfficeScan client on Windows Vista, 32-bit and 64-bit versions
|
Resource |
Requirement |
|
Operating System |
|
|
Hardware |
Processor
RAM 1GB minimum, 1.5GB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Browser |
Windows Internet Explorer 7.0 or 8.0 if performing Web setup |
4.6. OfficeScan client on Windows Server 2008, 32-bit version
|
Resource |
Requirement |
|
Operating System |
Notes:
|
|
Hardware |
Processor
RAM 512MB minimum, 2GB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Browser |
Windows Internet Explorer 7.0 or 8.0 if performing Web setup |
4.7. OfficeScan client on Windows Server 2008 and Windows Server 2008 R2, 64-bit version
|
Resource |
Requirement |
|
Operating System |
Notes:
|
|
Hardware |
Processor
RAM 512MB minimum, 2GB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Browser |
If performing Web setup:
|
4.8. OfficeScan client on Windows 7, 32-bit version
|
Resource |
Requirement |
|
Operating System |
|
|
Hardware |
Processor
RAM 1GB minimum, 2GB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Browser |
Windows Internet Explorer 8.0 if performing Web setup |
4.9. OfficeScan client on Windows 7, 64-bit version
|
Resource |
Requirement |
|
Operating System |
|
|
Hardware |
Processor
RAM 1.5GB minimum, 2GB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Browser |
Windows Internet Explorer 8.0 if performing Web setup |
4.10. OfficeScan client on Windows Embedded POSReady 2009, 32-bit version
|
Resource |
Requirement |
|
Operating System |
|
|
Hardware |
Processor Minimum 300MHz Intel Pentium or equivalent RAM 256MB minimum, 512MB recommended Available disk space 350MB minimum Others Monitor that supports 1024 x 768 resolution at 256 colors |
|
Browser |
Windows Internet Explorer 6.0, 7.0, or 8.0 if performing Web setup |
OfficeScan is compatible with the following third-party products:
Microsoft Office XP, 2003, 2007, and 2010
Microsoft
SQL Server
Terminal Services on Windows 2003, 2003 R2, 2008, and 2008 R2
Windows Server 2003/2003 R2 Clusters
Windows Server 2008/2008 R2 Failover Clusters
VMware
View
Citrix� XenApp� 4.5, 5.0, and 6.0 (32-bit and 64-bit)
Citrix
XenDesktop
Outlook
Mail Scan supports Microsoft Office Outlook
POP3 Mail Scan supports the following email programs:
Becky! Internet Mail 2.0
Eudora
Microsoft Outlook Express 6.0
Microsoft Office Outlook 2002, 2003, 2007, and 2010
Mozilla
Thunderbird
Windows Mail (for Windows Vista only)
Foxmail 5.0, 6.0
Before installing OfficeScan 10.5, take note of the following:
This version includes updates to OfficeScan firewall drivers. If you have enabled the OfficeScan firewall in your current OfficeScan version, deploying this version may cause client computer disruptions.
If the option to display the restart notification message is enabled on the Web console, users will be prompted to restart. However, users who decide to postpone the restart are not prompted again. The option to display the restart notification message is enabled by default. If the option is disabled, users are not notified at all.
To check the status of this option, open the Web console, go to Networked Computers > Global Client Settings and check the option under Alert Settings.
The OfficeScan server cannot upgrade to this version if a client is running Login Script (AutoPcc.exe) at the time of server upgrade. Ensure that no client is running Login Script before installing OfficeScan 10.5.
Unload the OfficeScan client before upgrading OfficeScan on a Windows 2008 Standard 32-bit server to ensure a faster upgrade time.
For instructions on installing or upgrading the OfficeScan server, refer to the Installation and Upgrade Guide. For client installation instructions, refer to the Administrator's Guide.
If you encounter problems when upgrading OfficeScan, roll back to the previous version.
Notes: There is no rollback tool available. You need to perform manual rollback.
To roll back to previous versions of OfficeScan:
Rollback preparation
Prepare a computer with the previous OfficeScan version installed.
Apply the latest hot fixes, patches, or service packs for the previous OfficeScan server version.
Duplicate or reconfigure settings on the previous OfficeScan server version.
Consider the following settings:
Client settings
Scan
Update Agents
Privileges
Spyware/Grayware Approved List (for OfficeScan 8.0 or later)
Behavior Monitoring Exception List (for OfficeScan 10.0 SP1 or later)
Device Control Exception List
Global client settings
Web reputation settings (for OfficeScan 8.0 or later)
Computer location
Policies
Proxy
OfficeScan Firewall settings
Policy
Profiles
Connection verification schedule
Update settings
Server scheduled update
Server update source
Client scheduled update
Client update source
Log maintenance settings
Notifications - all notification messages
Administration settings
Quarantine Manager
Control Manager Agent
Database backup
Run Client Packager on the previous OfficeScan server version to create a client installation package. Settings on Client Packager screen:
Package type: Setup
Output file: \nstNTPkg.exe
Prepare an update source (another computer that will act as update source) that has components similar to or newer than the components on the current OfficeScan 10.5 server.
Tip: You can copy all component files directly from previous OfficeScan version server's "PCCSRV\Download" folder to the update source.
Note: If you have older components on the update source, you cannot perform rollback from the server's Web console.
Add the following files into several compressed packages:
Copy the following files:
From the OfficeScan 10.5 server:
RollbackAgent.dll (under \PCCSRV\Admin)
RollbackAgent_64x.dll (under \PCCSRV\Admin)
ClientRollback.exe (under \PCCSRV\Admin)
From the previous OfficeScan version server:
InstNTPkg.exe (NT Client Packager for x86 computers)
InstNTPkg.exe (NT x64 Client Packager for x64 computers)
Compress RollbackAgent.dll as RollbackAgent.zip.
Compress RollbackAgent_64x.dll as RollbackAgent_64x.zip.
Compress RollbackNTPkg folder as RollbackNTPkg.zip:
Create the RollBackNTPkg folder.
Copy ClientRollback.exe and NT Client Packager (InstNTPkg.exe) to the RollbackNTPkg folder.
Compress RollbackNTPkg folder as RollbackNTPkg.zip.
Compress RollbackNTPkgx64 folder as RollbackNTpkgx64.zip:
Create the RollBackNTpkgx64 folder.
Copy the ClientRollback.exe and NT x64 Client Packager (InstNTPkg.exe) to the RollbackNTPkgx64 folder.
Compress RollbackNTPkgx64 folder as RollbackNTpkgx64.zip
Modify the update source download file and server.ini file.
Copy RollbackAgent.zip, RollbackNTPkg.zip, RollbackAgent_64x.zip, and RollbackNTPkgx64.zip to the computer acting as update source, under the folder Download\Product\.
Add the server.ini file and modify as follows:
Note: Modify only the following lines. Please do not change any other setting.
----------------------------------------------
[All_Product]
MaxProductID=109
Product.109=OfficeScan Rollback, 3.5, cc
[Info_109_35000_1_1]
Version=zz
Update_Path=product/RollbackAgent.zip, aa
Path=product/RollbackNTPkg.zip, xx
[Info_109_35000_1_5633]
Version=zz
Update_Path=product/RollbackAgent_64x.zip, bb
Path=product/RollbackNTpkgx64.zip, yy
----------------------------------------------
Where:
aa - File size of "RollbackAgent.zip" in bytes.
For example, 90517.
xx - File size of "RollbackNTPkg.zip" in bytes.
For example, 32058256.
bb - File size of "RollbackAgent_64x.zip" in bytes.
For example, 90517.
yy - File size of RollbackNTpkgx64.zip in bytes.
For example, 36930773.
To get the file size, right-click the zip file and click Properties. Take note of the size, not the size on disk.
cc - Current OfficeScan version
For example, 10.5
zz - Rollback package version
For example, 7.3.
Rollback
On the OfficeScan 10.5 Web console, configure all clients to update from the update source configured in Part 1.
Go to Updates > Networked Computers > Update Source.
Select Customized Update Source.
On the Customized Update Source List, add the update source, which should contain the patch agent and client packages.
Click Notify All Clients. Clients will use the patch agent to uninstall and then reinstall the previous OfficeScan version client during client update.
After reinstalling the client, inform users to restart their client computers.
After restarting client computers, all clients will report to the previous OfficeScan version server prepared in Part 1.
7. Post-installation Configuration
Verify if the OfficeScan server has been upgraded.
On the Web console, click Help > About. Version information should be 10.5.
On
the Trend Micro Control Manager
Note: Trend Micro
recommends installing Trend Micro Control Manager
After installing this version and you open the OfficeScan server Web console, Internet Explorer may prompt you to restart the server computer to activate new components. Restart the computer immediately when prompted.
Verify that the installation package has been installed to clients and that OfficeScan client users have restarted their computers.
Verify if component update on the server is successful by opening the Web console and going to Logs > Server Update Logs.
If the update is unsuccessful, perform manual update immediately by going to Updates > Server > Manual Update. You can also refer to the online help for typical update problems and solutions or contact your support provider for assistance.
Client installation on newly supported platforms
If users will use the Web install page to install the OfficeScan client to a computer running Windows XP, Vista, 2008, and 7, instruct users to perform the following before installation:
Log on to the computer using a built-in administrator account.
Launch Internet Explorer and add the OfficeScan server URL such as https://computername:4343/officescan to the list of trusted sites. In Windows XP, the list can be accessed by going to Tools > Internet Options > Security tab, selecting the Trusted Sites icon, and clicking Sites.
Modify the Internet Explorer security setting to enable Automatic prompting for ActiveX controls. On Windows XP, this can be done by going to Tools > Internet Options > Security tab, and clicking Custom level.
During OfficeScan client installation, allow ActiveX control installation.
If users will use Client Packager (EXE package) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, or Server 2008, perform the following:
Create the EXE package from the OfficeScan server.
Send the package to users and ask them to run the client package on their computers by double-clicking the .exe or .msi file.
Note: Send the package only to users whose OfficeScan client will report to the server where the package was created.
If you have users who will install the .exe package on computers running Windows Vista, 2008 or 7, instruct them to right-click the .exe file and select Run as administrator.
If users will use Client Packager (MSI package) to install the OfficeScan client to a computer running Windows XP, Vista, 2008 or 7, perform the following:
Create the MSI package from the OfficeScan server.
Send the package to users and instruct them to launch it on their computers using the typical method for opening files, such as double-clicking the file.
Note: You can also launch the MSI package (on the command prompt) and silently install the OfficeScan client to a remote computer running Windows XP, Vista, 2008, and 7.
If users will use Login Script Setup (AutoPcc.exe) to install the OfficeScan client to a computer running Windows XP, Vista, 2008 or 7, instruct users to perform the following:
Connect to the server computer.
Navigate to \\{server computer name}\ofcscan.
Right-click AutoPcc.exe and select Run as administrator.
The following are the known issues for this release:
Server Installation, Upgrade, and Uninstallation
After upgrading from OfficeScan 7.3, OfficeScan displays the spyware count as 0. This is because OfficeScan 7.3 and older versions used the same logs for virus/malware and spyware/grayware. After upgrading, OfficeScan displays the number of new spyware/grayware.
Unable to access the OfficeScan Web console and all OfficeScan services if OfficeScan was installed on a Windows 2008 or Windows 2008 R2 server before joining the domain. To resolve the issue:
For Windows 2008
Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.
Enable exception for File and Printer Sharing.
Add the following port exceptions
Trend Micro Local Web Classification Server HTTP, tcp port 5274
Trend Micro OfficeScan Server HTTP, tcp port 8080
Trend Micro OfficeScan Server HTTPS, tcp port 4343
Trend Micro Smart Scan Server (Integrated) HTTP, tcp port 8082
Trend Micro Smart Scan Server (Integrated) HTTPS, tcp port 4345
Click Ok.
For Windows 2008 R2
Go to Control Panel > System and Security > Windows Firewall > Allowed Programs.
Select the following features and allow access for the Domain profile:
File and Printer Sharing
Trend Micro Local Web Classification Server HTTP
Trend Micro OfficeScan Server HTTP
Trend Micro OfficeScan Server HTTPS
Trend Micro Smart Scan Server (Integrated) HTTP
Trend Micro Smart Scan Server (Integrated) HTTPS
Click Ok.
After installing the OfficeScan server remotely to a Windows 2008 computer, the Web console shortcut does not immediately display on the computer's desktop. Refresh the desktop by pressing F5 to see the shortcut.
When the OfficeScan server is installed to a disk using the FAT32 file system, role-based logon to the OfficeScan Web console does not work.
When an ACE/RSA software runs concurrently with the OfficeScan server on a Windows 2003 computer, all logon tokens created for the ACE/RSA software receive an access denied error. To avoid this problem, install the OfficeScan server to a computer that does not run ACE/RSA software.
During upgrade, if the existing OfficeScan database file (found in the "HTTPDB" folder under "OfficeScan/PCCSRV") is very large, the upgrade process may time out. Trend Micro recommends doing the following before upgrading:
From the OfficeScan console, manually delete old server logs.
Go to Administration > Database Backup, and click Backup Now to backup the database.
Client Installation, Upgrade, and Uninstallation
After moving an OfficeScan client from an OfficeScan 7.3, 8.0, or 8.0 SP1 server to the OfficeScan 10.5 server, the client successfully upgrades but reloads the OfficeScan client several times. To avoid this issue, Trend Micro recommends using Login Scrip Setup or Client Packager to upgrade the OfficeScan client. Using these methods, the OfficeScan client will only reload once.
Upgrade may fail if using an MSI package to upgrade an OfficeScan client that was originally installed also using an MSI package. As a workaround, do the following:
Ensure that the new MSI package has the same file name as the original package. If you do not know the file name of the original package, launch the new package and you will be notified of the file name. Rename the new package and then launch it again.
Use command prompt to execute the package with the parameter "/fvo". For example c:\ package.msi /fvo.
The OfficeScan client is unable to query the web reputation servers after performing a fresh installation or upgrade. To resolve the issue, ensure that clients restart their computers if a restart notification appears.
If you create a login script in Active Directory and then log on as administrator on a Windows Vista Home, 2008, or 7 computer, the OfficeScan client cannot be installed to the computer and the message that displays states that the account used is not an administrator account.
When this product version is installed to a Citrix Presentation server, the Citrix client loses connection with the server. To address this issue:
On the Citrix server, open Registry Editor and navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList.
Click Edit > New > Key and name the key IIS.
Under this new key, create a string value (Edit > New > String Value) with the name ProcessImageName and use w3wp.exe as its value.
Restart the OfficeScan NT Listener service.
When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan client cannot be installed or upgraded. Before upgrading or installing OfficeScan, ensure that no SCM-locking application is running.
When running Vulnerability Scanner on a computer running Windows 2008, the DHCP tab does not display on the tool's console.
The ServerProtect Normal Server Migration tool is unable to:
Detect ServerProtect for Windows 5.8 with patch 7 or later
Restart the target computer after installing the OfficeScan client even if the "Restart after installation" option is selected
To resolve these issues, open Registry Editor on the Normal Server and Information Server and add following registry key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\CurrentVersion\RPC
Name: AgentFilter
Type: REG_SZ (string value)
Value: IP addresses or computer name of the OfficeScan server
Microsoft IIS 7 does not work when:
Running Setup to install both the OfficeScan server and client on a Windows 2008 computer without Service Pack 2, and then specifying IIS 7 as the Web server. The Web console cannot be opened after installation and all applications using IIS do not work.
Installing the OfficeScan client to a Windows 2008 computer with Microsoft IIS 7. All applications using IIS do not work.
A message displays on the computer using Windows 2008 without Service Pack 2, instructing the user to restart the IIS service to resolve the issue.
When installing the client from the Web install page, users may get an error message stating that ActiveX setup controls did not download information needed for installation. When users retry the installation, the error message no longer displays and installation proceeds.
To avoid seeing the error message, enable Automatic prompting for ActiveX controls in Internet Explorer.
To perform client Web installation on computers with a 64-bit processor architecture, you must use the 32-bit version of Internet Explorer. The 64-bit version of Internet Explorer is not supported.
The OfficeScan client
may not install correctly if Norton SystemWorks
If using Login Script Setup (AutoPcc.exe) to install the OfficeScan client on a computer with Panda Software, before installing the client, manually uninstall Panda Software and restart the computer.
If the OfficeScan client is installed using the "per-user" method, the OfficeScan client shortcut will still show on all the users' Windows Start menu.
If the OfficeScan client is installed using the "per-user" method, when the server notifies the client to perform uninstallation, the program entry on the Add/Remove Program list will not be removed.
When cloning virtual machine images using Microsoft's "sysprep" utility, cloning is unsuccessful if the OfficeScan client is installed on the source virtual machine. To resolve this issue:
Disable Local Area Connection on the source virtual machine.
Power off the virtual machine and start cloning the image.
Configure custom settings on the cloned image.
Power on the virtual machine.
The Common Firewall Installer (ncfg.exe) may hang during upgrade. This may also be caused by network disk services like Dropbox. Stop the service before upgrading to prevent this issue.
If the Web console setting Clients can update components but not upgrade the client program or deploy hot fixes is enabled, OfficeScan clients are unable to upgrade the Spyware Scan Engine from version 5 to 6.
After upgrading OfficeScan, the following issues occur:
If upgrading from OfficeScan 8.0 patch 2, the OfficeScan firewall service may sometimes not start even if this service and the Common Firewall Driver are up-to-date. The following error appears in the Setupapi.log file found under %systemroot%:
"0x800b0100: No signature was present in the subject."
If upgrading from version 8.0 Service Pack 1 by moving a client to an OfficeScan 10.5 server, the OfficeScan firewall service cannot be started and the Common Firewall Pattern version is 0.
When upgrading by moving a client to an OfficeScan 10.5 server, the Common Firewall Pattern version is "N/A".
To resolve these issues, perform the following steps:
Stop the Cryptographic Services from the Microsoft Management Console.
Navigate to C:\Windows\system32 and rename the "catroot2" folder to "oldcatroot2".
Start the Cryptographic Services.
Open
a command prompt (cmd.exe) and run the following commands:
regsvr32 wintrust.dll
regsvr32 netcfgx.dll
Restart the computer.
When disabling automatic client upgrade on an OfficeScan 8.0 SP1 client and then upgrading the server, the client is not upgraded but its program version becomes 8.0.
If the OfficeScan 7.3 server is upgraded to this version but the client is not, the Virus Cleanup Engine in the client will not be upgraded. Upgrade the client to this version to automatically upgrade the Virus Cleanup Engine.
Upgrading the OfficeScan 7.3 client to this version through VPN is not supported if Check Point SecureClient is installed on the client computer.
The OfficeScan client unloads and then reloads three times when upgraded to this version. This happens if the client upgrades, applies smart scan as its scan method, and then applies the domain level scan method.
After an OfficeScan client in a VPN environment is uninstalled successfully, the client is not removed on the Web console's client tree and its status is offline.
When configuring connection settings on the Web console (Administration > Connection Settings) to move OfficeScan 10 clients to a server that runs the same or a higher version, clients will only move after they are reloaded or after restarting the client computers. Clients will not work properly without the required reload or restart.
Trend Micro recommends using the Client Mover function from the client tree to move clients to a different server. To do this, go to Networked Computers > Client Management > Manage Client Tree > Move Client.
If you create a login script in Active Directory and then log on as administrator on a Windows Vista Home or 2008 computer, the OfficeScan client cannot be installed to the computer and the message that displays states that the account used is not an administrator account.
The administrator will not be able to remotely install OfficeScan client to Windows 7 x86 platforms without enabling the default administrator account. To resolve this issue:
Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disables this feature.
Option A: Use the domain administrator account to remotely install OfficeScan 10.5 clients to Windows 7 machines.
Option B: Use the default administrator account:
Type the "net user administrator /active:yes" command from the command console to enable the default administrator account.
Use the default administrator account to remotely install the OfficeScan client to the Windows 7 machine.
Installing
OfficeScan clients to Windows 7 or Windows Server 2008 R2 in VMware may
cause the system to stop responding. This is because of compatibility
issues with the Intel
A Microsoft Hyper-V virtual machine might not be able to start if the host computer has OfficeScan client installed. This is because the OfficeScan client and Hyper-V virtual machine accesses the same Hyper-V xml file and causes file access violation. As a workaround:
Set exclusion folder for the virtual machine xml file located in C:\ProgramData\Microsoft\Virtual Machine Manager\.
Turn off file mapping scan by modifying the TmFilter/TmxpFilter registry value.
This version of OfficeScan only supports cleaning compressed spyware in zip format.
When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.
When scanning is complete, OfficeScan displays a notification page. On a Windows 2008 computer, the background color of the page does not conform to the standard color for OfficeScan notification pages.
When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service client.
When an email containing an attachment with spyware/grayware is retrieved through Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.
In a Citrix environment, When the OfficeScan client detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions.
Security risk can be any of the following:
Virus/Malware
Spyware/Grayware
Firewall policy violation
Web Reputation policy violation
Unauthorized access to external devices
When OfficeScan detects virus/malware and computer restart is required to clean the infected file, a notification message prompts the user to restart. If the user did not restart the computer and generic virus/malware was detected, the restart notification displays again even if a restart is not required for the generic virus/malware detection.
When updating OfficeScan patterns and engines from Control Manager, administrators are not notified of the update status even if notifications are enabled. The update status can be viewed from the Control Manager console.
OfficeScan clients with client-level settings can only download settings from the OfficeScan server, not Update Agents.
An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded.
When the OfficeScan server notifies clients to update components, clients that obtain updates from an Update Agent will not be able to update if the Update Agent has not been upgraded to version 8.0 SP1 or higher. However, these clients can still obtain the updates directly from the OfficeScan server.
On the OfficeScan client computer, automatic proxy detection in Internet Explorer does not work if the administrator enables the "Client Console Access Restriction" option on the OfficeScan server Web console's Privileges and Other Settings screen.
When the server and client computers are located on geographical locations with different time zones, the client cannot be configured to update based on the server's time zone.
The Active Directory scope may display as empty or redirect to the Active Directory integration screen when querying Outside Server Management reports with a broad scope. Ensure that the first task is finished before performing another query.
The User Role has access and configure permissions on the client Manual Update page but only for selected domains. However, all clients receive the notification when this role clicks Initiate Update.
For Menu Items for Managed Domains, when an Active Directory user is part of several Active Directory groups, the user combines domain permissions but applies the higher role setting on all applicable domains.
When the computer's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.
Web console logon is unsuccessful if using the x64 version of Internet Explorer 6.0 or later and the computer runs an x64 type platform. Use the x86 version of Internet Explorer to log on successfully.
When the Web console is opened in Internet Explorer 7 or later, a certificate error displays.
If Hotbar or other adware exists on the computer you are using to access the OfficeScan server Web console, ActiveX errors may appear on some Web console screens. Trend Micro recommends accessing the Web console from computers that do not have this kind of software.
Internet Explorer default settings may prohibit ActiveX controls. You may need to add the address of the OfficeScan Web console to the list of trusted sites in the Internet Explorer browser to have the Web console function properly.
Trend Micro Control Manager can only replicate OfficeScan configuration settings for the same version.
Client names in the OfficeScan client tree supports only 15 characters and truncates the succeeding characters.
Three Antivirus components do not display on the console. The components are:
TmFilter.sys - Virus Scan Driver
TmXPFlt.sys - Virus Scan Driver (For engine)
TmPreFlt.sys - Virus Scan Driver (For file hooking)
Internal proxy used for client and server communication does not support the SOCKS 4 protocol.
If
you have Trend Micro
Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Notifications > Client User Notifications > Virus/Malware tab > Virus/Malware Infection source).
If an outbreak prevention policy is enforced only to a specific domain, a newly installed client belonging to the domain will not apply the outbreak prevention policy. Choose root instead of domain in the client tree when enforcing a policy to ensure that newly installed clients also apply the policy.
If the client security level configured on the Web console is set to "High", connection through Nortel VPN client cannot be established.
Select the Show icon and notifications option to display the OfficeScan icon in the Windows 7 system tray. The default option for Windows 7 is Only show notification.
When the permission for plug-in devices (USB) is "read only", users can still create a new folder on the device but the folder cannot be renamed and no file can be saved to the folder.
The Device Control feature is unable to block recording of files (or "file burning") to optical disks.
OfficeScan blocks all inbound and outbound processes if the Security level is set to High and there are no policy exceptions. Ensure that necessary processes have been included in the Exception list before deploying the firewall policy to clients.
The Firewall rule for outgoing traffic will not work as expected if a machine has several IP addresses with different Firewall policies.
When the security level on a Citrix server is medium or high, perform the following steps:
On the OfficeScan server Web console, create a new firewall policy.
Add the following port numbers to the policy's exclusion list: 1494, 2598
Go to Firewall > Profiles and click Assign Profile to Clients.
Incoming packets to a computer on a VMware client are dropped if the computer has OfficeScan client installed.
Workaround (for all clients):
On the server computer, open ofcscan.ini under the \PCCSRV folder.
Add the following setting under [Global Setting]:
EnableGlobalPfwBypassRule=1
On the Web console, go to Networked Computers > Global Client Settings and click Save to deploy the setting to all clients.
Workaround (for specific clients):
On the client computer, open Registry Editor.
Add the following registry value:
Key:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
for x64 computers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
Name: EnableBypassRule
Type: REG_DWORD
Value: 1
Reload the client for settings to take effect.
If the client runs on a Windows Server 2003 computer without any Microsoft service pack, the OfficeScan firewall may block connection to the integrated Smart Protection Server. Apply the latest service pack to avoid encountering this issue.
The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running but there is no Trend Micro Common Firewall in the network protocol.
Smart scan clients are unable to update the virus pattern file for the POP3 and Outlook Mail Scan features. Change the scan method for clients that use POP3 and Outlook Mail scan to conventional scan to get the latest components.
Only Internet Explorer is supported for configuring proxy settings used by clients to connect to the Global Smart Protection Server. If proxy settings are configured in other browsers, clients will not be able to connect to the Global Smart Protection Server.
The OfficeScan client is unable to get the Web reputation rating. This occurs if the client is installed on a Windows 2008 32-bit, 64-bit, or Windows 2008 R2 64-bit server with Apache that supports IPv6. As a workaround, turn off IPv6 on the Windows 2008 server.
After changing the DNS server, the DNS query function for Web Reputation may continue using the previous DNS server.
Some proxy servers do not work if the OfficeScan NT Proxy Service (TmProxy.exe) is enabled. TmProxy.exe intercepts network traffic originating from a proxy server and then redirects the traffic again to the proxy server, resulting in a loop. If you encounter this issue, the only workaround is to disable Web Reputation (for both internal and external computers) from the OfficeScan Web console by going to Networked Computers > Client Management > Settings > Web Reputation Settings. Note that disabling Web Reputation leaves your client computers unprotected from Web threats.
Clients can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue:
Connect to the network using Juniper Networks VPN.
Open Internet Option > Connection > LAN Settings.
Disable Automatic configuration settings.
Enable Proxy server and specify the IP address and port of your proxy server.
Click Ok.
Policy Server and Cisco Trust Agent
Unable to log on to the Policy Server installed on an Apache server if the Apache server already has OfficeScan installed. Uninstall the Policy Server and re-install on an Apache server without OfficeScan.
The installation and removal of the Cisco Trust Agent (CTA) on client computers require the use of a Windows Utility (netsh.exe) to add/remove CTA from the Windows Firewall Program Exception list. This is done to allow CTA to communicate even when Windows Firewall is enabled.
Computer restart is required after the Cisco Trust Agent 2.x Supplicant package is deployed.
Unable to finish querying Outside Server Management reports when accessed through the Control Manager Single sign on page. Use the OfficeScan Web console to query Outside Server Management reports.
OfficeScan client registers and unregisters to Control Manager if the mobile client frequently changes IP address. This can cause network bandwidth issues for Control Manager 5.0.
When generating one-time reports from the Control Manager 5.0 management console, the Common Firewall Driver version is 0. The correct version of the driver displays when performing the following tasks:
Querying Control Manager logs (Managed Product Scan Engine Status)
Navigating to Products > New Entity > {OfficeScan server} > Domain > Client and selecting OfficeScan 8.0 & Above Engine View
Viewing server or client information using the single-sign function of Control Manager
The Integrated Windows Authentication protocol is not supported when registering OfficeScan to Control Manager and specifying Web server authentication credentials for the IIS server. Only basic access authentication is supported.
When accessing the OfficeScan server using the single-sign on function in Control Manager:
Users are sometimes prompted that the OfficeScan screen contains non-secure items.
The "Action cancelled" warning screen may sometimes display.
Refresh the page if any of these conditions occur.
The Control Manager server must use port 80 or 443 to allow migration from the Trend Micro Management (TMI) protocol to the Trend Micro Control Manager Management Communication Protocol (MCP) agent.
There are several tools included in this version. Refer to the OfficeScan server Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.
The following are the permissions for the OfficeScan folders:
|
Directory/User |
Administrator |
Everyone |
IUser _<Server Name> |
System |
Network Service |
|
\PCCSRV |
Full control |
RX |
N/A |
Full control |
N/A |
|
\PCCSRV\Download |
Full control |
N/A |
R |
Full control |
N/A |
|
\PCCSRV\HTTPDB |
Full control |
N/A |
N/A |
N/A |
N/A |
|
\PCCSRV\Log |
Full control |
N/A |
N/A |
Full control |
N/A |
|
\PCCSRV\Private |
Full control |
N/A |
N/A |
Full control |
RX |
|
\PCCSRV\Temp |
Full control |
N/A |
RWXD |
N/A |
RWXD |
|
\PCCSRV\Virus |
Full control |
N/A |
RW (Special Access) |
N/A |
N/A |
|
\PCCSRV\Web |
Full control |
N/A |
R |
Full control |
N/A |
|
\PCCSRV\Web\Cgi |
Full control |
N/A |
RX |
N/A |
N/A |
|
\PCCSRV\Web_OSCE\Web_console |
Full control |
RX |
N/A |
Full control |
N/A |
|
\PCCSRV\Web_OSCE\Web_console\ HTML\ClientInstall |
Full control |
N/A |
RWXD |
N/A |
N/A |
|
\PCCSRV\Web_OSCE\Web_console\ RemoteInstallCGI |
Full control |
N/A |
RWXD |
N/A |
N/A |
Download the latest components after upgrading to keep your security risk protection current.
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.
Evaluation copies of Trend Micro products can be downloaded from our Web site.
Global Mailing Address/Telephone numbers
For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.
The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
Trend Micro Incorporated,
a global leader in Internet content security and threat management, aims
to create a world safe for the exchange of digital information for businesses
and consumers. A pioneer in server-based antivirus with over 20 years
experience, we deliver top-ranked security that fits our customers' needs,
stops new threats faster, and protects data in physical, virtualized and
cloud environments. Powered by the Trend Micro
Copyright 1998-2010, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.
License Attributions can be viewed from the OfficeScan 10.5 Web console.