Trend Micro, Inc.

May 2012

 

Trend Micro OfficeScan Server

Version 10.6 Service Pack 1

 

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/enterprise/officescan.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.

 

Contents


  1. About OfficeScan

  2. What's New

  3. Document Set

  4. System Requirements

  5. Installation

    1. Pre-Installation

    2. Installation

    3. Rollback

  6. Post-installation Configuration

  7. Known Issues

  8. Contact Information

  9. About Trend Micro

  10. License Agreement

 

1. About OfficeScan


Trend Micro OfficeScan protects enterprise networks from malware, network viruses, Web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan consists of a client program that resides at the endpoint and a server program that manages all clients. The client guards the endpoint and reports its security status to the server. The server, through the Web-based management console, makes it easy to set coordinated security policies and deploy updates to every client.

OfficeScan is powered by the Trend Micro Smart Protection Network, a next generation cloud-client infrastructure that delivers security that is smarter than conventional approaches. Unique in-the-cloud technology and a lighter-weight client reduce reliance on conventional pattern downloads and eliminate the delays commonly associated with desktop updates. Businesses benefit from increased network bandwidth, reduced processing power, and associated cost savings. Users get immediate access to the latest protection wherever they connectwithin the company network, from home, or on the go.

 

Back to top

 

 

2. What's New


OfficeScan includes the following new features and enhancements:

 

What's New in OfficeScan 10.6 Service Pack 1

Policy Management from Control Manager 6.0

Control Manager 6.0 allows administrators to create and deploy policies to the OfficeScan servers that Control Manager manages.

Behavior Monitoring 64-bit Support

The Behavior Monitoring capabilities of OfficeScan now support 64-bit versions of the following platforms:

Client Self-protection 64-bit Support

Client Self-protection now supports 64-bit versions of the following platforms:

Device Control 64-bit Support for Unauthorized Change Prevention

The Device Control capabilities of OfficeScan now support 64-bit versions of the following platforms during Unauthorized Change Prevention monitoring:

   Note: Device Control for Data Protection provides support for all 64-bit versions of Windows platforms.

Data Protection Enhancements

The Data Protection enhancements in OfficeScan 10.6 SP1 include the following support and upgrades:

Virtual Desktop Infrastructure Enhancements

This version of OfficeScan enhances Virtual Desktop Infrastructure (VDI) support and capabilities.

Extended Web Reputation Port Scanning

OfficeScan can now scan HTTP traffic on all ports for web reputation policy violations. If administrators do not want to scan traffic on all ports, OfficeScan provides the option of scanning traffic on the default 80, 81, and 8080 HTTP ports.

 

What's New in Version 10.6

Data Protection

The Data Protection module provides Data Loss Prevention and expands the range of devices monitored by Device Control.

Plug-In Manager manages the installation and licensing of the Data Protection module.

Data Protection Features

Details

Data Loss Prevention

Data Loss Prevention safeguards an organization's digital assets against accidental or deliberate leakage. Data Loss Prevention allows you to:

  • Identify the digital assets to protect
  • Create policies that limit or prevent the transmission of digital assets through common transmission channels, such as email and external devices
  • Enforce compliance to established privacy standards

Device Control

OfficeScan out-of-the-box has a Device Control feature that regulates access to USB storage devices, CD/DVD, floppy disks, and network drives. Device Control that is part of the Data Protection module expands the range of devices by regulating access to the following devices:

  • Imaging devices
  • Modems
  • Ports (COM and LPT)
  • Infrared devices
  • PCMCIA cards
  • Print screen key
  • IEEE 1394 interface

Plug-in Manager 2.0

Plug-in Manager 2.0 installs with the OfficeScan server. This Plug-in Manager version delivers widgets.

Widgets provide a quick visual reference for the OfficeScan features and plug-in solutions that you deem most vital to your business. Widgets are available in the OfficeScan server’s Summary dashboard, which replaces the Summary screen in previous OfficeScan versions.

IPv6 Support

The OfficeScan server and clients can now be installed on IPv6 computers.

In addition, new versions of Control Manager and Smart Protection Server now support IPv6 to provide seamless integration with the OfficeScan server and clients.

Cache Files for Scans

The OfficeScan client now builds cache files, which contain information about safe files that have been scanned previously and files that Trend Micro deems trustworthy. Cache files provide a quick reference during on-demand scans, thus reducing the usage of system resources. On-demand scans (Manual Scan, Scheduled Scan, and Scan Now) are now more efficient, providing up to 40% improvement to speed performance.

Startup Enhancement

When a computer starts, the OfficeScan client will postpone the loading of some client services if CPU usage is more than 20%. When CPU usage is below the limit, the client starts to load the services.

Services include:

Damage Cleanup Services Enhancement

Damage Cleanup Services can now run in advanced cleanup mode to stop activities by rogue security software, also known as FakeAV. The client also uses advanced cleanup rules to proactively detect and stop applications that exhibit FakeAV behavior.

You can choose the cleanup mode when you configure virus/malware scan actions for Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now.

Web Reputation HTTPS Support

Clients can now scan HTTPS traffic for web threats. You can configure this feature when you create a web reputation policy.

Windows Server Core 2008 Support

The OfficeScan client can now be installed on Windows Server Core 2008. Users can use the command line interface to launch the client console and check the endpoint’s protection status.

Other Enhancements

This release includes the following enhancements:

 

Back to top

 

Resolved Known Issues

A. Hot fix numbers

1090

1096

1110

1113.1

1115

1115.1

1116

1121

1122

1123

1124

1125

1133.1

1134

1139

1141

1142

1145

1146

1147

1149

1151

1153

1154

1155

1158

1163

1164

1167.1

1168

1172

1176

1177

1179

1180

1180.1

1182

1184

1185

1194

1195

1197

1198.1

1199

1201

1202

1202.1

1203

1203.1

1206 1206.1

1207

1208.1

1211

1212

1213

1213.1

1214

1217

1217.2

1218

1221

1222 1225 1226

1227.1

1228 1229 1233 1234 1236.1 1251
1949 3067        

B. OfficeScan 10 SP1 resolves the following product issues:

  Hot fix 1090

  Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               Symantec Endpoint Protection 12.1.617.4971

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               Symantec Endpoint Protection 12.1.617.4971

Hot fix 1096

   Issue: In OfficeScan 10.6, https plug-in could only support Firefox 5.0.

   Solution: After applying this hot fix, Firefox 7.0 could also work with https plug-in.

Hot fix 1110

   Issue: Sometimes, the OfficeScan Master Service stops unexpectedly while querying Data Protection logs. This occurs when the size of the information in a log is larger than the size of the buffer.

   Solution: Hot fix 1110 resolves this issue by extending the buffer size.

Hot fix 1113.1

    Issue: This hot fix allows OfficeScan not to automatically remove the following third-party antivirus products:

               Spybot Search & Destroy

   Solution: After applying this hot fix, the following third-party antivirus products will not be automatically uninstalled before OfficeScan client installation starts:

               Spybot Search & Destroy

Hot fix 1115

   Integrated Smart Protection Tool

Hot fix 1115.1

    Issue: When a non-English version of OfficeScan 10.6 exports Digital Asset Control logs to a CSV file, garbled characters appear on the CSV file due to unnecessary encoding of UTF-8 strings.

    Solution: Hot fix 1115 resolves this issue by preventing non-English OfficeScan 10.6 versions from encoding UTF-8 strings when migrating Digital Asset Control logs to CSV files.

Hot fix 1116

   Issue: OfficeScan generates incorrect information on some fields when exporting the "OfficeScan exclusion settings.csv" file.

   Solution: Hot fix 1116 fixes the export function to enable OfficeScan to export the correct scan exclusion list in the "OfficeScan exclusion settings.csv" file.

Hot fix 1121

   Issue: When users move an OfficeScan client from one OfficeScan server to another using the OfficeScan client tool, Client Mover (IpXfer.exe), the tool inserts the "ipxfer" prefix in the domain name of the moved OfficeScan client.

   Solution: Hot fix 1121 updates the "IpXfer.exe" tool to prevent it from adding the "ipxfer" prefix to the domain name of OfficeScan clients that it moves from one OfficeScan server to another.

Hot fix 1122

   Issue: The OfficeScan database backup task cannot save the backup files it creates to a location specified by a UNC path.

   Solution: Hot fix 1122 updates the OfficeScan server backup program files to enable the task to save the backup files to a location specified by a UNC path.

Hot fix 1123

   Issue: The database backup task fails when some temporary tables are missing from the database.

   Solution: Hot fix 1123 solves this issue by enabling the database backup task to skip these temporary tables.

Hot fix 1124

    Issue: An error message is generated in the Web server log file when an OfficeScan client performs updates. This issue occurs because during updates, the OfficeScan client attempts to download the "ini_xml.zip" file from the OfficeScan server but this file is not in the OfficeScan server and is not used by OfficeScan.

   Solution: Hot fix 1124 adds an option to prevent OfficeScan clients from attempting to download the "ini_xml.zip" file from the OfficeScan server during updates.

Hot fix 1125

   Issue: Licenses deployed from the Control Manager(TM) console are different from those deployed from the OfficeScan server console.

   Solution: Hot fix 1125 updates the OfficeScan files to ensure that the licenses deployed from either the OfficeScan or Control Manager console are the same.

Hot fix 1133.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               Symantec Endpoint protection 11.0.6000.550

               PANDA ENDPOINT PROTECTION Version 5.50.0000 and PANDA ENDPOINT AGENT 5.50.0001

    Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               Symantec Endpoint protection 11.0.6000.550

               PANDA ENDPOINT PROTECTION Version 5.50.0000 and PANDA ENDPOINT AGENT 5.50.0001

Hot fix 1134

   Issue: The URL Filtering Engine module may cause the OfficeScan TmProxy service to stop unexpectedly while decoding the authentication data that was returned by the Microsoft(TM) Windows(TM) NTLM authentication scheme.

   Solution: Hot fix 1134 enables the URL Filtering Engine module to try another authentication scheme if the allocated memory is insufficient for reading the authentication data from the NTLM scheme.

Hot fix 1139

   Issue: OfficeScan does not save the "External Clients" settings on the "Device Control Settings" page.

   Solution: Hot fix 1139 resolves this issue by correcting the "External Clients" settings structure for the "Device Control Settings" function.

Hot fix 1141

   Issue: The Trend Micro Data Loss Prevention(TM) module cannot handle SCSI-type storage devices and blocks these devices instead.

   Solution: Hot fix 1141 updates the Data Loss Prevention module to enable it to support SCSI-type storage devices.

Hot fix 1142

   Issue: When selecting a single OfficeScan client under a domain and then performing a "Scan Now" task, users observe that all clients, including the selected client, appear under the domain on the client list pop-up page. This issue occurs because the item number on "Scan Now" page is the same as the number on the "Scan Now for All Domains" page. In this situation, OfficeScan shows all clients even if users only selected one client.

   Solution: Hot fix 1142 resolves this issue by using different item numbers on these two pages to prevent this situation from occurring.

Hot fix 1145

   Issue: The "Source" field does not exist on the "Digital Asset Control Logs" query results page.

   Solution: Hot fix 1145 resolves this issue by adding a "Source" field on the query results.

Hot fix 1146

   Issue: When an OfficeScan client upgrades its firewall driver, it may not be able to handle a request to restart before proceeding with the installation. This may cause the network interface to become unavailable in some platforms.

   Solution: Hot fix 1146 enables OfficeScan clients to systematically handle restart requests before proceeding to install firewall driver upgrades.

Hot fix 1147

   Issue: When the OfficeScan client program version remains at 10.5 after users upgrade the OfficeScan server from version 10.5 to 10.6, the OfficeScan client 10.5 firewall profile policy and settings become the default settings. This issue occurs because during upgrades, the OfficeScan setup program does not create a backup for "OfcPfw5.dat", which is the firewall setting file for version 10.5.

   Solution: Hot fix 1147 ensures that a backup will be created for "OfcPfw5.dat" during OfficeScan server updates. This resolves the issue.

Hot fix 1149

   Issue: When the "AddTmListenServiceDependencies" key is set to a non-zero value, the "TmListen" service adds the "netprofm" service to its service dependency list. Since the "netprofm" service is only available on the Microsoft(TM) Windows(TM) Vista(TM) platform, the "TmListen" service on OfficeScan clients installed on the Windows XP or Windows 2003 platforms will not be able to start.

   Solution: Hot fix 1149 adds platform checking mechanism that ensures that when the "AddTmListenServiceDependencies" key is set to a non-zero value, the "netprofm" service will only be added to the "TmListen" service dependency list only when the OfficeScan client runs on the Windows Vista or any other platform released after it.

Hot fix 1151

   Issue: The OfficeScan server parsing function for an OfficeScan client's real-time scan configuration does not recognize the "USBbootScan" parameter. As a result, the data from parameters that come after the "USBbootScan" parameter shift and cause the OfficeScan server to display incorrect data.

   Solution: Hot fix 1151 resolves this issue by enabling the server parsing function to recognize the "USBbootScan" parameter.

Hot fix 1153

   Issue: The Trend Micro Control Manager(TM) server displays an incorrect value for the number of OfficeScan clients. The issue happens when the value of the "Agent_GUID" configuration parameter in the "Common" section of the "Agent.ini" file is in capital letters.

   Solution: Hot fix 1153 enhances the way Control Manager Agent handles the value of the "Agent_GUID" configuration parameter. This ensures that the Control Manager server displays the correct number of OfficeScan clients.

Hot fix 1154

   Issue: The "Scan Exclusion" section of the "Scan Settings" page displays a truncated version of the exclusion path when the exclusion path is longer than the path length limit of the corresponding listbox.

   Solution: Hot fix 1154 resolves this issue by adding a tooltip hint that shows the complete exclusion path when users move over the truncated path with the mouse pointer.

Hot fix 1155

   Issue 1: When the Vulnerability Scanner runs in silent (batch command) mode, the table of results does not contain the domain name and OfficeScan Client Status of each scanned computer.

   Solution 1: Hot fix 1155 adds the "Domain" and "OfficeScan Client Status" columns to the table of results that is displayed after the Vulnerability Scanner runs in silent (batch command) mode.

   Issue 2: The Vulnerability Scanner cannot retrieve Media Access Control (MAC) addresses.

   Solution 2: Hot fix 1155 adds a function to enable the Vulnerability Scanner to retrieve MAC addresses.

Hot fix 1158

   Issue: The OfficeScan 10.6 delay load feature directly calls the Behavior Monitoring module to verify the file signature when it loads the OfficeScan client. However, the original file signature verification function should be thread safe so that no outside module could call it directly and should require another interface to schedule the calling order.

As a result, some OfficeScan client threads may attempt to access the internal memory and break the memory index. This can cause "NTRtScan.exe" to stop unexpectedly.

   Solution: Hot fix 1158 enables OfficeScan 10.6 delay load feature to use a synchronization mechanism in verifying file signatures to prevent the race condition.

Hot fix 1163

   Issue: Trend Micro Control Manager(TM) Agent (CMAgent) sends the date/time value to the Control Manager server in the wrong format. This prevents the SQL server from executing the related store procedure. As a result, the Product Registration information is not stored in the Control Manager database and the Control Manager server will not be able to deploy the Product Registration information to the corresponding OfficeScan server.

   Solution: Hot fix 1163 resolves this issue by enabling CMAgent to convert the date/time value to the correct format before sending this information to the Control Manager server.

Hot fix 1164

   Issue: The Behavior Monitoring exception list is configured by the Behavior Monitoring Configuration Pattern, "tmbgcfg.ptn". Sometimes, your computer stops responding as it start up before the Behavior Monitoring Configuration Pattern exception list is loaded and configured by "TMBMSRV.exe".

   Solution: Hot fix 1164 updates the Behavior Monitoring driver module to version 2.93.1031 to prevent this issue.

Hot fix 1167.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               Symantec Endpoint Protection 12.1.671.4971.105

               Eset Nod32 Antivirus 4.2.71.2

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               Symantec Endpoint Protection 12.1.671.4971.105

               Eset Nod32 Antivirus 4.2.71.2

Hot fix 1168

   Issue: A user requests for a way to allow OfficeScan to scan USB storage devices immediately after users connect these devices to the computer.

   Solution: After applying hot fix 1168, when users connect a USB storage device to the computer, a pop-up window appears which gives users an option to perform the scan immediately or at a later time.

Hot fix 1172

   Issue 1: Under certain situations, when users delete an item from the OfficeScan Digital Asset templates and click "Modify/Save", the change does not take effect and the templates revert to the original settings.

   Solution 1: Hot fix 1172 ensures that users can successfully edit OfficeScan Digital Asset templates.

   Issue 2: When a TMUSB data disk is plugged into a computer that does not have a floppy disk drive, the Data Loss Prevention Endpoint SDK will not be able to hook the TMUSB data disk.

   Solution 2: Hot fix 1172 enables Data Loss Prevention Endpoint SDK to successfully hook the TMUSB data disk.

Hot fix 1176

   Issue: OfficeScan Local Web Classification Server status queries cannot be sent to the Smart Scan Server using a computer's loopback address.

   Solution: Hot fix 1176 enables users to assign a status query rating server for sending OfficeScan Local Web Classification Server status queries to the Smart Scan Server.

Hot fix 1177

   Issue: A logic issue in the OfficeScan server database causes the database backup task to fail.

   Solution: Hot fix 1177 updates the OfficeScan server files to ensure that the database backup task can run without issues.

Hot fix 1179

   Issue: When a user performs a customized OfficeScan client update, a configuration issue can prevent the OfficeScan client from retrieving the Trend Micro Data Loss Prevention(TM) settings from the update agent.

   Solution: Hot fix 1179 applies the correct configuration to OfficeScan clients to enable these clients to download the Data Loss Prevention settings from the update agent without issues.

Hot fix 1180

   Issue: OfficeScan will not be able to create several client scheduled update registry keys when the OfficeScan client cannot connect to the OfficeScan server during a fresh client installation.

   Solution: Hot fix 1180 modifies the installation task sequence to ensure that OfficeScan always creates all scheduled update keys and assigns the corresponding default value for each key during a fresh client installation.

Hot fix 1180.1

   Issue: After applying a hot fix, the "DWIoTrapNT.dll" file is renamed as "DWIoTrapNT.dll_Invalid" because it contains an invalid digital signature. This issue can prevent users from creating new client installation packages or perform fresh client installation.

   Solution: Hot fix 1180.1 updates "DWIoTrapNT.dll" with the correct digital signature to resolve this issue.

Hot fix 1182

   Issue: An OfficeScan 10.6 client will always try to connect to the Trend Micro ActiveUpdate server if it cannot connect to the OfficeScan server. However, the OfficeScan 10.6 client will not be able to connect to the ActiveUpdate server because the resource file specifies a wrong URL for the ActiveUpdate server.

   Solution: Hot fix 1182 corrects the URL for the ActiveUpdate server in the resource file. This enables OfficeScan 10.6 clients to connect to the ActiveUpdate server successfully.

Hot fix 1184

   Issue: In an OfficeScan x64 client platform, when OfficeScan uses executable (*.exe) or MSI (*.msi) packages created by other servers to upgrade an OfficeScan client, the client will refer to another server instead of its own server. This issue occurs because the registry in an x64 platform normally resides in a different location and this information is not updated on the registry during the OfficeScan client update since the Registry Access function does not check the new registry location. This issue occurs even when administrators set the "ForceRefresh" and "BypassServerChecking" keys to "1".

   Solution: Hot fix 1184 resolves this issue by enabling the Registry Access function to update the registry location information in this situation.

Hot fix 1185

   Issue: Under certain conditions, the auto-detect assistance tool cannot list information for USB devices connected to computers running Japanese versions of any Microsoft(TM) Windows(TM) operating system released after Vista(TM).

   Solution: Hot fix 1185 updates the auto-detect assistance tool's "listDeviceInfo" function to ensure that the tool can list USB device information in these platforms.

Hot fix 1194

   Issue: By default, the "Scan network drive" setting in both Manual and Real-time Scans is disabled. When the setting is enabled, an access rights issue may prevent Manual Scan from scanning files and folders on a network drive on a Microsoft(TM) Windows(TM) XP or 2003 platform. Real-time Scan can scan files on a network drive when the corresponding input/output files have been generated.

   Solution: Hot fix 1194 resolves access rights issue to ensure that Manual Scan can successfully scan a network drive on a Windows XP or 2003 platform.

Hot fix 1195

   Issue: When a user inputs SNMP information on the Web console and clicks the "save" button, an email format error message appears and the information is not saved correctly.

   Solution: Hot fix 1195 corrects the logic order of processes that work to save SNMP information from the Web console. This ensures that users can successfully save SNMP information from the Web console.

Hot fix 1197

   Issue 1: When the OfficeScan NT Listener service (TmListen.exe) cannot connect to a Web Reputation Service (WRS) server because of a connection timeout issue, the Listener service does not attempt to search for and connect to another available WRS server.

   Solution 1: Hot fix 1197 enables the Listener service to search for and attempt to connect to another available WRS server when it receives the connection timeout error message from the OfficeScan NT Proxy service (TMProxy.exe).

   Issue 2: OfficeScan clients create and delete the "C:\OSCE_DEBUG" folder repeatedly.

    Note: The folder creation and deletion happens within a few milliseconds and can be detected only by using system monitoring tools such as FileMon for Microsoft(TM) Windows(TM).

   Solution 2: Hot fix 1197 updates the OfficeScan files to prevent unnecessary operations on the "C:\OSCE_DEBUG" folder.

Hot fix 1198.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               ESET NOD32 4.2.64.12

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               ESET NOD32 4.2.64.12

Hot fix 1199

   Issue: "DbServer.exe" may stop unexpectedly, cause a high CPU usage issue, or corrupt data.

   Solution: Hot fix 1199.1 updates the OfficeScan files to:

               - adds additional error-handling mechanisms to"DbServer.exe"

               - adds critical event log for database operations. Logs are generated under the "c:\osceDB.log" by default.

               - enables the database service to set a schedule to flush data from memory to the disk.

               - adds an option to enable the database service to trigger the database backup task as the service starts.

Hot fix 1201

   Issue 1: The Mozilla(TM) Firefox(TM) and Microsoft(TM) Internet Explorer(TM) Web browsers may stop unexpectedly when the HTTPS URLs check option is enabled.

   Solution 1: Hot fix 1201 resolves this issue by updating the NSC module files.

   Issue 2: OfficeScan 10.6 does not support version 10.0 of the Firefox Web browser.

   Solution 2: Hot fix 1201 updates the NSC module to enable OfficeScan 10.6 to support Firefox 10.0.

Hot fix 1202

   Issue: When users click the link under the "Current Outbreak" or "Last Outbreak" column on the "Summary" page to display the outbreak status log, a logic issue causes the log to be displayed in the wrong format. The outbreak status log may also contain incorrect information.

   Solution: Hot fix 1202 resolves the logic issue to ensure that the OfficeScan server console displays outbreak status logs with the correct information and in the correct format.

Hot fix 1202.1

   Issue: A logic issue causes OfficeScan clients to start updates 10 minutes after users click the "Initiate Update" button in the "Updates > Networked Computers > Manual Update" page of the OfficeScan Web console.

   Solution: Hot fix 1202.1 resolves the logic issue to enable OfficeScan clients to start updates immediately after users click the "Initiate Update" button in the "Updates > Networked Computers > Manual Update" page of the OfficeScan Web console.

Hot fix 1203

   Issue: The error message that appears when users input a name with underscore '_' for the Smart Protection Server in the OfficeScan console.

   Solution: Hot fix 1203 changes the checking mechanism of Smart Protection Server which allows the character of underscore.

Hot fix 1203.1

   Issue: OfficeScan clients cannot create NT event logs on computers running on the Microsoft(TM) Windows(TM) XP platform.

   Solution: Hot fix 1203.1 updates the OfficeScan files to ensure that OfficeScan clients can successfully create NT event logs on computers running on the Windows XP platform.

Hot fix 1206

   Issue: When users enable the Trend Micro Data Loss Protection(TM) device control feature and block access to USB devices, users can add entries to the "USB devices exception list" from the Web console. However, when users add several USB devices to the list and deploy the setting to clients, the client may not receive the complete list. This occurs because the size of the buffer for storing the exception list information in the client is insufficient.

   Solution: Hot fix 1206 resolves this issue by increasing the size of the buffer for storing the exception list information in the client to make it equal to the size of the buffer in the server.

   Hot fix 1206 resolves this issue by increasing the size of the buffer for storing the exception list information in the client to make it equal to the size of the buffer in the server.

   Hot fix 1206 also makes the following changes to the product console:

   - The length of the "Vendor", "Model", and "Serial ID" fields is reduced from "200" to "64", "20", and "32" individually.

Hot fix 1207

   Issue: Selecting the "scan log" option on the OfficeScan client management console "logs" tab should allow users to set the maximum days value of the log management setting to 60, 90, 180, or 365 days. However, users can only set it to 60 days.

   Solution: Hot fix 1207 corrects the code logic to ensure that users can set the maximum days value to 60, 90, 180, or 365 days.

Hot fix 1208.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               Symantec Endpoint Protection 12.1.100.157

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               Symantec Endpoint Protection 12.1.100.157

Hot fix 1211.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

              McAfee VirusScan Enterprise 8.8.0000 and McAfee Agent 4.5.0.1810

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

              McAfee VirusScan Enterprise 8.8.0000 and McAfee Agent 4.5.0.1810

Hot fix 1212

   Issue: When an OfficeScan client is under a multi-layered domain in the client tree of the server console and users query OfficeScan client logs from the root icon, a logic issue causes duplicate log items.

   Solution: Hot fix 1212 updates the OfficeScan program file to resolve the issue.

Hot fix 1213

   Issue: OfficeScan client tree supports the structure of multi-layered domain, however, the Email, SNMP Trap and NT Event Log notification from the server does not display the complete layers.

   Solution: Hot fix 1213 updates the OfficeScan program file to resolve the issue.

Hot fix 1213.1

   Issue: The status of all unreachable OfficeScan clients become "OFFLINE" even when these clients can successfully connect to the OfficeScan server. This occurs because when unreachable clients with out-dated components start and connect to a server, the server adds the client to the queue for update notifications. Since the server cannot access the unreachable client to notify it to update, it then regards such clients as "OFFLINE" and changes the status accordingly.

   Solution: Hot fix 1213.1 prevents OfficeScan servers from sending update notifications to unreachable clients. This ensures that the status of unreachable OfficeScan clients that can connect to servers will not become "OFFLINE".

Hot fix 1214

   Issue: The OfficeScan database backup task may take longer than expected to complete.

   Solution: Hot fix 1214 ensures that the database backup task completes within an acceptable time period.

Hot fix 1217

   Issue: In Smart Scan mode, the OfficeScan client sends queries to smart protection sources. If the sending of queries times out because of slow network traffic, the OfficeScan Real-Time Scan service, "ntrtscan.exe", may encounter an application error.

   Solution: Hot fix 1217 updates the OfficeScan files to improve the way OfficeScan handles Smart Scan queries timeout issues. This prevents application errors in "ntrtscan.exe".

Hot fix 1217.2

   Issue: The OfficeScan client program, "PccNt.exe", encounters an application error when users attempt to launch the client console.

   Solution: Hot fix 1217.2 updates the OfficeScan files to enable users to launch the OfficeScan client console without issues.

Hot fix 1218

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

              Symantec Endpoint Protection 12.1.671.4971

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

              Symantec Endpoint Protection 12.1.671.4971

Hot fix 1221

   Issue: The Behavior Monitoring module may come in conflict with certain remotely-launched applications.

   Solution: Hot fix 1221 updates the Behavior Monitoring driver module to prevent any conflicts with other applications.

Hot fix 1222

   Issue: The OfficeScan VDI Pre-Scan Template Generation Tool cannot generate the pre-scan template by using command line.

    Note: The issue has only occurred on non-English editions of OfficeScan.

   Solution: Hot fix 1222 updates the tools to resolve the issue.

Hot fix 1225

   Issue: The OfficeScan 10.6 server console displays the status of cluster nodes running on the OfficeScan 10.6 client as "Offline".

   Solution: Hot fix 1225 enhances the mutex releasing procedure to resolve this issue.

Hot fix 1226

   Issue: To use OfficeScan 10.6 and its VDI feature for anti-virus security in virtual machines running both Microsoft(TM) Windows(TM) and VMware View, users can configure the VMWare vCenter Server setting through the "Plug-in Manager > Trend Micro Virtual Desktop Support > Virtual Desktop Infrastructure Settings" page. However, on virtual computers that do not use the default port 443, only the vCenter IP, user name, password, and proxy can be configured and not the vCenter and OfficeScan VDI feature.

   Solution: Hot fix 1226 allows users to configure the connection port and SSL port and to set any unused port number for connecting to the vCenter and OfficeScan VDI feature.

Hot fix 1227.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               McAfee VirusScan Enterprise 8.8.00000 and McAfee Agent 4.5.0.1810

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               McAfee VirusScan Enterprise 8.8.00000 and McAfee Agent 4.5.0.1810

Hot fix 1228

   Issue: On 32-bit server platforms, the OfficeScan client cannot successfully update the Unauthorized Change Prevention Service module when it is disabled on the server console and the spyware license is not activated on the server. This occurs because when an OfficeScan client updates the module, it downloads the update files to a temporary folder first. However, since there is no function for copying update files from the temporary folder to the OfficeScan client installation folder, the update function terminates.

   Solution: Hot fix 1228 resolves this issue by adding a copy function for the Unauthorized Change Prevention Service module update procedure.

Hot fix 1229

   Issue: After users uninstall the OfficeScan client program, the client's "PccntUpd.exe" remains installed in the computer's service.

   Solution: Hot fix 1229 ensures that the "PccntUpd" service is uninstalled promptly when users uninstall the OfficeScan client program.

Hot fix 1233

   Issue: When users reset the WTP settings and Trend Micro Data Loss Prevention(TM) configuration to the corresponding default values, OfficeScan executes a command to set these directly. This can cause performance issues because SAF files are rapidly generated in the root directory during domain sorting.

   Solution: Hot fix 1233 updates the files for the OfficeScan Command Handler module to prevent performance issues while OfficeScan restores the default WTP settings and Data Loss Prevention configuration.

Hot fix 1234

   Issue: The timestamp of the "js-common.js" file is updated each time when a user executes the "SvrSvcSetup.exe -enableIPv6" commands. However, this prevents users from applying the "js-common.js" file from certain hot fixes to the server when the timestamp of the file from the hot fix is older than the one on the server.

   Solution: Hot fix 1234 resolves this issue by ensuring that the timestamp of the "js-common.js" file does not change after users run the "SvrSvcSetup.exe -enableIPv6" command.

Hot fix 1236.1

   Issue: This hot fix allows OfficeScan to automatically remove the following third-party antivirus products:

               Symantec Endpoint Protection 11.0.7101.1056

   Solution: After applying this hot fix, the following third-party antivirus products can be automatically uninstalled before OfficeScan client installation starts:

               Symantec Endpoint Protection 11.0.7101.1056

Hot fix 1251

   Issue:Some malicious applications may be able to change the OfficeScan client services Windows(TM) application startup type to "Disabled" which leaves your computer unprotected.

   Solution: Hot fix 1251 updates the OfficeScan client program files to prevent such malicious programs from disabling OfficeScan client services.

Hot fix 1949

   Issue: Some malicious applications may be able to change the OfficeScan client services Windows(TM) application startup type to "Disabled" which leaves your computer unprotected.

   Solution: Hot fix 1949 updates the OfficeScan client program files to prevent such malicious programs from disabling OfficeScan client services.

Hot fix 3067

   Enhancement 1: Hot fix 3067 adds an option to disable the "Move Client" function on the client side.

   Procedure 1: To disable "Move Client" function on the client side:

  1. Install this hot fix (see "Installation").

  2. Open the "ofcscan.ini" file in the "\PCCSRV" folder in the OfficeScan installation directory.

  3. Add the "DisableMoveClient" key under the "Global Setting" section of the "ofcscan.ini" file and set its value to "1".

    [Global Setting]
    DisableMoveClient=1

  4. Save the changes and close the file.

  5. Open the OfficeScan server Web console and go to the "Networked Computers > Global Client Settings" screen.

  6. Click "Save" to deploy the setting to all clients.

    The OfficeScan client program automatically installs the following registry key:

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
    Key: DisableMoveClient
    Type: DWORD
    Value: 1

   Enhancement 2: Hot fix 3067 adds both an OfficeScan system event log and a Windows Event Log (Application) for the following scenarios to ease the attack analysis:

  

Back to top

 

3. Document Set


The document set for the OfficeScan server includes:

Download the latest versions of the PDF documents and readme at http://docs.trendmicro.com/en-us/enterprise/officescan.aspx.

 

Back to top

 

 

4. System Requirements


The OfficeScan server and client can be installed on computers running Microsoft Windows platforms. The OfficeScan client is also compatible with various third-party products.

Visit the following website for a complete list of system requirements and compatible third-party products:

http://docs.trendmicro.com/en-us/enterprise/officescan.aspx

 

Back to top

 

 

5. Installation


5.1. Pre-installation

   Before installing this service pack, take note of the following:

  1. Ensure that the OfficeScan server runs version 10.6.

  2. This service pack includes updates to OfficeScan firewall drivers. If you have enabled the OfficeScan firewall in your current OfficeScan version, deploying the service pack may cause client computer disruptions.

  3. The OfficeScan server cannot upgrade to this service pack if a client is running Login Script (AutoPcc.exe) at the time of server upgrade. Please ensure that no client is running Login Script before installing this service pack.

5.2. Installation

For instructions on installing or upgrading the OfficeScan server, refer to the Installation and Upgrade Guide. For client installation instructions, refer to the Administrator's Guide.   

5.3. Rollback

If you encounter problems after installing this service pack, roll back OfficeScan to version 10.6. For instructions on performing a rollback of the OfficeScan server, refer to the OfficeScan 10.6 Installation and Upgrade Guide.

 

Back to top

 

 

6. Post-installation Configuration


  1. Verify if the OfficeScan server has been upgraded.

    1. On the Web console, click Help > About. Version information should be 10.6 Service Pack 1, build 2108.

    2. On the Control Manager console, the OfficeScan version should be 2108.

                   Note: Trend Micro recommends installing Trend Micro Control Manager 6.0 to ensure compatibility with OfficeScan 10.6 Service Pack 1.

  1. After installing this service pack, restart the web browser.

  2. Verify if component update on the server is successful by opening the Web console and going to Logs > Server Update Logs.

If the update is unsuccessful, perform manual update immediately by going to Updates > Server > Manual Update. You can also refer to the online help for typical update problems and solutions or contact your Support provider for assistance.

Client installation on newly supported platforms

  1. If users will use the Web install page to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, or Server 2008, instruct users to perform the following before installation:     

    1. Log on to the computer using a built-in administrator account.

    2. Launch Internet Explorer and add the OfficeScan server URL such as https://computername:4343/officescan) to the list of trusted sites. In Windows XP, the list can be accessed by going to Tools > Internet Options > Security tab, selecting the Trusted Sites icon, and clicking Sites.

    3. Modify the Internet Explorer security setting to enable Automatic prompting for ActiveX controls. On windows XP, this can be done by going to Tools > Internet Options > Security tab, and clicking Custom level.

    4. During OfficeScan client installation, allow ActiveX control installation.

  2. If users will use Client Packager (EXE package) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, or Server 2008, perform the following:

    1. Create the EXE package from the OfficeScan server.

    2. Send the package to users and instruct them to launch it on their computers.

To launch the EXE package:

  1. If users will use Client Packager (MSI package) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, or Server 2008, perform the following:

    1. Create the MSI package from the OfficeScan server.

    2. Send the package to users and instruct them to launch it on their computers using the typical method for opening files, such as double-clicking the file.

Note: You can also launch the MSI package (on the command prompt) and silently install the OfficeScan client to a remote computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, or Server 2008.

  1. If users will use Login Script Setup (AutoPcc.exe) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, or Server 2008, instruct users to perform the following:

    1. Connect to the server computer.

    2. Navigate to \\{server computer name}\ofcscan.

    3. Right-click AutoPcc.exe and select Run as administrator.

 

Back to top

 

 

7. Known Issues


The following are the known issues in this release:

Server Installation, Upgrade, and Uninstallation

  1. If you install the OfficeScan server using Apache web server and you enabled SSL for secure connections, it is possible to use an unsecure HTTP connection to log on to the web console.

  2. The OfficeScan web console and all OfficeScan services cannot be accessed if the OfficeScan server was installed on Windows Server 2008 or Windows Server 2008 R2 before joining a domain. To resolve the issue:

For Windows Server 2008:

  1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.

  2. Enable exception for File and Printer Sharing.

  3. Add the following port exceptions:

    • Trend Micro Local Web Classification Server HTTP, TCP port 5274
    • Trend Micro OfficeScan Server HTTP, TCP port 8080
    • Trend Micro OfficeScan Server HTTPS, TCP port 4343
    • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
    • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345
  4. Click OK.

For Windows Server 2008 R2:

  1. Go to Control Panel > System and Security > Windows Firewall > Allowed Programs.

  2. Select the following features and allow access for the Domain profile:

    • File and Printer Sharing
    • Trend Micro Local Web Classification Server HTTP
    • Trend Micro OfficeScan Server HTTP
    • Trend Micro OfficeScan Server HTTPS
    • Trend Micro Smart Scan Server (Integrated) HTTP
    • Trend Micro Smart Scan Server (Integrated) HTTPS
  3. Click OK.

  1. After installing the OfficeScan server remotely to a Windows Server 2008 computer, the Web console shortcut does not immediately display on the computer's desktop. Refresh the desktop by pressing F5 to see the shortcut.

  2. When the OfficeScan server is installed to a disk using the FAT32 file system, role-based logon to the OfficeScan Web console does not work.

  3. During upgrade, if the existing OfficeScan database file (found in the "HTTPDB" folder under "OfficeScan/PCCSRV") is very large, the upgrade process may time out. Trend Micro recommends doing the following before upgrading:

    1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.
    2. From the OfficeScan console, manually delete old server logs.
    3. Go to Administration > Database Backup, and click Backup Now to back up the database.
  4. When selecting to install Apache 2.0 during a fresh installation, Apache automatically enables SSL even if not explicitly enabled on the installation screen.

Client Installation, Upgrade, and Uninstallation

  1. After moving an OfficeScan client from an OfficeScan 8.0 SP1 server to the OfficeScan 10.6 server, the client successfully upgrades but reloads the OfficeScan client several times. To avoid this issue, Trend Micro recommends using Login Scrip Setup or Client Packager to upgrade the OfficeScan client. Using these methods, the OfficeScan client will only reload once.

  2. Upgrade may fail if using an MSI package to upgrade an OfficeScan client that was originally installed also using an MSI package. As a workaround, do the following:

    1. Ensure that the new MSI package has the same file name as the original package. If you do not know the file name of the original package, launch the new package and you will be notified of the file name. Rename the new package and then launch it again.
    2. Use command prompt to execute the package with the parameter "/fvo". For example, C:\msiexec /fvo package.msi.
  3. The OfficeScan client is unable to query the web reputation servers after performing a fresh installation or upgrade. To resolve the issue, ensure that clients restart their computers if a restart notification appears.

  4. If you create a login script in Active Directory and then log on as administrator on a computer running Windows Vista Home, Server 2008, or 7, the OfficeScan client cannot be installed to the computer and the message that displays states that the account used is not an administrator account.

  5. When this product version is installed to a Citrix Presentation server, the Citrix client loses connection with the server. To address this issue:

    1. On the Citrix server, open Registry Editor and navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList.
    2. Click Edit > New > Key and name the key IIS.
    3. Under this new key, create a string value (Edit > New > String Value) with the name ProcessImageName and use w3wp.exe as its value.
    4. Restart the OfficeScan NT Listener service.
  6. When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan client cannot be installed or upgraded. Before upgrading or installing OfficeScan, ensure that no SCM-locking application is running.

  7. When running Vulnerability Scanner on a computer running Windows Server 2008, the DHCP tab does not display on the tool's console.

  8. The ServerProtect Normal Server Migration tool is unable to:

To resolve these issues, open Registry Editor on the Normal Server and Information Server and add following registry key:

  1. Microsoft IIS 7 does not work when:

A message displays on the computer using Windows Server 2008 without Service Pack 2, instructing the user to restart the IIS service to resolve the issue.

  1. When installing the client from the Web install page, users may get an error message stating that ActiveX setup controls did not download information needed for installation. When users retry the installation, the error message no longer displays and installation proceeds.

To avoid seeing the error message, enable Automatic prompting for ActiveX controls in Internet Explorer.

  1. To perform client Web installation on computers with a 64-bit processor architecture, you must use the 32-bit version of Internet Explorer. The 64-bit version of Internet Explorer is not supported.

  2. The OfficeScan client may not install correctly if Norton SystemWorks™ antivirus is installed on the computer. Uninstall it before installing OfficeScan client.

  3. If the OfficeScan client is installed using the "per-user" method, the OfficeScan client shortcut will still show on all the users' Windows Start menu.

  4. When cloning virtual machine images using Microsoft's "sysprep" utility, cloning is unsuccessful if the OfficeScan client is installed on the source virtual machine. To resolve this issue:

    1. Disable Local Area Connection on the source virtual machine.
    2. Power off the virtual machine and start cloning the image.
    3. Configure custom settings on the cloned image.
    4. Power on the virtual machine.
  5. After upgrading OfficeScan, the following issues occur:

To resolve these issues, perform the following steps:

  1. Stop the Cryptographic Services from the Microsoft Management Console.

  2. Navigate to C:\Windows\system32 and rename the "catroot2" folder to "oldcatroot2".

  3. Start the Cryptographic Services.

  4. Open a command prompt (cmd.exe) and run the following commands:
    regsvr32 wintrust.dll
    regsvr32 netcfgx.dll

  5. Restart the computer.

  1. When disabling automatic client upgrade on an OfficeScan 8.0 SP1 client and then upgrading the server, the client is not upgraded but its program version becomes 8.0.

  2. The OfficeScan client unloads and then reloads three times when upgraded to this version. This happens if the client upgrades, applies smart scan as its scan method, and then applies the domain level scan method.

  3. After an OfficeScan client in a VPN environment is uninstalled successfully, the client is not removed on the Web console's client tree and its status is offline.

  4. The administrator will not be able to remotely install OfficeScan client to Windows 7 x86 platforms without enabling the default administrator account. To resolve this issue:

    Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disable this feature.

    Option A: Use the domain administrator account to remotely install OfficeScan 10.5 clients to Windows 7 machines.

    Option B: Use the default administrator account:

    1. Type the "net user administrator /active:yes" command from the command console to enable the default administrator account.
    2. Use the default administrator account to remotely install the OfficeScan client to the Windows 7 machine.
  5. Installing OfficeScan clients to Windows 7 or Windows Server 2008 R2 in VMware may cause the system to stop responding. This is because of compatibility issues with the Intel™ Network Adapter Driver.

Scanning

  1. A Microsoft Hyper-V virtual machine might not be able to start if the host computer has OfficeScan client installed. This is because the OfficeScan client and Hyper-V virtual machine access the same Hyper-V xml file, which causes file access violation. As a workaround:

  2. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.

  3. When scanning is complete, OfficeScan displays a notification page. On a Windows Server 2008 computer, the background color of the page does not conform to the standard color for OfficeScan notification pages.

  4. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service client.

  5. When an email containing an attachment with spyware/grayware is retrieved through Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.

  6. In a Citrix environment, when the OfficeScan client detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions.

    Security risk can be any of the following:

  7. When OfficeScan detects virus/malware and computer restart is required to clean the infected file, a notification message prompts the user to restart. If the user did not restart the computer and generic virus/malware was detected, the restart notification displays again even if a restart is not required for the generic virus/malware detection.

Server Update

  1. When updating OfficeScan patterns and engines from Control Manager, administrators are not notified of the update status even if notifications are enabled. The update status can be viewed from the Control Manager console.

Client Update

  1. OfficeScan clients with client-level settings can only download settings from the OfficeScan server, not Update Agents.

  2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded.

  3. When the OfficeScan server notifies clients to update components, clients that obtain updates from an Update Agent will not be able to update if the Update Agent has not been upgraded to version 8.0 SP1 or higher. However, these clients can still obtain the updates directly from the OfficeScan server.

  4. On the OfficeScan client computer, automatic proxy detection in Internet Explorer does not work if the administrator enables the "Client Console Access Restriction" option on the OfficeScan server Web console's Privileges and Other Settings screen.

  5. When the server and client computers are located on geographical locations with different time zones, the client cannot be configured to update based on the server's time zone.

Server Management

  1. The Active Directory scope may display as empty or redirect to the Active Directory integration screen when querying Outside Server Management reports with a broad scope. Ensure that the first task is finished before performing another query.

  2. The User Role has access and configure permissions on the client Manual Update page but only for selected domains. However, all clients receive the notification when this role clicks Initiate Update.

  3. For Menu Items for Managed Domains, when an Active Directory user is part of several Active Directory groups, the user combines domain permissions but applies the higher role setting on all applicable domains.

  4. When the computer's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.

  5. Web console logon is unsuccessful if using the x64 version of Internet Explorer 6.0 or later and the computer runs an x64 type platform. Use the x86 version of Internet Explorer to log on successfully.

  6. When the Web console is opened in Internet Explorer 7 or later, a certificate error displays.

Client Management

  1. Client names in the OfficeScan client tree supports only 15 characters and truncates the succeeding characters.

  2. Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Notifications > Client User Notifications > Virus/Malware tab > Virus/Malware Infection source).

  3. If the client security level configured on the Web console is set to "High", connection through Nortel VPN client cannot be established.

  4. Select the Show icon and notifications option to display the OfficeScan icon in the Windows 7 system tray. The default option for Windows 7 is Only show notification.

  5. Some client console screens include a Help button, which, when clicked, opens context-sensitive, HTML-based Help. Because Windows Server Core 2008 lacks a browser, the Help will not be available to the user. To view the Help, the user must install a browser.

Device Control

  1. When the permission for plug-in devices (USB) is "read only", users can still create a new folder on the device but the folder cannot be renamed and no file can be saved to the folder.

  2. The Device Control feature is unable to block recording of files (or "file burning") to optical disks.

  3. If the permission for network drives is "Read", a text file on a network drive is blocked if the file is accessed from a command prompt on a Windows Server 2008 computer.

Data Loss Prevention

  1. Data transmitted through Instant Messaging applications are not detected if the applications use a non-transparent proxy server.

  2. After upgrading the Data Loss Prevention module, the server needs to be restarted for the upgrade to take effect. The server requires a second restart to activate the module.

  3. For Windows XP SP2 64-bit and Windows 2003 SP2 64-bit systems running on multiple CPU core machines, OfficeScan cannot monitor the HTTPS and Print channels.

OfficeScan Firewall

  1. The Firewall rule for outgoing traffic will not work as expected if a machine has several IP addresses with different Firewall policies.

  2. When the security level on a Citrix server is medium or high, perform the following steps:

    1. On the OfficeScan server Web console, create a new firewall policy.
    2. Add the following port numbers to the policy's exclusion list: 1494, 2598
    3. Go to Firewall > Profiles and click Assign Profile to Clients.
  3. Incoming packets to a computer on a VMware client are dropped if the computer has OfficeScan client installed.

Workaround (for all clients):

  1. On the server computer, open ofcscan.ini under the \PCCSRV folder.

  2. Add the following setting under [Global Setting]: EnableGlobalPfwBypassRule=1

  3. On the Web console, go to Networked Computers > Global Client Settings and click Save to deploy the setting to all clients.

Workaround (for specific clients):

    1. On the client computer, open Registry Editor.

    2. Add the following registry value:

      • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
        For x64 computers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
        Name: EnableBypassRule
      • Type: REG_DWORD
      • Value: 1
    3. Reload the client for settings to take effect.

  1. If the client runs on a Windows Server 2003 computer without any Microsoft service pack, the OfficeScan firewall may block connection to the integrated Smart Protection Server. Apply the latest service pack to avoid encountering this issue.

  2. The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running but there is no Trend Micro Common Firewall in the network protocol.

Smart Scan

  1. Only Internet Explorer is supported for configuring proxy settings used by clients to connect to the Global Smart Protection Server. If proxy settings are configured in other browsers, clients will not be able to connect to the Global Smart Protection Server.

Web Reputation

  1. If the OfficeScan server is installed on a dual-stack (IPv4/IPv6) computer and is using an Apache web server, pure IPv6 clients cannot send web reputation queries to the integrated Smart Protection Server.

  2. If you enable the option "Check HTTPS URLs" in a web reputation policy:

    1. Select the option "Enable third-party browser extensions" in Internet Explorer. If this option is disabled, clients will not be able to check the reputation of HTTPS websites.
    2. For clients running Windows Server 2008 (32-bit), disable Internet Explorer Enhanced Security Configuration (IE ESC) from Windows Server Manager. If IE ESC is enabled, the web reputation blocking page displays in source code mode.
  3. The OfficeScan client is unable to get the Web reputation rating. This occurs if the client is installed on a computer running Windows Server 2008 (32-bit or 64-bit) or Windows Server 2008 R2 (64-bit) with Apache that supports IPv6. As a workaround, turn off IPv6 on the computer.

  4. Clients can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue:

    1. Connect to the network using Juniper Networks VPN.
    2. Open Internet Option > Connection > LAN Settings.
    3. Disable Automatic configuration settings.
    4. Enable Proxy server and specify the IP address and port of your proxy server.
    5. Click Ok.
  5. If users access the Internet using Firefox and a proxy server, be sure that proxy settings in Internet Explorer have been configured. If proxy settings have not been configured in Internet Explorer, web reputation will not work, even if proxy settings have been configured in Firefox.

Policy Server and Cisco Trust Agent

  1. The installation and removal of the Cisco Trust Agent (CTA) on client computers require the use of a Windows Utility (netsh.exe) to add/remove CTA from the Windows Firewall Program Exception list. This is done to allow CTA to communicate even when Windows Firewall is enabled.

  2. Computer restart is required after the Cisco Trust Agent 2.x Supplicant package is deployed.

  3. Users cannot log on to Policy Server installed on an Apache server if the Apache server already has OfficeScan installed. Uninstall the Policy Server and re-install on an Apache server without OfficeScan.

Control Manager Integration

  1. The Integrated Windows Authentication protocol is not supported when registering OfficeScan to Control Manager and specifying Web server authentication credentials for the IIS server. Only basic access authentication is supported.

  2. When accessing the OfficeScan server using the single-sign on function in Control Manager:

    Refresh the page if any of these conditions occur.
  3. The Control Manager server must use port 80 or 443 to allow migration from the Trend Micro Management (TMI) protocol to the Trend Micro Control Manager Management Communication Protocol (MCP) agent.

  4. OfficeScan client registers and unregisters to Control Manager if the mobile client frequently changes IP address. This can cause network bandwidth issues for Control Manager 5.0.

  5. Outside Server Management reports cannot be queried if the OfficeScan web console is accessed through Control Manager single sign-on. Use the OfficeScan web console to query Outside Server Management reports.

Online Help

  1. The Online Help system experiences scripting errors when viewed using Internet Explorer 8.0 and earlier. Apply the following Windows fix to solve the problem: http://support.microsoft.com/kb/175500/en-us.

Additional Release Notes

  1. There are several tools included in this version. Refer to the OfficeScan server Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.

  2. The following are the permissions for the OfficeScan folders:

Directory/User

Administrator

Everyone

IUser _<Server Name>

System

Network Service

\PCCSRV

Full control

RX

N/A

Full control

N/A

\PCCSRV\Download

Full control

N/A

R

Full control

N/A

\PCCSRV\HTTPDB

Full control

N/A

N/A

N/A

N/A

\PCCSRV\Log

Full control

N/A

N/A

Full control

N/A

\PCCSRV\Private

Full control

N/A

N/A

Full control

RX

\PCCSRV\Temp

Full control

N/A

RWXD

N/A

RWXD

\PCCSRV\Virus

Full control

N/A

RW (Special Access)

N/A

N/A

\PCCSRV\Web

Full control

N/A

R

Full control

N/A

\PCCSRV\Web\Cgi

Full control

N/A

RX

N/A

N/A

\PCCSRV\Web_OSCE\Web_console

Full control

RX

N/A

Full control

N/A

\PCCSRV\Web_OSCE\Web_console\ HTML\ClientInstall

Full control

N/A

RWXD

N/A

N/A

\PCCSRV\Web_OSCE\Web_console\ RemoteInstallCGI

Full control

N/A

RWXD

N/A

N/A

  1. Download the latest components after upgrading to keep your security risk protection current.

 

Back to top

 

 

8. Contact Information


A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our Web site.

 

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

 

Back to top

 

 

9. About Trend Micro


Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro ™ Smart Protection Network ™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 1998-2012, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

 

Back to top

 

 

10. License Agreement


Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

License Attributions can be viewed from the OfficeScan web console.

 

Back to top