Trend Micro, Inc.

July 2013

 

Trend Micro™ OfficeScan™

Version 10.6 Service Pack 3

 

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/enterprise/officescan.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.

 

Contents

  1. About OfficeScan

  2. What's New

  3. Document Set
  4. System Requirements

  5. Installation

    1. Pre-Installation
    2. Installation
    3. Rollback
  6. Post-installation Configuration
  7. Known Issues
  8. Contact Information
  9. About Trend Micro
  10. License Agreement

 

1. About OfficeScan

Trend Micro™ OfficeScan™ protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan consists of a client program that resides at the endpoint and a server program that manages all clients. The client guards the endpoint and reports its security status to the server. The server, through the web-based management console, makes it easy to set coordinated security policies and deploy updates to every client.

OfficeScan is powered by the Trend Micro™ Smart Protection Network™, a next generation cloud-client infrastructure that delivers security that is smarter than conventional approaches. Unique in-the-cloud technology and a lighter-weight client reduce reliance on conventional pattern downloads and eliminate the delays commonly associated with desktop updates. Businesses benefit from increased network bandwidth, reduced processing power, and associated cost savings. Users get immediate access to the latest protection wherever they connect—within the company network, from home, or on the go.

 

Back to top

 

2. What's New

OfficeScan includes the following new features and enhancements:

What's New in OfficeScan 10.6 Service Pack 3

Data Protection Enhancements

The Data Protection enhancements in this release include the following features.

Command & Control Contact Alert Services

Command & Control Contact Alert Services provides OfficeScan administrators the first line of defense to protect against the increasing number of targeted attacks occurring over the Internet. Trend Micro is continually developing more sophisticated methods to detect and defend against C&C servers and targeted attacks. Command & Control Contact Alert Services is only the first of a series of measures that Trend Micro is adopting to meet the security needs for all customers.

This version of OfficeScan provides administrators with heightened detection capabilities for Command & Control servers.

Behavior Monitoring Scan Enhancement

Behavior Monitoring works in conjunction with Web Reputation Services to verify the prevalence of files downloaded through HTTP channels or email applications. After detecting a "newly encountered" file, administrators can choose to prompt users before executing the file. Trend Micro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

Virus Scan Performance Enhancement

The OfficeScan Virus Scan Engine (VSAPI 9.713 or later) has been updated with a deferred scanning feature to improve file copying performance.

Web Reputation Pattern Enhancement

This version of OfficeScan enhances the integrated Smart Protection Server's Web Reputation Pattern. The Web Reputation Pattern has been redesigned to provide the following benefits:

Rollback Enhancements

The version of OfficeScan simplifies the procedure required to rollback the OfficeScan server and clients. During OfficeScan 10.6 SP3 installation, administrators can choose to back up the server files which can then be used to roll back the server and clients to the previously installed version. For detailed rollback instructions, refer to Appendix D: OfficeScan Rollback in the OfficeScan 10.6 SP3 Administrator's Guide.

What's New in OfficeScan 10.6 Service Pack 2

Platform and Browser Support

This version of OfficeScan provides support for client installations on Windows 8™ and Windows Server™ 2012/Server Core 2012.

This version of OfficeScan provides support for server installations on Windows Server™ 2012.

This version of OfficeScan provides support for Internet Explorer™ 10.

Detection and Performance Enhancements

MSI Installation

Real-time scanning now verifies the file signature of an MSI installation package before proceeding with an installation. Once OfficeScan receives verification that the file signature is trusted, real-time scan allows the installation to proceed without further file scanning.

VDI Enhancement

This version of OfficeScan enhances the smart scan update feature for virtual environments. When a large number of smart scan clients request a pattern update, the server now places the client requests in a queue until the server can send a response. As each client completes the update, the server prompts the next client in the queue to begin updating.

Data Loss Prevention Enhancements

This version of OfficeScan enhances the Data Loss Prevention feature to provide:

What's New in OfficeScan 10.6 Service Pack 1

Policy Management from Control Manager 6.0

Control Manager 6.0 allows administrators to create and deploy policies to the OfficeScan servers that Control Manager manages.

Behavior Monitoring 64-bit Support

The Behavior Monitoring capabilities of OfficeScan now support 64-bit versions of the following platforms:

Client Self-protection 64-bit Support

Client Self-protection now supports 64-bit versions of the following platforms:

Device Control 64-bit Support for Unauthorized Change Prevention

The Device Control capabilities of OfficeScan now support 64-bit versions of the following platforms during Unauthorized Change Prevention monitoring:

Note: Device Control for Data Protection provides support for all 64-bit versions of Windows platforms.

Data Protection Enhancements

The Data Protection enhancements in OfficeScan 10.6 SP1 include the following support and upgrades:

Virtual Desktop Infrastructure Enhancements

This version of OfficeScan enhances Virtual Desktop Infrastructure (VDI) support and capabilities.

Extended Web Reputation Port Scanning

OfficeScan can now scan HTTP traffic on all ports for web reputation policy violations. If administrators do not want to scan traffic on all ports, OfficeScan provides the option of scanning traffic on the default 80, 81, and 8080 HTTP ports.

What's New in Version 10.6

Data Protection

The Data Protection module provides Data Loss Prevention and expands the range of devices monitored by Device Control.

Plug-In Manager manages the installation and licensing of the Data Protection module.

Data Protection Features

Details

Data Loss Prevention

Data Loss Prevention safeguards an organization's digital assets against accidental or deliberate leakage. Data Loss Prevention allows you to:

  • Identify the digital assets to protect
  • Create policies that limit or prevent the transmission of digital assets through common transmission channels, such as email and external devices
  • Enforce compliance to established privacy standards

Device Control

OfficeScan out-of-the-box has a Device Control feature that regulates access to USB storage devices, CD/DVD, floppy disks, and network drives. Device Control that is part of the Data Protection module expands the range of devices by regulating access to the following devices:

  • Imaging devices
  • Modems
  • Ports (COM and LPT)
  • Infrared devices
  • PCMCIA cards
  • Print screen key
  • IEEE 1394 interface

Plug-in Manager 2.0

Plug-in Manager 2.0 installs with the OfficeScan server. This Plug-in Manager version delivers widgets.

Widgets provide a quick visual reference for the OfficeScan features and plug-in solutions that you deem most vital to your business. Widgets are available in the OfficeScan server’s Summary dashboard, which replaces the Summary screen in previous OfficeScan versions.

IPv6 Support

The OfficeScan server and clients can now be installed on IPv6 computers.

In addition, new versions of Control Manager and Smart Protection Server now support IPv6 to provide seamless integration with the OfficeScan server and clients.

Cache Files for Scans

The OfficeScan client now builds cache files, which contain information about safe files that have been scanned previously and files that Trend Micro deems trustworthy. Cache files provide a quick reference during on-demand scans, thus reducing the usage of system resources. On-demand scans (Manual Scan, Scheduled Scan, and Scan Now) are now more efficient, providing up to 40% improvement to speed performance.

Startup Enhancement

When a computer starts, the OfficeScan client will postpone the loading of some client services if CPU usage is more than 20%. When CPU usage is below the limit, the client starts to load the services.

Services include:

Damage Cleanup Services Enhancement

Damage Cleanup Services can now run in advanced cleanup mode to stop activities by rogue security software, also known as FakeAV. The client also uses advanced cleanup rules to proactively detect and stop applications that exhibit FakeAV behavior.

You can choose the cleanup mode when you configure virus/malware scan actions for Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now.

Web Reputation HTTPS Support

Clients can now scan HTTPS traffic for web threats. You can configure this feature when you create a web reputation policy.

Windows Server Core 2008 Support

The OfficeScan client can now be installed on Windows Server Core 2008. Users can use the command line interface to launch the client console and check the endpoint’s protection status.

Other Enhancements

This release includes the following enhancements:

 

Back to top

 

Resolved Known Issues

A. OfficeScan 10.6 SP3 resolves the following product issues:

For information regarding hot fix solutions and the enhancements available in OfficeScan 10.6 SP3, go to:

http://esupport.trendmicro.com/solution/en-us/1097407.aspx

B. OfficeScan 10.6 SP2 resolves the following product issues:

For information regarding hot fix solutions and the enhancements available in OfficeScan 10.6 SP2, go to:

http://esupport.trendmicro.com/solution/en-us/1095513.aspx

C. OfficeScan 10.6 SP1 resolves the following product issues:

For information regarding hot fix solutions and the enhancements available in OfficeScan 10.6 SP1, go to:

http://esupport.trendmicro.com/solution/en-us/1095512.aspx

 

Back to top

 

3. Document Set

The document set for the OfficeScan server includes:

Download the latest versions of the PDF documents and readme at http://docs.trendmicro.com/en-us/enterprise/officescan.aspx.

 

Back to top

 

4. System Requirements

The OfficeScan server and client can be installed on computers running Microsoft Windows platforms. The OfficeScan client is also compatible with various third-party products.

Visit the following website for a complete list of system requirements and compatible third-party products:

http://docs.trendmicro.com/en-us/enterprise/officescan.aspx

Size of Deployment Package

Note: All of the following deployment package sizes are for packages that do not include any additional plug-in features. The size of the deployment package may vary if additional plug-in features are included in the package.

  1. Size of the new install package (32/64-bit) via Client Packager Tool

    For 32-bit Setup Package:

    For 64-bit Setup Package:

    For 32/64-bit MSI Package:

  2. Estimated minimum bandwidth size for clients:

 

Back to top

 

5. Installation

5.1. Pre-installation

Before installing this service pack, take note of the following:

  1. Ensure that the OfficeScan server runs version 10.6, 10.6 SP1, 10.6 SP2, 10.6 SP2 Custom Defense Pack, or 10.6 SP2 Custom Defense Pack Scan Enhancement.
  2. This service pack includes updates to OfficeScan firewall drivers. If you have enabled the OfficeScan firewall in your current OfficeScan version, deploying the service pack may cause client computer disruptions.
  3. The OfficeScan server cannot upgrade to this service pack if a client is running Login Script (AutoPcc.exe) at the time of server upgrade. Please ensure that no client is running Login Script before installing this service pack.
  4. For computers running any version of Windows Server 2003, launch the server installation package (full installation package or standalone patch package) by double-clicking the file. Installation issues may occur if the package is launched using the "Run as <user name>" function, even if <user name> is the account currently logged on the computer.

5.2. Installation

To install this Service Pack:

  1. Copy the enhancement executable file to a temporary folder, for example, "C:\temp".
  2. Double-click the file. Accept the license agreement.
  3. Click Install. The modules are automatically copied to the correct destination.
  4. Optionally accept to backup the server files.
  5. Optionally accept to upgrade the scan engine to the VSAPI 9.713 version.
  6. Verify that OfficeScan is not executing any important tasks. Click Yes to install Service Pack 3.

5.3. Rollback

OfficeScan 10.6 Service Pack 3 provides rollback support for OfficeScan version 10.6 or later. For detailed rollback instructions, refer to Appendix D: OfficeScan Rollback in the OfficeScan 10.6 SP3 Administrator's Guide.

 

Back to top

 

6. Post-installation Configuration

  1. Verify if the OfficeScan server has been upgraded.

    1. On the Web console, click Help > About. Version information should be 10.6 Service Pack 3, build 5162.

    2. On the Control Manager console, the OfficeScan version should be 5162.

      Note: Trend Micro recommends installing Trend Micro Control Manager™ 6.0 Patch 3 to ensure compatibility with OfficeScan 10.6 Service Pack 3.

  2. After installing this service pack, restart the web browser.
  3. Verify if component update on the server is successful by opening the Web console and going to Logs > Server Update Logs.

If the update is unsuccessful, perform manual update immediately by going to Updates > Server > Manual Update. You can also refer to the online help for typical update problems and solutions or contact your Support provider for assistance.

Client installation on supported platforms

  1. If users will use the Web install page to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, instruct users to perform the following before installation:

    1. Log on to the computer using a built-in administrator account.
    2. Launch Internet Explorer and add the OfficeScan server URL (such as https://computername:4343/officescan) to the list of trusted sites. On Internet Explorer, the list can be accessed by going to Tools > Internet Options > Security tab, selecting the Trusted Sites icon, and clicking Sites
    3. Modify the Internet Explorer security setting to enable Automatic prompting for ActiveX controls. On Internet Explorer, this can be done by going to Tools > Internet Options > Security tab, and clicking Custom level.
    4. During OfficeScan client installation, allow ActiveX control installation.

  2. If users will use Client Packager (EXE package) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, perform the following:

    1. Create the EXE package from the OfficeScan server.

    2. Send the package to users and instruct them to launch it on their computers.

      To launch the EXE package:

      • If the computer runs Windows 7, Windows Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, instruct users to right-click the EXE file and select Run as administrator.
      • If the computer runs Windows XP Home, users can use the typical method for opening files, such as double-clicking the file.

  3. If users will use Client Packager (MSI package) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, perform the following:

    1. Create the MSI package from the OfficeScan server.
    2. Send the package to users and instruct them to launch it on their computers using the typical method for opening files, such as double-clicking the file.

    Note: You can also launch the MSI package (on the command prompt) and silently install the OfficeScan client to a remote computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012.

  4. If users will use Login Script Setup (AutoPcc.exe) to install the OfficeScan client to a computer running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, instruct users to perform the following:

    1. Connect to the server computer.
    2. Navigate to \\{server computer name}\ofcscan.
    3. Right-click AutoPcc.exe and select Run as administrator.

 

Back to top

 

7. Known Issues

The following are the known issues in this release:

Server Installation, Upgrade, and Uninstallation

  1. If you install the OfficeScan server using Apache web server and you enabled SSL for secure connections, it is possible to use an unsecure HTTP connection to log on to the web console.

  2. The OfficeScan web console and all OfficeScan services cannot be accessed if the OfficeScan server was installed on Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 before joining a domain. To resolve the issue:

    For Windows Server 2008:

    1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.

    2. Enable exception for File and Printer Sharing.

    3. Add the following port exceptions:

      • Trend Micro Local Web Classification Server HTTP, TCP port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345

    4. Click OK.

    For Windows Server 2008 R2:

    1. Go to Control Panel > System and Security > Windows Firewall > Allowed Programs.

    2. Select the following features and allow access for the Domain profile:

      • File and Printer Sharing
      • Trend Micro Local Web Classification Server HTTP
      • Trend Micro OfficeScan Server HTTP
      • Trend Micro OfficeScan Server HTTPS
      • Trend Micro Smart Scan Server (Integrated) HTTP
      • Trend Micro Smart Scan Server (Integrated) HTTPS

    3. Click OK.

    For Windows Server 2012:

    1. Go to Control Panel > System and Security > Windows Firewall > Advanced settings.

    2. Click Inbound Rules. Allow access to all required File and Printer Sharing rules.

    3. Click Inbound Rules > New Rule... > Port.

    4. Add the following port exceptions:

      • Trend Micro Local Web Classification Server HTTP, TCP Port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345

  3. When the OfficeScan server is installed to a disk using the FAT32 file system, role-based logon to the OfficeScan Web console does not work.

  4. During upgrade, if the existing OfficeScan database file (found in the "HTTPDB" folder under "OfficeScan/PCCSRV") is very large, the upgrade process may time out. Trend Micro recommends doing the following before upgrading:

    1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.
    2. From the OfficeScan console, manually delete old server logs.
    3. Go to Administration > Database Backup, and click Backup Now to back up the database.
  5. For computers running any version of Windows Server 2003, launch the server installation package (full installation package or standalone patch package) by double-clicking the file. Installation issues may occur if the package is launched using the "Run as <user name>" function, even if <user name> is the account currently logged on the computer.

  6. When Trend Micro Mobile Security version 7.0 or 8.0 Communication Server is installed on the same computer as the OfficeScan server, its virtual website folders may be deleted after an OfficeScan server upgrade. This issue occurs because the Communication Server and OfficeScan server use the same virtual website folders. During the OfficeScan server upgrade, the standalone Communication Server virtual folders are not rebuilt on the IIS website.

    To resolve this issue:

    1. Reinstall the Trend Micro Mobile Security Communication Server after the OfficeScan server upgrade.
    2. Reconfigure the Communication Server from the Trend Micro Mobile Security plug-in console.
  7. When selecting to install Apache 2.0 during a fresh installation, Apache automatically enables SSL even if not explicitly enabled on the installation screen.
  8. If the OfficeScan server computer or an agent endpoint has not properly updated its root certificate (for example, the computer does not have an Internet connection), OfficeScan cannot verify the computer's digital signatures during Inter-Process Communication (IPC). To solve this issue, you must manually update the root certificate or perform a Windows Update.

Client Installation, Upgrade, and Uninstallation

  1. After moving an OfficeScan client from an OfficeScan 8.0 SP1 server to the OfficeScan 10.6 server, the client successfully upgrades but reloads the OfficeScan client several times. To avoid this issue, Trend Micro recommends using Login Scrip Setup or Client Packager to upgrade the OfficeScan client. Using these methods, the OfficeScan client will only reload once.

  2. Upgrade may fail if using an MSI package to upgrade an OfficeScan client that was originally installed also using an MSI package. Perform the following steps:

    1. Ensure that the new MSI package has the same file name as the original package. If you do not know the file name of the original MSI package, check the following registry keys:
      • HKEY_CLASSES_ROOT\Installer\Products\8787AECE0012525419D50B19473E9617\SourceList\PackageName
    2. Install the new MSI package. Use command prompt to execute the package with the parameter "/fvo". For example, msiexec /fvo c:\temp\package.msi.

  3. The OfficeScan client is unable to query the web reputation servers after performing a fresh installation or upgrade. To resolve the issue, ensure that clients restart their computers if a restart notification appears.

  4. If you create a login script in Active Directory and then log on as administrator on a computer running Windows Vista Home, Server 2008, 7, 8, or Server 2012, the OfficeScan client cannot be installed to the computer and the message that displays states that the account used is not an administrator account.

  5. When this product version is installed to a Citrix Presentation server, the Citrix client loses connection with the server. To address this issue:

    1. On the Citrix server, open Registry Editor and navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList.
    2. Click Edit > New > Key and name the key IIS.
    3. Under this new key, create a string value (Edit > New > String Value) with the name ProcessImageName and use w3wp.exe as its value.
    4. Restart the OfficeScan NT Listener service.
  6. When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan client cannot be installed or upgraded. Before upgrading or installing OfficeScan, ensure that no SCM-locking application is running.
  7. When running Vulnerability Scanner on a computer running Windows Server 2008, Windows 7, Windows 8, or Windows Server 2012, the DHCP tab does not display on the tool's console.

  8. The ServerProtect Normal Server Migration tool is unable to:

    To resolve these issues, open Registry Editor on the Normal Server and Information Server and add following registry key:

  9. Microsoft IIS 7 does not work when:

    10. A message displays on the computer using Windows Server 2008 without Service Pack 2, instructing the user to restart the IIS service to resolve the issue.

  10. When installing the client from the Web install page, users may get an error message stating that ActiveX setup controls did not download information needed for installation. When users retry the installation, the error message no longer displays and installation proceeds.

    To avoid seeing the error message, enable Automatic prompting for ActiveX controls in Internet Explorer.

  11. To perform client Web installation on computers with a 64-bit processor architecture, you must use the 32-bit version of Internet Explorer. The 64-bit version of Internet Explorer is not supported.
  12. The OfficeScan client may not install correctly if Norton SystemWorks™ antivirus is installed on the computer. Uninstall it before installing OfficeScan client.
  13. If the OfficeScan client is installed using the "per-user" method, the OfficeScan client shortcut will still show on all the users' Windows Start menu.

  14. After upgrading OfficeScan, the following issues occur:

    To resolve these issues, perform the following steps:

    1. Stop the Cryptographic Services from the Microsoft Management Console.
    2. Navigate to C:\Windows\system32 and rename the "catroot2" folder to "oldcatroot2".
    3. Start the Cryptographic Services.

    4. Open a command prompt (cmd.exe) and run the following commands:

      regsvr32 wintrust.dll

      regsvr32 netcfgx.dll

    5. Restart the computer.
  15. When disabling automatic client upgrade on an OfficeScan 8.0 SP1 client and then upgrading the server, the client is not upgraded but its program version becomes 8.0.
  16. The OfficeScan client unloads and then reloads three times when upgraded to this version. This happens if the client upgrades, applies smart scan as its scan method, and then applies the domain level scan method.
  17. After an OfficeScan client in a VPN environment is uninstalled successfully, the client is not removed on the Web console's client tree and its status is offline.

  18. The administrator will not be able to remotely install OfficeScan client to Windows 7 x86 platforms without enabling the default administrator account. To resolve this issue:

    Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disable this feature.

    Option A: Use the domain administrator account to remotely install OfficeScan 10.5 clients to Windows 7 machines.

    Option B: Use the default administrator account:

    1. Type the "net user administrator /active:yes" command from the command console to enable the default administrator account.
    2. Use the default administrator account to remotely install the OfficeScan client to the Windows 7 machine.
  19. Installing OfficeScan clients to Windows 7 or Windows Server 2008 R2 using a GUEST OS running on VMware Workstation 6.x and below may cause the system to stop responding. This is because of compatibility issues with the Intel™ Network Adapter Driver.

  20. When installing the OfficeScan client on Windows 8 and Windows Server 2012 platforms using the browser-based installation method, the installation is unsuccessful if the user is currently in Windows UI mode. This is due to Internet Explorer 10 not allowing ActiveX controls to run.

    To resolve this issue:

    Switch to desktop mode on Windows 8 and Windows Server 2012 platforms while performing a browser-based installation of the OfficeScan client.

Scanning

  1. A Microsoft Hyper-V virtual machine might not be able to start if the host computer has OfficeScan client installed. This is because the OfficeScan client and Hyper-V virtual machine access the same Hyper-V xml file, which causes file access violation. As a workaround:

  2. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.
  3. When scanning is complete, OfficeScan displays a notification page. On a Windows Server 2008 computer, the background color of the page does not conform to the standard color for OfficeScan notification pages.
  4. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service client.
  5. When an email containing an attachment with spyware/grayware is retrieved through Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.

  6. In a Citrix environment, when the OfficeScan client detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions.

    Security risk can be any of the following:

  7. When OfficeScan detects virus/malware and computer restart is required to clean the infected file, a notification message prompts the user to restart. If the user did not restart the computer and generic virus/malware was detected, the restart notification displays again even if a restart is not required for the generic virus/malware detection.
  8. The deferred scan feature is not available if the Virus Scan Engine (VSAPI) has not been upgraded to version 9.713 or later.

Server Update

  1. When updating OfficeScan patterns and engines from Control Manager, administrators are not notified of the update status even if notifications are enabled. The update status can be viewed from the Control Manager console.

Client Update

  1. OfficeScan clients with client-level settings can only download settings from the OfficeScan server, not Update Agents.
  2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded.
  3. When the OfficeScan server notifies clients to update components, clients that obtain updates from an Update Agent will not be able to update if the Update Agent has not been upgraded to version 8.0 SP1 or higher. However, these clients can still obtain the updates directly from the OfficeScan server.
  4. When the server and client computers are located on geographical locations with different time zones, the client cannot be configured to update based on the server's time zone.

Server Management

  1. The Active Directory scope may display as empty or redirect to the Active Directory integration screen when querying Outside Server Management reports with a broad scope. Ensure that the first task is finished before performing another query.
  2. The User Role has access and configure permissions on the client Manual Update page but only for selected domains. However, all clients receive the notification when this role clicks Initiate Update.
  3. For Menu Items for Managed Domains, when an Active Directory user is part of several Active Directory groups, the user combines domain permissions but applies the higher role setting on all applicable domains.
  4. When the computer's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.
  5. Web console logon is unsuccessful if using the x64 version of Internet Explorer 6.0 or later and the computer runs an x64 type platform. Use the x86 version of Internet Explorer to log on successfully.
  6. When the Web console is opened in Internet Explorer 7 or later, a certificate error displays.

Client Management

  1. Client names in the OfficeScan client tree supports only 15 characters and truncates the succeeding characters.
  2. Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Notifications > Client User Notifications > Virus/Malware tab > Virus/Malware Infection source).
  3. If the client security level configured on the Web console is set to "High", connection through Nortel VPN client cannot be established.
  4. Select the Show icon and notifications option to display the OfficeScan icon in the Windows 7 and 8 system tray. The default option for Windows 7 and 8 is Only show notification.
  5. Some client console screens include a Help button, which, when clicked, opens context-sensitive, HTML-based Help. Because Windows Server Core 2008 lacks a browser, the Help will not be available to the user. To view the Help, the user must install a browser.

  6. On the web console's Update Status for Networked Computers screen (Updates > Summary), the Behavior Monitoring Configuration Pattern, Policy Enforcement Pattern, and Digital Signature Pattern do not appear correctly due to JavaScript caching. To resolve this issue:

    Clear the browser cache to update the component names.

  7. The Prompt users before executing newly encountered programs downloaded through HTTP or email applications (Server platforms excluded) feature only monitors ports 80, 81, and 8080 on Windows platforms (except Windows 8 which monitors all ports).

Device Control

  1. When the permission for plug-in devices (USB) is "read only", users can still create a new folder on the device but the folder cannot be renamed and no file can be saved to the folder.
  2. The Device Control feature is unable to block recording of files (or "file burning") to optical disks.
  3. If the permission for network drives is "Read", a text file on a network drive is blocked if the file is accessed from a command prompt on a Windows Server 2008 computer.
  4. If the Device Control permission for USB storage devices is changed from "Allow" to "Block" when USB storage device files are already opened on the client computer, access to the opened files is still permitted. The Block permission is updated the next time that the USB device is plugged in, or the client computer is restarted.

Data Loss Prevention

  1. Data transmitted through Instant Messaging applications are not detected if the applications use a non-transparent proxy server.

  2. While using Autopcc.exe to install an OfficeScan client, ofcscan.ini is blocked during the UNC copy process if the "Taiwan: SKH Hospital Medical Record Number" template is deployed with the SMB channel. This causes the client installation to be unsuccessful. To resolve this issue:

    Create an exception for INI files in the Data Loss Prevention policy:

    1. Create a new File Attribute type data identifier.

      1. Type Ini_FA for the Name.
      2. Click File Extension.
      3. Type *.ini in the File Extension text field.
      4. Save the new file attribute identifier

    2. Create a new template for the exception.

      1. Type New_SK_Template for the Name.
      2. Add the "Ini_FA" file attribute to the Selected data identifier list and select the Except operator.
      3. Add the Taiwan: SKH Medical Record Number expression to the Selected data identifier list and select the And operator.
      4. Save the new template.
    3. Deploy the newly created "New_SKH_Template" to clients instead of the original "Taiwan: SKH Medical Record Number" template.
    4. After upgrading the OfficeScan client to OfficeScan 10.6 SP3, the preexisting client-side Data Loss Prevention logs are deleted (unless updating from the OfficeScan 10.6 SP2 DLP Enhancement Patch).

OfficeScan Firewall

  1. The Firewall rule for outgoing traffic will not work as expected if a machine has several IP addresses with different Firewall policies.

  2. When the security level on a Citrix server is medium or high, perform the following steps:

    1. On the OfficeScan server Web console, create a new firewall policy.
    2. Add the following port numbers to the policy's exclusion list: 1494, 2598
    3. Go to Firewall > Profiles and click Assign Profile to Clients.

  3. For Windows XP and Windows Server 2003 platforms hosting VMware clients, incoming packets to a VMware client computer are dropped if the host machine has the OfficeScan client installed.

    Workaround (for all clients):

    1. On the server computer, open ofcscan.ini under the \PCCSRV folder.

    2. Add the following setting under [Global Setting]: EnableGlobalPfwBypassRule=1

    3. On the Web console, go to Networked Computers > Global Client Settings and click Save to deploy the setting to all clients.

    Workaround (for specific clients):

    1. On the client computer, open Registry Editor.

    2. Add the following registry value:

      • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

        For x64 computers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

      • Name: EnableBypassRule
      • Type: REG_DWORD
      • Value: 1
    3. Reload the client for settings to take effect.
  4. If the client runs on a Windows Server 2003 computer without any Microsoft service pack, the OfficeScan firewall may block connection to the integrated Smart Protection Server. Apply the latest service pack to avoid encountering this issue.
  5. The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running but there is no Trend Micro Common Firewall in the network protocol.
  6. OfficeScan does not support specific application exceptions on Windows 8 and Windows Server 2012 platforms. OfficeScan allows or denies all application traffic on computers with these platforms.

Smart Scan

  1. Only Internet Explorer is supported for configuring proxy settings used by clients to connect to the Global Smart Protection Server. If proxy settings are configured in other browsers, clients will not be able to connect to the Global Smart Protection Server.

Web Reputation

  1. If the OfficeScan server is installed on a dual-stack (IPv4/IPv6) computer and is using an Apache web server, pure IPv6 clients cannot send web reputation queries to the integrated Smart Protection Server.

  2. If you enable the option "Check HTTPS URLs" in a web reputation policy:

    1. Select the option "Enable third-party browser extensions" in Internet Explorer. If this option is disabled, clients will not be able to check the reputation of HTTPS websites.
    2. For clients running Windows Server 2008 (32-bit), disable Internet Explorer Enhanced Security Configuration (IE ESC) from Windows Server Manager. If IE ESC is enabled, the web reputation blocking page displays in source code mode.
  3. The OfficeScan client is unable to get the Web reputation rating. This occurs if the client is installed on a computer running Windows Server 2008 (32-bit or 64-bit) or Windows Server 2008 R2 (64-bit) with Apache that supports IPv6. As a workaround, turn off IPv6 on the computer.

  4. Clients can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue:

    1. Connect to the network using Juniper Networks VPN.
    2. Open Internet Option > Connection > LAN Settings.
    3. Disable Automatic configuration settings.
    4. Enable Proxy server and specify the IP address and port of your proxy server.
    5. Click Ok.
  5. If users access the Internet using Firefox and a proxy server, be sure that proxy settings in Internet Explorer have been configured. If proxy settings have not been configured in Internet Explorer, web reputation will not work, even if proxy settings have been configured in Firefox.
  6. On the OfficeScan client computer, web reputation automatic proxy detection in Internet Explorer does not work if the administrator enables the "Client Console Access Restriction" option on the OfficeScan server Web console's Privileges and Other Settings screen.

  7. After upgrading, the Web Reputation Services is unavailable until the Web Blocking List is fully updated. To resolve this issue, go to Smart Protection > Smart Protection Sources and select a secondary Smart Protection Server for clients to use until the Web Blocking List has completed the update.

    Note: OfficeScan begins updating the Web Blocking List immediately after the server upgrades.

Policy Server and Cisco Trust Agent

  1. The installation and removal of the Cisco Trust Agent (CTA) on client computers require the use of a Windows Utility (netsh.exe) to add/remove CTA from the Windows Firewall Program Exception list. This is done to allow CTA to communicate even when Windows Firewall is enabled.
  2. Computer restart is required after the Cisco Trust Agent 2.x Supplicant package is deployed.
  3. Users cannot log on to Policy Server installed on an Apache server if the Apache server already has OfficeScan installed. Uninstall the Policy Server and re-install on an Apache server without OfficeScan.

Control Manager Integration

  1. The Integrated Windows Authentication protocol is not supported when registering OfficeScan to Control Manager and specifying Web server authentication credentials for the IIS server. Only basic access authentication is supported.

  2. When accessing the OfficeScan server using the single-sign on function in Control Manager:

    Refresh the page if any of these conditions occur.

  3. The Control Manager server must use port 80 or 443 to allow migration from the Trend Micro Management Infrastructure(TMI) protocol to the Trend Micro Control Manager Management Communication Protocol (MCP) agent.
  4. OfficeScan client registers and unregisters to Control Manager if the mobile client frequently changes IP address. This can cause network bandwidth issues for Control Manager 5.0.
  5. Outside Server Management reports cannot be queried if the OfficeScan web console is accessed through Control Manager single sign-on. Use the OfficeScan web console to query Outside Server Management reports.

Online Help

  1. The Online Help system experiences scripting errors when viewed using Internet Explorer 8.0 and earlier. Apply the following Windows fix to solve the problem: http://support.microsoft.com/kb/175500/en-us.

Additional Release Notes

  1. There are several tools included in this version. Refer to the OfficeScan server Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.

  2. The following are the permissions for the OfficeScan folders:

    Directory/User

    Administrator

    Everyone

    IUser _<Server Name>

    System

    Network Service

    \PCCSRV

    Full control

    RX

    N/A

    Full control

    N/A

    \PCCSRV\Download

    Full control

    R

    R

    Full control

    N/A

    \PCCSRV\HTTPDB

    Full control

    N/A

    N/A

    N/A

    N/A

    \PCCSRV\Log

    Full control

    N/A

    N/A

    Full control

    N/A

    \PCCSRV\Private

    Full control

    N/A

    N/A

    Full control

    RX

    \PCCSRV\Temp

    Full control

    N/A

    RWXD

    N/A

    RWXD

    \PCCSRV\Virus

    Full control

    N/A

    RW (Special Access)

    N/A

    N/A

    \PCCSRV\Web

    Full control

    N/A

    R

    Full control

    N/A

    \PCCSRV\Web\Cgi

    Full control

    N/A

    RX

    N/A

    N/A

    \PCCSRV\Web_OSCE\Web_console

    Full control

    RX

    N/A

    Full control

    N/A

    \PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall

    Full control

    N/A

    RWXD

    N/A

    N/A

    \PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI

    Full control

    N/A

    RWXD

    N/A

    N/A
  3. Download the latest components after upgrading to keep your security risk protection current.

 

Back to top

 

8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our website.

 

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

 

Back to top

 

9. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

 

Back to top

 

 

10. License Agreement

Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

License Attributions can be viewed from the OfficeScan web console.

 

Back to top