Trend Micro, Inc.

April 2014

Trend Micro™ OfficeScan™

Version 11.0

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/enterprise/officescan.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey.aspx.

Contents

1. About OfficeScan

2. What's New

3. Document Set
4. System Requirements

5. Installation

6. Post-installation Configuration
7. Known Issues
8. Contact Information
9. About Trend Micro
10. License Agreement

1. About OfficeScan

Trend Micro™ OfficeScan™ protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan consists of an agent program that resides at the endpoint and a server program that manages all agents. The agent guards the endpoint and reports its security status to the server. The server, through the web-based management console, makes it easy to set coordinated security policies and deploy updates to every agent.

OfficeScan is powered by the Trend Micro™ Smart Protection Network™, a next generation cloud-client infrastructure that delivers security that is smarter than conventional approaches. Unique in-the-cloud technology and a lighter-weight agent reduce reliance on conventional pattern downloads and eliminate the delays commonly associated with desktop updates. Businesses benefit from increased network bandwidth, reduced processing power, and associated cost savings. Users get immediate access to the latest protection wherever they connect—within the company network, from home, or on the go.

Back to top

2. What's New

OfficeScan includes the following new features and enhancements:

Server Enhancements

SQL Database Migration Tool

Administrators can choose to migrate the existing CodeBase® server database to a SQL server database.

Smart Protection Server Enhancements

This version of OfficeScan supports the upgraded Smart Protection Server 3.0. The upgraded Smart Protection Server includes File Reputation Services pattern enhancements. The pattern files have been redesigned to provide the following benefits:

• Reduced memory consumption

• Incremental pattern updates and enhanced File Reputation Services pattern detection, which greatly reduce bandwidth consumption

Server Authentication

Enhanced server authentication keys ensure that all communication to and from the server is secure and trusted.

Role-based Administration Enhancement

The role-based administration enhancement streamlines how administrators configure roles and accounts making integration with Trend Micro Control Manager™ more streamlined.

Web Server Requirements

This version of OfficeScan can integrate with the Apache 2.2.25 web server.

OfficeScan Server Interface Redesign

The OfficeScan interface has been redesigned to provide an easier, more streamlined, and more modern experience. All the features available in the previous OfficeScan server are still available in the updated version.

• Top-level menu items free up screen space

• A "Favorites" menu helps you locate regularly used screens

• A slide show view of the Dashboard tabs allows you to view widget data without the need to manually control the console

Cloud-based Contextual Online Help

Cloud-based context-sensitive online help ensures that administrators always have the most up-to-date information whenever the help system opens. If an Internet connection is unavailable, OfficeScan automatically switches to the local online help system shipped with the product.

Platform and Browser Support

OfficeScan supports the following operating systems:

• Windows Server™ 2012 R2 (server and agent)

• Windows 8.1 (agent only)

OfficeScan supports the following browser:

• Internet Explorer™ 11

Agent Enhancements

Suspicious File Restoration

OfficeScan provides administrators the ability to restore previously detected “suspicious” files and add files to domain-level “approved” lists to prevent further actions on the files.

If a program or file has been detected and quarantined, administrators can globally or granularly restore the file on agents. Administrators can use additional SHA1 verification checking to ensure that the files to be restored have not been modified in any way. After restoring the files, OfficeScan can automatically add the files to domain-level exclusion lists to exempt them from further scanning.

Advanced Protection Service

The Advanced Protection Service provides the following new scan features.

• Browser Exploit Prevention uses sandbox technology to test the behavior of web pages in real time and detect any malicious script or program before the OfficeScan agent is exposed to threats.

• Enhanced memory scanning works in conjunction with Behavior Monitoring to detect malware variants during Real-time Scans and take quarantine actions against threats.

Data Protection Enhancements

OfficeScan Data Protection has been enhanced to provide the following benefits:

• Data Discovery through integration with Control Manager™: Administrators can configure Data Loss Prevention policies on Control Manager to scan folders on OfficeScan agents for sensitive files. After discovering sensitive data within a file, Control Manager can log the location of the file or, through integration with Trend Micro Endpoint Encryption, automatically encrypt the file on the OfficeScan agent.

• User Justification support: Administrators can allow users to provide reasons for transferring sensitive data or block the transmissions themselves. OfficeScan logs all transfer attempts and the reasons provided by the user.

• Smartphone and tablet support: Data Loss Prevention and Device Control can now monitor and take action on sensitive data being sent to smart devices, or block access to smart devices entirely.

• Updated data identifier and template libraries: The Data Loss Prevention libraries have been updated with 2 new keyword lists and 93 new templates.

• Device Control log integration with Control Manager™

Suspicious Connection Settings Enhancement

Command & Control (C&C) Contact Alert Services has been updated to include the following:

• Global User-defined Approved and Blocked IP lists

• Malware network fingerprinting to detect C&C callbacks

• Granular action configuration when suspicious connections are detected

• C&C server and agent logs record the process responsible for C&C callbacks

Outbreak Prevention Enhancements

Outbreak Prevention has been updated to protect against the following:

• Executable compressed files

• Mutex processes

Self-protection Feature Enhancements

The self-protection features available in this release provide both light-weight and high level security solutions to protect both your server and OfficeScan agent programs.

• Light-weight solution: Designed for server platforms to protect OfficeScan agent process and registry keys by default, without affecting the performance of the server

• High-level security solution: Enhances the Agent Self-protection feature available in previous releases by providing:

  • IPC command authentication

  • Pattern file protection and verification

  • Pattern file update protection

  • Behavior Monitoring process protection

Scan Performance and Detection Enhancements

• Real-Time Scan maintains a persistent scan cache which reloads each time the OfficeScan agent starts. The OfficeScan agent tracks any changes to files or folders that occurred since the OfficeScan agent unloaded and removes these files from the cache.

• This version of OfficeScan includes global Approved lists for Windows system files, digitally signed files from reputable sources, and Trend Micro-tested files. After verifying that a file is known to be safe, OfficeScan does not perform any action on the file.

• Damage Cleanup Services enhancements provide improved detection capabilities for rootkit threats and a reduced number of false positives through updated GeneriClean scanning.

• Compressed file settings are separated between Real-time and On-demand Scans to help improve performance.

• Dual-layer logs provide a more detailed view for detections that administrators want to examine further.

OfficeScan Agent Interface Redesign

The OfficeScan agent interface has been redesigned to provide an easier, more streamlined, and more modern experience. All the features available in the previous OfficeScan agent program are still available in the updated version.

The updated interface also allows administrators to "unlock" administrative functions directly from the OfficeScan agent console in order to quickly troubleshoot issues without opening the web console.

Back to top

3. Document Set

The document set for the OfficeScan server includes:

• Installation and Upgrade Guide: A PDF document that discusses requirements and procedures for installing the OfficeScan server, and upgrading the server and agents
• Administrator's Guide: A PDF document that discusses getting started information, agent installation procedures, and OfficeScan server and agent management
• Help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information. The Help is accessible from the OfficeScan server, agent, and Policy Server consoles, and from the OfficeScan Master Setup.
• Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation.
• Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com

Download the latest versions of the PDF documents and readme at http://docs.trendmicro.com/en-us/enterprise/officescan.aspx.

Back to top

4. System Requirements

The OfficeScan server and agent can be installed on endpoints running Microsoft Windows platforms. The OfficeScan agent is also compatible with various third-party products.

Visit the following website for a complete list of system requirements and compatible third-party products:

http://docs.trendmicro.com/en-us/enterprise/officescan.aspx

Size of Deployment Package

Note: All of the following deployment package sizes are for packages that do not include any additional plug-in features. The size of the deployment package may vary if additional plug-in features are included in the package.

Size of the new install package (32/64-bit) via Agent Packager Tool

For 32-bit Setup Package:

• Setup Package (Conventional Scan) = 114 MB
• Setup Package (Smart Scan) = 111 MB

For 64-bit Setup Package:

• Setup Package (Conventional Scan) = 137 MB
• Setup Package (Smart Scan) = 134 MB

For 32/64-bit MSI Package:

• MSI Setup Package (Conventional Scan) = 189 MB
• MSI Setup Package (Smart Scan) = 185 MB

Back to top

5. Installation

See the Installation and Upgrade Guide for instructions on:

• Installing the OffieScan server
• Upgrading the OfficeScan server and agents
• Rolling back agents to a previous OfficeScan version

For OfficeScan agent installation instructions, refer to the Administrator's Guide.

Back to top

6. Post-installation Configuration

1. Verify if the OfficeScan server has been upgraded.

   1. On the web console, click Help > About. Version information should be 11.0, build 1028.

   2. On the Control Manager console, the OfficeScan version should be 1028.

      Note: Trend Micro recommends installing Trend Micro Control Manager™ 6.0 Patch 3 to ensure compatibility with OfficeScan 11.0.

2. After installing this service pack, restart the web browser.
3. Verify if component update on the server is successful by opening the web console and going to Logs > Server Updates Logs.

If the update is unsuccessful, perform manual update immediately by going to Updates > Server > Manual Update. You can also refer to the online help for typical update problems and solutions or contact your Support provider for assistance.

Agent installation on supported platforms

1. If users will use the web install page to install the OfficeScan agent to an endpoint running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, instruct users to perform the following before installation:

   1. Log on to the endpoint using a built-in administrator account.
   2. Launch Internet Explorer and add the OfficeScan server URL (such as https://computername:4343/officescan) to the list of trusted sites. On Internet Explorer, the list can be accessed by going to Tools > Internet Options > Security tab, selecting the Trusted Sites icon, and clicking Sites
   3. Modify the Internet Explorer security setting to enable Automatic prompting for ActiveX controls. On Internet Explorer, this can be done by going to Tools > Internet Options > Security tab, and clicking Custom level.
   4. During OfficeScan agent installation, allow ActiveX control installation.

2. If users will use Agent Packager (EXE package) to install the OfficeScan agent to an endpoint running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, perform the following:

   1. Create the EXE package from the OfficeScan server.

   2. Send the package to users and instruct them to launch it on their endpoints.

      To launch the EXE package:

      • If the endpoint runs Windows 7, Windows Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, instruct users to right-click the EXE file and select Run as administrator.
      • If the endpoint runs Windows XP Home, users can use the typical method for opening files, such as double-clicking the file.

3. If users will use Agent Packager (MSI package) to install the OfficeScan agent to an endpoint running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, perform the following:

   1. Create the MSI package from the OfficeScan server.
   2. Send the package to users and instruct them to launch it on their endpoints using the typical method for opening files, such as double-clicking the file.

   Note: You can also launch the MSI package (on the command prompt) and silently install the OfficeScan agent to a remote endpoint running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012.

4. If users will use Login Script Setup (AutoPcc.exe) to install the OfficeScan agent to an endpoint running Windows 7, Windows XP Home, Vista Home Basic, Vista Home Premium, Server 2008, Windows 8, or Server 2012, instruct users to perform the following:

   1. Connect to the server computer.
   2. Navigate to \\{server computer name}\ofcscan.
   3. Right-click AutoPcc.exe and select Run as administrator.

Back to top

7. Known Issues

The following are the known issues in this release:

• Server Installation, Upgrade, and Uninstallation
• SQL Database Migrations
• Agent Installation, Upgrade, and Uninstallation
• Scanning
• Server Update
• Agent Update
• Server Management
• Agent Management
• Device Control
• Data Loss Prevention
• OfficeScan Firewall
• Smart Scan
• Web Reputation
• Control Manager Integration
• Online Help
• Virtual Desktop Infrastructure
• Additional Release Notes

Server Installation, Upgrade, and Uninstallation

1. If you install the OfficeScan server using Apache web server and you enabled SSL for secure connections, it is possible to use an unsecure HTTP connection to log on to the web console.

2. The OfficeScan web console and all OfficeScan services cannot be accessed if the OfficeScan server was installed on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 before joining a domain. To resolve the issue:

   For Windows Server 2008:

   1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.

   2. Enable exception for File and Printer Sharing.

   3. Add the following port exceptions:

      • Trend Micro Local Web Classification Server HTTP, TCP port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345

   4. Click OK.

   For Windows Server 2008 R2:

   1. Go to Control Panel > System and Security > Windows Firewall > Allowed Programs.

   2. Select the following features and allow access for the Domain profile:

      • File and Printer Sharing
      • Trend Micro Local Web Classification Server HTTP
      • Trend Micro OfficeScan Server HTTP
      • Trend Micro OfficeScan Server HTTPS
      • Trend Micro Smart Scan Server (Integrated) HTTP
      • Trend Micro Smart Scan Server (Integrated) HTTPS

   3. Click OK.

   For Windows Server 2012 or Windows Server 2012 R2:

   1. Go to Control Panel > System and Security > Windows Firewall > Advanced settings.

   2. Click Inbound Rules. Allow access to all required File and Printer Sharing rules.

   3. Click Inbound Rules > New Rule... > Port.

   4. Add the following port exceptions:

      • Trend Micro Local Web Classification Server HTTP, TCP Port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345

3. After installing the OfficeScan server remotely to a Windows Server 2008 computer, the web console shortcut does not immediately display on the computer's desktop. Refresh the desktop by pressing F5 to see the shortcut.

4. When the OfficeScan server is installed to a disk using the FAT32 file system, role-based logon to the OfficeScan web console does not work.

5. During upgrade, if the existing OfficeScan database file (found in the "HTTPDB" folder under "OfficeScan/PCCSRV") is very large, the upgrade process may time out. Trend Micro recommends doing the following before upgrading:

   1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.
   2. From the OfficeScan console, manually delete old server logs.
   3. Go to Administration > Database Backup, and click Backup Now to back up the database.
6. For endpoints running any version of Windows Server 2003, launch the server installation package (full installation package or standalone patch package) by double-clicking the file. Installation issues may occur if the package is launched using the "Run as <user name>" function, even if <user name> is the account currently logged on the endpoint.

7. Trend Micro Mobile Security is now a standalone program and is no longer supported as a plug-in program in OfficeScan 11.0. To continue using Mobile Security, Trend Micro recommends upgrading to the standalone version 9.0. For detailed migration steps, see http://esupport.trendmicro.com/solution/en-US/1098095.aspx.

8. During OfficeScan server installation, the "pre-scan" feature is unable to detect double-byte malware threats.

9. Upgrading the OfficeScan server in environments where the Apache server is being used by third-party applications may cause the following issues:

   • The Apache server upgrade to version 2.2 is unsuccessful.
   • The Apache server console cannot open because the Apache server service cannot start.
   • The PHP ugrade is unsuccessful because previous versions of the Apache server do not support PHP 5.3.27.
   • The OfficeScan web console displays a message indicating that Plug-in Manager is not installed.

   To resolve these issues:

   1. Apply the following OfficeScan hot fix: osce_11_win_all_hfb1066
   2. Upgrade the Apache server to version 2.2.25 manually.
   3. Upgrade Plug-in Manager manually.
   4. Upgrade the PHP version to 5.3.27 manaually.

   For detailed steps about resolving the Apache server upgrade issues, see http://esupport.trendmicro.com/solution/en-US/1104062.aspx.

10. Installing or upgrading OfficeScan to version 11.0 may be unsuccessful for the following reasons:

    • The PHP version is older than 5.3.27.

    • The following extensions are not available on the web server:

      • For Apache servers: PHP 5.3.27 VC9, 32-bit, Thread Safe with the CURL, GMP, LDAP, PDO_SQLITE, COM_DOTNET extensions
      • For IIS: PHP 5.3.27 VC9, 32-bit, Non Thread Safe with the CURL, GMP, LDAP, MBSTRING, OPENSSL, PDO_SQLITE, SOAP, COM_DOTNET extensions

    To resolve this issue:

    1. Remove the current PHP version. Go to Control Panel > Add/Remove Programs.
    2. Run the OfficeScan 11.0 setup program.

    For detailed steps, see http://esupport.trendmicro.com/solution/en-US/1103806.aspx

11. If the OfficeScan server computer or an agent endpoint has not properly updated its root certificate (for example, the computer does not have an Internet connection), OfficeScan cannot verify the computer's digital signatures during Inter-Process Communication (IPC). To solve this issue, you must manually update the root certificate or perform a Windows Update.

SQL Database Migrations

1. When transferring the OfficeScan database to a SQL database installed on a Domain Controller endpoint, you must select the “Migrate the OfficeScan database to an existing SQL Server” option on the SQL Migration Tool (SQLTool.exe).

2. If you want to install a new SQL Server 2008 R2 SP2 Express on a Domain Controller endpoint, you must follow the Microsoft Knowledge Base information on how to install SQL Server 2008 R2 SP2 Express manually.

Agent Installation, Upgrade, and Uninstallation

1. The OfficeScan agent is unable to query the Web Reputation servers after performing a fresh installation or upgrade. To resolve the issue, ensure that agents restart their endpoints if a restart notification appears.

2. If you create a login script in Active Directory and then log on as administrator on an endpoint running Windows Vista Home, Server 2008, 7, 8, or Server 2012, the OfficeScan agent cannot be installed to the endpoint and the message that displays states that the account used is not an administrator account.

3. When this product version is installed to a Citrix Presentation server, the Citrix client loses connection with the server. To address this issue:

   1. On the Citrix server, open Registry Editor and navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList.
   2. Click Edit > New > Key and name the key IIS.
   3. Under this new key, create a string value (Edit > New > String Value) with the name ProcessImageName and use w3wp.exe as its value.
   4. Restart the OfficeScan NT Listener service.
4. When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan agent cannot be installed or upgraded. Before upgrading or installing OfficeScan, ensure that no SCM-locking application is running.
5. When running Vulnerability Scanner on an endpoint running Windows Server 2008, Windows 7, Windows 8, or Windows Server 2012, the DHCP tab does not display on the tool's console.

6. The ServerProtect Normal Server Migration tool is unable to:

   • Detect ServerProtect for Windows 5.8 with patch 7 or later
   • Restart the target endpoint after installing the OfficeScan agent even if the "Restart after installation" option is selected

   To resolve these issues, open Registry Editor on the Normal Server and Information Server and add following registry key:

   • Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\CurrentVersion\RPC
   • Name: AgentFilter
   • Type: REG_SZ (string value)
   • Value: IP addresses or endpoint name of the OfficeScan server

7. Microsoft IIS 7 does not work when:

   • Running Setup to install both the OfficeScan server and agent on a Windows Server 2008 endpoint without Service Pack 2, and then specifying IIS 7 as the web server. The web console cannot be opened after installation and all applications using IIS do not work.
   • Installing the OfficeScan agent to a Windows Server 2008 endpoint with Microsoft IIS 7. All applications using IIS do not work.

A message displays on the endpoint using Windows Server 2008 without Service Pack 2, instructing the user to restart the IIS service to resolve the issue.

8. To perform agent web installation on endpoints with a 64-bit processor architecture, you must use the 32-bit version of Internet Explorer. The 64-bit version of Internet Explorer is not supported.
9. The OfficeScan agent may not install correctly if Norton SystemWorks™ antivirus is installed on the endpoint. Uninstall it before installing OfficeScan agent.
10. If the OfficeScan agent is installed using the "per-user" method, the OfficeScan agent shortcut will still show on all the users' Windows Start menu.

11. After upgrading OfficeScan, the following issues occur:

    • When upgrading by moving an agent to an OfficeScan 11.0 server, the Common Firewall Pattern version is "N/A".

    To resolve these issues, perform the following steps:

    1. Stop the Cryptographic Services from the Microsoft Management Console.
    2. Navigate to C:\Windows\system32 and rename the "catroot2" folder to "oldcatroot2".
    3. Start the Cryptographic Services.

    4. Open a command prompt (cmd.exe) and run the following commands:

       regsvr32 wintrust.dll

       regsvr32 netcfgx.dll

    5. Restart the endpoint.
12. The OfficeScan agent unloads and then reloads three times when upgraded to this version. This happens if the agent upgrades, applies smart scan as its scan method, and then applies the domain level scan method.
13. After an OfficeScan agent in a VPN environment is uninstalled successfully, the agent is not removed on the web console's agent tree and its status is offline.

14. The administrator will not be able to remotely install OfficeScan agent to Windows 7 x86 platforms without enabling the default administrator account. To resolve this issue:

    Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disable this feature.

    Option A: Use the domain administrator account to remotely install OfficeScan 11.0 agents to Windows 7 machines.

    Option B: Use the default administrator account:

    1. Type the "net user administrator /active:yes" command from the command console to enable the default administrator account.
    2. Use the default administrator account to remotely install the OfficeScan agent to the Windows 7 machine.
15. Installing OfficeScan agents to Windows 7 or Windows Server 2008 R2 using a GUEST OS running on VMware Workstation 6.x and below may cause the system to stop responding. This is because of compatibility issues with the Intel™ Network Adapter Driver.

16. When installing the OfficeScan agent on Windows 8 and Windows Server 2012 platforms using the browser-based installation method, the installation is unsuccessful if the user is currently in Windows UI mode. This is due to Internet Explorer 10 not allowing ActiveX controls to run.

    To resolve this issue:

    Switch to desktop mode on Windows 8 and Windows Server 2012 platforms while performing a browser-based installation of the OfficeScan agent.

Scanning

1. A Microsoft Hyper-V virtual machine might not be able to start if the host endpoint has OfficeScan agent installed. This is because the OfficeScan agent and Hyper-V virtual machine access the same Hyper-V xml file, which causes file access violation. As a workaround:

   • Set exclusion folder for the virtual machine xml file located in C:\ProgramData\Microsoft\Virtual Machine Manager\.

   • Turn off file mapping scan by modifying the TmFilter/TmxpFilter registry value.

     To turn off file mapping:

     1. On the server computer, open ofcscan.ini under the \PCCSRV folder.

     2. Modify the following setting under [Global Setting]: UseMapping=0

     3. Save the file.

     4. On the web console, go to Agents > Global Agent Settings and click Save to deploy the setting to all agents.

     The following registry information is added after the deployment completes:

     • Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSApiNt\Parameters

     • Key: UseMapping
     • Type: DWORD
     • Value: 0
2. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.
3. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service client.
4. When an email containing an attachment with spyware/grayware is retrieved through Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.

5. In a Citrix environment, when the OfficeScan agent detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions.

   Security risk can be any of the following:

   • Virus/Malware
   • Spyware/Grayware
   • Firewall policy violation
   • Web Reputation policy violation
   • Unauthorized access to external devices
6. The deferred scan feature is not available if the Virus Scan Engine (VSAPI) has not been upgraded to version 9.713 or later.

Server Update

1. When updating OfficeScan patterns and engines from Control Manager, administrators are not notified of the update status even if notifications are enabled. The update status can be viewed from the Control Manager console.

Agent Update

1. OfficeScan agents with agent-level settings can only download settings from the OfficeScan server, not Update Agents.
2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded.
3. When the OfficeScan server notifies agents to update components, agents that obtain updates from an Update Agent will not be able to update if the Update Agent has not been upgraded to version 10.0 SP1 or higher. However, these agents can still obtain the updates directly from the OfficeScan server.
4. When the server and agent endpoints are located on geographical locations with different time zones, the agent cannot be configured to update based on the server's time zone.

Server Management

1. The Active Directory scope may display as empty or redirect to the Active Directory integration screen when querying Outside Server Management reports with a broad scope. Ensure that the first task is finished before performing another query.
2. The User Role has access and configure permissions on the agent Manual Update page but only for selected domains. However, all agents receive the notification when this role clicks Initiate Update.
3. For Menu Items for Managed Domains, when an Active Directory user is part of several Active Directory groups, the user combines domain permissions but applies the higher role setting on all applicable domains.
4. When the endpoint's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.
5. When the web console is opened in Internet Explorer 9 or later, a certificate error displays.

6. Users are unable to collapse the agent management tree menu items on the User Account - Step 3 Define Agent Tree Menu screen when configuring User Accounts on Windows 8.1 and Windows Server 2012 R2 platforms running Internet Explorer 11. To resolve this issue:

   Install the Internet Explorer 11 hotfix from the Microsoft Windows Update site: http://support.microsoft.com/kb/2884101/en-us.

Agent Management

1. Agent names in the OfficeScan agent tree supports only 15 characters and truncates the succeeding characters.
2. Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Administration > Notifications > Agents > Virus/Malware tab).
3. If the agent security level configured on the web console is set to "High", connection through Nortel VPN client cannot be established.
4. Select the Show icon and notifications option to display the OfficeScan icon in the Windows 7 and 8 system tray. The default option for Windows 7 and 8 is Only show notification.
5. Some agent console screens include a Help button, which, when clicked, opens context-sensitive, HTML-based Help. Because Windows Server Core 2008 lacks a browser, the Help will not be available to the user. To view the Help, the user must install a browser.

6. On the web console's Update Summary screen (Updates > Summary), the Behavior Monitoring Configuration Pattern, Policy Enforcement Pattern, and Digital Signature Pattern do not appear correctly due to JavaScript caching. To resolve this issue:

   Clear the browser cache to update the component names.

7. The Prompt users before executing newly encountered programs downloaded through HTTP or email applications (Server platforms excluded) feature only monitors ports 80, 81, and 8080 on Windows platforms (except Windows 8 which monitors all ports).

Device Control

1. The Device Control feature is unable to block recording of files (or "file burning") to optical disks.
2. If the Device Control permission for USB storage devices is changed from "Allow" to "Block" when USB storage device files are already opened on the agent endpoint, access to the opened files is still permitted. The Block permission is updated the next time that the USB device is plugged in, or the agent endpoint is restarted.
3. Device management applications (such as iTunes, HTCSync, and SamSung Kies) for devices blocked by Device Control are also blocked from user access.
4. Device Control can only limit access to CD/DVD recording devices that use the Live File System format. Applications that use Mastered Format can still perform read/write and execute operations even with Device Control enabled.

Data Loss Prevention

1. Data transmitted through Instant Messaging applications are not detected if the applications use a non-transparent proxy server.
2. After upgrading the OfficeScan agent to OfficeScan 11.0 from an OfficeScan version prior to 10.6 SP3, the preexisting agent-side Data Loss Prevention logs are deleted (unless updating from the OfficeScan 10.6 SP2 DLP Enhancement Patch).

OfficeScan Firewall

1. The Firewall rule for outgoing traffic will not work as expected if a machine has several IP addresses with different Firewall policies.

2. When the security level on a Citrix server is medium or high, perform the following steps:

   1. On the OfficeScan server web console, create a new firewall policy.
   2. Add the following port numbers to the policy's exclusion list: 1494, 2598
   3. Go to Agents > Firewall > Profiles and click Assign Profile to Agents.

3. For Windows XP and Windows Server 2003 platforms hosting VMware agents, incoming packets to a VMware agent endpoint are dropped if the host machine has the OfficeScan agent installed.

   Workaround (for all agents):

   1. On the server computer, open ofcscan.ini under the \PCCSRV folder.

   2. Add the following setting under [Global Setting]: EnableGlobalPfwBypassRule=1

   3. On the web console, go to Agents > Global Agent Settings and click Save to deploy the setting to all agents.

   Workaround (for specific agents):

   1. On the agent endpoint, open Registry Editor.

   2. Add the following registry value:

      • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

        For x64 endpoints: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

      • Name: EnableBypassRule
      • Type: REG_DWORD
      • Value: 1
   3. Reload the agent for settings to take effect.
4. If the agent runs on a Windows Server 2003 endpoint without any Microsoft service pack, the OfficeScan firewall may block connection to the integrated Smart Protection Server. Apply the latest service pack to avoid encountering this issue.
5. The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running but there is no Trend Micro Common Firewall in the network protocol.
6. OfficeScan does not support specific application exceptions on Windows 8 and Windows Server 2012 platforms. OfficeScan allows or denies all application traffic on endpoints with these platforms.

Smart Scan

1. Only Internet Explorer is supported for configuring proxy settings used by agents to connect to the Global Smart Protection Server. If proxy settings are configured in other browsers, agents will not be able to connect to the Global Smart Protection Server.

Web Reputation

1. If the OfficeScan server is installed on a dual-stack (IPv4/IPv6) endpoint and is using an Apache web server, pure IPv6 agents cannot send Web Reputation queries to the integrated Smart Protection Server.

2. If you enable the option Check HTTPS URLs in a Web Reputation policy:

   1. Select the option Enable third-party browser extensions in Internet Explorer. If this option is disabled, agents will not be able to check the reputation of HTTPS websites.
   2. For agents running Windows Server 2008 (32-bit), disable Internet Explorer Enhanced Security Configuration (IE ESC) from Windows Server Manager. If IE ESC is enabled, the Web Reputation blocking page displays in source code mode.
3. The OfficeScan agent is unable to get the Web Reputation rating. This occurs if the agent is installed on an endpoint running Windows Server 2008 (32-bit or 64-bit) or Windows Server 2008 R2 (64-bit) with Apache that supports IPv6. As a workaround, turn off IPv6 on the endpoint.

4. Agents can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue:

   1. Connect to the network using Juniper Networks VPN.
   2. Open Internet Option > Connection > LAN Settings.
   3. Disable Automatic configuration settings.
   4. Enable Proxy server and specify the IP address and port of your proxy server.
   5. Click Ok.
5. If users access the Internet using Firefox and a proxy server, be sure that proxy settings in Internet Explorer have been configured. If proxy settings have not been configured in Internet Explorer, Web Reputation will not work, even if proxy settings have been configured in Firefox.
6. On the OfficeScan agent endpoint, Web Reputation automatic proxy detection in Internet Explorer does not work if the administrator enables the OfficeScan Agent Access Restriction option on the OfficeScan server web console's Privileges and Other Settings screen.

7. After upgrading, the Web Reputation Services is unavailable until the Web Blocking List is fully updated. To resolve this issue, go to Smart Protection > Smart Protection Sources and select a secondary Smart Protection Server for agents to use until the Web Blocking List has completed the update.

   Note: OfficeScan begins updating the Web Blocking List immediately after the server upgrades.

Control Manager Integration

1. The Integrated Windows Authentication protocol is not supported when registering OfficeScan to Control Manager and specifying web server authentication credentials for the IIS server. Only basic access authentication is supported.

2. When accessing the OfficeScan server using the single-sign on function in Control Manager:

   • Users are sometimes prompted that the OfficeScan screen contains non-secure items.
   • The "Action cancelled" warning screen may sometimes display.

   Refresh the page if any of these conditions occur.

3. The Control Manager server must use port 80 or 443 to allow migration from the Trend Micro Management Infrastructure(TMI) protocol to the Trend Micro Control Manager Management Communication Protocol (MCP) agent.
4. OfficeScan agent registers and unregisters to Control Manager if the mobile agent frequently changes IP address. This can cause network bandwidth issues for Control Manager 5.0.
5. Outside Server Management reports cannot be queried if the OfficeScan web console is accessed through Control Manager single sign-on. Use the OfficeScan web console to query Outside Server Management reports.

Online Help

1. The Online Help system experiences scripting errors when viewed using Internet Explorer 8.0 and earlier. Apply the following Windows fix to solve the problem: http://support.microsoft.com/kb/175500/en-us.

Virtual Desktop Infrastructure

1. Windows 2003 virtual platforms cannot connect to vCenter 5.x or later using SSL connections (port 443 with HTTPS).
2. Windows 2012 virtual platforms cannot connect to XenServer 5.x using SSL connections (port 443 with HTTPS).

Additional Release Notes

1. There are several tools included in this version. Refer to the OfficeScan server Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.

2. The following are the permissions for the OfficeScan folders:

   Directory/User	Administrator	Everyone	IUser _<Server Name>	System	Network Service
   \PCCSRV	Full control	RX	N/A	Full control	N/A
   \PCCSRV\Download	Full control	R	R	Full control	N/A
   \PCCSRV\HTTPDB	Full control	N/A	N/A	N/A	N/A
   \PCCSRV\Log	Full control	N/A	N/A	Full control	N/A
   \PCCSRV\Private	Full control	N/A	N/A	Full control	RX
   \PCCSRV\Temp	Full control	N/A	RWXD	N/A	RWXD
   \PCCSRV\Virus	Full control	N/A	RW (Special Access)	N/A	N/A
   \PCCSRV\Web	Full control	N/A	R	Full control	N/A
   \PCCSRV\Web\Cgi	Full control	N/A	RX	N/A	N/A
   \PCCSRV\Web_OSCE\Web_console	Full control	RX	N/A	Full control	N/A
   \PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall	Full control	N/A	RWXD	N/A	N/A
   \PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI	Full control	N/A	RWXD	N/A	N/A

3. Download the latest components after upgrading to keep your security risk protection current.

Back to top

8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our website.

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

Back to top

9. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top

10. License Agreement

Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

License Attributions can be viewed from the OfficeScan web console.

Back to top