Trend Micro, Inc.

November 2008

 

Trend Micro OfficeScan

Versions 8.0 and 8.0 Service Pack 1

 

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at http://www.trendmicro.com/download/.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.

 

Contents

  1. About OfficeScan

  2. What's New

  3. Document Set

  4. System Requirements

  5. Compatibility List

  6. Installation

  7. Post-installation Configuration

  8. Known Issues

  9. Contact Information

  10. About Trend Micro

  11. License Agreement

 

1. About OfficeScan

Trend Micro OfficeScan is a centrally managed software, protecting desktops and notebook computers from security risks. OfficeScan protects your organization's networked computers from viruses/malware and malicious code, including file viruses, macro viruses, and malicious Java applets and ActiveX controls. Additionally, you can rid client computers of spyware and grayware, which are files and programs that can negatively affect the performance of the computers on your network and introduce significant security, confidentiality, and legal risks to your organization. OfficeScan has a built-in firewall that can block traffic coming from suspicious sources.

 

Back to top

 

 

2. What's New

This product release includes both OfficeScan 8.0 and 8.0 Service Pack 1. When you run the installation package, version 8 will be installed followed immediately by Service Pack 1.

 

OfficeScan includes the following new features and enhancements:

 

   Antivirus

IntelliTrap

Virus writers often attempt to circumvent virus filtering by using real-time compression algorithms. IntelliTrap helps reduce the risk of virus/malware entering your network by blocking files with real-time compressed executable files.

To enable IntelliTrap, go to Networked Computers > Client Management > Settings > {Scan Type} > Virus/Malware tab > Scan Settings.

GeneriClean

GeneriClean, also known as referential cleaning, is a new technology for cleaning viruses/malware even without the availability of virus cleanup components. Using a detected file as basis, GeneriClean determines if the detected file has a corresponding process/service in memory and a registry entry, and then removes them altogether.

 

   Firewall

Logging allowed traffic

In addition to allowing or denying traffic based on firewall policies, OfficeScan clients can now log allowed traffic and, if granted the privilege, send these logs to the server. You can then audit allowed traffic coming from client computers and identify possible malicious activity without disrupting client users.

Firewall log sending

You can allow certain clients to automatically send firewall logs to the server (in Networked Computers > Client Management | Settings | Privileges and Other Settings) and configure a schedule for sending the logs (Networked Computers > Global Client Settings).

 

   Web Threat Protection

Web Reputation

In addition to file-based scanning, OfficeScan now includes the capability to detect and block Web-based security risks, including phishing attacks.

Configure Web Reputation settings by going to Networked Computers > Web Reputation.

Anti-spyware

OfficeScan comes with a new spyware scanning and cleanup engine that can detect and clean more spyware/grayware than ever before, with fewer false positives.

The following Trend Micro products with anti-spyware capabilities cannot be migrated to this version of OfficeScan:

The product includes the following new features:

   Others

Component Duplication

Downloading a full pattern each time OfficeScan updates its components consumes substantial bandwidth. This version of OfficeScan can perform smaller pattern downloads by limiting the download to only the new available patterns. See the Administrator's Guide or server online help for more information on component duplication.

Plug-in Manager

Plug-in programs are developed outside of a product release and are not yet fully integrated into OfficeScan. With Plug-in Manager, you no longer need to wait for a product release to start using the plug-in programs.

Plug-in Manager displays the programs for both the OfficeScan server and client in the OfficeScan Web console as soon as they become available. You can then install and manage the programs from the Web console, including deploying the client plug-in programs to clients.

Download and install Plug-in Manager by clicking Plug-in Manager on the main menu of the Web console. After the installation, you can check for available plug-in programs.

Web Console Management

Platform Support

This version of OfficeScan no longer supports Windows 95, 98, Me, NT and IA64 architecture.

Newly supported platforms for the OfficeScan client include Windows XP Home, Windows Server 2008, and Windows Vista. In addition, clients can be installed to guest Windows operating systems hosted on supported virtualization applications. See the system requirements below for details.

Notes:

Note: Even if Image Setup is not supported, clients have the capability to automatically change the GUID when prompted by the server to do so.

Scan Engine Enhancements

New versions of the Spyware Scan Engine and Virus Scan Engine improve the OfficeScan client's performance by utilizing less computer memory than the engines' previous versions. User mode memory usage reduction is around 63% at the time of this release.

Note: Memory usage will change in the future as the scan engines and  pattern files get updated. Please contact your Support provider to obtain the latest memory usage data.

The Virus Scan Engine's file handling capability has been improved  to address the performance issue encountered with third-party software when trying to access files through a network.

Trend Micro Control Manager(TM) Support

This OfficeScan version supports Control Manager 5.0 and 3.5. Apply the latest patches and critical hot fixes for these Control Manager versions to enable Control Manager to manage OfficeScan. To obtain the latest patches and hot fixes, visit the Trend Micro Update Center (http://www.trendmicro.com/download) or contact your Support provider.

 

Back to top

 

 

3. Document Set

The document set for the OfficeScan server includes:

You can download the latest version of the Installation and Deployment Guide and the Administrators Guide at http://www.trendmicro.com/download/.

 

Back to top

 

 

4. System Requirements

   4.1. OfficeScan server

Operating system:

Hardware:

Web server:

on Windows 2000: version 5.0 (Service Pack 3 or 4)

on Windows Server 2003: version 6.0

Web console:

Others:

 

   4.2. OfficeScan client for Windows 2000

Operating system

 Hardware

Browser: Windows Internet Explorer 5.0 or later if performing Web setup

 

   4.3. OfficeScan client for Windows XP/2003 (32-bit version)

Operating system

Hardware

Browser: Windows Internet Explorer 6.0 or later if performing Web setup

 

   4.4. OfficeScan client for Windows XP/2003 (64-bit version)

Operating system

Hardware

Browser: Windows Internet Explorer 6.0 or later if performing Web setup

 

   4.5. OfficeScan client for Windows Vista (32-bit and 64-bit versions)

Operating system

Hardware

Browser: Windows Internet Explorer 7.0 or later if performing Web setup

 

   4.6. OfficeScan client for Windows 2008 (32-bit version)

Operating system

Note: OfficeScan cannot be installed if Windows 2008 runs on the Server Core environment.

Hardware

Browser: Windows Internet Explorer 7.0 or later if performing Web setup

 

   4.7. OfficeScan client for Windows 2008 (64-bit version)

Operating system

Note: OfficeScan cannot be installed if Windows 2008 runs on the Server Core and Hyper-V environments.

Hardware

Browser: Windows Internet Explorer 7.0 or later if performing Web setup

 

   4.8. OfficeScan client acting as Update Agent

OfficeScan clients installed on Windows 2000, XP, Server 2003, and Vista can act as Update Agents. Below are the requirements:

 

Back to top

 

 

5. Compatibility List

OfficeScan is compatible with the following non-Trend Micro products:

The OfficeScan firewall is NOT compatible with a Token Ring network environment.

 

Back to top

 

 

6. Installation

Pre-installation

If you are performing fresh installation/upgrade of the OfficeScan server to multiple computers:

  1. Ensure you have the logon credentials for an administrator account with "logon as a service" privilege on the target computers. OfficeScan will prompt you for these credentials before analyzing each computer.

  2. On each target computer, the Remote Registry service should be started using an administrator account and not a Local System account. Remote Registry service is managed from the Microsoft Management Console (Click Start > Run, and type services.msc).

If you are upgrading to this OfficeScan version:

  1. Obtain two free Activation Codes by going to https://olr.trendmicro.com/redirect/osupgrade.htm.

  2. After OfficeScan 8.0 has been installed to the server, the server may immediately deploy OfficeScan 8.0 to clients before Service Pack 1 installation is finished, resulting in potential installation conflicts and failure.

Perform the following steps to prevent the server from immediately deploying version 8.0 to clients:

If you are using OfficeScan 7.x:

  1. Open the Web console, go to Updates > Client Deployment > Automatic Deployment, and disable the following options under Event-triggered Deployment:

  1. Click Clients on the main menu.

  2. Select the root domain to select all clients and then click Client Privileges/Settings.

  3. Under Update Settings, enable Forbid program upgrade and hot fix deployment.

  4. Click Apply to All. It may take a while to deploy the settings to online clients if you have a complex network environment and a large number of clients. Before the upgrade, allocate sufficient time for settings to get deployed to all clients. Clients that do not receive the settings and triggered Update Now, Schedule Update, or clicked AutoPcc.exe will automatically be upgraded.

  5. Install the OfficeScan server (see the Installation and Deployment Guide).

Note: You can configure the OfficeScan server settings using the Web console immediately after completing the installation and before upgrading clients. For detailed instructions on how to configure OfficeScan, refer to the Administrator's Guide and server online help.

  1. Open the OfficeScan 8.0 Service Pack 1 Web console, go to Updates > Networked Computers > Automatic Update, and enable Event-triggered Update settings.

  2. Go to Networked Computers > Client Management. From the client tree, select the root domain to select all clients.

  3. Click Settings > Privileges and Other Settings and go to the Other Settings tab.

  4. Disable the setting Clients can update components but not upgrade the client program or deploy hot fixes.

  5. Click Apply to All Clients.

  6. Go to Updates > Networked Computers > Manual Update.

  7. Click Manually select clients, and then click Select.

  8. From the client tree, select the root domain and then click Initiate Component Update. The clients begin to upgrade.

If you are using OfficeScan 6.x:

  1. Open the Web console, go to Updates > Client Deployment > Automatic Deployment, and disable the following options under Event-triggered Deployment:

It may take a while to deploy the settings to online clients if you have a complex network environment and a large number of clients. Before the upgrade, allocate sufficient time for settings to get deployed to all clients. Clients that do not receive the settings and triggered Update Now, Schedule Update, or clicked AutoPcc.exe will automatically be upgraded.

  1. Install the OfficeScan server (see the Installation and Deployment Guide).

Note: You can configure the OfficeScan server settings using the Web console immediately after completing the installation and before upgrading clients. For detailed instructions on how to configure OfficeScan, refer to the Administrator's Guide and server online help.

  1. Open the OfficeScan 8.0 Service Pack 1 Web console, go to Updates > Networked Computers > Manual Update.

  2. Click Manually select clients, and then click Select.

  3. From the client tree, select the root domain and then click Initiate Component Update. The clients begin to upgrade.

  1. The service pack included in this release includes updates to OfficeScan firewall drivers. If you have enabled the OfficeScan firewall in your current OfficeScan version, the following client computer disruptions will occur when you proceed to upgrade:

    1. When the service pack is deployed to clients and Common Firewall Driver update starts, client computers will be temporarily disconnected from the network. Users are not notified before disconnection.

    2. After the service pack is deployed, the OfficeScan TDI driver will not be loaded until the computer is restarted. Users are likely to encounter problems with the OfficeScan client if they do not restart immediately.

Inform all users in advance about the computer disconnection and restart. Additionally, consider installing OfficeScan when the impact of these client computer disruptions to your organization is minimal.

  1. The OfficeScan server cannot install the service pack if a client is running Login Script (AutoPcc.exe) at the time of installation. Please ensure that no client is running Login Script before installation.

Installation

For instructions on installing both the OfficeScan server and client, refer to the Installation and Deployment Guide.

 

Back to top

 

 

7. Post-installation Configuration

  1. Verify if the OfficeScan server has been installed or upgraded.

    1. On the Web console, click Help > About. Version information should be 8.0 Service Pack 1.

    2. If Control Manager manages the OfficeScan server, the OfficeScan version on the Control Manager management console should be 8.05.

  2. When you open the OfficeScan server Web console, Internet Explorer may prompt you to restart the server computer to activate new components. Restart the computer immediately when prompted.

  3. You can configure the OfficeScan server settings using the Web console immediately after completing the installation and before installing the client to networked computers. For detailed instructions on how to configure OfficeScan, refer to the Administrator's Guide and server online help.

  4. Verify that version 8.0 Service Pack 1 has been installed to clients and that OfficeScan client users have restarted their computers.

  5. Verify if component update on the server is successful by opening the Web console and going to Logs > Server Update Logs. If the update is unsuccessful, perform manual update immediately by going to Updates > Server > Manual Update. You can also refer to the online help for typical update problems and solutions or contact your Support provider for assistance.

 

Back to top

 

 

8. Known Issues

The following are the known issues in this release:

 

8.1. OfficeScan 8.0

   Server installation and upgrade

  1. When Setup is run in an x86 computer and the target installation is to a remote x64 computer, OfficeScan will be installed in the "Program Files" folder but the Web console cannot be opened. To open the Web console successfully, add the Web console URL to the list of trusted sites in Internet Explorer.

  2. An expired evaluation (trial) version Activation Code cannot be used to upgrade a previous OfficeScan version to this version. Before upgrading to this version, upgrade the evaluation version Activation Code in the previous version to a full version Activation Code.

  3. During upgrade, if the existing OfficeScan database file (found in the "HTTPDB" folder under "OfficeScan/PCCSRV") is very large, the upgrade process may time out. Trend Micro recommends purging the database before performing the upgrade.

  4. OfficeScan does not support upgrade from a different language version.

  5. You can only use Terminal Services if performing fresh installation.

  6. If the OfficeScan server computer does not have an IP address, uninstallation will not proceed.

  7. OfficeScan does not support configurable SSL ports when upgrading from OfficeScan 5.58.

  8. For computers with both the OfficeScan server and client installed, the OfficeScan servers can be upgraded remotely. An error message may display, but the error does not affect the upgrade.

  9. After an upgrade, the Control Manager Agent uses HTTP port 80 by default.

  10. When upgrading an OfficeScan server already registered to Control Manager, the server may only be upgraded to version 8.0 and not 8.0 Service Pack 1. This issue happens because the Control Manager Agent service cannot be stopped, which causes Service Pack 1 installation to terminate. If you encounter this issue, install version 8.0 Service Pack 1 after version 8.0 is installed. You can find the installation package for 8.0 Service Pack 1 at: http://www.trendmicro.com/ftp/products/servicepack/OSCE_80_WIN_EN_SP1.exe

   Client installation and upgrade

  1. If the OfficeScan server is upgraded to this version but the client is not, the Virus Cleanup Engine in the client will not be upgraded. Upgrade the client to this version to automatically upgrade the Virus Cleanup Engine.

  2. The installation and removal of the Cisco Trust Agent (CTA) on client computers require the use of a Windows Utility (netsh.exe) to add/remove CTA from the Windows Firewall Program Exception list. This is done to allow CTA to communicate even when Windows Firewall is enabled.

  3. The OfficeScan client might not install with Client Packager on some 64-bit clients. If you are unable to install OfficeScan client with Client Packager, try using tools such as Process Explorer to unlock ZonesCounterMutex and ZonesCacheCounterMutex.

  4. To perform client Web installation on computers with a 64-bit processor architecture, you must use the 32-bit version of Internet Explorer. The 64-bit version of Internet Explorer is not supported.

  5. After upgrading the client (if not using auto-deployment from the server), client updates using manual notification, Update Now, or client scheduled update must be run twice. Clients will receive the program update on the first update and the new components included in this OfficeScan version on the second update.

  6. While upgrading from OfficeScan 6.5, 7.0 or 7.3 to the current version, Trend Micro recommends disabling the other updates sources. Clients should upgrade from the OfficeScan server only.

  7. The OfficeScan client may not install correctly if Norton SystemWork antivirus is installed on the computer. Uninstall it before installing OfficeScan client.

  8. If you apply the Hot fix "Client Security Tool" to OfficeScan 5.x clients on Windows 2000, XP, Server 2003 computers in an NTFS environment, client users without administrator privileges cannot upgrade the OfficeScan client using Autopcc (Login Script) or Client Packager.

  9. Trend Micro Vulnerability Scanner cannot perform remote client installation on Windows XP computers unless simple file sharing is disabled.

  10. If F-Secure software is installed on a computer and the OfficeScan client is installed to the computer through the Web install page, the F-Secure software will be uninstalled automatically but the OfficeScan client cannot be installed.

  11. If using autopcc.exe to install the OfficeScan client on a computer with Panda Software, before installing the client, manually uninstall Panda Software and restart the computer.

  12. If a client upgrade process using an MSI package is already running, starting another upgrade process will not be successful. Start the new MSI upgrade process after the current process completes.

  13. Upgrading the OfficeScan 7.3 client to this version through VPN is not supported if Check Point SecureClient is installed on the client computer.

  14. If the OfficeScan client is installed using the "per-user" method, the OfficeScan client shortcut will still show on all the users' Windows Start menu.

  15. If the OfficeScan client is installed using the "per-user" method, when the server notifies the client to perform uninstallation, the program entry on the Add/Remove Program list will not be removed.

  16. This version of OfficeScan does not support uninstallation of OfficeScan clients using the "per-user" method on Microsoft Systems Management Server and Group Policy Objects if a password is required to perform the uninstallation.

  17. OfficeScan installed on a computer running Windows Vista does not support the Wake on LAN command.

  18. When a client is upgraded to this OfficeScan version, spyware/grayware scan exclusion settings are completely overwritten by the default settings of this version. Virus/Malware scan exclusion settings, on the other hand, are not overwritten.

   OfficeScan server

  1. If the OfficeScan server is installed on an Apache Web server, the Application Log in the Windows NT Event Log shows an incorrect Apache server error. This occurs because of the way that the Apache Web server deals with case-sensitive items in OfficeScan. The error does not actually exist; the Apache Web server is performing as expected.

  2. If you restart the OfficeScan master service, all virus/malware outbreak records will be deleted.

  3. OfficeScan server running on Windows Server 2003 computers cannot communicate with clients if they are running Internet Connection Firewall (ICF) for Windows Server 2003 unless the OfficeScan server listening port is added to the ICF exception list.

  4. If using SSL, make sure that a firewall or other applications are not using or blocking the SSL ports. Microsoft ISA proxy server only supports port 443 by default.

  5. Continuous network session connections (for example, mapping a driver) may trigger Virus Outbreak Monitor alerts.

  6. Trend Micro suggests setting an exclusion path for source and target paths when creating a CD or backup.

  7. OfficeScan may trigger a virus/malware outbreak alert if using Trend Micro Vulnerability Scanner (TMVS).

  8. If OfficeScan finds a virus/malware, the infection source name may be incorrect due to many threads simultaneously performing file IO processes or other special scenarios.

  9. Trend Micro recommends backing up the OfficeScan server database with the Database Backup tool. Set a daily backup schedule.

  10. Trend Micro recommends not upgrading the OfficeScan client program using the UNC method ( autopcc.exe) if there are more than 500 clients on your network. Use the OfficeScan Web console to perform HTTP update (client update). The client program file is updated during client installation (see the Installation and Deployment Guide for information on client installation).

  11. The OfficeScan server sometimes displays only one second level spyware/grayware log even if the client sends several second level logs.

  12. If OfficeScan is set to use an Apache Web server and Windows Terminal Services is activated, OfficeScan client logs may not be uploaded to the server.

  13. If you perform fresh installation of the OfficeScan server, deploy an outbreak prevention policy, and then move existing clients from their parent server to the newly installed server, the outbreak prevention policy does not get applied to the moved clients.

  14. The Windows Vista firewall has incoming packet priority and blocks incoming packets before the OfficeScan firewall does.

  15. The Control Manager server must use port 80 or 443 to allow migration from the Trend Micro Management (TMI) protocol to the Trend Micro Control Manager Management Communication Protocol (MCP) agent.

  16. Cisco SSL VPN Client connection fails if a user specifies proxy server settings in Internet Explorer and OfficeScan NT Proxy Service is running.

  17. The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running but there is no Trend Micro Common Firewall in the network protocol.

  18. When the OfficeScan server manages clients that have not been upgraded to this version, the Virus Scan Engine and Virus Pattern can be updated. However, please take note of the following:

  1. A problem between the Lenovo Trusted Platform Module (TPM) and the OfficeScan firewall may sometimes occur. A TPM notification message may display, stating that antivirus or firewall software is blocking connection to the TPM.

   OfficeScan server Web console

  1. When the Web console is opened in Internet Explorer 7, a certificate error displays.

  2. OfficeScan does not support G10N. Text on the Web console may be unreadable when data input is in one language and the operating system of the OfficeScan server is in another language.

  3. The Web console cannot be hosted on a computer with a 64-bit processor architecture unless you use Internet Explorer 32-bit.

  4. If Hotbar or other adware exists on the computer you are using to access the OfficeScan server Web console, ActiveX errors may appear on some Web console screens. Trend Micro recommends accessing the Web console from computers that do not have this kind of software.

  5. Internet Explorer default settings may prohibit ActiveX controls. You may need to add the address of the OfficeScan Web console to the list of trusted sites in the Internet Explorer browser to have the Web console function properly.

  6. To use the Web console, the security level on your Internet Explorer Web browser should be set to Medium or lower.

  7. Double-byte characters are not accepted in email notification messages.

  8. After activating a license for the Antivirus or the Web Threat Protection product service, users need to log off from the Web console and then log on again to enable the full functionality of the service.

  9. HTTP connection is blocked when attempting to open the OfficeScan server's Web console on a computer with a public IP address and with an OfficeScan client managed by another OfficeScan server. On the OfficeScan server that manages the client, add the other OfficeScan server to the approved list.

  10. Client settings on one OfficeScan version cannot be exported to another version.

   Client management

  1. If a client is installed on a server platform and the Activation Code entered is only valid for desktops and not servers, the client's status after installation is online even if the server managing it reports the client as offline. (See the system requirements for a list of supported platforms for the OfficeScan server.)

  2. Sometimes, OfficeScan may display the infection source notification message on a client computer even if the computer is not the source of a virus/malware infection. To ensure that the client computer is not infected, run a Manual Scan.

  3. If an outbreak prevention policy is enforced only to a specific domain, a newly installed client belonging to the domain will not apply the outbreak prevention policy. Choose root instead of domain in the client tree when enforcing a policy to ensure that newly installed clients also apply the policy.

  4. All scan types are unable to detect virus/malware in file links in the Internet Explorer temporary folder (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\). Virus/Malware will be detected, however, in the subfolders where the files are actually located.

  5. OfficeScan treats the EICAR test virus as a real virus. If the scan action for test virus is "Rename" and the action for real viruses is "Quarantine", OfficeScan will quarantine the EICAR test virus when detected.

  6. If the client security level configured on the Web console is set to "High", connection through Nortel VPN client cannot be established.

  7. The Common Firewall Driver will not be removed after uninstalling the OfficeScan client if the Network Connection Properties window is open during uninstallation. Make sure this window is not open during client uninstallation.

  8. If installing/uninstalling the client remotely, installation/uninstallation of the Common Firewall Driver causes remote computer disconnection. Reconnect to the remote computer to proceed.

  9. If you discover spyware/grayware that OfficeScan cannot detect, please send it to Trend Micro through one of the following methods:

  1. OfficeScan client inherits security settings from different locations depending on the operating system of the client computer. OfficeScan clients on Windows 2000/XP/Server 2003 computers inherit permissions from the parent folder or from the Program Files folder. When the OfficeScan client is installed under the Program Files folder, the security permissions will be inherited from its parent folder. If not, it will be inherited from the Program Files folder.

  2. Performing client migration with the ServerProtect Normal Server Migration Tool will not be successful when the server computer has installed Microsoft hot fix KB835732 (MS 04-011). You must install Trend Micro SPNT hot fix to resolve this issue.

  3. If a virus is detected through a terminal session, the OfficeScan client will show a notification message for every user. If one user sends viruses or malicious code to remote computers, the notification messages also keep appearing.

  4. After it is installed, the software "CNNIC Internet assistant" stops the OfficeScan client Real-time Monitor service.

  5. Spyware/Grayware Real-time Scan may sometimes clean files with a file extension included in the scan exclusion list. Other scan types work as expected.

  6. Computer restart is required after the Cisco Trust Agent 2.x Supplicant package is deployed.

  7. The OfficeScan client unloads and then reloads two times when upgraded to this version.

  8. If the scan action configured for Spyware/Grayware Real-time Scan is "Deny Access", spyware/grayware components that display in the notification message and log are different. The notification message displays a summary of spyware/grayware components, the log displays all the components.

  9. If the OfficeScan server is upgraded to version 8.0 but clients are not upgraded, the client notification messages do not display properly.

  10. When the OfficeScan client scans a .zip file that is unzipped, the Virus Scan Engine returns a different path for Windows 2003 (for example, Z:\virus) and Windows 2000 (for example, \\10.5.232\virus).

  11. When opening the client console on a computer running Windows Vista, the OfficeScan client sometimes responds slowly.

  12. The correct time based on Daylight Savings Time (DST) adjustment may not display on OfficeScan clients. Close and restart the OfficeScan client to resolve this issue.

  13. Spyware/Grayware in zip folders cannot be cleaned.

  14. Spyware/Grayware scan does not work when run on mapped network drives and remote computers.

  15. Scheduled Scan for spyware/grayware cannot be stopped immediately.

  16. The OfficeScan client cannot set up VPN connections using the Juniper/Safenet VPN client.

  17. VMware cannot link externally or get packets if the guest system is set to bridge mode and the OfficeScan firewall is enabled.

   Additional notes

  1. If Microsoft AntiSpyware is installed on the same computer as the OfficeScan server or client, a warning will display on the following situations:

  1. If you encounter the error message "Insufficient memory available to run Setup", close all other applications to make more memory available, and then run Setup again. If this occurs while there is sufficient memory available, run Setup at the command prompt with the following syntax: setup -IZ1 Z1. This will cause the setup program to skip memory checking.

  2. This version of OfficeScan does not support GateLock Remote Appliances.

  3. This version of OfficeScan does not support Remote Agent.

  4. There are several tools included in this version. Refer to the OfficeScan Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.

  5. The following are the permissions for the OfficeScan folders:

Directory/User

Administrator

Everyone

User

System

\PCCSRV

Full control

RX

N/A

 Full control

\PCCSRV\HTTDB

Full control

N/A

N/A

 Full control

\PCCSRV\Log

Full control

N/A

N/A

 Full control

\PCCSRV\Temp

Full control

N/A

RWXD

 Full control

\PCCSRV\Private

Full control

N/A

N/A

 Full control

\PCCSRV\Download

Full control

RX

R

 Full control

\PCCSRV\Web

Full control

N/A

R

 Full control

\PCCSRV\Web\Cgi

Full control

N/A

RX

 Full control

\PCCSRV\Web_console

Full control

N/A

R

 Full control

\PCCSRV\web_console\RemoteInstallCGI

Full control

N/A

RWXD

 Full control

\PCCSRV\web_console\ClientInstall

Full control

N/A

RWXD

 Full control

\PCCSRV\Virus

Full control

N/A

RW

 Full control

  1. The permission of account "Everyone" under the Virus folder will be Write when using UNC quarantine path.

  2. After upgrading, please download the latest components to keep your security risk protection current.

 

8.2. OfficeScan 8.0 Service Pack 1

  1. When the OfficeScan server notifies clients to update components, clients that obtain updates from an Update Agent will not be able to update if the Update Agent has not been upgraded to this service pack. However, these clients can still obtain the updates directly from the OfficeScan server.

  2. When an ACE/RSA software runs concurrently with the OfficeScan server on a Windows 2003 computer, all logon tokens created for the ACE/RSA software receive an access denied error.

To avoid this problem, install the OfficeScan server to a computer that does not run ACE/RSA software.

  1. When the security level on a Citrix server is medium or high:

  1. After upgrading the server and you run Login Script (AutoPcc.exe) on the client, the Spyware Scan Engine does not get updated to version 6 and the Spyware Pattern version becomes "N/A". To avoid this issue, enable the following option on the Web console before upgrading:

Updates > Client Deployment > Automatic Update > Deploy to clients for OfficeScan clients only and excluding roaming clients when they are restarted

  1. When the security level for a firewall policy is "medium" or "high", the OfficeScan client may appear offline on the server console. Try establishing a Telnet connection to the client using the client listening port to check the connection status. If connection cannot be established, unload and reload the client.

  2. The OfficeScan server cannot be registered to Control Manager using HTTPS and a proxy server that requires authentication. Registration succeeds if you:

  1. Spyware/Grayware in network drives cannot be cleaned but the scan result shows that cleaning was successful. Run Manual Scan on the local computer so OfficeScan can take the appropriate action against spyware/grayware.

  2. After changing the DNS server, the DNS query function for Web Reputation may continue using the previous DNS server.

  3. When scanning is complete, OfficeScan displays a notification page. On a Windows 2008 computer, the background color of the page does not conform to the standard color for OfficeScan notification pages.

  4. When using Control Manager's "single sign on" feature to log on to the OfficeScan server and then attempting to unregister OfficeScan from Control Manager, the unregistration status does not display.

  5. If the date on the computer is incorrectly changed to a date in the year 2038, when you install the OfficeScan server and choose Apache or IIS as the Web server, the OfficeScan console cannot be opened after installation.

  6. When the computer's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.

  7. Some OfficeScan 8.0 clients running Windows 2000 cannot be upgraded to OfficeScan 8.0 Service Pack 1 because OfficeScan always keeps the old version of the Virus Scan Engine. Restarting the computer resolves this issue.

  8. When the Virus Pattern on clients is successfully rolled back, the Virus Pattern information on the Web console's client tree may sometimes not be updated.

  9. If you create a login script in Active Directory and then log on as administrator on a Windows Vista Home or 2008 computer, the OfficeScan client cannot be installed to the computer and the message that displays states that the account used is not an administrator account.

  10. On a Windows 2000 computer, the Common Firewall Installer (ncfg.exe) may hang during upgrade. Restart the computer and then perform the upgrade again.

  11. If the license for the Web Threat Protection service has expired, the Spyware Pattern version becomes N/A. Renew your product license to avoid this problem.

  12. After an OfficeScan client in a VPN environment is uninstalled successfully, the client is not removed on the Web console's client tree and its status is offline.

  13. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive is not scanned when scanning is initiated through Terminal Services client.

  14. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.

  15. On the OfficeScan client computer, automatic proxy detection in Internet Explorer does not work if the administrator enables the "Client Console Access Restriction" option on the OfficeScan server Web console's Privileges and Other Settings screen.

  16. Three Antivirus components do not display on the console.

The components are:

  1. Incoming packets to a computer on a VMware client are dropped if the computer has OfficeScan client installed.

Workaround (for all clients):

EnableGlobalPfwBypassRule=1

Workaround (for specific clients):

    1. On the client computer, open Registry Editor.

    2. Add the following registry value:

  1. A problem between the Lenovo Trusted Platform Module (TPM) and the OfficeScan firewall may sometimes occur. A TPM notification message may display, stating that antivirus or firewall software is blocking connection to the TPM.

  2. When starting the OfficeScan firewall, the OfficeScanNT Personal Firewall service (TmPfw.exe) causes a significant increase in CPU usage and continuously reads the hard disk.

  3. If an Update Agent runs a 64-bit platform, the default component duplication method of downloading only one incremental pattern does not work. Instead, the Update Agent downloads 14 incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded. The Update Agent then generates its own version of the latest pattern, and makes this version and the 14 incremental patterns available to clients.

  4. The OfficeScan server's version on the Control Manager management console changes to 8.05 after installation but the client's version stays at 8.0 even if it has been upgraded. To determine which clients were successfully upgraded, check the Common Firewall Driver version on the Control Manager console. Clients upgraded successfully have version 5.300.

  5. If the Web console setting "Clients can update components but not upgrade the client program or deploy hot fixes" is enabled, OfficeScan clients are unable to upgrade the Spyware Scan Engine from version 5 to 6.

  6. Some proxy servers do not work if the OfficeScan NT Proxy Service (TmProxy.exe) is enabled. TmProxy.exe intercepts network traffic originating from a proxy server and then redirects the traffic again to the proxy server, resulting in a loop.

If you encounter this issue, override the OfficeScan server's Web Reputation setting and disable Web Reputation on the client. Note that disabling Web Reputation leaves your client computers unprotected from Web threats.

  1. The default Internet Explorer security setting in Windows 2003 causes the Web Reputation notifications to display inconsistent information. The default security setting blocks JavaScript from a Web page not included in the trusted sites list, causing inconsistency in the security level displayed on the Web Reputation blocking page and the notification message.

If you encounter this issue, open Internet Explorer, go to Tools > Internet Options > Security and perform any of the following steps:

  1. Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Notifications > Client User Notifications > Virus/Malware tab > Virus/Malware Infection Source).

  2. When generating one-time reports from the Control Manager 5.0 management console, the Common Firewall Driver version is 0. The correct version of the driver displays when performing the following tasks:

  1. When an email containing an attachment with spyware/grayware is retrieved through Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.

  2. On some Windows Vista computers, opening the OfficeScan client console may cause the computer to stop responding for a certain period of time (the duration depends on the computer's available memory).

To avoid encountering this issue:

  1. In a Citrix environment, When the OfficeScan client detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions.

Security risk can be any of the following:

  1. When OfficeScan is installed to a Citrix Presentation server, the Citrix client loses connection with the server.

To address this issue:

 

Back to top

 

 

9. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our Web site.

 

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

 

Back to top

 

 

10. About Trend Micro

Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop.

Copyright 1998-2008, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top

 

 

11. License Agreement  

Information about your license agreement with Trend Micro can be viewed at http://www.trendmicro.com/en/purchase/license/.

 

Third-party licensing:

RTPatch(R) software, Pocket Soft, Inc. This software is licensed under Patent Number 6,526,574.

Apache(TM) 2.0.55, Apache Software Foundation. License details available at http://www.apache.org/licenses/.

Cisco Systems(TM) Trust Agent 2.0.0.30, Cisco Systems, Inc.

CodeBase(R) 6.5, Sequiter(R) Software, Inc. License details available at  http://www.codebase.com/news/pr64rel.htm.

Microsoft(TM) Platform Software Development Kit for Windows Server 2003 SP1, Microsoft Corporation. License details available at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sdkintro/sdkintro/legal_information_sdk.asp.

Zlib 1.1.4, Copyright 1995-2002 Jean-loup Gailly and Mark Adler. License details available at: http://www.zlib.net/zlib_license.html.

 

Back to top