Trend Micro, Inc.
Trend Micro™ Worry-Free Business Security Services™
This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/smb/worry-free-business-security-services.aspx.
Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey.aspx.
1. About Worry-Free Business Security Services
Trend Micro™ Worry-Free Business Security Services™ for small offices protects multiple Windows computers, Macs, and Android devices located in or out of the office from viruses and other threats from the web. Unique Web Threat Protection stops threats before they reach devices and inflict damage or steal data. This safer, smarter, simpler protection from web threats will not cause devices to slow down. You can centrally manage security from anywhere without the need to add a server, install server software, configure settings, or maintain updates. Trend Micro security experts host and constantly update the service for you. Trend Micro™ Worry-Free Business Security Services™ is:
Safer: Powered by XGen™ security, Worry-Free Business Security Services uses a blend of threat protection techniques to eliminate security gaps - in any activity, on any endpoint, anywhere. XGen security:
Goes beyond next-generation technologies and protects against the full range of threats. Progressively filters out threats using the most efficient technique for maximum detection without false positives.
Blends signatureless techniques, including machine learning, behavioral analysis, variant protection, census check, application control, and good-file check with file and web reputation.
Smarter: Stop viruses and other threats without configuring settings or maintaining updates.
Simpler: Centrally manage and check the status of protected devices anywhere (no server required).
Back to top
2. What's New
Worry-Free Business Security Services includes the following new features and enhancements:
New User Interface Design
Worry-Free Business Security Services has a completely refreshed and improved user interface. Administrators can locate endpoints or users quickly, research security concerns, mitigate threats, and provide better service to their end users.
Advanced Policy Management Mode
Worry-Free Business Security Services now has an optional Advanced Mode that provides more power and control by allowing administrators to create granular policies and target users and/or endpoints.
Role-Based Access Control
Worry-Free Business Security Services now supports role-based access control. The predefined user roles provide specific access rights to the web console, allowing administrators to delegate roles and responsibilities.
Device Control Enhancements
Worry-Free Business Security Services now provides more granular control for connected USB devices. Administrators can take action on specific device types or serial numbers and restrict access to a broad range of devices, including storage (CD/DVD, network drives, USB storage devices) and non-storage devices (Bluetooth adapters, IEEE1394 interface, infrared devices, wireless NICs, and print screen key).
Web Threat Protection Enhancements
Worry-Free Business Security Services now supports checking websites that use the latest HTTP/2 protocol in all supported browsers.
Unprotected Endpoint Discovery
Worry-Free Business Security Services now has the ability to identify endpoints that have no Security Agent installed in an Active Directory integrated environment and provide a quick and easy way to deploy the Security Agent to those endpoints.
Consolidated Security Policy Settings
Worry-Free Business Security Services has further consolidated the security policy settings, such as scan exclusions and scan settings, to help you manage the settings more effectively.
Consolidated Security Events
You can now view security events from the following screens:
The advanced search feature provides several filter criteria to help you quickly find and manage endpoints. You can use specific filter criteria, such as an IP range or Windows 7, and save the criteria as filters in the Security Agent Tree.
Back to top
3. Document Set
The document set for the Worry-Free Business Security Services includes:
Download the latest versions of the PDF documents and readme at http://docs.trendmicro.com/en-us/smb/worry-free-business-security-services.aspx.
Back to top
4. Security Agent System Requirements
The Worry-Free Business Security Services Security Agent can be installed on Microsoft Windows, Mac OS, iOS, or Android platforms. The Security Agent is also compatible with various third-party products.
Visit the following website for a complete list of system requirements and compatible third-party products:
Back to top
5. Known Issues
Windows Security Agent Known Issues
Security Agent Deployment and Upgrade
When the following conditions apply, the proxy server information needs to be added to the firewall exception list in the Worry-Free Business Security Services web console.
Endpoints are installed on Windows 8, Windows Server 2012, or later and use a proxy server.
The firewall security level is set to High in the advanced mode in the Worry-Free Business Security Services web console.
Endpoints may lose network connection temporarily during installation.
Users cannot deploy the Security Agent program when Internet Explorer 10 or later is running in Metro mode on Windows 8 or later.
The email installation link does not work properly when users try to re-activate the Security Agent using Microsoft Edge. However, Microsoft intends to resolve this issue in a later release.
After users install the Security Agent and then open Firefox, sometimes the Firefox extension installation process does not start. Users need to manually enable the extension in Add-ons Manager.
Issue: The Security Agent cannot upgrade to version 6.5 if Microsoft Visual C++ 2015 Runtime cannot install successfully on the endpoint. Operating systems that do not meet the prerequisites for the Universal C Runtime (CRT) update might take a long time to complete Microsoft Visual C++ 2015 Runtime installation. For more information on the update, see https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows.
Workaround: Install the latest Windows Update or the Universal CRT update (2999226) on the endpoint so that Microsoft Visual C++ 2015 Runtime can install successfully during the regular Security Agent upgrade process.
If the Security Agent is enabled and a malware program resides in the Security Agent folder before Real-time Scan starts, the Security Agent cannot restrict that malware from updating the registry.
On Windows 10 endpoints, Worry-Free Business Security Services alerts may be hidden behind the Microsoft Edge browser window. Users must check for any unauthorized event or threat alerts that may appear.
If the Security Agent is installed on a Windows endpoint running Enhanced Mitigation Experience Toolkit (EMET), there might be some performance and conflict issues. Trend Micro recommends not installing the Security Agent and Microsoft EMET on the same endpoint.
Issue: If users have installed Windows Update KB3076895 (MS15-084), the Msxml6.dll 6.20.5008.0 file included in the update might cause issues in the TmListen.exe service and policy setting deployments.
Workaround: Install Windows Update KB3092627 or later to update the Msxml6.dll file.
When multiple logon sessions exist on an endpoint, some agent process files might crash after an agent upgrade. Users might need to manually start the Security Agent.
During Security Agent installation or firewall driver uninstallation, the endpoint may temporarily lose its network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop could be affected by the disconnection. If the network connection is lost, restart the application after installing the Security Agent or after disabling the firewall.
The Security Agent firewall may conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.
On VMware clients, the Security Agent firewall may block all incoming packets.
To address this issue, add the following value to the VMware client registry:
The firewall feature does not support IPv6.
Web Reputation and URL Filtering
When running Internet Explorer 9 or later with Internet Explorer Enhanced Security Configuration, the Web Reputation plug-in module (TmIEPlugInBHO Class) cannot be automatically applied. Risky URLs using SSL cannot be blocked.
Web Reputation Services and URL Filtering are not supported when Internet Explorer 10 or later is running in Metro mode on Windows 8 or later.
Issue: If Chrome is open while the Security Agent updates Web Reputation Services and URL Filtering components, the Security Agent will not be able to block HTTPS websites.
Workaround: Restart Chrome to resolve the issue.
HTTPS Web Threat Protection does not support Mac Security Agents.
Windows Small Business Server Dashboard Add-In Tool
Dashboard Add-in is not compatible with Internet Explorer Enhanced Security Configuration. Ensure this option is disabled before opening the Dashboard.
Login Script Setup Tool
Endpoints installed on Windows Vista or later and have User Account Control (UAC) enabled cannot run automatic installation.
Multiple log entries appear when a user tries to access or copy files to a USB device. Device Control detects each instance as a single policy violation but includes multiple entries in the logs to differentiate the OS versions.
Device Control supports all 32-bit operating systems and only the following 64-bit platforms: Windows Vista SP1 x64 and later.
When users block an application that consists of .dll files only, Worry-Free Business Security Services will not block the application. Blocking the .dll files might also block other applications that run the same .dll files.
When using HTML tags that might be exploited by Cross-Site Scripting (XSS) attacks to search in the Certified Safe Software List, the search function ignores the tags to prevent script injections.
When multiple logon sessions exist on an endpoint, the Application Control feature will increase CPU usage for a while.
Full Disk Encryption
BitLocker cannot encrypt endpoints that run multiple operating systems when users install Windows 7 first and then install Windows 10. In this scenario, the default system partition size on both operating systems will be 100 MB, but BitLocker requires at least 350 MB of system partition size on Windows 10.
Data Loss Prevention
When uninstalling the Security Agent with Data Loss Prevention enabled, users must restart the endpoints to completely remove the Data Loss Prevention components. Currently there is no reminder of the requirement.
If users try to reinstall the Security Agent without restarting the endpoints, the Data Loss Prevention components cannot be installed until users restart the endpoints. After reinstalling the Data Loss Prevention components, users must restart the endpoints again.
The Device List Tool only supports the following languages:
Data Loss Prevention cannot detect violations triggered from Google Backup and Sync that is version 3.42.9858.3671 or later.
Mac Security Agent Known Issues
The Security Agent does not support root accounts.
Issue: After upgrading from macOS Sierra (10.12) to macOS High Sierra (10.13), users must click the Allow button in System Preferences > Security & Privacy > General within 30 minutes. Otherwise the button will disappear.
Workaround: Restart the endpoint so that the Allow button can reappear.
Android Security Agent Known Issues
Worry-Free Business Security Services cannot be installed on rooted Android devices.
On an Android device, if the user goes to Settings > Apps > Worry-Free Security > Storage and taps CLEAR CACHE, the Security Agent might not be able to connect to the server to receive updates. The user would need to re-enroll the device.
If other installed apps interfere with the device's network connection, the Security Agent might not be able to connect to the server to receive updates.
When using the "Remote Locate" feature to find a mobile device, the language code (for example: en, jp, fr) that displays in the browser for the embedded Google Maps may not be the same as the language used by the web console.
Worry-Free Business Security Services uses Google Cloud Messaging (GCM) for Android mobile device management commands. Commands sent to Android devices can take some time to be received, or the commands may be unsuccessful.
If multiple device administrators manage a single Android device, some commands may not be successful (for example: reset password). Worry-Free Business Security Services uses the Android Device Administrator for mobile device management commands. When more than one Device Administrator exists for the same Android device, the stricter policy on the device has priority. For example, if two apps both require users to follow a password policy, only the stricter policy is applied.
For Android devices that contain multiple user profiles, the Security Agent can only be installed in the owner's profile. An error occurs when users try to install the Security Agent in other user profiles.
The Reset Password command can only apply once to Android 7 or later devices that have not set up a password.
iOS Security Profile Known Issues
Worry-Free Business Security Services uses the Apple Push Notification service (APNs) for iOS mobile device management commands. Commands sent to iOS devices can take some time to be received, or the commands may be unsuccessful.
If the Private Browsing feature in Safari is enabled (https://support.apple.com/en-ph/HT203036), iOS devices may not successfully complete device enrollment.
Users cannot install the Security Profile when the iOS device uses a proxy server to connect to the Internet.
Back to top
6. Contact Information
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.
Evaluation copies of Trend Micro products can be downloaded from our website.
Global Mailing Address/Telephone numbers
For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/us/about-us/contact/index.html.
Note: This information is subject to change without notice.
Back to top
7. About Trend Micro
Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.
Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and Worry-Free Business Security Services are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
Back to top
8. License Agreement
Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.
License Attributions can be viewed from the Worry-Free Business Security Services web console.
Back to top