Trend Micro Worry-Free Business Security 9.0 SP1

Published by: Trend Micro, Incorporated

Published on: September 2014

This readme file was current as of the date above. All customers are advised to check the Trend Micro Online Help Center for updates (docs.trendmicro.com).

About Worry-Free Business Security

Worry-Free Business Security protects small business users and assets from data theft, identity theft, risky Web sites, and spam (Advanced Only).

New in this Release (WFBS 9.0 SP1)

Worry-Free Business Security includes the following new features and enhancements.

Table 1. What's New in WFBS 9.0 SP1

Feature/Enhancement

Description

Detection improvements

  • Outbreak prevention protection against compressed executable files (packers)

  • Improved Damage Cleanup Engine performance

Enhancements

Web reputation logs include running processes information

Usability improvements

  • Security Server version displays on the log on screen

  • Updated UI text to better reflect how WFBS works

Table 2. Resolved Known Issues

Item No.

Hot Fix/Critical Patch Number

Issue

Solution

1

N/A

A user requests for a way to configure the Messaging Security Agent to run attachment-blocking scans on quarantined spam email messages (MSA 11.1.1254).

This hot fix adds an option to configure the Messaging Security Agent to run attachment-blocking scans on quarantined spam email messages.

2

1433

After upgrading Worry-Free Business Security server from version 8.0 or 8.0 Service Pack 1 to 9.0, the live status of the Smart Scan Service on the server web console becomes "unavailable". This occurs because Worry-Free Business Security 9.0 server cannot update the Smart Scan pattern successfully.

This hot fix ensures that the Worry-Free Business Security 9.0 server can update the Smart Scan Pattern successfully.

3

1439

The Worry-Free Business Security 9.0 server package contains an OpenSSL cryptographic software library that is affected by the Heartbleed vulnerability.

This critical patch updates the OpenSSL cryptographic software library in the Worry-Free Business Security 9.0 SP1 server package to resolve this issue.

4

1440

If Microsoft™ Windows™ is in high-contrast mode and users access the Worry-Free Business Security 9.0 console in Microsoft Internet Explorer, users will not be able to move clients from one group to another.

This hot fix corrects a function attribute to enable Internet Explorer to properly retrieve information when Windows is in high-contrast mode. This helps ensure that users can successfully move clients between groups under this scenario.

5

1442

Worry-Free Business Security Agents may not be able to run manual scans on network drives.

This hot fix ensures that Worry-Free Business Security Agents can run manual scans on network drives.

6

1445

Worry-Free Business Security server database process may encounter memory leak during Spyware log query.

This hot fix ensures that the Worry-Free Business Security Server database process does not encounter memory leak when doing Spyware log query.

7

1451

When users sort data by clicking the "Viruses Detected", "Spyware Detected", "Spam Detected", and "URLs Violated" columns in the client tree of the server user interface, Worry-Free Business Security cannot sort the data correctly.

This hot fix corrects the data sorting issue that affects the "Viruses Detected", "Spyware Detected", "Spam Detected", and "URLs Violated" columns.

8

1452

Security Agent services fail to load during startup if administrators use the AutoPCC login script for deploying clients.

This hot fix ensures that the Security Agent services work properly during startup if administrators use the AutoPCC login script for deploying clients.

9

1454

Users randomly get pop-up windows from the Security Agent for no apparent reason.

This hot fix ensures that users only receive pop-up windows from the Security Agent for necessary events based on their notification configuration.

10

1456

On Microsoft™ 64-bit operating systems (OS), the 32-bit version of Internet Explorer 9 might crash when it coexists with the Security Agent.

This hot fix ensures that this browser works fine when it coexists with the Security Agent on Microsoft 64-bit operating systems.

11

1457

The "Action Taken" field in virus logs that were exported from the Worry-Free Business Security Server does not contain any information.

This hot fix ensures that virus logs are imported properly from the Worry-Free Business Security Server.

12

1458

There is an inconsistency in the "Date/Time" field between the POP3 mail log of Worry-Free Business Security Server and the log of Security Agent.

This hot fix ensures that information in POP3 mail log of Worry-Free Business Security Server will be consistent with the log of Security Agent.

13

1459

Users may not be able to update the Smart Scan Pattern from an HTTP redirection source.

This hot fix ensures that the update procedure can correctly process the dollar sign character in HTTP redirection responses so users can successfully update the Smart Scan Pattern from an HTTP redirection source.

14

1459

Security Agents receive balloon notifications when the agent is updating its program files. Customer's requesting a way to disable this type of balloon notification.

This hot fix provides an option to disable the balloon notification that appears when the agent is upgrading its program files.

15

1466

After installing the Worry-Free Business Security Agent, process PccNTMon.exe may encounter a handle leak issue.

This hot fix resolves the handle leak issue on affected computers.

16

2062

The EYES driver that comes with the Worry-Free Business Security package and works with a third-party driver may sometimes report false positives.

This hot fix updates the EYES driver to help prevent it from reporting false positives.

17

2063

TmListen might stop unexpectedly after Worry-Free Business Security Agent installation.

This hot fix ensures that the TmListen run successfully after Worry-Free Business Security Agent installation.

18

5215

The Security Agent installed on computers running Windows XP cannot detect malware located in the boot sector of a USB device when users log on Windows with a non-administrator account.

This hot fix updates Security Agent files to resolve this issue.

19

5215

The Ntrtscan.exe service may stop unexpectedly while the Security Agent performs a manual scan on a location with a path length that exceeds 260 characters.

This hot fix enables Security Agent to use a flexible variable instead of a fixed variable to store file paths during scans to prevent Ntrtscan.exe from stopping unexpectedly.

20

5215

Sometimes, the Security Agent Listener service, TmListen.exe, stops unexpectedly while the Security Agent starts up.

This hot fix enhances Security Agent's error-handling mechanism to prevent TmListen.exe from stopping unexpectedly while Security Agent start up.

21

5215

Sometimes, the status of an Security Agent computer appears as "Trend Micro Security Agent is turned off" on the Microsoft™ Windows™ Action Center even the Security Agent is enabled on the computer.

This hot fix updates the Security Agent files to ensure that the correct Security Agent status appears on the Windows Action Center.

22

5227

It may take a long time to log on to the Security Agent console in the Novell™ ZENworks™ Application platform because of an issue in the Virus Scan Engine settings.

This hot fix resolves this issue by allowing users to modify the Virus Scan Engine settings in the Worry-Free Business Security server and to globally deploy the new Virus Scan Engine settings to Worry-Free Business Security clients.

23

5238

The Security Server cgiCheckIP.exe function allows users to scan any port inside any network.

This hot fix enhances the port-checking mechanism of the cgiCheckIP.exe function to enable it to properly validate the port number sent from a client before scanning the port.

24

5245

Microsoft™ Office™ hangs when opening Office files in shared folders. This issue can be solved with deploy the CheckRtPCWOplock parameter.

This hot fix enables users to set the following CheckRtPCWOplock parameter in the Global Setting and deploy to the client to fix the hang issue.

25

5248

Sometimes, the status of a Security Agent computer in a VPN network environment appears as "Trend Micro Security Agent is turned off" on the Microsoft™ Windows™ Action Center.

This hot fix updates the Security Agent files to ensure that the correct client status appears on the Windows Action Center.

26

5248

Security Agent always overwrites this client registry key and sets it as the default value for the firewall module: HKLM\SYSTEM\CurrentControlSet\services\tmtdi\Parameters\ RedirectIpv6

This hot fix modifies the Redirect IPv6 function by manually (but not forcibly) overwriting the RedirectIpv6 key, setting it as default value.

27

5274

During Security Agent updates, Security Agent retrieves the Other Update Sources (OUS) settings from the ClientAllSetting.ini file and updates the OUS.ini file using the retrieved information. However, when the Security Server Master Service stops, the "ClientAllSetting.ini" file is cleared. As a result, Security Agent will not be able to retrieve any OUS settings to update the OUS.ini file which can cause Security Agent updates to fail.

This hot fix adds a checking mechanism that prevents Security Agentt from making changes to the OUS.ini file if it cannot retrieve any OUS settings from the ClientAllSetting.ini file. This ensures that Security Agents can still complete updates when the ClientAllSetting.ini file is empty.

28

5339

Sometimes, the Virus Cleanup Template version on the Security Agent console becomes "0" after the client updates the template and loads the new version.

This hot fix enhances the version-checking mechanism to ensure that the correct Virus Cleanup Template version appears on the Security Agent console.

29

5350

Users may not be able to access internal web sites when the Security Agent uses IPv6 to redirect URLs to Web Reputation Service (WRS).

This hot fix resolves the issue by providing an option to configure Security Agents to redirect URLs to WRS using IPv4 instead of IPv6 and to deploy the setting globally.

30

5366

Microsoft™ Outlook™ stops responding when launched on computers running the Security Agent Behavior Monitoring service.

Hotfix provide deploy the Behavior Monitoring settings that can prevent Outlook from stopping unexpectedly in this situation.

31

5369

The Security Agent does not generate a spyware log when it detects spyware in a self-extracting compressed file and all its actions on the file fail.

This hot fix ensures that Security Agent generates spyware logs when it detects spyware in a compressed file and all its actions on the file fail.

32

5390

The Security Agent's OUS.ini file becomes truncated after an update. This happens when the OUS.ini file is larger than the allotted memory buffer for the copy function which forces the function to truncate the file to fit the buffer.

This hot fix increases the memory buffer for the OUS.ini copy function to prevent the function from truncating the OUS.ini file of Security Agents during updates.

33

5399

Sometimes, the Virus Cleanup Template version on the OfficeScan client console becomes "0" after the client updates the template and loads the new version.

This hot fix enhances the version-checking mechanism to ensure that the correct Virus Cleanup Template version appears on the OfficeScan client console.

34

5443

The rollback process for Smart Scan Agent and virus pattern files may not work correctly.

This hot fix ensures that the rollback process for Smart Scan Agent and virus pattern files work correctly.

35

5463

A third-party software may stop responding on a Security Agent computer when both the client's Unauthorized Change Prevention Service and Firewall Services are enabled.

This hot fix enables users to deploy a firewall setting to prevent third-party software from stopping unexpectedly on Security Agent computers when both the client's Unauthorized Change Prevention Service and Firewall Services are enabled.

36

5485

When a Security Agent performs a manual scan and the scan path is longer that 63 characters, the corresponding scan log does not appear in the "Virus Logs" viewer.

This hot fix ensures that the scan logs are recorded successfully when the scan path is longer than 63 characters.

37

5492

Security Agents installed on 64-bit platforms may not be able to update from the update agent.

This hot fix ensures that Security Agents will update successfully from update agents.

38

5495

Some components may not be updated when its modules are used by some features during Security Agent update.

This fix ensures that all components are updated during Security Agent update.

What's New in WFBS 9.0

Worry-Free Business Security includes the following new features and enhancements.

Table 3. What's New in WFBS 9.0

Feature/Enhancement

Description

Microsoft Exchange support

WFBS now supports Microsoft Exchange Server 2010 SP3 and Microsoft Exchange Server 2013.

Windows support

WFBS now supports Microsoft Windows 8.1 and Windows Server 2012 R2.

Mobile device security

WFBS Advanced now supports mobile device data protection and access control. Mobile device security has the following features:

  • Device Access Control

    • Allow access to the Exchange server based on user, operating system, and / or email client

    • Specify the access granted to specific mailbox components

  • Device Management

    • Perform a device wipe on lost or stolen devices

    • Apply security settings to specific users including:

      • Password strength requirements

      • Automatic device lock after being inactive

      • Encryption

      • Unsuccessful sign-in data purge

Activation Code enhancement

Post-paid Activation Code support

Detection improvements

  • Enhanced Memory Scan for real-time scan

  • Known and potential threat mode for Behavior Monitoring

  • Browser Exploit Prevention

  • Newly encountered program download detection

Performance improvements

  • Installation and un-installation time of Security Agent

  • Deferred Scan for Real-time Scan

Usability improvements

  • Global and group Approval/Block lists for Web Reputation and URL Filtering

  • IP exception list for Web Reputation and URL Filtering in the Global Settings

  • Removal of ActiveX from Client Tree and Remote installation page

  • Customized Outbreak Defense

  • Outlook 2013 and Windows Live Mail 2012 support for Trend Micro Anti-Spam Toolbar

  • Update Agent to update from Trend Micro ActiveUpdate only

  • Stop Server updates

  • Keep patterns when upgrading the Server and Agent

  • Help Link and Infection Source virus logs

Worry-Free Business Security Documentation

Worry-Free Business Security documentation includes the following:

Table 4. Worry-Free Business Security Documentation

Documentation

Description

Installation and Upgrade Guide

A PDF document that discusses requirements and procedures for installing the Security Server, and upgrading the server and agents

Administrator’s Guide

A PDF document that discusses getting started information, client installation procedures, and Security Server and agent management

Help

HTML files compiled in WebHelp or CHM format that provide "how to's", usage advice, and field-specific information

Readme file

Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation

Knowledge Base

An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website:

http://esupport.trendmicro.com

Download the latest version of the PDF documents and readme at:

http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx

System Requirements

Visit the following website for a complete list of installation and upgrade requirements:

http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx

Installation

See the Installation and Upgrade Guide for instructions on:

  • Installing the Security Server

  • Upgrading the Security Server and agents

For instructions on installing agents, see the Administrator's Guide.

Inserting Contact Information (for Resellers and Partners)

Resellers and partners can add their contact information to the Security Server web console by performing the following steps:

  1. On the computer where the Security Server is installed, navigate to {Security Server installation folder}\PCCSRV\Private. {Security Server installation folder} is typically C:\Program Files\Trend Micro\Security Server.

  2. Open contact_info.ini using a text editor such as Notepad and then type the relevant contact information. Save the file.

  3. Log on to the Security Server web console and navigate to Preferences > Product License. A Reseller Information section is added to the Product License screen.

Post-Installation Configuration

See the post-installation tasks in the Installation and Upgrade Guide if you:

  • Installed the Security Server

  • Upgraded the Security Server and agents

If you installed agents, see the agent post-installation tasks in the Administrator's Guide.

Known Issues

Some product features do not support certain operating systems and associated applications. For details, visit http://docs.trendmicro.com/en-us/smb/worry-free-business-security-90-sp1/agent_features/ .

The following are the known issues in this release:

Windows Agent Known Issues

Security Agent Deployment, Upgrade, and Usage

For details about installation limitations on certain operating systems, see the Help topic: http://docs.trendmicro.com/en-us/smb/worry-free-business-security-90-sp1/install_meth/.

  1. To completely reinstall or upgrade the Security Agent, you will need to restart the computer. A restart will also be necessary when updating some components, including the firewall and the proxy drivers.

  2. WFBS supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.

    In a Terminal Services environment, administrators can decide whether to show or hide the Security Agent icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.

    If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:

    1. On the Security Agent host, open the registry.

    2. Create or modify the following REG name or value pair:

      • Key:

        • For 32-bit: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc

        • For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc

      • Name: RCS

      • Type: DWORD

      • Value: 202 (in decimal format)

      There will be no PccNTMon instances created when its value is set to 202.

    3. The manual scan process bar is not fully synchronized to Files scanned count based scan mechanism

Security Server

  1. The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:

    • HTTP: 8059 and 8082

    • SSL: 4343 and 4345

  2. If an Internet connection problem occurs during the Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem or the installer might freeze. A stable Internet connection is required during installation.

  3. During Security Server install or upgrade, Setup.exe or TrustedInstaller.exe may use up to 50% of CPU resources.

Web Console

  1. Trend Micro recommends setting Internet Explorer to Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.

    By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.

Behavior Monitoring/Device Control

  1. Behavior Monitoring and Device Control fully support 32-bit operating systems. On 64-bit operating systems, only Vista x64 SP1 and later are supported.

Web Reputation and URL Filtering

  1. Browser Exploit Prevention supports Internet Explorer versions 6, 7, 8, 9, 10, and 11.

  2. In an unstable network environment, the Trend Micro Web Reputation server may pass a website without filtering.

Firewall

  1. When uninstalling the firewall driver, the Client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).

  2. The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.

  3. On VMware clients, the Security Agent firewall may block all incoming packets.

    To address this issue, add the following value to the client's registry:

    • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

    • Name: EnableBypassRule

    • Type: REG_DWORD

    • Data: 1

      1 means enable, 0 means disable

Messaging Security Agent

  1. The Messaging Security Agent only supports typical installations of Exchange Server 2007, 2010, and 2013 that include the Hub Transport, the Mailbox, and the Client Access server roles.

  2. Device Access Control for mobile devices is only supported for Exchange 2010 and 2013.

  3. As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.

  4. The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as the database availability group (DAG). To work around this issue, enable the Mailbox, Client Access, and Hub Transport server roles in all MS Exchange servers.

  5. During Messaging Security Agent installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the Messaging Security Agent if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.

  6. When installing Messaging Security Agent remotely, using the Web console or the Worry-Free Business Security Advanced installer on a computer running Windows Server 2008, SBS 2008, EBS 2008, SBS 2011 Standard, 2008 R2, 2012, or 2012 R2 you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.

  7. Messaging Security Agent cannot be installed on the domain controller server when the operating system is Windows Server 2012 and above. This is a limitation of SQL Server 2008 R2 on Windows Server 2012 and above.

  8. Mobile Security Policies are kept on the Exchange Server after the Messaging Security Agent is uninstalled.

Contacting Trend Micro

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support  for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at:

http://www.trendmicro.com

Evaluation copies of Trend Micro products can be downloaded from our Web site.

Global Mailing Address / Telephone Numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to:

You can contact Trend Micro via fax, phone, and email, or visit us at:

http://www.trendmicro.com/en/about/overview.htm

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note:

This information is subject to change without notice.

About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com/.

Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, Worry-Free, TrendProtect, and InterScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.

About the License Agreement

Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

Click here to view license attributions for this product.