<> Trend Micro, Inc. March 15, 2006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Damage Cleanup Services(TM) Version 3.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at: http://olr.trendmicro.com Contents =================================================================== 1. About Trend Micro Damage Cleanup Services 2. What's New 2.1 Resolved Known Issues (from Previous Versions) 3. Documentation Set 4. System Requirements 4.1 DCS Server 4.2 Web console 4.3 Client under Scan 4.4 Compatibility List 5. Installation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. About Trend Micro Damage Cleanup Services ======================================================================== Trend Micro(TM) Damage Cleanup Services (DCS) automatically removes spyware/grayware, viruses, Trojans and malware remnants from clients and servers, and repairs system registries and infected memory. DCS works with Trend Micro OfficeScan(TM) to protect clients and servers in real time, even when clients are remote or disconnected from the network. DCS can also be deployed on a network to centrally clean infections from all machines on that network--whether or not they have antivirus programs installed. TrendLabs(SM) global support network provides timely updates to clean the latest threats and protect against the latest outbreaks. 2. What's New ======================================================================== DCS 3.1 comes a greatly improved spyware/grayware scanning and cleanup engine and template. This new engine and template can detect and clean more spyware/grayware than ever before, with even fewer false positives. With this release, DCS can now register to TMCM, DCS can make use of the following features: - IT managers can deploy DCS engine and patterns from TMCM - Integrated OPP supported with TMCM - All DCS servers that are managed by TMCM send all malware and spyware/grayware logs to TMCM, so that a user can generate consolidated and comparative reports from the TMCM console - Support for configuring DCS from a TMCM console by way of a user interface redirect 2.1 Resolved Known Issues (from Previous Versions) ====================================================================== 2.1.1. System Fatal Error re: Case of Spyware/grayware Name =================================================================== Problem: If a user tries to add a spyware/grayware name to the Global Spyware/Grayware Exclusion List but that name has already been saved (but in different case type, for example "spywarename" versus "SpyWareName" or "SPYWARENAME"), a System Fatal Error occurs. After this error, all items in the spyware/grayware list are gone. Solution: DCS 3.1 recognizes spyware/grayware names independently of case and alerts the user of duplicate entries regardless of the case of the entry via an error message that states that dupli- cate names are not allowed. 2.1.2. Incorrect Account Management Tool Error Message =================================================================== Problem: When a user uses the Account Management tool to add a new domain or machine account using disallowed characters, an incorrect error message displays, mentioning "importing," even though the user is trying to add, not import. Solution: The error message has been revised to accurately describe the cause of the error. 2.1.3. Windows 2003 Spacing Issue on "About" Page =================================================================== Problem: Unnecessary space appears at top of "About" page when user views DCS management console on a Windows 2003 platform. Solution: The unnecessary space has been removed. 2.1.4. Incorrect Product Name in Title Bar on "About" Page =================================================================== Problem: Incorrect product name appears in title bar of DCS 3.0 "About" page. Solution: The title bar for the "About" page now shows the correct product name, "Trend Micro Damage Cleanup Services." 2.1.5. On "Edit Scan" Screen "Save" Button Appears Disabled =================================================================== Problem: When a user attempts to change scan type (from malware to spyware/grayware or vice versoa), the "Edit Scan" screen displays with the "Save" button greyed-out to indicate it is disabled. However, the button does not revert to its "active" appearance once a user begins changes a setting. Solution: The save button is now enabled once a user changes any settings on the "Edit Scan" screen. 2.1.6. "Event Notification" for "Special Scan" Omits "Scan Target" =================================================================== Problem: The event notification message sent out for scans of type "Special scan" display "Scan target:" and the machine count, but not the actual content of the "scan target" field. Solution: The even notification message not includes the data from the "scan target" field. 2.1.7. Emailed Reports for Manual Cleanup Tool Omit Scan Name =================================================================== Problem: In emailed scan reports for the Manual Cleanup Tool scan, the scan name field is empty. Solution: Manual Cleanup Tool emailed reports now show the correct data in the "scan name" field. 2.1.8. Scan Result Does Not Reflect Change in Scan Category =================================================================== Problem: If a user creates a scan and then edits that scan so that it does not scan for one category (for example, malware), the scan result in the Summary screen will not reflect the change and will show no data for the category (for example, malware) that was removed. Solution: The Summary screen will now display under "Damange Distribution for [Malware or Spyware/Grayware]" the scan results from the last scan for that type. 2.1.9. Change of Database Username or Password May Cause DCS Serious Problems =================================================================== Problem: If the database administrator account or password is changed, DCS will not be able to log on the database, will fall into an infinite loop, and CPU usage will increase to 100 percent. Solution: If the user authentication fails, it is of no use to retry. Therefore, DCS will terminate immediately and report an error to the OS event log. 2.1.10. Unexpected Error Occurs When Product License Is Updated =================================================================== Problem: If user sets a proxy during DCS installation and later attempts to update the license, the update will fail. Solution: Product license update will succeed even if user sets a proxy during DCS installation. 2.1.11. Misspelling in Notification Email Default Subject Line =================================================================== Problem: In step 4 of the Add Scan screen (Notification), the subject message "Spyware/Grayware Scan Results" of the notification email was misspelled. Solution: The spelling has been corrected. 2.1.12. Add Scan Target by Machine Name May Cause Scan Timeout =================================================================== Problem: If user adds a scan target by machine name with particular steps, the scan result of the machine will be unresponsive and the reason will be scan timeout. Solution: If user adds a scan target by machine name, either the machine will be scanned correctly or, if DCS cannot find the machine, DCS will filtered it out. 2.1.13. Scheduled Task Runs Twice When the Scheduled Time Arrives =================================================================== Problem: When a user sets up some scheduled scans or scheduled updates, sometimes DCS will run the scheduled task twice. Solution: The scheduled task will be triggered only once. 2.1.14. Under Some Conditions, Javascript Error Occurs on Log Query Screen =================================================================== Problem: If a user enters invalid characters in the Advanced Query section of the Log Query screen; clicks "More Searching Criteria," thereby hiding those fields; and then executes a query, a Javascript error occurs. Solution: DCS can validate those fields even if they are hidden from view. 2.1.15. DCS Sends Wrong Timestamp to InterScan Web Security Suite (IWSS) If Daylight Saving Time Adjustment Is Enabled on Computer =================================================================== Problem: If a user enables Daylight Saving Time adjustment on the DCS server machine, DCS will subtract one hour from the timestamp of the scan result logs sent to IWSS whether or not the current month is within the Daylight Saving Time period. In such a case, scan result logs sent during Standard Time will be time-stamped 1 hour earlier in the IWSS web console than in the DCS web console. Solution: DCS uses the system API to calculate the timestamp of logs rather than adjusting the time manually. 2.1.16. DCS Sends the Wrong Scan Results to IWSS =================================================================== Problem: When IWSS requests DCS to scan multiple clients during a very short period, some of the scan results in IWSS will be "connection failed" even if the clients are scanned by DCS successfully. Solution: DCS will send the correct scan result and user can query the result from the IWSS Web console. 2.1.17. DCS Fails to Generate Reports If Debug Log Path Is Wrong or Debug Log Does Not Exist =================================================================== Problem: If a user sets an invalid debug log path in the registry or the debug log path does not exist, DCS will not generate a report. Solution: If a user sets an invalid debug log path or the debug log path does not exist, DCS will create a default debug log folder in the DCS folder and will place those debug logs there to generate a report successfully. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: - Damage Cleanup Services 3.1 Administrator's Guide -- This guide contains detailed instructions on how to install, configure and administer Damage Cleanup Services, as well as explanations of DCS concepts and features. Electronic versions of the Administrator's Guide are available at: http://www.trendmicro.com/download/product.asp?productid=48 - Online help -- Context-sensitive help screens that provide guidance for performing a task, as well as console-based Online Help that is accessible from the DCS management console by clicking the Help icon. - Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://kb.trendmicro.com/solutions/ 4. System Requirements ======================================================================== The only platform to which Damage Cleanup Services (DCS) can successfully install to is Microsoft Windows server. DCS has different system requirements for the machine on which the DCS server is installed and the client machines that it scans in the network. 4.1 DCS server ======================================================================= Operating system: -Microsoft(TM) Windows(TM) 2000 Server (SP 3) -Microsoft(TM) Windows(TM) 2000 Advanced Server (SP 3) -Microsoft(TM) Windows(TM) 2003 Standard Server -Microsoft(TM) Windows(TM) 2003 Enterprise Server Note: Damage Cleanup Services does not support Windows NT. Hardware: Minimum requirements: -1GMHz Intel(TM) Pentium(TM) III processor or equivalent -512MB of RAM -300MB of disk space Recommended requirements: -2.4GHz Intel Pentium 4 or faster -1GB of RAM -2GB of disk space Web server: -Microsoft Internet Information Server (IIS) Version 5.0: Windows 2000 Server Version 6.0: Windows 2003 Server Database server: Minimum requirement: -Microsoft SQL Server Desktop Engine (MSDE) 2000 Recommended requirement: -Microsoft SQL Server 2000 Others: -Administrator or Domain Administrator access on the server machine -Microsoft .NET Framework 1.1 (DCS installs it if it is not present) -File and printer sharing for Microsoft Networks installed on the server machine 4.2 Web console ====================================================================== -64MB of RAM -30MB of disk space -Monitor that supports 1024 x 768 resolution at 256 colors or higher -Microsoft Internet Explorer 5.5 + Service Pack 2 (DCS uses ActiveX controls and JavaScript, and those technologies are supported by IE 5.5 + SP2.) -Microsoft Internet Explorer 6.0 4.3 Client under scan ====================================================================== Operating system: -Windows XP Professional -Windows NT 4.0 (Service Pack 6) -Windows 2000 Professional (SP3) -Windows 2000 Server (SP3) -Windows 2000 Advanced Server(SP3) -Windows 2003 Standard Server -Windows 2003 Enterprise Server NOTE: Windows 95/98/98 SE/ME/XP Home are supported by the Manual Damage Cleanup Tool Hardware: -128MB of RAM -20MB of available hard disk space 4.4 Other requirements: ====================================================================== Damage Cleanup Service is compatible with the following non-Trend Micro products: - Microsoft Office 2000 - Microsoft Office XP - Microsoft Office 2003 - Microsoft SQL 2000 - Windows 2000 Professional - Windows 2000 Server - Windows 2000 Advanced Server - Windows 2003 Standard Server - Windows 2003 Enterprise Server 5. Installation ======================================================================== For detailed guidance on installing DCS 3.1, see the "Damage Cleanup Services 3.1 Administrator's Guide." Important Note: Only the user who installed DCS 3.0 can see the following: - "Add/Remove program" feature for DCS - The "Trend Micro Damage Cleanup Services" menu off of the Windows Start > Programs menu, including its three entries, "Account Management Tool," "Readme file," and "Trend Micro Damage Cleanup Services" In DCS 3.1 these items are visible to all users. Therefore, a user who did not install the program cannot upgrade or remove it. When you upgrade from DCS 3.0 to 3.1, follow the procedures below to transfer the old DCS 3.0 settings and other information into DCS 3.1. Follow the two procedures below to remove DCS 3.0 and upgrade to DCS 3.1 without losing any of the data from DCS 3.0. The two procedures are-- a. Uninstall DCS 3.0 but keep the database b. Install DCS 3.1 and use the same database as DCS 3.0 did To uninstall DCS 3.0 but keep the database: 1. Log on to Windows using the account that was used in the previous installation. 2. Use the Add/Remove Programs feature in Windows to start the uninstallation of the DCS 3.0. After the program gathers necessary information, it asks if you want to keep the database. 3. Click "Yes" (the default choice). The Add/Remove Programs feature finishes removing the previous DCS installation but leaves the database intact. To install DCS 3.1 and use the same databas as DCS 3.0 did: 1. While logged in to Windows with the same user account as the one used when DCS 3.0 was installed, restart the DCS 3.1 setup program. 2. Enter all of the required information as before. 3. On the Database Information screen, click "Next" without changing the name of the database that DCS 3.0 used. Setup notifies you that a database of the same name exists and asks if you want to use the same name. 4. Click "Yes." Setup asks whether you wish to overwrite the existing database. 5. Click "No." Setup will use the existing database, keeping the DCS 3.0 information for use in DCS 3.1 6. Post-Installation Configuration ======================================================================== For detailed instructions on how to configure Damage Cleanup Services, refer to the "Damage Cleanup Services 3.1 Administrator's Guide." 7. Known Issues ======================================================================== The following are known issues for this release: 7.1 Sometimes a New Scan Does Not Appear in the Queue ================================================================= Because of an issue of synchronization between the UI and the back end, occasionally a scan that has just been added to the queue may not immediately show up in the queue table in the "Current Running Scan" screen. To make such a scan appear in the table, click the DCS Web console "Refresh" link at the top right of the screen (but NOT the browser's 'Refresh' button!). NOTE: DO NOT CLICK YOUR BROWSER'S REFRESH BUTTON. DOING SO WILL LOG YOU OUT AND RETURN YOU TO THE SUMMARY SCREEN. 7.2 Windows "After Installation" Popup Message Displays ================================================================= A Windows popup "After Installation" message displays when DCS installation begins. This message displays if the installation is on a version of Windows that runs Windows Terminal Services, and the message is a reminder to prevent other users from doing the installation. Click "Next" on the "After Installation" screen and then click "Finish" on the "Finish Admin Install" screen to complete the installation. 7.3 Unable to Retrieve MAC Addresses on Windows 95 Machines ================================================================= DCS cannot retrieve the MAC address of Windows 95 machines, because that operating system does not have the library to retrieve MAC address. 7.4 Scans Using a Large IP Range Take a Long Time to Enumerate ================================================================= If you set your scan target as a large IP range by segment (for example, 192.168.1.1 Mask 255.255.0.0), it will take a long time for DCS to enumerate machines to scan, even if only a few machines actually exist in that segment. 7.5 Windows NT 4 Client Machines Sometimes Cannot Be Scanned ================================================================= On client machines running Windows NT 4, in some cases the scan task cannot find a file named "WININET.DLL" and so cannot scan. 7.6 DCS Is Dependent on a Running MS SQL Server Service ================================================================= If MS SQL server service has been stopped, DCS service will not be able to start. Make sure that SQL server service is running before attempting to start DCS. 7.7 DCS Stops Trying to Restart DCS Service After 10 Failed Attempts ================================================================= If a serious problem prevents the DCS service from starting, DCS will try to restart the service 10 times. If the service does not start up successfully by the tenth attempt, the automatic restart attempts stop, and the DCS service has to be started manually. This feature is designed to prevent DCS from falling into an infinite restarting loop that always fails. 7.8 A Canceled DCS Uninstallation May Unregister DCS From Cisco ISC ================================================================= If DCS is registered to Cisco ICS, when a user uninstalls DCS, DCS will try to unregister from Cisco ICS. If user cancels the uninstallation after the uninstallation has already unregistered DCS from Cisco ICS, the uninstallation will rollback, however it will not re-register to Cisco ICS. For this reason it is best to check to see whether DCS is still registered to Cisco ICS after a canceled uninstallation. If DCS is no longer registered to Cisco ICS, re-register DCS to Cisco ICS from the DCS Web management console. 7.9 Windows 2003 Adds Extra Time to Report Generation Time ================================================================= If DCS is installed on a Windows 2003 platform with Microsoft .NET Framework 1.1 with Service Pack 1 installed, report generation takes 30 seconds longer than on a Windows 2000 platform. If the Windows 2003 platform does not have Microsoft .NET Framework 1.1 with Service Pack 1 installed on it, the delay is 90 seconds. 7.10 Account Management Tool Dependency on Correct DNS Setting ================================================================= If DNS is not set up properly the Account Management Tool sometimes cannot verify the connection of a machine account. That is, the "Verify" function cannot find the machine by machine name if DNS is not set up correctly. This is only a problem for the verification function; the scan task is not affected. 7.11 Cannot Scan Windows 2003 Clients with Blank Passwords ================================================================= If a client is running Windows 2003 and the password of that client machine is blank, DCS cannot deploy DCE to that client and thus cannot scan it. The status reported back will be "Unresponsive." (This issue is due to the default security policy of Windows 2003 regarding blank passwords.) 7.12 Spyware/Grayware Exclusion List Entries Are Subject to Change ================================================================= a. If a brand-new spyware or grayware program comes onto the market, Trend Micro may give it a temporary name that is updated once an industry standard is developed. The Spyware/Grayware Exclusion List will not exclude a spyware or grayware program from a scan if the name entered into the list was the temporary name and a new name has been assigned to that program. b. Likewise, if a user enters a spyware/grayware name into the exclusion list and then upgrades the spyware/grayware, the upgraded version will not automatically appear in the exclusion list; the user must manually add the official Trend Micro name for the updated program in order for it to be excluded from scanning and cleanup. 7.13 Low-Bandwidth Connection Can Cause Scan to Timeout ================================================================= When a client machine has a low-bandwidth connection, for example, less than 50Kbps, the slow connection may cause DCS deployment to fail and manual scan to fail due to a timeout. When this kind of timeout occurs, the message "Please Check Your Network Connection and Try Again" appears in the "Status" field of the "Machine Scan Result Detail" table in the Logs and Summary screens. 7.14 Two DCS Servers Cannot Share the Same Database ================================================================= DCS does not allow two DCS servers to use the same database. If two DCS servers use the same database, DCS encounters a database transaction error and may behave unpredictably (such as locking up or shutting down.) 7.15 Pager Notifications Cannot Use Most Symbols ================================================================= Pager notifications must be alphanumeric. The only symbols allowed in the field are # and *. If you want to display other symbols in your pager notifications, use your service provider's proprietary code for displaying them. 7.16 MSN Messenger Notifications Limited to 400 Bytes ================================================================= MSN Messenger truncates MSN notification messages longer than 400 bytes. 7.17 Pager Notifications Have Maximum Length of 256 Bytes ================================================================= 7.18 DCS supports Microsoft SQL Server Only in Mixed Mode ================================================================= DCS supports Microsoft SQL Server only in mixed mode [NT Authentication and SQL Server Authentication], and not in NT Authentication mode. 7.19 Cannot Install DCS From a Network Drive ================================================================= DCS does not support installation from a UNC path. DCS will install only on a local machine; not via a network. 7.20 DCS Uses Microsoft .NET Framework 1.1 Even If .NET 2.0 Is Present ================================================================= Even if Microsoft .NET Framework 2.0 has been installed, DCS still requires that you install Microsoft .NET Framework 1.1. (The two can co-exist on a single machine.) 7.21 Reports Generate Using Only Current Scan Settings ================================================================= DCS can generate reports only using the current settings of a scan. If, for example, a user originally created a scan that scans for both malware and spyware/grayware and then later modifies the scan to scan for only spyware/grayware, any reports that DCS generates after that modification will report only on spyware/grayware found in that scan, and not malware. 7.22 Active Firewall on DCS Server Machine Can Interfere With DCS ================================================================= DCS cannot work properly if there is a firewall on the DCS server and the firewall is on. In such a circumstance scan results will always be "Unresponsive." To prevent this problem, turn off the firewall on the DCS server or add DCS to the firewall's exception list. 7.23 DCS Web Console Experiences a Timeout If DCS Server Is Too Busy ================================================================= If the Web console sends a request to the DCS server and does not receive a response within 90 seconds because the DCS server is too busy to handle the request, user will see a "System fatal error..." message in the UI. This message is caused by the DCS timeout mechanism. 7.24 Only one Damage Cleanup Services Task Can Run at a Time ================================================================= For manual scans, the tasks run in the same order as the display in the Web console. For scheduled scans, the tasks run in the order of the creation time of the scans. 7.25 DCS Will Not Deploy to Clients Behind a Firewall ================================================================= Damage Cleanup Services cannot be deployed to a target client machine if it is behind a personal firewall. 7.26 DCS Can Only Deploy to Client Machines with Null Session Enabled ================================================================= If Null Session access is disabled or occupied by another process on a client machine, DCS cannot be deployed to that client. 7.27 DCS Cannot Simultaneously Clean All Machines Selected on Multiple Screens ================================================================= When user selects all in the "Scan Details" screen, even if the list of scans goes on to multiple screens, DCS scans only those machines that appear on the current screen. You can clean selected machines only one screen at a time. 7.28 DCS Cannot Scan If NetBIOS Protocol of DCS Server or Client Machines Is Disabled ================================================================= DCS uses some APIs to connect to remote computer by using NetBIOS protocol. If the NetBIOS protocol is disabled, DCS cannot perform a scan successfully. 7.29 Different Installation Behavior in DCS 3.0 and DCS 3.1 ================================================================= In DCS 3.0 the Windows "Add/Remove Programs" feature for DCS and the DCS menu items off of the Start menu are visible only when using the user account that installed DCS. In DCS 3.1 these items are visible to all users. Therefore, user who did not install DCS 3.0 is not able to upgrade or remove it. 7.30 DCS Does Not Allow a User to Input DBCS Machine Name, UNC Path, or URL ================================================================= In some DCS Web console screens and in the Account Management Tool, DCS requires a user to input machine name, UNC path, or URL but DCS does not allow the user to input a DBCS string into those fields. 7.31 DCS Encounters Problems If the Region Settings of the DCS Server and Client Are Different ================================================================= If DCS is installed on a machine with a non-English machine name, DCS is unable to successfully scan a client machine whose region settings support only English. Conversely, if DCS is installed on a machine whose region settings support only English, DCS is unable to successfully scan a client machine with a non-English machine name. Likewise, if DCS is installed on a machine with region settings that support only English, a client machine accessing the DCS Web console may encounter unpredictable results when inputting non-English characters into the DCS Web console. 7.32 DCS Sometimes Fails to Scan a Client Machine If the Client Machine Has DEP (Data Execution Prevention) Enabled ================================================================= Microsoft supports DEP on Windows XP SP2 and Windows 2003 XP1. If a user turns on DEP on these platforms, the DCS client agent may be terminated by DEP. Consult the Troubleshooting section of the DCS Administrator's Guide or the DCS Online Help for workarounds to this problem. 8. Release History ======================================================================== Damage Cleanup Services 3.0 June 3, 2005 Damage Cleanup Services 2.0 Feburary 20, 2004 (a service of Trend Micro Control Manager 2) Damage Cleanup Services 1.0 September 15, 2002 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, or email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides centrally controlled server-based virus protection and content-filtering products and services. By protecting information that flows through Internet gateways, email servers, and file servers, Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 1995 - 2006, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, and Trend Micro Damage Cleanup Services are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide