Client self-protection provides ways for the OfficeScan client to protect the processes and other resources required to function properly. Client self-protection helps thwart attempts by programs or actual users to disable anti-malware protection.
To prevent other programs and even the user from modifying or deleting OfficeScan files, OfficeScan locks the following files in the root <Client installation folder>:
All digitally-signed files with .exe, .dll, and .sys extensions
Some files without digital signatures, including:
bspatch.exe
bzip2.exe
INETWH32.dll
libcurl.dll
libeay32.dll
libMsgUtilExt.mt.dll
msvcm80.dll
MSVCP60.DLL
msvcp80.dll
msvcr80.dll
OfceSCV.dll
OFCESCVPack.exe
patchbld.dll
patchw32.dll
patchw64.dll
PiReg.exe
ssleay32.dll
Tmeng.dll
TMNotify.dll
zlibwapi.dll
OfficeScan blocks all attempts to terminate the following processes:
tmlisten.exe: Receives commands and notifications from the OfficeScan server and facilitates communication from the client to the server
ntrtscan.exe: Performs Real-time, Scheduled, and Manual Scan on OfficeScan clients
TmProxy.exe: Scans network traffic before passing it to the target application
TmPfw.exe: Provides packet level firewall, network virus scanning and intrusion detection capabilities
TMBMSRV.exe: Regulates access to external storage devices and prevents unauthorized changes to registry keys and processes
In this release, this setting can only be deployed to clients running x86 type processors.
OfficeScan blocks all attempts to modify, delete, or add new entries under the following registry keys and subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMCSS
In this release, this setting can only be deployed to clients running x86 type processors.
See also: