Client_Self-protection

Client Self-protection

Client self-protection provides ways for the OfficeScan client to protect the processes and other resources required to function properly. Client self-protection helps thwart attempts by programs or actual users to disable anti-malware protection.

• This feature does not support installation on server platforms. OfficeScan automatically disables the protection of registry keys and processes when installed and deployed on server platforms.

Protect Files in the OfficeScan Client Installation Folder

To prevent other programs and even the user from modifying or deleting OfficeScan files, OfficeScan locks the following files in the root <Client installation folder>:

• All digitally-signed files with .exe, .dll, and .sys extensions

• Some files without digital signatures, including:

• bspatch.exe

• bzip2.exe

• INETWH32.dll

• libcurl.dll

• libeay32.dll

• libMsgUtilExt.mt.dll

• msvcm80.dll

• MSVCP60.DLL

• msvcp80.dll

• msvcr80.dll

• OfceSCV.dll

• OFCESCVPack.exe

• patchbld.dll

• patchw32.dll

• patchw64.dll

• PiReg.exe

• ssleay32.dll

• Tmeng.dll

• TMNotify.dll

• zlibwapi.dll

Protect OfficeScan Client Processes

OfficeScan blocks all attempts to terminate the following processes:

• TmListen.exe: Receives commands and notifications from the OfficeScan server and facilitates communication from the client to the server

• NTRtScan.exe: Performs Real-time, Scheduled, and Manual Scan on OfficeScan clients

• TmProxy.exe: Scans network traffic before passing it to the target application

• TmPfw.exe: Provides packet level firewall, network virus scanning and intrusion detection capabilities

• TMBMSRV.exe: Regulates access to external storage devices and prevents unauthorized changes to registry keys and processes

• In this release, this setting can only be deployed to clients running x86 type processors.

Protect OfficeScan Client Registry Keys

OfficeScan blocks all attempts to modify, delete, or add new entries under the following registry keys and subkeys:

• HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion

• HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC

• HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMCSS

• In this release, this setting can only be deployed to clients running x86 type processors.

Protect OfficeScan Client Services

OfficeScan blocks all attempts to terminate the following client services:

• OfficeScan NT Listener (TmListen.exe)

• OfficeScan NT RealTime Scan (NTRtScan.exe)

• OfficeScan NT Proxy Service (TmProxy.exe)

• OfficeScan NT Firewall (TmPfw.exe)

• Trend Micro Unauthorized Change Prevention Service (TMBMSRV.exe)

See also:

• OfficeScan Service Restart

• Global Client Settings