glocspro
Client self-protection provides ways for the OfficeScan client to protect the processes and other resources required to function properly. Client self-protection helps thwart attempts by programs or actual users to disable anti-malware protection.
To configure client self-protection settings:
Networked Computers > Client Management
In the client tree, click the root domain icon 
to include all clients or select specific domains or clients.
Click Settings > Privileges and Other Settings.
Click the Other Settings tab and go to the Client Self-protection section.
Enable the following options:
Protection of registry keys and processes is disabled by default on Windows server platforms.
If you selected domain(s) or client(s) in the client tree, click Save. If you clicked the root domain icon, choose from the following options:
Apply to All Clients: Applies settings to all existing clients and to any new client added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
Apply to Future Domains Only: Applies settings only to clients added to future domains. This option will not apply settings to new clients added to an existing domain.
OfficeScan blocks all attempts to terminate the following client services:
OfficeScan NT Listener (TmListen.exe)
OfficeScan NT RealTime Scan (NTRtScan.exe)
OfficeScan NT Proxy Service (TmProxy.exe)
OfficeScan NT Firewall (TmPfw.exe)
OfficeScan Data Protection Service (dsagent.exe)
Trend Micro Unauthorized Change Prevention Service (TMBMSRV.exe)
If this option is enabled, OfficeScan may prevent third-party products from installing successfully on endpoints. If you encounter this issue, you can temporarily disable the option and then re-enable it after the installation of the third-party product.
To prevent other programs and even the user from modifying or deleting OfficeScan files, OfficeScan locks the following files in the root <Client installation folder>:
All digitally-signed files with .exe, .dll, and .sys extensions
Some files without digital signatures, including:
bspatch.exe
bzip2.exe
INETWH32.dll
libcurl.dll
libeay32.dll
libMsgUtilExt.mt.dll
msvcm80.dll
MSVCP60.DLL
msvcp80.dll
msvcr80.dll
OfceSCV.dll
OFCESCVPack.exe
patchbld.dll
patchw32.dll
patchw64.dll
PiReg.exe
ssleay32.dll
Tmeng.dll
TMNotify.dll
zlibwapi.dll
OfficeScan blocks all attempts to modify, delete, or add new entries under the following registry keys and subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TMCSS
In this release, this setting can only be deployed to clients running x86 type processors.
OfficeScan blocks all attempts to terminate the following processes:
TmListen.exe: Receives commands and notifications from the OfficeScan server and facilitates communication from the client to the server
NTRtScan.exe: Performs Real-time, Scheduled, and Manual Scan on OfficeScan clients
TmProxy.exe: Scans network traffic before passing it to the target application
TmPfw.exe: Provides packet level firewall, network virus scanning and intrusion detection capabilities
TMBMSRV.exe: Regulates access to external storage devices and prevents unauthorized changes to registry keys and processes
DSAgent.exe: Monitors the transmission of sensitive data and controls access to devices
In this release, this setting can only be deployed to clients running x86 type processors.
See also: