Trend Micro, Inc.

October 2018


Trend Micro™ OfficeScan™

Version XG Service Pack 1

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site:



  1. About OfficeScan
  2. What's New

  3. Document Set
  4. System Requirements
  5. Installation

  6. Post-installation Configuration
  7. Known Issues
  8. Contact Information
  9. About Trend Micro
  10. License Agreement


1. About OfficeScan

Trend Micro™ OfficeScan™ protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan consists of an agent program that resides at the endpoint and a server program that manages all agents. The agent guards the endpoint and reports its security status to the server. The server, through the web-based management console, makes it easy to set coordinated security policies and deploy updates to every agent.

OfficeScan is powered by the Trend Micro™ Smart Protection Network™, a next generation cloud-client infrastructure that delivers security that is smarter than conventional approaches. Unique in-the-cloud technology and a lighter-weight agent reduce reliance on conventional pattern downloads and eliminate the delays commonly associated with desktop updates. Businesses benefit from increased network bandwidth, reduced processing power, and associated cost savings. Users get immediate access to the latest protection wherever they connect—within the company network, from home, or on the go.


Back to top


2. What's New

OfficeScan includes the following new features and enhancements:

What's New in OfficeScan XG Service Pack 1

Enhanced “Fileless” Script Detections

Enhanced Platform Support

Windows 10 Fall Creators Update (Version 1709)

Update Agent Connections

You can configure OfficeScan agents to use HTTPS protocol when using an Update Agent as the update source.

Behavior Monitoring Exception List

Enhancements to the Exception List support the use of wildcard characters.

Predictive Machine Learning

Predictive Machine Learning has been enhanced to detect malicious script execution.

Cloud Synchronization Channel for Ransomware Detections

OfficeScan agents detect ransomware downloaded through supported cloud synchronization channels.

Proxy Settings Enhancement

All proxy settings for both the OfficeScan server and OfficeScan agents have been consolidated in the same location.

Suspicious Object Lists

OfficeScan supports the detection of Suspicious Domain Objects through integration with Control Manager.

OfficeScan Data Protection Enhancements

What's New in OfficeScan XG

Ransomware Protection enhancements

Your protection against ransomware attacks has been further enhanced to allow OfficeScan agents to recover files encrypted by ransomware threats, block processes associated with ransomware, and prevent compromised executable files from infecting your network.

Newly Encountered Program protection enhancement

To more easily maximize your ransomware protection security policy on individual agents, the newly encountered program detection feature has been moved to the Behavior Monitoring settings screen.

You can also customize the message that displays on agent endpoints after a user downloads and executes a newly encountered program.

Predictive Machine Learning

The Predictive Machine Learning engine can protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis and heuristic process monitoring. Predictive Machine Learning can ascertain the probability that a threat exists in a file or process and the probable threat type, protecting you from zero-day attacks.

OfficeScan Edge Relay Server

The OfficeScan Edge Relay server provides you greater visibility and increased protection for endpoints that leave the local intranet by providing the following features:

Suspicious File Sample Submission

To further enhance your integration with a Deep Discovery Virtual Analyzer, OfficeScan agents can now detect and send suspicious files that may contain previously unknown threats directly to the Virtual Analyzer for further analysis. After verifying that a threat exists, the Suspicious Object lists are immediately updated and synchronized to all agents, preventing the threat from spreading across your network.

Dashboard UI enhancements

The Dashboard has been redesigned to provide better visibility of your network's protection status.

Control Manager integration enhancements

To prevent unauthorized communication between the Control Manager and OfficeScan servers, registration to the Control Manager server requires certificate authentication and policy management through the Control Manager server is managed using public-key encryption.

Anti-exploit protection

Real-time Scan allows you to detect and block threats using Common Vulnerabilities and Exposures (CVE) exploits.

Behavior Monitoring can also detect abnormal program behavior that is common to exploit attacks.

Suspicious Connections enhancement

You can now configure the Suspicious Connections feature to log or block network connections detected by the Global C&C IP list and malware network fingerprinting.

Firewall enhancements

The application filter of the OfficeScan Firewall now supports Windows 8 and later platforms.

You can grant OfficeScan agent users the privilege of configuring the firewall security level and exceptions list.

Independent mode

The previously named "Roaming" mode has been renamed as "Independent" mode.

Platform and browser support

This version of OfficeScan provides support for the following:

Note: This version of OfficeScan discontinues support of the Apache Web Server.


Back to top

Resolved Known Issues

OfficeScan XG Service Pack 1 resolves the following product issues:

For information regarding hot fix solutions and the enhancements available in OfficeScan XG Service Pack 1, go to:


Back to top


3. Document Set

The document set for the OfficeScan server includes:

Download the latest versions of the PDF documents and readme at


Back to top


4. System Requirements

The OfficeScan server and agent can be installed on endpoints running Microsoft Windows platforms. The OfficeScan agent is also compatible with various third-party products.

Visit the following website for a complete list of system requirements and compatible third-party products:

Size of Deployment Package

Note: All of the following deployment package sizes are for packages that do not include any additional plug-in features. The size of the deployment package may vary if additional plug-in features are included in the package.

Size of the new install package (32/64-bit) via Agent Packager Tool

For 32-bit Setup Package:

For 64-bit Setup Package:

For 32/64-bit MSI Package:

Network Traffic for Upgrading OfficeScan Agents

Estimated size (in terms of bandwidth) of upgrading each OfficeScan agent:

OfficeScan Agent Post-Upgrade Requirements

After upgrading OfficeScan agents to OfficeScan XG Service Pack 1, you must restart the agent endpoints to ensure that the OfficeScan agent program properly adopts the HTTPS module and continues to properly communicate with the OfficeScan server.


Back to top


5. Installation

See the Installation and Upgrade Guide for instructions on:

For OfficeScan agent installation instructions, refer to the Administrator's Guide.

Virus Scan Engine Upgrade Requirement

OfficeScan XG Service Pack 1 automatically upgrades the scan engine on the OfficeScan server and all OfficeScan agents immediately after installation (regardless of OfficeScan agent update settings.

Trend Micro recommends performing the upgrade during off-peak hours to minimize network disruptions.

SQL Server Installed Components

During installation, OfficeScan automatically installs the following SQL Server components. If you choose to uninstall the OfficeScan server, you must manually delete these components after the uninstallation completes.

Recommended Settings Enhancement

The OfficeScan XG SP1 installation package prompts you to enable specific features on Windows desktop platforms to enhance your protection agaianst network and ransomware attacks. You can choose to allow the installation program to enable the features automatically, or you can manually enable the features after the installation completes.

Recommended features:


Back to top


6. Post-installation Configuration

  1. Verify if the OfficeScan server has been upgraded.

    1. On the web console, click Help > About. Version information should be XG Service Pack 1.
    2. On the Control Manager console, the OfficeScan version should be available.

      Note: Trend Micro recommends installing Trend Micro Control Manager™ 7.0 to ensure compatibility with OfficeScan XG Service Pack 1.

  2. Verify if component update on the server is successful by opening the web console and going to Logs > Server Updates Logs.

If the update is unsuccessful, perform manual update immediately by going to Updates > Server > Manual Update. You can also refer to the online help for typical update problems and solutions or contact your Support provider for assistance.

Agent installation on supported platforms

  1. If users will use Agent Packager (EXE package) to install the OfficeScan agent to an endpoint running Windows XP, 7, 8, 10, Server 2003, 2008, 2012, or 2016, perform the following:

    1. Create the EXE package from the OfficeScan server.
    2. Send the package to users and instruct them to launch it on their endpoints.

      To launch the EXE package, instruct users to right-click the EXE file and select Run as administrator.

  2. If users will use a web install page or Agent Packager (MSI package) to install the OfficeScan agent to an endpoint running Windows XP, 7, 8, 10, Server 2003, 2008, 2012, or 2016, perform the following:

    1. Create the MSI package from the OfficeScan server.
    2. Send the package to users and instruct them to launch it on their endpoints using the typical method for opening files, such as double-clicking the file.

    Note: You can also launch the MSI package (on the command prompt) and silently install the OfficeScan agent to a remote endpoint running Windows XP, 7, 8, 10, Server 2003, 2008, 2012, or 2016.

  3. If users will use Login Script Setup (AutoPcc.exe) to install the OfficeScan agent to an endpoint running Windows XP, 7, 8, 10, Server 2003, 2008, 2012, or 2016, instruct users to perform the following:

    1. Connect to the server computer.
    2. Navigate to \\{server computer name}\ofcscan.
    3. Right-click AutoPcc.exe and select Run as administrator.

OfficeScan Agent Post-Upgrade Requirements

After upgrading OfficeScan agents to OfficeScan XG Service Pack 1, you must restart the agent endpoints to ensure that the OfficeScan agent program properly adopts the HTTPS module and continues to properly communicate with the OfficeScan server.


Back to top


7. Known Issues

The following are the known issues in this release:

Server Installation, Upgrade, and Uninstallation

  1. The OfficeScan web console and all OfficeScan services cannot be accessed if the OfficeScan server was installed on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 before joining a domain. To resolve the issue:

    For Windows Server 2008:

    1. Go to Control Panel > System and Security > Windows Firewall > Exceptions tab.

    2. Enable exception for File and Printer Sharing.

    3. Add the following port exceptions:

      • Trend Micro Local Web Classification Server HTTP, TCP port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345
    4. Click OK.

    For Windows Server 2008 R2:

    1. Go to Control Panel > System and Security > Windows Firewall > Allowed Programs.

    2. Select the following features and allow access for the Domain profile:

      • File and Printer Sharing
      • Trend Micro Local Web Classification Server HTTP
      • Trend Micro OfficeScan Server HTTP
      • Trend Micro OfficeScan Server HTTPS
      • Trend Micro Smart Scan Server (Integrated) HTTP
      • Trend Micro Smart Scan Server (Integrated) HTTPS
    3. Click OK.

    For Windows Server 2012 or Windows Server 2012 R2:

    1. Go to Control Panel > System and Security > Windows Firewall > Advanced settings.

    2. Click Inbound Rules. Allow access to all required File and Printer Sharing rules.

    3. Click Inbound Rules > New Rule... > Port.

    4. Add the following port exceptions:

      • Trend Micro Local Web Classification Server HTTP, TCP Port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345
  2. When the OfficeScan server is installed to a disk using the FAT32 file system, role-based logon to the OfficeScan web console does not work.

  3. During upgrade, if the existing OfficeScan database file (found in the "HTTPDB" folder under "OfficeScan/PCCSRV") is very large, the upgrade process may time out. Trend Micro recommends doing the following before upgrading:

    1. From the OfficeScan console, manually delete all agent logs. Go to Logs > Log Maintenance . Select All Endpoint logs and click Save . You can also configure the log deletion schedule settings.
    2. Go to Administration > Settings > Database Backup , and click Backup Now to back up the database.
  4. Trend Micro Mobile Security is a standalone program and has no longer been supported as a plug-in program since OfficeScan 11.0. To continue using Mobile Security, Trend Micro recommends upgrading to the standalone version 9.0. For detailed migration steps, see

  5. During OfficeScan server installation, the "pre-scan" feature is unable to detect double-byte malware threats.

  6. The web console Dashboard displays a "500 Internal Server Error" if Microsoft Visual C++ 2015 Redistributable Package (x86) is not installed. To resolve this issue, install Microsoft Visual C++ 2015 Redistributable Package (x86) and restart the IIS service.

  7. If the OfficeScan server computer or an agent endpoint has not properly updated its root certificate(for example, the computer does not have an Internet connection), OfficeScan cannot verify the computer's digital signatures during Inter-Process Communication (IPC). To solve this issue, you must manually update the root certificate or perform a Windows Update.

  8. After upgrading the OfficeScan server to XG, The Dashboard screen displays the following messages:

    To resolve this issue:

    1. Go to Internet Explorer Tools > Internet options > General (tab).
    2. In the "Browsing history" section, select the Delete browsing history on exit check box.
    3. Click the Settings button.
    4. Under "Check for newer versions of stored pages", select Every time I visit the webpage.
    5. Under "History", change the Day to keep pages in history to "0".
    6. Click OK to save the Temporary Internet Files and History Settings.
    7. Click OK to save the Internet Explorer options settings.

SQL Database Migrations

  1. When transferring the OfficeScan database to a SQL database installed on a Domain Controller endpoint, you must select the “Migrate the OfficeScan database to an existing SQL Server” option on the SQL Migration Tool (SQLTool.exe).

  2. If you want to install a new SQL Server 2016 SP1 Express on a Domain Controller endpoint, you must follow the Microsoft Knowledge Base information on how to install SQL Server 2016 SP1 Express manually.

Agent Installation, Upgrade, and Uninstallation

  1. If you create a login script in Active Directory and then log on as administrator on an endpoint running Windows Vista Home, Server 2008, 7, 8, or Server 2012, the OfficeScan agent cannot be installed to the endpoint and the message that displays states that the account used is not an administrator account.

  2. When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan agent cannot be installed or upgraded. Before upgrading or installing OfficeScan, ensure that no SCM-locking application is running.
  3. The ServerProtect Normal Server Migration tool is unable to:

    To resolve these issues, open Registry Editor on the Normal Server and Information Server and add following registry key:

  4. The OfficeScan agent may not install correctly if Norton SystemWorks™ antivirus is installed on the endpoint. Uninstall it before installing OfficeScan agent.
  5. If the OfficeScan agent is installed using the "per-user" method, the OfficeScan agent shortcut will still show on all the users' Windows Start menu.
  6. After an OfficeScan agent in a VPN environment is uninstalled successfully, the agent is not removed on the web console's agent tree and its status is offline.
  7. The administrator will not be able to remotely install the OfficeScan agent to Windows 7 x86 platforms without enabling the default administrator account. To resolve this issue:

    Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disable this feature.

    Option A: Use the domain administrator account to remotely install OfficeScan XG agents to Windows 7 machines.

    Option B: Use the default administrator account:

    1. Type the "net user administrator /active:yes" command from the command console to enable the default administrator account.
    2. Use the default administrator account to remotely install the OfficeScan agent to the Windows 7 machine.
  8. Installing OfficeScan agents to Windows 7 or Windows Server 2008 R2 using a GUEST OS running on VMware Workstation 6.x and below may cause the system to stop responding. This is because of compatibility issues with the Intel™ Network Adapter Driver.
  9. Upgrade may fail if using an MSI package to upgrade an OfficeScan agent that was originally installed also using an MSI package. Perform the following steps:

    1. Ensure that the new MSI package has the same file name as the original package. If you do not know the file name of the original MSI package, check the following registry key: HKEY_CLASSES_ROOT\Installer\Products\F4D73DF48B1EA594592F1CD021C5A1C9\SourceList\PackageName
    2. Install the new MSI package. Use command prompt to execute the package with the parameter "/fvo". For example, msiexec /fvo c:\temp\package.msi.
  10. If you add the OfficeScan agent program to the Microsoft Software Restriction Policy list using the user interface, you may need to restart the endpoint before subsequent additions to the list take effect.
  11. After rolling back a component on an OfficeScan agent, the Component Update Details screen displays "n/a" under the Notification Sent and Notification Received columns.
  12. After upgrading OfficeScan agents to OfficeScan XG Service Pack 1, you must restart the agent endpoints to ensure that the OfficeScan agent program properly adopts the HTTPS module and continues to properly communicate with the OfficeScan server.
  13. Before moving OfficeScan agents from an existing OfficeScan XG server, you must install OfficeScan XG Critical Patch 1737 on the source OfficeScan server to ensure that the OfficeScan agents can properly report to the target OfficeScan XG Service Pack 1 server.

    Note: If you are upgrading the OfficeScan XG server to OfficeScan XG Service Pack 1 directly, you do not need to apply the Critical Patch.


  1. A Microsoft Hyper-V virtual machine might not be able to start if the host endpoint has OfficeScan agent installed. This is because the OfficeScan agent and Hyper-V virtual machine access the same Hyper-V xml file, which causes file access violation. As a workaround:

  2. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.
  3. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service client.
  4. When an email containing an attachment with spyware/grayware is retrieved through Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.
  5. In a Citrix environment, when the OfficeScan agent detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions.

    Security risk can be any of the following:

  6. After the Damage Cleanup Engine cleans a malicious file, the infection channel always displays as "Local or network drive" regardless of the actual source of the infection.

Server Update

  1. When updating OfficeScan patterns and engines from Control Manager, administrators are not notified of the update status even if notifications are enabled. The update status can be viewed from the Control Manager console.

Agent Update

  1. OfficeScan agents with agent-level settings can only download settings from the OfficeScan server, not Update Agents.
  2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded.
  3. When the server and agent endpoints are located on geographical locations with different time zones, the agent cannot be configured to update based on the server's time zone.

Server Management

  1. The Active Directory scope may display as empty or redirect to the Active Directory integration screen when querying Outside Server Management reports with a broad scope. Ensure that the first task is finished before performing another query.
  2. The User Role has access and configure permissions on the agent Manual Update page but only for selected domains. However, all agents receive the notification when this role clicks Initiate Update.
  3. For Menu Items for Managed Domains, when an Active Directory user is part of several Active Directory groups, the user combines domain permissions but applies the higher role setting on all applicable domains.
  4. When the endpoint's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.
  5. Users are unable to collapse the agent management tree menu items on the User Account - Step 3 Define Agent Tree Menu screen when configuring User Accounts on Windows 8.1 and Windows Server 2012 R2 platforms running Internet Explorer 11. To resolve this issue:

    Install the Internet Explorer 11 hotfix from the Microsoft Windows Update site:

  6. After expanding the menu items when creating or modifying a User Role or User Account, you cannot collapse the menu items again in Internet Explorer 11.

Agent Management

  1. Agent names in the OfficeScan agent tree supports only 15 characters and truncates the succeeding characters.
  2. Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Administration > Notifications > Agents > Virus/Malware tab).
  3. Select the Show icon and notifications option to display the OfficeScan icon in the Windows 7 and 8 system tray. The default option for Windows 7 and 8 is Only show notification.
  4. Some agent console screens include a Help button, which, when clicked, opens context-sensitive, HTML-based Help. Because Windows Server Core 2008 lacks a browser, the Help will not be available to the user. To view the Help, the user must install a browser.
  5. On the web console's Update Summary screen (Updates > Summary), the Behavior Monitoring Configuration Pattern, Policy Enforcement Pattern, and Digital Signature Pattern do not appear correctly due to JavaScript caching. To resolve this issue:

    Clear the browser cache to update the component names.

Device Control

  1. If the Device Control permission for USB storage devices is changed from "Allow" to "Block" when USB storage device files are already opened on the agent endpoint, access to the opened files is still permitted. The Block permission is updated the next time that the USB device is plugged in, or the agent endpoint is restarted.
  2. Device management applications (such as iTunes, HTCSync, and SamSung Kies) for devices blocked by Device Control are also blocked from user access.

Data Loss Prevention

  1. Data transmitted through Instant Messaging applications are not detected if the applications use a non-transparent proxy server.
  2. Data Loss Prevention logs can only display the first 1000 bytes of characters in the Source and Destination columns due to a buffer overflow issue with long file names.

OfficeScan Firewall

  1. The Firewall rule for outgoing traffic will not work as expected if a machine has several IP addresses with different Firewall policies.
  2. When the security level on a Citrix server is medium or high, perform the following steps:

    1. On the OfficeScan server web console, create a new firewall policy.
    2. Add the following port numbers to the policy's exclusion list: 1494, 2598
    3. Go to Agents > Firewall > Profiles and click Assign Profile to Agents.
  3. For Windows Server 2003 platforms hosting VMware agents, incoming packets to a VMware agent endpoint are dropped if the host machine has the OfficeScan agent installed.

    Workaround (for all agents):

    1. On the server computer, open ofcscan.ini under the \PCCSRV folder.

    2. Add the following setting under [Global Setting]: EnableGlobalPfwBypassRule=1

    3. On the web console, go to Agents > Global Agent Settings and click Save to deploy the setting to all agents.

    Workaround (for specific agents):

    1. On the agent endpoint, open Registry Editor.
    2. Add the following registry value:

      • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

        For x64 endpoints: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

      • Name: EnableBypassRule
      • Type: REG_DWORD
      • Value: 1
    3. Reload the agent for settings to take effect.
  4. The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running but there is no Trend Micro Common Firewall in the network protocol.

Smart Scan

  1. Only Internet Explorer is supported for configuring proxy settings used by agents to connect to the Global Smart Protection Server. If proxy settings are configured in other browsers, agents will not be able to connect to the Global Smart Protection Server.

Web Reputation

  1. If you enable the option Check HTTPS URLs in a Web Reputation policy:

    1. Select the option Enable third-party browser extensions in Internet Explorer. If this option is disabled, agents will not be able to check the reputation of HTTPS websites.
    2. For agents running Windows Server 2008 (32-bit), disable Internet Explorer Enhanced Security Configuration (IE ESC) from Windows Server Manager. If IE ESC is enabled, the Web Reputation blocking page displays in source code mode.
  2. Agents can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue:

    1. Connect to the network using Juniper Networks VPN.
    2. Open Internet Option > Connection > LAN Settings.
    3. Disable Automatic configuration settings.
    4. Enable Proxy server and specify the IP address and port of your proxy server.
    5. Click Ok.
  3. If users access the Internet using Firefox and a proxy server, be sure that proxy settings in Internet Explorer have been configured. If proxy settings have not been configured in Internet Explorer, Web Reputation will not work, even if proxy settings have been configured in Firefox.
  4. On the OfficeScan agent endpoint, Web Reputation automatic proxy detection in Internet Explorer does not work if the administrator enables the OfficeScan Agent Access Restriction option on the OfficeScan server web console's Privileges and Other Settings screen.
  5. After upgrading, the Web Reputation Services is unavailable until the Web Blocking List is fully updated. To resolve this issue, go to Smart Protection > Smart Protection Sources and select a secondary Smart Protection Server for agents to use until the Web Blocking List has completed the update.

    Note: OfficeScan begins updating the Web Blocking List immediately after the server upgrades.

  6. Web Reputation records the Infection Channel for temporary files downloaded from websites as “Local or network drive” if the file extension is TMP or CRDOWNLOAD.

Suspicious Object List

  1. If the OfficeScan agent is unable to connect to the integrated Smart Protection Server source on Windows Vista and Windows Server 2003/2008, the agent cannot block suspicious URL objects.

Predictive Machine Learning

  1. The logged "User Account" may display inaccurate data. If another user logs onto an endpoint before a Predictive Machine Learning query result completes, OfficeScan logs the newly logged on user as the event owner when the query returns.

Cloud Synchronization Channel Support

  1. OfficeScan does not provide support of the Windows 8.1 pre-installed OneDrive (SkyDrive) synchronization folder. OfficeScan logs malware infections for OneDrive (SkyDrive) as being in the "Local or network drive" channel.
  2. If you disable the Unauthorized Change Prevention Service, the OfficeScan agent may lock files during the sychronization process and prevent the files from synchronizing to the sync folder. To resolve this issue, enable the Unauthorized Change Prevention Service.
  3. OfficeScan logs malicious files that do not include a portable executable extension as being in the "Local or network drive" channel.
  4. OfficeScan logs malicious files synchronized to mounted drives as being in the "Local or network drive" channel.

Control Manager Integration

  1. The Integrated Windows Authentication protocol is not supported when registering OfficeScan to Control Manager and specifying web server authentication credentials for the IIS server. Only basic access authentication is supported.

Online Help

  1. The Online Help system experiences scripting errors when viewed using Internet Explorer 8.0 and earlier. Apply the following Windows fix to solve the problem:

Virtual Desktop Infrastructure

  1. Windows 2003 virtual platforms cannot connect to vCenter 5.x or later using SSL connections (port 443 with HTTPS).
  2. Windows 2012 virtual platforms cannot connect to XenServer 5.x using SSL connections (port 443 with HTTPS).

Additional Release Notes

  1. There are several tools included in this version. Refer to the OfficeScan server Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.

  2. The following are the permissions for the OfficeScan folders:




    IUser _<Server Name>


    Network Service


    Full control



    Full control



    Full control



    Full control



    Full control






    Full control



    Full control



    Full control



    Full control



    Full control






    Full control


    RW (Special Access)




    Full control



    Full control



    Full control






    Full control



    Full control



    Full control






    Full control





  3. Download the latest components after upgrading to keep your security risk protection current.


Back to top


8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at

Evaluation copies of Trend Micro products can be downloaded from our website.


Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.


Back to top


9. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit

Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.


Back to top



10. License Agreement

Information about your license agreement with Trend Micro can be viewed at

License Attributions can be viewed from the OfficeScan web console.


Back to top