OfficeScan blocks all attempts to terminate the processes in the following table.
Process |
Description |
---|---|
TmListen.exe |
Receives commands and notifications from the OfficeScan server and facilitates communication from the OfficeScan agent to the server |
NTRtScan.exe |
Performs Real-time, Scheduled, and Manual Scan on OfficeScan agents |
TmProxy.exe |
Scans network traffic before passing it to the target application |
TmPfw.exe |
Provides packet level firewall, network virus scanning, and intrusion detection capabilities |
TMBMSRV.exe |
Regulates access to external storage devices and prevents unauthorized changes to registry keys and processes |
DSAgent.exe |
Monitors the transmission of sensitive data and controls access to devices |
PccNTMon.exe |
This process is responsible for starting the OfficeScan agent console |
TmCCSF.exe |
Performs Browser Exploit Prevention and memory scanning |
OfficeScan can also protect against the addition of processes in the Microsoft Software Restriction Policies (SRP). Software Restriction Policies prevent the listed applications from running on the endpoint. To prevent the addition of OfficeScan processes in the Software Restriction Policies list:
Enable Protect OfficeScan agent processes.
Enable the Unauthorized Change Prevention Service.
For details, see Enabling or Disabling the Agent Services from the Web Console.