Troubleshooting Invalid IOC Files

Ensure that the default OpenIOC.xsd file is present on the Endpoint Sensor server.

Note:

OpenIOC.xsd verifies the content of an IOC file

On the Endpoint Sensor server computer, open a command prompt (cmd.exe) and navigate to the <Trend Micro Endpoint Sensor server installation path>\CmdTool\IOCTool\ folder.
Issue the following command:
Note:
The OpenIOC.xsd and IOCTool.exe files must be in the IOCTool folder.
```
$ ...\CmdTool\IOCTool>IOCTool.exe <ioc_file>
```
<ioc_file> corresponds to full file name of the IOC file in question

The following output appears:
```
C:\...\CmdTool\IOCTool>IOCTool.exe c:\temp\abc.ioc
Use schema: OpenIOC.xsd, ns:_http://OpenIOC.org/schemas
/IOC_1.1

ERROR: The '_http://OpenIOC.org/schemas/
IOC_1.1:ioc' element is not declared.
```
The ERROR: ... indicates that the IOC file in question does not adhere to the syntax and conditions required to validate and parse IOC files. To solve the issue, follow the IOC schemas and related instructions available in http://OpenIOC.org/.