<> Trend Micro, Inc. October 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) Agent Version XG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at: http://olr.trendmicro.com Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Contents ===================================================================== 1. About OfficeScan 2. What's New 3. Document Set 4. System Requirements 5. Installation 6. Post-Installation Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About OfficeScan ======================================================================== Trend Micro(TM) OfficeScan(TM) protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan consists of an agent program that resides at the endpoint and a server program that manages all agents. The agent guards the endpoint and reports its security status to the server. The server, through the web-based management console, makes it easy to set coordinated security policies and deploy updates to every agent. OfficeScan is powered by the Trend Micro Smart Protection Network, a next generation cloud-client infrastructure that delivers security that is smarter than conventional approaches. Unique in-the-cloud technology and a lighter-weight agent reduce reliance on conventional pattern downloads and eliminate the delays commonly associated with desktop updates. Businesses benefit from increased network bandwidth, reduced processing power, and associated cost savings. Users get immediate access to the latest protection wherever they connect-within the company network, from home, or on the go. 2. What's New ======================================================================== OfficeScan includes the following new features and enhancements: 2.1 What's New in OfficeScan XG ===================================================================== Ransomware Protection Enhancements --------------------------- Your protection against ransomware attacks has been further enhanced to allow OfficeScan agents to recover files encrypted by ransomware threats, block processes associated with ransomware, and prevent compromised executable files from infecting your network. Predictive Machine Learning --------------------------- The Predictive Machine Learning engine can protect your network from new, previously unidentified, or unknown threats through advanced file feature analysis and heuristic process monitoring. Predictive Machine Learning can ascertain the probability that a threat exists in a file or process and the probable threat type, protecting you from zero-day attacks. OfficeScan Edge Relay Server ---------------------------- The OfficeScan Edge Relay server provides you greater visibility and increased protection for endpoints that leave the local intranet by providing the following features: - Suspicious Object list synchronization - Sample submission - Log submission - Agent status information submission, such as current pattern and component versions Suspicious File Sample Submission ------------------------------------------- To further enhance your integration with a Deep Discovery Virtual Analyzer, OfficeScan agents can now detect and send suspicious files that may contain previously unknown threats directly to the Virtual Analyzer for further analysis. After verifying that a threat exists, the Suspicious Object lists are immediately updated and synchronized to all agents, preventing the threat from spreading across your network. Anti-exploit Protection ------------------------------- Real-time Scan allows you to detect and block threats using Common Vulnerabilities and Exposures (CVE) exploits. Behavior Monitoring can also detect abnormal program behavior that is common to exploit attacks. Suspicious Connections Enhancement ------------------------------------ You can now configure the Suspicious Connections feature to log or block network connections detected by the Global C&C IP list and malware network fingerprinting. Firewall Enhancements ------------------------------------ The application filter of the OfficeScan Firewall now supports Windows 8 and later platforms. You can grant OfficeScan agents users the privilege of configuring the firewall security level and exceptions list. Independent Mode ----------------------------------- The previously named ˇ§Roamingˇ¨ mode has been renamed as ˇ§Independentˇ¨ mode. Platform and Browser Support ----------------------------------- This version of OfficeScan provides support for the following: - Microsoft(TM) Windows(TM) Server 2016 3. Document Set ======================================================================== The document set for the OfficeScan agent includes: * Readme file - Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation. * Help - HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information. The Help is accessible from the OfficeScan agent console. * Knowledge Base - An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com 4. System Requirements ======================================================================== The OfficeScan agent can be installed on endpoints running Microsoft Windows platforms. The OfficeScan agent is also compatible with various third-party products. Visit the following website for a complete list of system requirements and compatible third-party products: http://docs.trendmicro.com/en-us/enterprise/officescan.aspx 5. Installation ======================================================================== The OfficeScan administrator in your organization is responsible for installing and upgrading OfficeScan. Contact the administrator if you have questions or concerns about the installation or upgrade. 6. Post-Installation Configuration ======================================================================== If your OfficeScan administrator grants you the privileges to modify scan settings, you can specify how OfficeScan handles security risks on your endpoint. To determine if you have the privileges to modify scan settings, open the OfficeScan agent console and check if the "Settings" menu is active. You can open the console from the Start menu or from the icon in the system tray. * To open the console from the Start menu, select "Programs > Trend Micro OfficeScan Agent > OfficeScan Agent". * To open the console from the system tray, right-click the OfficeScan icon and then select "Open OfficeScan Agent Console". 7. Known Issues ======================================================================== The following are the known issues in this release: Agent Installation, Upgrade, and Uninstallation ==================================================================== 1. The OfficeScan agent is unable to query the web reputation servers after performing a fresh installation or upgrade. To resolve the issue, ensure that agents restart their computers if a restart notification appears. 2. When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan agent cannot be installed or upgraded. Before upgrading or installing OfficeScan, ensure that no SCM-locking application is running. 3. The OfficeScan agent unloads and then reloads three times when upgraded to this version. This happens if the agent upgrades, applies smart scan as its scan method, and then applies the domain level scan method. 4. Installing OfficeScan agents to Windows 7 or Windows Server 2008 R2 using a GUEST OS running on VMware Workstation 6.x and below may cause the system to stop responding. This is because of compatibility issues with the Intel(TM) Network Adapter Driver. 5. When installing the OfficeScan agent on Windows 8 and Windows Server 2012 platforms using the browser-based installation method, the installation is unsuccessful if the user is currently in Windows UI mode. This is due to Internet Explorer 10 not allowing ActiveX controls to run. To resolve this issue: Switch to desktop mode on Windows 8 and Windows Server 2012 platforms while performing a browser-based installation of the OfficeScan agent. 6. The OfficeScan agent program name does not display in all languages. 7. If the OfficeScan server computer or an agent endpoint has not properly updated its root certificate(for example, the computer does not have an Internet connection), OfficeScan cannot verify the computer's digital signatures during Inter-Process Communication (IPC). To solve this issue, you must manually update the root certificate or perform a Windows Update. Scanning ==================================================================== 1. A Microsoft Hyper-V virtual machine might not be able to start if the host computer has OfficeScan agent installed. This is because the OfficeScan agent and Hyper-V virtual machine accesses the same Hyper-V xml file and causes file access violation. As a workaround: * Set exclusion folder for the virtual machine xml file located in C:\ProgramData\Microsoft\Virtual Machine Manager\. * Turn off file mapping scan by modifying the TmFilter/TmxpFilter registry value. 2. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/ grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware. 3. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service agent. 4. When an email containing an attachment with spyware/grayware is retrieved through Eudora email agent and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora agent displays a message informing the user that access to the email is denied. 5. In a Citrix environment, when the OfficeScan agent detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions. Security risk can be any of the following: * Virus/Malware * Spyware/Grayware * Firewall policy violation * Web Reputation policy violation * Unauthorized access to external devices 6. After updating the agent program, the "Prompt users before executing newly encountered programs downloaded through HTTP or email applications (Server platforms excluded)" setting does not take effect until the agent program or endpoint is restarted. 7. After pausing a manual scan with only a few files remaining, when you click the "Resume" button, the scan status does not change to "Scanning" because the scan already completed before the "Pause" action was executed. Agent Update ==================================================================== 1. OfficeScan agents with agent-level settings can only download settings from the OfficeScan server, not Update Agents. 2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded. Agent Management ==================================================================== 1. If the agent security level configured on the web console is set to "High", connection through Nortel VPN agent cannot be established. 2. Select the "Show icon and notifications" option to display the OfficeScan icon in the Windows 7 and 8 system tray. The default option for Windows 7 and 8 is "Only show notification". 3. Some agent console screens include a Help button, which, when clicked, opens context-sensitive, HTML-based Help. Because Windows Server Core 2008 lacks a browser, the Help will not be available to the user. To view the Help, the user must install a browser. Data Loss Prevention ==================================================================== 1. Data transmitted through Instant Messaging applications are not detected if the applications use a non-transparent proxy server. 2. After upgrading the OfficeScan agent to OfficeScan 11.0 from an OfficeScan version prior to 10.6 SP3, the preexisting agent- side Data Loss Prevention logs are deleted (unless updating from the OfficeScan 10.6 SP2 DLP Enhancement Patch). OfficeScan Firewall ==================================================================== 1. For Windows XP and Windows Server 2003 platforms, incoming packets to a computer on a VMware agent are dropped if the endpoint has the OfficeScan agent installed. Workaround: a. On the agent computer, open Registry Editor. b. Add the following registry value: Key: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp\CurrentVersion\PFW for x64 computers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432\TrendMicro\ PC-cillinNTCorp\CurrentVersion\PFW Name: EnableBypassRule Type: REG_DWORD Value: 1 c. Reload the agent for settings to take effect. Web Reputation ==================================================================== 1. Agents can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue: a. Connect to the network using Juniper Networks VPN. b. Open Internet Option > Connection > LAN Settings. c. Disable Automatic configuration settings. d. Enable Proxy server and specify the IP address and port of your proxy server. e. Click Ok. 2. Due to the blocking of add-ons in Internet Explorer 10, HTTPS scanning only supports Windows 8 or Windows 2012 platforms operating in desktop mode. 3. If users access the Internet using Firefox and a proxy server, be sure that proxy settings in Internet Explorer have been configured. If proxy settings have not been configured in Internet Explorer, Web Reputation will not work, even if proxy settings have been configured in Firefox. 8. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro(TM) Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2016, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing information can be viewed from the OfficeScan web console.