<<<>>> Trend Micro, In. July 9, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) 5.80 English Version for Microsoft(TM) Windows(TM) and Novell(TM) Netware(TM) Patch 3 - Build 1403 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About Trend Micro ServerProtect 5.80 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About ServerProtect 5.80 ====================================================================== ServerProtect is an award-winning software that protects file servers on corporate networks. It is specifically designed to protect the entire network from viruses of any kind by adopting advanced virus-catching technology to help ensure that your network stays virus-free. ServerProtect detects new file infections, identifies viruses in existing files, and detects activity indicating that an unknown virus may have entered the network environment on either the server or workstation. 1.1 Overview of this Release =================================================================== This Patch includes all modifications released since ServerProtect 5.80 General Release Build 1116. 1.2 Who Should Install this Release =================================================================== You should install this Patch if you are running ServerProtect 5.80 for Microsoft Windows and Netware Build 1116 or any higher version. 2. What's New ====================================================================== Note: Please install this Patch before completing any procedure in this section (see "Installation"). This Patch addresses the following issues and includes the following enhancements: 2.1 Enhancements =================================================================== Patch 3 contains the following enhancements: Enhancement 1: [Hot Fix 1351] Normal Server Updates - Users can now configure an Information Server to regularly check the build version of Normal Servers and to automatically send a command to a Normal Server to download and apply the latest hot fix or patch if it detects that the Normal Server's build version is lower than the latest hot fix or patch on the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: a. Install this Patch (see "Installation"). b. Open a registry editor on the Information Server. c. Add the following keys and set the appropriate values. Paths: - 32-bit Information Servers: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion - 64-bit Information Servers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\ServerProtect\CurrentVersion Keys: - AutoUpdateNS=1, enables the feature =0, (default) disables the feature - AutoUpdateNSTime= frequency at which the Information checks the build version of Normal Servers in minutes divided by two, the default value is 30 which means 30*2=60 minutes or 1 hour Type: DWORD Enhancement 2: [Hot Fix 1359 EN] Product Information Updates - ServerProtect now regularly sends product information updates to the BIF server. These updates contain product information including the activation keys for ServerProtect and use the "template.xml" file. Enhancement 3: [Hot Fix 1361 JP] ServerProtect Icon - Users can now set whether the ServerProtect for Microsoft Windows Server and Novell Netware Icon appears or does not appear in the taskbar of Windows versions higher than Windows Server 2003. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure this option: a. Install this Patch (see "Installation"). b. Open a registry editor on the Normal Server. c. Add the following key and set the preferred value. Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: isServiceTrayDisabled Type: DWORD Value: 1 = the ServerProtect icon does not appear in the Windows taskbar 0 = (default) ServerProtect icon appears in the Windows taskbar d. Restart ServerProtect. Enhancement 4: Trend Micro Management Communication Protocol (MCP) - ServerProtect for Microsoft Windows Server and Novell Netware now supports MCP and allows users to register it to Trend Micro Control Manager(TM) through the ServerProtect Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To configure this option: a. Install this Patch and install Management Communication Protocol (MCP) CMAgent or migrate Trend Micro Infrastructure (TMI) CMAgent to MCP CMAgent(see "Installation" for detail). b. Click Start > ServerProtect Management Console c. Do one of the following -Click CMAgent Setting on the side bar. -Click Do > CMAgent Setting on the main menu. d. Input corresponding information, and register to Control Manager(see online help of ServerProtect Management Console for detail). Note: Install the "tmcm-55-win-en-sp1-patch4" update or higher version release for Control Manager 5.5, or install "tmcm_60_sp1_win_en_hfb2182" update or higher version release for Control Manager 6.0. ServerProtect may display a wrong group folder name on Management Console. See Known Issues for details. 2.2 Resolved Known Issues =================================================================== Patch 3 resolves the following issues: Issue 1: Hot fix versions recorded in the Information Server change to incorrect values after the ServerProtect for Microsoft Windows and Netware Normal Server updates files from the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot fix 1280 EN] This hot fix ensures that the correct hot fix versions are recorded in the Information Server. Issue 2: Sometimes the ServerProtect for Microsoft Windows Normal Server cannot load the Rootkit Common Module (RCM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 1289 EN] This hot fix enables the ServerProtect for Microsoft Windows Normal Server to load the RCM without issues. Issue 3: A component update fails when the Normal Server does not create an RPC binding with the Information Server. While the Information Server has multiple IP addresses, it only uses one IP address in this situation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1279 JP] This hot fix resolves this issue by enabling the Normal Server to create an RPC binding using a fixed IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To set the Information Server's fixed IP address: a. Install this Patch (see "Installation"). b. Add the following key to the registry and set an appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\RPC Key: FIXAgentAddress Type: REG_SZ Value: Information Server's fixed IP address c. Open the "SPNSOPT.dat" file and set the value of the "HostName" key under the "FixedComputerIP" section to the preferred IP address: For example [FixedComputerIP] HostName=172.31.0.80 Issue 4: A handle leak issue occurs on "SpntSvc.exe". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot fix 1287 JP] [Hot fix 1281 JP] This hot fix resolves the handle leak issue. Issue 5: The Management Console receives a failed update message when the Information Server deploys a pattern update to the Normal Server while the Normal Server's pattern file is up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot fix 1284 JP] This hot fix resolves this issue. Issue 6: Users cannot uninstall the ServerProtect Management Console if it is installed on a computer where both the Information and Normal Servers are installed and the installation directory is not the default folder "C:\Program Files\Trend". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot fix 1285 JP] This hot fix ensures that users can uninstall the ServerProtect Management Console from affected computers. Issue 7: While ServerProtect is deploying a hot fix, the command line for the hot fix process starts with a double quote '"' but does not end with a corresponding double quote '"'. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot fix 1286 JP] This hot fix ensures that the command line ends with a double quote. Issue 8: Before scanning a compressed file, ServerProtect first determines whether the file can be scanned or not by checking if the content file size exceeds the maximum content file size configured by the user. There is no limitation to the value that users can set the maximum content file size to. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hot fix 1288 JP] This hot fix enables ServerProtect to limit the maximum content file size value to 2 GB only. Issue 9: When the ServerProtect Normal Server is installed in the same folder as the Control Manager Server and users uninstall the ServerProtect Normal Sever, the Control Manager binaries will also be removed. This causes the Control Manager Server to behave abnormally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hot Fix 1292 JP] This hot fix prevents the ServerProtect uninstallation program from removing the Control Manager binaries. Issue 10: The date information in the header of ServerProtect email notifications use GMT time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hot Fix 1293 JP] This hot fix ensures that the date information in the ServerProtect email notification header use the computer's local time. Issue 11: A vulnerability in the "mrf.exe" module of the Trend Micro Infrastructure (TMI) service may allow an attacker to execute arbitrary codes on vulnerable installations of CMAgent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Critical Patch 2 EN] This hot fix removes the vulnerability to prevent malicious attacks. Issue 12: Control Manager receives incorrect ServerProtect pattern and engine deployment status information. This causes the Control Manager console to display the pattern and engine deployment status as "failed" even when the components were deployed successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hot Fix 1298 JP] This hot fix helps enable ServerProtect to send the correct pattern and engine deployment status to Control Manager. This ensures that the correct component deployment status appear on the Control Manager console. The solution in this hot fix requires that users install a corresponding Control Manager hot fix first and is disabled by default. Refer to the following procedure for specific steps to enable this hot fix solution. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To enable this solution: a. Install this Patch (see "Installation) and the Control Manager 6.0 GM or Control Manager 5.5 Hot Fix 1600 (tmcm_55_win_en_hfb1600.exe ). If a higher build has been released, you need to install the latest Control Manager patch. b. Open a registry editor on the Information Server. c. Create the following registry key and set its value to "1". Paths: - For 32-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - For 64-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\ SPNT Key: FixCommandStatus Type: DWORD Value: "1", enables the solution "0", disables the solution d. Restart the following services on the Information Server: - Trend Micro Management Infrastructure - Trend ServerProtect Agent Issue 13: The Management Console cannot display the exclusion list correctly when Trend Micro ScanMail(TM) (for Microsoft Exchange) is in the exclusion list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Hot Fix 1301 EN] This hot fix enables the Management Console to display the exclusion list without issues. Issue 14: An online Normal Server installed on a Windows Storage Server 2008 operating system displays a red stop icon on the Management Console. This issue occurs when the TCP connection between the Management Console and Information Server is broken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: [Hot Fix 1306 JP] This hot fix resolves this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To enable the solution: a. Install this Patch (refer to "Installation"). b. Open a registry editor on the Information Server. c. Create the following registry key and set its value to "1". Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion Key: EnableReConIS Type: DWORD Value: "1", to enable the solution "0", to disable the solution Issue 15: After Control Manager updates the ServerProtect scan engine or pattern file, ServerProtect sends the wrong "last update" time entries for the scan engine or pattern file to Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: [Hot Fix 1325 JP] This hot fix enables ServerProtect to send the correct "last update" time entries to Control Manager after it updates the ServerProtect scan engine or pattern file. This ensures that Control Manager can display the correct engine and pattern "last update" time information. Note: The existing pattern and engine "last update time" information in Control Manager will be updated after the next successful engine or pattern file update. Issue 16: Control Manager shows "56" in the "Event Type" column of ad hoc queries when it receives a "spyware pattern out-of-date" event log from ServerProtect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Hot Fix 1311 JP] This hot fix can help resolve this issue but requires users to install Control Manager 5.5 Hot Fix 1636 (tmcm_55_win_en_hfb1636.exe) to work. If a higher build has been released, you need to apply the latest Control Manager patch. Issue 17: The ServerProtect Management Console may display the version number of the Virus Scan Engine for the NetWare Server in the wrong format. This issue affects Virus Scan Engine 10 and higher versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Critical Patch 1314] This critical patch ensures that the ServerProtect Management Console displays the version number of the Virus Scan Engine for NetWare Servers in the correct format. Issue 18: The quarantine folder exclusion settings do not apply to task scans. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [Hot Fix 1316 JP] This hot fix enables ServerProtect for Microsoft Windows to apply the quarantine folder exclusion settings to task scans. Issue 19: "SpntSvc.exe" encounters a handle leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [Hot Fix 1320 EN] [Hot Fix 1281] These hot fixes resolves the handle leak issue to enable the "SpntSvc.exe" to run without issues. Issue 20: Sometimes, ServerProtect event logs show the "Clean Success" action result but the corresponding email notifications report that the action result is "Clean Fail". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: [Hot Fix 1321 JP] This hot fix ensures that the action results displayed in ServerProtect event logs and the corresponding email notifications are consistent and correct. Issue 21: Control Manager receives incorrect ServerProtect hot fix deployment status information. This causes the Control Manager console to display the hot fix deployment status as "failed" even when the hot fix was deployed successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: [Hot Fix 1322 JP] This hot fix enables ServerProtect to send the correct hot fix deployment status to Control Manager. This ensures that the correct hot fix deployment status appear on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 21: To enable this hot fix solution: a. Apply this Patch (see "Installation) and any of the following Control Manager builds: - Hot Fix 1600 (tmcm_55_win_jp_hfb1600.exe ) - the latest Control Manager patch, if a higher build has been released b. Open a registry editor on the Information Server. c. Create the following registry key and set its value to "1". Paths: For 32-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT For 64-bit operating systems HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\SPNT Key: FixCommandStatus Type: DWORD Value: "1", to enable this hot fix "0", to disable the hot fix d. Restart the following services on the Information Server: - Trend Micro Management Infrastructure - Trend ServerProtect Agent Issue 22: The management console displays a task's "Last Perform Time" information in UTC format instead of based on the local time. This occurs when the task runs immediately after the Management Console is opened. The issue can be resolved by reopening the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: [Hot Fix 1324 JP] This hot fix adds a synchronizing mechanism to ensure that the time zone information is properly initialized before allowing the system to use this information. Issue 23: When a new pattern version is available and the Normal Server attempts to update, an API issue that occurs under certain conditions can cause the update to fail and the corresponding ServerProtect event log to incorrectly state that there is no need to update the pattern. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: [Hot Fix 1328 JP] This hot fix resolves the API issue to ensure that Normal Servers can successfully update the pattern file without issues and that the corresponding event log is generated with the correct information. Issue 24: When CMAgent is at debug level "2", some logs are added to the debug log each time the CMAgent sends a status log for a Normal Server to Control Manager. This can cause the size of the "Agent_SPNT.log" file to increase rapidly when a large number of Normal Servers are connected to the Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: [Hot Fix 1329 EN] This hot fix changes the level of these debug logs from "FATAL" to "INFO". Since only the fatal logs are recorded in the debug log when the debug level is set to "2", this can prevent the "Agent_SPNT.log" file from growing rapidly while the debug level is set to "2" and a large number of Normal Servers are connected to the Information Server. Issue 25: The "entitymain.exe" process stops unexpectedly when it receives a command that does not match its request. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: [Hot Fix 1338 JP] This hot fix enables "entitymain.exe" to handle incorrectly-formatted commands to prevent it from stopping unexpectedly when it receives such commands. Issue 26: Sometimes, Control Manager cannot deploy engine files to two or more Normal Servers simultaneously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Critical Patch 1340 EN] This critical patch ensures that Normal Servers can successfully receive engine file deployment commands from Control Manager. Issue 27: Control Manager shows the wrong operating system name for Information Servers and Normal Servers that are deployed on the Windows Server 2012 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: [Critical Patch 1340 EN] This critical patch ensures that Control Manager shows the correct operating system name for each Information Server and Normal Server. Issue 28: Outbreak Prevention Services cannot be deployed from Control Manager to Normal Servers that have been deployed on the Windows Server 2008 or Windows Server 2012 platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: [Critical Patch 1340 EN] This critical patch ensures that Outbreak Prevention Services can be successfully deployed from Control Manager to Normal Servers that have been deployed on the Windows Server 2008 or Windows Server 2012 platform. Issue 29: The wrong platform information appears for Normal Servers and Information Servers running on the Windows Server 2012 R2 platform on both the Management Console and the Control Manager server console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: [Hot Fix 1364 EN] This hot fix ensures that the correct platform information for Normal Servers and Information Servers appear on the Management Console and Control Manager server console. Issue 30: The Control Manager server shows the incorrect product version number for the ServerProtect Information Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: [Hot Fix 1366 EN] This hot fix changes the resource file of project "EarthAgent" to build project binaries with the correct file version number. Issue 31: Under certain conditions, ServerProtect may stop unexpectedly while running a manual or scheduled scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: [Hot Fix 1349 JP] This hot fix ensures that ServerProtect does not stop unexpectedly while running manual and scheduled scans. Issue 32: The "entitymain.exe" process stops unexpectedly while attempting to access an invalid handle. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: [Hot Fix 1350 JP] This hot fix prevents "entitymain.exe" from attempting to access invalid handles. Issue 33: Sometimes, users cannot remotely install ServerProtect for Microsoft Windows and Novell NetWare because the remote installation tasks attempts to start ServerProtect on the remote machine before the VSAPI engine on the machine can successfully load the VSAPI pattern. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: [Hot Fix 1368 JP] This hot fix enables users to configure the amount of time the remote installation task should wait for the target machine to receive the VSAPI pattern successfully before it attempts to start ServerProtect on the remote machine. Users should configure this value depending on their current network conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 33: To configure the timeout value: a. Install this Patch (see "Installation). b. Open a registry editor on the source Normal Server. c. Add the following registry key and set its value to the preferred timeout value in seconds depending on the current network conditions. This key supports values between 10 and 120 seconds. Path: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: RemoteInstallWaitSeconds Type: DWORD Value: preferred timeout value between 10 and 120 seconds ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 34: Control Manager sometimes shows a message stating that it failed to deploy pattern or engine files to the ServerProtect Normal Server, even though the Normal Server updated the pattern or engine files successfully. If the Control Manager Agent for ServerProtect does not receive the deploy result in one minute, it sends an update failed result to Control Manager without checking the actual update result. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: [Hot Fix 1371 EN] This hot fix enables users to configure the time-out value of the Control Manager Agent for ServerProtect. Users should configure this value depending on their current network conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 34: To configure the time-out value: a. Install this hot fix (see "Installation). b. Open a registry editor on Information Server. c. Add the following registry key and set its value to the preferred time-out value in seconds depending on current network conditions. This key supports values between 60 and 600 seconds. Path: - 32-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT - 64-bit Information Servers: \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ TrendMicro\TrendMicro Control Manager Agent\SPNT Key: SocketTimeoutSeconds Type: DWORD Value: Preferred timeout value is between 60 and 600 seconds 3. Documentation Set ====================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get ServerProtect "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of ServerProtect. o Getting Started (or Administrator's) Guide -- product overview, installation planning, installation and configuration instructions, and basic information intended to get you "up and running." o Readme.txt files -- version enhancements, basic installation, known issues, and release history. o Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ====================================================================== Refer to the ServerProtect for Microsoft Windows and Netware 5.80 readme file for the complete list of system requirements. 5. Installation/Uninstallation ====================================================================== 5.1 Installation =================================================================== To apply this Patch from the same computer as the Information Server: 1. Close the management console. If this is not running at the time of installation, proceed with the next step. 2. Copy the "spnt_580_win_en_patch3.exe" patch installation file to a temporary folder. 3. Run the Patch file. The license screen appears. 4. If you disagree with the terms of the legal agreement, choose the "I do not agree with the terms of the legal agreement." option and click "Cancel" to abort the installation. Otherwise, choose the "I accept the terms of the legal agreement" and click "Next". The "readme" appears. 5. Read the contents of the readme carefully and click "Install". A message-box appears to remind you that the Trend Micro Infrastructure (TMI) CMAgent will be migrated to Management Communication Protocol (MCP) CMAgent. 6. If you don't want to upgrade Trend Micro Infrastructure (TMI) CMAgent to the Management Communication Protocol (MCP) CMAgent, click "No" and the installation abort. Otherwise, click "Yes". Notes: - Once Trend Micro Infrastructure (TMI) CMAgent is installed on the Information Server, the TMI agent will be automatically upgraded to the Management Communication Protocol (MCP) CMAgent. - If Trend Micro Infrastructure (TMI) CMAgent is not installed on the Information Server, a "Trend Micro strongly recommends installing Trend Micro Management Communication Protocol (MCP) Control Manager Agent for ServerProtect. Click Yes to install MCP Control Manager Agent for ServerProtect now, or click No to install it later." message box appears after copying all patch files. If you want to install the MCP CMAgent click "Yes", otherwise, click "No". The "MCP_CMAgent.exe" installation package will be copied to the ".\SProtect\SMS\CMAgent\" folder. You can run the package to install the MCP CMAgent. - The Information Server deploys the Patch to Normal Servers 30 seconds after the installation is completed and restarts the ServerProtect services. If the installation does not complete successfully, contact Trend Micro technical support. To apply this Patch to a management console that is not associated with the computer hosting the Information Server: 1. Apply the Patch to the Information Server. 2. Close the management console. 3. Go to the management console home directory and backup the following five files to another location. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 4. On the Information Server, copy the following files from the Information Server home directory to the management console home directory to overwrite the local files. - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 5.2 Uninstallation =================================================================== To roll back to the previous build: 1. On the Normal Server, run the following shell command to stop the Normal Server service: net stop spntsvc 2. On the Information Server, run the following shell commands to stop the Information Server service and Trend Micro Management Infrastructure service: net stop earthagent net stop "TrendMicro Infrastructure" 3. On the Normal Server, rename the backup files in the ServerProtect home directory and use them to replace the current files. The names of the backup files have "bak" in the extension. 4. On the Information Server, open the Information Server's home directory and copy the files from the ".\is_backup\filegroup10" folder and ".\is_backup\filegroup100" folder to the current directory. If you install MCP CMAgent, please remove it from Control Pane manually. 5. On the Normal Server, run the following command to start the Normal Server service: net start spntsvc 6. On the Information Server, run the following commands to start the Information Server service and Trend Micro Management Infrastructure service: net start earthagent net start "TrendMicro Infrastructure" Note: The "TrendMicro Infrastructure" refers to the CMAgent Service. You only need to issue the 'net end/start "TrendMicro Infrastructure"' commands if this service is installed. 6. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this Patch. 7. Known Issues ====================================================================== The following are the known issues in this release: 7.1 Anti-Rootkit driver may not be installed successfully if users do not restart the computer after a Microsoft Windows update. =================================================================== To resolve this issue, users need to restart the computer after a Microsoft Windows update. This allows a successful Anti-Rootkit driver installation. 7.2 ServerProtect may display an incorrect group folder name on CM Agent Settings screen on Management Console. =================================================================== This patch upgrades Trend Micro Management Infrastructure (TMI) Control Manager Agent for ServerProtect to Trend Micro Management Communication Protocol (MCP) Control Manager Agent. Since the group folder name of ServerProtect entities is saved in the Control Manager database, ServerProtect is unable to retrieve the folder name after the upgrade, and displays the folder name as "New Entity". However, ServerProtect keeps all the entities under the original folder. To resolve this known issue, unregister ServerProtect from Control Manager via the ServerProtect Management Console, rename the group folder name, and then register ServerProtect again to the Control Manager. 8. Release History ====================================================================== Previous releases include the following: - ServerProtect for Microsoft Windows and Netware 5.80 Patch 2, January 14, 2011 - ServerProtect for Microsoft Windows and Netware 5.80 Patch 1, May 21, 2010 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== ServerProtect for Microsoft Windows and Novell Netware 5.8 Patch 1 provides the following enhancements: Enhancement 1: Log-purging Based on Database Size/Age - The "SpntLog.dbf" file records ServerProtect logs. Users can now configure ServerProtect to create a backup for this file when the database file exceeds the specified size or number of days, After ServerProtect creates the backup file, it generates an empty database file and renames the backup file using the time when the backup file was created in the following format: Spnt(YYYYMMDDhhmmss)_S.dbf (if triggered by database size) Spnt(YYYYMMDDhhmmss)_D.dbf (if triggered by database age) where "YYYYMMDDhhmmss" is year, month, day, hour, minute, and seconds. For example, if the backup file for "SpntLog.dbf" is created on October 24, 2001, 12 seconds after 10:53 am, and the database size exceeds the specified size, ServerProtect will rename the backup file as "Spnt20011024105312_S.dbf". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure this option: a. Open a registry editor on normal server. b. Add the following keys and set the appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: MaxDbSize (maximum database size, in MB) MaxDbDay (maximum database age, in days) Type: DWORD Default Value: if the keys do not exist, ServerProtect purges logs when the database exceeds 10 MB c. Restart the Normal Server. Note: These two keys are independent of each other, which means that you can add one or both keys. Enhancement 2: Extension Exclusion: Patch 2 enables users to configure ServerProtect to exclude certain file name extensions from scans through the management console. 8.1.2 Resolved Known Issues =================================================================== ServerProtect for Microsoft Windows and Novell Netware 5.80 Patch 1 resolves the following issues: Issue 1: For the Information Server, users can use the scan profile as a template when they configure ServerProtect to run "Scan Now" tasks. Using the template allows the user to exclude the quarantine and backup folders from task scans. Users can enable the function by setting "RecordBack&Move=1" manually. However, a user requests that this key be enabled by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The "RecordBack&Move" option has been removed and users can now configure ServerProtect to exclude the quarantine and backup folders from task scans by default using the "Scan Now" settings. Issue 2: When users right-click the "Virus Cleanup Engine" column on the management console, the corresponding details are shown correctly. However, when users close and reopen the management console, the "Virus Cleanup Engine" column disappears. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been resolved. Issue 3: The Normal Server restarts when the deploy task includes the Rootkit Common Module (RCM) even when all components are up-to-date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue has been resolved. Issue 4: The Information Server encounters a general protection fault (GPF) while decrypting Remote Procedure Call (RPC) commands from the Normal Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The Information Server can now successfully decrypt RPC commands from the Normal Server. Issue 5: The following issues occur during ServerProtect pattern deployment: - NetWare needs to allocate 30 to 50 MB of memory for the deployment which may cause memory allocation failure. - While the Information Server is sending the pattern file to NetWare and the network connection is interrupted, there is no re-send process to ensure the success of the transfer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The "SPNT" ServerProtect pattern deployment process has been added to enable: - NetWare to allocate only 4 KB of memory at a time to pattern deployment. - the Information Server to re-send the pattern file to NetWare when the network connection is interrupted during transfer. Issue 6: The Normal Server stops unexpectedly when users click the Normal Server to view logs from the management console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The multi-thread mutex mechanism for querying the log database has been improved to resolve the issue. Issue 7: When a user restores the Information Server from the backup data, the created Task Data cannot be restored successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This issue has been resolved. Issue 8: Some users encounter a high CPU usage issue after a pattern update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: Users can now disable "tsc.exe" to prevent the high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To disable "tsc.exe", open the registry editor, create the following key, and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: DisableTSCAfterPatternUpdate Type: DWORD Values: "1" = disables "tsc.exe" "0" = enables "tsc.exe" Issue 9: After migrating ServerProtect from version 5.7 or 5.58 to 5.8, a "No spyware detected" log is created in the scan results on the Normal Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This issue has been resolved. Issue 10: The generated email notification message IDs are incorrect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This issue has been resolved. 8.2 Patch 2 =================================================================== 8.2.1 Enhancements =================================================================== ServerProtect for Microsoft Windows and Novell Netware 5.80 Patch 2 does not contain any enhancement. 8.2.2 Resolved Known Issues =================================================================== ServerProtect for Microsoft Windows and Novell Netware 5.80 Patch 2 resolves the following issues: Issue 1: When a pattern file update runs before a previous update task completes, the pattern file update fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: ServerProtect can now support multiple update tasks running simultaneously and now uses a time-out mechanism for update tasks. ServerProtect now also automatically terminates update tasks that do not complete within 30 minutes and creates new update tasks for these. Issue 2: Trend Micro Vulnerability Scanner can only detect ServerProtect versions released before version 5.8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: ServerProtect 5.8 now processes specific unencrypted RPC commands from the Trend Micro Vulnerability Scanner. This enables the Trend Micro Vulnerability Scanner to detect ServerProtect 5.8. Issue 3: To provide better protection, Trend Micro has made some improvements on the virus pattern file. However, this upgrade may introduce performance issues. To prevent these issues, users need to enable the Pattern Off-Load (POL) feature of the VSAPI virus scan engine, but the POL feature is not configurable in ServerProtect on a Novell NetWare Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Users cannot configure the VSAPI POL feature in ServerProtect on a Novell NetWare Server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 3: To configure the POL feature: a. On the Novell Netware Server, open the "spnwopt.ini" using a text editor. b. Add the "POLEnable" key and set the appropriate value. POLEnable = "1" = enables the POL feature = "0" or when the key does not exist = disables the POL feature c. Save the changes and close the file. Issue 4: Some unreadable characters may be inserted in the subject headers of SMTP notification email messages when these subject headers are encoded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Users can now enable or disable the encoding of email subject headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To enable or disable the encoding of email subject headers, add the following key to the registry and set the appropriate value: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Notification Key: EnableEncode Type: DWORD Value: "0", disables the encoding of email subject headers "1", enables the encoding of email subject headers Issue 5: ServerProtect 5.80 Information Servers cannot deploy pattern information to managed ServerProtect 5.58 Normal Servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This issue has been resolved. Issue 6: BSOD may occur in "SpntSvc.exe" when a Normal Server tries to retrieve pattern file information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: ServerProtect now uses an exclusion algorithm for pattern-related APIs which resolves the issue. Issue 7: Sometimes, some unreadable characters are inserted in the message body of SMTP notification email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The message body of SMTP notification email messages are translated from Shift-JIS format to JIS format. Issue 8: "Spntsvc.exe" stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The RPC communication process between Information Servers and Normal Servers has been improved to resolve this issue. Issue 9: ServerProtect for Microsoft Windows and Novell Netware 5.8 uses the SSAPTN pattern (component id = 0x20000400) to scan for spyware and grayware. However, status logs that the ServerProtect agent sends to the Control Manager server contain the following incorrect line:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: Users can now configure the ServerProtect agent to use "SLF_TMASSA" instead of "SLF_SpywareVersion" in status logs that it sends to the Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 9: To configure the ServerProtect agent to use "SLF_TMASSA" in status logs that it sends to the Control Manager Server, open a registry editor, create the following key, and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ TrendMicro Control Manager Agent\SPNT Key: EnableTMASSA Type: DWORD Value: "0", use "SLF_SpywareVersion" "1", use "SLF_TMASSA" Issue 10: When ServerProtect for Microsoft Windows and Novell Netware attempts to perform a component update, the update fails and a "20110013" error occurs. This causes a soft abend (abnormal termination) in ServerProtect for Microsoft Windows and Novell Netware. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This issue has been resolved. Issue 11: By default, when "SpntSvc" starts, it waits for the Damage Cleanup Engine (DCE) to complete its scan before continuing with its own start up process. If DCE takes too long to scan, "SpntSvc" times out and does not start. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This issue has been resolved. Issue 12: After ServerProtect Microsoft Windows and Novell Netware registers to the Control Manager server, ServerProtect for Microsoft Windows and Novell Netware command log and virus log entries are sent to the Control Manager server's "tb_AVVirusLog" table. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: Now, only ServerProtect for Microsoft Windows and Novell Netware virus log entries are sent to the Control Manager server's "tb_AVVirusLog" table. Issue 13: ServerProtect for Microsoft Windows and Novell Netware cannot record a "ssaptn pattern out of date" message for pattern files that have version numbers above 997 even if the pattern file has been out-of-date for some time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: ServerProtect for Microsoft Windows and Novell Netware now uses the "last modify time" information of the pattern file instead of the internal timestamp information to resolve this issue. Issue 14: When the Information Server starts up, the system generally produces a new GUID, which is used to encrypt an RPC package and cannot be configured. Every time the Information Server starts up, the system changes the GUID. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: Users can now prevent the system from changing the GUID during startup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 14: To configure the GUID setting: a. Open the registry editor on the Information Server. b. Add the following key and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\ InformationServer Key: GUIDSwith Type: DWORD Value: "1", to Disable GUID change "0", enables GUID change Issue 15: ServerProtect 5.8 is unable to update the spyware pattern from version 0.9xx.00 to 1.xxx.00 or higher. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: ServerProtect 5.8 can now update the spyware pattern from version 0.9xx.00 to 1.xxx.00 or higher. Issue 16: When a computer restarts, the RCM will be uninstalled and the "PermCount" registry key of RCM is sometimes lost or its value increases to more than two. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: The installation type of RCM has been modified so the installation keeps the driver after using RCM or restarting. RCM is no longer uninstalled automatically when the computer restarts and "PermCount" remain normal. Issue 17: The Control Manager agent of ServerProtect 5.80 encounters a GPF when sending event logs to the Control Manager server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This issue has been resolved. 9. Files Included in this Release ====================================================================== Module File Name Build No. ------------------------------------------------------------------- Management Console Admin.exe 5.80.0.1403 Adm_enu.dll 5.80.0.1403 AgentClient.dll 5.80.0.1403 spuninst.exe 5.80.0.1403 Spuninstrc.dll 5.80.0.1403 ADM_ENU.chm n/a Control Manager Agent libEN_Product.dll 5.80.0.1403 Uninst.dll 5.80.0.1403 Entitymain.exe 2.50.0.1411 EN_Utility.dll 2.50.0.1411 LibEN_Conf.dll 2.50.0.1411 LibEN_Logger.dll 2.50.0.1411 libEN_SendLog.dll 2.50.0.1411 data1.cab n/a data1.hdr n/a setup.ilg n/a setup.inx n/a MCP_CMAgent.exe 12.0.0.58849 MigrationToolEn.exe 12.0.0.58849 Information Server DeployTool.exe 5.80.0.1403 Earthagent.exe 5.80.0.1403 StRpcCln.dll 5.80.0.1403 Spuninst.exe 5.80.0.1403 Spuninstrc.dll 5.80.0.1403 AgentClient.dll 5.80.0.1403 TmNotify.dll 5.80.0.1403 EventMsg2.dll 5.80.0.1403 CheckEVC.dll 5.80.0.1403 RemoteInstall.exe 5.80.0.1403 StCommon.dll 5.80.0.1403 StUpdate.exe 5.80.0.1403 Notification.dll 5.80.0.1403 GetRemoteVer.dll 5.80.0.1403 ADM_ENU.chm n/a BIFSender.exe 5.80.0.1403 libcurl.dll 7.17.1.0 libeay32.dll 1.0.0.1 ssleay32.dll 1.0.0.1 zlib.dll 1.2.2.0 32-bit Normal Server AgentClient.dll 5.80.0.1403 AgRpcCln.dll 5.80.0.1403 CheckEVC.dll 5.80.0.1403 DCE.dll 5.80.0.1403 eng50.dll 5.80.0.1403 EventMsg2.dll 5.80.0.1403 GetRemoteVer.dll 5.80.0.1403 LogDb.dll 5.80.0.1403 LogDBTool.dll 5.80.0.1403 LogMaster.dll 5.80.0.1403 Notification.dll 5.80.0.1403 Quarantine.exe 5.80.0.1403 SpntSvc.exe 5.80.0.1403 spuninst.exe 5.80.0.1403 Spuninstrc.dll 5.80.0.1403 StCommon.dll 5.80.0.1403 StRpcCln.dll 5.80.0.1403 StRpcSrv.dll 5.80.0.1403 StUpdate.exe 5.80.0.1403 TmNotify.dll 5.80.0.1403 TmOpp.dll 5.80.0.1403 64-bit Normal Server AgentClient.dll 5.80.0.1403 AgRpcCln.dll 5.80.0.1403 CheckEVC.dll 5.80.0.1403 DCE.dll 5.80.0.1403 eng50.dll 5.80.0.1403 EventMsg2.dll 5.80.0.1403 GetRemoteVer.dll 5.80.0.1403 LogDb.dll 5.80.0.1403 LogDBTool.dll 5.80.0.1403 LogMaster.dll 5.80.0.1403 Notification.dll 5.80.0.1403 Quarantine.exe 5.80.0.1403 SpntSvc.exe 5.80.0.1403 spuninst.exe 5.80.0.1403 Spuninstrc.dll 5.80.0.1403 StCommon.dll 5.80.0.1403 StRpcCln.dll 5.80.0.1403 StRpcSrv.dll 5.80.0.1403 StUpdate.exe 5.80.0.1403 StUpadte_32.exe 5.80.0.1403 TmNotify.dll 5.80.0.1403 TmOpp.dll 5.80.0.1403 TrendMicro Infrastructure libMRF_AP.dll 1.12.0.1156 libMRF_CM.dll 1.12.0.1156 libMRF_Common.dll 1.12.0.1156 libMRF_DM.dll 1.12.0.1156 libMRF_Entity.dll 1.12.0.1156 libTMI_DataMarshal.dll 1.12.0.1156 mrf.exe 1.12.0.1156 MRF_CM.dll 1.12.0.1156 NetWare Normal Server lprotect.nlm 5.80.0.1403 Patch files Tmpatch.exe 2.2.0.1008 readme.txt n/a hotfix.ini n/a license.txt n/a 10. Contact Information ====================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers¡¯ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Control Manager, ScanMail, and ServerProtect are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide