Trend Micro Incorporated
March 2016
Trend Micro? Worry-Free? Business Security
Version 9.0 Service Pack 3
This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx.
Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.
Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey.aspx.
1. About Worry-Free Business Security
Trend Micro Worry-Free Business Security (WFBS) protects small business users and assets from data theft, identity theft, risky websites, and spam (Advanced Only).
Worry-Free Business Security includes the following new features and enhancements:
What's New in Worry-Free Business Security 9.0 Service Pack 3
Microsoft? Windows? 10 November Update Support
Worry-Free Business Security now supports Security Agent installation on Windows 10 machines installed with the November update.
Program Inspection
Worry-Free Business Security provides increased ransomware protection by monitoring and hooking processes on endpoints to detect compromised executable files and improve the overall detection ratio.
Document Protection Enhancements
Worry-Free Business Security improves document protection against unauthorized encryption or modification to prevent possible ransomware attacks.
Increased Behavior Monitoring Protection
Worry-Free Business Security now enables the following behavior monitoring features by default:
Ransomware Live Status Information
Worry-Free Business Security now displays a Ransomware tab under the Threat Status section of the Live Status page. The new tab provides information on the total number of blocked encryption attempts, affected devices, and ransomware detections.
SHA-2 Support
Worry-Free Business Security now supports certificates signed with SHA-2.
Worry-Free Business Security 9.0 Service Pack 3 resolves the following product issues:
Issue 1: The Trend Micro Messaging Security Agent disappears from the client tree on the Worry-Free Business Security Server management console when users reinstall the Messaging Security Agent after upgrading to Worry-Free Business Security 9.0 Service Pack 2.
Solution 1: [Hotfix: 3150] This release ensures that the Messaging Security Agent can successfully register to the Worry-Free Business Security 9.0 Service Pack 2 Security Server.
Issue 2: Protected computers may be vulnerable to ransomware from recent widespread attacks.
Solution 2: [Hotfix: 3205] This release monitors new programs downloaded through HTTP or email applications on Security Agents to increase protection against possible ransomware attacks.
Issue 3: Users may not be able to access any website after enabling the Web Reputation feature of the Worry-Free Business Security 9.0 Service Pack 2 agent.
Solution 3: [Hotfix: 3288] This release ensures that the Web Reputation feature works normally.
Issue 4: After users upgrade to Worry-Free Business Security 9.0 Service Pack 2, the "Edit settings" quick link cannot be displayed normally on the Worry-Free Business Security Server management console.
Solution 4: [Hotfix: 3290] This release ensures that the Worry-Free Business Security Server management console displays the "Edit settings" quick link correctly.
Issue 5: Users cannot redeploy the Worry-Free Security Agents using Group Policy Object (GPO) after uninstalling the Security Agents from the control panel. This happens because the Security Agent installation program detects the Worry-Free Security Agent product key that was generated by GPO and takes it to mean that the product is already installed which then triggers it to terminate the installation.
Solution 5: [Hotfix: 3304] This release ensures that users can successfully redeploy the Security Agents from GPO.
Issue 6: Users might experience a localStorage unsuccessfully browser error message while accessing the Security Agent for Security Setting page.
Solution 6: [Hotfix: 3323] This release ensures that when users browse through the client tree and the custom user interface layout setting fails, the browser displays the default user interface layout to the user.
Issue 7: The AEGIS module may trigger some processes to close unexpectedly.
Solution 7: [Hotfix: 3326] This release updates the Behavior Monitoring Service module to ensure that the AEGIS module no longer triggers processes to close unexpectedly.
Issue 8: The Microsoft Internet Explorer? add-on of Worry-Free Business Security stops unexpectedly when users browse certain websites after enabling its Browser Exploit Prevention feature.
Solution 8: [Hotfix: 3330] This release ensures that the Internet Explorer add-on works normally when the "Browser Exploit Prevention" feature is enabled.
Issue 9: ActiveSync does not work when the HTTP Authorization header field does not contain any user information.
Solution 9: [Hotfix: MSA 11.1.1306] This release
enables Worry-Free Business Security to automatically gather user
information if the HTTP Authorization header field does not contain any
user information. This helps ensure that ActiveSync works normally.
This release also addresses some Messaging Security Agent user
interface issues. After this release is applied, Worry-Free Business
Security opens the Messaging Security Agent (MSA) web console on a new Internet Explorer tab.
Issue 10: The Worry-Free Business Security 9.0 Service Pack 3 Agent program may be vulnerable to "Path Traversal" and "HTTP-Header-Injection" attacks.
Solution 10: [Critical Patch: 4060] This release improves the checking mechanism of the Worry-Free Business Security 9.0 Service Pack 3 Security Agent program to protect it against "Path Traversal" and "HTTP-Header-Injection" attacks.
What's New in Worry-Free Business Security 9.0 Service Pack 2
Windows 10 Support
Worry-Free Business Security now supports Security Agent installation on Windows 10.
Ransomware Protection for Documents
Enhanced scan features can identify and block ransomware programs that target documents that run on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs.
What's New in Worry-Free Business Security 9.0 Service Pack 1
Detection Improvements
Enhancements
Web reputation logs now include information about running processes
Usability Improvements
What's New in Worry-Free Business Security 9.0
Microsoft Exchange Support
Worry-Free Business Security now supports Microsoft Exchange? Server 2010 Service Pack 3 and Microsoft Exchange Server 2013
Windows Support
Worry-Free Business Security now supports Microsoft Windows 8.1 and Windows Server 2012 R2
Mobile Device Security
Worry-Free Business Security Advanced now supports mobile device data protection and access control. Mobile device security has the following features:
Device Access Control
Device Management
Activation Code Enhancement
Post-paid Activation Code support
Detection Improvements
Usability Improvements
The Worry-Free Business Security Standard solution consists of an on-premise server (Security Server) and desktop protection software (Security Agent).
The Worry-Free Business Security Advanced solution consists of two components hosted/offsite email protection service (Trend Micro Hosted Email Security) and on-premise server (Security Server), desktop(Security Agent), and email protection (Messaging Security Agent) software.
The documents for Trend Micro Hosted Email Security are available at http://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx.
The document set for the Worry-Free Business Security Server includes:
See the System Requirements Guide for Worry-Free Business Security 9.0 for a complete list of installation and upgrade requirements:
http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_sysreq.pdf
You can refer to the system requirements for Windows 8 or 8.1 when installing Security Agents on Windows 10 endpoints.
Important: Worry-Free Business Security 9.0 Service Pack 3 does not support running the Security Server on Windows 10 endpoints.
Important:
For Full Installation Package:
This installation package only supports fresh installation. The installation program performs a complete, sequential, fresh installation of the following releases:
Worry-Free Business Security 9.0 Service Pack 1
Worry-Free Business Security 9.0 Service Pack 3
For Standalone Package:
Be sure to install or upgrade to Worry-Free Business Security 9.0 Service Pack 2 before installing this service pack.
Download the installation packages for version 9.0 and this service pack at:
Worry-Free Business Security - Advanced 9.0:
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4482&lang_loc=1
Worry-Free Business Security - Standard 9.0 :
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4483&lang_loc=1
5.1. Installing/Upgrading to Worry-Free Business Security 9.0
See the Installation and Upgrade Guide for Worry-Free Business Security 9.0 for installation and upgrade instructions.
http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_iug.pdf
5.2. Installing this Service Pack
5.3. Inserting Contact Information (for Resellers and Partners)
Resellers and partners can add their contact information to the Security Server web console by performing the following steps:
{Security Server installation folder}\PCCSRV\Private.
{Security Server installation folder}
is typically C:\Program Files\Trend Micro\Security Server
.contact_info.ini
using a text
editor such as Notepad and then type the relevant contact information.
Save the changes.
Log on to the Security Server web console and navigate to Preferences
> Product License. A Reseller Information section is added to the
Product License screen.
6. Post-installation Configuration
See the post-installation tasks in the Installation and Upgrade Guide if you:
Some product features do not support certain operating systems and associated applications. For details, visit http://docs.trendmicro.com/en-us/smb/worry-free-business-security/agent_features/.
The following are the known issues in this release:
7.1. Security Agent Deployment, Upgrade, and Usage
Note: For details about installation limitations on certain operating systems, see the Help topic:
http://docs.trendmicro.com/en-us/smb/worry-free-business-security/install_meth/
Worry-Free Business Security supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.
In a Terminal Services environment, administrators can decide whether to show or hide the Security Agent icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.
If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:
a. On the Security Agent host, open the registry.
b. Create/modify the following REG name/value pair:
Key:
For 32-bit: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc
.
For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc
.
Name: RCS
Type: DWORD
Value: 202 (in decimal format)
There will be no PccNTMon
instances created when its value is set to 202.
The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:
HTTP: 8059 and 8082
SSL: 4343 and 4345
Setup.exe
or TrustedInstaller.exe
may use up to 50% of CPU resources.Trend Micro recommends setting Internet Explorer to Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.
By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.
7.4. Behavior Monitoring/Device Control
Behavior Monitoring and Device Control fully support 32-bit operating systems. On 64-bit operating systems, only Microsoft Vista? x64 Service Pack 1 and later are supported.
7.5. Web Reputation/URL Filtering
Browser Exploit Prevention supports Internet Explorer versions 6, 7, 8, 9, 10, and 11.
In an unstable network environment, the Trend Micro Web Reputation server may allow a website to pass without filtering.
When uninstalling the firewall driver, the Client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).
The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.
On VMware clients, the Security Agent firewall may block all incoming packets. To address this issue, add the following key to the client's registry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
Name: EnableBypassRule
Type: REG_DWORD
Value =1
1 means enable, 0 means disable
The Messaging Security Agent only supports typical installations of Exchange Server 2007, 2010, and 2013 that include the Hub Transport, the Mailbox, and the Client Access server roles.
Device Access Control for mobile devices is only supported for Exchange 2010 and 2013.
As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.
The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as the database availability group (DAG). To work around this issue, enable the Mailbox, Client Access, and Hub Transport server roles in all MS Exchange servers.
During Messaging Security Agent installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the Messaging Security Agent if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.
When installing Messaging Security Agent remotely, using the Web console or the Worry-Free Business Security Advanced installer on a computer running Windows Server 2008, SBS 2008, EBS 2008, SBS 2011 Standard, 2008 R2, 2012, or 2012 R2 you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.
Messaging Security Agent cannot be installed on the domain controller server when the operating system is Windows Server 2012 and above. This is a limitation of SQL Server 2008 R2 on Windows Server 2012 and above.
Mobile Security Policies are kept on the Exchange Server after the Messaging Security Agent is uninstalled.
MSA server console does not support Windows 10 Microsoft Edge browser. Use Internet Explorer 7 or later if you encounter any problems when accessing the console using the Edge browser.
For a list of all Trend Micro Security (for Mac) known issues, refer to the readme:
http://docs.trendmicro.com/all/ent/tmsm/v2.1/en-us/tmsm_2.1_readme.htm
A
license to Trend Micro software usually includes the right to product
updates, pattern file updates, and basic technical support for one (1)
year from the date of purchase only. After the first year, you must
renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
Note: This information is subject to change without notice.
Smart, simple, security that fits
As
a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Copyright 2016, Trend Micro Incorporated. All rights reserved.
Trend Micro, Worry-Free, and the Trend Micro t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.
View information about your license agreement with Trend Micro at:
http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide