Issues resolved by hot fixes for OSCE 11.0 SP1 - Trend Micro · PDF fileIssues resolved by hot...
Transcript of Issues resolved by hot fixes for OSCE 11.0 SP1 - Trend Micro · PDF fileIssues resolved by hot...
Issues resolved by hot fixes for OSCE 11.0 SP1
[Hotfix_3700] (TT-347284)
Issue: The OfficeScan agent displays the short detection name on the Virus/Malware Logs.
Solution: This hotfix ensures that the OfficeScan agent the long detection name on the Virus/Malware
Logs.
[Hotfix_3704] (TT-350759)
Issue: When the OfficeScan server receives multiple policies from a Control Manager 6.0 server, it applies
only the first policy.
Solution: This hotfix updates the OfficeScan program to ensure that the OfficeScan server can apply
multiple policies from a Control Manager 6.0 server.
Enhancement: This hotfix enables the OfficeScan server to receive only the policies that have been
updated instead of receiving all the policies each time the Control Manager 6.0 server deploys policies.
This helps reduce the impact on OfficeScan's performance especially when the Control Manager 6.0 server
runs regular policy enforcement.
NOTE: This enhancement requires users to install Control Manager 6.0 Hotfix 3359. Contact the
Trend Micro Support Team to request for the Control Manager hotfix.
[Hotfix_3707] (TT-356474)
Issue: After administrators apply OfficeScan Server 11 Service Pack 1 (SP1), the PATH environment
variable changes to "REG_SZ".
Solution: This hotfix updates the OfficeScan server wherein the PATH environment variable remains as
"REG_EXPAND_SZ" even after applying OfficeScan Server 11 SP1.
Issues resolved by hot fixes for OSCE 11.0 SP1 Patch 1
[Hotfix_4978] (TT-346888)
Enhancement: This hot fix enables OfficeScan Data Loss Prevention (DLP) to increase the limit of the
DLP archive file setting on the web console.
[Hotfix_4980] (TT-344248)
Issue: This issue is caused by Trend Micro Local Web Classification Server file had been copied
successfully, but the return is 9009.
Solution: This hotfix resolves this issue.
[Hotfix_4986] (TT-347975)
Issue: Users encounter some unexpected issues in the OfficeScan client wherein the OfficeScan client
queries the database even though there is no specific entry yet from the OfficeScan client to the database.
Solution: This hotfix updates the OfficeScan server by preventing queries from accessing the database
before the client entry is ready.
[Hotfix_4992] (TT-347260)
Issue: The listDeviceInfo tool cannot display any information about a special USB device if its device
information is not in the usual format.
Solution: This hotfix updates the "listDeviceInfo.exe" tool to enable it to display information about USB
devices when the device information is not in the usual format.
[Hotfix_4993] (TT-347908)
Issue: When using the "Sort Agent" option to group OfficeScan agents based on the Active Directory
structure, an unexpected domain structure is created on the Agent Management screen.
Solution: This hotfix updates the OfficeScan server to display the correct Active Directory domain
structure on the Agent Management screen after sorting agents based on Active Directory.
Procedure: To enable the correct grouping of Office agents based on the Active Directory domain
structure on the Agent Management screen:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥Private" folder on the OfficeScan installation
directory.
c. Under the "INI_AD_INTEGRATION_SECTION" section, add the following key and set its value to
"1":
[INI_AD_INTEGRATION_SECTION]
IndividualDC=1
d. Save the changes and close the file.
e. Restart OfficeScan Server Master Service.
[Hotfix_4995] (TT-348589)
Issue: An arithmetic overflow error occurs and triggers the following Microsoft(TM) Windows(TM)
application even log: "Arithmetic overflow error converting expression to data type int."
Solution: This hotfix updates the OfficeScan server database process (dbserver.exe) to reverse the order of
parameters and prevent the arithmetic overflow event.
[Hotfix_4996] (TT-344332,344333)
Issue: When users run the client packager tool in the CLI to create client installation packages, they have
no way to specify a domain where all freshly-installed clients should belong to.
Solution: This hotfix updates the client packager tool to enable users to specify a domain for
freshly-installed clients ¥ using the "/domain" parameter when creating client installation packages through
the CLI.
[Hotfix_4999] (TT-349302)
Issue: Sometimes, an issue related to JSON data prevents the OfficeScan web console from displaying the
contents of the DLP setting page. When this happens, users cannot deploy the DLP settings to clients.
Solution: This hotfix modifies a FlushJson function to resolve the issue and help ensure that the DLP
setting page displays completely and users can deploy the DLP settings to clients.
[Hotfix_5002] (TT-343440)
Issue: The following services provide robust protection but their monitoring mechanisms can strain
system resources, especially on Windows server platforms:
- Unauthorized Change Prevention Service
- Suspicious Connection Service
- Advanced Protection Service
For this reason, these services are disabled by default on Windows Server 2003, 2008, and 2012.
Solution: This hotfix allows users to enable the services above by default on a freshly installed
OfficeScan agent on the Windows Server platform.
Procedure: To enable the services above in freshly installed OfficeScan agents on the Windows Server
platform:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥ Private" folder of the OfficeScan server.
c. Under the "INI_SERVER_SECTION", manually add the following keys and set each value
to "1".
[INI_SERVER_SECTION]
CheckAegisOnServer=1
CheckNCIEOnServer=1
CheckCCSFOnServer=1
d. Save the changes and close the file.
e. Open the "ofcscan.ini" file in the "¥PCCSRV" folder of the OfficeScan server.
f. Under the "ServiceSwitch" section, find the following keys and set each value to "1".
[ServiceSwitch]
EnableAEGISOnServer=1
EnableNCIEOnServer=1
EnableCCSFOnServer=1
g. Save the changes and close the file.
[Hotfix_5007.1] (TT-348204)
Enhancement: This hotfix provides a way for users to configure Trend Micro Data Loss Prevention(TM)
(DLP) Endpoint SDK 6.0 to load the converter dynamic library instead of using "dtoop.exe".
Procedure: To configure the "converter_call_method" setting for DLP and to deploy the setting to
OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "dlp.ini" file in the "¥PCCSRV¥Private¥" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "converter_call_method" key and set its
value to "funccall".
[Configure]
converter_call_method = funccall
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains
or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the setting to OfficeScan agents and adds the following key in the "dsa.pro"
file in the "¥Windows¥System32¥ dgagent¥" folder: converter_call_method=funccall
g. Restart all OfficeScan agents.
[Hotfix_5008] (TT-347028,344018)
Issue 1: OfficeScan Data Loss Prevention (DLP) is unable to to block the CD/DVD burning function of
explorer.exe in "USB flash drive" mode.
Solution 1: The hot fix resolves the DLP blocking issue.
Issue 2: Data Loss Prevention only generates a maximum of 200 violation logs even if users burn more
than 200 files (with violations) using the CD/DVD player function of explorer.exe.
Solution 2: The hot fix resolves the issue by enlarging the queue size to 100,000.
[Hotfix_5009] (TT-347873,345955)
This hotfix resolves the following issues:
Issue 1: Access Document Control (ADC) cannot detect files that run from the network drive.
Solution 1: This hotfix ensures that the ADC detection can successfully work on the network drive.
Issue 2: Duplicate DLP violation logs are uploaded to the OfficeScan server at five minute intervals when
the DLP Violation Log database file is corrupted.
Solution 2: This hotfix updates the OfficeScan agent program to ensure that it uploads DLP violation logs
to the OfficeScan server normally.
Procedure: To prevent the OfficeScan agent from sending duplicate DLP violation logs upload to the
OfficeScan server:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "ReindexDLPViolationLog" key and set its
value to "1".
[Global Setting]
ReindexDLPViolationLog=1
Note: To disable the feature, set "ReindexDLPViolationLog=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥Wow6432Node¥
TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥
Misc.
Key: ReindexDLPViolationLog
Type: dword
Value: 1
[Hotfix_5014] (TT-349806)
Issue: When the OfficeScan server receives multiple policies from a Control Manager 6.0 server, it applies
only the first policy.
Solution: This hotfix updates the OfficeScan program to ensure that the OfficeScan server can apply
multiple policies from a Control Manager 6.0 server.
[Hotfix_5015] (TT-340977)
Issue: The OfficeScan client computer may stop responding during a RealTime Scan when both the
Ravage Scan feature and the Browser Exploit Prevention feature are enabled.
Solution: This hotfix updates the OfficeScan agent program to ensure that it can run RealTime Scans
normally when both the Ravage Scan feature and the Browser Exploit Prevention feature are enabled.
[Hotfix_5016] (TT-347072)
Issue: Guest users that do not have the required permissions may be able to change certain OfficeScan 11.0
Service Pack 1web console settings.
Solution: This hotfix adds RBA rules in "TrendAuthDef.xml" and enables the CGI console common to get
more information from the XML file. This helps ensure that users that do not have the required
permissions cannot make changes to the OfficeScan 11.0 Service Pack web console.
[Hotfix_5018] (TT-349429)
Issue: An OfficeScan server without an Integrated Smart Protection Server (ISPS) installed can have a
standalone Smart Protection Server (SPS) as the Smart Scan source. However, the "Standard Smart
Protection Server List" page of the web console indicates that the Smart Scan source is ISPS when
OfficeScan is using an SPS. The issue occurs after users install Critical Patch 4150 on the OfficeScan
server.
Solution: This hotfix ensures that the correct Smart Scan source appears on the "Standard Smart Protection
Server List" page.
[Hotfix_5020] (TT-351541,352232,345081),
Issue 1: When users right-click the OfficeScan agent icon on the system tray and select "Advanced
Schedule Scan Setting" to access the "Scheduled Scan Postpone" dialog box, they can only set the
postpone hour time interval up to "11" hours even when the field should support up to "12" hours.
Solution 1: This hotfix updates the OfficeScan agent program to allow users to set the Scheduled Scan
Postpone hour time interval to "12" hours.
Issue 2: The TMEBC driver does not start during the system boot process because the TMEBC driver file
(TMEBC32.SYS on 32-bit platforms or TMEBC64.SYS on 64-bit platforms) is not in the
C:¥Windows¥system32¥DRIVERS directory while the corresponding registry entry still exists on the
Services screen.
Solution 2: This hotfix resolves this issue by installing the TMEBC driver on OfficeScan agents if the
TMEBC driver is not installed or if the TMEBC driver file is missing.
[JP_Hotfix_5020.1] (TT-352232)
Issue: The TMEBC driver does not start during the system boot process because the TMEBC driver file
(TMEBC32.SYS on 32-bit platforms or TMEBC64.SYS on 64-bit platforms) is not in the
C:¥Windows¥system32¥DRIVERS directory while the corresponding registry entry still exists on the
Services screen.
Solution: This hotfix resolves this issue by installing the TMEBC driver on OfficeScan agents if the
TMEBC driver is not installed or if the TMEBC driver file is missing.
[Hotfix_5024] (TT-351708)
Issue: Users encounter an error while decoding virus files using the VSEncode tool.
Solution: This hotfix updates the OfficeScan server program files to ensure that VSEncode can decode
virus files without issues.
[Hotfix_5028] (TT-352231)
Issue: When users install an OfficeScan agent on a computer running on the 32-bit version of
Microsoft(TM) Windows(TM) 10 Anniversary Update 1607.14393 using a setup package created by the
Agent Packager tool, the OfficeScan agent will still be installed on the default installation path even when
a new path has been specified.
Solution: This hotfix resolves the issue by updating the OfficeScan server program to ensure that setup
packages created by the Agent Packager tool installs OfficeScan agents on the specified installation paths.
[Hotfix_5029] (TT-350647)
Issue: Users encounter a high CPU usage issues when OfficeScan browser plugins are enabled on the
version 11 of the Internet Explorer web browser.
Solution: This hotfix updates the BEP module to prevent the high CPU usage issue.
[Hotfix_5030] (TT-352763)
Issue: When users export the Scan Exclusion Lists for the following scan types from the "Agent
Management" screen of the OfficeScan web console, the generated CSV file will not contain any domain
setting information for OfficeScan agents:
- Manual scans
- Real-time scans
- Scheduled scans
- Scan Now
Solution: This hotfix updates the OfficeScan server files to ensurethat when users export Scan Exclusion
Lists, the domain setting information for each OfficeScan agent appear on the exported CSV files.
[ES_Hotfix_5031] (TT-353148)
Issue: Users encounter a high CPU usage issues when OfficeScan browser plugins are enabled on the
version 11 of the Internet Explorer web browser.
Solution: This hotfix updates the BEP module to prevent the high CPU usage issue.
[Hotfix_5032] (TT-353446)
Issue: The "Resume an interrupted Scheduled Scan" option in the Scheduled Scan Settings does not work
if a scheduled scan was interrupted because the endpoint was switched off.
Solution: This hotfix updates the OfficeScan agent program to ensure that the "Resume an interrupted
Scheduled Scan" feature works properly.
[Hotfix_5035] (TT-354095)
Issue: The firewall detail page of agent console is not refreshed when the security level is changed.
Solution: This hotfix updates the OfficeScan agent program to ensure that the firewall detail page of agent
console is refreshed when the security level is changed.
[Hotfix_5037] (TT-354956)
Issue: The "Real-time Scan Health Check" feature in OfficeScan agent regularly sends its status to the
server even when this feature is disabled. This adds to the network traffic.
Solution: This hotfix updates the OfficeScan agent program to ensure that it does not send "Real-time Scan
Health Check" network packets to the server when the feature is disabled.
[Hotfix_5038] (TT-354896)
Issue 1: The OfficeScan NT Listener service stops responding while managing the Suspicious Connection
Service NCIE function on OfficeScan agents.
Solution 1: This hotfix updates the OfficeScan agent program to improve the way the TmListen service
manages the NCIE function.
Issue 2: A memory allocation issue related to the "OfcNotifyQueue.dll" file can lead to memory leaks
which may trigger "OfcServer.exe" to stop unexpectedly.
Solution 2: This hotfix resolves the memory allocation issue to prevent memory leaks.
[Hotfix_5040] (TT-355334)
Enhancement: This hotfix provides a way for users to enable or disable the Osprey async mode.
Procedure: To enable or disable the Osprey async mode:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the "OspreyAsyncServerLookup" key and
assign the
preferred value.
[Global Setting]
OspreyAsyncServerLookup=0, disables Osprey async mode =1, enables Osprey async mode
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro
¥Osprey¥Scan¥Common¥HttpManager¥config
Key:AsyncServerLookup
Type: dword
Value: 0, 1
g. Restart OfficeScan agents.
[Hotfix_5042] (TT-345393)
Issue: The Avaya Scopia log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution: This hotfix enables users to disable the self-protection feature of the AEGIS module for
Avaya Scopia to prevent the incompatibility issue and ensure that Avaya Scopia can run normally on
protected computers.
Procedure: To disable the self-protection feature of the AEGIS module in affected computers:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
SkipDuplicateSameAccess=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
PATH: HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥Services¥tmactmon¥Parameters
KEY:SkipDuplicateSameAccess
TYPE: dword
VALUE: 1, disables the self-protection feature 0, enables the self-protection feature
[Hotfix_5043] (TT-356053)
Issue: The Avaya Scopia log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution: This hotfix enables users to disable the self-protection feature of the AEGIS module for
Avaya Scopia to prevent the incompatibility issue and ensure that Avaya Scopia can run normally on
protected computers.
Procedure: To disable the self-protection feature of the AEGIS module in affected computers:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
SkipDuplicateSameAccess=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
PATH: HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥Services¥tmactmon¥Parameters
KEY:SkipDuplicateSameAccess
TYPE: dword
VALUE: 1, disables the self-protection feature 0, enables the self-protection feature
[Hotfix_5046] (TT-354095)
Issue: The firewall detail page of agent console is not refreshed when the security level is changed.
Solution: This hotfix updates the OfficeScan agent program to ensure that the firewall detail page of agent
console is refreshed when the security level is changed.
[Hotfix_5053] (TT-356053)
This hotfix resolves the following issues:
Issue 1: The firewall details page of the OfficeScan client console does not refresh automatically after the
security level setting changes.
Issue 2: The Avaya Scopia log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution 1: This hotfix updates the OfficeScan agent program to ensure that the firewall details page of the
OfficeScan client console refreshes automatically when the security level setting changes.
Solution 2: This hotfix enables users to disable the self-protection feature of the AEGIS module for Avaya
Scopia to prevent the incompatibility issue and ensure that Avaya Scopia can run normally on protected
computers.
[Hotfix_5057] (TT-354124)
Issue: Automatic agent grouping uses rules defined by Microsoft(TM) Windows(TM) Active Directory
(AD) domains. Sometimes, after the OfficeScan server synchronizes AD information from the Windows
server, the status of enabled grouping rules shows a "Warning" sign.
Solution: This hotfix updates the OfficeScan programs to ensure that the enabled grouping rules will not
be affected by the synchronized AD information.
[CP_5060] (TT-357850)
Issue: OfficeScan leaks encrypted account passwords during web console operations. Unauthorized users
could use the leaked encrypted password to log on to the OfficeScan server console.
Solution: This critical patch ensures that OfficeScan does not leak encrypted passwords.
[JP_Hotfix_5061] (TT-354095)
Issue: The firewall detail page of agent console is not refreshed when the security level is changed.
Solution: This hotfix updates the OfficeScan agent program to ensure that the firewall detail page of agent
console is refreshed when the security level is changed.
[JP_Hotfix_5062] (TT-358075)
Issue: Guest users that do not have the required permissions may be able to change certain OfficeScan 11.0
Service Pack 1 web console settings.
Solution: This hotfix adds RBA rules in "TrendAuthDef.xml" and enables the CGI console common to get
more information from the XML file. This helps ensure that users that do not have the required
permissions cannot make changes to the OfficeScan 11.0 Service Pack web console.
[Hotfix_5066] (TT-357507)
Issue: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution: This hotfix enables OfficeScan to extend the cache time to 12 hours.
[Hotfix_5067] (TT-358603)
Enhancement: This hotfix improves the checking mechanism of the OfficeScan agent program to protect
the Smart Scan Agent Pattern and Virus Pattern files in endpoints from corruption.
[Hotfix_5068] (TT-359232)
Issue: The detected Virus/Malware information that appears in the OfficeScan web console does not match
the information in the Trend Micro Control Manager(TM) console.
Solution: This hotfix ensures that the OfficeScan server sends the correct Virus/Malware information to
Control Manager so that the information in the OfficeScan web console matches the information in the
Control Manager console.
Procedure: To configure OfficeScan to send the accurate information to Control Manager:
a. Install this hotfix (see "Installation").
b. Open the "Product.ini" file in the
"¥PCCSRV¥CmAgent" folder on the OfficeScan server installation directory using a text editor.
c. Under the "Configure" section, manually add the following key and set its value to "1".
[Configure]
EnableSFCacheTimeout=1
d. Save the changes and close the file.
e. Restart the OfficeScan Control Manager Agent.
[Hotfix_5069] (TT-355701)
Issue: An initialized issue related to the OfficeScan Control Manager Agent service ("OfcCMAgent.exe")
may cause the OfcCMAgent.exe to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
[Hotfix_5070] (TT-359313)
Issue: The Ransomware Protection function does not reference the prevalence value and simply terminates
the processes (even if these processes meet the expected prevalence value).
Solution: This hotfix ensures that OfficeScan agents check the process chain for Ransomware
identification in this situation. The OfficeScan agents will query the census server for all parent processes
and determine whether or not to terminate the process.
[Hotfix_5071] (TT-357054)
Issue: When there are hotfix updates, the OfficeScan server checks all client components and prompts all
clients with old hotfix versions to apply the updates including those where the No Program Upgrade option
is enabled. This triggers a large number of unnecessary client notifications.
Solution: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the No
Program Upgrade option is enabled in the client.
[Hotfix_5074] (TT-358532)
Issue: When an unreachable OfficeScan agent reports its onstart status to the OfficeScan server, the server
does not automatically set the updateflag for the agent. As a result, the agent will not receive updates until
after a file change event on the OfficeScan server.
Solution: This hotfix enables the OfficeScan server to set the updateflag of unreachable OfficeScan agents
automatically once it receive the onstart status of the agents.
[Hotfix_5077] (SEG-3129)
Issue: Sometimes, the value of the "SourceUUID" setting in the "Ofcserver.ini" file is overwritten which
prevents OfficeScan from updating the suspicious object list.
Solution: This hotfix ensures that the "SourceUUID" setting is not overwritten unexpectedly.
[JP_Hotfix_5078] (SEG-2143)
Issue: Exported CSV files that contain agent information do not differentiate between Windows platforms
from Windows Embedded platforms.
Solution: This hotfix ensures that exported CSV files specifies if an agent runs on a Windows platform or
a Windows Embedded platform.
[Hotfix_5080] (SEG-2745)
Issue: The Vulnerability Scanner may attempt to access an invalid file path which triggers blue screen of
death (BSOD) on computers running Microsoft Windows Vista(TM) or any version released after it, for
example, Windows Server 2008 and later versions.
Solution: This hotfix updates the Vulnerability Scanner to prevent it from attempting to access invalid file
paths.
[Hotfix_5082] (TT-358977)
Enhancement: This hotfix provides an option to enable OfficeScan agents to check the connection to the
Smart Protection Network regularly and to update the status icons on the web console accordingly.
Procedure: To enable the feature on the OfficeScan server and to automatically deploy the setting to all
OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Add the following key under the "Global Setting" section and set its value to "1".
[Global Setting]
ChkGlobalWCS=1
Note: To disable the connection checking, set
"ChkGlobalWCS=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the"Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan agent program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥
PC-cillinNTCorp¥CurrentVersion¥iURL Scan.
Key: ChkGlobalWCS
Type: REG_DWORD
Value: 1
[Hotfix_5085] (SEG5616)
Issue: The Publisher used to export registry keys is named differently in some OfficeScan agents.
Solution: This hotfix ensures that all OfficeScan agents use the same Publisher name.
[Hotfix_5087] (SEG-10203)
Issue: The OfficeScan Behavior Monitoring feature may generate a large number of "TMBMSrvFull.dmp"
dump files on OfficeScan clients.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
[Hotfix_5088] (SEG-10012)
Issue: Crash was happened when Unauthorized Change Prevention engine doing policy matching, it cause
a lot of TMBMSrvFull.dmp files on Behavior Monitor folder.
Solution: Fix the issue inside pattern and refine engine flow.
Issues resolved by hot fixes for OSCE 11.0 SP1 (UMH)
[Hotfix_6077] (TT-347401)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 51.0.2704.84m with QUIC
enabled.
[Hotfix_6082] (TT-347481)
Issue: A handle leak issue that may occur while the OfficeScan server handles the "ofcserver.ini" file may
corrupt the file.
Solution: This hotfix resolves the issue by ensuring that the OfficeScan server handles the INI properly.
[Hotfix_6084] (TT-347525)
Issue: Users are unable to subscribe to the Control Manager server to get the suspicious object list. They
receive a "-1" return error.
Solution: This hot fix resolves the subscription issue by installing and enabling Local Web Classification
Server (LWCS), instead of LWCS being enabled only.
[Hotfix_6084.1] (TT-347733)
Issue: The User Mode Hooking (UMH) driver causes an unexpected error.
Solution: This hot fix updates the UMH driver to resolve the issue.
[Hotfix_6084.2] (TT-348437,343850)
Issue 1: OfficeScan continues to scan network drives even if the "Scan network drive" setting is disabled
in Real-time Scan.
Solution 1: This hotfix ensures that OfficeScan correctly implements the "Scan network drive" setting
when performing Real-time Scan.
Issue 2: The OfficeScan agent displays the short detection name on the Virus/Malware Logs.
Solution 2: This hotfix ensures that the OfficeScan agent displays the long detection name on the
Virus/Malware Logs.
[Hotfix_6085] (TT-347807,349431)
Issue: Data Loss Prevention Endpoint causes a Blue Screen ofDeath (BSoD) on Microsoft(TM)
Windows(TM) 10 Redstone.
Solution: This hot fix resolves the BSoD issue on Windows 10 Redstone.
[Hotfix_6085.1] (TT-347931,350401)
Issue: Users are unable to save the settings in the "Device Control Settings" page of the OfficeScan web
console. This situation occurs if they edit the page by selecting theroot domain icon in the "Agent
Management" page of the OfficeScan web console.
Solution: This hot fix updates the OfficeScan server program to resolve this issue.
[Hotfix_6088] (TT-348887)
Issue: When using the Microsoft(TM) Windows domain user account to migrate an OfficeScan database
from codebase to an SQL database, a "conhost.exe" application error might occur while updating the SQL
schema.
Solution: This hotfix uses another method when handling the SQL schema update instead of using the
Windows application program interface (API), which resolves this issue.
Enhancement: This hotfix enhances the OfficeScan folder write permission check before doing the SQL
migration. End users should grant Windows domain users full control permissions to the OfficeScan server
folder and include inheritable permissions from the parent of this object by local administrator or Active
Directory (AD) build-in administrator.
[Hotfix_6091] (TT-348682)
Issue: The OfficeScan Update Agent does not deploy the Suspicious Connection Settings to OfficeScan
clients.
Solution: This hotfix ensures that the OfficeScan Update Agent deploys the Suspicious Connection
Settings to OfficeScan clients.
[Hotfix_6093] (TT-348911)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 51.0.2704.106m with
QUIC enabled.
[Hotfix_6094] (TT-347090)
Issue: Users encounter an issue wherein they are unable to open Microsoft(TM) Office 2007 documents
from Microsoft SharePoint 2010 after installing Critical Patch (CP) 6054.
Solution: This hotfix improves on the DRE module of OfficeScan. Since DRE module does not back up
the remote drive file, AEGIS (Behavior Monitoring) should skip sending remote drive file events to the
DRE module.
[Hotfix_6098] (TT-348679)
Issue: Users cannot assign OfficeScan agents to a multilayered domain that has been pre-defined in the
agent computer before agent installation.
Solution: This hot fix updates the OfficeScan server and agent files to allow users to assign agents to
pre-defined multilayer domains.
Procedure: To assign an agent to a multilayered domain that has been pre-defined in the agent computer
before agent installation:
a. Install this hot fix (see "Installation").
b. Open Windows Registry Editor on agent machine.
c. Add following registry information using the information of the preferred domain:
For 32-bit OfficeScan agents:
[HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorpOnce¥CurrentVersio
n]
"Domain"="domain_name"
"Server"="server_name"
"ServerPort"=dword:xxxxxxxx
[HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorpOnce¥CurrentVersio
n¥Internet
Settings]
"ServerPort"=dword:xxxxxxxx
"Server"="server_name"
"UseProxy"=dword:00000000
For 64-bit OfficeScan agents:
[HKEY_LOCAL_MACHINE¥SOFTWARE¥Wow6432Node¥TrendMicro¥PC-cillinNTCorpOn
ce¥CurrentVersion]
"Domain"="domain_name"
"Server"="server_name"
"ServerPort"=dword:xxxxxxxx
[HKEY_LOCAL_MACHINE¥SOFTWARE¥Wow6432Node¥TrendMicro¥PC-cillinNTCorpOn
ce¥CurrentVersion¥Internet Settings]
"ServerPort"=dword:xxxxxxxx
"Server"="server_name"
"UseProxy"=dword:00000000
d. Install the OfficeScan agent.
[Hotfix_6101] (TT-349224)
Issue: The OfficeScan exclusion list does not work on mount points; drives that are mapped as folders to
an existing file system.
Solution: This hotfix ensures that OfficeScan clients receive the complete list of approved devices to
ensure that the exclusion list works normally.
[DE_Hotfix_6103] (TT-348995)
Issue: The "Global Agent Settings" page of the OfficeScan 11.0 Service Pack 1 German version console
contains mistranslated information.
Solution: This hotfix ensures that all the information on the page are translated correctly.
[Hotfix_6105] (TT-348521)
Enhancement: This hotfix enables users to add the "Offline Time" column to the Agent Management
tree and to add the same information to CSV files exported through the "Agent Management" page of the
OfficeScan web console. This column displays the time and date information of the last instance when the
OfficeScan agent cannot connect to the OfficeScan server.
Note: After applying this hot fix, the order of columns in the Agent Management tree will be reset to the
default order.
Procedure: To add the "Offline Time" column to the Agent Management tree:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥private¥" folder on the OfficeScan server.
c. Add the "ShowNotConnectedTime" key under the
"SERVER_CONSOLE_SECTION" section and set its value to "1".
[SERVER_CONSOLE_SECTION]
ShowNotConnectedTime=1
Note: To hide the "Offline Time" column in the Agent Management tree, set
"ShowNotConnectedTime=0".
d. Reload or reopen the web browser.
[Hotfix_6106] (TT-350909)
Issue: The scan action information that appears in the Control Manager console does not match the
information in OfficeScan logs.
Solution: This hotfix ensures that the OfficeScan server sends the correct scan action results to Control
Manager so that the information in the Control Manager console matches the information on OfficeScan
logs.
[Hotfix_6109] (TT-349291,349315)
Enhancement: This hotfix upgrades the Web Blocking Service module to support IP lookup when there
are no results for URL lookup.
[Hotfix_6110] (TT-347260)
Issue: The listDeviceInfo tool cannot display any information about a special USB device if its device
information is not in the usual format.
Solution: This hotfix updates the "listDeviceInfo.exe" tool to enable it to display information about USB
devices when the device information is not in the usual format.
[Hotfix_6111] (TT-343705)
Issue: A memory allocation issue related to the "OfcNotifyQueue.dll" file can lead to memory leaks which
may trigger "OfcServer.exe" to stop unexpectedly.
Solution: This hotfix resolves the memory allocation issue to prevent memory leaks.
[Hotfix_6112] (TT-349873)
Issue 1: When the Behavior Monitoring service stops unexpectedly, it automatically notifies all its plug-ins
to stop. However, an issue may prevent it from notifying the User Mode Event Hooking plug-in which
results in a high CPU usage issue.
Solution 1: This hotfix ensures that OfficeScan notifies the User Mode Event Hooking plug-in to stop
sending events while the Behavior Monitoring service detects an unhandled exception and to de-initialize
itself. This helps prevent the high CPU issue when the Behavior Monitoring service stops unexpectedly.
Issue 2: Some privilege issues occur when DRE attempts to access a file on a UNC path that breaks the
existing UNC path connection.
Solution 2: This hotfix ensures that the OfficeScan DRE feature works normally on UNC paths.
[Hotfix_6114] (TT-349491)
Issue: An issue prevents users from accessing the "DLP Settings" and "Device control Settings" pages of
the OfficeScan server console.
Solution: This hotfix updates the server program to ensure that users can access the pages normally.
[Hotfix_6118] (TT-346362,343900)
Issue 1: When users attempt to print documents through a Microsoft(TM) Windows(TM) 32-bit
application in an x64 platform, the corresponding Trend Micro Data Loss Prevention(TM) (DLP) violation
log refers to a CD/DVD channel.
Solution 1: This hotfix ensures that the corresponding DLP violation logs refers to the correct channel.
Issue 2: Users can run an application under USB storage devices that they only have READ permission to
access.
Solution 2: This hotfix ensures that only users with the correct application permission can run applications
under USB storage devices.
[Hotfix_6120] (TT-349937)
Issue 1: The OfficeScan server sends configuration change notifications to OfficeScan agents twice.
Solution 1: This hotfix ensures that the OfficeScan server sends only one notification for each set of
configuration changes to OfficeScan agents.
Issue 2: When using the "Sort Agent" option to group OfficeScan agents based on the Active Directory
structure, an unexpected domain structure is created on the Agent Management screen.
Solution 2: This hotfix updates the OfficeScan server to display the correct Active Directory domain
structure on the Agent Management screen after sorting agents based on Active Directory.
Procedure: To enable the correct grouping of Office agents based on the Active Directory domain
structure on the Agent Management screen:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥Private" folder on the OfficeScan installation
directory.
c. Under the "INI_AD_INTEGRATION_SECTION" section, add the following key and set its
value to "1":
[INI_AD_INTEGRATION_SECTION]
IndividualDC=1
d. Save the changes and close the file.
e. Restart OfficeScan Server Master Service.
[Hotfix_6121] (TT-345044)
Issue: If an OfficeScan agent encounters a connection issue while it is being moved from one OfficeScan
server to another, the OfficeScan agent does not unregister from the original server.
Solution: This hotfix ensures that the OfficeScan agent properly unregisters from its original OfficeScan
server if a connection issue occurs.
Procedure:
a. Install this hotfix (see "Installation").
b. Open the " ofcserver.ini" file in the "¥PCCSRV ¥Private" folder of the OfficeScan installation
directory.
c. Add the following section and key.
[MOVE_CLIENT_SECTION]
EnableDeleteAfterMove= 1
d. Save the changes and close the file.
e. Restart the OfficeScan Master Service.
[Hotfix_6122] (TT-350061)
Issue: The OfficeScan 11.0 Service Pack 1 Behavior Monitoring feature blocks a valid program.
Solution: This hotfix updates the OfficeScan Behavior Monitoring Local Pattern to ensure that it blocks
the correct programs.
[Hotfix_6126] (TT-350139)
Issue: When the OfficeScan agent scans for virus and malware in a compressed file, the corresponding
Scan Operation Logs display inaccurate total number of detected virus and malware.
Solution: This hotfix updates the OfficeScan agent files to ensure that the Scan Operation Logs display the
correct total number of virus and malware detected from compressed files.
[Hotfix_6126.1] (TT-349445)
Issue: When users attempt to register OfficeScan to a Trend Micro Control Manager(TM) server that
communicates using Transport Layer Security (TLS) 1.2, the registration fails and users encounter an error
on the Control Manager console.
Solution: This hot fix enables OfficeScan to support TLS 1.2. This ensures that it can register to a Control
Manager server using this protocol.
[Hotfix_6127] (TT-350116)
Issue: On the Agent Management web page of OfficeScan server console, the Advanced Search task may
take more than one (1) minute before timing out without displaying the search results.
Solution: This hotfix extends the timeout value to ten (10) minutes, which allows the OfficeScan server to
display the results of the Advanced Search results successfully.
[Hotfix_6128] (TT-347348)
Enhancement: This hotfix contains new versions of the "Trend Micro NSC Firefox Extension" and
"Trend Micro Osprey Firefox Extension". These versions comply with the new security guidelines.
[Hotfix_6129] (TT-347282,349815,350397)
Enhancement 1: This hotfix enables users to configure the OfficeScan server to check if the UID of an
agent exists in the database by generating a compliance report and to notify the client machine to register
again if it has no record of the agent's UID.
Procedure: To enable and configure this enhancement:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "ProtectionReportFrequency" and
"AutoOnStart" keys and set the preferred value for each.
[Global Setting]
ProtectionReportFrequency=(the frequency in minutes at which the server should check if a
client's UID is in the database through a compliance report, the minimum value is 2 minutes)
AutoOnStart=1, enables the OfficeScan server to trigger an onstart command to agents to register
back to the server if it cannot find the agent's UID in the database=0, disables the command
trigger
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path:HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion
¥Misc.
Key:ProtectionReportFrequency
Type:REG_DWORD
Value: 2
Key:AutoOnStart
Type:REG_DWORD
Value: 1
Enhancement 2: This hotfix adds a way to configure OfficeScan clients to skip digital signature checking
of OfficeScan client program files while downloading hotfix files and reloading the scan engine.
Procedure: To prevent OfficeScan clients from checking the digital signature of program files while
downloading hotfix files and reloading the scan engine:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
DOVF=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Mis
c.
Key:DOVF
Value: 1
[Hotfix_6130] (TT-350849)
Issue: The OfficeScan 11.0 Service Pack 1 Behavior Monitoring feature blocks a valid program.
Solution: This hotfix updates the OfficeScan Behavior Monitoring Local Pattern to ensure that it blocks
the correct programs.
[Hotfix_6131] (TT-351400)
Issue: The OfficeScan 11.0 Service Pack 1 server program and the OfficeScan agent Smart Scan common
module uses an OpenSSL version that is affected by certain vulnerabilities.
Solution: This hotfix resolves this issue by updating the OpenSSL component of the server module and
Smart Scan common module.
[Hotfix_6133] (TT-349682)
Issue: When the OfficeScan server manages database queries, sometimes the query process creates a large
number of Que*.tmp files in the "HTTPDB" folder and these files are not removed promptly after the
query process completes.
Solution: This hotfix updates the OfficeScan server files to enhance the error management mechanism for
database query processing to limit the number of Que*.tmp files and ensure that these files are deleted
promptly after a query has been processed completely.
[Hotfix_6135] (TT-349382,349804,351716)/ [JP_Hotfix_6135.1] (TT-351716)
Issue: BSOD occurs when the firewall rule has too many filters.
Solution: This hotfix updates the Network Security Components to prevent the BSOD issue.
Note: OfficeScan client computers should be restarted immediately after installing this hotfix to be able to
use the newly-deployed NSC modules.
[Hotfix_6138] (TT-351092)
Issue: When users assess for unmanaged endpoints, the results for computers that appear "Online" on the
product tree is "Unresolved Active Directory Assessment". This occurs because the AD_GUID vectors
queried from the Active Directory (AD) domain server are uppercase or lowercase variants of vectors
queried from the database.
Solution: This hotfix makes the comparison mechanism case- insensitive to ensure that users can
accurately assess endpoints.
[Hotfix_6140] (TT-351523)
Issue: Several duplicate entries appear in the Behavior Monitoring Exclusion List.
Solution: This hotfix disables the "Save" button on the page immediately after users click on it.
[Hotfix_6140.1] (TT-349969)
Issue: After an OfficeScan agent is remotely installed on a computer, the OfficeScan server maps a new
network driver for the installation. Sometimes, these network drivers are not removed and remain on the
server.
Solution: This hotfix updates the agent remote installation process to ensure that it removes the mapped
network drivers automatically after agent installation.
[Hotfix_6141] (TT-348733,348919)
(348733 EN_Hotfix_6141)
Issue 1: An issue prevents the DLP module from blocking attachments that contain sensitive information
in
Outlook Web App 2003 and 2010.
Solution 1: This hotfix ensures that the DLP module can block attachments with sensitive information in
Outlook Web App 2003 and 2010.
(348919 EN_Hotfix_6141)
Issue 2: An issue related to the scanning of traffic to and from SCOM results in a high disk space usage
issue in the "dgtmpmon" folder.
Solution 2: This hotfix prevents the high disk space usage issue.
[Hotfix_6147] (TT-352003)
Issue: When users run the Agent Packager tool in the CLI to create setup or update packages for the
OfficeScan agent, there is no way to specify a domain where all freshly- installed clients should belong to.
Solution: This hotfix updates the Agent Packager tool to enable users to specify a domain for
freshly-installed agents using the "/domain" parameter when creating setup or update packages for the
OfficeScan agent through the CLI.
[Hotfix_6148] (TT-351433)
Issue: OfficeScan security compliance reports indicate that the WRS is non-compliant because OfficeScan
treats the database service switch flag as the WRS flag.
Solution: This hotfix updates the server program to ensure that it reads the WRS flag from the
"ofcscan.ini" file.
[Hotfix_6149] (TT-352606)
Issue: The ransomware count on the Ransomware Widget does not include all ransomware file detections
because the new ransomware detection log label starts with "Ransom.".
Solution: This hotfix enables the Ransomware Widget to include ransomware detection logs that start with
"Ransom." in the ransomware count.
[Hotfix_6151] (TT-352084)
Issue: The following services provide robust protection but their monitoring mechanisms can strain system
resources, especially on Windows server platforms:
- Unauthorized Change Prevention Service
- Suspicious Connection Service
- Advanced Protection Service
For this reason, these services are disabled by defaulton Windows Server 2003, 2008, and 2012.
Solution: This hotfix allows users to enable the services above by default on a freshly installed OfficeScan
agent on the Windows Server platform.
Procedure: To enable the services above in freshly installed OfficeScan agents on the Windows Server
platform:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥
Private" folder of the OfficeScan server.
c. Under the "INI_SERVER_SECTION", manually add the
following keys and set each value to "1".
[INI_SERVER_SECTION]
CheckAegisOnServer=1
CheckNCIEOnServer=1
CheckCCSFOnServer=1
d. Save the changes and close the file.
e. Open the "ofcscan.ini" file in the "¥PCCSRV" folder of the OfficeScan server.
f. Under the "ServiceSwitch" section, find the following keys and set each value to "1".
[ServiceSwitch]
EnableAEGISOnServer=1
EnableNCIEOnServer=1
EnableCCSFOnServer=1
g. Save the changes and close the file.
[Hotfix_6152] (TT-350056)
Issue: The DLP module of the OfficeScan agent program may not be able to upgrade successfully if its
registry entry is corrupted.
Solution: This hotfix updates the OfficeScan agent program to ensure that the DLP module can update
successfully.
[JP_Hotfix_6155] (TT-352702)
Issue: A handle leak issue that may occur while the OfficeScan server handles the "ofcserver.ini" file may
corrupt the file.
Solution: This hotfix resolves the issue by ensuring that the OfficeScan server handles the INI properly.
[Hotfix_6157] (TT-351733)
Issue: An incompatibility issue between the OfficeScan Advanced Protection Service and the OfficeScan
Unauthorized Change Prevention Service may cause the OfficeScan Common Client Solution Framework
(TMCCSF.exe) service to stop unexpectedly.
Solution: This hotfix resolves the issue by updating the OfficeScan Common Client Solution Framework
module in OfficeScan 11.0 Service Pack 1.
[Hotfix_6158] (TT-352281)
Issue: The TmCCSF.exe process may trigger a high CPU usage issue when the Advanced Protection
Service is enabled.
Solution: This hotfix updates OfficeScan agent program to prevent the high CPU usage issue.
[Hotfix_6167] (TT-352149)
Issue: On OfficeScan agents, the "Ntrtscan.exe" process stops repeatedly because it cannot start the
VSAPI driver.
Solution: This hotfix updates the OfficeScan agent program to ensure that "Ntrtscan.exe" starts and works
normally.
[Hotfix_6167.1] (TT-350646)
Enhancement: OfficeScan and Data Loss Prevention(DLP) starts support multiple forensic data session in
the violation logs.
[Hotfix_6168] (TT-352886,352245)
Issue 1: When users use "http://dlptest.com" to test the DLP policy, the OfficeScan agent does not block
illegal information on the website.
Solution 1: This hotfix ensures that the DLP module of OfficeScan agents blocks HTP/HTTPS posts in
websites that contain illegal information.
Issue 2: An issue in the DLP module triggers a high CPU usage
Issue related to "SourceTree.exe".
Solution 2: This hotfix resolves the issue in the DLP module to prevent the high CPU usage issue. The
DLP data identifiers expression "UK - RD&E Hospital Number" algorithm may trigger some false alarms.
This hotfix updates the "UK - RD&E Hospital Number" algorithm to help avoid false alarms.
DLP causes Google Chrome to stop responding while users upload an attachment to Gmail by the drag and
drop method.
This hotfix ensures that users can drag and drop file attachments in Gmail on Google Chrome.
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support version 53.0.2785.116 m of the
Google Chrome web browser but not its QUIC mode.
[Hotfix_6170] (TT-353233)
Issue: A mismatch issue between the encode and decode calling mechanism prevents the OfficeScan server
from syncing up with the AD domain.
Solution: This hotfix resolves the issue by updating the OfficeScan server program to ensure that the
OfficeScan server syncs up with the AD domain properly.
[Hotfix_6177] (TT-352580)
Enhancement: This hotfix provides a way for users to enable or disable the Osprey async mode.
Procedure:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV" folder of the OfficeScan installation directory.
c. Add the key in the "Global Setting" section and assign the preferred value.
[Global Setting]
OspreyAsyncServerLookup=0, disables Osprey async mode=1, enables Osprey async mode
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥Osprey
¥Scan¥Common¥HttpManager¥config
Key:AsyncServerLookup
Type: dword
[Hotfix_6178] (TT-353384,352548,353648)
Issue 1: Several abnormal messages appear on the Windows 10 Red Stone platform even when the ping
results are successful.
Solution 1: This hotfix updates the OfficeScan agent program to prevent the abnormal messages in
computers running on the Windows 10 Red Stone platform.
Issue 2: The OfficeScan agent may not be able to scan a file successfully if the file is specified by a UNC
path.
Solution 2: This hotfix updates an agent file to ensure that the OfficeScan agent can scan files specified
using UNC paths successfully.
[FR_Hotfix_6181] (TT-353986)
Enhancement 1: This hotfix enables users to configure the OfficeScan server to check if the UID of an
agent exists in the database by generating a compliance report and to notify the client machine to register
again if it has no record of the agent's UID.
Procedure: To enable and configure this enhancement:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "ProtectionReportFrequency" and "AutoOnStart"
keys and set the preferred value for each.
[Global Setting]
ProtectionReportFrequency=(the frequency in minutes at which the server should check if a client's UID
is in the database through a compliance report, the minimum value is 2 minutes)
AutoOnStart=1, enables the OfficeScan server to trigger an onstart command to agents to register back to
the server if it cannot find the agent's UID in the database
=0, disables the command trigger
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the"Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.The OfficeScan server deploys the command to OfficeScan
agents and adds the following registry entries on all OfficeScan agent computers:
Path:HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Misc.
Key:ProtectionReportFrequency
Type:REG_DWORD
Value: 2
Key:AutoOnStart
Type:REG_DWORD
Value: 1
Enhancement 2: This hotfix adds a way to configure OfficeScan clients to skip digital signature checking
of OfficeScan client program files while downloading hotfix files and reloading the scan engine.
Procedure: To prevent OfficeScan clients from checking the digital signature of program files while
downloading hotfix files and reloading the scan engine:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
DOVF=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Misc.
Key:DOVF
Value: 1
[Hotfix_6182] (TT-353787)
Issue: When an OfficeScan 11.0 Service Pack 1 agent is configured not to upload firewall logs, it may
automatically start uploading these logs after restarting.
Solution: This hotfix updates the OfficeScan agent program to ensure that OfficeScan agents upload
firewall logs only when enabled to do so.
[Hotfix_6183] (TT-349599)
Enhancement: This hotfix improves the checking mechanism of the OfficeScan agent program to protect
the Smart Scan Agent Pattern and Virus Pattern files in endpoints from corruption.
[Hotfix_6184] (TT-354760)
Issue: The OfficeScan web console cannot display the firewall exception list properly if the number of
exceptions in a firewall policy is a multiple of 249.
Solution: This hotfix updates the OfficeScan server programs to ensure that the OfficeScan web console
can successfully display the firewall exception list when the number of exceptions in a firewall policy is a
multiple of 249.
[Hotfix_6187] (TT-354226)
Issue: OfficeScan Data Protection causes Google(TM) Chrome version 53.0.2785.116 hang.
Solution: This hotfix resolves the hang issue when Chrome is running on its QUIC mode.
[Hotfix_6190] (TT-348875)
Issue: USB Floppy cannot be added into Exception of Removable Storage of OfficeScan Data
Protection(DLP) Policy Settings.
Solution: This hotfix resolves can add USB Floppy into Exception of Removable Storage of DLP Policy
Settings.
[Hotfix_6193] (TT-354503,354563,354690)
Issue 1: Several abnormal messages appear on the Windows 10 Red Stone platform even when the ping
results are successful.
Solution 1: This hotfix updates the OfficeScan agent program to prevent the abnormal messages in
computers running on the Windows 10 Red Stone platform.
Issue 2: The OfficeScan agent may not be able to scan a file successfully if the file is specified by a UNC
path.
Solution 2: This hotfix updates an agent file to ensure that the OfficeScan agent can scan files specified
using UNC paths successfully.
[Hotfix_6196] (TT-352967,353712,354440)
Issue 1: Some drivers cannot be loaded in Microsoft(TM) Windows(TM) 10 when both UEFI and Secure
Boot are enabled.
Solution 1: This hotfix updates a new driver with the "Microsoft Windows Hardware Compatibility
Publisher" digital signature to ensure that drivers can be loaded successfully.
Issue 2: The Avaya Scopia(TM) log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution 2: This hotfix enables users to disable the self- protection feature of the AEGIS module for Avaya
Scopia to prevent the incompatibility issue and ensure that Avaya Scopia runs normally on protected
computers.
Procedure 2: To disable the self-protection feature of the AEGIS module in affected computers:
a. Install this hotfix (see "Installation").
b. Stop the OfficeScan agent service.
c. Open the Registry Editor.
d. Add the following key and set its value to "1".
PATH:HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥Services¥tmactmon¥Parameters
KEY:SkipDuplicateSameAccess
TYPE:dword
VALUE: 1, disables the self-protection feature
0, enables the self-protection feature
e. Start the OfficeScan agent service.
Issue 3: After upgrading to OfficeScan 11.0 Service Pack 1 Build 6134, the OfficeScan web console stops
responding when users delete a domain in the "Agent Management > Manage Agent Tree > Remove
Domain/Agent" screen.
Solution 3: This hotfix ensures that users can delete domains normally in the "Agent Management >
Manage Agent Tree > Remove Domain/Agent" screen.
[Hotfix_6199] (TT-353736)
Enhancement: This hotfix improves the index mechanism for the SQL table containing the OfficeScan
agent information.
[JP_CP_6206] (TT-356190)
Issue: After apply CP6125, windows machine becomes Very Slow, OfficeScan agent encounters
performance issues during a RealTime Scan when the Ravage Scan feature is enabled.
Solution: Repack the CP6125 to resolve it
[Hotfix_6209] (TT-353132)
Issue: Sometimes, the wrong license information appears on the OfficeScan "Product License" page after
users click on the "Update Information" button.
Solution: This hotfix ensures that the "Update Information" button works normally and that the correct
license information appears on the OfficeScan "Product License" page.
[Hotfix_6212] (TT-352273)
Issue 1: The UMH driver triggers an unexpected error.
Solution 1: This hotfix updates the UMH driver to resolve the issue.
Issue 2: The UMH driver triggers an unexpected error in the Windows 10 Red Stone platform.
Solution 2: This hotfix updates the UMH driver to resolve the issue.
[Hotfix_6213] (TT-355509)
Issue: When a user changes the computer name of an OfficeScan agent that is registered to Trend Micro
Control Manager(TM), the corresponding computer name information on the Control Manager console
does not change.
Solution: This hot fix adds a function that automatically updates the OfficeScan agent's computer name
information on the Control Manager console after a user edits the computer name of the OfficeScan agent.
[Hotfix_6213.1] (TT-352977)
Issue: When users deploy an OfficeScan policy from Control Manager using the "PolicyExportTool.exe"
utility, the exported policy displays the wrong component type for the comOSCECCCA component.
Solution: This hotfix ensures that when the "PolicyExportTool.exe" utility exports OfficeScan policies
from Control Manager, the exported policies display the correct component types.
[Hotfix_6214] (TT-353505)
Issue: The "Date/Time" field on the "Spyware/Grayware Log" page of the OfficeScan server console
displays the time when the server received each Security Risk log instead of the date and time that a
malware was detected on an OfficeScan agent.
Solution: This hotfix corrects the "Date/Time" information on the "Spyware/Grayware Log" page.
[Hotfix_6214.1] (TT-355109)
Issue: The "Unmanaged Endpoints" page of the OfficeScan web console may not display the progress of
the agent installation task if a selected endpoint under the Active Directory (AD) contains an ampersand
character "&".
Solution: This hotfix ensures that the "Unmanaged Endpoints" page displays the progress of the agent
installation task.
[Hotfix_6216] (TT-350316)
Issue: The Avaya Scopia log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution: This hotfix enables users to disable the self-protection feature of the AEGIS module for Avaya
Scopia to prevent the incompatibility issue and ensure that Avaya Scopia can run normally on protected
computers.
Procedure: To disable the self-protection feature of the AEGIS module in affected computers:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
SkipDuplicateSameAccess=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
PATH:HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥Services¥tmactmon¥Parameters
KEY:SkipDuplicateSameAccess
TYPE:dword
VALUE: 1, disables the self-protection feature
0, enables the self-protection feature
[JP_Hotfix_6217] (TT-355734)
Issue: The "dsu_convert.exe" tool stops unexpectedly and triggers an error message when it encounters
multibyte characters in the "DomainSetting.ini" file.
Solution: This hot fix resolves this issue by enabling the "dsu_convert.exe" tool to support multibyte
characters.
[Hotfix_6221] (TT-355317)
Issue: Setting "RmvTmTDI=1" removes the following OfficeScan agent drivers which can trigger WRS to
stop working.
- TMTDI.sys
- TMEEVW.sys
- TMUSA.sys
Solution: This hotfix provides a new option that allows users to prevent OfficeScan from removing the
"TMEEVW.sys" and "TMUSA.sys" drivers when "RmvTmTDI" is enabled to ensure that WRS still works
normally under this scenario.
Procedure: To enable OfficeScan to remove only the "TMTDI.sys" driver when "RmvTmTDI=1":
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥"folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
RmvTmTDI=1
KeepOspreyWhenRmvTmTDI=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
PATH:HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Misc.
KEY:KeepOspreyWhenRmvTmTDI
TYPE:DWORD
VALUE: 1
[Hotfix_6223] (TT-349600)
Enhancement: This hotfix adds settings for the following OfficeScan services on the domain level of
Windows server platforms.
- Behavior Monitoring Service
- Firewall Service
- Trend Micro Data Loss Prevention(TM) (DLP) Service
- Suspicious Connection Service
- Advanced Protection Service
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥Private" folder on the OfficeScan installation
directory.
c. Under the "INI_SERVER_SECTION" section, manually add the following key and set its value to
"1".
[INI_SERVER_SECTION]
SupportToConfigureServerPlatformForMultiClient=1
d. Save the changes and close the file.
[DE_Hotfix_6224] (TT-356025)
Issue 1: The UMH driver triggers an unexpected error.
Solution 1: This hotfix updates the UMH driver to resolve the issue.
Issue 2: The UMH driver triggers an unexpected error in the Windows 10 Red Stone platform.
Solution 2: This hotfix updates the UMH driver to resolve the issue.
[Hotfix_6227] (TT-355419)
Issue 1: Copy a content of a cell from one to another in Microsoft Excel may cause system unresponsive.
Solution 1: The hot fix resolves the hang issue.
Issue 2: When set MAX_FILE_SIZE and MAX_CHECK_FILE_SIZE and try to block *.*, the files inside
a zip will still be blocked even its size is big enough.
Solution 2: Fix the isssue and make the blocking size check the same when a file is within or without a zip
file.
[Hotfix_6231] (TT-354728)
Enhancement: This hotfix provides a way for users to configure OfficeScan agents to automatically
disconnect an established connection and to re-establish a connection when the network isolation feature is
triggered from a Control Manager server.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
cnqConnectionTermination=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro ¥PC-cillinNTCorp¥CurrentVersion¥Misc.
Key: cnqConnectionTermination
Type: DWORD
Value: 0 = OfficeScan does not support network re-establish
1 = OfficeScan supports network re-establish
Note: This function works only on computers that retrieve its IP address from the DHCP server
automatically.
[Hotfix_6244] (TT-349527)
Issue: When an OfficeScan client detects malware, the corresponding pop-up window indicates that the
instance has been "resolved" instead of "detected". This occurs even when the OfficeScan client cannot
perform the required action on the malware.
Solution: This hotfix ensures that the pop-up window correctly indicates that the malware has been
"detected".
[Hotfix_6250] (TT-356853)
Issue: Installing OfficeScan 10.5 Patch 6 by web installation also installs ActiveX on the computer,
however, ActiveX uninstallation. As a result, users encounter an error is not removed during client while
installing OfficeScan 11 Service Pack 1 Critical Patch 6054 by web installation. This happens because the
"WinNTchk.dll" for the ActiveX component cannot be updated when a previous version of the file exists in
the installation directory. When this happens, the web installation fails.
Solution: This hotfix ensures that the OfficeScan server adds the version information of the
"WinNTChk.cab" file when it triggers web installation.
[Hotfix_6252] (TT-358070)
Issue 1: It is reported that the OfficeScan NT Listener service (TmListen.exe) in OfficeScan 11.0 Service
Pack 1 Patch 1 failed to start up on endpoints running Microsoft(TM) Windows(TM) Vista or Windows
Server 2008.
Solution 1: This hotfix updates the OfficeScan agent program to resolve this issue.
(TT352284)
Issue 2: The User Mode Hooking (UMH) driver causes an unexpected error.
Solution 2: This hotfix updates the UMH driver to resolve thisIssue.
(TT357381)
Issue 3: When users export the Scan Exclusion Lists for the following scan types from the "Agent
Management" screen of the OfficeScan web console, the generated CSV file will not contain any domain
setting information for OfficeScan agents:
- Manual scans
- Real-time scans
- Scheduled scans
- Scan Now
Solution 3: This hotfix updates the OfficeScan server files to ensure that when users export Scan
Exclusion Lists, the domain setting information for each OfficeScan agent appear on the exported CSV
files.
(TT355584)
Issue 4: In some OfficeScan agents managed by the Update Agent (UA), the T-ball logo on the bottom
right portion of the screen turns red since the "NtrtScan.exe" program keeps reloading.
Solution 4: This hotfix configures the "Agent Connection" setting to a global setting such that when it is
changed, the Setting Aggregation File (SAF) package will be updated accordingly. This update enables the
OfficeScan agents (managed by the Update Agent) to send a report to the OfficeScan server and instruct it
to clear the configuration flag since there is a new setting.
[Hotfix_6258] (TT-354263,357598,355833,357926,357331,356698,357554,344921,356965)
(TT354263)
Issue 1: The OfficeScan server database may crash if the database backup path follows the universal
naming convention (UNC) and the backup username length exceeds 32 characters.
Solution 1: This hotfix updates the OfficeScan server files to resolve this issue.
(TT357598)
Issue 2: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution 2: This hotfix enables OfficeScan to extend the cache time to 12 hours.
(TT357926)
Issue 3: DLP does not block the most current webmail site like Outlook.com.
Solution 3: This hotfix resolves this issue.
(TT357331)
Issue 4: After administrators remove or uninstall the OfficeScan agent, the OfficeScan server removes all
the OfficeScan agents from the database. This situation occurs when administrators set an agent unique
identifier (UID) as a root domain UID.
Solution 4: This hotfix updates the OfficeScan server files to add two check points to resolve this issue.
(TT356698)
Enhancement 1: This hotfix provides a way for users to approve programs to run without checks by
Meerkat (a detection improvement program that monitors newly encountered programs downloaded
through HTTP or email applications).
Procedure 1: To approve programs to run without checking by Meerkat:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "MKWL" key and assign the encrypted string
of the full program path.
[Global Setting]
MKWL="The encrypted string of the full program path"
Note: The encrypted string of the full program path needs to be provided by OfficeScan SEG engineer.
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: for x64 platform
HKEY_LOCAL_MACHINE¥SOFTWARE¥Wow6432Node¥TrendMicro¥PC-cillinNTCorp¥CurrentVersi
on¥Misc.
for x86 platform
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Misc.
Key:MKWL
Type: String
Value: "The encrypted string of the full program path"
(TT357554)
Enhancement 2: This hotfix updates the Data Loss Prevention Endpoint SDK 6.0 to support the following
Google Chrome versions:
- 54.0.2840.99
- 55.0.2883.75
(TT344921)
Enhancement 3: This hotfix enables Data Loss Prevention Endpoint SDK 6.0 Webmail channel to share
the exception from Email channel.
Procedure 3: To configure the "apply_email_wblist_to_webmail" setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "¥PCCSRV¥Private¥" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "apply_email_wblist_to_webmail" key and set its
value.
[Configure]
apply_email_wblist_to_webmail = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or
agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in the
"dsa.pro" file in the "¥Windows¥System32¥dgagent¥" folder:
apply_email_wblist_to_webmail=true
g. Restart all OfficeScan agents.
(TT344921)
Enhancement 4: This hotfix enables the Data Loss Prevention Endpoint SDK 6.0 to support Lotus Notes
Webmail with its add-ons installed for Bank of Chengdu.
Procedure 4: To configure the "inet_enhanced_dwa_parser"setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "¥PCCSRV¥Private¥" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "inet_enhanced_dwa_parser" key and set
its value.
[Configure]
inet_enhanced_dwa_parser = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains
or
agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents".
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key
in the "dsa.pro" file in the "¥Windows¥System32¥dgagent¥" folder:
inet_enhanced_dwa_parser=true
g. Restart all OfficeScan agents.
[Hotfix_6263] (TT-357949,357004,357915,357769,358146,356728,356873)
(TT357949)
Issue 1: Automatic agent grouping uses rules defined by Microsoft(TM) Windows(TM) Active Directory
(AD) domains. Sometimes, after the OfficeScan server synchronizes AD information from the Windows
server, the status of enabled grouping rules shows a "Warning"sign.
Solution 1: This hotfix updates the OfficeScan programs to ensure that the enabled grouping rules will not
be affected by the synchronized AD information.
(TT357004)
Issue 2: In Microsoft(TM) Windows(TM) Vista/2008 or later clients, OfficeScan displays an incorrect
firewall driver version number. The correct version number is 5.83.1003, but the version number that
OfficeScan displays is 5.82.1050.
Solution 2: This hotfix ensures that the OfficeScan server references the "tmlwf.sys" and "tmwfp.sys" files
to determine the correct version number of the common firewall driver.
(TT357915)
Issue 3: While using the "Export Scan Exclusions" button, the "Scan Exclusion List (File Extensions)"
function generates a "N/A" message in the exported CSV file when the "Scan Exclusion List (Files)" value
is empty. This issue only happens in the "Scan Now" configuration.
Solution 3: This hotfix updates the OfficeScan programs to resolve this issue so that users can generate
correct information in the CSV file.
(TT357769)
Issue 4: OfficeScan leaks encrypted account passwords during web console operations. Unauthorized
users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution 4: This hotfix updates the OfficeScan server program to ensure that OfficeScan does not leak
encrypted passwords.
(TT358146)
Issue 5: If user set the default browser to Chrome and click on hyperlinks from other applications, the
Chrome page shows a "try to access to an unexpected site "--disable-quic"" message.
Solution 5: This hotfix ensures that the Chrome page will not access unexpected "--disable-quic" sites
when users click hyperlinks from other applications once they set Chrome as the default browser.
(TT356728)
Issue 6: DLP blocks Exodus-jabber applications unexpectedly.
Solution 6: This hotfix ensures that Exodus-jabber works normally even when DLP is enabled on the
endpoint machines.
(TT356873)
Enhancement: This hotfix enables users to generate the Secure Sockets Layer (SSL) certificate with
SHA256 signature algorithm and 2048-bit public key for the OfficeScan web site which is installed on
Microsoft(TM) Internet Information Services (IIS) or Apache(TM) HTTP Server through the
"SvrSvcSetup.exe" tool.
Procedure: To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for
manually renew the IIS SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "¥PCCSRV¥" directory.
c. Run the following command:
SvrSvcSetup.exe -GenIISCert
A new SSL certificate is generated and is automatically added to the IIS SSL certificate store.
d. Open the IIS Manager console (inetmgr.exe).
e. Right-click the OfficeScan web site, and then click "Edit Bindings...".
f. When the "Site Bindings" window opens, select "https type" and click "Edit...".
g. Select the newly-created SSL certificate and click "OK".
Note: Click the "View..." option to view the 2048-bit public key.
h. Click "Close".
To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for manually
renew the Apache SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "¥PCCSRV¥" directory.
c. Run the following command:
SvrSvcSetup.exe -GenApacheCert
A new SSL certificate is generated and is automatically added to the Apache SSL certificate
store.
d. Stop the following services:
- OfficeScan Master Service
- Apache Service
e. Start the following services:
- Apache Service
- OfficeScan Master Service
[Hotfix_6263.1] (TT-348161)
Issue: The Qastor application fails because Trend Micro's firewall takes too much time to check the hash
of the related executable image. This situation causes a timeout on the application's connection to the
server. ~
Solution: This hot fix updates the Network Security Components to ensure that Trend Micro's firewall
will asynchronously compute the hash value of the executable image that initiated a connection. While
the firewall computes the hash, all rules of the Application Filter will be unavailable until the hash value is
computed, preventing the system from blocking the application from its connection.
Procedure: To apply and deploy the solution globally:
a. Install this hot fix (see "Installation") and wait until the new Network Security Components has been
deployed to agents.
b. Restart the agent computers.
c. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation directory.
d. Add "AsyncHash=1" and "ALEPend=1" under the "Global Setting" section.
[Global Setting]
AsyncHash=1
ALEPend=1
e. Save the changes and close the file.
f. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
g. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to OfficeScan agents and adds the following registry
entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥
NSC¥PFW
Key:AsyncHash
Type: REG_DWORD
Value: 1
Path: HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥
services¥tmWfp¥Parameters
Key:ALEPend
Type: REG_DWORD
Value: 1
[Hotfix_6267] (TT-358436,357701,354253)
(TT358436)
Issue 1: OfficeScan can synchronize suspicious objects and retrieve actions against these objects from a
Control Manager server. However, an expired suspicious object is still synchronized to OfficeScan that
makes false detections on the agent.
Solution 1: This hotfix updates the OfficeScan programs to ensure that the expired suspicious objects will
not be detected.
(TT357701)
Issue 2: The "Agent Management" page of the OfficeScan web console may not display all OfficeScan
agents if the domain has a large number of OfficeScan agents.
Solution 2: This hotfix resolves the issue by updating the mechanism used by the SQL table containing the
OfficeScan agent information.
(TT354253)
Issue 3: The OfficeScan 11.0 Service Pack 1 Behavior Monitoring feature may block valid programs
without leaving a record of the block action in the detection log.
Solution 3: This hotfix updates the OfficeScan Behavior Monitoring program to ensure that it blocks the
correct programs.
[Hotfix_6271] (TT-354682,356152,357370,358458)
(TT354682)
Issue 1: On x86 platforms, the Aegis module sends Meerkat detection information to the Officescan server
and displays a pop-up dialog box that allows users to click on the "Allow Once" button. However, even
after users clicked on this button, Meerkat still blocks the application.
Solution 1: This hotfix updates Meerkat to check the payload of API events to prevent this issue from
happening.
(TT356152)
Issue 2: The OfficeScan User-Mode Hooking (UMH) function prevents the "java.exe" program from
working properly.
Solution 2: This hotfix adds "java.exe" onto the OfficeScan UMH whitelist pattern to ensure that the
"java.exe" program works properly.
(TT357370)
Issue 3: The OfficeScan UMH function prevents the WebISO software from working properly.
Solution 3: This hotfix adds the WebISO software into the OfficeScan UMH whitelist pattern to ensure
that the WebISO software works proeprly.
(TT358458)
Issue 4: Users may still be able to access web sites that the Trend Micro URL Filtering Engine (TMUFE)
failed to rate because of connection issues.
Solution 4: This hotfix provides a way for users to configure OfficeScan to automatically block access to
web sites if the TMUFE cannot rate the web sites.
Procedure:
To configure OfficeScan to automatically block access to web sites that the TMUFE cannot rate:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥"folder on the OfficeScan server installation
directory using a text editor.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
URLFilterErrMode=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to OfficeScan agents and adds the following registry
entry on all OfficeScan agent computers:
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥NSC¥TmProxy¥Scan¥Common¥URLFilter¥con
fig
Key:ErrMode
Type: dword
Value: 1
For Microsoft(TM) Windows(TM) 7/8/10 and
Windows Server 2008 R2/2012/2016:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥Osprey¥Scan¥Common¥URLFilter¥config
Key:ErrMode
Type: dword
Value: 1
g. Restart the OfficeScan agents.
[Hotfix_6274] (TT-349044,358714,359007,358753,358095,356199)
(TT349044)
Issue 1: The detected Virus/Malware information that appears in the OfficeScan web console does not
match the information in the Trend Micro Control Manager(TM) console.
Solution 1: This hotfix ensures that the OfficeScan server sends the correct Virus/Malware information to
Control Manager so that the information in the OfficeScan web console matches the information in the
Control Manager console.
Procedure: To configure OfficeScan to send the accurate information to Control Manager:
a. Install this hotfix (see "Installation").
b. Open the "Product.ini" file in the "¥PCCSRV¥CmAgent" folder on the OfficeScan server
installation directory using a text editor.
c. Under the "Configure" section, manually add the following key and set its value to "1".
[Configure]
EnableSFCacheTimeout=1
d. Save the changes and close the file.
e. Restart the OfficeScan Control Manager Agent.
(TT358714)
Issue 2: On the "Agents > Agent Management" section of the OfficeScan web console, when users run an
advanced search for OfficeScan agents running with Update Agent "Disabled" status, the search results
always display both OfficeScan agents running with Update Agent "Enabled" status and "Disabled" status.
Solution 2: This hotfix updates the OfficeScan server program to ensure that when users run an advanced
search for OfficeScan agents running with Update Agent "Disabled" status, it displays the correct result.
(TT359007)
Issue 3: OfficeScan agents report their antivirus status information to the Microsoft(TM) Windows(TM)
Security Center (WSC) when the system starts. However, after the system restarts, WSC displays that the
OfficeScan antivirus reports are turned off.
Solution 3: This hotfix updates the OfficeScan agent program to resolve this issue.
(TT358753)
Issue 4: The OfficeScan NT Listener service ("TmListen.exe") may stop unexpectedly after the OfficeScan
agent encounters a mismatch certificate error. When this happens, the agent update is unsuccessful.
Solution 4: This hotfix updates the OfficeScan agent program to prevent the "TmListen.exe" from
stopping unexpectedly and ensures that the OfficeScan agent can handle the mismatch certificate error
properly.
(TT359384)
Issue 5: DLP does not block the drag-and-drop of files from current Webmail sites (such as
"Outlook.office.com" or "Outlook.live.com) when users use Google Chrome to access these Webmail sites.
Solution 5: This hotfix ensures that OfficeScan does not leak sensitive information when users use Google
Chrome to access these Webmail sites.
(TT356199)
Enhancement: This hotfix enables the Data Loss Prevention (DLP) Endpoint SDK 6.0 module to support
version 55.0.2883.87 of the Google(TM) Chrome(TM) web browser and version 50.1.0 of the
Mozilla(TM) Firefox(TM) web browser.
[Hotfix_6277] (TT-354730,358776)
Enhancement: This hotfix enhances the OfficeScan server to support Active Directory subgroups for
OfficeScan user accounts.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcserver.ini" file in the "¥PCCSRV¥Private" folder on the OfficeScan
installation directory.
c. Under the "INI_AD_INTEGRATION_SECTION" section, manually add the following key and set its
value to "1".
[INI_AD_INTEGRATION_SECTION]
RBAMultilayerInheritanceForADUser=1
d. Save the changes and close the file.
[Hotfix_6281] (TT-359424,355684,358910,355833,356731)
(TT359424)
Issue 1: After installing hotfixes on OfficeScan 11.0 Service Pack 1 and activating the OfficeScan Firewall
on agents, the Firewall logs display corrupted characters on both the agent console and the OfficeScan
server web console.
Solution 1: This hotfix updates the OfficeScan Firewall to ensure that the Firewall logs display the correct
information on both the agent console and the OfficeScan server web console.
(TT355684)
Issue 2: OfficeScan 11.0 Service Pack 1 (SP1) Critical Patch (CP) Build 6054 is unable to use the Sesame
mobile application on endpoints.
Solution 2: This hotfix ensures that the User-Mode Hooking (UMH) does not hook the
"ZWProtectVirtualMemory" API when the "Aclayer.dll" file exists.
(TT358910)
Issue 3: Data Loss Prevention does not block large files inside ZIP archives, even if the boundary of the
file size exceeds the maximum value.
Solution 3: This hotfix ensures that Data Loss Prevention properly blocks large files inside a ZIP archives.
(TT358910)
Issue 4: Microsoft Access (.mdb) files cannot be recovered to USB storage from the Data Loss Prevention
backup folder.
Solution 4: This hotfix ensures that Data Loss Prevention can successfully recover Microsoft Access
(.mdb) files.
(TT355833)
Issue 5: The Listdeviceinfo tool cannot get information from external devices such as "LaCie Rugged
THB USB3 SCSI Disk Device".
Solution 5: This hotfix resolves this tool issue.
(TT349044)
Issue 6: The detected Virus/Malware information that appears in the OfficeScan web console does not
match the information in the Trend Micro Control Manager(TM) console.
Solution 6: This hotfix ensures that the OfficeScan server sends the correct Virus/Malware information to
Control Manager so that the information in the OfficeScan web console matches the information in the
Control Manager console.
Procedure: To configure OfficeScan to send the accurate information to Control Manager:
a. Install this hotfix (see "Installation").
b. Open the "Product.ini" file in the
"¥PCCSRV¥CmAgent" folder on the OfficeScan server installation directory using a text editor.
c. Under the "Configure" section, manually add the following key and set its value to "1".
[Configure]
EnableSFCacheTimeout=1
d. Save the changes and close the file.
e. Restart the OfficeScan Control Manager Agent.
(TT358714)
Issue 7: On the "Agents > Agent Management" section of the OfficeScan web console, when users run an
advanced search for OfficeScan agents running with Update Agent "Disabled" status, the search results
always display both OfficeScan agents running with Update Agent "Enabled" status and "Disabled" status.
Solution 7: This hotfix updates the OfficeScan server program to ensure that when users run an advanced
search for OfficeScan agents running with Update Agent "Disabled" status, it displays the correct result.
(TT359007)
Issue 8: OfficeScan agents report their antivirus status information to the Microsoft(TM) Windows(TM)
Security Center (WSC) when the system starts. However, after the system restarts, WSC displays that the
OfficeScan antivirus reports are turned off.
Solution 8: This hotfix updates the OfficeScan agent program to resolve this issue.
(TT358753)
Issue 9: The OfficeScan NT Listener service ("TmListen.exe") may stop unexpectedly after the OfficeScan
agent encounters a mismatch certificate error. When this happens, the agent update is unsuccessful.
Solution 9: This hotfix updates the OfficeScan agent program to prevent the "TmListen.exe" from
stopping unexpectedly and ensures that the OfficeScan agent can handle the mismatch certificate error
properly.
(TT359384)
Issue 10: DLP does not block the drag-and-drop of files from current Webmail sites (such as
"Outlook.office.com" or "Outlook.live.com) when users use Google Chrome to access these Webmail sites.
Solution10: This hotfix ensures that OfficeScan does not leak sensitive information when users use
Google Chrome to access these Webmail sites.
(TT354682)
Issue 11: On x86 platforms, the Aegis module sends Meerkat detection information to the Officescan
server and displays a pop-up dialog box that allows users to click on the "Allow Once" button. However,
even after users clicked on this button, Meerkat still blocks the application.
Solution11: This hotfix updates Meerkat to check the payload of API events to prevent this issue from
happening.
(TT356152)
Issue 12: The OfficeScan User-Mode Hooking (UMH) function prevents the "java.exe" program from
working properly.
Solution 12: This hotfix adds "java.exe" onto the OfficeScan UMH whitelist pattern to ensure that the
"java.exe" program works properly.
(TT357370)
Issue 13: The OfficeScan UMH function prevents the WebISO software from working properly.
Solution13: This hotfix adds the WebISO software into the OfficeScan UMH whitelist pattern to ensure
that the WebISO software works proeprly.
(TT358458)
Issue 14: Users may still be able to access web sites that the Trend Micro URL Filtering Engine (TMUFE)
failed to rate because of connection issues.
Solution 14: This hotfix provides a way for users to configure OfficeScan to automatically block access to
web sites if the TMUFE cannot rate the web sites.
Procedure: To configure OfficeScan to automatically block access to web sites that the TMUFE cannot
rate:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory using a text editor.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
URLFilterErrMode=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan
agents and adds the following registry ¥entry on all OfficeScan agent computers:
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥NSC¥TmProxy¥Scan¥Common¥URLFilter¥con
fig
Key:ErrMode
Type: dword
Value: 1
For Microsoft(TM) Windows(TM) 7/8/10 and Windows Server 2008 R2/2012/2016:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥Osprey¥Scan¥Common¥URLFilter¥config
Key:ErrMode
Type: dword
Value: 1
g. Restart the OfficeScan agents.
(TT358436)
Issue 15: OfficeScan can synchronize suspicious objects and retrieve actions against these objects from a
Control Manager server. However, an expired suspicious object is still synchronized to OfficeScan that
makes false detections on the agent.
Solution15: This hotfix updates the OfficeScan programs to ensure that the expired suspicious objects will
not be detected.
(TT357701)
Issue 16: The "Agent Management" page of the OfficeScan web console may not display all OfficeScan
agents if the domain has a large number of OfficeScan agents.
Solution16: This hotfix resolves the issue by updating the mechanism used by the SQL table containing
the OfficeScan agent information.
(TT354253)
Issue 17: The OfficeScan 11.0 Service Pack 1 Behavior Monitoring feature may block valid programs
without leaving a record of the block action in the detection log.
Solution17: This hotfix updates the OfficeScan Behavior Monitoring program to ensure that it blocks the
correct programs.
(TT357949)
Issue 18: Automatic agent grouping uses rules defined by Microsoft(TM) Windows(TM) Active Directory
(AD) domains. Sometimes, after the OfficeScan server synchronizes AD information from the Windows
server,the status of enabled grouping rules shows a "Warning" sign.
Solution18: This hotfix updates the OfficeScan programs to ensure that the enabled grouping rules will not
be effected by the synchronized AD information.
(TT357004)
Issue 19: In Microsoft(TM) Windows(TM) Vista/2008 or later clients, OfficeScan displays an incorrect
firewall driver version number. The correct version number is 5.83.1003, but the version number that
OfficeScan displays is 5.82.1050.
Solution19: This hotfix ensures that the OfficeScan server references the "tmlwf.sys" and "tmwfp.sys"
files to determine the correct version number of the common firewall driver.
(TT357915)
Issue 20: While using the "Export Scan Exclusions" button, the "Scan Exclusion List (File Extensions)"
function generates a "N/A" message in the exported CSV file when the "Scan Exclusion List (Files)" value
is empty. This issue only happens in the "Scan Now" configuration.
Solution 20: This hotfix updates the OfficeScan programs to resolve this issue so that users can generate
correct information in the CSV file.
(TT357769)
Issue 21: OfficeScan leaks encrypted account passwords during web console operations. Unauthorized
users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution 21: This hotfix updates the OfficeScan server program to ensure that OfficeScan does not leak
encrypted passwords.
(TT358146)
Issue 22: If user set the default browser to Chrome and click on hyperlinks from other applications, the
Chrome page shows a "try to access to an unexpected site "--disable-quic"" message.
Solution 22: This hotfix ensures that the Chrome page will not access unexpected "--disable-quic" sites
when users click hyperlinks from other applications once they set Chrome as the default browser.
(TT356728)
Issue 23: DLP blocks Exodus-jabber applications unexpectedly.
Solution23: This hotfix ensures that Exodus-jabber works normally even when DLP is enabled on the
endpoint machines.
(TT356731)
Issue 24: Enabling the Browser Exploit Protection (BEP) function causes Microsoft(TM) Internet Explorer
11 to crash when combined with Trend Micro add-ins (BEP) and the vSentry product from Bromium.
Solution 24: This hotfix resolves this issue.
(TT356199)
Enhancement 1: This hotfix enables the Data Loss Prevention (DLP) Endpoint SDK 6.0 module to
support version 55.0.2883.87 of the Google(TM) Chrome(TM) web browser and version 50.1.0 of the
Mozilla(TM) Firefox(TM) web browser.
(TT356873)
Enhancement 2: This hotfix enables users to generate the Secure Sockets Layer (SSL) certificate with
SHA256 signature algorithm and 2048-bit public key for the OfficeScan web site which is installed on
Microsoft(TM) Internet Information Services (IIS) or Apache(TM) HTTP Server through the
"SvrSvcSetup.exe" tool.
Procedure: To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for
manually renew the IIS SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "¥PCCSRV¥" directory.
c. Run the following command: SvrSvcSetup.exe -GenIISCert
A new SSL certificate is generated and is automatically added to the IIS SSL certificate
store.
d. Open the IIS Manager console (inetmgr.exe).
e. Right-click the OfficeScan web site, and then click "Edit Bindings...".
f. When the "Site Bindings" window opens, select "https type" and click "Edit...".
g. Select the newly-created SSL certificate and click "OK".
Note: Click the "View..." option to view the 2048-bit public key.
h. Click "Close".
To generate the SSL certificate with SHA256 signature algorithm and 2048-bit public key for manually
renew the Apache SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "¥PCCSRV¥" directory.
c. Run the following command:
SvrSvcSetup.exe -GenApacheCert
A new SSL certificate is generated and is automatically added to the Apache SSL certificate
store.
d. Stop the following services:
- OfficeScan Master Service
- Apache Service
e. Start the following services:
- Apache Service
- OfficeScan Master Service
[Hotfix_6281.1] (TT-357771)
Issue: An issue related to the AEGIS module of the OfficeScan agent program may cause certain operating
systems to stop responding.
Solution: This hot fix updates the Behavior Monitoring Service module to resolve the issue.
[CP_6285] (TT-359321)
Issue: After installing OfficeScan Service Pack (SP1) Patch 1, the OfficeScan Smart Scan Pattern cannot
be updated.
Solution: This critical patch updates the ActiveUpdate module to resolve the issue.
[Hotfix_6292] (TT-358489,359534,356903)
(TT358489)
Issue 1: OfficeScan Behavior Monitoring feature is unable to get the device type correctly when users
launch programs by running as administrators (using administrator privileges).
Solution 1: This hotfix updates the Behavior Monitoring Service module to resolve this issue.
(TT359534)
Issue 2: An initialized issue related to the OfficeScan Control Manager Agent service
("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution 2: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
(TT356903)
Issue 3: A signature verification issue related to the AEGIS module of the OfficeScan agent program may
cause certain operating systems to stop unexpectedly.
Solution 3: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(TT360032)
Enhancement 1: This hotfix enables the Data Loss Prevention (DLP)
Endpoint SDK 6.0 module starts to support the following Google Chrome versions:
- Google (TM) Chrome(TM) 55.0.2883.87
- Google (TM) Chrome(TM) 56.0.2924.87
(TT357707)
Enhancement 2: This hotfix enables the Address Space Layout Randomization (ASLR) of Data Loss
Prevention (DLP) Endpoint SDK 6.0 for DLL injection.
[Hotfix_6299] (TT-359331,359477,357853,360097,357054,359521,359522)
(TT359477)
Issue 1: The OfficeScan User Mode Hooking (UMH) function may cause the "mkdir.exe" program to stop
unexpectedly.
Solution 1: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(TT357853)
Issue 2: When the "Protect documents against unauthorized encryption or modification" feature of
Ransomware Protection is enabled, the OfficeScan agent may prevent a valid program from running if the
size of the program file is too large.
Solution 2: This hotfix updates the OfficeScan agent program to resolve this issue.
(TT360097)
Issue 3: The Server Tuner tool optimizes the performance of the OfficeScan server. However, its
Maximum Client Connections setting does not work.
Solution 3: This hotfix updates the OfficeScan server program to ensure that the tool's Maximum Client
Connections setting works normally.
(TT357054)
Issue 4: When there are hotfix updates, the OfficeScan server checks all client components and prompts all
clients with old hotfix versions to apply the updates including those where the No Program Upgrade option
is enabled. This triggers a large number of unnecessary client notifications.
Solution 4: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the
No Program Upgrade option is enabled in the client.
(TT359331)
Issue 5: The OfficeScan Behavior Monitoring program ("TMBMSRV.exe") crashes when the
"MeerkatSkipUNC" option is enabled.
Solution 5: This hotfix updates the OfficeScan Behavior Monitoring program to correct this issue.
(TT359521)
Issue 6: When users upload files from the SMB folder to the internal website and iDLP is enabled, the
upload may be interrupted intermittently.
Solution 6: This hotfix enables iDLP to check if a file is from SMB before it attempts to access the file
information. If the source file is an SMB file, iDLP will then Impersonate to download the file.
(TT357721)
Issue 7: The library license of the third-party application Dymola conflicts with DLP.
Solution 7: This hotfix adds "dymola.exe" and "license_check.exe" to the approved list to remove the
conflict.
(TT359522)
Issue 8: When OfficeScan parses the contents of a policy that it receives from Control Manager, some
space characters may be removed from the policy which changes certain settings when applied to
OfficeScan.
Solution 8: This hotfix ensures that OfficeScan can parse and apply Control Manager policies properly.
[Hotfix_6302] (SEG-1587,SEG-1781,SEG-2639,SEG-2727)
(JIRA1587)
Issue 1: The "Quarantine malware variants detected in memory" feature needs to be enabled before the
Memory Inspection Pattern (MIP) can be updated on OfficeScan agents.
Solution 1: This hotfix updates the OfficeScan agent program to resolve this issue.
(JIRA1781)
Issue 2: Sometimes, the value of the "SourceUUID" setting in the "Ofcserver.ini" file is overwritten which
prevents OfficeScan from updating the suspicious object list.
Solution 2: This hotfix ensures that the "SourceUUID" setting is not overwritten unexpectedly.
(JIRA2639)
Issue 3: Sometimes, OfficeScan does not create system dump files when an exception error occurs.
Solution 3: This hotfix ensures that OfficeScan catches exception system codes and creates the
corresponding system dump files when it encounters these codes.
[Hotfix_6306] (TT-359200,SEG-2785)
(TT359200)
Issue 1: The "TMBMSRV.exe" process stops responding when debug log is enabled.
Solution 1: This hotfix resolves the issue by ensuring that the debug log output function receives the
correct information.
(JIRA2785)
Issue 2: Blue screen of death (BSOD) occurs when the OfficeScan agent AEGIS module runs
simultaneously with an encryption software.
Solution 2: This hotfix enables the AEGIS module of OfficeScan agents to work normally with encryption
software.
[Hotfix_6308] (SEG-1474)
(JIRA1474)
Issue 1: The Agent Connectivity widget displays inaccurate total number of connected clients for each
Smart Protection Server information.
Solution 1: This hotfix updates the OfficeScan server program to ensure that the Agent Connectivity
widget displays accurate information.
[Hotfix_6310] (SEG-3508)
(JIRA3508)
Enhancement: The OfficeScan server automatically notifies an OfficeScan client to change its GUID after
it determines that there is a duplicate GUID. However, the OfficeScan server does not generate an event
log if it cannot notify the client for some reason. This hotfix provides a way for users to enable the
OfficeScan server if it cannot notify an OfficeScan client to change its GUID.
Procedure: To enable the OfficeScan server to generate an event log if it cannot notify an OfficeScan
client to change its GUID when it detects duplicate GUIDs:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation directory
using a text editor.
c. Under the "INI_SERVER_SECTION" section, locate the following key and set its value to "1".
[INI_SERVER_SECTION]
Event_Log_Flag=1
d. Save the changes and close the file.
e. Restart the OfficeScan Master Service.
[Hotfix_6313] (SEG-1442,SEG-2354,SEG-3487,SEG-3616,SEG-3016,SEG-3455)
(JIRA2354)
Issue 1: When users set the firewall exception rule to a single IP, the IP address does not appear on the
OfficeScan agent console.
Solution 1: This hotfix ensures that the IP address appears on the OfficeScan agent console.
(JIRA3487)
Issue 2: It takes a long time to export the scan exclusion list from the OfficeScan web console.
Solution 2: This hotfix improves the export function to enable OfficeScan to export the scan exclusion list
faster.
(JIRA1442)
Issue 3: A Microsoft Windows Security audit failure by "tmevtmgr.sys" appears in the Windows system
event log.
Solution 3: This hotfix resolves the issue by enabling the build option in the AEGIS driver to include a
"path hash".
(JIRA3616)
Issue 4: When an OfficeScan agent downloads a file that does not have a valid digital signature, the file
path information in the corresponding system event log will be truncated on the OfficeScan web console.
Solution 4: This hotfix ensures that system event logs display the complete file path information on the
OfficeScan web console.
[Hotfix_6314] (SEG-2660)
(JIRA1991, JIRA2660)
Issue: After users install hotfixes on OfficeScan 11.0 Service Pack 1 and activate the OfficeScan Firewall
on agents running Windows XP, the Firewall service encounters network access issues.
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: Restart the endpoint to update the Common Firewall module of OfficeScan agents.
[Hotfix_6315] (TT-350467)
Enhancement: This hotfix enables the Behavior Monitoring approved list to support the asterisk (*) and
question mark (?) wildcard characters in program path names and file names.
[Hotfix_6317] (SEG-3533,SEG-2809)
(JIRA3533, JIRA2785, JIRA3668)
Issue: Blue screen of death (BSOD) occurs when the OfficeScan agent AEGIS module runs
simultaneously with an encryption software.
Solution: This hotfix enables the AEGIS module of OfficeScan agents to work normally with encryption
software.
[CP_6325] (VRTS-283,VRTS-393,VRTS-615)
(VRTS-283)
Issue 1: When the Web Reputation Service (WRS) of the OfficeScan agent program blocks access to a
certain webpage, it displays the "Website blocked by Trend Micro OfficeScan" alert page instead. This
alert page may be affected by XSS vulnerabilities.
Solution 1: This critical patch updates the OfficeScan agent program to resolve the XSS vulnerabilities.
(VRTS-393)
Issue 2: Encrypted account passwords may leak out during web console operations. Unauthorized users
could use the leaked encrypted password to log on to the OfficeScan server console.
Solution 2: This critical patch ensures that encrypted passwords are secure during web console operations.
(VRTS-615)
Enhancement: This critical patch updates the OfficeScan agent program to improve its self-protection
mechanism to protect against a local attacker to inject malicious code.
[Hotfix_6325] (TT-359608,SEG-1715,SEG-2673,SEG-3289)
(JIRA1715)
Issue 1: It takes a long time for the Windows Disk Manager to start when OfficeScan's Ravage Scan
feature is enabled.
Solution 1: This hotfix enables users to configure the OfficeScan Ravage Scan feature to skip a specific
virtual hard disk to allow the Disk Manager to start normally.
Procedure: To enable the Ravage Scan feature to skip a specific virtual hard disk:
a. Install this hotfix (see "Installation").
b. Open the Registry Editor.
c. Add the following key:
Path:[HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥services¥tmactmon¥Parameters]
Type:dword
Key: SkipVirtualHarddisk
Data Value: 00000001
d. Restart the OfficeScan client computer.
(JIRA2673)
Issue 2: PccNT.exe stops unexpectedly because the following agent registry contains a value that is larger
than the maximum supported value.
Path: [HKEY_LOCAL_MACHINE¥SOFTWARE¥Wow6432Node¥
TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Misc.]
Type: dword:7fffffff
Key:TotalScanned
Solution 2: This hotfix updates the "fcWofieUI.dll" (for 32-bit) and "fcWofieUI_64x.dll" (for 64-bit)
OfficeScan agent files to solve this issue.
(TT359608)
Issue 3: Users cannot run a manual sync on the "Suspicious Object List Setting" page when the "Enable
Suspicious URL list" option is disabled.
Solution 3: This hotfix ensures that manual sync can complete successfully when the "Enable Suspicious
URL list" option is disabled.
(JIRA3289)
Issue 4: The error-handling mechanism of POP3 and SMTP scans may attempt to access tmp files which
can trigger the TmListen service to stop unexpectedly.
Solution 4: This hotfix resolves the issue by ensuring that the error-handling mechanism accesses only
valid local file paths.
[JP_Hotfix_6325.1] (SEG-2812)
(SEG-3487)
Issue: Garbled characters appear in POP3 email notification for malicious email message contents.
Solution: This hotfix resolves the issue by changing the text encoding format for POP3 email notifications
from West Europe to shift-JIS.
NOTE: This time registry deployment solution is not supported in offline OfficeScan agents.
[Hotfix_6331] (TT-358992,SEG-1891,SEG-4506,SEG-4537)
(TT358992)
Issue 1: Users cannot access the "Advanced Search" web page from the "Firewall Profile Settings" page of
the OfficeScan web console.
Solution 1: This hotfix updates the OfficeScan server program files to ensure that users can access the
"Advanced Search" web page from the "Firewall Profile Settings" page.
(JIRA1891)
Issue 2: The DLP module may not work normally while other programs are uploading files to the Internet.
Solution 2: This hotfix ensures that the DLP module works normally when other programs are to
uploading files to the Internet.
[Hotfix_6332] (TT-355401,356199,354983,356408,353933,355208)
Issue 1: AutoCAD(TM) closes unexpectedly after users enable the Trend Micro Data Loss
Prevention(TM) function on computers protected by OfficeScan Agent.
Solution 1: This hot fix adds AutoCAD into the approved list to ensure that it works normally on
computers protected OfficeScan Agent while the Data Loss Prevention function is enabled.
Issue 2: Boot2Docker does not launch on Windows 7/10 when users enable the Trend Micro Data Loss
Prevention(TM).
Solution 2: This hot fix ensures that Boot2Docker works normally on Windows 7/10 computers protected
OfficeScan Agent while the Data Loss Prevention function is enabled.
Issue 3: Users can delete files under USB storage devices that they only have READ permission to access.
Solution 3: This hotfix ensures that only users with the correct application permission can run applications
under USB storage devices.
[RU_Hotfix_6334] (SEG-1989,SEG-4705,SEG-4671)
Enhancement: This hotfix enables the Behavior Monitoring approved list to support the asterisk (*) and
question mark (?) wildcard characters in program path names and file names.
[Hotfix_6342] (SEG-3345,SEG-2468,SEG-3919,SEG-2232)
(JIRA3345)
Issue 1: The OfficeScan agent blocks a program that has been downloaded from an email message or
through HTTP even when the program is in the approved list.
Solution 1: This hotfix ensures that OfficeScan agents block the correct programs.
(JIRA2468)
Issue 2: The OfficeScan web console takes longer than usual to load because of a large number of
DB_FLUSH commands.
Solution 2: This hotfix minimizes the number of DB_FLUSH commandsto ensure that the OfficeScan web
console loads normally.
(JIRA3919)
Issue 3: When enabling the OfficeScan debug log, clicking on the "Save" button twice overwrites the
specified debug log path in the "ofcdebug.ini" file. When this happens, debug logs are saved in another
location.
Solution 3: This hotfix enables OfficeScan to always use the default log path if only the log name is set on
the web console.
(JIRA2232)
Issue 4: Duplicate DLP violation logs are generated when users attempt to print a PDF file that contains
sensitive information in Adobe(TM) Reader.
Solution 4: This hotfix applies the App White Cache mechanism according to process name to enable DLP
to treat multiple print operations from "AcroRd32.exe" that occur within a one second period as one event.
This helps prevent duplicate violation logs.
[Hotfix_6348] (SEG-3931,SEG-5361,SEG-563,SEG-3575)
(JIRA 3931)
Issue: When DLP detects that sensitive information was sent through an email message in "outlook.com",
the OfficeScan agent generates a blank "Activity/Channel" log.
Solution: This hotfix resolves this issue by updating the OfficeScan agent.
(JIRA 5361)
Enhancements: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 58.0.3029.81.
(JIRA 5633)
Enhancements: This hotfix provides a way to configure the AEGIS module in OfficeScan clients to skip
Virtual Disks during scans.
Procedure: To configure the AEGIS module to skip Virtual Disks during scans:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥"folder of the OfficeScan server.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SkipVirtualHarddisk=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and click "Agents > Global Agent Settings"
on the main menu to access the "Global Agent Settings" page.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to agents and adds the following registry entry
on all agent computers:
Path:
HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥services¥tmactmon¥Parameters
Key: SkipVirtualHarddisk
Type: dword
Value: 1
[Hotfix_6350] (SEG-5041,SEG-5993)
(JIRA 5041)
Issue: The operating system version of registered OfficeScan servers installed on Windows Server 2012
R2 appears as "6.2 (build 9200)" instead of "6.3 (build 9600)" on the Control Manager web console.
Solution: This hotfix resolves this issue by ensuring that OfficeScan servers installed on Windows Server
2012 R2 register to the Control Manager server using operating system version "6.3 (build 9600)".
[Hotfix_6351] (SEG-6181)
(JIRA 6181)
Issue: OfficeScan agents running Data Loss Prevention may experience a Blue Screen of Death (BSoD)
when accessing files in shared (SMB) folders.
Solution: This hotfix resolves the BSoD issue when accessing files in shared (SMB) folders.
[CP_6355CP_6367(L10n)] (SEG-6313)
(JIRA 6313)
Enhancement: This critical patch enables the OfficeScan agent program to support Windows 10 Creators
Update RS2.
(JIRA 7214)
Issue: A blue screen of death (BSOD) occurs when the Trend Micro Common Module (tmcomm.sys)
attempts to parse the service name list of a Windows kernel device in the device tree.
Solution: This hotfix updates the Trend Micro Common Module on OfficeScan agents to resolve this
issue.
[Hotfix_6369] (TT-360007,359870)
(SBM 360007)
Issue: The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has
the Symantec Data Loss Prevention application running.
Solution: This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation
feature does not conflict with the Symantec Data Loss Prevention application.
[Hotfix_6370(control release)] (SEG-1689)
(JIRA 1689)
Enhancements: This hotfix provides a way for users to configure OfficeScan agents to automatically
disconnect an established connection and to re-establish a connection when the OfficeScan server triggers
a network isolation function. Users can move OfficeScan agents to specific domains that are defined to
apply network isolation.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set values.
[Global Setting]
PFWPolicyWithConnectionReset=1
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
PFWPolicyWithConnectionResetDomainList=Domain_Name
For example: Workgroup, Domain1
Provide a domain name or domain list use for network isolation.
PFWPolicyWithConnectionResetDurationInSec=30
Value: 0 = Disable connection reset
30 = Rest connection in 30 seconds (default value)
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥Misc.
Key: PFWPolicyWithConnectionReset
Type: DWORD
Value: 0 = OfficeScan does not support network isolation
1 = OfficeScan supports network isolation
Key: PFWPolicyWithConnectionResetDomainList
Type: String
Value: Domain_name set by user
Example: Workgroup, Domain1
Key: PFWPolicyWithConnectionResetDurationInSec
Type: DWORD
Value: 0 = Disable connection reset
30 = Rest connection in 30 seconds
Note: Restart the endpoint to update the Common Firewall module of OfficeScan agents.
[Hotfix_6371] (SEG-4799)
(JIRA 4799)
Issue: The OfficeScan Behavior Monitoring feature may cause certain computers to lock up intermittently
when TMEAC is installed.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
[Hotfix_6373] (SEG-5477)
(JIRA 3443)
Issue: When the OfficeScan agent connects to SSL-VPN and the MAC address field is empty, the
OfficeScan agent will attempt to resolve the IP and MAC addresses repeatedly but the SSL-VPN IP
address still does not appear in the network cards list on the agent console.
Solution: This hotfix updates the OfficeScan agent program to prevent it from attempting to resolve the IP
and MAC addresses when the MAC address field is empty. It also helps ensure that the IP address appears
on the OfficeScan agent console.
(JIRA 5477)
Issue: The OfficeScan agent does not successfully upgrade even after applying new hotfix files.
Solution: This hotfix resolves the OfficeScan agent upgrade issue.
(JIRA 6873)
Issue: The administrator cannot register USB information that includes the pound sign (#) or "and" sign
(&) in the Data Loss Prevention (DLP) exception list.
Solution: This hotfix resolves this issue.
[Hotfix_6380] (VRTS-694)
(VRTS-693)
Issue: The OfficeScan ToolBox service is affected by the Windows unquoted service path vulnerability.
Solution: This hotfix reinstalls the service to remove the vulnerability.
[Hotfix_6383]
(TT-359895,SEG-3443,SEG-6323,SEG-6391,SEG-6528,SEG-6873,SEG-7273,SEG-8017,SEG-7944)
(TT359895)
Issue: The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings
contain non-ASCII characters.
Solution: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager
policies to ensure that the server can check the signature of these policies.
(JIRA 6323)
Issue: Enabling the NT RealTime Scan causes OfficeScan agents to freeze. This issue occurs because
OpenSSL uses the AES-NI instruction set, which is not supported by some CPU types.
Solution: This hotfix resolves this issue by updating the OpenSSL component.
(JIRA 6391)
Issue: The Microsoft(TM) Internet Explorer browser does not interpret double-byte strings correctly. Thus,
user accounts do not display correctly.
Solution: This hotfix adds a function to determine whether a string contains double-byte characters, which
resolves this issue.
(JIRA 6528)
Issue: The Trend Micro OfficeScan Agent Console ("Pccnt.exe") may stop unexpectedly if the
"Unauthorized Change Prevention Service" is enabled. When this happens, it will affect the performance
of the endpoint.
Solution: This hotfix updates the OfficeScan agent program to prevent "Pccnt.exe" from stopping
unexpectedly and ensures that the OfficeScan agent can work properly without affecting the performance
of the endpoint.
(JIRA 7273)
Issue: On computers running on the Microsoft(TM) Windows(TM) 10 platform, the Data Loss Prevention
(DLP) network filter driver is installed with the Transport Driver Interface (TDI) network filter driver.
Solution: This hotfix updates the operating system version determination mechanism to ensure that the
correct driver is installed. This hotfix also provides a Microsoft(TM) Windows Filtering Platform
(Windows) driver replacement mechanism that replaces the TDI driver with the correct driver.
[Hotfix_6390] (SEG-7214,SEG-2537,SEG-8323)
(JIRA 7214)
Issue: A blue screen of death (BSOD) occurs when the Trend Micro Common Module (tmcomm.sys)
attempts to parse the service name list of a Windows kernel device in the device tree.
Solution: This hotfix updates the Trend Micro Common Module on OfficeScan agents to resolve this
issue.
[CP_6392] (VRTS-337,VRTS-339,VRTS-972)
(VRTS-337, VRTS-339)
Issue: A Remote Code Execution (RCE) vulnerability on the OfficeScan server can allow attackers to
execute commands on the server using query string variable.
Solution: This hot fix resolves the RCE vulnerability.
(VRTS-972)
Issue: The 3rd party AmMap application has multiple cross-site scripting (XSS) vulnerabilities that allows
remote attackers to inject arbitrary web or HTML scripts.
Solution: This hot fix resolves the XSS vulnerability.
[Hotfix_6396]
(TT-354095,357507,355701,357054,358532,358603,SEG-2143,SEG-2745,SEG-7541,SEG-7585,SEG-642
1,SEG-8356,SEG-7747,SEG-9011)
(JIRA 7541)
Issue: OfficeScan agents installed on Windows 10 platforms may cause the endpoint to freeze or become
unresponsive when both Windows Defender and the OfficeScan agent are running at the same time.
Solution: This hotfix updates compatibility support to prevent the system from freezing when the
OfficeScan Agent loads.
(JIRA 7585)
Issue: The OfficeScan agent does not successfully update specific pattern files when the OfficeScan server
and client have different build versions.
Solution: This hotfix resolves the issue concerning OfficeScan agents not successfully updating specific
pattern files.
(JIRA 6421)
Issue: Windows Defender is not disabled automatically after the OfficeScan agent is installed on a
Windows 2016 server computer.
Solution: This hotfix ensures that Windows Defender is disabled automatically after the OfficeScan agent
is installed on a Windows 2016 server computer and the computer restarts.
(JIRA 8356)
Issue: The Virus Scan Engine (VSAPI) fails to roll back on a Microsoft(TM) Windows(TM) 10 platform.
Solution: This hotfix updates the OfficeScan agent program to ensure that VSAPI can roll back
successfully on a Windows 10 platform.
(JIRA 7747)
Issue: The OfficeScan Master Service stops unexpectedly while receiving a huge amount of policy
information from Control Manager which triggers OfficeScan to generate a large number of dump files
under the "PCCSRV¥Web¥Service" folder.
Solution: This hotfix enables the OfficeScan Master Service to handle a huge amount of policy
information from Control Manager.
(SBM 354095)
Issue: The firewall details page of the OfficeScan client console does not refresh automatically after the
security level setting changes.
Solution: This hotfix is to show a message to prompt to close all windows of the OfficeScan client console
and reopen the console in order to refresh the UI.
(SBM 357507)
Issue: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution: This hotfix enables OfficeScan to extend the cache time to 12 hours.
(SBM 355701)
Issue: An initialized issue related to the OfficeScan Control Manager Agent service ("OfcCMAgent.exe")
may cause the OfcCMAgent.exe to stop unexpectedly.
Solution: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
(SBM 357054)
Issue: When there are hotfix updates, the OfficeScan server checks all client components and prompts all
clients with old hotfix versions to apply the updates including those where the No Program Upgrade option
is enabled. This triggers a large number of unnecessary client notifications.
Solution: This hotfix ensures that the OfficeScan server does not notify a client of hotfix updates if the No
Program Upgrade option is enabled in the client.
(SBM 358532)
Issue: When an unreachable OfficeScan agent reports its onstart status to the OfficeScan server, the server
does not automatically set the updateflag for the agent. As a result, the agent will not receive updates until
after a file change event on the OfficeScan server.
Solution: This hotfix enables the OfficeScan server to set the updateflag of unreachable OfficeScan agents
automatically once it receive the onstart status of the agents.
(JIRA 2143)
Issue: Exported CSV files that contain agent information do not differentiate between Windows platforms
from Windows Embedded platforms.
Solution: This hotfix ensures that exported CSV files specifies if an agent runs on a Windows platform or
a Windows Embedded platform.
(JIRA 2745)
Issue: The Vulnerability Scanner may attempt to access an invalid file path which triggers blue screen of
death (BSOD) on computers running Microsoft Windows Vista(TM) or any version released after it, for
example, Windows Server 2008 and later versions.
Solution: This hotfix updates the Vulnerability Scanner to prevent it from attempting to access invalid file
paths.
(JIRA 9011)
Issue: Sometimes, the Behavior Monitoring Service module of OfficeScan 11.0 Service Pack 1 agents may
conflict with the Schwab application which can trigger the Schwab application to stop unexpectedly.
Solution: This hotfix updates the Behavior Monitoring Service module and provides a way for users to
configure OfficeScan to ensure that the Schwab application works properly.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation directory.
c. Under the "Global Setting" section, manually add the "SkipKernelExceptionEvent" key and set its value
to "1".
[Global Setting]
SkipKernelExceptionEvent=1
NOTE: To disable the feature, set "SkipKernelExceptionEvent=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to OfficeScan
agents and adds the following registry entries on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS
Key: SkipKernelExceptionEvent
Type: REG_DWORD
Value: 1
g. Restart the OfficeScan agents.
[Hotfix_6396 CP_6396(JP)] (TT-356627)
Enhancement: This hotfix provide assessment mode for ransomware. In assessment mode, OfficeScan
will not terminate the process and just log for it.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set values.
[Global Setting]
EnableADCAssessMode=1
Value: 0 = OfficeScan does not support ransomeware assessment mode
1 = OfficeScan supports ransomewareassessment mode
EnableADCAssessModeNotification=1
Value: 0 = does not have popup notification in system tray icon
1 = have popup notification in system tray icon
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥AEGIS
Key: EnableADCAssessMode
Type: DWORD
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
Key: EnableADCAssessModeNotification
Type: DWORD
Value: 0 = does not have popup notification in system tray icon
1 = have popup notification in system trayicon
[Hotfix_6404] (VRTS-392,SEG-9560)
(VRTS-392)
Issue: An issue related to the DLP file system driver may cause an RWX vulnerability in web browsers.
Solution: This hotfix updates DLP Endpoint SDK 6.0 to resolve the vulnerability.
(JIRA 9560)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
[Hotfix_6410] (SEG-10277,SEG-10228,VRTS-1012,VRTS-1022)
(VRTS-1012)
Issue: Remote unauthenticated attackers may be able to query NT domains through the OfficeScan XG
"cgiGetNTDomain.exe" process.
Solution: This removes the vulnerability.
(VRTS-1022)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run
"cgiRqUpd.exe" on the OfficeScan server and trigger "cgiRqUpd.exe" to stop unexpectedly. When this
happens, a large number of dump files are generated which can eventually take up a large portion of disk
space.
Solution: This hotfix resolves the vulnerability.
(JIRA 10228)
Issue: In Windows 2016 server, the Windows Defender service does not stop when the OfficeScan agent is
installed or when the latest hotfix is installed on the existing OfficeScan agent.
Solution: This hotfix ensures that the Windows Defender service stops automatically after the OfficeScan
client is installed or updated with the latest hotfix.
Note: You need to restart the computer after applying this hotfix.
[Hotfix_6415] (VRTS-1115,SEG-4529,SEG-8981)
(JIRA 8981)
Enhancement: This hotfix provides an option to enable OfficeScan agents to check the connection to the
Smart Protection Network regularly and to update the status icons on the web console accordingly.
Procedure: To enable the feature on the OfficeScan server and to automatically deploy the setting to all
OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Add the following key under the "Global Setting" section and set its value to "1".
[Global Setting]
ChkGlobalWCS=1
Note: To disable the connection checking, set "ChkGlobalWCS=0".
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan agent program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥iURL
Scan.
Key: ChkGlobalWCS
Type: REG_DWORD
Value: 1
[Hotfix_6421]
(SEG-1689,SEG-6917,SEG-7553,SEG-8988,SEG-10066,SEG-10688,SEG-10651,SEG-10953,SEG-11074
,SEG-11404,SEG-11344)
(JIRA 10688)
Issue: If you click on the "Update" button on the agent console while the TmListen service is stopped, the
page returns an "Component update is complete" message.
Solution: This hotfix enables OfficeScan to disable the "Update" button automatically when the
TmListener service stops and to display a tooltip when the mouse pointer hovers over the button.
(JIRA 10651)
Issue: If a newly-installed OfficeScan agent cannot connect to the OfficeScan server within a specific time
period, the agent cannot report that it is online and does not appear on the OfficeScan web console.
Solution: This hotfix provides a way for users to extend the connection time to prevent this issue from
occurring.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the following keys and set the preferred
value for each.
[Global Setting]
EnableCheckHostLoadHttpTimeoutSecond=1
NOTE: To disable the feature, set "EnableCheckHostLoadHttpTimeoutSecond=0".
LoadHttpTimeoutSecond=30
NOTE: You can set the timeout value to 30, 60, 90, or 180 seconds based on your needs.
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path:
for x64 platform
HKEY_LOCAL_MACHINE¥SOFTWARE¥Wow6432Node¥TrendMicro¥PC-cillinNTCorp¥Cu
rrentVersion
for x86 platform
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥
Key: EnableCheckHostLoadHttpTimeoutSecond
Type: REG_DWORD
Value: 1
Key: LoadHttpTimeoutSecond
Type: REG_DWORD
Value: 30
g. Restart the OfficeScan agents.
NOTE: If OfficeScan agents does not receive the setting from the OfficeScan server, please
consider updating OfficeScan agents using Client Packager Installation or the AutoPCC utility.
(JIRA 6917)
Issue: The following OfficeScan 11.0 Service Pack 1 hotfixes are affected by an issue related to the
OfficeScan Firewall module which may cause the Firewall service to encounter network access issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall module on
affected OfficeScan agents.
(JIRA 11074)
Issue: The Windows Security Center cannot recognize if the OfficeScan Antivirus is enabled when there is
no antispyware license.
Solution: This hotfix updates the OfficeScan agent program to help ensure that the Windows Security
Center can determine whether the OfficeScan Antivirus is enabled or not.
(JIRA 8988)
Issue: The OfficeScan Behavior Monitoring feature may prevent users from renaming folders on network
drives.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder in the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "SkipDfsClient" key and set its value to
"1".
[Global Setting]
SkipDfsClient=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to OfficeScan agents and adds the following
registry entry on all OfficeScan agent computers:
Path:
HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥services¥tmactmon¥Parameters
Key: SkipDfsClient
Type: DWORD
Value: 1
(JIRA 10066)
Issue: An issue related to the OfficeScan Behavior Monitoring feature may cause the memory usage to
increase unexpectedly on OfficeScan client computers.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
[CP_6426 CP_6442] (VRTS-986,VRTS-989,VRTS-1018,VRTS-1052)
(VRTS 986)
Issue: A vulnerability may allow a attacker to download the specific file from the OfficeScan server
through HTTP requests.
Solution: This Critical Patch resolves the vulnerability.
(VRTS 989)
Issue: A PHP file in OfficeScan 11 may be vulnerable to an MITM/RCE vulnerability.
Solution: This Critical Patch resolves the potential vulnerability.
(VRTS 1012)
Issue: An attacker may be able to query NT domains through the OfficeScan 11 process.
Solution: This removes the vulnerability.
(VRTS 1018)
Issue: A vulnerability may allow remote attackers to query PHP information while the specific php file
runs.
Solution: This Critical Patch secures the information in specific php file.
(VRTS 1022)
Issue: A vulnerability may allow a attacker to send CGI requests to run and stop the OfficeScan 11 process
unexpectedly.
Solution: This Critical Patch resolves the vulnerability.
(VRTS 1052)
Issue: A vulnerability may allow a attacker to stop the OfficeScan 11 process unexpectedly by forcing the
specific parameter to exceed that limit.
Solution: This Critical Patch resolves the vulnerability.
[Hotfix_6429] (SEG-7697,SEG-10748,SEG-10844,SEG-10980)
(JIRA 7697)
Issue: The Trend Micro iCRC Common Module cannot perform an SSL handshake with Smart Protection
Server on endpoints running Windows Server 2003 using TLS 1.2 after applying OpenSSL 1.0.2.
Solution: This hotfix updates the Trend Micro iCRC Common Module and provides a way for users to
enable the Trend Micro iCRC Common Module to communicate with Smart Protection Server using TLS
1.0.
Procedure: To apply and deploy the solution globally:
a. Open the "ICRCHdler.ini" file in the "¥PCCSRV¥Pccnt" folder on the OfficeScan server
installation directory.
b. Under the "Default" section, manually add the following key and set its value to "4".
[Default]
SSLVersion = 4
d. Save the changes and close the file.
e. Install this hotfix (see "Installation").
f. After upgrading the agent program, the OfficeScan server adds the following entries on all
OfficeScan agent computers:
Path: The OfficeScan agent installation directory.
File: ICRCHdler.ini
Key: SSLVersion = 4
(JIRA 10748)
Issue: The error message that appears when a user provides a user name or password with an invalid
character for proxy authentication does not accurately describe the issue.
Solution: This hotfix updates the error message to inform users that the provided proxy setting user name
or password contains an invalid character.
(JIRA 10844)
Issue: When configured, the OfficeScan Agent displays the following scan pop-up dialog box when users
connect to a removable storage device. "A USB storage device was plugged in to the computer. Do you
want Trend Micro OfficeScan to scan the device for security risks?"
Solution: This hotfix updates the scan pop-up dialog box to display the following message.
"A removable storage device was plugged in to the computer. Do you want Trend Micro
OfficeScan to scan the device for security risks?"
(JIRA 10980)
Issue: The account and password setting for the external proxy server do not support the hash special
character "#".
Solution: This hotfix resolves a broken jquery Ajax call to ensure that the account and password setting for
the external proxy server supports special characters.
[Hotfix_6434] (SEG-11628,SEG-12203)
(JIRA 11628)
Enhancement: The hotfix provides the implementation of BIN number's regular expression and validators.
(JIRA 12203)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to bypass iTunes blocking
and so that iPhone can still be charged while Device Control is enabled.
Procedure: To configure the new setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "¥PCCSRV¥Private¥" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set its value.
[Configure]
bypass_itunes_nonstor_usb_dc = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains or agents >
Settings > DLP settings".
f. Click "Save" to deploy the settings to agents. The OfficeScan server deploys the settings to OfficeScan
agents and adds the following key in the "dsa.pro" file in the "¥Windows¥System32¥dgagent¥" folder:
bypass_itunes_nonstor_usb_dc=true
[Hotfix_6439] (SEG-12179)
(JIRA 12179)
Issue: Tablets running Windows 10 (Redstone) may encounter a "Blue Screen of Death" (BSOD) when
trying to enter a sleep state.
Solution: This hotfix notifies the driver to stop sending event information after entering standby mode.
After the tablet comes out of standby mode, the driver starts sending event information again.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "10".
[Global Setting]
PowerMonitorTime=10
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entries on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS¥
Key: PowerMonitorTime
Type: DWORD
Value: 10 = Set PowerMonitorTime to 10 seconds, max 60 seconds
g. Restart the OfficeScan agents.
[Hotfix_6443] (SEG-13165,SEG-12586)
(JIRA 13165)
Issue: Scheduled scan is postponed because OfficeScan detects full screen mode even when there are no
windows in full screen mode.
Solution: This hotfix enables OfficeScan to ignore windows that do not have visible content during full
screen mode detection.
[Hotfix_6447] (SEG-8096,SEG-13656,SEG-12830,SEG-13700)
(JIRA 8096)
Issue: When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys
under the TmLwf registry key, which causes the software installation to fail.
Solution: This hotfix adds a key to disable the self-protection only function of the TmLwf registry key,
which resolves this issue.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SP_DisableTmLwfRegistryKeyProtection=1
Value: 1 = Disable TmLwf registry key self-protection only
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥AE
GIS
Key: SP_DisableTmLwfRegistryKeyProtection
Type: DWORD
Value: 1 = Disable TmLwf registry key self-protection only
g. Restart the OfficeScan agents
(JIRA 13656)
Issue: The file description field indicates the Common Client Real-time Scan Service ("Ntrtscan.exe") is
32-bit even when it is running on a 64-bit operating system.
Solution: This hotfix updates the OfficeScan agent program to ensure that the correct information appears
on the file description field.
(JIRA 12830)
Issue: A protected computer may stop responding or respond slowly while extracting the "AFUDOS.exe"
file from a ZIP file. Sometimes, the computer may also stop unexpectedly while the Behavior Monitoring
engine performs policy matching.
Solution: This hotfix removes the lock scope to prevent protected computers from stopping unexpectedly
and enables OfficeScan to use the try-catch method to capture an exception and help prevent a handle leak
issue.
(JIRA 13700)
Issue: The OfficeScan Behavior Monitoring feature may cause certain third-party programs that are in its
approved list to stop responding.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "AegisSkipNotificationEvent" key and
set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents
[CP_6448] (VRTS-1228)
(VRTS-1228)
Issue: Loading the UMH dynamic-link library (DLL) on other applications may make the applications
vulnerable to DLL hijacking attacks.
Solution: This Critical Patch resolves the vulnerability.
[Hotfix_6451] (SEG-14071)
(JIRA 14071)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 starts to support the following Google Chrome
versions:
- Google Chrome 61.0.3163.79
[Hotfix_6454] (SEG-14058)
(JIRA 14058)
Issue: Virus detection logs do not appear on the agent console if the name of the agent installation folder
contains multibyte characters.
Solution: This hotfix ensures that virus detection logs appear on OfficeScan agent console.
Issues resolved by hot fixes for OSCE XG
[CP_1315] (TT-356677)
Issue 1: In OfficeScan XG, users may observe that "OfcService.exe" crashes and OfficeScan agents keep
updating in some situations.
Solution 1: This critical patch replaces the OfficeScan server files to resolve the issue.
Issue 2: The OfficeScan XG server program and the OfficeScan agent Smart Scan common module uses
an OpenSSL version that is affected by certain vulnerabilities.
Solution 2: This critical patch resolves this issue by updating the OpenSSL component of the server
module and Smart Scan common module.
[CP_1352] (VRTS-283,VRTS-393,VRTS-615)
(VRTS-283)
Issue 1: When the Web Reputation Service (WRS) of the OfficeScan agent program blocks access to a
certain webpage, it displays the "Website blocked by Trend Micro OfficeScan" alert page instead. This
alert page may be affected by XSS vulnerabilities.
Solution 1: This critical patch updates the OfficeScan agent program to resolve the XSS vulnerabilities.
(VRTS-393)
Issue 2: Encrypted account passwords may leak out during web console operations. Unauthorized users
could use the leaked encrypted password to log on to the OfficeScan server console.
Solution 2: This critical patch ensures that encrypted passwords are secure during web console operations.
(VRTS-615)
Enhancement: This critical patch updates the OfficeScan agent program to improve its self-protection
mechanism to protect against a local attacker to inject malicious code.
[CP_1429] (VRTS-283,VRTS-393,VRTS-615)
Issue: When the Web Reputation Service (WRS) of the OfficeScan agent program blocks access to a
certain webpage, it displays the "Website blocked by Trend Micro OfficeScan" alert page instead. This
alert page may be affected by XSS vulnerabilities.
Solution: This hotfix updates the OfficeScan agent program to resolve the XSS vulnerabilities.
(VRTS-393)
Issue 2: Encrypted account passwords may leak out during web console operations. Unauthorized users
could use the leaked encrypted password to log on to the OfficeScan server console.
Solution 2: This critical patch ensures that encrypted passwords are secure during web console operations.
(VRTS-615)
Enhancement: This critical patch updates the OfficeScan agent program to improve its self-protection
mechanism to protect against a local attacker to inject malicious
[Hotfix_1253] (TT-355172)
Issue: The DLP module cannot block users from sending out email messages with illegal file attachments
through Webmail.
Solution: This hotfix updates the HTTPS parser to ensure that the DLP module can block users from
sending out email messages with illegal file attachments through Webmail.
[Hotfix_1254] (TT-355446)
Issue: The "Unmanaged Endpoints" page of the OfficeScan web console may not display the progress of
the agent installation task if a selected endpoint under the Active Directory (AD) contains an ampersand
character "&".
Solution: This hotfix ensures that the "Unmanaged Endpoints" page displays the progress of the agent
installation task.
[Hotfix_1255] (TT-355573)
Issue: The "Update Agent" drop down list in the "Add IP Range and Update Source" page displays only
one Update Agent even when multiple Update Agents are available. As a result, users cannot select any
other Update Agent.
Solution: This hotfix updates the OfficeScan server files to ensure that the "Update Agent" drop down list
displays all available Update Agents.
[Hotfix_1262] (TT-356409)
Issue: When the OfficeScan server receives a policy from a Control Manager 6.0 server and the policy
contains space characters, OfficeScan will not be able to apply the policy effectively.
Solution: This hotfix updates the OfficeScan server files to ensure that the OfficeScan server can parse
space characters in policies correctly and implement these policies successfully.
[Hotfix_1265] (TT-356681,356463)
Issue 1: The OfficeScan server console returns gateway errors when trying to export the agent list using
the following views:
- Anti-spyware View
- Data Protection View
- Firewall View
Solution 1: This hot fix updates the export function to properly retrieve the complete agent list inventory
for all views.
Issue 2: The OfficeScan Master Service suffers a crash after attempting to reuse freed memory.
Solution 2: This hot fix ensures that the OfficeScan Master Service release the memory after no other
procedures are referencing.
Issue 1: The OfficeScan server console returns gateway errors when trying to export the agent list using
the following views:
- Anti-spyware View
- Data Protection View
- Firewall View
Solution 1: This hot fix updates the export function to properly retrieve the complete agent list inventory
for all views.
Issue 2: The OfficeScan Master Service suffers a crash after attempting to reuse freed memory.
Solution 2: This hot fix ensures that the OfficeScan Master Service release the memory after no other
procedures are referencing.
[Hotfix_1265.1] (TT-356615,356820)
Enhancement: This hot fix updates the Data Loss Prevention Endpoint SDK 6.2 to support Google
Chrome version 54.0.2840.99.
[Hotfix_1267] (TT-357679)
Issue: The OfficeScan web console is affected by a remote file inclusion (RFI) vulnerability.
Solution: This hotfix updates the OfficeScan web console program to resolve the vulnerability.
[Hotfix_1269] (TT-356494,357105)
Enhancement: Trend Micro Predictive Machine Learning uses advanced machine learning technology to
correlate threat information and perform in-depth file analysis to detect emerging unknown security risks
through digital DNA fingerprinting, API mapping, and other file features.
This hot fix updates OfficeScan agent programs and the Contextual Intelligence Engine ("tmxfalcon.dll")
to provide more accurate and efficient functions in Trend Micro Predictive Machine Learning.
[Hotfix_1270.1] (TT-354880)
Issue: OfficeScan's DLP blocks the following software applications:
- Skype for Business (SFB) Cloud Storage Channel
- Office Telemetry
Solution: This hot fix updates the OfficeScan's iDLP module to resolve this issue.
[Hotfix_1277] (TT-357706,357326,354880,356820,357553)
Issue 1: Trend Micro Data Loss Prevention(TM) (DLP) module blocks Skype for Business unexpectedly
and caused a false alert on Cloud Storage channel.
Solution 1: This hotfix updates the HTTPS parser to ensure that the DLP module does not block
communication of Skype for Business.
Issue 2: The DLP cannot block the violative documents with a policy that only includes File Attribute.
Solution 2: This hotfix updates the matching result to ensure that the DLP module can block violative
documents.
[Hotfix_1289] (TT-357043,358146,357664,356522)
(TT357043)
Issue 1: After users upgrade OfficeScan agents to OfficeScan XG on a computer running on the 32-bit
version of Microsoft(TM) Windows(TM), OfficeScan agents may keep restarting hourly.
Solution 1: This hotfix resolves this issue by updating the OfficeScan server program to ensure that
OfficeScan agents upgrade to OfficeScan XG properly.
(TT358146)
Issue 2: If user set the default browser to Chrome and click on hyperlinks from other applications, the
Chrome page shows a "try to access to an unexpected site "--disable-quic"" message.
Solution 2: This hot fix ensures that the Chrome page will not access unexpected "--disable-quic" sites
when users click hyperlinks from other applications once they set Chrome as the default browser.
(TT357664)
Issue 3: In Microsoft(TM) Windows(TM) Vista/2008 or later clients,OfficeScan displays an incorrect
firewall driver version number. The correct version number is 5.83.1003, but the version number that
OfficeScan displays is 5.82.1089.
Solution 3: This hotfix ensures that the OfficeScan server references the "tmlwf.sys" and "tmwfp.sys" files
to determine the correct version number of the common firewall driver
(TT356522)
Enhancement: This hotfix enhances the sample submission process from the OfficeScan server to the
Deep Discovery Analyzer (DDAN) server through a proxy server. This hotfix also enhances the error
handling functions for sample submission analysis.
To configure for the proxy, please refer to following:
New keys:
--------------------------
UseProxy=1
ProxyServer=xxx.xxx.xxx.xxx
ProxyPort=xxxx
ProxyLogin=xxxx
ProxyPwd=xxxx
--------------------------
Add the new keys to the "Sample_Submission" section of
of the cDdaSvr.ini file as follows:
Sample_Submission]
OfcDdaServerRegistered=1
Server=xxx.xxx.xxx.xxx
APIKey=xxxxxxxx
UseProxy=1
ProxyServer=xxx.xxx.xxx.xxx
ProxyPort=xxxx
ProxyLogin=xxxxx
ProxyPwd=xxxxx
[Hotfix_1292] (TT-354631)
(TT354631)
Enhancement: This hotfix adds a way to configure OfficeScan clients to skip digital signature checking of
OfficeScan client program files while downloading hotfix files and reloading the scan engine.
Procedure: To prevent OfficeScan clients from checking the digital signature of program files while
downloading hotfix files and reloading the scan engine:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation
directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
DOVF=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent
Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥
PC-cillinNTCorp¥CurrentVersion¥Misc.
Key: DOVF
Value: 1
[Hotfix_1293] (TT-358410,358027)
Issue: The TmListen.exe service of the OfficeScan agent stops unexpectedly after the OfficeScan agent
encounters a certificate mismatch.
Solution: This hotfix enhances error-handling mechanism on the OfficeScan agent to prevent
TmListen.exe from stopping unexpectedly until the agent can handle the certificate mismatch event.
[Hotfix_1308_replaced_by_[CP_1315]
(TT-352397,358345,358044,358404,358940,358516,357444,358095)
(TT352397)
Issue 1: The "Last Spyware Detection(Real-time)" agent information column name shows as "Last
Spyware Scan(Real-time)" in the exported CSV file.
Solution 1: This hotfix updates the program and modifies the "Last Spyware Scan(Real-time)" column
name to "Last Spyware Detection(Real-time)" in the CSV file.
(TT358345)
Issue 2: SQL exceptions somehow continue to occur in the system event log and causes Internet
Information Services (IIS) to crash.
Solution 2: This hotfix updates the OfficeScan server files to ensure that the OfficeScan server and IIS
server works properly.
(TT358044)
Issue 3: The Microsoft(TM) Windows(TM) Event Log generates too many messages.
Solution 3: This hotfix enables OfficeScan to extend the cache time to 12 hours.
(TT358404)
Issue 4: On some OfficeScan agents managed by the Update Agent (UA), the OfficeScan agent icon on the
Microsoft(TM) Windows(TM) task bar may be shaded red and blue repeatedly and shows a "Protection at
Risk" message. This issue occurs since the Real-time Scan service is not functional.
Solution 4: This hotfix updates the OfficeScan server and agent programs to ensure that the OfficeScan
agents managed by the Update Agent can work normally without errors.
(TT358940)
Issue 5: Compatibility issues occur between the third-party OpenSSL libraries used in the new types of
processors (for example, the Apollo Lake Intel(TM) Pentium(R) processor).
Solution 5: This hotfix replaces the OfficeScan server files to resolve this issue.
(TT358516)
Issue 6: A performance enhancement introduced a negative side effect that causes a memory leak on
"NTRtScan.exe".
Solution 6: This hotfix disables the performance enhancement to resolve this issue.
(TT358095)
Issue 7: DLP does not block the drag-and-drop of files from current Webmail sites (such as
"Outlook.office.com" or "Outlook.live.com) when users use Google Chrome to access these Webmail sites.
Solution 7: This hotfix ensures that OfficeScan does not leak sensitive information when users use Google
Chrome to access these Webmail sites.
(TT357444)
Enhancement: This hotfix enables users to generate the Secure Sockets Layer (SSL) certificate with
SHA-256 signature algorithm and 2048-bit public key for the OfficeScan web site, which is installed on
Microsoft(TM) Internet Information Services (IIS) through the "SvrSvcSetup.exe" tool.
Procedure: To generate the SSL certificate with SHA-256 signature algorithm and 2048-bit public key,
and manually renew the IIS SSL certificate:
a. Install this hot fix (see "Installation").
b. Log on as administrator, open a command prompt, and navigate to the "¥PCCSRV¥" directory.
c. Run the following command: SvrSvcSetup.exe -GenIISCert
A new SSL certificate is generated and is automatically added to the IIS SSL certificate store.
d. Open the IIS Manager console (inetmgr.exe).
e. Right-click the OfficeScan web site, and then click "Edit Bindings...".
f. When the "Site Bindings" window opens, select "https type" and click "Edit...".
g. Select the newly-created SSL certificate and click "OK".
Note: Click the "View..." option to view the SHA256 signature algorithm and 2048-bit public key.
h. Click "Close".
[Hotfix_1314_replaced_by_[CP_1315] (TT-357421,358192,359293)
(TT357421)
Issue 1: The OfficeScan NT Real-time Scan service ("Ntrtscan.exe") may stop unexpectedly on endpoints
running Microsoft(TM) Windows(TM) Embedded 7.
Solution 1: This hotfix updates the OfficeScan agent program to resolve this issue on affected endpoints.
(TT358192)
Issue 2: The "Unmanaged Endpoints of Schedule Assessment" report displays many OfficeScan agents as
"Managed by another OfficeScan server" even though the endpoints are managed by the OfficeScan server.
Solution 2: This hotfix resolves the issue by changing the checking mechanism on the OfficeScan server to
be case insensitive.
(TT359293)
Issue 3: The virus outbreak notifications only display a single entry.
Solution 3: This hotfix replaces the OfficeScan server files to resolve this issue.
[Hotfix_1318] (TT-359826)
Issue: The OfficeScan XG Behavior Monitoring feature blocks a valid program.
Solution: This hotfix updates the OfficeScan Behavior Monitoring Local Pattern to solve the issue.
[Hotfix_1321] (TT-359260,359630,358898,360065,359660,SEG-1194)
(SEG-1194)
Issue 1: An OfficeScan agent that cannot connect to the OfficeScan server during startup will not be able
to trigger scheduled updates.
Solution 1: This hot fix updates the OfficeScan XG server and agent files to ensure that agents can still
trigger scheduled updates when these agents cannot connect to OfficeScan server during startup.
(TT359260)
Issue 2: The OfficeScan NT Real-time Scan service may cause the Microsoft(TM) Windows(TM) system
to hang.
Solution 2: This hotfix updates the Behavior Monitoring Core Service programs of the OfficeScan agent to
resolve this issue.
(TT359630)
Issue 3: Microsoft(TM) Outlook takes some time to load whenever DLP is enabled.
Solution 3: This hotfix resolves the issue wherein Microsoft Outlook takes too long to launch by updating
the "sakfile.sys" file of DLP by adding "Outlook.exe" onto the exception list.
(TT358898, TT360065)
Enhancement 1: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 starts to support the
following Google Chrome versions:
- Google Chrome(TM) 55.0.2883.87
- Google Chrome(TM) 56.0.2924.87
(TT359660)
Enhancement 2: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to support Microsoft
OneNote 2016 with *.one file type.
[Hotfix_1322] (TT-359257,359636,359535)
(TT359535)
Issue 1: An initialized issue related to the OfficeScan Control Manager Agent service
("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution 1: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
(TT359636)
Issue 2: When users export the settings from a root domain to a subdomain, the subdomain does not inherit
the sample submission settings.
Solution 2: This hotfix ensures that the OfficeScan server sets the flag to "ofcscan.ini" when exporting
settings so that the subdomain inherits all the settings from the root domain.
(TT359257)
Issue 3: Microsoft(TM) Skype for Business hangs when the OfficeScan agent is running.
Solution 3: This hotfix updates the OfficeScan agent module files inside the Common Client Solution
Framework (CCSF) to prevent third-party software from hanging.
(TT359535)
Issue 1: An initialized issue related to the OfficeScan Control Manager Agent service
("OfcCMAgent.exe") may cause the OfcCMAgent.exe to stop unexpectedly.
Solution 1: This hotfix updates the OfficeScan Control Manager Agent program to prevent from this issue.
(TT359636)
Issue 2: When users export the settings from a root domain to a subdomain, the subdomain does not inherit
the sample submission settings.
Solution 2: This hotfix ensures that the OfficeScan server sets the flag to "ofcscan.ini" when exporting
settings so that the subdomain inherits all the settings from the root domain.
(TT359257)
Issue 3: Microsoft(TM) Skype for Business hangs when the OfficeScan agent is running.
Solution 3: This hotfix updates the OfficeScan agent module files inside the Common Client Solution
Framework (CCSF) to prevent third-party software from hanging.
[Hotfix_1325] (TT-356626)
Enhancement: This hotfix updates the OfficeScan Data Loss Prevention(TM) (DLP) module to enable its
Device Control feature to work on portable devices with read-only permission.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
InstallDLPWpdDriver=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro PC-cillinNTCorp¥CurrentVersion¥DlpLite
Key: InstallDLPWpdDriver
Type: DWORD
Value: 0 = Device Control does not work on portable devices with read-only permission
1 = Device Control works on portable devices with read-only permission
[Hotfix_1331] (TT-359497,SEG-1927,SEG-1362,SEG-1365)
(SEG-1927)
Issue 1: OfficeScan leaks encrypted account passwords during web console operations. Unauthorized
users could use the leaked encrypted password to log on to the OfficeScan server console.
Solution 1: This hotfix ensures that OfficeScan does not leak encrypted passwords.
(TT359497)
Issue 2: Certain processes running on the email channel may trigger policies in other channels.
~
Solution 2: This hotfix updates OfficeScan's rule matching method to ensure that processes will trigger
only the policies for the current channel.
(SEG-1362, SEG-1365)
Issue 3: The Integrated Smart Protection Server and the standalone Smart Protection Server cannot parse
the information in the "User Agent" header because it is in the wrong format.
Solution 3: This hotfix ensures that the iCRC common module adds information into the "User Agent"
header in the correct format.
[Hotfix_1334] (SEG-2329,SEG-2473,SEG-1175)
(SEG-2329)
Issue 1: The OfficeScan agent installs an unnecessary certificate "ofcsslagent" on the agent computer.
Solution 1: This hotfix removes the "ofcsslagent" certificate and ensures that the OfficeScan agent no
longer installs this to agent computers.
(SEG-2473)
Issue 2: The OfficeScan NT Firewall service still appears on the Windows Action Center console after the
OfficeScan agent is uninstalled from the computer.
Solution 2: This hotfix updates the OfficeScan agent programs to successfully unregister its Firewall
service from the Windows Action Center console.
(SEG-2160)
Issue 3: The maximum size for a single file to upload is 5 MB but the OfficeScan client still attempts to
upload files that are larger than 5 MB to the server. This causes heavy traffic on the server.
Solution 3: This hotfix syncs the 5 MB limit to OfficeScan clients to ensure that the clients do not attempt
to upload larger files to the OfficeScan server.
(SEG-1175)
Enhancement: This hotfix allows users to disable the email multi-part scan mode in the DLP function of
OfficeScan agents.
Procedure: To disable the email multi part scan mode in the DLP function and globally deploy this setting
to all OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan server.
c. Under the "Global Setting" section, manually add the following key and set its value to "0".
[Global Setting]
EnableDlpMPScan=0
NOTE: To enable the setting again, set "EnableDlpMPScan=1".
d. Save the changes and close the file.
e. Open the OfficeScan server management console and click "Agents > Global Agent Settings" on the
main menu to access the "Global Agent Settings" page.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to agents and adds the following registry entry on all agent
computers:
Path: HKLM¥SYSTEM¥SOFTWARE¥Wow6432Node¥TrendMicro¥
PC-cillinNTCorp¥CurrentVersion¥DlpLite
Key: EnableMPScan
Type: dword
Value: 0
[Hotfix_1340] (SEG-2701,SEG-1640,SEG-3355,SEG-1184,SEG-3016)
(SEG-2701)
Issue: Users cannot remove items from the "Favorites" menu on the OfficeScan web console.
Solution: This hotfix updates the OfficeScan files to enable users to delete items from the "Favorites"
menu.
(SEG-1640)
Issue: The DLP version appears as 0.0.0 on both the management console and agent console.
Solution: This hotfix ensures that the correct DLP version appears on both the management console and
agent console.
(SEG-3355)
Issue: OfficeScan agents report their antivirus status information to the Microsoft(TM) Windows(TM)
Security Center (WSC) when the system starts. However, after the system restarts, WSC displays that the
OfficeScan antivirus reports are turned off.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
(SEG-1184)
Issue: Certain processes running on the email channel may trigger policies in other channels.
Solution: This hotfix updates OfficeScan's rule matching method to ensure that processes will trigger only
the policies for the current channel.
(SEG-3016)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 starts to support the
following Google Chrome versions:
- Google Chrome(TM) 57.0.2987.98
- Google Chrome(TM) 57.0.2987.110
[Hotfix_1341] (SEG-2319)
Issue: The Avaya Scopia log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution: This hotfix enables users to disable the self-protection feature of the AEGIS module for Avaya
Scopia to prevent the incompatibility issue and ensure that Avaya Scopia can run normally on protected
computers.
Procedure: To disable the self-protection feature of the AEGIS module in affected computers:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
SkipDuplicateSameAccess=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
PATH: HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥Services¥tmactmon¥Parameters
KEY: SkipDuplicateSameAccess
TYPE: dword
VALUE: 1, disables the self-protection feature 0, enables the self-protection feature
[Hotfix_1343] (SEG-2354,SEG-2420,SEG-3372,SEG-3237)
(SEG-2354)
Issue 1: When users set the firewall exception rule to a single IP, the IP address does not appear on the
OfficeScan agent console.
Solution 1: This hotfix ensures that the IP address appears on the OfficeScan agent console.
(SEG-2420)
Issue 2: The suspicious object URL detection function does not work when the OfficeScan agent is offline.
Solution 2: This hotfix enables the suspicious object URL detection function to work when the OfficeScan
agent is offline.
(SEG-3372)
Issue 3: Sensitive information detected in email messages in "outlook.com" and "outlook.office.com" are
displayed in the logs as HTTP channels and not as webmail channels.
Solution 3: This hotfix updates the DLP module to make sure OfficeScan assigns the correct channels in
the logs.
(SEG-3237)
Issue 4: An issue prevents OfficeScan agents from blocking webmail attachments that contain sensitive
information in "outlook.com".
Solution 4: This hotfix updates the DLP module to make sure the OfficeScan agent can block webmail
attachments in "outlook.com".
[Hotfix_1346] (SEG-2594,SEG-3749,SEG-3160)
(SEG-2594)
Issue 1: The OfficeScan Behavior Monitoring feature may cause certain operating systems to stop
unexpectedly when users launch an Intel driver packed as a self-extracting RAR file.
Solution 1: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(SEG-3160)
Issue 2: When users click the "Specify Domain Credentials" button on the OfficeScan XG web console,
account information of the Active Directory Integration account cannot be saved Properly.
Solution 2: This hotfix updates the OfficeScan server program to prevent it from this issue.
[Hotfix_1347] (SEG-3734)
(SEG-3734)
Issue: This issue occurs because the Web Reputation Services is disabled, OfficeScan agents still search
for available Smart Protection Servers (SPS) to send Web Reputation queries to which can keep the
network busy.
Solution: This hot fix adds an option to prevent OfficeScan agents from searching for Local Web
Classification Servers (LWCS) when the WRS is disabled.
Procedure: To enable this option:
a. Install this hot fix (see "Installation").
b. Open the "Ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Add the following key under the "ICRC_SCAN_INI_SECTION" section and set its value to "0".
[ICRC_SCAN_INI_SECTION]
WCSServiceSearchIfDisabled=0
d. Open the OfficeScan web console and go to the "Networked Computers > Global Client Settings"
screen.
e. Click "Save" to deploy the setting to clients. The OfficeScan client program automatically installs
the following registry key:
Path:
HKLM¥SOFTWARE¥TrendMicro¥Pc-cillinNTCorp¥CurrentVersion¥
iURL Scan¥
Key: ServiceSearchIfDisabled
Value: 0
[Hotfix_1349] (TT-360059,SEG-3093,SEG-4276)
(SEG-4276)
Issue 1: OfficeScan agents keep on upgrading when the "PostponedInst" folder contains a file with a lower
version even when the timestamp on the file is current.
Solution 1: This hotfix resolves the issue by adding more checking mechanisms on OfficeScan agents.
(SEG-3093)
Issue 2: The integrated DLP API hook does not work on Windows 10 RedStone 2 (RS2) RTM build
(15063).
Solution 2: This hotfix resolves this issue.
(TT360059)
Issue 3: The FortiClient VPN program may encounter connection issues on computers protected by
OfficeScan XG.
Solution 3: This hotfix resolves a compatibility issue between FortiClient VPN and the DLP module.
[Hotfix_1354] (SEG-1256,SEG-3260,SEG-4711)
(SEG-1256)
Issue 1: The OfficeScan Behavior Monitoring feature may cause certain computers to lock up
intermittently.
Solution 1: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(SEG-3260)
Issue 2: The OfficeScan Behavior Monitoring feature may block Adobe Acrobat Reader intermittently.
Solution 2: This hotfix updates the Behavior Monitoring UMH addon module to resolve the issue.
(SEG-4711)
Issue 3: The OfficeScan server cannot check the signature on a Control Manager policy if the policy
settings contain non-ASCII characters.
~
Solution 3: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager
policies to ensure that the server can check the signature of these policies.
[Hotfix_1355] (SEG-4824,SEG-3830)
(SEG-3830)
Issue 1: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access
a specific website.
Solution 1: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(SEG-4824)
Issue 2: DLP generates duplicate violation event logs when users send an email message using Outlook.
Solution 2: This hotfix enables the DLP multipart feature in Outlook to prevent duplicate violation event
logs when users send email messages in Outlook.
[Hotfix_1358] (SEG-4985)
(SEG-4985)
Issue: This hotfix aim at resolving the application failure due to Personal Firewall of Trend. The failure is
about executable image hashing take too much time and cause a timeout on application connection to its
server.
Solution: This hot fix updates the Network Security Components to ensure that Trend Micro's firewall will
asynchronously compute the hash value of the executable image that initiated a connection. While the
firewall computes the hash, all rules of the Application Filter will be unavailable until the hash value is
computed, preventing the system from blocking the application from its connection.
[Hotfix_1359] (SEG-5670)
(JIRA 4008)
Issue: The information in the "Message" field in Administrator Notifications cannot be saved successfully
if the field contains a tab delimiter.
Solution: This hotfix updates the OfficeScan server files to ensure that the information can be saved
successfully.
[Hotfix_1368]
(TT-359239,SEG-1266,SEG-2425,SEG-4948,SEG-4800,SEG-6057,SEG-5807,SEG-3749,SEG-4620,SEG
-5561)
(TT359239)
Issue: The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has
the Symantec Data Loss Prevention application running.
Solution: This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation
feature does not conflict with the Symantec Data Loss Prevention application.
(JIRA 1266)
Issue: The UMH driver may block a certain application from running from a UNC path when the "Enable
program inspection to detect and blocked compromised executable files" option is enabled.
Solution: This hotfix updates the UMH driver to ensure that the application can run from a UNC path
while the "Enable program inspection to detect and blocked compromised executable files" option is
enabled.
(JIRA 2425)
Issue: It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution: This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
(JIRA 4948)
Issue: The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution: This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an
SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then
Impersonates to facilitate the download.
(JIRA 4800)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
(JIRA 5807)
Issue: The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device.
- Seagate(R) Backup+ Hub BK SCSI Disk Device.
- Seagate BUP BL SCSI Disk Device.
Solution: This hotfix resolves this tool issue.
(JIRA 3749)
Issue: The TmListen.exe service of the OfficeScan agent stops unexpectedly when Web Reputation
Service is running.
Solution: This hotfix updates the OfficeScan agent programs to prevent TmListen.exe from stopping
unexpectedly.
(JIRA 4620)
Issue: The agent grouping status switches off unexpectedly after AD synchronization.
Solution: This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains
the same after AD synchronization.
(JIRA 5561)
Issue: The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution: This hotfix ensures that the TmListen service checks the "[Hotfix_history.ini" file and updates
the build number during start up.
[Hotfix_1371] (SEG-2791,SEG-5527,SEG-6408,SEG-5843)
(JIRA 5527)
Issue: On computers running on the Microsoft(TM) Windows(TM) 10 platform, the DLP network filter
driver is installed with the TDI network filter driver.
Solution: This hotfix updates the operating system version determination mechanism to ensure that the
correct driver is installed. This hotfix also provides a WFP driver replacement mechanism that replaces the
TDI driver with the correct driver.
(JIRA 6408)
Issue: The DLP module may not work normally while other programs are uploading files to the Internet.
Solution: This hotfix ensures that the DLP module works normally when other programs are to uploading
files to the Internet.
(JIRA 5843)
Issue: When the DLP multipart scan feature is enabled, all violations triggered in Microsoft Outlook for
different users appear under the first login user.
Solution: This hotfix enables the DLP module to check the process owner according to process ID before
scanning to ensure that each violation appears under the correct user account.
(JIRA 2791)
Issue: BSOD occurs when the "Suspicious Connection Settings" are enabled.
Solution: This hotfix updates the Network Content Inspection Engine to prevent the BSOD issue.
[Hotfix_1376] (SEG-3077,SEG-7326,SEG-5414,SEG-7410)
(JIRA 3077)
Issue: The "Suspicious Object List Setting page" has a wording error.
Solution: This hotfix corrects the wording of the "Suspicious Object List Setting" page.
(JIRA 7326)
Issue: When using the Microsoft(TM) SQL database, OfficeScan may receive ADO exception errors
caused by a NULL value passing onto a stored procedure.
Solution: This hotfix updates the OfficeScan file to prevent this issue from occurring.
(JIRA 5414)
Issue: Microsoft(TM) Internet Explorer stops responding when it transfers files using Microsoft(TM)
SharePoint.
Solution: This hotfix resolves this issue.
(JIRA 7410)
Issue: When Data Loss Prevention (DLP) detects that sensitive information was sent through an email
message, the OfficeScan agent generates a blank "Activity/Channel" log.
Solution: This hotfix resolves this issue.
[Hotfix_1378] (VRTS-694)
(VRTS 694)
Issue: The OfficeScan ToolBox service and "TMSmartRelayService" are affected by the Windows
unquoted service path vulnerability.
Solution: This hotfix reinstalls the services to remove the vulnerability.
[Hotfix_1380] (SEG-7412,SEG-7327,SEG-7223)
(JIRA 7412)
Issue: Multiple Data Loss Prevention (DLP) violation events appear after the first user justification
window. This issue occurs when users send sensitive content using Microsoft(TM) Outlook.
Solution: This hotfix resolves this issue by refining the timestamp recording mechanism of the sent email
item. After applying this hotfix, the system only records the timestamp after it returns the user justification
action to filter out the incorrect triggered email event caused by Microsoft Outlook.
(JIRA 7327)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 to support Google(TM)
Chrome version 59.0.3071.86
(JIRA 7223)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to bypass iTunes blocking
and so that iPhone can still be charged while Device Control is enabled.
To configure the new setting for DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "¥PCCSRV¥Private¥" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set
its value.
[Configure]
bypass_itunes_nonstor_usb_dc = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains
or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents.
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in
the "dsa.pro" file in the "¥Windows¥System32¥dgagent¥" folder:
bypass_itunes_nonstor_usb_dc=true
[Hotfix_1382] (SEG-4973)
(JIRA 4973)
Enhancement: This hot fix provides additional details in the Component Update Details log files. It
includes the following information:
- Domain Hierarchy of endpoint
- IP Address of endpoint
[Hotfix_1386] (SEG-5899)
(JIRA 5899)
Issue: The OfficeScan Knowledge Base (KB) article 1105079 does not work successfully under certain
situations.
Solution: This hotfix updates the certificate handling process for both Trend Micro Smart Scan Server
service and Trend Micro Smart Protection Query Handler service, which resolves this issue.
[Hotfix_1389] (SEG-7202)
(JIRA 7202)
Issue: The following error message appears when the OfficeScan installer attempts to connect to the SQL
Server: "Unable to connect to SQL server"
Solution: This hotfix resolves the issue by enabling InstallShield to use the SERVERPROPERTY
metadata function.
(JIRA 6515)
Issue: Users are redirected to the US version of the Threat Encyclopedia instead of to the specific spyware
log information after clicking the link to a spyware log in the OfficeScan web console.
Solution: This hotfix updates the OfficeScan server file to ensure that the users are redirected to the
correct spyware encyclopedia page after clicking the link on a spyware log.
[Hotfix_1393] (SEG-7967,SEG-9014)
(JIRA 7967)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after
enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This hotfix changes to add some sharing mode for the file open.
(JIRA 9014)
Issue: An issue related to the OfficeScan UMH driver triggers BSOD.
Solution: This hotfix updates the UMH driver to resolve the issue.
(JIRA 9203)
Issue: When the OfficeScan agent connects to SSL-VPN and the MAC address field is empty, the
OfficeScan agent will attempt to resolve the IP and MAC addresses repeatedly but the SSL-VPN IP
address still does not appear in the network cards list on the agent console.
Solution: This hotfix updates the OfficeScan agent program to prevent it from attempting to resolve the IP
and MAC addresses when the MAC address field is empty. It also helps ensure that the IP address appears
on the OfficeScan agent console.
[Hotfix_1396] (SEG-9985,SEG-6282)
(JIRA 9985)
Issue: An issue related to the DLP file system driver may cause an RWX vulnerability in web browsers.
Solution: This hotfix updates DLP Endpoint SDK 6.0 to resolve the vulnerability.
[Hotfix_1399] (SEG-7413)
(JIRA 7413)
Issue: The DLP violation statistics may not be accurate when multiple logged in users send email
messages simultaneously.
Solution: This hotfix helps ensure that the DLP violation statistics are accurate by enabling the DLP
module to differentiate email messages from different users based on sprocess IDs.
[Hotfix_1402] (TT-352886,350067,353933,355208,SEG-9974,SEG-2232,SEG-6031)
(JIRA 9974)
Issue: When the "Send mail" button is clicked twice within five seconds, iDLP blocks sensitive
information but still sends the email message out.
Solution: This hotfix updates the iDLP module to ensure that it blocks sensitive information and prevents
the email message from being sent out.
(TT352886)
Issue: The DLP data identifiers expression "UK - RD&E Hospital Number" algorithm may trigger some
false alarms.
Solution: This hotfix updates the "UK - RD&E Hospital Number" algorithm to help avoid false alarms.
(TT350067)
Issue: A protected computer may stop responding when users copy and paste the contents of a cell to
another cell in Microsoft(TM) Excel(TM).
Solution: This hotfix ensures that users can copy and paste the contents of a cell to another cell in Excel
normally on protected computers.
(TT353933)
Issue: Users can delete files from USB storage devices that they only have READ permission to access.
Solution: This hotfix ensures that only users with the correct application permission can run applications
in USB storage devices.
(TT355208)
Issue: Boot2Docker does not launch on versions 7 and 10 of Microsoft Windows(TM) 710 when DLP is
enabled.
Solution: This hotfix ensures that Boot2Docker works normally on Windows 7 and 10 computers
protected by the OfficeScan Agent when DLP is enabled.
(JIRA 2232)
Issue: Duplicate DLP violation logs are generated when users attempt to print a PDF file that contains
sensitive information in Adobe(TM) Reader.
Solution: This hotfix applies the App White Cache mechanism according to process name to enable DLP
to treat multiple print operations from "AcroRd32.exe" that occur within a one second period as one event.
This helps prevent duplicate violation logs.
(JIRA 6031)
Issue: The DLP module causes high CPU when Microsoft Visual Studio is running.
Solution: The hotfix resolves the high CPU usage issue of the DLP service due to the redundant scan of
network events triggered by Microsoft Visual Studio, IncrediBuild and the Microsoft build.
JP_[Hotfix_1412] (SEG-1362,SEG-1365)
Issue: The Local Server cannot parse the information in the "User Agent" header because it is in the wrong
format.
Solution: This hotfix ensures that the iCRC common module adds information into the "User Agent"
header in the correct format.
JP_[Hotfix_1415] (SEG-2173,SEG-2473)
Issue: An error appears on the OfficeScan web console after users click on the number of ransomware
detected link on the Ransomware widget.
Solution: This hotfix updates the OfficeScan program files so that users can view the number of detected
ransomware after clicking on the link on the Ransomware widget.
JP_[Hotfix_1417] (SEG-2160)
Issue: The maximum size for a single file to upload is 5 MB but the OfficeScan client still attempts to
upload files that are larger than 5 MB to the server. This causes heavy traffic on the server.
Solution: This hotfix syncs the 5 MB limit to OfficeScan clients to ensure that the clients do not attempt to
upload larger files to the OfficeScan server.
DE_[Hotfix_1420] (SEG-2766,SEG-2701)
(SEG-2766)
Issue 1: The OfficeScan NT Real-time Scan service may cause the Microsoft(TM) Windows(TM) system
to hang.
Solution 1: This hotfix updates the Behavior Monitoring Core Service programs of the OfficeScan agent
to resolve this issue.
JP_[Hotfix_1422] (SEG-2319)
Issue: The Avaya Scopia log in page stops responding when the AEGIS module does not receive a
response from it within a specific time period.
Solution: This hotfix enables users to disable the self-protection feature of the AEGIS module for Avaya
Scopia to prevent the incompatibility issue and ensure that Avaya Scopia can run normally on protected
computers.
Procedure: To disable the self-protection feature of the AEGIS module in affected computers:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan installation directory.
c. Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
SkipDuplicateSameAccess=1
d. Save the changes and close the file.
e. Open the OfficeScan server management console and go to "Agents > Global Agent Settings".
f. Click "Save" to deploy the setting to all clients.
g. Restart the OfficeScan client.
The OfficeScan client program automatically installs the following registry key:
PATH: HKEY_LOCAL_MACHINE¥SYSTEM¥CurrentControlSet¥Services¥tmactmon¥Parameters
KEY: SkipDuplicateSameAccess
TYPE: dword
VALUE: 1, disables the self-protection feature 0, enables the self-protection feature
DE_[Hotfix_1423] (SEG-3227,SEG-3119)
(SEG-3227)
Issue: OfficeScan agents report their antivirus status information to the Microsoft(TM) Windows(TM)
Security Center (WSC) when the system starts. However, after the system restarts, WSC displays that the
OfficeScan antivirus reports are turned off.
Solution: This hotfix updates the OfficeScan agent program to resolve this issue.
JP_[Hotfix_1437] (SEG-5202)
Issue: Encounter dead lock when launch application. The OfficeScan Behavior Monitoring feature may
cause certain operating systems to stop unexpectedly when users launch an Intel driver packed as a
self-extracting RAR file.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
FR_[Hotfix_1442] (SEG-4616,SEG-5702,SEG-4910)
Enhancement: This hotfix enables Administrators to use an apostrophe (') in the "Description" text box
when they add or modify a web console account.
KO_[Hotfix_1445] (SEG-6008)
(SEG-6008)
Issue: The 32-bit installer generated by the Client Packager tool does not work.
Solution: This hotfix ensures that users can install OfficeScan clients using the 32-bit installer package
generated by the Client Packager tool.
JP_[Hotfix_1453] (SEG-6632)
Issue: The agent grouping status switches off unexpectedly after AD synchronization.
Solution: This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains
the same after AD synchronization.
KO_[Hotfix_1454] (SEG-3830)
(JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a
specific website
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
JP_[Hotfix_1461] (SEG-6515)
(JIRA 6515)
Issue: Users are redirected to the US version of the Threat Encyclopedia instead of to the specific spyware
log information after clicking the link to a spyware log in the OfficeScan web console.
Solution: This hotfix updates the OfficeScan server file to ensure that the users are redirected to the
correct spyware encyclopedia page after clicking the link on a spyware log.
JP_[Hotfix_1462] (SEG-9203)
Issue: When the OfficeScan agent connects to SSL-VPN and the MAC address field is empty, the
OfficeScan agent will attempt to resolve the IP and MAC addresses repeatedly but the SSL-VPN IP
address still does not appear in the network cards list on the agent console.
Solution: This hotfix updates the OfficeScan agent program to prevent it from attempting to resolve the IP
and MAC addresses when the MAC address field is empty. It also helps ensure that the IP address appears
on the OfficeScan agent console.
JP_[Hotfix_1467] (SEG-8426)
Issue: The Publisher used to export registry keys is named differently in some OfficeScan agents.
Solution: This hotfix ensures that all OfficeScan agents use the same Publisher name.
[Hotfix_1468] (SEG-9443)
Issue: The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings
contain non-ASCII characters.
Solution: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager
policies to ensure that the server can check the signature of these policies.
Issues resolved by hot fixes for OSCE XG Patch 1
[CP_1641] (VRTS-972)
(VRTS-972)
Issue: The 3rd party AmMap application has multiple cross-site scripting (XSS) vulnerabilities that allows
remote attackers to inject arbitrary web or HTML scripts.
Solution: This hot fix resolves the XSS vulnerability.
[CP_1680] (VRTS-989,VRTS-1018,VRTS-1020,VRTS-1052,SEG-11451,SEG-10130)
(VRTS 986)
Issue: A vulnerability may allow a attacker to download the specific file from the OfficeScan server
through HTTP requests.
Solution: This Critical Patch resolves the vulnerability.
(VRTS 989)
Issue: A PHP file in OfficeScan XG may be vulnerable to an MITM/RCE vulnerability.
Solution: This Critical Patch resolves the potential vulnerability.
(VRTS 994)
Issue: Attackers may be able to launch Pre-Auth Server Side Request Forgery attacks through the specific
php functionality.
Solution: This Critical Patch resolves this issue by updating the specific php file and hard-coding it to
connect to the Trend Online Help page.
(VRTS 1012)
Issue: An attacker may be able to query NT domains through the OfficeScan XG process.
Solution: This removes the vulnerability.
(VRTS 1014, VRTS 1022)
Issue: A vulnerability may allow a attacker to send CGI requests to run and stop the OfficeScan XG
process unexpectedly.
Solution: This Critical Patch resolves the vulnerability.
(VRTS 1018)
Issue: A vulnerability may allow remote attackers to query PHP information while the specific php file
runs.
Solution: This Critical Patch secures the information in specific php file.
(VRTS 1020)
Issue: The OfficeScan XG program may be affected by a host header injection vulnerability.
Solution: This Critical Patch resolves the vulnerability.
(VRTS 1052)
Issue: A vulnerability may allow a attacker to stop the OfficeScan XG process unexpectedly by forcing the
specific parameter to exceed that limit.
Solution: This Critical Patch resolves the vulnerability.
(SEG 11451)
Issue: The Realtime Scan is disabled unexpectedly after Autopcc runs.
Solution: This Critical Patch ensures that Real-time Scan is not disabled unexpectedly after Autopcc runs.
(SEG 10130)
Issue: The contents of the CCSF ZIP file cannot be extracted successfully which prevents some
OfficeScan agents from updating successfully.
Solution: This Critical Patch enables OfficeScan to attempt to extract the contents of the CCSF ZIP file
continuously even when other process are using the file.
[CP_1708] (VRTS-989,VRTS-1018,VRTS-1020,VRTS-1052,SEG-9066)
(JIRA 9298)
Issue: A sharing violation prevents Autopcc from working on computers where the OfficeScan agent is
already installed.
Solution: This critical patch creates a new backup folder to prevent the sharing violation and ensure that
Autopcc works normally on OfficeScan agent computers.
(JIRA 12165)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after
enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This critical patch changes to add some sharing mode for the file open.
(JIRA 12255)
Issue: In the Windows Server 2003 platform, OfficeScan agents display the following message even when
the program components are up-to-date. "Update Now: You have not received a new update in 1 days."
Solution: This critical patch updates the OfficeScan agent program to resolve the issue.
(JIRA 11606)
Issue: OfficeScan agents receive C&C callback detected alerts for IPs in the approved list.
Solution: This critical patch resolves a file path issue to help ensure that IPs in the approved list do not
trigger C&C callback detected alerts.
(JIRA 11651) / (JIRA 3758)
Issue: The OfficeScan server cannot register to the EdgeServer when TLS 1.0 is disabled.
Solution: This critical patch enables the EdgeServer to support TLS 1.1 and 1.2.
[CP_1737] (VRTS-1228,SEG-12946)
(JIRA 12946)
Issue: After moving an OfficeScan agent from one OfficeScan server to another through the web console,
the agent might not able to upgrade successfully.
Solution: This critical patch updates the OfficeScan agent program to resolve the issue.
[Hotfix_1640]
(VRTS-986,VRTS-994,VRTS-1014,VRTS-1022,SEG-7326,SEG-7829,SEG-7354,SEG-4418,SEG-7580,S
EG-4973,SEG-8495,SEG-9269,SEG-7825)
(JIRA 1256)
Issue: The OfficeScan Behavior Monitoring feature may cause certain computers to lock up intermittently.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(JIRA 3260)
Issue: The OfficeScan Behavior Monitoring feature may block Adobe Acrobat Reader intermittently.
Solution: This hotfix updates the Behavior Monitoring UMH addon module to resolve the issue.
(JIRA 4711)
Issue: The OfficeScan server cannot check the signature on a Control Manager policy if the policy settings
contain non-ASCII characters.
Solution: This hotfix enables the OfficeScan server to handle non-ASCII strings in Control Manager
policies to ensure that the server can check the signature of these policies.
(JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a
specific website.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(JIRA 4824)
Issue: DLP generates duplicate violation event logs when users send an email message using Outlook.
Solution: This hotfix enables the DLP multipart feature in Outlook to prevent duplicate violation event
logs when users send email messages in Outlook.
(JIRA 4985)
Issue: This hotfix aim at resolving the application failure due to Personal Firewall of Trend. The failure is
about executable image hashing take too much time and cause a timeout on application connection to its
server.
Solution: This hot fix updates the Network Security Components to ensure that Trend Micro's firewall will
asynchronously compute the hash value of the executable image that initiated a connection. While the
firewall computes the hash, all rules of the Application Filter will be unavailable until the hash value is
computed, preventing the system from blocking the application from its connection.
(JIRA 4008)
Issue: The information in the "Message" field in Administrator Notifications cannot be saved successfully
if the field contains a tab delimiter.
Solution: This hotfix updates the OfficeScan server files to ensure that the information can be saved
successfully.
(TT359239)
Issue: The OfficeScan Web Reputation feature blocks normal access to websites if the endpoint also has
the Symantec Data Loss Prevention application running.
Solution: This hotfix updates the OfficeScan agent module to ensure that the OfficeScan Web Reputation
feature does not conflict with the Symantec Data Loss Prevention application.
(JIRA 1266)
Issue: The UMH driver may block a certain application from running from a UNC path when the "Enable
program inspection to detect and blocked compromised executable files" option is enabled.
Solution: This hotfix updates the UMH driver to ensure that the application can run from a UNC path
while the "Enable program inspection to detect and blocked compromised executable files" option is
enabled.
(JIRA 2425)
Issue: It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution: This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
(JIRA 4948)
Issue: The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution: This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an
SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then
Impersonates to facilitate the download.
(JIRA 4800)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
(JIRA 5807)
Issue: The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device.
- Seagate(R) Backup+ Hub BK SCSI Disk Device.
- Seagate BUP BL SCSI Disk Device.
Solution: This hotfix resolves this tool issue.
(JIRA 3749)
Issue: The TmListen.exe service of the OfficeScan agent stops unexpectedly when Web Reputation
Service is running.
Solution: This hotfix updates the OfficeScan agent programs to prevent TmListen.exe from stopping
unexpectedly.
(JIRA 4620)
Issue: The agent grouping status switches off unexpectedly after AD synchronization.
Solution: This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains
the same after AD synchronization.
(JIRA 5561)
Issue: The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution: This hotfix ensures that the TmListen service checks the "hotfix_history.ini" file and updates the
build number during start up.
(JIRA 5527)
Issue: On computers running on the Microsoft(TM) Windows(TM) 10 platform, the DLP network filter
driver is installed with the TDI network filter driver.
Solution: This hotfix updates the operating system version determination mechanism to ensure that the
correct driver is installed. This hotfix also provides a WFP driver replacement mechanism that replaces the
TDI driver with the correct driver.
(JIRA 6408)
Issue: The DLP module may not work normally while other programs are uploading files to the Internet.
Solution: This hotfix ensures that the DLP module works normally when other programs are to uploading
files to the Internet.
(JIRA 5843)
Issue: When the DLP multipart scan feature is enabled, all violations triggered in Microsoft Outlook for
different users appear under the first login user.
Solution: This hotfix enables the DLP module to check the process owner according to process ID before
scanning to ensure that each violation appears under the correct user account.
(JIRA 2791)
Issue: BSOD occurs when the "Suspicious Connection Settings" are enabled.
Solution: This hotfix updates the Network Content Inspection Engine to prevent the BSOD issue.
(JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a
specific website.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(JIRA 5202)
Issue: The OfficeScan Behavior Monitoring feature may cause certain operating systems to stop
unexpectedly when users launch an Intel driver packed as a self-extracting RAR file.
Solution: This hotfix updates the Behavior Monitoring Service module to resolve the issue.
(JIRA 4800)
Issue: It takes a long time to copy files using the RDP clipboard when DLP is enabled.
Solution: This hotfix resolves the issue by adding the RDP process "mstsc.exe" into the approved list.
(JIRA 2425)
Issue: It takes a long time to load a remote PST file in Microsoft(TM) Outlook(TM) when DLP is enabled.
Solution: This hotfix ensures that Outlook can load remote PST files normally when DLP is enabled.
(TT348875)
Issue: A USB floppy disk drive cannot be added into the exception list of removable storage devices in the
DLP Policy Settings.
Solution: This hotfix ensures that users can add USB floppy disk drives into the DLP exception list of
removable storage in the DLP Policy Settings.
(TT355419)
Issue: The Lumension Heat patching software may stop unexpectedly when DLP is enabled.
Solution: This hotfix resolves the issue by preventing DLP from excluding the following two processes:
- XMLDeltaParser.exe
- DAgent.exe
(JIRA 5807)
Issue: The Listdeviceinfo tool cannot get information from the following external devices:
- LaCie Rugged THB USB3 SCSI Disk Device
- Seagate(R) Backup+ Hub BK SCSI Disk Device
- Seagate BUP BL SCSI Disk Device
Solution: This hotfix resolves this issue.
(TT357926)
Issue: DLP does not block the most current webmail sites like "Outlook.com".
Solution: This hotfix resolves this issue.
(TT356728)
Issue: DLP blocks the Exodus Jabber program unexpectedly.
Solution: This hotfix ensures that the Exodus Jabber program works normally when DLP is enabled on the
endpoint machines.
(TT358910)
Issue: Microsoft Access (.mdb) files cannot be recovered to USB storage from the DLP backup folder.
Solution: This hotfix ensures that DLP can successfully recover Microsoft Access (.mdb) files.
(JIRA 4948)
Issue: The upload of files from an SMB path to the Internet may stop unexpectedly when DLP is enabled.
Solution: This hotfix adds an SMB checking mechanism that enables DLP to check if a file is from an
SMB path before it attempts to access the file information. If the source file is an SMB file, DLP then
Impersonates to facilitate the download.
(TT358095)
Issue: DLP does not block users from dragging and dropping files on to current webmail sites such as
"Outlook.office.com" or "Outlook.live.com in Google Chrome.
Solution: This hotfix ensures that OfficeScan can effectively block sensitive information from leaking
when users use Google Chrome to access webmail sites.
(JIRA 6008)
Issue: The 32-bit installer generated by the Client Packager tool does not work.
Solution: This hotfix ensures that users can install OfficeScan clients using the 32-bit installer package
generated by the Client Packager tool.
(JIRA 3077)
Issue: The "Suspicious Object List Setting page" has a wording error.
Solution: This hotfix corrects the wording of the "Suspicious Object List Setting" page.
(JIRA 7326)
Issue: When using the Microsoft(TM) SQL database, OfficeScan may receive ADO exception errors
caused by a NULL value passing onto a stored procedure.
Solution: This hotfix updates the OfficeScan file to prevent this issue from occurring.
(JIRA 5414)
Issue: Microsoft(TM) Internet Explorer stops responding when it transfers files using Microsoft(TM)
SharePoint.
Solution: This hotfix resolves this issue.
(JIRA 7410)
Issue: When Data Loss Prevention (DLP) detects that sensitive information was sent through an email
message, the OfficeScan agent generates a blank "Activity/Channel" log.
Solution: This hotfix resolves this issue.
(JIRA 7412)
Issue: Multiple Data Loss Prevention (DLP) violation events appear after the first user justification
window. This issue occurs when users send sensitive content using Microsoft(TM) Outlook.
Solution: This hotfix resolves this issue by refining the timestamp recording mechanism of the sent email
item. After applying this hotfix, the system only records the timestamp after it returns the user justification
action to filter out the incorrect triggered email event caused by Microsoft Outlook.
(JIRA 6632)
Issue: The agent grouping status switches off unexpectedly after AD synchronization.
Solution: This hotfix updates the OfficeScan server files to ensure that the agent grouping status remains
the same after AD synchronization.
(JIRA 3830)
Issue: The OfficeScan User Mode Hooking (UMH) function may trigger a false alarm when users access a
specific website.
Solution: This hotfix updates the OfficeScan User Mode Hooking module to resolve this issue.
(JIRA 7326)
Issue: When using the Microsoft(TM) SQL database, OfficeScan may receive ADO exception errors
caused by a NULL value passing onto a stored procedure.
Solution: This hotfix updates the OfficeScan file to prevent this issue from occurring.
(VRTS 1014)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run
"fcgiOfcDDA.exe" on the OfficeScan server and trigger " fcgiOfcDDA.exe " to stop unexpectedly. When
this happens, a large number of dump files are generated which can eventually take up a large portion of
disk space.
Solution: This hotfix resolves the vulnerability.
(VRTS 1022)
Issue: A vulnerability may allow a remote unauthenticated attacker to send CGI requests to run
"cgiRqUpd.exe" on the OfficeScan server and trigger "cgiRqUpd.exe" to stop unexpectedly. When this
happens, a large number of dump files are generated which can eventually take up a large portion of disk
space.
Solution: This hotfix resolves the vulnerability.
(JIRA 7829)
Issue: The list of supported platforms in the "Additional Service Settings" page of the OfficeScan XG web
console does not include the new Windows Server 2016 platform.
Solution: This hotfix adds the new Windows Server 2016 platform to the supported platform list on the
"Additional Service Settings" page.
(JIRA 7354)
Issue: The OfficeScan agent keeps its old build number even after applying all the latest hotfixes.
Solution: This hotfix ensures that the TmListen service checks the "hotfix_history.ini" file and updates the
build number during start up.
(VRTS 994)
Issue: Attackers may be able to launch Pre-Auth Server Side Request Forgery attacks through the
"help_Proxy.php" functionality.
Solution: This hotfix resolves this issue by updating the "help_Proxy.php" file and hard-coding it to
connect to the Trend Online Help page.
(JIRA 4418)
Issue: OfficeScan clients running on Windows platforms stop responding while shutting down or
restarting.
Solution: This hotfix prevents this issue by improving the way processes read information using the
lookaside list when the Unauthorized Change Prevention Service is de-initializing.
(JIRA 7825)
Issue: The Outbreak Prevention Policy cannot block access to SMB shared folders.
Solution: This hotfix enables OfficeScan to terminate the current connection when enabling the Outbreak
Prevention Policy to help ensure that the policy can block access to SMB folders successfully.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation
directory.
c. Under the "Global Setting" section, manually add the following key and set its value to
"1".
[Global Setting]
cnqConnectionTermination=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro
¥PC-cillinNTCorp¥CurrentVersion¥Misc.
Key: cnqConnectionTermination
Type: DWORD
Value:
0 = OfficeScan does not support network re-establish
1 = OfficeScan supports network re-establish
Note: This function works only on computers that retrieve its IP address from the
DHCP server automatically.
(JIRA 7580)
Issue: An issue prevents users from adding another gateway IP address for an endpoint location.
Solution: This hotfix ensures that users can configure additional gateway IP addresses for an endpoint
location.
(VRTS 986)
Issue: A vulnerability may allow a remote unauthenticated attacker to download the "crypt.key" file from
the OfficeScan server through HTTP requests.
Solution: This hotfix resolves the vulnerability.
(JIRA 5670)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support Chrome 58.0.3029.81.
(JIRA 6057)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 to support Chrome 58.0.3029.81.
(JIRA 4910)
Enhancement: This hotfix enables Administrators to use an apostrophe (') in the "Description" text box
when they add or modify a web console account.
(JIRA 6057)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 to support Chrome 58.0.3029.81.
(JIRA 7327)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.0 to support Google(TM)
Chrome version 59.0.3071.86
(JIRA 7223)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to bypass iTunes blocking
and so that iPhone can still be charged while Device Control is enabled. To configure the new setting for
DLP:
a. Install this hot fix (see "Installation").
b. Open the "dlp.ini" file in the "¥PCCSRV¥Private¥" folder on the OfficeScan server.
c. Under the "Configure" section, manually add the "bypass_itunes_nonstor_usb_dc" key and set
its value.
[Configure]
bypass_itunes_nonstor_usb_dc = true
d. Save the changes and close the file.
e. Open the OfficeScan web console and click "Agents > Agent Management > Select domains
or agents > Settings > DLP settings".
f. Click "Save" to deploy the settings to agents.
The OfficeScan server deploys the settings to OfficeScan agents and adds the following key in
the "dsa.pro" file in the "¥Windows¥System32¥dgagent¥" folder:
bypass_itunes_nonstor_usb_dc=true
(JIRA 4973)
Enhancement: This hot fix provides additional details in the Component Update Details log files. It
includes the following information:
- Domain Hierarchy of endpoint
- IP Address of endpoint
(JIRA 8495)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to support the following
Google(TM) Chrome versions:
- Google(TM) Chrome version 58.0.3029.110m.
- Google(TM) Chrome version 59.0.3071.86
(JIRA 9269)
Enhancement: This hot fix enables Data Loss Prevention Endpoint SDK 6.2 to support the following
Google(TM) Chrome versions:
- Google(TM) Chrome version 58.0.3029.110m.
- Google(TM) Chrome version 59.0.3071.86
(SBM 356627)
Enhancement: This hotfix adds an assessment mode for ransomware. In assessment mode, OfficeScan
will not terminate the suspected ransomware process but creates a log for it.
Procedure: To enable assessment mode:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following keys and set each to "1".
[Global Setting]
EnableADCAssessMode=1
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
EnableADCAssessModeNotification=1
Value: 0 = no popup notification in the system tray icon
1 = a popup notification appears in the system tray icon
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥AEGIS
Key: EnableADCAssessMode
Type: DWORD
Value: 0 = OfficeScan does not support ransomware assessment mode
1 = OfficeScan supports ransomware assessment mode
Key: EnableADCAssessModeNotification
Type: DWORD
Value: 0 = does not have popup notification in system tray icon
1 = have popup notification in system tray icon
[Hotfix_1656] (VRTS-1012,SEG-9014)
(JIRA 9014)
Issue: An issue related to the OfficeScan UMH driver triggers BSOD.
Solution: This hotfix updates the UMH driver to resolve the issue.
(VRTS 1012)
Issue: Remote unauthenticated attackers may be able to query NT domains through the OfficeScan XG
"cgiGetNTDomain.exe" process.
Solution: This removes the vulnerability.
[Hotfix_1660] (SEG-7249,SEG-7730,SEG-8631,SEG-9007)
(JIRA 7249)
Issue: The OfficeScan Predictive Machine Learning feature blocks users from publishing documents from
Microsoft Outlook.
Solution: This hotfix changes the share write property of the ATSE to resolve this issue.
(JIRA 7730)
Issue: BSOD occurs when users run Microsoft Office on OfficeScan client computers.
Solution: This hotfix removes an unnecessary string comparison step to ensure that Microsoft Office runs
normally on protected computers.
(JIRA 8631)
Issue: Sometimes, the Windows Security Center indicates that OfficeScan is not running even when it is
enabled and running and sends users an important message to enable the OfficeScan Antivirus.
Solution: This hotfix updates the OfficeScan agent file to resolve the issue.
(JIRA 9007)
Issue: OfficeScan agents display the following message even when the program components are
up-to-date."Update Now: You have not received a new update in 1 days."
Solution: This hotfix updates the OfficeScan agent program to resolve the issue.
[Hotfix_1666] (VRTS-1115,SEG-9016,SEG-10356)
(VRTS 1115)
Issue: Web server details gathered from the banner may allow attackers to search and launch automated
attacks from commonly-found web sites which may lead to website defacement or denial of service.
Solution: This hotfix resolves the vulnerability.
(JIRA 10356)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after
enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This hotfix changes to add some sharing mode for the file open.
(JIRA 9016)
Issue: An issue related to the Unauthorized Change Prevention service can prevent the OfficeScan Device
Control feature from applying the correct policies in computers running on the Windows 10 platform.
Solution: This hotfix allows users to enable OfficeScan to support the detection and termination of
processes on USB drives using the "run as admin" feature. This helps resolve the issue.
Procedure: To enable the new settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
EnableDACTerminate=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
g. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS
Key: EnableDACTerminate
Type: DWORD
Value: 1
f. Restart the Behavior Monitoring service on clients.
[TC_Hotfix_1678] (SEG-11133)
(VRTS 1115)
Issue: Web server details gathered from the banner may allow attackers to search and launch automated
attacks from commonly-found web sites which may lead to website defacement or denial of service.
Solution: This hotfix resolves the vulnerability.
(SEG 10356)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after
enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This hotfix changes to add some sharing mode for the file open.
(SEG 9016)
Issue: An issue related to the Unauthorized Change Prevention service can prevent the OfficeScan Device
Control feature from applying the correct policies in computers running on the Windows 10 platform.
Solution: This hotfix allows users to enable OfficeScan to support the detection and termination of
processes on USB drives using the "run as admin" feature. This helps resolve the issue.
Procedure: To enable the new settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation
directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
EnableDACTerminate=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS
Key: EnableDACTerminate
Type: DWORD
Value: 1
g. Restart the Behavior Monitoring service on clients.
[Hotfix_1682] (SEG-6486)
(JIRA 6486)
Issue: Users may not be able to access an internal web application while the Browser Exploit Prevention
feature is enabled.
Solution: This hotfix updates the Microsoft(TM) Internet Explorer(TM) Javascript hooking logic to
resolve this issue.
[Hotfix_1692]
(SEG-9646,SEG-10631,SEG-11771,SEG-6439,SEG-8975,SEG-11404,SEG-12182,SEG-10980,SEG-1134
2,SEG-12076,SEG-7783,SEG-7318,VRTS-1284)
(VRTS 1284)
Issue: A Use-After-Free vulnerability affecting the firewall driver may cause the computer to stop
unexpectedly.
Solution: This hotfix resolves the vulnerability.
(JIRA 11492)
Issue: When DLP is enabled on Microsoft(TM) Windows(TM) 10.14393 platforms, "mscorsvw.exe" stops
responding.
Solution: This hotfix resolves the issue by updating the iDLP module to add "mscorsvw.exe" to its
approved list.
(JIRA 10631)
Issue: The extension names of quarantined files disappear after these files are restored from the quarantine
folder. This happens because the file extension name exclusion list is overwritten with an empty string
during file restoration.
Solution: This hotfix enables OfficeScan to restore the complete file extension name exclusion list to
ensure that quarantined files are restored with the correct extension names.
(JIRA 11771)
Issue: The "file extensions" field under the "File Attributes DLP identifier" section does not accept entries
that contain an underscore "_".
Solution: This hotfix updates the Trend Micro Data Loss Prevention(TM) (DLP) module to enable the
"file extensions" field to support the underscore character "_".
(JIRA 6439)
Issue: When DLP is enabled on Windows 8.1 platforms, some programs may stop unexpectedly.
Solution: This hotfix resolves the issue by updating the iDLP module to enable it to retrieve the correct
path to the Microsoft "wow64.dll" module.
(JIRA 8975)
Issue: An issue prevents the DLP module from parsing sender email address information on OWA web
mail.
Solution: This hotfix add a function in the iDLP module which helps ensure that it can parse sender
information in Office 365 web mail correctly.
(JIRA 10980)
Issue: The account and password setting for the external proxy server do not support the hash special
character "#".
Solution: This hotfix resolves a broken jquery Ajax call to ensure that the account and password setting for
the external proxy server supports special characters.
(JIRA 11342)
Issue: An issue related to the Anti-exploit Protection function might cause Internet Explorer to stop
unexpectedly.
Solution: This hotfix updates the OfficeScan Agent files to resolve the issue.
(JIRA 12076)
Issue: The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan
Firewall module which may cause the Firewall service to encounter network access issues and application
connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall
module on affected OfficeScan agents.
(JIRA 7783)
Issue: The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan
Firewall module which may cause the Firewall service to encounter network access issues and application
connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall
module on affected OfficeScan agents.
(JIRA 7318)
Issue: The following OfficeScan 12.0 Patch 1 hotfixes are affected by an issue related to the OfficeScan
Firewall module which may cause the Firewall service to encounter network access issues and application
connection timeout issues.
- Hotfix 6277
- Hotfix 6281
- Hotfix 6292
- Hotfix 1358
Solution: This hotfix updates the OfficeScan Firewall to resolve the network access issues.
Note: You must restart the endpoint after applying this hotfix to update the Common Firewall
module on affected OfficeScan agents.
(JIRA 9646)
Issue: There is a compatibility issue between some printers and OfficeScan predictive machine learning.
Solution: This hotfix fixed the compatibility issue.
(JIRA 11404)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support the following Google Chrome
versions:
- Google Chrome 60.0.3112.78
- Google Chrome 60.0.3112.90
(JIRA 12182)
Enhancement: This hotfix enables DLP Endpoint SDK 6.0 to support the following Google Chrome
versions:
- Google Chrome 60.0.3112.78
- Google Chrome 60.0.3112.90
(JIRA 4974)
Enhancement: This hotfix enables OfficeScan to send detected pattern information to the Control
Manager server to add to the "Detailed Virus/Malware Information" data view of ad hoc queries. This
feature also requires the application of Control Manager Hotfix 3630 or any later hotfix on the Control
Manager server.
[Hotfix_1708]
(SEG-9298,SEG-12165,SEG-12255,SEG-11754,SEG-11495,SEG-11606,SEG-11651,SEG-3758)
(JIRA 9298)
Issue: A sharing violation prevents Autopcc from working on computers where the OfficeScan agent is
already installed.
Solution: This hotfix creates a new backup folder to prevent the sharing violation and ensure that Autopcc
works normally on OfficeScan agent computers.
(JIRA 12165)
Issue: Users encounter a sharing violation issue related to the ntrtscan and iexplorer processes after
enabling the OfficeScan Predictive Machine Learning feature in a computer that has a multiple core CPU.
Solution: This hotfix changes to add some sharing mode for the file open.
(JIRA 12255)
Issue: In the Windows Server 2003 platform, OfficeScan agents display the following message even when
the program components are up-to-date. "Update Now: You have not received a new update in 1 days."
Solution: This hotfix updates the OfficeScan agent program to resolve the issue.
(JIRA 11606)
Issue: OfficeScan agents receive C&C callback detected alerts for IPs in the approved list.
Solution: This hotfix resolves a file path issue to help ensure that IPs in the approved list do not trigger
C&C callback detected alerts.
(JIRA 11651) / (JIRA 3758)
Issue: The OfficeScan server cannot register to the EdgeServer when TLS 1.0 is disabled.
Solution: This hotfix enables the EdgeServer to support TLS 1.1 and 1.2.
(JIRA 9066)
Enhancement: This critical patch enhances the Behavior Monitoring and Predictive Machine Learning
features to better detect and prevent ransomware infections from files, and improves the protection against
ransomware threats during outbreak situations.
(JIRA 11754)
Enhancement: This hotfix speeds up the approved and blocked list comparison for supported web
services, including Dropbox, Google Drive, Gmail, and others.
(JIRA 11495)
Enhancement: This hotfix adds the "Japan: Driving License Number" validator.
[Hotfix_1709] (SEG-11641)
(JIRA 11641)
Enhancement: This hotfix allows Trend Micro Predictive Machine Learning to detect emerging unknown
security risks threats found in suspicious processes or files originating from any channels.
[Hotfix_1714]
(SEG-10553,SEG-10964,SEG-11381,SEG-11966,SEG-9246,SEG-9408,SEG-11396,SEG-10766,SEG-128
08)
(JIRA 10553)
Issue: The OfficeScan agent status information on the Control Manager web console does not match the
information in the OfficeScan web console.
Solution: This hotfix ensures that the OfficeScan agent status information on the Control Manager web
console is consistent with the information on the OfficeScan web console.
(JIRA 10964)
Issue: The OfficeScan Predictive Machine Learning feature blocks users from publishing documents from
Microsoft Outlook.
Solution: This hotfix moves the file property extraction step to a later stage to ensure that users can
publish documents from Microsoft Outlook.
(JIRA 11381)
Issue: The OfficeScan agent reports a false positive detection after enabling the Anti-exploit Protection
feature.
Solution: This hotfix updates the OfficeScan agent to prevent the false positive detection.
(JIRA 11966)
Issue: BSOD occurs on protected computers running on unsupported Windows versions.
Solution: This hotfix removes the API hooking mechanism for unsupported Windows versions to prevent
BSOD in these computers.
(JIRA 9408)
Issue: An issue prevents users from browsing through folders in Huawei smart phones connected to a
protected computer when the OfficeScan Data Protection Service is enabled.
Solution: This hotfix enables OfficeScan to discard Huawei smart phone cdrom device instance to ensure
that users can browse folders in a connected Huawei smart phone in MTP mode.
(JIRA 9246)
Issue: An issue prevents users from using the Huawei Mobile Broadband Airtel 4G Model device
connected to a protected computer when the OfficeScan Data Protection Service is enabled.
Solution: This hotfix enables OfficeScan to discard the Huawei Mobile Broadband Airtel 4G Model
device instance to ensure that users can browse the Internet using the device when the OfficeScan Data
Protection Service is enabled.
(JIRA 11396)
Enhancement: This hotfix enables DLP Endpoint SDK 6.2 to use the Data Protection Application Pattern
to support Google Chrome and the list of approved processes.
(JIRA 10766)
Enhancement: This hotfix updates the pop-up message that appears when OfficeScan agents that are
being moved to another OfficeScan server have mismatched certificates.
(JIRA 12808)
Enhancement: This hotfix adds the ""Nigeria: Verve IIN (Issuer Identification Number"" validator.
[Hotfix_1717] (SEG-10791,SEG-11327,SEG-11705,SEG-13146,SEG-13181,SEG-13293)
(JIRA 10791)
Issue: The OfficeScan Behavior Monitoring feature may cause certain third-party programs that are in its
approved list to stop responding.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "AegisSkipNotificationEvent" key and
set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents.
(JIRA 11327)
Issue: The OfficeScan Behavior Monitoring feature may cause a protected computer to stop responding
while the feature checks the file signature on a UNC path.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
(JIRA 11705)
Issue: The OfficeScan Behavior Monitoring feature may cause performance issues while the protected
computer runs certain programs that are in the Behavior Monitoring approved list.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "AegisSkipNotificationEvent" key and
set its value to "1".
[Global Setting]
AegisSkipNotificationEvent=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AEGIS
Key: SkipNotificationEvent
Type: DWORD
Value: 1
g. Restart the OfficeScan agents.
(JIRA 13146/JIRA 13181)
Issue: BSOD occurs while a protected computer starts up because the UMH driver attempts to access a
corrupted cache.
Solution: This hotfix updates the UMH module to resolve the issue.
(JIRA 13293)
Issue: The MPS feature of iDLP cannot be disabled on OfficeScan agents.
Solution: This hotfix provides a way for users to disable the MPS feature on OfficeScan agents.
Procedure: To disable the email multi part scan mode in the DLP function and globally deploy this setting
to all OfficeScan agents:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder of the OfficeScan server.
c. Under the "Global Setting" section, manually add the following key and set its value to "0".
[Global Setting]
EnableDlpMPScan=0
NOTE: To enable the setting again, set "EnableDlpMPScan=1".
d. Save the changes and close the file.
e. Open the OfficeScan server management console and click "Agents > Global Agent Settings"
on the main menu to access the "Global Agent Settings" page.
f. Click "Save" to deploy the setting to agents.
The OfficeScan server deploys the command to agents and adds the following registry entry on
all agent computers:
Path:
HKLM¥SYSTEM¥SOFTWARE¥Wow6432Node¥TrendMicro¥ PC-cillinNTCorp¥CurrentVersion¥DlpLit
e
Key: EnableMPScan
Type: dword
Value: 0
Note: The OfficeScan agent needs to reload after enabling/disabling the MPS feature.
(JIRA 13723)
Issue: The DLP version appears as 0.0.0 on both the management console and agent console.
Solution: This hotfix ensures that the correct DLP version appears on both the management console and
agent console.
[Hotfix_1721]
(SEG-4624,SEG-12101,SEG-12045,SEG-4976,SEG-11500,SEG-12079,SEG-13686,SEG-13667,SEG-137
07,SEG-12080,SEG-12552,SEG-13772,SEG-13380,SEG-12859)
(JIRA 4624)
Issue: The OfficeScan Behavior Monitoring feature may cause certain approved third-party programs to
take longer to load on protected computers.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
(JIRA 11500/JIRA 12079)
Issue: DLP Endpoint SDK 6.2 sometimes cannot block users from uploading files that contain sensitive
information to "outlook.live.com" and "facebook.com".
Solution: This hotfix updates the DLP module to enhance support for both websites to ensure that the
module can block files with sensitive information from being uploaded onto these websites.
(JIRA 12101/JIRA 12045)
Issue: The Trend Micro Unauthorized Change Prevention Service uses up a large amount of CPU
resources.
Solution: This hotfix updates the Behavior Monitoring module to resolve the issue.
(JIRA 12552)
Issue: The OfficeScan manual scan exclusion feature may not work properly while the suspected malware
process is still running.
Solution: This hotfix updates the OfficeScan agent program to resolve the issue.
(JIRA 13772/13380)
Issue: When the system installs or upgrades the Cisco VPN software, it tries to access some registry keys
under the TmLwf registry key, which causes the software installation to fail.
Solution: This hotfix adds a key to disable the self-protection only function of the TmLwf registry key,
which resolves this issue.
Procedure: To enable the new service settings:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan installation directory.
c. Under the "Global Setting" section, manually add the following key and set its value to "1".
[Global Setting]
SP_DisableTmLwfRegistryKeyProtection=1
Value: 1 = Disable TmLwf registry key self-protection only
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to clients.
Path:
HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥PC-cillinNTCorp¥CurrentVersion¥AEGIS
Key: SP_DisableTmLwfRegistryKeyProtection
Type: DWORD
Value: 1 = Disable TmLwf registry key self-protection only
g. Restart the OfficeScan agents
(JIRA 12859)
Issue: A user requests for a way to add the following information into DLP log notifications under the
digital asset email notifications:
- Process
- Source
- Destination
- Incident ID
Solution: This hotfix updates the OfficeScan Master Service to support the following tokens in DLP log
notifications.
- %PROCESS%
- %SOURCE%
- %DESTINATION%
- %VIOLATIONID%
[Hotfix_1729] (SEG-1056)
(JIRA 1056)
Enhancements: This hotfix updates the Trend Micro Osprey Firefox Extension and enables it to support
Firefox 51 and later versions.
[Hotfix_1736] (SEG-14538,SEG-14855,SEG-13231)
(JIRA 14538)
Issue: Enabling the Browser Exploit Prevention (BEP) feature causes Microsoft Internet Explorer to crash
when opening certain websites that were added to the Web Reputation Approved List.
Solution: This hotfix updates the Browser Exploit Prevention component to resolve the issue.
Procedure: To apply and deploy the solution globally:
a. Install this hotfix (see "Installation").
b. Open the "ofcscan.ini" file in the "¥PCCSRV¥" folder on the OfficeScan server installation
directory.
c. Under the "Global Setting" section, manually add the "DisableJSHook" key and set its value to
"1".
[Global Setting]
DisableJSHook=1
d. Save the changes and close the file.
e. Open the OfficeScan web console and go to the "Agents > Global Agent Settings" screen.
f. Click "Save" to deploy the setting to agents. The OfficeScan server deploys the command to
OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:
Path: HKEY_LOCAL_MACHINE¥SOFTWARE¥TrendMicro¥AMSP¥SAL
Key: DisableJSHook
Type: DWORD
Value: 1
g. Restart the OfficeScan agents.
(JIRA 14855)
Issue: Enabling the Browser Exploit Prevention (BEP) feature may cause customers to encounter an error
when accessing certain websites that were added to the Web Reputation Approved List.
Solution: This hotfix updates the Browser Exploit Prevention component to resolve the issue.
(JIRA 13231)
Issue: DLP Endpoint SDK 6.2 blocks VirtualBox from launching in Headless Mode.
Solution: This hotfix updates the DLP module to skip API event inspection from all VirtualBox processes.
Enhancements from hot fixes for OSCE 11.0 SP1 Patch 1
[JP Hot fix 5086.u](SEG-8667)
Enhancement: Third-party Product Uninstallation - The OfficeScan installation program now
automatically removes the following products before installing the OfficeScan client:
The English versions of the following third-party products with the English version of
OfficeScan:
o Symantec Endpoint Protection 12.1.6318.6100 - JP (x86 and x64)
o Symantec Endpoint Protection 12.1.7004.6500 - JP (x86 and x64)
Enhancements from hot fixes for OSCE 11.0 SP1 (UMH)
[Hot fix 6087.u](TT-348155)
[Hot fix 6090.u](TT-346873)
[Hot fix 6097.u](TT-349045,349059)
[Hot fix 6104.u](TT-348846)
[Hot fix 6108.u](TT-348904)
[TC_Hot fix 6132.u](TT-349992,349993,349994)
[Hot fix 6142.u](TT-351493)
[Hot fix 6152.u](TT-347017)
[Hot fix 6153.u](TT-349847)
[JP_Hot fix 6165.u](TT-351941)
[TC_Hot fix 6169.u](TT-353279)
[Hot fix 6172.u](TT-353508)
[Hot fix 6209.u](TT-354689)
[Hot fix 6220.u](TT-354193)
[Hot fix 6245.u](TT-351070)
[Hot fix 6247.u](TT-356316)
[Hot fix 6256.u](TT-355959)
[JP_Hot fix 6276.u](TT-358241)
[Hot fix 6280.u](TT-351592,348795)
[Hot fix 6323.u](SEG-3921)
[KO_Hot fix 6349.u](SEG-4200)
[JP_Hot fix 6373.u](TT-359490)
[Hot fix 6374.u](SEG-7394)
[JP_Hot fix 6391.u](SEG-7611)
[Hot fix 6401.u](SEG-8707)
[SC_Hot fix 6412.u](SEG-10254)
[Hot fix 6413.u](SEG-10254)
[SC_Hot fix 6423.u](SEG-11227)
[SC_Hot fix 6445.u](SEG-13648)
[Hot fix 6449.u](SEG-14047)
Enhancement: Third-party Product Uninstallation - The OfficeScan installation program now
automatically removes the following products before installing the OfficeScan client:
The English versions of the following third-party products with the English version of
OfficeScan:
o System Center Endpoint Protection 4.5.216.0 x86/x
o Symantec Endpoint Protection 12.1.1101.401 x86/x
o Symantec Endpoint Protection 12.1.3001.165 x86/x
o Symantec Endpoint Protection 12.1.4100.4126 x86/
o Symantec Endpoint Protection 12.1.4100.4126 x86
o Symantec Endpoint Protection 12.1.5337.5000 x86/
o Symantec Endpoint Protection 12.1.6168.6000 x86/
o Symantec Endpoint Protection 12.1.6318.6100 x86/
o Symantec Endpoint Protection 12.1.6608.6300 x86/
o Symantec Endpoint Protection 12.1.6860.6400 x86/
o Symantec Endpoint Protection 12.1.6867.6400 x86/
o Symantec Endpoint Protection 12.1.7004.6500 x86/
o Symantec Endpoint Protection 12.1.7166.6700 x86
o Symantec Endpoint Protection 12.1.7266.6800 x86/
o Sophos Anti-Virus 10.6.3.537 x86/x64
o Sophos AutoUpdate 5.2.0.276 x86/x64
o Sophos Client Firewall 2.9.5 x86/x64
o Sophos Network Threat Protection 1.2.2.50 x86/x6
o Sophos Patch Agent 1.0.308.0 x86/x64
o Sophos Remote Management System 4.0.6 x86/x6
o Sophos System Protection 1.3.0 x86/x64
o Sophos 10.3
o Sophos 10.5
o Sophos 10.6
o Kaspersky 10.0.3361
o Panda Endpoint Agent 7.30.02.0000 x86/x64
o Panda Free Antivirus 7.84.00.0000 x86/x64
o Panda Free Antivirus 8.20.00.0000 x86/x64
o ESET NOD32 Antivirus 9.0.377.1 x86/x64
o ESET NOD32 Antivirus 3.0.669.0 x86/x64
o ESET NOD32 Antivirus 4.2.40.27 CHT x86/x64
o ESET NOD32 Antivirus 4.2.71.2 x86/x64
o McAfee Agent 4.8.0.641 x86/x64
o McAfee Agent 4.8.0.1938 x86/x64
o McAfee VirusScan Enterprise 8.8.02004 x86/x64
o McAfee Endpoint Encryption 4.1.0.577 x86/x64
o McAfee Endpoint Encryption 4.1.1.150 x86/x64
o McAfee Endpoint Encryption 4.2.0.164 x86/x64
o Avira Server Security 13.0.0.3736 x86/x64
o AhnLab V3 Internet Security 9.0.17.870 x86/x64
Enhancements from hot fixes for OSCE XG
[Hot fix 1258.u](TT-354875)
[Hot fix 1278.u](TT-357211)
[Hot fix 1316.u](TT-359988)
[Hot fix 1330.u](SEG-2270)
[Hot fix 1351.u](SEG-2191)
[Hot fix 1353.u](SEG-3925)
[Hot fix 1356.u](SEG-5205)
[Hot fix 1357.u](SEG-4270)
[Hot fix 1366.u](SEG-5856)
[Hot fix 1370.u](SEG-5747)
[Hot fix 1373.u](SEG-5399,SEG-6368)
[Hot fix 1374.u](SEG-6989,SEG-6990,SEG-7006,SEG-7007)
[Hot fix 1377.u](SEG-7409)
[Hot fix 1383.u](SEG-8229)
[Hot fix 1384.u](SEG-8228)
[Hot fix 1387.u](SEG-8204)
[Hot fix 1388.u](SEG-8930)
[Hot fix 1390.u](SEG-8482,SEG-8786,SEG-9182)
[Hot fix 1395.u](SEG-8206)
[TC_Hot fix 1458.u](SEG-8117)
[JP_Hot fix 1460.u](SEG-7608)
[DE_Hot fix 1463.u](SEG-9565)
[JP_Hot fix 1464.u](SEG-9218)
Enhancement: Third-party Product Uninstallation - The OfficeScan installation program now
automatically removes the following products before installing the OfficeScan client:
The English versions of the following third-party products with the English version of
OfficeScan:
o Symantec Endpoint Protection 14.0.2332.0100 x86/x64
o Symantec Endpoint Protection 12.1.1101.401 x86/x64
o Symantec Endpoint Security 12.1.3001.165 x64
o Symantec Endpoint Protection 12.1.4100.4126 x86/x64
o Symantec Endpoint Security 12.1.5337.5000 x64
o Symantec Endpoint Protection 12.1.6168.6000 x86/x64
o Symantec Endpoint Protection 12.1.6318.6100 x86/x64
o Symantec Endpoint Security 12.1.6608.6300 x64
o Symantec Endpoint Protection 12.1.6867.6400 x86/x64
o Symantec Endpoint Protection 12.1.7004.6500 x86/x64
o Symantec Endpoint Protection 12.1.7061.6600 x86/x64
o Symantec Endpoint Protection 12.1.7166.6700 x64
o Symantec Endpoint Protection 14.0.1904.0000 x86/x64
o Kaspersky Endpoint Security 10 for Windows 10.2.4.674
o Kaspersky Security Center Network Agent 10.2.434
o McAfee VirusScan Enterprise 8.8.04001 x86/x64
o McAfee DLP Endpoint 9.3.200.23 x86/x64
o McAfee Drive Encryption - 7.1.0.389 x86/x64
o McAfee Endpoint Encryption for Files and Folders 4.2.0.164 x86/x64
o McAfee Agent - 4.8.0.1500 x86/x64
o McAfee Agent 5.0.5.658 x86/x64
o McAfee Endpoint Security Platform 10.5.0 x86/x64
o McAfee Endpoint Security Threat Prevention 10.5.0 x86/x64
o Sophos Anti-Virus 10.7.2.49 x86/x64
o Sophos AutoUpdate 5.7.220 x86/x64
o Sophos AutoUpdate 5.7.51 x86/x64
o Sophos Endpoint Defense 1.0.0.265 x86/x64
o Sophos Network Threat Protection 1.2.2.50 x86/x64
o Sophos Client Firewall 2.9.5 x86/x64
o Sophos System Protection 1.3.1 x86/x64
o Trend Micro Security Agent 6.0.1204 x86/x64
o ESET Endpoint Security 5.0.2126.0 x86/x64
o Traps 3.4.0.15678 x86/x64
o Traps 3.4.3.19949 x86/x64
o Traps 4.0.0.24417 x86/x64
o ESET Endpoint Security 6.4.2014.0 x86/x64
o FortiClient 5.2.5.0658 x86/x64
o ESET Endpoint Antivirus 6.3.2016.0 x86/x64
o Cisco FireAmp 5.1.1 x86/x64
Enhancements from hot fixes for OSCE XG Patch 1
[Hot fix 1599.u](SEG-6449)
[Hot fix 1632.u](SEG-9002)
[Hot fix 1674.u](SEG-10450)
[Hot fix 1677.u](SEG-10798)
[Hot fix 1681.u](SEG-11437)
[Hot fix 1685.u](SEG-11762)
[Hot fix 1691.u](SEG-11059,SEG-10897)
[Hot fix 1711.u](SEG-13043)
[Hot fix 1717.u](SEG-12977,SEG-13573)
[Hot fix 1722.u](SEG-13367,SEG-13689,SEG-13849)
[Hot fix 1728.u](SEG-14157)
[Hot fix 1730.u](SEG-14234)
[Hot fix 1734.u](SEG-14703,SEG-14684,SEG-14290,SEG-14685)
Enhancement: Third-party Product Uninstallation - The OfficeScan installation program now
automatically removes the following products before installing the OfficeScan client:
The English versions of the following third-party products with the English version of
OfficeScan:
o Symantec Endpoint Protection 12.1.3001.165 x64
o Symantec Endpoint Protection 12.1.6608.6300 x86/x64
o Symantec Endpoint Security 12.1.7004.6500 x86/x64
o Symantec Endpoint Security 12.1.7061.6600 x64
o Symantec Endpoint Protection 12.1.7166.6700 x64
o Symantec Endpoint Protection 14.0.1904.0000 x86/x64
o Symantec DLP 14.6.0100.01043 x64
o System Center Endpoint Protection 4.7.213.0 x86/x64
o ESET File Security 4.5.12017.0 x64 for Server platforms
o ESET Endpoint Antivirus 5.0.2254.0 x64
o ESET Endpoint Antivirus 5.0.2126 x86/x64
o ESET Endpoint Antivirus 5.0.2265 x86/x64
o McAfee Agent 4.6.0.2292 x86/x64
o McAfee Agent 4.8.0.1995 x86/x64
o McAfee Agent 5.0.4.283 x86/x64
o McAfee Agent 5.0.5.658 x86/x64
o McAfee Endpoint Security Firewall 10.2.0 x86/x64
o McAfee Endpoint Security Platform 10.2.0 x86/x64
o McAfee Endpoint Security Threat Prevention 10.2.0 x86/x64
o McAfee Endpoint Security Web Control 10.2.0 x86/x64
o McAfee Endpoint Security Firewall 10.5.0 x86/x64
o McAfee Endpoint Security Platform 10.5.0 x86/x64
o McAfee Endpoint Security Threat Prevention 10.5.0 x86/x64
o McAfee Endpoint Security Web Control 10.5.0 x86/x64
o McAfee Product Improvement Program 1.6.0.623 x86/x64
o McAfee VirusScan Enterprise 8.8.02004 x86/x64
o McAfee VirusScan Enterprise 8.8.08000 x86/x64
o AVG Internet Security 17.5.3022 x86/x64
o Avira Free Antivirus 15.0.29.32 x64
o Pacific Seeds Remote Client 5.2.0.0591 x64
o F-Secure PSB Workstation Security 12.01 x86/x64
o Kaspersky Endpoint Security 10.3.0.6294 x86/x64
o Kaspersky Endpoint Security 10 for Windows 10.2.5.3201 x86/x64
o Kaspersky Security Center Network Agent 10.2.434 x86/x64
o Kaspersky AES Encryption Module 1.1.0.73 x86/x64
o Bitdefender Endpoint Security Tools 6.2.19.899 x64