<> Trend Micro, Inc. April 7, 2008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) 8.0 Patch 3 - build 1834 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: http://olr.trendmicro.com/ Contents ===================================================================== 1. About Trend Micro OfficeScan Corporate Edition 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Files Included in This Release 2. What's New 2.1 Issues Resolved in Patch 3 2.2 Issues Resolved in Patch 2 2.3 Issues Resolved in Patch 1.1 3. Documentation Set 4. System Requirements 5. Installation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement ==================================================================== 1. About Trend Micro OfficeScan Corporate Edition ========================================================================= 1.1 Overview of This Release ====================================================================== This patch contains all hot fixes released after the launch of OfficeScan 8.0 build 1004. This patch also reduces the memory usage of the OfficeScan client by integrating new versions of the Spyware Scan Engine and Virus Scan Engine. After installation of this hot fix, OfficeScan automatically upgrades the Spyware Scan Engine to version 6 and the Virus Scan Engine version to 8.5 (if the original Virus Scan Engine is older than version 8.5). Notes: 1. Please do not roll back the Virus Scan Engine to a version older than 8.5 after applying this patch. 2. Spyware Scan Engine version 6 uses a different Spyware Pattern. After applying this patch, manually update the pattern on the OfficeScan server to make sure OfficeScan gets the latest Spyware Pattern. 1.2 Who Should Install This Release ====================================================================== All users running OfficeScan 8.0 release version (build 1004) and users running the release version with previous patches (patch 1.1, patch 2, SP1 Early Adoption Release 1) should install this patch. 1.3 Files Included in This Release ====================================================================== Module File Name Module Path Build No. ---------------- ----------- ----------- CNTAoSMgr.exe PCCSRV\Pccnt\Common\ 1.0.0.1332 libNetCtrl.dll PCCSRV\Pccnt\Common\ 8.0.0.1834 loadhttp.dll PCCSRV\Pccnt\Common\ 8.0.0.1834 NTRmv.exe PCCSRV\Pccnt\Common\ 8.0.0.1834 OfcDog.exe PCCSRV\Pccnt\Common\ 8.0.0.1834 OfcPfwSvc.dll PCCSRV\Pccnt\Common\ 8.0.0.1834 OfcTmProxy.dll PCCSRV\Pccnt\Common\ 8.0.0.1834 PccNT.exe PCCSRV\Pccnt\Common\ 8.0.0.1834 PccNTMon.exe PCCSRV\Pccnt\Common\ 8.0.0.1834 TmListen.exe PCCSRV\Pccnt\Common\ 8.0.0.1838 Upgrade.exe PCCSRV\Pccnt\Common\ 8.0.0.1837 TmpeUrlF.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmphHttp.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmProxy.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmProxy.exe PCCSRV\Pccnt\Common\ 3.32.0.1072 TmpxCfg.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmpxHelp.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmsmHttp.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmSock.dll PCCSRV\Pccnt\Common\ 8.0.0.1838 tmtdi.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 tmCfwApi.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 tmHash.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmPfw.exe PCCSRV\Pccnt\Common\ 3.32.0.1072 TmPfwApi.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmPfwLog.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 TmPfwRul.dll PCCSRV\Pccnt\Common\ 3.32.0.1072 loadhttp.dll PCCSRV\Admin\Utility\TMVS\ 8.0.0.1834 TMVS.exe PCCSRV\Admin\Utility\TMVS\ 8.0.0.1834 TMNotify.dll PCCSRV\Admin\Utility\TMVS\ 1.3.0.1026 ProductLibrary.dll PCCSRV\CmAgent\ 8.0.0.1834 ProductUI.zip PCCSRV\CmAgent\ En_Utility.dll PCCSRV\CmAgent\ 5.0.0.3002 AtxConsole.ocx PCCSRV\Web_OSCE\Web_console\HTML\root\ 8.0.0.1834 AtxConsole.cab PCCSRV\Web_OSCE\Web_console\HTML\root\ AtxEnc.cab PCCSRV\Web_OSCE\Web_console\HTML\root\ AtxPie.cab PCCSRV\Web_OSCE\Web_console\HTML\root\ logon.htm PCCSRV\Web_OSCE\Web_console\HTML\root\ top.htm PCCSRV\Web_OSCE\Web_console\HTML\root\ ClientHelp.zip PCCSRV\Pccnt\ NTMonRes.dll PCCSRV\Pccnt\ 8.0.0.1834 NTRtScan.exe PCCSRV\Pccnt\ 8.0.0.1834 PccNTRes.dll PCCSRV\Pccnt\ 8.0.0.1834 TmTdi.inf PCCSRV\Pccnt\ TM_CFW.inf PCCSRV\Pccnt\ TM_CFWMP.inf PCCSRV\Pccnt\ Ntrtscan.exe PCCSRV\Pccnt\Win64\X64 8.0.0.1834 PccNt.exe PCCSRV\Pccnt\Win64\X64 8.0.0.1834 client_cfg_manualscan.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ client_cfg_realtimescan.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ client_cfg_scannow.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ client_cfg_schedulescan.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ client_globalsetting.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ SMOutLookPack.exe PCCSRV\Web\ClientUtility\ OFCESCVPack.exe PCCSRV\Web_OSCE\Web\ClientUtility\ SMOutLookPack.exe PCCSRV\Web_OSCE\Web\ClientUtility\ CGIOCommon.dll PCCSRV\Web\Service\ 8.0.0.1834 CGIShare.dll PCCSRV\Web\Service\ 8.0.0.1834 CmdHOConsole.dll PCCSRV\Web\Service\ 8.0.0.1834 DbServer.exe PCCSRV\Web\Service\ 8.0.0.1834 loadhttp.dll PCCSRV\Web\Service\ 8.0.0.1834 OfcDBBackup.exe PCCSRV\Web\Service\ 8.0.0.1834 OfcHotFix.exe PCCSRV\Web\Service\ 8.0.0.1834 OfcNotify.dll PCCSRV\Web\Service\ 8.0.0.1834 OfcNotifyQueue.dll PCCSRV\Web\Service\ 8.0.0.1834 OfcPurgeLog.dll PCCSRV\Web\Service\ 8.0.0.1834 OfcService.exe PCCSRV\Web\Service\ 8.0.0.1834 TMNotify.dll PCCSRV\Web\Service\ 1.3.0.1026 VerConn.exe PCCSRV\Web\Service\ 8.0.0.1834 VSAPI32.dll PCCSRV\Web\Service\ 8.560.1001 logs_delete.htm PCCSRV\Web_OSCE\Web_console\HTML\logs\ logs_virus_detail2.htm PCCSRV\Web_OSCE\Web_console\HTML\logs\ server_cmagent_progress.htm PCCSRV\Web_OSCE\Web_console\HTML\serveradm\ policy_edit.htm PCCSRV\Web_OSCE\Web_console\HTML\PFW\ policy_exception_edit.htm PCCSRV\Web_OSCE\Web_console\HTML\PFW\ AutoPcc.exe PCCSRV\ 8.0.0.1834 AutoPccP.exe PCCSRV\ 8.0.0.1834 ssapiptn.da6 PCCSRV\ SSAPTN.615 PCCSRV\ SVRSVCSETUP.exe PCCSRV\ 8.0.0.1834 VSAPI32.dll PCCSRV\ 8.560.1001 aucomp.xml PCCSRV\Admin\ INSTNT.INI PCCSRV\Admin\ loadhttp.dll PCCSRV\Admin\ 8.0.0.1834 tmuninst.dll PCCSRV\Admin\ 8.0.0.1834 tmuninst.exe PCCSRV\Admin\ 8.0.0.1834 tmuninst.ptn PCCSRV\Admin\ tmun PCCSRV\Admin\ VSAPI32.dll PCCSRV\Admin\ 8.560.1001 ClnPack.ini PCCSRV\Admin\Utility\ClientPackager\ ClnPack.exe PCCSRV\Admin\Utility\ClientPackager\ 8.0.0.1834 CLIENTMSISETUP_MSI PCCSRV\Admin\Utility\ClientPackager\ ClnPack_files.xml PCCSRV\Admin\Utility\ClientPackager\ VSAPI32.dll PCCSRV\Admin\Utility\ClientPackager\ 8.560.1001 setup.inx PCCSRV\Pccnt\disk1 Install.cab PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall RemoveCtrl.cab PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall Setup.cab PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall SetupINI.cab PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall APNT.INI PCCSRV\Autopcc.cfg APNT_IA64.INI PCCSRV\Autopcc.cfg APNT_X64.INI PCCSRV\Autopcc.cfg tdiins.exe PCCSRV\Pccnt\Drv 3.32.0.1072 tmtdi.cat PCCSRV\Pccnt\Drv tmtdi.sys PCCSRV\Pccnt\Drv 3.32.0.1076 TM_CFW.cat PCCSRV\Pccnt\Drv TM_CFW.sys PCCSRV\Pccnt\Drv 3.32.0.1074 ncfg.exe PCCSRV\Pccnt\Drv 3.32.0.1073 tmfilter.cat PCCSRV\Pccnt\Drv tmfilter.sys PCCSRV\Pccnt\Drv 8.500.1002 tmpreflt.inf PCCSRV\Pccnt\Drv tmpreflt.sys PCCSRV\Pccnt\Drv 8.500.1002 tmxpflt.inf PCCSRV\Pccnt\Drv TmXPFlt.sys PCCSRV\Pccnt\Drv 8.500.1002 VsapiNt.inf PCCSRV\Pccnt\Drv vsapiNT.sys PCCSRV\Pccnt\Drv 8.500.1002 tdiins.exe PCCSRV\Pccnt\Drv\X64 3.32.0.1072 tmtdi.cat PCCSRV\Pccnt\Drv\X64 tmtdi.sys PCCSRV\Pccnt\Drv\X64 3.32.0.1076 TM_CFW.cat PCCSRV\Pccnt\Drv\X64 TM_CFW.sys PCCSRV\Pccnt\Drv\X64 3.32.0.1074 ncfg.exe PCCSRV\Pccnt\Drv\X64 3.32.0.1073 tmfilter.cat PCCSRV\Pccnt\Drv\X64 tmpreflt.inf PCCSRV\Pccnt\Drv\X64 tmpreflt.sys PCCSRV\Pccnt\Drv\X64 8.500.1002 tmxpflt.inf PCCSRV\Pccnt\Drv\X64 TmXPFlt.sys PCCSRV\Pccnt\Drv\X64 8.500.1002 VsapiNt.inf PCCSRV\Pccnt\Drv\X64 vsapiNT.sys PCCSRV\Pccnt\Drv\X64 8.500.1002 cgiChkMasterPwd.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 CGIOCommon.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 CGIShare.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiShowClientAdm.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiShowLogs.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiShowPFW.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiShowSmb.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiShowSummary.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiShowUpdate.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 cgiWebUpdate.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 loadhttp.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1834 TMNotify.dll PCCSRV\Web_OSCE\Web_console\CGI 1.3.0.1026 VSAPI32.dll PCCSRV\Web_OSCE\Web_console\CGI 8.560.1001 CGIOCommon.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnMSCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnPSCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 loadhttp.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 VSAPI32.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiexportinfo.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiCAV.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiCheckIP.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiCMAgent.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiImportInfo.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiLog.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnClientCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnClose.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnInst.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnRTCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnScan.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnSpecialLog.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnStart.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnUnst.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnUpd.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiOnUpdate.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRecvFile.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqAlertMsg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqHotFix.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqINI.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqOPP.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqService.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqUnInst.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 cgiRqUpd.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 CGIShare.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.1834 CGIShare.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.0.0.1834 VSAPI32.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.560.1001 js-common.js PCCSRV\Web_OSCE\Web_console\html\common ln_common.js PCCSRV\Web_OSCE\Web_console\html\common configuring_global_settings.htm PCCSRV\Web_OSCE\Web_console\html\help\osce_topics to_set_manual_scan_settings.htm PCCSRV\Web_OSCE\Web_console\html\help\osce_topics to_set_real-time_scan_settings.htm PCCSRV\Web_OSCE\Web_console\html\help\osce_topics to_set_scan_now_settings.htm PCCSRV\Web_OSCE\Web_console\html\help\osce_topics to_set_scheduled_scan_settings.htm PCCSRV\Web_OSCE\Web_console\html\help\osce_topics VSAPI32.dll PCCSRV\Admin\Utility\VSEncrypt 8.560.1001 SSAPI32.dll PCCSRV\Engine 6.0.0.1118 TmEngDrv.dll PCCSRV\Engine 1.6.0.1059 tmCfwApi.dll PCCSRV\Engine 3.32.0.1072 tmHash.dll PCCSRV\Engine 3.32.0.1072 TmPfw.exe PCCSRV\Engine 3.32.0.1072 TmPfwApi.dll PCCSRV\Engine 3.32.0.1072 TmPfwLog.dll PCCSRV\Engine 3.32.0.1072 TmPfwRul.dll PCCSRV\Engine 3.32.0.1072 VSAPI32.dll PCCSRV\Engine 8.560.1001 BPM95.dll PCCSRV\Engine 7.0.0.1004 BPMNT.dll PCCSRV\Engine 8.0.0.1001 MEMBOOT.dll PCCSRV\Engine vscanwin32.com PCCSRV\Engine SSAPI64.dll PCCSRV\Engine\X64 6.0.0.1118 VSAPI64.dll PCCSRV\Engine\X64 8.560.1001 ssapiptn_v6.zip PCCSRV\Download\Pattern ssaptn.zip PCCSRV\Download\Pattern eng850kd.zip PCCSRV\Download\Engine engv850_amd64_ntkd.zip PCCSRV\Download\Engine ssapi32.zip PCCSRV\Download\Engine\ssapi32_v6 ssapi64.zip PCCSRV\Download\Engine\ssapi32_v6 PolicyServer.exe PolicyServer\ 8.0.0.1834 cgiABLogon.exe PolicyServer\Web\Console\cgi 8.0.0.1834 cgiABConsole.exe PolicyServer\Web\Console\cgi 8.0.0.1834 CGIOCommonN.dll PolicyServer\Web\Console\cgi 8.0.0.1834 2. What's New ========================================================================= The new version of the Spyware Scan Engine and Virus Scan Engine uses less computer memory than the previous versions released, thus improving the OfficeScan client's performance. At the time of this release, user mode memory usage reduction is around 20%. Product console updates ======================= In addition to scanning for and taking action against virus/malware, the Virus Scan Engine now shares the task of scanning spyware/grayware with the Spyware Scan Engine. This change in scan behavior introduces the following changes to scan-related options on both the OfficeScan server and client consoles: 1. The following scan settings common to virus/malware and spyware/ grayware in OfficeScan 8.0 have been merged in this release. However, only virus/malware scan settings in your OfficeScan 8.0 server are migrated; spyware/grayware settings are disregarded. a. Scan exclusion settings on the following screens: OfficeScan server console --------------------------------- * Networked Computers > Client Management > Settings > Manual Scan Settings > Target * Networked Computers > Client Management > Settings > Scheduled Scan Settings > Target * Networked Computers > Client Management > Settings > Scan Now Settings > Target OfficeScan client console ------------------------------- * OfficeScan main console > Settings > Manual Scan * OfficeScan main console > Settings > Scheduled Scan b. Scan schedule (frequency/time) on the following screens: OfficeScan server console --------------------------------- * Networked Computers > Client Management > Settings > Scheduled Scan Settings > Target OfficeScan client console ------------------------------- * OfficeScan main console > Settings > Scheduled Scan c. Manual scanning on the "Manual Scan" tab on the OfficeScan client console. An illustration: ---------------- If the virus/malware "Scheduled Scan" setting in OfficeScan 8.0 is set to everyday at 2 PM and the spyware/grayware "Scheduled Scan" is set to everyday at 4 PM, OfficeScan runs Scheduled Scan everyday at 2 PM after applying this patch. This Scheduled Scan setting now scans for spyware/grayware. 2. "Scan method", a scan setting that is specific to spyware/grayware in OfficeScan 8.0, is no longer available in this release. 3. The following scan settings, which are applicable only to virus/ malware scan in OfficeScan 8.0, now applies to spyware/grayware scan. a. "Files to scan", "CPU usage", and all settings under "Scan Settings" (except "Enable IntelliTrap" and "Scan boot area") are on the following screens: OfficeScan server console --------------------------------- * Networked Computers > Client Management > Settings > Manual Scan Settings > Target * Networked Computers > Client Management > Settings > Scheduled Scan Settings > Target * Networked Computers > Client Management > Settings > Scan Now Settings > Target OfficeScan client console ------------------------------- * OfficeScan main console > Settings > Manual Scan * OfficeScan main console > Settings > Scheduled Scan b. All settings under "Scan Settings" (except "Enable IntelliTrap") are on the following screens: OfficeScan server console --------------------------------- * Networked Computers > Client Management > Settings > Real-time Scan Settings > Target OfficeScan client console ------------------------------- * OfficeScan main console > Settings > Real-time Scan c. The following scan settings in the "Global Client Settings " screen on the OfficeScan server console ("Networked Computers > Global Client Settings > Scan Settings"): * Configure scan settings for large compressed files (also includes the two related options below this setting) * Scan up to __ OLE layer(s) * Add "Manual Scan" to the Windows shortcut menu on client computers * Exclude the OfficeScan server database from "Real-time Scan" * Exclude Microsoft Exchange server folders from being scanned 4. The following virus/malware scan settings in OfficeScan 8.0 are still applicable only to virus/malware scan after applying this patch: a. "Enable IntelliTrap" on the following screens: OfficeScan server console ---------------------------------- * Networked Computers > Client Management > Settings > Manual Scan Settings > Target * Networked Computers > Client Management > Settings > Real-time Scan Settings > Target * Networked Computers > Client Management > Settings > Scheduled Scan Settings > Target * Networked Computers > Client Management > Settings > Scan Now Settings > Target OfficeScan client console ------------------------------- * OfficeScan main console > Settings > Real-time Scan * OfficeScan main console > Settings > Manual Scan * OfficeScan main console > Settings > Scheduled Scan b. "Scan boot area" on the following screen: OfficeScan server console --------------------------------- * Networked Computers > Client Management > Settings > Manual Scan Settings > Target * Networked Computers > Client Management > Settings > Scheduled Scan Settings > Target OfficeScan client console ------------------------------ * OfficeScan main console > Settings > Manual Scan * OfficeScan main console > Settings > Scheduled Scan c. "Clean compressed files" on the "Global Client Settings" screen on the OfficeScan server ("Networked Computers > Global Client Settings > Scan Settings"). 2.1 Issues Resolved in Patch 3 ====================================================================== 1. The Check Point SecureClient support tool of Officescan did not detect the installed Check Point SecureClient. Thus, the installation of this support tool was not completed. (Refer to the Post-Installation Configuration section for instructions.) 2. The Login script setup (AutoPcc.exe) file cannot update files when the "OfficeScanNT RealTime Scan" (ntrtscan.exe) or "OfficeScan NT Listener" (tmlisten.exe) service is corrupted and the "OfficeScan Watchdog" service (OfcDog.exe) is running. This issue happens because the "AutoPccP.exe" file fails to unlock files. 3. Settings have been added to allow users to configure the scan action for the "Generic" virus type. (Refer to the Post-Installation Configuration section for instructions.) 4. The system is unable to start the OfficeScan Personal Firewall service after restarting the OfficeScan client. 5. In the "Updates" screen of the OfficeScan Web console, the console shows the number of queued clients exceeding the total number of clients managed by the Server. (Refer to the Post-Installation Configuration section for instructions.) 6. The Trend Micro Control Manager Event Center does not detect when the OfficeScan 8.0 master service starts/stops. 7. A product enhancement for Officescan clients allows users to remove the "Officescan NT Firewall" service and "Common Firewall Driver" when the firewall is disabled from the OfficeScan Web console's product license page. (Refer to the Post-Installation Configuration section for instructions.) 8. After an OfficeScan client uses the "autopcc" command to update its components, the "OfficeScan PccNTMon" system tray icon turns red, and the "TmListen" and "NTRtScan" services on the client stops. 9. The OfficeScan Firewall driver (TM_CFW.sys) may cause an application error. This problem occurs when the fragment packets are not released as it is expected. 10.If the OfficeScan client has "Forbid program upgrade and hot fix deployment" privilege, the MSI client package cannot upgrade this client to a newer version. This patch lets the MSI client package to override the privilege and upgrade the client to a newer version. (Refer to the Post-Installation Configuration section for instructions.) 11.If a client package is used to upgrade and move a client ("move" means assigning a different OfficeScan server to manage the client), information about the OfficeScan server that previously managed the client still displays on the client console. 12.On the OfficeScan Web console's "Manual Scan, Real-time Scan, Scan Now" and "Scheduled Scan" configuration screens, when users select a scan action other than "clean" for "All types" ("All types" means all virus/malware types), users cannot configure the second action. However, the value of the second action is not set to "0" in the backend, which may lead to OfficeScan taking the wrong scan action. 13.When the OfficeScan client "Personal Firewall" service starts on an HP laptop, it sometimes causes a BOSD issue. 14.The OfficeScan client polls a particular directory for the latest pattern file version on a regular interval. It was found that the OfficeScan client wrongly interprets this directory as a remote path. Polling the directory as a remote path takes a long time to complete, and eventually causes problems. 15.OfficeScan clients that were installed by the Client packager are unable to become Update Agents even if the packager enabled the "Update Agent" option. 16.NTRtScan causes a handle leak when updating the spyware/grayware approved list. 17.When the OfficeScan client packager executable file performs an installation on an X64 platform, the installations fails. 18.The OfficeScan client's TDI driver may cause a Blue Screen of Death (BSoD) if the computer is running Windows Server 2003 without any Service Pack. Note: Computers running Windows server 2003 SP1 and SP2 are not affected by this issue. 19.In OfficeScan 8.0, the name of the OfficeScan firewall service is "OfficeScan NT Firewall". The name of this service in OfficeScan 7.x is "OfficeScanNT Personal Firewall". After upgrading a client from OfficeScan 7.x to 8.0, the name of the firewall service is still "OfficeScanNT Personal Firewall". 20.If the OfficeScan client computer has more than 300 IP addresses, the Client Listener service may encounter an application error when the client reports these IP addresses to the server. 21.In some network environments, the OfficeScan NT Listener service (TmListen.exe) cannot download hot fix files from the OfficeScan server. The OfficeScan client program may become corrupted if the download process fails. 22.A virus pattern version number has both long and short name formats. When the "OfficeScan Control Manager Agent" service (OfcCMAgent.exe) sends the virus pattern version to the Trend Micro Control Manager server, it uses the long name format, which results in virus logs that do not contain Virus Pattern information when doing a query on the Control Manager database. 23.When the OfficeScan server sends virus logs to the Control Manager server, the "Computer Name" field displays the OfficeScan client computer names and not the OfficeScan server computer name. 24.The administrator receives a notification on cookie detection when the client detected Cookie spyware. This still happens even if the "Count cookie into spyware log" option in the "Global Client Settings" page is unchecked. 25.The server console client tree shows the incorrect spyware pattern version format. For example, x.01 is shown as x.1. The exported logs also show the incorrect version format. 26.The "System Information" table under the "Product Directory" page does not display the firewall information. This happens because the OfficeScan server does not send firewall information to the Control Manager server. 27.The OfficeScan firewall generates PFG files when access rules or GSS rules are matched. However, there is no purge mechanism for PFG files. This patch provides a way to disable PFG file generation. (Refer to the Post-Installation Configuration section for instructions.) 28.OfficeScan outbreak alert criteria and outbreak notifications do not match. The virus/malware count in the outbreak notification email is less than the outbreak alert criteria. 29.The "NT RealTime Scan" service does not launch TSC.exe when the service starts since it slows down the boot-up process of the client machine. (Refer to the Post-Installation Configuration section for instructions.) 30.Added auto uninstallation support for the following antivirus products: - Add more Symantec version - F-Secure Client Security 7.10 - Sophos 7.0.6 31.A vulnerability may allow attackers to trigger a buffer overflow and execute arbitrary code using Web user privileges. 32.A vulnerability may allow attackers to trigger a null pointer defect and cause the target child process to quit and potentially cause denial of service conditions. 2.2 Issues Resolved in Patch 2 ====================================================================== 1. Update Agents might not update from the OfficeScan server even if the option "Always update from standard update source (OfficeScan server)" is selected. 2. The timing issue of OfficeScan client tmlistener service read and write proxy settings from registry is not correct. 3. Backing up the OfficeScan database to a remote path is unsuccessful if the database server takes more than 10 minutes to respond. (Refer to the Post-Installation Configuration section for instructions.) 4. The OfficeScan virus outbreak notification email does not list the domain name of the infected computer correctly. 5. After applying this patch, the correct spyware/grayware name and scan result displays in place of the "%T" token variable. 6. The OfficeScan NT Real Time Scan service stops unexpectedly during component updates. 7. Opening the OfficeScan client console on a client machine causes CPU and memory utilization issues. 8. The OfficeScan 8.0 "Control Manager Agent" service stops unexpectedly when sending logs to Trend Micro Control Manager because of a synchronization issue. 9. OfficeScan Clients do not follow the update settings specified on the OfficeScan "Updates > Networked Computers > Update Source" screen. 10. The virus/malware logs of clients no longer managed by the OfficeScan server are still available after the OfficeScan database is backed up. 11. On systems running the 32-bit Vista operating systems with Microsoft Office 2008, the OfficeScan 8.0 client Web installation encounters issues near the end of the installation. 12. Installing Hot Fix 1116 causes unsuccessful OfficeScan 8.0 client Web installation. 13. When customers use the "svrsvcsetup.exe -enablessl" command to enable SSL, the "Master_SSLPort" and "Master_EnableSSL" key settings in the "ofcscan.ini" file do not synchronize with the "SSLPort" and "EnableSSL" settings in the "OfUninst.ini" file. (Refer to the Post-Installation Configuration section for instructions.) 14. When using a client package executable file to upgrade an OfficeScan client from version 5.58 to 8.0, the client still registers server as version 5.58 after the upgrade. 15. The OfficeScan Client Listener service behaves unexpectedly when the service runs in a debugging application. 16. The OfficeScan client installation package (.EXE file) cannot be launched on a 64-bit computer. 17. The wrong language code sometimes displays in the Control Manager server product console. 18. When the OfficeScan server sends spyware/grayware notification email with the "%T" token variable, the email gets dropped if the target mail server is Qmail. 19. OfficeScan 8.0 does not send the correct action result code for the spyware log to Trend Micro Control Manager. 20. Trend Micro OfficeScan Monitor (Pccntmon.exe) process may exit after the system starts up in Microsoft Vista. This problem only happens with Vista since it automatically enables the User Account Control (UAC). 21. The "TmProxy.exe" file may not function as expected, especially in a multiprocessor environment. 22. The OfficeScan firewall generates PFG files when access rules or GSS rules are matched. However, there is no purge mechanism for PFG files. (Refer to the Post-Installation Configuration section for instructions.) 23. The "VerConn.exe" file program of OfficeScan 8.0 crashes under certain conditions. 24. On the OfficeScan Web console, when selecting a log type for deletion (such as real-time scan log) for a specific client, the result shows that no logs were deleted. 25. Added automatic uninstallation support for the following antivirus products: - Symantec(TM) Client Security 2.0.5.1000 - eTrust 8.0.403, ITM 8.1 - F-secure(TM) 2005, 2006, 2008, 2008 26. After modifying the scan action for the "Others" virus/malware type on the OfficeScan Web console, the specified scan action does not get applied to the OfficeScan client. 27. If the OfficeScan client has multiple IP addresses, the "cgiCheckIP.exe" process of OfficeScan server may not respond within one minute when checking the client IP address. (See section 6.9 "Post-Installation Configuration" for details.) 28. The OfficeScan client "Tmproxy" component encounters timeout errors when waiting for the ACK from the Hotmail server. 29. After applying the patch, OfficeScan clients write temporary files to the client folder rather than to the Windows root drive. Thus, this situation resolves the offline issue caused by the failure to write temp files. 30. The patch resolves the issue wherein the administrator is unable to configure the clients to become an update agent or a normal client if the "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp \CurrentVersion\Misc.\RemoteUpdateAgent" registry key is present. 31. The OfficeScan Web console redirects the Web page to the default log on page when the session times out. However, the session key and cookie data remain unchanged. 32. Administrator privileges are required for OfficeScan clients that use log on scripts to perform updates. After applying this patch, administrator privileges are no longer required when an OfficeScan client performs an update. 33. This patch adds an INI value that allows users to include the logon user name when virus logs are sent to the Trend Micro Control Manager server. (Refer to the Post-Installation Configuration section for instructions.) 34. The OfficeScan client firewall may conflict with the Active Directory protocol when the computer starts up, causing a longer logon time. This patch delays the OfficeScan firewall start time to prevent delays when logging on to the system. (Refer to the Post-Installation Configuration section for instructions.) 35. When OfficeScan client is installed using an MSI client package, the client files created are modified to the current computer time, which prevents future hot fix installations. 2.3 Issues Resolved in Patch 1.1 ====================================================================== 1. In OfficeScan clients, "OSCEProt.dll" hooks "LoadLibraryA", "LoadLibraryW", "LoadLibraryExA", "LoadLibraryExW", "GetProcAddress", and "TerminateProcess", causing the Windows Vista Activation process to abort. 2. Some Policy Server files could not be removed by using the Add or Remove Programs menu. 3. The OfficeScan client regularly polls a particular directory for the latest pattern file version. This situation occurs because the OfficeScan client incorrectly interprets this directory as a remote path. Polling the directory as a remote path takes a longer time to complete and eventually causes problems. 4. After applying this patch, Tmlisten no longer monitors the IP route table changes and only monitors IP changes, which resolves the following issues: - Tmlisten sends ARP requests to the gateway server every 30 seconds, which results in ARP flooding. - Tmlisten monitors changes to the IP and IP route table. IP route table change is an event signaled by the Windows operating system. Frequent changes to the IP route table triggers the OfficeScan client to infinitely request "cgiOnStart"/"cgiCheckIP"/ update configuration, which impacts memory usage. 5. Trend Micro Vulnerability Scanner (TMVS) for OfficeScan 8.0 cannot recognize earlier versions of the OfficeScan client program. TMVS shows that the antivirus product (OfficeScan 7.3 or earlier versions) on target computers is unknown. 6. When sending OfficeScan client registration logs to the Trend Micro(TM) Control Manager(TM) server, the Control Manager Agent may incorrectly replace Spyware Pattern information with Virus Pattern information. 7. The OfficeScan Web console may crash when sorting OfficeScan clients on the client tree by IP addresses. This is caused by an error in the "SortBySeperatedNumber" function, which then causes problems with the OfficeScan ActiveX control. 8. When the OfficeScanNT RealTime Scan service (NTRtScan.exe) starts, it calls "SSAPIFacade" to initialize the Spyware Scan Engine. A problem with "SSAPIFacade" causes failure in starting "NTRtScan.exe", and eventually crashes the service. 9. Resolves the potential security issues in the Trend Micro OfficeScan server CGI modules. - A buffer overflow vulnerability which can allow attackers to execute arbitrary code with privileges of the web user. - A vulnerability of bypassing the logon password authentication of THE OfficeScan Management Console by sending crafted HTTP headers. 10. The Plug-in Manager for the OfficeScan 8.0 client program may sometimes crash. 11. The IntelliTrap description window incorrectly shows the IntelliScan information in the manual scan setting, real-time scan setting and scheduled scan setting. 12. Microsoft Outlook mail scan tool is unable to update the scan engine after clicking "Update Virus Scan Engine". 13. In the "General Settings" page of the OfficeScan Web console ("Notification > Administrator Notifications > General Settings"), the "From" field under "Email Notification" accepts a full email address (OfficeScan@trend.com) or display name (OfficeScan). Along with the email address, the OfficeScan server automatically adds the date on the "From" line of the message when the notification message was sent. The "From" line contains double quotes. Some email servers cannot handle the double quotes and are unable to send the message to the intended recipient. 14. The machine fails to create object for "MSXML::DOMDocument", and the OfficeScan client program did not handle the error well, which causes a memory access violation. 15. The OfficeScan client scan exclusion list for spyware/grayware does not display the settings (enable/disable) correctly. 16. On OfficeScan Web console, when selecting one log option for deletion (for example, real-time scan log) and upon checking the result, the console displays that all logs were deleted. 17. After installing OfficeScan 8.0, OfficeScan attempts to register to Control Manager 3.5. The registration progress on the OfficeScan Web console remains "in progress". The progress never displays "complete". 18. The "Update now" function may fail when OfficeScan client users configure proxy settings (user name and password) to connect to the OfficeScan server and update components. This is because "TmListen.exe" does not check proxy user name and password information before triggering the "Update Now" function. 19. Deploying a firewall exception rule with a port list with more than 128 characters causes startup issues with TmListen. 20. The OfficeScan administrator can configure an option to display a notification message if the client computer needs to restart to load a kernel mode driver. The notification setting fails if the OfficeScan client is upgraded using client packager. Users always see the restart message even if the administrator has disabled the notification. 21. The OfficeScan client installation program cannot remove competitor antivirus software on x64 platforms. 22. The OfficeScan TDI driver (tmtdi.sys) may cause memory leak due to low kernel memory availability. 23. When using an MSI package to upgrade an OfficeScan client to version 8.0, an error occurs. 24. OfficeScan cannot automatically remove Norman Virus Control 5.90. 25. This resolves the issue wherein the OfficeScan client icon incorrectly indicates that the client is disconnected from the server. This issue sometimes occurs when the network is unstable. 26. Computers with multiple Network Interface Cards (NIC) may report their IP address as 0.0.0.0 when shifting from normal mode to roaming mode. The problem arises when the client on roaming mode reports its first IP address without checking the value. 27. The Management Communication Protocol (MCP) agent for OfficeScan does not register to Control Manager correctly. 28. The OfficeScan Firewall driver (TM_CFW.sys) may cause MicroSoft Windows blue screen issue. This is caused by the the IPQueue double free problem, which occurs when the last packet of IPQ arrives and IPQ expires at same time. 29. The OfficeScan Firewall driver (TM_CFW.sys) may cause MicroSoft Windows to crash. This is the kernel stack overflow problem, which occurs while connecting to VPN. 30. The OfficeScan server uses GMT+0 when sending notification messages through email. If the email program does not convert the time to the local time, a user may not see the correct time on the email. 31. When the "Display a notification message if the client computer needs to restart to load a kernel mode driver" setting is modified from the OfficeScan server Web console, the setting does not cascade to OfficeScan clients. 32. After clicking "log off" on the OfficeScan 8.0 Web console, the session key is not deleted due to COOKIE parsing error. Thus, users might bypass authentication and log on to the OfficeScan 8.0 Web console. 33. When the setting of the OfficeScan server log maintenance changes, it deletes the logs older than 30 days despite the change in settings. 34. On 32-bit Vista platforms with Microsoft Office 2008, the OfficeScan 8.0 client Web installation encounters an issue near the end of the installation. The issue is due to a memory access violation on 32-bit Vista platforms with Microsoft Office 2008. 35. OfficeScan client users may need to restart their computers after updating the Virus Scan Engine. (Please refer to "Post-Installation Configuration" section for instructions on running the "TmPreFilter" driver in MiniFilter mode to resolve this issue.) 36. The OfficeScan client icon does not display engine/pattern versions. 37. After applying this patch, the window of OfficeScan client component versions displays the pattern release date. 3. Documentation Set ========================================================================= In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide -- product overview, installation planning, installation and configuration instructions, and basic information intended to get you "up and running." Electronic versions of the printed manuals are available at: www.trendmicro.com/download/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ========================================================================= If users are also using Control Manager server, please update Control Manager server to version 3.5 Patch 4 or higher. 5. Installation ========================================================================= This section explains key steps for installing the patch. 5.1 To automatically deploy this patch: ====================================================================== 1. Copy the "OfficeScan 8.0 Patch_3" package to a temporary folder (for example, C:\temp). 2. Double-click the file and then select "Install". The system automatically copies the updated modules to the correct destination. Note: The Common Firewall module updates are optional. However, if you are unable to install the Common Firewall module during the patch installation, contact Trend Micro to request for the hot fix that has the latest firewall driver and apply it to your system. After the time stamp on the server files changes, the OfficeScan server automatically notifies clients to download the updated files. 5.2 To manually roll back to the original configuration: ====================================================================== This patch installation package rolls back the OfficeScan server automatically if it encounters any problems during installation. If you encounter any problems after installation, you can manually roll back the OfficeScan server to its original configuration. 1. Locate the backup folder that the patch package created in the "\PCCSRV\Backup\Patch3_B1834" directory. 2. Stop the OfficeScan server master service and Control Manager Agent service. 3. Copy all files and folders from "\PCCSRV\Backup\Patch3_B1834" to the "\PCCSRV" folder. 4. Start the OfficeScan server master service and Control Manager Agent service. 5. Locate the following file : "\PCCSRV\Backup\OSCE_8.0_Patch3_RollBack.exe" 6. Run the file. It changes the client modules timestamp to the current system time and forces clients to download these modules. 7. Perform a manual update on the OfficeScan server because some components also rolled back to old versions. 6. Post-Installation Configuration ========================================================================= 1. For the issue where the Check Point SecureClient is not detected, users need to apply the patch and then delete the old "OFCESCVPack.exe" file under the OfficeScan Client directory. Then, on the "Toolbox" tab in the OfficeScan Client console, click the "Install Tool" button to download the new version of the "OFCESCVPack.exe" file. 2. To configure and deploy scan action for "Generic" virus type to OfficeScan clients, do the following: a. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. b. Under the "[Global Setting]" section, add the following keys and assign the appropriate value to each key. [Global Setting] 1stActForGenericVirus={x} 2ndActForGenericVirus={y} Where: {x} is the first action {y} is the second action Replace {x} and {y} with the value corresponding to the scan action you want to use: 0 - Pass (permanent) 1 - Rename 2 - Move 3 - Clean 4 - Delete 5 - Pass (temporary) - this is the default action in OfficeScan 8.0 c. Open the OfficeScan Server Web console and go to "Networked Computers > Global client settings" screen. d. Click "Save" to deploy the setting to clients. IMPORTANT: OfficeScan client users with the privilege to configure scan actions must set the action to "Custom Action" and not "ActiveAction" to make sure the scan action you configured deploys to the client. "ActiveAction" has a higher priority and overrides "Custom Action". 3. In the Updates screen of the OfficeScan Web console, if it shows the number of queued clients exceeding the total number of clients managed by the Server, do the following steps to expand the queued clients search count: Adds a new key to the "ofcscan.ini" file. This key allows users to change the search queue algorithm to settings that fit their needs. [INI_SERVER_SECTION] Max_Search_Queue=XXX The default value is 1000. The default value provides good performance provided the network does not exceed the number queued clients. Setting the value to "-1" directs OfficeScan to search all notifications in the current queue. Performance results vary according to the number of queued clients. 4. To let Officescan clients remove the Officescan NT Firewall service and Common Firewall Driver when the firewall is disabled from the OfficeScan Web console's product license page, do the following: a. Add the following line to "ofcscan.ini", under "Global Setting": [Global Setting] RmvPFWifDisabled={x} Replace "x" with one of the following values: 0 - When the OfficeScan Firewall is disabled on the Web console, all clients will NOT remove the Officescan NT Firewall service and Common Firewall Driver. 1 - When the OfficeScan Firewall is disabled on the Web console, all clients will remove the Officescan NT Firewall service and Common Firewall Driver on the next Officescan client startup. When the firewall is enabled again, all clients will install the firewall service and driver. b. Open the OfficeScan server Web console and go to "Networked Computers > Global client settings" screen. c. Click "Save" to deploy the setting to clients. 5. If you want to turn off the "MSI package override privilege" function after applying this patch: a. Open the "ofcscan.ini" file found on the OfficeScan server's "\PCCSRV" folder. b. On the "INI_CLIENT_SETUP_SECTION" section, add the following key: NOPROGRAMUPGRADE=1 c. Save the file and proceed with creating the MSI client package. 6. To disable PFG file generation: a. On the OfficeScan server computer, open "ofcscan.ini". b. Modify the following line: [Global Setting] PFWLogEventFlag=x Where "x" can be any of the following values: 0 = PFG files will not be generated and all existing PFG files will be deleted. 1 = PFG files will be generated. The default value is 0. c. On the Web console, go to "Networked Computers > Global Client Settings". Click "Save" to deploy the setting to clients. 7. To disable/enable the TSC scan when the NT RealTime Scan service starts, do the following : a. On the OfficeScan server computer, open the "ofcscan.ini" file. b. Locate the following setting and modify its value: [Global Setting] DisableTSCAtStart=1 (1 : disable TSC ; 0 : enable TSC) c. On the Web console, go to "Networked Computers > Global Client Settings". Click "Save" to deploy the setting to clients. Legacy Post-Installation Configuration steps for previous Patches ====================================================================== 1. Updating the Common Firewall Driver resets all port configurations and disconnects the applications. Applications that can reconnect on their own will be connected. For applications that cannot reconnect, perform manual reconnections. 2. On the Windows 2000 platform, OfficeScan client users need to restart their computers after applying this patch to load the new Firewall driver version to the computers. 3. Before creating an MSI package by Client Packager to upgrade OfficeScan, add the following key to the "ofcscan.ini" file under the "[INI_CLIENT_SETUP_SECTION]" section: BypassServerChecking=1 Before launching the MSI package to upgrade an OfficeScan client, change the client's Server and ServerPort registry values in the "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp \CurrentVersion" to point to the OfficeScan 8.0 server. 4. Modify the "RefHostsChkMode" value in the "ofcscan.ini" file on the server: a. Stop the OfficeScan master service. b. Add the following with a timeout value to "ofcscan.ini": [Global settings] RefHostsChkMode=0 0 - Use this value if you want the OfficeScan client to both telnet and send "cgiOnStart.exe" to the OfficeScan server. If the action is successful, the client status will appear as "online", and then automatically apply a suitable firewall policy. 1 - Use this value if you want the OfficeScan client to telnet to the OfficeScan server. If the action is successful, the client status appears as "online", and then automatically applies a suitable firewall policy. c. Start the OfficeScan master service. d. Deploy to clients. 5. To address the restart issue, the OfficeScan client has to unload the Virus Scan Engine's "TmPreFilter" driver when this driver runs in "MiniFilter" mode. The following platforms support running the TmPreFilter driver in MiniFilter mode: - Windows(TM) Server 2003 Service Pack 1 - Windows XP Service Pack 2 - Windows Vista To run the TmPreFilter driver in MiniFilter mode: a. Open the Registry Editor. b. Locate the following registry key: HKLM\SYSTEM\CurrentControlSet\Services\TmPreFilter\Parameters\ EnableMiniFilter(DWORD). c. Set the key value to "1". TmPreFilter runs in MiniFilter mode the next time the computer starts. 6. Restart OfficeScan client computers after applying this patch to load the new TDI driver version to the computers. 7. To extend DB backup processing task waiting time: ------------------------------------------------------------------ Add a retry count in the following DWORD registry value. HKLM\SOFTWARE\TrendMicro\Database Backup\RemoteBackupWaitDbPackCount If the above registry value does not exist or if it exists and the data equals 0, the original behavior is preserved (no retry). If the above registry exists and the data equals N, then the database backup module waits (N * 10) minutes for the database server to finish packing the database. Tip: To ensure a successful remote database backup, Trend Micro suggests setting the registry value to 12 (2 hours). 8. To enable SSL using command line "svrsvcsetup.exe -enablessl": ------------------------------------------------------------------ After applying this patch, if you want to enable SSL, configure the "OfUninst.ini" file before running the "SVRSVCSETUP.exe -enablesssl" command. [SSL] EnableSSL=1 SSLPort=4343 The "SVRSVCSETUP.exe" program enables the SSL and sets the Web console port to 4343. If the OfficeScan server is registered to a Control Manager server, you need to click the "Update Settings" button on the Control Manager Settings screen of the OfficeScan server Web console. This function allows the single sign-on function of Control Manager to work properly. 9. To add the "LoadHttpTimeoutSecond" value in the "ofcscan.ini" file: ------------------------------------------------------------------ a. On the OfficeScan server computer, stop the OfficeScan master service. b. Open the "ofcscan.ini" file, which is typically found in "C:\Program Files\Trend Micro\OfficeScan\PCCSRV". c. Add the following lines to the file: [Global Setting] LoadHttpTimeoutSecond=timeout_value The timeout value is expressed in seconds. The default value is 60 and the maximum value is 3600. If you specify a value higher than 3600 or lower than 60, the default value of 60 will be used. d. Start the OfficeScan master service. e. Open the OfficeScan Web console, go to "Networked Computers > Global Client Settings" and click "Save" to deploy the settings to clients. The setting deploys to the following registry key on the client computer: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\LoadHttpTimeoutSecond 10. To show "logon user name" in the Virus log: ------------------------------------------------------------------ After applying this patch, the following setting is added to the "ofcscan.ini" file: [INI_VIRUSLOG_SECTION] ViewLogonName=1 (default value 0) When the setting is "1", the logon name displays on the Virus/ Malware Log Details page. 11. To disable PFG file generation of the OfficeScan NT Firewall service: ------------------------------------------------------------------ After applying this patch, a user can use the following registry value to disable PFG file generation. Key: HKLM\SOFTWARE\TrendMicro\NSC\PFW Name: LogEventFlag Type: REG_DWORD Data: 0 After the "TmPfwLog.dll" is deployed to OfficeScan clients, add this registry value and restart the OfficeScan NT Firewall service to disable PFG file generation. 12. To provide a workaround solution by disabling the Real-time Scan service or delaying Real-time Scan service from starting at start up: ------------------------------------------------------------------ Add a registry key to delay Real-time Scan service from starting at start up. a. Open the Registry Editor. b. Go to "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp\ CurrentVersion\Real Time Scan Configuration\". c. In the "NTRtScanInitSleep" registry key, change the value to 60000 (DWORD, Decimal). Note: The unit is in milliseconds. 13. To send the login user name in the virus log to TMCM server: ------------------------------------------------------------------ After applying the patch and modifying values in the "ofcscan.ini" file, the Control Manager Agent of OfficeScan 8.0 transfers the login user name in the virus log to Trend Micro Control Manager server. The following is added to ofcscan.ini: [INI_VIRUSLOG_SECTION] ViewLogonName=0/1 default 0 When the setting is "1", the logon name is displayed on the TMCM virus log page. After the configuration changes, restart the TMCM agent service to let the settings take effect. 14. To set an option on the firewall service that delays the startup of firewall service based on a particular time frame: ------------------------------------------------------------------ a. To enable the delay option of the firewall service, for each OfficeScan client, manually add a new DWORD registry value "InitSleep" under "HKLM\SOFTWARE\TrendMicro\NSC\PFW". For example, set the value to 60000 if the delay is 60 seconds. The new setting takes effect when the service is restarted. b. To enable the delay option globally: * Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server. * Under the "[Global Setting]" section, add the "OfcPfwSvcInitSleep" key and assign it a value of your choice. For example: [Global Setting] OfcPfwSvcInitSleep=60000 #delay 60 seconds * Open the OfficeScan server management console and click "Client > Global client settings" on the sidebar to access the "Global client settings" page. * Click "Save" to deploy the setting to clients. 7. Known Issues ========================================================================= - After applying this patch, the Spyware Scan Engine version in the "Summary" screen on the OfficeScan Web console changes from "5.x.xxxx" to "6.x.xxxx". Clients already installed with this patch -- and therefore using version 6.x.xxxx -- are counted under "Updated". The Spyware Scan Engine for clients not yet installed with this patch is considered "Outdated". - Clients not yet upgraded to this version will not be able to update to the latest Spyware Pattern file. - The Manual Scan progress screen may display directories not specified as scan target (usually windows folder). - Scan exclusion settings for spyware/grayware are disregarded after installation. Only virus/malware scan exclusion settings are retained and OfficeScan uses these settings when scanning for both virus/malware and spyware/grayware. - Installing this patch automatically restarts the OfficeScan Master Service and Web service (World Wide Web Publishing Service or Apache2 Service). Avoid installing the patch when an important task (such as a component update) is running. - Any hot fix below 1834 cannot be applied after this patch. - Prior to applying this patch, if users applied any hot fix package after Hot Fix 1236, the fix no longer works after patch 3 is applied. Request for a new fix for patch 3 from Trend Micro. - Updating the Common Firewall Driver resets all port configurations and disconnects the applications. Applications that can reconnect on their own will be connected. For applications that cannot reconnect, perform a manual reconnection. - On the Windows 2000 platform, OfficeScan client users need to restart their computers after applying this patch to load the new Firewall driver version to the computers. - The OfficeScan TDI driver is updated with the Common Firewall Driver when applying this patch. After the TDI driver is updated, a notification message prompts client users to restart their computers to load the new driver. The OfficeScan Web Reputation function will not work until the client computer is restarted. If you do not use the Web Reputation function in your organization or if you do not want to display the notification message on each client computer, open the Web console, go to ¡§Networked Computers > Global Client Settings¡¨ and disable the setting "Display a notification message if the client computer needs to restart to load a kernel mode driver". - After applying this patch, OfficeScan server version now shows as 8.01 on the Control Manager console. This is because OfficeScan patch 3 needs a different spyware pattern than before, so it uses a different version to register to Control Manager server. - This release does not support client installation using remote installation on Windows Vista Home Basic, Vista Home Premium, and XP Home. - This release does not support client installation using TMVS on Windows Vista Home Basic, Vista Home Premium, and XP Home. - OfficeScan client installation using the Web installation method on Windows Vista Home Basic, Vista Home Premium, and XP Home requires the following: - Logon to Windows with the built-in administrator account. - Launch a browser window as Administrator. - Add the OfficeScan server URL as a trusted site. - Change the Internet Explorer security setting under "ActiveX controls and plug-ins" to enable "Automatic prompting for ActiveX controls". - During OfficeScan client installation, allow ActiveX control installation - OfficeScan client installations using the silent mode on Windows Vista Home Basic, Vista Home Premium, and XP Home requires the following: - Run the command prompt as Administrator - When the "Client Console Access Restriction" is disabled on a Citrix server, notification messages display simultaneously in each logon session. - When the security level on a Citrix server is medium or high: - OfficeScan clients installed on the Citrix server require port configuration. - Computers with OfficeScan clients installed used to log on to the Citrix server also require port configuration. 8. Release History ========================================================================= OfficeScan product updates are available at: http://www.trendmicro.com/download 9. Contact Information ========================================================================= A license to the Trend Micro software usually includes the right to product updates,pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ========================================================================= Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2008, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Trend Micro Control Manager, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ========================================================================= Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide