Trend Micro, Inc. January 22, 2010 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1 Patch 5 - Build 3510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: http://olr.trendmicro.com/ Contents ==================================================================== 1. About OfficeScan 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 2.3 Resolved Known Issues in Patch 4 2.4 Resolved Known Issues in Patch 3.1 2.5 Resolved Known Issues in Patch 2 2.6 Resolved Known Issues in Patch 1 3. Documentation Set 4. System Requirements 5. Installation/Un-installation 5.1 Installation Notes 5.2 Installation 5.3 Un-installation 6. Post-installation Configuration 6.1 Post-installation Configuration Steps for Patch 5 6.2 Post-installation Configuration Steps for Patch 4 6.3 Post-installation Configuration Steps for Patch 3.1 6.4 Post-installation Configuration Steps for Patch 2 6.5 Post-installation Configuration Steps for Patch 1 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About OfficeScan ======================================================================== Trend Micro OfficeScan is a centrally-managed software, protecting desktop and laptop computers from security risks. OfficeScan protects your organization's networked computers from viruses/ malware and malicious code, including file viruses, macro viruses, and malicious Java applets and ActiveX controls. Using OfficeScan, client computers can get rid of spyware and grayware. OfficeScan also has a built-in firewall that can block traffic coming from suspicious sources. 1.1 Overview of this Release ===================================================================== Patch 5 includes fixes to issues discovered after the release of OfficeScan 8.0 Service Pack 1. It also enhances the Scheduled Scan function. Refer to Section 2, What's New, for details. Hot fixes released after build 3510 are not included in this patch. Users who have applied any hot fix package released after hot fix 3510 need to sequentially reinstall these hot fix packages after installing this patch. 1.2 Who Should Install this Release ===================================================================== Install this patch if you are currently running ANY of the following: - OfficeScan 8.0 Service Pack 1 - OfficeScan 8.0 Service Pack 1 with Patch 1 - OfficeScan 8.0 Service Pack 1 with Patch 2 - OfficeScan 8.0 Service Pack 1 with Patch 3.1 - OfficeScan 8.0 Service Pack 1 with Patch 4 If you do not have the service pack installed, download the installer at the following location: http://www.trendmicro.com/download/ product.asp?productid=5#servicepack 2. What's New ======================================================================== This patch addresses the following issues and includes the following enhancements: 2.1 Enhancements ============================================================================= The following enhancements are included in this patch: Enhancement 1: Patch 5 adds Microsoft(TM) Windows(TM) 7 platform support for OfficeScan clients. Please be sure to update the following drivers to Windows 7 compatible version: - Virus Scan Engine (8.952 or higher) - Virus Cleanup Engine (6.2.1016 or higher) - Anti-rootkit Driver (2.8.1063 or higher) - Common Firewall Driver(NSC) (5.8.1092 or higher) "Virus Scan Engine" and "Virus Cleanup Engine" can be updated from TrendMicro ActiveUpdate server. The "Anti-rootkit Driver" and "Common Firewall Driver(NSC)" are included in this patch. Notes: Updating the Common Firewall Driver may cause a short network disruption on client. The TDI driver which is updated with Common Firewall Driver requires a system reboot to load the new driver. Please refer to Section 5.1 for more information. This patch provides a function to allow OfficeScan clients to update the Common Firewall Driver only after the system reboots. This can avoid network disruption when updating the Common Firewall Driver. Please refer to Post-installation section 6.1.9. Enhancement 2: Patch 5 adds a new function to enable OfficeScan clients to check the file MD5 checksum when retrieving file from OfficeScan server. This prevents clients from getting corrupt files from the server. Note : This function does not work if the patch is deployed on clients because clients are still using an old version of this patch. It will only work when the latest hot fix and patches are applied. Enhancement 3: Users who configure standard alerts can use "%i" to display the infected computer's IP address on the alert message. Enhancement 4: When OfficeScan client is installed, it automatically removes the following products first: - Authentium(TM) Command AntiVirus for Windows Enterprise 4.9x - Computer Associates (CA) eTrust(TM) Antivirus 8.1.655 - eScan(TM) for Windows 8.0.653.1 - ESET(TM) NOD32(TM) Antivirus build 3.0.642 - ESET NOD32 Antivirus 3.0.667.0 - ESET NOD32 Antivirus 3.0.684.0 - F-Secure(TM) Anti-Virus Client Security 6.03 - F-Secure Client Security 7.0 - F-Secure Client Security 7.10 - F-Secure Client Security 8.00 - F-Secure Client Security 8.01 - F-Secure Client Security 8.01.133 - Kaspersky(TM) Anti-Virus 6.0.3.837 - McAfee(TM) Total Protection - McAfee ePolicy Agent 3.6.0.574 - McAfee VirusScan Enterprise 8.7.0.570 - Norman(TM) Security Suite 7 - Norman Virus Control 5.99.0600 - Panda(TM) Endpoint Agent 5.02.00.0004 - Symantec 11.0.780.1109 Endpoint Protection - Symantec 11.0.2010.25 Endpoint Protection MR 2 - Symantec Endpoint Protection 10.1.8000.8 - Symantec Endpoint Protection 11.0.3001.2224 - Symantec Endpoint Protection 11.0.4000.2295 - Symantec Endpoint Protection 11.0.4202.75 - Symantec 11.0.4000.2295 Endpoint Protection 64-bit Edition Enhancement 5: Users can specify another update schedule for offline OfficeScan clients. When clients are online, they use the original scheduled update settings. Once clients go offline, they can switch to the new scheduled update settings. Offline clients are clients that are not connected to the server because of reasons such as: - the clients are disconnected from the office network - the OfficeScan server is not up and running Refer to section on Post-installation for detailed configuration steps to specify another update schedule for offline OfficeScan clients. Enhancement 6: Patch 5 introduces the following Scheduled Scan enhancements. Refer to the online help for details about these enhancements. The Scheduled Scan enhancements were introduced since OfficeScan 8.0 Service Pack 1 with Patch 1) Postpone Scheduled Scan ----------------------- Users with the "Postpone Scheduled Scan" privilege can perform the following actions: - Postpone scheduled scan before its scheduled run and specify the postponement duration. - If scheduled scan is in progress, stop scanning and restart it at a later time. Users can specify the amount of time that should elapse before scanning restarts. Skip and Stop Scheduled Scan ---------------------------- - Users can skip scheduled scan before its scheduled run or stop scheduled scan when it is in progress. - OfficeScan can automatically stop a scheduled scan when scanning takes longer than the period of time that the user has configured. - OfficeScan can skip scheduled scan if a wireless computer's power supply runs low and the AC adapter is unplugged. Resume Scheduled Scan --------------------- When the OfficeScan client misses a scheduled scan because it is not running on the day and time set for the Scheduled Scan, scanning will be launched at the scheduled time, regardless of the day, when the client resumes running. Scheduled Scan Reminder ----------------------- You can now configure OfficeScan to display a notification message informing users of an upcoming Scheduled Scan and any Scheduled Scan privileges (postpone, skip, or stop Scheduled Scan) you have granted them. 2.2 Resolved Known Issues ===================================================================== Patch 5 resolves the following product issues: (170999 EN_Hotfix_3371) Issue 1: The OfficeScan Client Packager tool command line mode does not support the "Update Agent" option. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: After applying this patch, the Client Packager tool can support the "Update Agent" option in command line mode. Procedure 1: To use the new tool to create client installation packages through the command line, follow the step below: a. Add the "/ua" parameter to the command string. For example: clnpack.exe /i /o NT /ua /s "C:\Program Files\Trend Micro\ OfficeScan\PCCSRV" /d "C:\Temp\UA_client.exe" Where "C:\Program Files\Trend Micro\OfficeScan\PCCSRV" is the folder where the source file is, while "C:\Temp\UA_client.exe" specifies the name and location of the output file. (168449 EN_Hotfix_3373) Issue 2: Users cannot sort data by columns in the "Component Update Details" on the Networked Computers page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: After applying this patch, the sorting function in the "Component Update Details" on the Networked Computers page works properly. (170068 EN_Hotfix_3372) Issue 3: OfficeScan 32-bit clients can write Microsoft(TM) Windows(TM) NT event logs for some conditions. OfficeScan 64-bit clients do not have this functionality. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch enables OfficeScan 64-bit clients to write Windows NT event logs. (171163 EN_Hotfix_3374) Issue 4: Hot fix 3374 resolves the issue wherein the OfficeScan client console displays the wrong spyware pattern file version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch handles the third digit after the decimal point of the spyware pattern version to solve the issue. (171716 EN_Hotfix_3376) Issue 5: In the "Scheduled Verification" page, if users set the value of the "start time:" between 12:00 PM and 12:59 PM, the value of the "Scheduled_Reestablish_AmPm" parameter in the "ofcscan.ini" file becomes "1". Setting "Scheduled_Reestablish_AmPm=1" signifies the time as AM not PM. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch enhances the boundary condition checking to fix this issue. (169286 EN_hotfix_3378) Issue 6: When users delete more than one unnecessary update source from "Updates" > "Networked Computers" > "Update Source" on the OfficeScan console, some of these update sources are not deleted from the configuration files. These unnecessary update sources do not serve any purpose and may confuse users. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch adds a function for removing all unnecessary update sources from the configuration file. Refer to the Post-installation Configuration section 6.1.1 for detailed configuration steps. (170339 EN_Hotfix_3380) Issue 7: The Image Setup Utility tool, an OfficeScan client tool, cannot be run on Microsoft(TM) Windows(TM) Vista and Windows server 2008. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch adds the support of Windows Vista and Windows server 2008 platforms for this tool. (168807 EN_Hotfix_3383) Issue 8: When "ntrtscan.exe" scans a large file, "ntrtscan.exe" unloads the scan engine drivers which causes the blue screen of death (BSoD). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: After applying this patch, "ntrtscan.exe" can successfully scan large files. Note: To support this function, users need to update the virus scan engine to version 8.960.1009 or a later version. 164901 EN_Hotfix_3384) Issue 9: OfficeScan clients upload suspected infected files to the "PCCSRV\Temp" folder of the OfficeScan server where the files are temporary stored before being transferred to the "PCCSRV\Virus" folder. Suspected infected files that are not uploaded completely will remain in the "PCCSRV\Temp" folder and will occupy disk space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: After applying this patch, if the upload process terminates abnormally, OfficeScan will not save the suspected infected files in the "PCCSRV\Temp" folder. (171669 EN_Hotfix_3386) (169316 EN_Hotfix_3379) Issue 10: OfficeScan Common Firewall Driver may cause the blue screen of death issue on Windows(TM) system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch updates the OfficeScan 8.0 Common Firewall Driver to solve this issue. (171448 EN_Hotfix_3388) Issue 11: In Microsoft(TM) Windows(TM) Vista platform, launching the OfficeScan client console takes several seconds and uses a high amount of CPU resources. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: After applying this patch, the OfficeScan client console launches in a shorter amount of time and does not require a high amount of CPU resources to launch. (172645 EN_Hotfix_3389) Issue 12: The status for OfficeScan clients that have been inactive/ offline for a long period of time, are not purged from the database. This issue occurs when OfficeScan’s purge client procedure stops because it cannot find the clients?data in the database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch enhances OfficeScan's purge client procedure to ensure that the database contains the offline/online status of active clients only. (173091 EN_Hotfix_3390) Issue 13: After applying hot fix 3376, some items in the "Move client" page are disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: After applying this patch, the file dependency issue of hot fix 3376 is solved. (168307 EN_Hotfix_3393) Issue 14: When users move OfficeScan clients from an old OfficeScan server to a new OfficeScan server, OfficeScan clients may register back to the old server after a while. This issue occurs when the clients are moved using the client mover tool or through the management console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: After applying this patch, when users move OfficeScan clients from one server to another, the old server will remove the client data from its "notify queue". This prevents the old server from notifying the client at a later time and prevents clients from registering back to the old server. (170555 EN_hotfix_3393.1) Issue 15: In a Microsoft(TM) Windows(TM) Vista platform, the Windows Security Center shows the status of the OfficeScan client as "Not compatible". This issue occurs because Microsoft changed its status reporting format. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: After applying this patch, OfficeScan clients will use Microsoft's new reporting format when sending status to the Windows Security Center. (169641 EN_Hotfix_3393.2) Issue 16: When an OfficeScan client computer starts in a network environment and the client applies the firewall settings before it can obtain a valid IP address, the client will use the IP "0.0.0.0". When this happens, the client cannot apply the correct firewall settings from the server and will use the default firewall settings instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch provides an option to extend the time for an OfficeScan client to obtain an IP address during startup. This ensures that the OfficeScan client will be able to obtain valid IP address before applying the firewall settings. This resolves the issue. Refer to the Post-installation Configuration section 6.1.2 for detailed configuration steps. (172648 EN_Hotfix_3396) Issue 17: The OfficeScan notification email messages do not use the specified daylight saving time (DST) setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch updates the TmNotify.dll module to fix the notification related issue. (170179 EN_Hotfix_3394) Issue 18: When an OfficeScan client starts, it tries to connect to the server to establish its own online/offline status. When the client cannot establish a connection with the server, some ISPs redirect the client to another Web page. As a result, the still offline client perceives its own status as "online" because the redirect action returns a successful http return code. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: After applying this patch, OfficeScan clients will use a different http return code for its online/offline status result. This prevents the client from treating the http return code for the redirect action as an online status confirmation. (172973 EN_Hotfix_3397) Issue 19: Users need a registry key for OfficeScan clients to indicate the clients' update status. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch adds the "UpdateOngoing" registry key to OfficeScan clients under the following path: HKLM\Software\TrendMicro\PC-cilinNTCorp\CurrentVersion\Misc OfficeScan clients will set the value of this key to "1" before a component update. After the component update, OfficeScan clients will set the value of this key to "0". This key will serve as an update status indicator for OfficeScan clients. (173347 EN_Hotfix_3401) Issue 20: When the "Add Manual Scan to the Windows shortcut menu on client computers" function is enabled, users can scan files and folders by accessing the right-click menu. This is done by right-clicking a file or folder on the Microsoft(TM) Windows(TM) desktop or in Windows Explorer(TM) and selecting "Scan with OfficeScan Client" from the options. If users select a large number of files or folders to scan, "PccNT.exe" stops responding unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch enhances the OfficeScan clients' memory allocation mechanism to enable "PccNT.exe" to handle a large number of files. (173866 EN_Hotfix_3406) Issue 21: When performing manual scans on network drives, OfficeScan impersonates the user that is currently logged on. This patch resolves the issue wherein during manual scans on network drives, OfficeScan reverts to the currently logged on user account after scanning the first folder. This prevents the "NTRtScan" service from retrieving the attributes of and scanning other folders. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: After applying this patch, the OfficeScan "NTRtScan" service can successfully retrieve the attributes of and scan all folders. (172541 EN_Hotfix_3409) Issue 22: On a Microsoft(TM) Windows(TM) platform, the OfficeScan client's program exception handling function cannot handle an invalid memory access issue. When this occurs, the OfficeScan client stops responding and needs to be closed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch enables the OfficeScan client's program exception handling function to correctly handle program exceptions in Microsoft Windows platforms. (173851 EN_Hotfix_3410) Issue 23: OfficeScan server's NT event log function on the Notifications page uses the same event ID for all types of event. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: After applying this patch, the OfficeScan server's NT event log function on the Notifications page assigns the following event IDs to the respective NT event logs: - Virus/spyware is detected -- 500 - The action on the virus/spyware is unsuccessful -- 600 - Outbreak is found -- 700 (173569 EN_Hotfix_3411) Issue 24: OfficeScan virus/malware and spyware/grayware logs originally contain an OfficeScan client's computer name only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: After applying this patch, the logs will also display an OfficeScan client's IP and MAC addresses. Note: A client's IP may change in some environments. For example, when a client detects a virus, its IP is 10.1.1.1, but when querying the virus log from the server, its IP is 10.2.2.2. The IP and MAC addresses that are added to the logs are the current addresses of the client machine that are used for querying the logs and NOT the client's addresses when it detects virus, malware, spyware, or grayware. In the case presented above, the logs will use 10.2.2.2 as the client's IP address. (172600 EN_Hotfix_3415) Issue 25: When the OfficeScan virus cleanup engine (DCE) detects and cleans malware, the virus log displays the malware as "cleaned by DCE" instead of displaying the file name or the path where the malware was detected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch enables the virus log to show the file name or the path where the malware was detected. (175721 EN_Hotfix_3425) Issue 26: When OfficeScan clients start or perform a manual or scheduled scan, the clients will run the "Process Image File Scan" function first to list all running processes on the system and scan all related files. This delays the start-up and scan processes and affects system performance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch provides the following enhancements: - enhances the performance of the "Process Image File Scan" function in OfficeScan clients. - adds a Global Setting to disable the "Process Image File Scan" function on all OfficeScan clients. - adds an option to disable the "Process Image File Scan" function on certain OfficeScan clients. Refer to the Post-installation Configuration section 6.1.3 and 6.1.4 for detailed configuration steps. (172986 EN_Hotfix_3428.1) Issue 27: "TmListen.exe" monitors the routing table and IP address events in a single thread. These threads call the "NotifyRouteChange" function at the same rate as the changes in the routing table. When the frequency of the changes to the routing table is high, a non-paged pool overflow issue occurs because the "NotifyRouteChange" function uses non-page pool memory. MSDN cannot disable the handle on the threads after calling this API, which causes the issue to increase in severity. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch enables OfficeScan to monitor the IP address only and not the routing table event to resolve the issue. (175556 EN_Hotfix_3430) Issue 28: OfficeScan clients cannot resend quarantined files to the OfficeScan server if the first quarantine attempt is unsuccessful. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch updates "PccNTMon.exe" to use new VSAPI DLL to resolve this issue. (175380 EN_Hotfix_3429) Issue 29: The "DontDropUnknowTCP" setting for the OfficeScan client firewall is dropped after a common firewall driver update. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: After applying this patch, OfficeScan clients can keep the "DontDropUnknowTCP" setting after a common firewall driver update. (173004 EN_Hotfix_3432) Issue 30: OfficeScan server needs a function to detect and verify digital signatures of files in its directories. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: After applying this patch, if an OfficeScan server detects that a file in its directory has an invalid digital signature, it renames the file and adds a warning message in Microsoft(TM) Windows(TM) application event log. (164043 EN_Hotfix_3434) Issue 31: OfficeScan Network Security Component (NSC) has an incompatibility issue with Microsoft(TM) Windows(TM) Vista, Windows Server 2008, or Windows 7 platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch updates the OfficeScan NSC to enhance compatibility with Windows Vista, Windows Server 2008, and Windows 7 platforms. (172232 EN_Hotfix_3435) Issue 32: The OfficeScan Trend Micro Vulnerability Scanner can retrieve the location of the Dynamic Host Configuration Protocol (DHCP) driver only if it is run under "Pccsrv\Admin\Utility\TMVS" default path. It cannot retrieve the location of the DHCP driver if users run it under a different path. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This patch changes the Vulnerability Scanner's logic for retrieving the location of the DHCP driver. After applying this patch, the Vulnerability Scanner will retrieve the information from the related registry key in the OfficeScan client. This resolves the issue. (174873 EN_Hotfix_3436) Issue 33: If the OfficeScan client detects a virus but could not clean or delete it, several virus alert message windows appear consecutively over a long period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch enables users to set a minimum time interval in between duplicate virus alert messages. If a duplicate virus alert message is triggered within the time interval, the duplicate message is not displayed. Refer to the Post-installation Configuration section 6.1.5 for detailed configuration steps. (176614 EN_Hotfix_3437) Issue 34: When users export "Scan Exclusion Lists" information, the items under the "Scan Now Exclusion List (File Extensions)" column are the same as those under the "Scan Now Exclusion List (Files)" column. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch enables OfficeScan to export the correct information for the "Scan Now Exclusion List (File Extensions)" column. (175281 EN_Hotfix_3448.1) Issue 35: Network VirusWall Enforcer 1200 and 2500(TM) cannot recognize the OfficeScan client's system after the OfficeScan NT firewall is enabled. This issue occurs when the OfficeScan firewall drops the special ICMP packet sent by Network VirusWall Enforcer because it does not recognize it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch updates the OfficeScan 8.0 Common Firewall Driver to resolve the unknown ICMP issue in the IDS feature. (175478 EN_Hotfix_3450) Issue 36: After applying OfficeScan 8.0 Service Pack 1 Patch 4, some Plug-in Manager programs cannot retrieve the correct OfficeScan domain and client information from the OfficeScan server database. This issue occurs because OfficeScan 8.0 Service Pack 1 Patch 4 updated the function used to query OfficeScan domain and client information, which prevents the plug-in programs from recognizing query results. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch splits the function for querying OfficeScan domain and client information. OfficeScan uses the updated function while plug-in programs can still use the old function to query domain and client information. (164871 EN_hotfix_3452) Issue 37: Some users encounter an issue wherein the OfficeScan server HTTPDB stops unexpectedly. The root cause of the issue is hard to trace since it cannot be easily reproduced in time and users cannot enable server debug log all the time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch adds a function for collecting database-related debug information. Refer to the Post-installation Configuration section 6.1.6 for detailed configuration steps. (177195 EN_Hotfix_3455) Issue 38: The Trend Micro Rootkit Common Module (RCM) of the OfficeScan client may cause the blue screen of death (BSoD) issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch updates the RCM driver to version 2.8.1063. This new version of the RCM driver includes more checking procedures to prevent the BSoD issue from recurring. (178108 EN_Hotfix_3454) Issue 39: The Web Reputation policy approval list cannot handle approval URLs that end with a slash "/", for example, "http://abc.com/". This defect is created in the original javascript while saving the approval URL setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch enables the checking logic in javascript to remove the last character from approval URL entries that end with a slash "/". (175096 EN_Hotfix_3464) Issue 40: In a roaming user profile environment, users can configure the system to remove cached local profiles before shutting down. Sometimes, the system does not remove cached local profiles properly because the OfficeScan client locks the "index.dat" file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch updates OfficeScan client spyware scan engine to version 6.2.0.3015. This version does not lock the "index.dat" file to allow the system to successfully remove cached local profiles before shutting down. (178216 EN_Hotfix_3462) Issue 41: If the "TotalInfected" registry key is missing under "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\Misc", the Real-time scan service resets the counter for the total number of scanned files on the Real-time monitor dialog box the next time the Real-time scan service starts up. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: After applying this patch, the "TotalInfected" key does not affect the counter for the total number of scanned files in the Real-time monitor dialog box. (178045 EN_Hotfix_3465) Issue 42: After enabling or disabling daylight saving time (DST), OfficeScan incorrectly calculates the time for the next scheduled scan. This occurs because OfficeScan does not detect the change in the DST setting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: After applying this patch, OfficeScan correctly calculates the time for the next scheduled scan even after a change in the DST setting. (176576 EN_Hotfix_3471) Issue 43: The action results on the OfficeScan client console virus logs are inconsistent with those in the OfficeScan server console. For example, when "NtRtscan.exe" detects a virus and the action is "Quarantine", "NtRtscan.exe" prompts "PccNTMon.exe" to upload the infected file to the OfficeScan server without determining if the infected file was successfully moved to the client's "SUSPECT" folder or not. Sometimes, the scan engine cannot move the infected file to the client's "SUSPECT" folder or the folder already contains a file that has the same file name as the infected file. This causes the action result in the client virus log to report a failed action while the server virus log reports a successful action. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: After applying this patch, "NtRtscan.exe" waits for the the action result from the VSAPI scan engine. If the action is "Quarantine" and the action result is "Successful", "NtRtscan.exe" creates a virus log in the OfficeScan client's "Flog folder". This prompts "PccNTMon.exe" to upload the infected file. In cases where the infected file is inside a compressed file, "NtRtscan.exe" cannot check the action result for the infected file but checks the action result of the compressed file instead. (176387 EN_Hotfix_3470) Issue 44: OfficeScanNT RealTime scan service cannot start properly due to system resources issues that may occur while the scan engine starts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: After applying this patch, when the RealTime scan service starts and it receives a "system too busy" notification, it tries to restart the scan engine. (173660 EN_hotfix_3473) Issue 45: When OfficeScan clients update the virus pattern file, the scan engine file is also unloaded and reloaded. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: After applying this patch, OfficeScan clients update pattern files directly without unloading and reloading the scan engine file. (178610 EN_Hotfix_3475) Issue 46: Sometimes, OfficeScan cannot migrate firewall settings successfully because an active file in no sharing mode was opened and not closed properly. This prevents OfficeScan from saving the firewall profile settings and causes the firewall tab to disappear from the OfficeScan client console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This patch enables OfficeScan to properly close file handles to prevent file sharing violations. To further ensure that the firewall settings are successfully migrated, this patch adds Windows(TM) Vista as target platform of the "tmcfw" driver un-installation for the firewall migration task. (175017 EN_Hotfix_3476) Issue 47: The blue screen of death (BSoD) may occur when the OfficeScan client Common Firewall Driver of the Network Security Component (NSC) is running on several Microsoft(TM) Windows(TM) platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: This patch updates the NSC driver to resolve the issue. Refer to the Post-installation Configuration section 6.1.7 for detailed configuration steps. (179001 EN_Hotfix_3477) Issue 48: When the OfficeScan server contains a large number of "Cfw*.tmp" files, the OfficeScan server experiences high CPU usage issues while processing firewall logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 48: This patch changes the way the OfficeScan server creates temporary files to prevent high CPU usage issues while processing firewall logs. (180009 EN_Hotfix_3478) Issue 49: There is a potential vulnerability which may cause a buffer overflow issue in the Trend Micro URL Filtering Engine (TMUFE) which can eventually cause a general protection fault or cause OfficeScan to stop responding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 49: This patch updates TMUFE to resolve this issue. (179399 EN_Hotfix_3480) Issue 50: When an OfficeScan client registers to the database, it is assigned the unload/uninstall password of the OfficeScan root. Sometimes, newly installed OfficeScan clients are registered under a domain with a different unload/uninstall password. In such cases, the newly installed clients are still assigned the root's unload/uninstall password instead of the domain's unload/uninstall password. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 50: After applying this patch, if the newly installed client is registered to a domain, then it keeps the unload/uninstall password of the domain and not the unload/uninstall password of the OfficeScan root. (172114 EN_Hotfix_3485) Issue 51: Under certain conditions, when the OfficeScan server detects a virus and it sends a report to Trend Micro Control Manager(TM) 5.0, it leaves the virus name field empty. This causes Control Manager 5.0 reports to show "empty" as the virus name. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 51: This patch adds an option to prevent the OfficeScan server from sending a notification that does not contain a virus name to Control Manager 5.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 51: To enable this feature, add the "SkipEmptyVirusNameLog" DWORD key under the following path and set its value to "1". HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfficeScan\ service\Information\ (177899 EN_Hotfix_3481) Issue 52: Using the "DeviceLock" software to prevent unauthorized access to USB devices prevents OfficeScan manual scans from detecting viruses in the USB storage. Only OfficeScan scheduled scans can detect viruses in the same device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 52: This patch enables OfficeScan to use another API to check file attributes in USB devices. This resolves the issue. (180568 EN_Hotfix_3488) Issue 53: Clicking "OK" on the "Scheduled Scan" page of the client console enables the spyware/grayware scan function of Scheduled Scan and sends the setting to the server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 53: This patch configures the spyware/grayware scan function properly to resolve the issue. After applying this patch, clicking "OK" on the "Scheduled Scan" page of the client console does not enable the spyware/grayware scan function and only the correct settings are sent to the server. (179377 EN_Hotfix_3492) Issue 54: The OfficeScan server management console shows a successful result even when users try to add unsupported spyware/grayware to the approved list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 54: This patch enables OfficeScan to display the following message when users try to add unsupported spyware/grayware to the approved list in the "Spyware/Grayware Logs" page. "The approved list does not support one or some of the selected spyware/grayware." (180279 EN_Hotfix_3491) Issue 55: OfficeScan clients that were installed using a 64-bit OfficeScan client setup package created by Client Packager may receive 32-bit files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 55: This patch ensures that 64-bit OfficeScan clients receive the correct files during setup. (177839 EN_Hotfix_3493) Issue 56: The Trend Micro Common Firewall Pattern is displayed as "Tmf0.ptn" when the firewall service startup process does not complete on time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 56: This patch adds the "firewall service startup retry" option to the OfficeScan client program. After applying this patch, users can set the firewall service to retry the startup process on a specified number of times after the startup process fails. Refer to the Post-installation Configuration section 6.1.8 for detailed configuration steps. (178129 EN_Hotfix_3495) Issue 57: On the Microsoft(TM) Windows(TM) Vista platform, sometimes, OfficeScan clients cannot add the Trend Micro OfficeScan Listener service to the Windows firewall exception settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 57: After applying this patch, OfficeScan clients can successfully add Trend Micro OfficeScan Listener service to the Windows firewall exception settings on the Windows Vista platform. (174309 JP_Hotfix_3414) Issue 58: When updating the common firewall driver, the network is disconnected unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 58: This patch adds a new function to allow OfficeScan clients to update the common firewall driver only after the system restarts. Refer to the Post-installation Configuration section 6.1.9 for detailed configuration steps. (178437 EN_Hotfix_3456) Issue 59: After applying Patch 4, users cannot upgrade OfficeScan 7.x clients to 8.0 by MSI client package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 59: This patch removes Trend Micro Internet Security from automatic un-installation support because Trend Micro Internet Security and OfficeScan 7.x clients share some registry keys. This resolves the issue. (180405 EN_Hotfix_3503) Issue 60: The Virus Cleanup Engine version information of the OfficeScan client reverted to an older version after the client received the Manual Update notification from the OfficeScan server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 60: This patch updates the client program to resolve this issue. (182963 EN_Hotfix_3506) Issue 61: The word "please" is misspelled as "plese" on the server console: "Networked Computers" > "Web Reputation" > "Policies" > "Web Reputation Policies" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 61: This patch corrects the word "plese" to "please". (181877 EN_Hotfix_3512) Issue 62: On Microsoft(TM) Windows(TM) server platforms, after users upgrade to OfficeScan client 10.0 Service Pack 1, the Windows server shows a warning message that Trend Micro Behavior Monitoring drivers did not start properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 62: This patch updates OfficeScan client programs to prevent this message from appearing after upgrading to OfficeScan client 10.0 Service Pack 1. 2.3 Resolved Known Issues in Patch 4 ===================================================================== Patch 4 resolves the following product issues: (163268 EN_CriticalPatch_3313) 1. "Ntrtscan.exe" closes unexpectedly and an error message appears when OfficeScan attempts to scan folders with names that exceed 1040 characters. After applying Patch 4, OfficeScan allocates memory to processes using the dynamic memory buffer instead of a static fixed buffer to resolve the issue. (158889 EN_Hotfix_3247) 2. After applying Patch 4, the NT event log will not record an unexpected OfficeScanNT RealTime Scan service termination if the service stops properly after OfficeScan clients receive hot fix updates. (158944 EN_Hotfix_3252) 3. The OfficeScan server console does not show accurate hot fix "datetime" values in the "Client Management" page. This issue occurs when users enable the following option: "Clients can update components but not upgrade the client program or deploy hot fixes" (158282 EN_Hotfix_3255) 4. The OfficeScan server loses Web protection logs during a scheduled log purge or manual log purge in OfficeScan 8.0 Service Pack 1 Patch 1. (158429 EN_Hotfix_3257) 5. The OfficeScan log maintenance function does not follow the "delete logs older than N days" setting, where N is the age of the log in days. (159831 EN_Hotfix_3261) 6. Patch 4 enables Control Manager(TM) and OfficeScan to support the modified Management Communication Protocol (MCP). After applying Patch 4, when unregistering an OfficeScan client, an OfficeScan server will send its agent GUID. This enables Control Manager to execute the unregister command correctly. (158867 EN_Hotfix_3262) 7. The OfficeScan scan engine normally deletes the "VSS*.*" temporary files immediately after scanning. However, in some cases, OfficeScan does not delete the temporary files. (159646 EN_Hotfix_3264) 8. Newly installed OfficeScan clients cannot enable the NT event log writing function after starting up for the first time. The function can only be enabled successfully after restarting the OfficeScan client program. Refer to the Post-installation Configuration section 6.2.1 for detailed configuration steps. (157699 EN_Hotfix_3265) 9. When the update queue is empty and the update agent is restarting, OfficeScan still waits for the update agent to respond before notifying the normal client. As a result, OfficeScan does not notify the normal client. When users disable the program update flag, OfficeScan does not notify the client to perform the program/hot fix update. This allows the update agent to set the priority level for other update requests. (157835 EN_Hotfix_3273) 10. Some software cannot run properly because these cannot find the corresponding process names in the memory. This issue occurs because OfficeScan changes the process names that are saved in the memory to lower-case when the OfficeScan NT Proxy Service is enabled. For example, for "ABC200" software, OfficeScan changes its process name to "abc200". (159703 EN_Hotfix_3275) 11. After a scheduled scan, the task tray icon does not change from the scanning icon to the normal icon. This issue occurs when the OfficeScan client performs the scheduled scan while connected via Remote Desktop Protocol (RDP). (158508 EN_Hotfix_3277) 12. A timeout sometimes occurs when the OfficeScan server tries to connect to the ActiveUpdate (AU) server through a proxy server. This issue occurs because the hard-coded default timeout value in the OfficeScan server is too short. Patch 4 enables users to specify the timeout value for these type of situations. Refer to the Post-installation Configuration section 6.2.2 for specific steps to specify the timeout value. (156968 EN_Hotfix_3277.2) 13. The OfficeScan client Real-time scan service does not correctly detect changes in the scheduled scan setting. (159892 EN_Hotfix_3278) 14. In OfficeScan 8.0 Service Pack 1 Patch 1, users cannot configure the timeout value for the HTTP module and globally deploy the timeout settings to clients. Patch 1 only enables users to configure the timeout value of the HTTP module WAN environments where the connection is slow. Patch 4 enables users to configure the timeout value for the HTTP module and deploy the settings to clients. Refer to the Post-installation Configuration section 6.2.3 for detailed configuration steps. (159645 EN_Hotfix_3280) 15. The OfficeScan server records the current quarantine folder size information in the ".store" hidden file. Every time the OfficeScan client uploads a quarantined virus to the OfficeScan server, OfficeScan checks the quarantine folder size in the ".store" hidden file instead of recalculating the actual size of the quarantine folder. After applying Patch 4, users can specify how frequent OfficeScan should recalculate the actual size of the quarantine folder in the "ofcscan.ini" file. This enhances the OfficeScan performance when there is a large number of files in the quarantine folder and users manage and delete quarantined files manually. Refer to the Post-installation Configuration section 6.2.4 for detailed configuration steps to specify the frequency of the quarantine folder size recalculation. (158399 EN_Hotfix_3285) 16. After applying Patch 4, OfficeScan can globally deploy the Common Firewall settings from the OfficeScan server to OfficeScan clients after a change in network. Refer to the Post-installation Configuration section 6.2.5 for detailed configuration steps to enable this feature. (161568 EN_Hotfix_3294) 17. OfficeScan clients do not display pop-up notifications before proceeding with scheduled scans in the following situations: - Client was installed using a client package - Client cannot communicate with OfficeScan, for example, a laptop that is not in constant connection with OfficeScan (161747 EN_Hotfix_3298) 18. Patch 4 enhances OfficeScan's scan error handling process by utilizing the heap mechanism instead of the stack buffer in the scan directory function. This enhancement prevents the "NTRtScan.exe" process from stopping unexpectedly when OfficeScan scans long pathnames either by scheduled or manual scan. (161112 EN_Hotfix_3299) 19. Patch 4 updates the OfficeScan 8.0 MCP agent components to prevent the MCP agent from sending data when the Control Manager server is unreachable. (161569 EN_Hotfix_3301) 20. Patch 4 enables users to configure the time interval for sending virus logs. Refer to the Post-installation Configuration section 6.2.6 for specific steps to configure the time interval for sending virus logs. (162480 EN_Hotfix_3304) 21. When the following registry key is set to "1", access to the CD-ROM drive is restricted to the user account that is currently logged-in. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Winlogon\allocatecdroms When OfficeScan manually scans the CD-ROM drive, the "NTRtScan" service cannot access the disk because the "NTRtScan" service uses a system account to scan. (161995 EN_Hotfix_3306) 22. Patch 4 enables users to deploy the TMProxy process whitelist from the OfficeScan server. Refer to the Post-installation Configuration section 6.2.7 for detailed configuration steps to enable the feature. (161685 EN_Hotfix_3307) 23. Patch 4 adds an option to prevent the OfficeScan server from sending OfficeScan client information to Control Manager. Refer to the Post-installation Configuration section 6.2.8 for specific steps to enable the option. (162929 EN_Hotfix_3308) 24. When the OfficeScan 8.0 server is installed on a Windows 2003 Server with Internet Information Services (IIS) 6, the OfficeScan server may be unable to perform pattern updates. This may lead to "server.ini" file truncation. (160789 EN_Hotfix_3308.1) (166668 EN_Hotfix_3345.1) 25. Patch 4 updates the Network Security Component (NSC) to prevent the following issues: - A performance issue that occurs on a computer with multiple network connections, such as a Windows Active Directory Domain Controller computer. - The OfficeScan Common Firewall Driver may cause the blue screen of death when the length of the content does not match the payload size. (163174 EN_Hotfix_3309) 26. After applying Patch 4, "PccNT.exe" will successfully load the "ssaptn" file regardless of whether the Web threat protection product license is enabled or disabled when performing a scan in Windows safe mode. Note: If the "ssaptn" file is not in the OfficeScan client folder, "PccNT.exe" will perform scans in Windows safe mode without loading the "ssaptn" file. Refer to the Post-installation Configuration section 6.2.9 for specific steps to run a virus scan in Windows safe mode. (162383 EN_Hotfix_3309.1) 27. Patch 4 adds an option to prevent OfficeScan from importing the "quarantine directory path" settings from the exported OfficeScan "policy.dat" file. When the option is enabled, the "quarantine directory path" settings for Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now will not be imported to the OfficeScan server. Refer to the Post-installation Configuration section 6.2.10 for specific steps to configure this option. (163474 EN_Hotfix_3312) 28. After applying Patch 4, the OfficeScan NT listener service, "Tmlisten.exe" skips the discovery process when the new key, "ExcludeExchangeStore", is disabled. As a result, the stopped IIS Administrator Service will not start when the "Tmlisten.exe" service starts. Refer to the Post-installation Configuration section 6.2.11 for specific steps to configure "Tmlisten.exe" to discover IIS server and Microsoft Exchange server related folders for exclusion from scans. (163236 EN_Hotfix_3314) 29. Patch 4 updates the OfficeScan Anti-Spyware Scan Engine components (SSAPI) to resolve this issue. The new SSAPI will ignore the shortcut links to unavailable disks, such as "A:", when scanning for spyware/grayware. (163189 EN_Hotfix_3314.1) 30. After applying Patch 4, all OfficeScan clients will register to the Windows Security Center using the following GUID only: 4CA5B9AB-4295-4D4C-9664-0EBE85AE0525 Users can use this GUID to identify if the target antivirus product is OfficeScan 8.0. (163235 EN_Hotfix_3315) 31. Patch 4 prevents the buffer overflow issue that causes "PccNT.exe" to close unexpectedly during a manual scan. (167848 EN_Hotfix_3358) 32. When OfficeScan clients startup or perform a Manual/Scheduled scan, they run the "Process Image File Scan" function. Patch 4 allows users to disable the "Process Image File Scan" function to reduce the startup time and scan time. Refer to the Post-installation Configuration section 6.2.12 for specific steps to disable the function. (158177 EN_Hotfix_3317) 33. After applying Patch 4, OfficeScan clients will use the proxy server for client and server communication if the intranet proxy setting is enabled. (164306 EN_Hotfix_3318) 34. Patch 4: - Removes the following six (6) file name extensions from the OfficeScan Web Reputation exclusion list to increase the detection rate: - qt - qtm - swf - jar - js - css - Provides a way for users to edit the OfficeScan Web Reputation excluded file name extension list. Refer to the Post-installation Configuration section 6.2.13 for detailed steps to manually configure the Web Reputation exclude extension list. (163468 EN_Hotfix_3319) 35. Patch 4 improves the interaction between "OfcService" and "DbServer". As a result, the OfficeScan server will not encounter a deadlock issue even when the OfficeScan command-handling threads of "OfcService" are busy with requests from other CGIs while those CGIs are waiting for information from "DbServer". (164168 EN_Hotfix_3320) 36. Users may encounter an application error in the OfficeScan NT Listener service. (164425 EN_Hotfix_3321) 37. Patch 4 increases the maximum length for filename extensions in the scan exclusion list from 6 characters to 10 characters. (164240 EN_Hotfix_3322) 38. After applying Patch 4, OfficeScan will wait until third-party software has been successfully uninstalled before proceeding with the remote installation. This improves the success rate of the OfficeScan remote installation process. (161902 EN_Hotfix_3325) 39. Patch 4 enables users to configure OfficeScan to either retrieve the user name used to start "PccNtMon" from the registry or retrieve the user name from Security Identifiers (SID). When OfficeScan is configured to retrieve the user name from Security Identifiers (SID), it will retrieve the SYSTEM account name. Refer to the Post-installation Configuration section 6.2.14 for detailed configuration steps to configure this function. Note: The new function does not work on the Windows 2000 platforms series because of system limitations. (162938 EN_Hotfix_3329) 40. Patch 4 adds the "Domain" column to the table that contains the result of running the Vulnerability Scanner (TMVS utility) in silent (batch command) mode. The "Domain" column displays the domain name of all computers included in the scan. (166238 EN_Hotfix_3329.1) 41. After applying Patch 4, the OfficeScan server will not notify updated OfficeScan clients to update when users select clients with outdated components for Manual Update. (162155 EN_Hotfix_3330) 42. OfficeScan clients does not retry sending quarantined files to the OfficeScan server if the first quarantine attempt is unsuccessful. (164418 EN_Hotfix_3333) 43. Patch 4 adds an option to enable the OfficeScan server to send the global OPP to old and newly registered OfficeScan clients. Refer to the Post-installation Configuration section 6.2.15 for specific steps to configure this option. (165684 EN_Hotfix_3336) 44. The on-off status of the OfficeScan client's Web Reputation Service may be incorrect. This issue occurs after the OfficeScan client computer starts up. (166689 EN_Hotfix_3338) 45. After applying Patch 4, the "SPNSXfr" migration tool checks if the account name and password have enough privileges for migration. If the username and password do not have enough privileges, "SPNSXfr" uses the default local system account for migration. (163928 EN_Hotfix_3339) 46. When the OfficeScan server is installed using the "Domain name" on a computer with multiple network cards, duplicate OfficeScan client entries may be reported to the OfficeScan server after the Connection Verification task has been processed. Refer to the Post-installation Configuration section 6.2.16 for specific post-installation steps to resolve the issue. (165770 EN_Hotfix_3339.1) 47. When OfficeScan quarantines a virus file to an OfficeScan client's suspect folder but cannot send it to the server, the notification email shows the "Cannot perform the Quarantine action" message. This message is inaccurate since the virus file was already quarantined on the client side. (167311 EN_Hotfix_3342) 48. Trend Micro may release small CPR pattern files to detect new malware before releasing the official pattern file. After OfficeScan 8.0 clients load the small CPR pattern file, this pattern file is removed automatically. Some customers want to keep the small CPR pattern file for a longer period of time. After applying Patch 4, OfficeScan will not remove the small CPR pattern file immediately after loading. OfficeScan will replace this small CPR pattern file only when users deploy a new CPR pattern file from the OfficeScan server. (166485 EN_Hotfix_3345) 49. The OfficeScanNT RealTime Scan service, "ntrtscan.exe", encounters an application error when Spyware Scan Engine (SSAPI) components attempt to access a shared resource at the same time. (164946 EN_Hotfix_3347) 50. Patch 4 enhances the Web Reputation Service (WRS) whitelist deployment feature to: * Enable users to deploy the WRS whitelist using the OfficeScan server * Support IPv4 and IPv6 whitelist entries * Support IP whitelist and subnet whitelist entries * Support a maximum number of 1000 whitelist entries for IPv4 and IPv6 Refer to the Post-installation Configuration section 6.2.17 for detailed configuration steps to enable the function. (167747 EN_Hotfix_3348) 51. After applying Patch 4, OfficeScan now follows SMTP RFC and allows users to enter recipient email addresses with an asterisk (*) on the OfficeScan Web console notifications page. For example, "*user@domain.com is permitted. (167663 EN_Hotfix_3349) 52. Patch 4 enables the OfficeScan server to send the "active" command to the Control Manager server during the following events: - when starting the OfficeScan server master service - when sending status logs to the Control Manager server This enhances the precision of the OfficeScan server "active/inactive" status on the Control Manager server. (168886 EN_Hotfix_3351) 53. OfficeScan clients originally cannot perform action on spyware in a ".zip" file, this is due to the limitation of the spyware scan engine. Patch 4 enables the virus scan engine to assist in removing spyware from a ".zip" file. After applying Patch 4, OfficeScan clients can successfully remove spyware from ".zip" files. Note: To support this function, users need to update the virus scan engine to version 8.960.1005 or a later version. Refer to the Post-installation Configuration section 6.2.18 for detailed steps to enable "remove spyware from zip" function. (168153 EN_Hotfix_3356) 54. A network traffic blockage occurs when the OfficeScan client applies the "High" security level rule before applying the exception rules on the firewall settings. (167988 EN_Hotfix_3357) 55. Patch 4 provides an option to display the Web reputation (WR) log category information on the OfficeScan server console. Refer to the Post-installation Configuration section 6.2.19 for specific steps to configure the option. (169706 EN_Hotfix_3359) 56. After applying Patch 4, CMAgent will send both the OfficeScan client's computer name and IP address to the Control Manager server for inclusion in the Web Policy Security Risk log. The log will show both the client's computer name and IP address in one field. (165952 EN_Hotfix_3362) 57. Patch 4 prevents the inconsistency issue in the number of registered OfficeScan clients by updating the MCP agent and CGI programs. Refer to the Post-installation Configuration section 6.2.20 for detailed configuration steps to synchronize the client tree data in the OfficeScan server database with the data in the Control Manager server. 2.4 Resolved Known Issues in Patch 3.1 ===================================================================== Note: Patch 3.1 is a repack version of Patch 3. In addition to the issues resolved by Patch 3, Patch 3.1 resolves the issue wherein the OfficeScan client RealTime scan service may encounter an application error when upgrading to OfficeScan 10.0. Refer to item 53 of this section for more information regarding this issue. Patch 3.1 resolves the following product issues: 1. When users attempt to manually install the OfficeScan client on multiple unprotected computers, the OfficeScan client is installed on the first computer only. This occurs when users use the Trend Micro Vulnerability Scanner (TMVS) to scan for computers that are not protected by an antivirus. The install status window shows "ok" for all client computers even if the OfficeScan client is not successfully installed on all client computers. 2. Patch 3.1 enhances the "OfficeScan client NT event log" function to assign a different event ID for each type of event log. Refer to Post-Installation Configuration section 6.3.1 for detailed configuration steps. 3. If several OfficeScan clients have the same GUID, the OfficeScan server console displays only one of these clients. Refer to Post-Installation Configuration section 6.3.2 for detailed configuration steps. 4. The OfficeScanNT RealTime Scan service, "ntrtscan.exe", encounters an application error when performing a manual scan for spyware/grayware. 5. The MCP sends all OfficeScan client information to Control Manager even if only a part of the client information is changed. 6. The OfficeScan 8.0 client always extracts the help files when the "Tmlisten.exe" service starts. This "Tmlisten.exe" to takes a longer period of time to start up. 7. The OfficeScan 8.0 client shows the wrong release date in the "Version Information" window. This issue occurs when a user changes the "Language for non-Unicode programs" option to "Thai" in the "Regional and Language Options" of the Control Panel. 8. Due to an error in the password setting of the Web Reputation proxy server, OfficeScan does not recognize previously saved passwords in the Web Reputation function. As a result, users cannot enable the Web Reputation function. 9. When deploying the OfficeScan 8.0 license profile from Control Manager, users get the following error message: "The selected managed products do not have available license profiles. Please contact Trend Micro support." 10. A migration failure issue occurs when the Normal Server of the Trend Micro ServerProtect(TM) for Windows NT is migrated to an OfficeScan 8.0 Service Pack 1 client. 11. The OfficeScan server uses GMT+0 when sending notification messages through email. If the email program does not convert the time to the local time, a user may not see the correct time on the email message. 12. The OfficeScan MCP agent sends incorrect daylight saving time information to the Control Manager server. 13. OfficeScan downloads all hot fix files again after performing an OfficeScan client installation using an installation package created by the Client Packager. 14. The OfficeScan client does receive updates regarding changes to the scheduled scan configuration. 15. OfficeScan does not update the OfficeScan client information in Control Manager. This occurs because status log 1.0 has a different pattern format from status log 1.2. 16. Whenever the OfficeScan client starts up, it sends a Real-time scan spyware/grayware log to the OfficeScan server even if the OfficeScan client does not detect any spyware/grayware. This issue triggers OfficeScan to update the date in the "Last Time when Real Time Scan scan spyware" field, under client status in the Web console, every time the OfficeScan client restarts. 17. OfficeScan clients do not write event logs when the virus pattern is not updated for a period of time. Refer to Post-Installation Configuration section 6.3.3 for detailed configuration steps. 18. Patch 3.1 adds a feature that allows the OfficeScan NT firewall to bypass unknown TCP network traffic. Refer to Post-Installation Configuration section 6.3.4 for detailed configuration steps. 19. Patch 3.1 updates OfficeScan 8.0 clients to support Scheduled Clean. Refer to Post-Installation Configuration section 6.3.5 for detailed configuration steps. 20. Patch 3.1 adds an option that enables users to export "Scan Exclusion Lists" information for the settings of the following scans from the OfficeScan server console: - Manual scans - Real-time scans - Scheduled scans - Scan Now Refer to Post-Installation Configuration section 6.3.6 for detailed configuration steps. 21. In the OfficeScan client console, the "summary of file/object scanned count" field in the "manual scan results" page displays the wrong value. 22. The OfficeScan server and Control Manager report different numbers of registered OfficeScan clients. 23. The Online Help does not mention that OfficeScan supports "IP address" data, using token variable "%i", in spyware/grayware standard notifications. The token "%s Computer with spyware/grayware" does not work in the "subject" field of spyware/grayware standard notifications. 24. Login Script Setup (AutoPcc.exe) does not support Windows User Account Control (UAC). 25. The OfficeScan client Real-time scan service may stop responding during a scheduled or manual scan if the spyware exclusion settings are reloaded at the same time. 26. Even when users choose to update from customized update sources and disable the "Update from OfficeScan server if all customized sources are not available or not found" option, OfficeScan clients still update from the OfficeScan server. 27. The "Resume a missed scheduled scan" function of "NTRtScan" does not work properly. This issue occurs because after a user restarts the OfficeScan client, "NTRtScan" does not properly detect the daylight saving time (DST) settings. This triggers "NTRtScan" to recalculate the time for the next scheduled scan. 28. "NTRtScan" stops responding when manual/scheduled scan and spyware white list update are running at the same time. 29. When the OfficeScan server registers OfficeScan client data to the Control Manager server, if the "unregister clients" action occurs at the same time, the Control Manager server may not successfully register some of the client data. 30. Patch 3.1 adds a function that enables OfficeScan clients to keep the original Real-time scan enable/disable setting when registering to the OfficeScan server. The server cannot change the setting on the client side. Refer to Post-Installation Configuration section 6.3.7 for detailed configuration steps. 31. When the OfficeScan client program starts, it resets the Windows Firewall exception settings. 32. Patch 3.1 adds a function that enables OfficeScan clients to write manual/scheduled scan information in the OfficeScan client registry. The following keys are created in "HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc": - VirusManualScanDateTime (Manual Scan) - VirusScheduleScanDateTime (Scheduled Scan) - SpyManualScanDateTime (Manual Scan) - SpyScheduleScanDateTime (Scheduled Scan) - Virus/Malware Count (Reset to 0 before starting manual/scheduled scan) - Spyware/grayware count (Reset to 0 before starting manual/scheduled scan) 33. A vulnerability issue exists in the NSC modules of the OfficeScan server. 34. When two threads in "NTRTScan.exe" are referencing the same Scan Context simultaneously, the computer encounters a serious error and restarts. 35. Exported OfficeScan client ".csv" files on the Windows Server 2008 platform are recorded as "Win Server Longhorn". 36. The 64-bit OfficeScan clients cannot perform incremental pattern updates. These OfficeScan clients always download the "VSAPI.zip" file when performing a pattern update. 37. The Control Manager Agent (CMAgent)service normally waits for a response from the Control Manager server before it is terminated. However, if the Control Manager server is going through a shutdown status or any similar network problem, CMAgent continues to wait for the response from the Control Manager server without timing out. As a result, CMAgent does not terminate properly. 38. Patch 3.1 adds a function that allows users to disable the application filter function of the OfficeScan firewall. Refer to Post-Installation Configuration section 6.3.8 for detailed configuration steps. 39. When the OfficeScan Monitor, "PccNTMon.exe" starts, it always detects the Microsoft(TM) Internet Explorer(TM) proxy settings for the Web Threat Protection feature even when the feature is disabled. 40. Patch 3.1 updates the NSC to prevent the blue screen of death (BSoD) issue caused by a stack overflow on a Windows system. 41. OfficeScan 7.x clients cannot upgrade to version 8.0 Service Pack 1 Patch 1 when using the Client Packager tool. 42. After moving the OfficeScan server to another Control Manager server, the OfficeScan server does not register client information to the new Control Manager server. This issue occurs when the CMAgent migration tool notifies the OfficeScan server to unregister from an old Control Manager server and register to a new Control Manager server. 43. When the following registry key is set to "1", access to the floppy disk (drive A:\) is restricted to the user account that is currently logged-in. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Winlogon\allocatefloppies When OfficeScan manually scans the floppy disk, the "NTRtScan" service cannot access the floppy disk because the "NTRtScan" service uses a system account to scan. 44. The OfficeScan server console displays duplicate entries for OfficeScan clients that use wireless LAN to connect to the OfficeScan server. Refer to Post-Installation Configuration section 6.3.9 for detailed configuration steps. 45. When the OfficeScan client is deployed using remote installation to a computer running Symantec antivirus, the Symantec antivirus program may not be deleted after installation. This issue occurs when the computer running Symantec antivirus is logged-in using a non-administrator account. 46. The OfficeScan client does not apply Web Reputation service settings when switching back from offline status to online status. 47. Patch 3.1 adds a function that enables OfficeScan clients to scan for viruses in Windows safe mode. Refer to Post-Installation Configuration section 6.3.10 for detailed configuration steps. 48. Patch 3.1 adds the TMProxy whitelist deployment feature. Refer to Post-Installation Configuration section 6.3.11 for detailed configuration steps. 49. In OfficeScan 8.0, the name of the OfficeScan firewall service is "OfficeScan NT Firewall". The name of this service in OfficeScan 7.x is "OfficeScanNT Personal Firewall". After upgrading a client from OfficeScan 7.x, the name of the firewall service is still "OfficeScanNT Personal Firewall". 50. On a Windows Vista platform, when a user right clicks the OfficeScan client icon, the pop-up menu may shift to a higher position after a few seconds. 51. OfficeScan clients do not apply the correct firewall profile on Windows 2008 servers that are assigned as domain controllers. This issue occurs when the OfficeScan client deploys the OfficeScan firewall profile using the platform server option. 52. Patch 3.1 adds the OfficeScan hot fix history feature by adding hot fix information in the client side computer registry. Note: This function needs a hot fix package's support. Previous hot fixes do not have the ability to update the hot fix history. This feature is added to hot fix packages that are released after Patch 3.1. 53. When users upgrade from OfficeScan client version 8.0 to 10.0 using the "Update Now" function, the OfficeScan client Real-time scan service may encounter an application error and stop unexpectedly before the upgrade. However, the upgrade process will still be successful. 54. After applying Patch 3.1, OfficeScan clients periodically detect device mount points. When users add a local path to the exclusion list, "NTRtScan.exe" automatically adds its corresponding device name to the scanning exclusion list. Refer to Post-Installation Configuration section 6.3.12 for specific steps to enable the automatic mount point detection feature. 2.5 Resolved Known Issues in Patch 2 ===================================================================== Patch 2 resolves the following product issues: 1. When the "TmListen.exe" service starts, the IIS Administrator Service that was previously stopped, also starts. This occurs when "Tmlisten.exe" discovers that the IIS server and the Microsoft Exchange server related folders are in the exclusion list. Refer to Post-Installation Configuration section 6.4.2 for detailed configuration steps. 2. When "TmListen.exe" starts, it lists all the IP addresses of the local computer and picks a valid IP address that can connect to the server. To determine this IP address, "TmListen.exe" connects to the server and sends the IP address list. The server then selects the IP address and sends an index of this list. "TmListen.exe" has a parsing boundary error that causes it to access invalid elements of the IP array. 3. The OfficeScan MCP agent cannot register to the Control Manager server. This issue occurs when users enable the IIS setting "HTTP Compression" on the Control Manager server. Refer to Post-Installation Configuration section 6.4.3 for detailed configuration steps. 4. The Control Manager one-time reports show the OfficeScan Common Firewall Driver version as "0". 5. A migration failure issue occurs when the Normal Server of the ServerProtect for Windows NT is migrated to an OfficeScan 8.0 Service Pack 1 client. 6. When OfficeScan 8.0 detects a virus in a multi-user environment, such as Windows terminal service and Citrix environments, the OfficeScan virus/malware log does not include information on the user who is logged on to the computer at the time of virus detection. Refer to Post-Installation Configuration section 6.4.4 for detailed configuration steps. 7. On OfficeScan servers, users cannot submit Web Reputation feedback from the "Web Reputation Policies" page by clicking the following link: http://reclassify.wrs.trendmicro.com/wrsonlinequery.aspx 8. Patch 2 adds a feature to the OfficeScan server to deny write access to multiple Temporary Internet Files folders on a system. Refer to Post-Installation Configuration section 6.4.5 for detailed configuration steps. 9. OfficeScan 8.0 users sometimes receive email notifications that do not contain any virus or spyware/grayware information. 10. OfficeScan clients can be installed from the OfficeScan Web console logon screen. The OfficeScan server utilizes several ActiveX controls when deploying the product through the Web console interface and the local machine caches these controls. One of these controls, "objRemoveCtrl", is vulnerable to a stack-based buffer overflow when embedded in a Web page. An attacker can exploit this vulnerability by enticing a victim into viewing a malicious Web page. A successful exploit will allow attacker-supplied code to run in the context of the currently logged-on user. 11. There is a logon password authentication bypass vulnerability in the OfficeScan Web console. When the OfficeScan administrator logs on, an attacker can illegally access the password authentication token and take full control of the Web console. 12. There is a buffer overflow vulnerability in the OfficeScan server CGI program, "cgiRecvFile.exe". 13. A vulnerability in the OfficeScan CGI modules may allow attackers to trigger a buffer overflow and execute arbitrary code using Web user privileges. 14. A vulnerability in the OfficeScan CGI modules may allow attackers to trigger a null pointer defect and cause the target child process to close. This can potentially cause denial of service conditions. 15. The OfficeScan Update Agent client can receive requests from other clients. For update file distribution, the request format is "/activeupdate/". When the OfficeScan Update Agent client complies with this request, it can recognize and resolve the update file path but does not verify it. As a result, if an attacker changes the path to the directory traversal format, the following occur: - directory traversal - disclosure of file contents 16. A stack-based buffer overflow occurs when an HTTP request with specially crafted form data is sent to the OfficeScan server CGI modules. 17. "TmListen.exe" monitors changes to the IP and the IP route table. Any change to the IP route table is an event signaled by the Windows operating system. Frequent changes to the IP route table triggers the OfficeScan client to infinitely reapply firewall policy, which impacts network usage. 18. Patch 2 adds the short name format to the OfficeScan clients' cache structure. After installing Patch 2, OfficeScan will send virus pattern numbers in the short name format. 19. When the OfficeScan 8.0 server shuts down, the OfficeScan 8.0 MCP agent does not terminate correctly. In this case, there is a chance that the previously registered OfficeScan 8.0 clients might be unregistered. Patch 2 updates the OfficeScan 8.0 MCP agent event handler. This prevents the "client count" value on the Control Manager console from going down to "0" after the OfficeScan 8.0 server reboots. Refer to Post-Installation Configuration section 6.4.6 for detailed configuration steps. 20. Patch 2 updates the OfficeScan components to allow the OfficeScan server to remotely install OfficeScan 8.0 Service Pack 1 to multiple client computers. 21. The OfficeScan server status log shows an incorrect DNS domain name. This issue occurs because the OfficeScan MCP agent sends the Windows network domain name instead of the DNS domain name to the Control Manager server. Refer to Post-Installation Configuration section 6.4.7 for detailed configuration steps. 22. OfficeScan 8.0 and OfficeScan 8.0 Service Pack 1 clients are recognized as "Non-Upgraded" clients in the Web console under "Anti-Virus only" mode. 23. The "TmListen.exe" service may not start because of an unhandled exception during service startup. 24. Patch 2 updates the OfficeScan 8.0 Service Pack 1 Patch 1 NT Proxy Service component with new NSC. This component adds an approved Web site list feature that allows connection to certain blocked Web sites. Refer to Post-Installation Configuration section 6.4.8 for detailed configuration steps. 25. Patch 2 updates the OfficeScan 8.0 Service Pack 1 Patch 1 NT Firewall component with NSC 5.3. After applying Patch 2, users can delay the startup of the OfficeScan firewall service based on a particular time frame. Refer to Post-Installation Configuration section 6.4.9 for detailed configuration steps. 26. Patch 2 updates the OfficeScan 8.0 Service Pack 1 Patch 1 Common Firewall Driver with NSC Edition 5.3. This component adds a function for handling ICMP broadcast responses. Refer to Post-Installation Configuration section 6.4.10 for detailed configuration steps. 27. The OfficeScan 8.0 client stops responding when the URL in the Web Reputation log details is too long. 28. The OfficeScan 8.0 MCP agent sends all registered product licenses to the Control Manager. The different expiration dates of the product licenses causes confusion in Control Manager. 29. When daylight saving time (DST) is disabled or enabled, the OfficeScan client scheduled scan might shift an hour earlier. 30. The "NonSynProxySetting" was originally created for existing OfficeScan clients. New OfficeScan clients may still synchronize intranet proxy settings with the OfficeScan server when the OfficeScan clients start up for the first time. This occurs because new clients retrieve intranet proxy settings before checking the "NonSynProxySetting" setting. After applying Patch 2, the "NonSynProxySetting" setting works on newly installed clients. Refer to Post-Installation Configuration section 6.4.11 for detailed configuration steps. 31. Patch 2 updates the OfficeScan 8.0 Service Pack 1 firewall component with NSC 5.3. This component corrects the following issues: * The Outbound network performance slowed down. * Movie streaming cannot be performed when the Web Reputation Service is enabled. * The Web Reputation Service blocks the network stream used by webcams. Refer to Post-Installation Configuration section 6.4.12 for detailed configuration steps. 32. OfficeScan does not support the OfficeScan Image Setup Utility, "ImgSetup.exe", on 64-bit platforms. 33. Patch 2 modifies the tool tip description of the "Resume a missed scheduled scan" setting in the OfficeScan server console. 34. The OfficeScan server "\PCCSRV\Download\Pattern" folder size steadily increases because IIS locks old pattern files. OfficeScan cannot remove these old pattern files automatically when the OfficeScan server performs ActiveUpdate. 35. The OfficeScan server tries to notify the update agents first before the normal OfficeScan clients. Under certain conditions, when the OfficeScan server does not notify an update agent, OfficeScan does not resolve the error. When this occurs, normal OfficeScan clients are not notified. 36. The following error message appears when users click "Firewall -> Profiles" in the OfficeScan server Web console. "A Runtime Error has occurred. Do you wish to Debug? Line:199 Error: 'form.pfw_profile_chkVista_' is null or not an object" This issue occurs because OfficeScan 8.0 Service Pack 1 Patch 1 does not use the "form.pfw_profile_chkVista_" object. 37. When OfficeScan 8.0 Service Pack 1 Patch 1 runs on Apache(TM) servers, the OfficeScan watchdog sends event description logs that are incorrectly encoded to the OfficeScan server. 38. Patch 2 enables the Trend Micro Vulnerability Scanner tool to detect Trend Micro Internet Security(TM) 2008 and 2009. Refer to Post-Installation Configuration section 6.4.13 for detailed configuration steps. 39. OfficeScan client scheduled updates do not start on time if the updates are scheduled as "Weekly, every Sunday". 40. On the server Web console, when the global spyware/grayware Scheduled Scan action is set to "pass" and an administrator sets a particular client's spyware/grayware Scheduled Scan action to "clean", the settings cannot be saved. The next time an administrator checks the scan settings on the server Web console, neither "pass" nor "clean" is selected. 41. At times, the OfficeScan MCP sends client status logs unnecessarily, which adds more work load for the Control Manager server. 42. The OfficeScan clients Real-time Scan service starts and stops repeatedly. When the Real-time Scan service is started, it begins scanning the process image. If the Real-time Scan service is forced to stop during a scan, it encounters a memory leak problem. This occurs because the manual scan context deinitialization is not properly called. 43. The OfficeScan client virus/malware log shows "TSC_GENCLEAN" as the name of any virus/malware cleaned by the OfficeScan client GeneriClean function. 44. A virus pattern version number has both long and short name formats. When the OfficeScan MCP agent service, "OfcCMAgent.exe" sends the virus pattern version to the Control Manager server, the long name format is used. This results in the exclusion of the Virus Pattern information from virus logs when queried on the Control Manager database. 45. The OfficeScan server online license checking shows the OfficeScan license as "expired" after the system time zone is set to (GMT+2, Windhoek). This issue occurs when users make this change in time zone while the "Automatically adjust clock to daylight saving changes" option is selected. 46. When the OfficeScan 8.0 server is installed on a Windows 2003 Server with IIS6, the OfficeScan server may be unable to perform pattern updates. This may lead to "server.ini" file truncation. 47. When the OfficeScan client Web reputation function blocks a URL, a pop-up message alert notifies the users of the Web security violation. Users can click the pop-up message body to send the URL information to Trend Micro. In cases where the URL exceeds 500 characters, the OfficeScan client "PccNTMon.exe" process may encounter an application error. 48. Some users cannot install the OfficeScan client by Web installation method. When users click the "Install Now" button during Web installation, the Web page refreshes as a blank page and the OfficeScan installation does not proceed. 49. The OfficeScan 8.0 MCP agent sends Common Firewall Pattern information to the Control Manager server even if the OfficeScan firewall is disabled. 50. A handle leak issue occurs when the OfficeScan client program is running continuously for two to three days. 51. When OfficeScan 8.0 manually scans the local hard disk for boot virus, the scan results show "delete" but the boot virus was not cleaned or deleted. 52. When OfficeScan 8.0 manually scans the local hard disk for boot virus, there are no virus or spyware logs for the manual scan results in the OfficeScan client console. 53. ActiveUpdate creates a temporary folder in "C:\Temp" even when users assign another folder for saving temporary data using the "$TMP" or "$TEMP" environment variable. 54. When users enable daylight saving time (DST) on the OfficeScan server, OfficeScan returns incorrect results when users query malware/spyware/firewall/Web reputation logs. 55. Each time a rule is modified, the OfficeScan firewall saves the new rule in both the computer memory and rule file. This uses a large amount of CPU resources. Patch 2 modifies the OfficeScan firewall rule-writing mechanism. After applying Patch 2, the OfficeScan firewall checks for rule updates specified in the registry key at regular intervals (user-defined). OfficeScan only modifies the rule file if the rules were updated during the time interval. Refer to Post-Installation Configuration section 6.4.14 for detailed configuration steps. 56. Patch 2 modifies the way the Trend Micro Rootkit Common Module obtains a function pointer from the Windows kernel to resolve an issue that causes the computer to stop responding. This issue affects only computers that install the MS08-064 Windows update on top of the MS07-022 update. 57. Due to an error in the password setting of the Web Reputation proxy server, OfficeScan does not recognize previously saved passwords in the Web Reputation function. As a result, users cannot enable the Web Reputation function. 2.6 Resolved Known Issues in Patch 1 ===================================================================== Patch 1 resolves the following product issues: 1. The client's "TmListen.exe" and "NTRtScan.exe" processes cannot reference a setting on the OfficeScan initialization file. The setting assigns the registry key values that dictate whether or not the OfficeScan Watchdog service will be launched. 2. The OfficeScanNT Real-time Scan service, "ntrtscan.exe", sometimes cannot load the Spyware/Grayware Approved List, which causes OfficeScan to scan and perform actions on applications and files included in the list. 3. OfficeScan sends a notification message with inaccurate results when the OfficeScan client cannot move files from the suspect folder to the quarantine folder. 4. When an administrator specifies the OfficeScan client's update source in Universal Naming Convention (UNC) format, clients cannot update from the update source. 5. When using Control Manager 5.0 Agent Migration tool to move OfficeScan 8.0 CMAgent to a new Control Manager server, single-sign-on (SSO) function does not work, unless the OfficeScan 8.0 CMAgent service is restarted. 6. When OfficeScan deploys Real-time Scan, Manual Scan, Scan Now, or Scheduled Scan settings from the OfficeScan Web console root level, the OfficeScan server setting overrides the OfficeScan client local exclusion folder setting. Refer to Post-Installation Configuration section 6.5 for detailed configuration steps. 7. When the OfficeScan server performs remote client installation, it maps the target computer's drive as a local drive. If the installation fails, the mapped drive is not disconnected, thus keeping the drive slot occupied. Administrators may see a lot of mapped drives on the OfficeScan server computer. 8. The event notification will not be triggered when deploying the "enable/disable real-time scan" command from Control Manager to OfficeScan 8.0. 9. The OfficeScan client's "PccNTMon" process may stop responding when uploading a large file to the quarantine directory. 10. The OfficeScan CMAgent service sometimes does not stop correctly and encounters a code 1064 error. 11. When users use the "svrsvcsetup.exe -enablessl" command to enable SSL, the "Master_SSLPort" and "Master_EnableSSL" keys in the "ofcscan.ini" file do not synchronize with "SSLPort" and "EnableSSL" in the "OfUninst.ini" file. Customers would then have to manually edit the "ofcscan.ini" file. 12. The status of the OfficeScan client does not change to "online" after VPN connection is established. 13. After disabling the "Include roaming client(s)" feature on the "Manual Update" screen, the feature is still enabled the next time a user visits the screen. 14. After changing an OfficeScan client's IP address, the OfficeScan server's Web console displays the wrong client IP address. 15. The "Windows 2008" platform is unavailable as an option in the "Firewall Profile Setting" page of the OfficeScan Web console. 16. The OfficeScan client displays an incorrect error message for a download error that occurs while scanning email messages in Microsoft Outlook(TM). 17. A false-alarm issue may be encountered in the OfficeScan firewall's Intrusion Defense System (IDS). 18. Incorrect service pack version information is displayed when OfficeScan clients check component information. 19. When the OfficeScan client's "TmListener" service starts and detects that the client has more than one IP address, the service may return an invalid IP address and may not find all the IP addresses in the local computer. 20. The OfficeScan protection mechanism, which protects the OfficeScan services, causes some processes [such as Microsoft Word(TM)], to stop responding under certain conditions. 21. OfficeScan 8.0 does not send an event notification to the Control Manager server when the "Enable virus/malware scan" option is enabled or disabled. 22. The OfficeScan 8.0 server does not record the correct time stamp of the current spyware/grayware outbreak in the current spyware/grayware outbreak notification. Thus, the current notification might contain spyware/grayware logs from a previous notification. 23. When creating an OfficeScan MSI client package with the option "force overwrite with the latest version", the parameter "BypassServerChecking" in "ofcscan.ini" does not work. 24. The MCP agent for OfficeScan may register to different Control Manager servers automatically. 25. An application error occurs when running "OfcDog.exe". 26. The OfficeScan master service creates large temporary files (several gigabytes in size) in the "\PCCSRV\TEMP" folder due to a logic error when detecting special characters. 27. The verify connection log in the OfficeScan Server is not updated. The verify connection process does not perform its task because the previous verify connection execution result is incorrect. 28. The OfficeScan "TmListener.exe" service takes a long time to terminate or does not terminate after the "net stop" command is issued from the command prompt or the service is stopped from the Microsoft Management Console. This sometimes occurs when the main thread of the service has been inactive for an extended period of time. 29. OfficeScan clients may try to connect to the OfficeScan server using the Internet proxy when performing updates. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide -- product overview, and configuration instructions, and basic information to get you "up and running." o Installation Guide -- deployment, installation, and integration information designed to help you install and access IMSVA. o Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install this patch only on OfficeScan 8.0 servers with ONE of the following installed: - OfficeScan 8.0 Service Pack 1 - OfficeScan 8.0 Service Pack 1 Patch 1 - OfficeScan 8.0 Service Pack 1 Patch 2 - OfficeScan 8.0 Service Pack 1 Patch 3.1 - OfficeScan 8.0 Service Pack 1 Patch 4 5. Installation/Un-installation ======================================================================== 5.1. Installation Notes ===================================================================== 1. Ensure that the OfficeScan server runs ONE of the following: - OfficeScan 8.0 Service Pack 1 - OfficeScan 8.0 Service Pack 1 Patch 1 - OfficeScan 8.0 Service Pack 1 Patch 2 - OfficeScan 8.0 Service Pack 1 Patch 3.1 - OfficeScan 8.0 Service Pack 1 Patch 4 2. This patch includes updates to the OfficeScan Common Firewall and TMTDI (used by Web Reputation function) Drivers. Users can choose to install this patch without updating these drivers. If you choose to update these drivers, take note of the following client computer disruptions when you proceed to install this patch: a. When the patch is deployed to clients and the Common Firewall Driver update starts, client computers will be temporarily disconnected from the network. Users are not notified before disconnection. b. After the patch is deployed, the driver's previous version may still exist on client computers. If this happens, the new version will not be loaded until the computer is restarted. Users are likely to encounter problems with the OfficeScan client if they do not restart immediately. If the option to display the restart notification message is enabled on the Web console, users will be prompted to restart. However, users who decide to postpone the restart are not prompted again. If the option is disabled, users are not notified at all. The option to display the restart notification message is enabled by default. To check the status of this option, open the Web console, go to "Networked Computers > Global Client Settings" and check the option under "Alert Settings". Inform all users in advance about the computer disconnection and that they need to restart their computers immediately if prompted by OfficeScan. Install this patch when the impact of these client computer disruptions to your organization is minimal. Note : The updates to the Common Firewall and TMTDI Drivers in this patch are optional. Users can choose to install this patch without updating the drivers. If the patch is installed on the OfficeScan server without updating the drivers, users can launch the patch package again at a later time to update the drivers. 3. Updating the Common Firewall Driver also resets all port configurations and disconnects all applications. Applications that can reconnect on their own will be automatically reconnected. For applications that cannot reconnect, perform manual reconnection. 4. The OfficeScan server cannot install this patch if a client is running Login Script (AutoPcc.exe) at the time of installation. Ensure that no client is running Login Script before installing this patch. 5. Installing this patch automatically restarts the OfficeScan Master Service and Web service (World Wide Web Publishing Service or Apache 2 Service). Do not install this patch when an important task, such as a component update is running. 6. OPTIONAL: Back up the OfficeScan database. You can do this from the Web console, in "Administration > Database Backup". 5.2. Installation ===================================================================== To install this patch: 1. Ensure that ONE of the following is installed on the OfficeScan server: - OfficeScan 8.0 Service Pack 1 - OfficeScan 8.0 Service Pack 1 Patch 1 - OfficeScan 8.0 Service Pack 1 Patch 2 - OfficeScan 8.0 Service Pack 1 Patch 3.1 - OfficeScan 8.0 Service Pack 1 Patch 4 2. Close all running Login Script (AutoPcc.exe) in the clients. If none is running at this time, proceed with the next step. 3. Launch the patch installer on the OfficeScan server computer. The License Agreement appears. 4. Read the License Agreement and click "Next" if you agree with the setup license conditions. Note: The installation does not continue if you do not agree with the setup license conditions. 5. Click "Install". The OfficeScan server automatically deploys the patch to all clients it manages. This patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, perform a manual rollback. 5.3. Un-installation ===================================================================== To manually roll back to the previous OfficeScan server configuration: 1. Locate the backup folder that the patch package created in the "PCCSRV\Backup\ServicePack1_Patch5_B3510" directory. 2. Stop the OfficeScan server master service. 3. Copy the files from the backup location to the original folders. 4. Start the OfficeScan server master service. 5. Run the "TmTouch.exe" tool to trigger the patch mechanism. To run "TmTouch.exe": a. Open a command prompt on the server. b. At the command prompt, browse to "PCCSRV\admin\utility\touch". c. Use the following syntax to run the touch tool: TmTouch.exe {filename} Note: {filename} is the file that you want to roll back. Note: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: http://olr.trendmicro.com/ 6. Post-Installation Configuration ======================================================================== 6.1 Post-Installation Configuration Steps for Patch 5 ===================================================================== 6.1.1 (From Section 2.2 Solution 6) --------------------------------------------------------------------- To enable OfficeScan to remove all unnecessary update sources from the configuration files: 1. Open the "ofcserver.ini" file in the "PCCSRV\Private\" on the OfficeScan server using a text editor. 2. Add the "RemoveBlankUpdateSource" key under the "Other Update Source" section of the "ofcserver.ini" file and set its value to "1". [Other Update Source] RemoveBlankUpdateSource=1 ; "1" = function enabled "0" = function disabled (default) Note: If you edited the "Other Update Source" section of the "ofcserver.ini" file manually, delete the "NumOfLastUpdateSource" key from the "INI_SERVER_SECTION" section. The new function may not be able to successfully delete all unnecessary update sources if the "NumOfLastUpdateSource" key remains in the "ofcserver.ini" file after updating the section manually. 6.1.2 (From Section 2.2 Solution 16) --------------------------------------------------------------------- To extend the time for OfficeScan clients to obtain an IP address during startup: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Under the "Global Setting" section, manually add the "CheckNicInfoPeriod" key and assign it a value of the chosen time of delay in milliseconds: For example, to set the delay to 120 seconds, set: [Global Setting] CheckNicInfoPeriod=120000 3. Open the OfficeScan server management console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global Client Settings" page. 4. Click "Save" to deploy the setting to clients. Note: - After the settings are deployed to clients, the following key will be created in the client computer's registry: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\PFW] CheckNicInfoPeriod = 120000 The OfficeScan client will have 120 seconds to obtain an IP address before applying the proper firewall settings. 6.1.3 (From Section 2.2 Solution 26) --------------------------------------------------------------------- To configure the "Process Image File Scan" function for all OfficeScan clients: a. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. b. Under the "Global Setting" section, add the following keys and assign the appropriate value. [Global Setting] EnableProcessScanForStartUp={x} EnableProcessScanWhenScan={y} Where "x": "0" - Disables the "Process Image File Scan" function when OfficeScan clients start "1" - Enables the "Process Image File Scan" function when OfficeScan clients start (default) Where "y": "0" - Disables the "Process Image File Scan" function when OfficeScan clients perform manual or scheduled scans "1" - Enables the "Process Image File Scan" function when OfficeScan clients perform manual or scheduled scans (default) c. Open the OfficeScan server management console and go to "Networked Computers > Global client settings" page. d. Click "Save" to deploy the setting to all clients. 6.1.4 (From Section 2.2 Solution 26) --------------------------------------------------------------------- To configure the "Process Image File Scan" function on certain OfficeScan clients: a. Open a registry editor on the target OfficeScan client. b. Manually add the following keys to the following path: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\ EnableProcessScanForStartUp_Enforcement(DWORD)={x} EnableProcessScanWhenScan_Enforcement(DWORD)={y} Where "x": "0" - Disables the "Process Image File Scan" function when OfficeScan clients start "1" - Enables the "Process Image File Scan" function when OfficeScan clients start Where "y": "0" - Disables the "Process Image File Scan" function when OfficeScan clients perform manual or scheduled scans "1" - Enables the "Process Image File Scan" function when OfficeScan clients perform manual or scheduled scans Note: The 6.1.4 settings have higher priority than 6.1.3 settings. If you want to disable "Process Image File Scan" function on certain clients, you need to apply only the 6.1.4 settings on target clients without changing 6.1.3 settings which are enabled on all clients by default. 6.1.5 (From Section 2.2 Solution 33) --------------------------------------------------------------------- To set the time interval: a. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. b. Under the "Global Setting" section, add the following key and assign the appropriate value in seconds. [Global Setting] MinDuplicateVirusAlertInterval=x ; where x is the time interval in seconds and "0" is the default value c. Open the OfficeScan server management console and go to "Networked Computers > Global client settings" page. d. Click "Save" to deploy the setting to all clients. The setting will be saved in the following location on the client registry tree: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\ 6.1.6 (From Section 2.2 Solution 37) --------------------------------------------------------------------- To enable the OfficeScan server database debug log: --------------------------------------------------------------------- 1. Stop the OfficeScan master service. 2. Copy "\PCCSRV\Admin\tmdbg20.dll" to "\PCCSRV\" and rename it to "tmdbg20Ex.dll". (EX : "\PCCSRV\tmdbg20Ex.dll") 3. Create a file named "ofcdebugEx.ini" with the same format as "ofcdebug.ini" and containing the following information: [debug] debuglog=x, where "x" specifies the log destination, for example, "c:\ofcdeubgEX.log" debuglevel=9, no other values can be assigned to this parameter 4. Save the "ofcdebugEx.ini" file in the "\PCCSRV" directory. 5. Start the OfficeScan master service. 6.1.7 (From Section 2.2 Solution 47) --------------------------------------------------------------------- To prevent BSoD from occurring in OfficeScan clients, add the following registry key to the OfficeScan client machine and set its value to "1". Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ tmcfw\Parameters Key: ValidatePendingPackets Type: DWORD Values: "0" = Default, option disabled "1" = option enabled, the driver will enable the network packet validation, which can prevent the BSoD issue Notes: - Enabling this option may impact the system performance. 6.1.8 (From Section 2.2 Solution 56) --------------------------------------------------------------------- To enable the "firewall service startup retry" option for each OfficeScan client: a. Manually add the following new registry key: Key: HKLM\SOFTWARE\TrendMicro\NSC\PFW\ Name: ServiceRetry Type: REG_DWORD Value: number of times the firewall service retries the startup process b. Set the value of "ServiceRetry" key to the number of times the firewall service should retry the startup process. For example, to set the firewall service to retry the startup service 600 times, set "ServiceRetry=600". c. Restart the firewall service. Note: The value of "ServiceRetry" should be between "600" to "3600". To enable the firewall service retry option globally: a. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server. b. Under the "Global Setting" section, manually add the "OfcPfwServiceRetry" key and assign it a value equal to the number of times the firewall service should retry the startup process. For example, to set the firewall service to retry the startup service 600 times, set "OfcPfwServiceRetry=600". Note: The value of "OfcPfwServiceRetry" should be between "600" to "3600". c. Open the OfficeScan server management console and click "Networked Computers" > "Global Client Settings" on the main menu to access the "Global Client Settings" page. d. Click "Save" to deploy the setting to clients. e. Restart the firewall service. 6.1.9 (From Section 2.2 Solution 58) --------------------------------------------------------------------- To enable the function to let OfficeScan clients to update the personal firewall driver only when system reboot: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Under the "[PFW]" section, add a "EnableInstallFWAfterReboot" key and set the key value to 1. EX : [PFW] EnableInstallFWAfterReboot=1 3. Open the OfficeScan server management console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global Client Settings" page. 4. Click "Save" to deploy the setting to clients. Note: - After the settings are deployed to clients, the following key will be created in the client computer's registry: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\PFW] EnableInstallFWAfterReboot = 1 With this key set to 1, when clients get new common firewall driver , they will keep the driver files in a temporary folder and the driver update will be triggered when next time system reboot. Note : This patch contains common firewall driver update, if you want to enable this function for the common firewall driver update in this patch, please do the following steps: a. When applying this Patch, select "No" when it asks if to update common firewall driver, it will then proceed with other modules update. b. After clients get the patch update, deploy the "EnableInstallFWAfterReboot=1" to clients. c. Launch the patch package again, it will prompt to ask if to update the common firewall driver if it's not updated before, click YES to proceed with common firewall driver update. 6.2 Post-Installation Configuration Steps for Patch 4 ===================================================================== 6.2.1 (From Section 2.3 item 8) --------------------------------------------------------------------- To enable OfficeScan clients to write NT event logs on newly installed OfficeScan clients: 1. On the OfficeScan server, open the "ofcscan.ini" file in the "\PCCSRV\" folder using a text editor. 2. Under the "Global Setting" section, add the "EnableEventlog" key and assign it a value of "1". [Global Setting] EnableEventlog=1 ("1" : enabled, "0" : disabled) 3. Open the OfficeScan server management console and click "Networked Computers > Global Client Settings" to access the "Global Client Settings" page. 4. Click "Save" to deploy the setting to OfficeScan clients. 5. Restart the OfficeScan client program for all existing OfficeScan clients to activate the setting. Note: The setting will take effect on newly installed OfficeScan clients without restarting the OfficeScan client program. To allow new OfficeScan clients that are installed by the client packager tool to enable the NT event log function: 1. On the OfficeScan server, open the "ofcscan.ini" file in the "\PCCSRV\" folder using a text editor. 2. Under the "Global Setting" section, add the "EnableEventlog" key and assign it a value of "1". [Global Setting] EnableEventlog=1 ("1" : enabled, "0" : disabled) 3. Open "ClnPack.ini" file in "\PCCSRV\Admin\Utility\ClientPackager" folder using a text editor. 4. Add the following line at the end of the "NTClient_All" section of the "ClnPack.ini" file. Filexx=pccnt\TMNotify.dll For example: [NTClient_All] Number=xx Filexx=pccnt\TMNotify.dll Note: "xx" is the item number, change the value of "Number" to an appropriate value. "Filexx" is the path to the "TMNotify.dll" file. 5. Pack the client setup package using the client packager tool. 6.2.2 (From Section 2.3 item 12) --------------------------------------------------------------------- To specify the timeout value for when the OfficeScan server tries to connect to the ActiveUpdate server through a proxy server: 1. Open the "ofcserver.ini" file under "PCCSRV\Private" directory using a text editor. 2. Add the "Check_AU_Timeout" key under the "INI_UPDATE_SETTING" section of the "ofcserver.ini" file and set its value to the preferred timeout duration in seconds. [INI_UPDATE_SETTING] Check_AU_Timeout=x, where x is the timeout duration in seconds. The maximum value is "120" and the minimum value is "12". By default, this key is set to the minimum value. 3. Save the changes to the "ofcserver.ini" file. 6.2.3 (From Section 2.3 item 14) --------------------------------------------------------------------- To manually global deploy and configure the timeout value of HTTP module setting: 1. Open the "Ofcscan.ini" file under the "\Pccsrv\" folder using a text editor. 2. Add "LoadHttp_RcvTimeout" in "Global Setting" section and set its value to the timeout value in seconds. For example, to set the timeout value to 60 seconds, set: [Global Setting] LoadHttp_RcvTimeout=60 The "LoadHttp_RcvTimeout" default value is "60". 3. Globally deploy the settings to all clients from the OfficeScan server console, "Clients" -> "Global Client Settings" -> "Save". After globally deploying the settings to clients the registry key value will be created under: \\HKEY_LOCAL_MACHINE\Software\TrendMicro\ LoadHTTP\RcvTimeout(DWORD) 6.2.4 (From Section 2.3 item 15) --------------------------------------------------------------------- To specify the frequency of the quarantine folder size recalculation in the "ofcscan.ini" file: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Add the following key under the "INI_SERVER_SECTION" section, and assign the appropriate value. [INI_SERVER_SECTION] Quarantine_Folder_Cache_Life=x, where x is the time interval in minutes, between two quarantine folder size recalculation events Note: The default value of "Quarantine_Folder_Cache_Life" is "20". By default, once this key is added to the "ofcscan.ini" file, OfficeScan recalculates the actual size of the quarantine folder and updates that value in the ".store" hidden file every 20 minutes. 3. Save the changes made on the "ofcscan.ini" file. Note: After the specified time has elapsed, OfficeScan recalculates the actual quarantine folder size and updates the size information to the ".store" file. 6.2.5 (From Section 2.3 item 16) --------------------------------------------------------------------- To enable OfficeScan to globally deploy the Common Firewall settings from the OfficeScan server to OfficeScan clients: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server. 2. Add the "DisableGetNSCGatewayAddr" key under the "Global Setting" section and set its value to "1". [Global Setting] DisableGetNSCGatewayAddr=x 0 = Disable (Default value) 1 = Enable 3. Save the changes made to the "ofcscan.ini" file and close the file. 4. Open the OfficeScan server management console and click "Client > Global client settings" on the sidebar to access the "Global client settings" page. The "noSendOrgPacket" DWORD registry key will be added to the following path: - For Windows Vista and Windows 2008: \\HLM\SYSTEM\CurrentControlSet\Services\TmLwf\Parameters\ noSendOrgPacket - For Windows 2000/2003/XP: \\HLM\SYSTEM\CurrentControlSet\Services\Tmcfw\Parameters\ noSendOrgPacket 6.2.6 (From Section 2.3 item 20) --------------------------------------------------------------------- After applying Patch 4, OfficeScan sets the default time interval to 30 minutes. To change this interval: 1. Open the "ofcscan.ini" file in the OfficeScan server. 2. Add the "Client_RetryInterval_Of_Send_VirusLog" parameter in the "Global Setting" section and set its value to the new time interval in minutes. For example, to set a 60-minute time interval, set: [Global Setting] "Client_RetryInterval_Of_Send_VirusLog=60" 3. Open the "Global Client Settings" in "Networked Computers" on the OfficeScan Web console. Click the "Save" button to deploy the new parameter to all clients. 4. In the client side, check this registry setting: HKLM\Software\TrendMicro\PC-cllinNTCorp\CurrentVersion\Misc DWORD="Client_RetryInterval_Of_Send_VirusLog=xx" If the value is correct, OfficeScan successfully deployed the patch to the OfficeScan client. 6.2.7 (From Section 2.3 item 22) --------------------------------------------------------------------- To enable the approved TMProxy process whitelist deployment feature: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Under the "Global Setting" section, add the following keys and assign the appropriate value. [Global Setting] SEG_WhiteListProcNum=x, where x is the number of approved processes, maximum is "10" SEG_WhiteListProc0=ABC.exe SEG_WhiteListProc1=DEF.exe ... SEG_WhiteListProc9=XYZ.exe where "ABC.exe", "DEF.exe", and "XYZ.exe" are user-approved process names. 3. Open the OfficeScan server Web console and go to "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. After the global settings are deployed to OfficeScan client computers, the following registry keys will be installed: [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList] - SEG_WhiteListProcNum=x (DWORD), specifies the number of approved processes - SEG_WhiteListProc0=ABC.exe (String), specifies a user-approved process name - SEG_WhiteListProc1=DEF.exe (String), specifies a user-approved process name ... - SEG_WhiteListProc9=XYZ.exe (String), specifies a user-approved process name The following installed subkeys are based on the number of processes you specified in the "SEG_WhiteListProcNum" [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\ABC] Name: ProcessImageName Type: REG_SZ Data: ABC.exe ... [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\DEF] Name: ProcessImageName Type: REG_SZ Data: DEF.exe 5. Restart the OfficeScan NT proxy service on OfficeScan client computers. 6.2.8 (From Section 2.3 item 23) --------------------------------------------------------------------- To prevent the OfficeScan server from sending OfficeScan client information to Control Manager, add the following registry key to the OfficeScan server: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\TrendMicro Control Manager Agent\OSCE\ Key: ClientInfoEnabled Type: DWORD Values: "1" = Default, option disabled, the OfficeScan client will send client information to Control Manager "0" = option enabled, OfficeScan client will stop sending client information to Control Manager 6.2.9 (From Section 2.3 item 26) --------------------------------------------------------------------- To run a virus scan in Windows safe mode: 1. Open the OfficeScan client installation folder, typically, "C:\Program Files\Trend Micro\OfficeScan Client". 2. Click "PccNT.exe". 3. Run a manual scan. 6.2.10 (From Section 2.3 item 27) --------------------------------------------------------------------- To prevent OfficeScan from importing the "quarantine directory path" settings from the exported OfficeScan "policy.dat" file: 1. Open the "ofcscan.ini" file in the "\PCCSRV" folder on the OfficeScan installation directory. 2. Add the following key under the "INI_DBFILE_SECTION" section of the "ofcscan.ini" file and set its value to "1" . [INI_DBFILE_SECTION] ExcludeMoveDir=x x = 0, disabled, import quarantine directory settings x = 1, enabled, do not import quarantine directory settings Note: When the value of "ExcludeMovDir" is set to "1" and customers perform an import procedure, the quarantine directory path settings for Manual Scan, Real-time Scan, Scheduled Scan, and Scan Now will not be imported to the OfficeScan server. 3. Open the OfficeScan server Web console and go to "Networked Computers > Client Management > Settings > Import Settings" screen. 4. Locate the file containing the settings and privileges you want to apply to the selected client computers and click "Import" to import the information. 5. Apply the import settings. 6.2.11 (From Section 2.3 item 28) --------------------------------------------------------------------- To configure "Tmlisten.exe" to discover IIS server and Microsoft Exchange server related folders for exclusion from scans: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following key and assign the appropriate value. [Global Setting] ExcludeExchangeStore={x} Where: "0" = Disables the discovery process "1" = Enables the discovery process (Default) 3. Open the OfficeScan server Web console and go to "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. 6.2.12 (From Section 2.3 item 32) --------------------------------------------------------------------- To disable the "Process Image File Scan" function for all OfficeScan clients: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following keys and assign the appropriate value. [Global Setting] EnableProcessScanForStartUp={x} EnableProcessScanWhenScan={y} Where "x": "0" - Disables the "Process Image File Scan" function when OfficeScan clients start up "1" - Enables the "Process Image File Scan" function when OfficeScan clients start up (Default) Where "y": "0" - Disables the "Process Image File Scan" function when OfficeScan clients perform manual/scheduled scans "1" - Enables the "Process Image File Scan" function when OfficeScan clients perform manual/scheduled scans (Default) 3. Open the OfficeScan server management console and go to "Networked Computers > Global client settings" page. 4. Click the "Save" button to deploy the setting to all clients. 6.2.13 (From Section 2.3 item 34) --------------------------------------------------------------------- To manually configure the Web Reputation exclude extension list: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following key and assign the appropriate value. [Global Setting] URLFilterExclusionExtensions=ext1,ext2,ext3..... Where "ext" specifies each file name extension that the Web Reputation function should exclude in scans. Separate each file name extension using a comma. For example: URLFilterExclusionExtensions=jpg,jpeg,gif,bmp,png,mpg,mpeg By default: URLFilterExclusionExtensions=jpg,jpeg,gif,bmp,png,mpg,mpeg, mp3,wav,wave,avi,asf,asx,mov,mp4, mid,midi,ram,cab,class,ocx,crl Note: The Web Reputation function works faster when there are more items in the list, but it may lower the detection rate. Trend Micro recommends that you change the default settings only if you encounter issues, otherwise, keep the default settings. 3. Open the OfficeScan server management console and go to "Networked Computers > Global client settings" page. 4. Click the "Save" button to deploy the setting to all clients. 6.2.14 (From Section 2.3 item 39) --------------------------------------------------------------------- To enable the "report account name" field on the "Virus/Malware Log Details" page: 1. On the OfficeScan server, open the "ofcscan.ini" file in the "\PCCSRV" folder using a text editor. 2. Add the following configuration in the "Global Setting" of the "ofcscan.ini" file: [Global Setting] DisableSIDName=X Where "X": "0" = (default) OfficeScan retrieves the user name by Security Identifiers (SID). "1" = OfficeScan retrieves the user name used to start "PccNtMon.exe" from the registry. 3. Save the changes to the "ofcscn.ini" file. Notes: - When "DisableSIDName=0", the reported user name by Security Identifiers (SID), the same behavior as in OfficeScan 8.0 Service Pack 1 Patch 1 hot fix 3113. - The new function does not work on the Windows 2000 platforms series because of system limitations. 6.2.15 (From Section 2.3 item 43) --------------------------------------------------------------------- To enable the OfficeScan server to deploy global OPP to old and new OfficeScan clients: 1. Open the "ofcscan.ini" file in the "\PCCSRV" folder on the OfficeScan installation directory. 2. Add the following key under the "Global Setting" section of the "ofcscan.ini" file and set its value to "1". [Global Setting] EnableOPPFromRoot=x Where "x": "1" = enabled, the OfficeScan server will deploy the global OPP to old and new OfficeScan clients "0" = disabled (default), the OfficeScan server will deploy the global OPP to old OfficeScan clients only Note: If OfficeScan clients were registered after the global OPP settings have been enabled, these will be considered as new clients. 6.2.16 (From Section 2.3 item 46) --------------------------------------------------------------------- To prevent duplicate client entries in the OfficeScan server console when the server is installed using the "Domain name" on a multiple network cards machine: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Add the following key under the "INI_SERVER_SECTION" section of the "ofcscan.ini" file and set its value to "127.0.0.1". [INI_SERVER_SECTION] Master_Localhost=127.0.0.1 OfficeScan will use this specified localhost IP in the next Connection Verification task which will resolve the issue. 6.2.17 (From Section 2.3 item 50) --------------------------------------------------------------------- To enable the approved Web site list feature: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Under the "Global Setting" section, add the following key and assign the appropriate value. [Global Setting] SEG_WhiteListIPNum=x, where x is the number of approved Web site IP's or subnet's to be specified in IPv4, maximum value is "1000" SEG_WhiteListIP0=192.168.16.22 SEG_WhiteListIP0_Mask=255.255.255.0 SEG_WhiteListIP1=192.168.16.35 ... SEG_WhiteListIP999= Note: SEG_WhiteListIP{X}_Mask is optional, default subnet mask is "255.255.255.255" or [Global Setting] SEG_WhiteListIPV6Num=y, where y is the number of approved Web site IP's or subnet's to be specified in IPv6, maximum value is "1000" SEG_WhiteListIPV60=fec00000000000000220edfffe6a0f76 SEG_WhiteListIPV60_Mask=ffffffffffffffff0000000000000000 SEG_WhiteListIPV61=240800405fff014cc97f0050f043dbe6 ... SEG_WhiteListIPV6999= Note: SEG_WhiteListIP6{X}_Mask is optional, default subnet mask is "ffffffffffffffffffffffffffffffff" 3. Open the OfficeScan server Web console and go to "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. After the global settings are deployed to OfficeScan client computers, the following registry keys will be installed: [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList] - SEG_WhiteListIPNum=2 (DWORD) Note: Users are allowed to list the IP's or subnet's of a maximum of 1000 approved entries in IPv4. - SEG_WhiteListIPV6Num=2 (DWORD) Note: Users are allowed to list the IP's or subnet's of a maximum of 1000 approved entries in IPv6. The following installed subkeys based on the number of IP or subnet addresses you specified in the "SEG_WhiteListIPNum" or "SEG_WhiteListIPV6Num" key use the "SEG_WhiteListIP{X}" or "SEG_WhiteListIPV6{X}" format. [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\SEG_WhiteListIP0] "IPv4"=dword:1610a8c0 "IPv4Mask"=dword:00ffffff [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\SEG_WhiteListIP1] "IPv4"=dword:2310a8c0 Note: IPv4Mask is optional, default subnet mask is "ffffffff" [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\ SEG_WhiteListIPV60] "IPv6"=hex:fe,c0,00,00,00,00,00,00,02,20,ed,ff,fe,6a,0f,76 "IPv6Mask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00 [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\ SEG_WhiteListIPV61] "IPv6"=hex:24,08,00,40,5f,ff,01,4c,c9,7f,00,50,f0,43,db,e6 Note: IPv6Mask is optional, default subnet mask is "ffffffffffffffffffffffffffffffff" 5. Restart the OfficeScan NT proxy service on OfficeScan client computers. 6.2.18 (From Section 2.3 item 53) --------------------------------------------------------------------- To enable the "remove spyware from zip" function: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following key and set its value to "1". [Global Setting] EnablePassToSSAPI={x} Where: "0" - Disables the "remove spyware from zip" function (Default) "1" - Enables the "remove spyware from zip" function 3. Open the OfficeScan server management console and go to "Networked Computers > Global client settings" page. 4. Select "Clean/Delete infected files within compressed files" checkbox. Note: The "Clean/Delete infected files within compressed files" function depends on the "remove spyware from zip" function of the virus scan engine. By default, the "Clean/Delete infected files within compressed files" function is disabled. Users need to enable it after adding the "EnablePassToSSAPI" key. 5. Click the "Save" button to deploy the setting to all clients. Note: To support this function, users need to update the virus scan engine to version 8.960.1005 or any later version. 6.2.19 (From Section 2.3 item 55) --------------------------------------------------------------------- To configure the option to display the Web reputation (WR) log category information on the OfficeScan server console: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Add the following key under the "INI_SERVICE_MODEL_SECTION" section of the "ofcscan.ini" file and set its value to "1". [INI_SERVICE_MODEL_SECTION] ShowWRSInformation=x Where "x": "0" = option disabled, the Web reputation (WR) log category information will NOT be displayed on the OfficeScan server console "1" = option enabled, the Web reputation (WR) log category information will be displayed on the OfficeScan server console 6.2.20 (From Section 2.3 item 57) --------------------------------------------------------------------- Perform the following on OfficeScan servers that encounter the same issue after installing the patch. To synchronize the client tree data in the OfficeScan server database with the data on the Control Manager server: 1. Open the OfficeScan server Web console, "Administration > Control Manager Settings". 2. Unregister the OfficeScan server from the Control Manager server's registry by clicking the "Unregister" button. 3. Re-register the OfficeScan server on the Control Manager server registry. 6.3 Post-Installation Configuration Steps for Patch 3.1 ===================================================================== 6.3.1 (From Section 2.4 item 2) --------------------------------------------------------------------- To enable the "OfficeScan client NT event log" function: 1. Open the OfficeScan client folder and check if the build numbers of the files match those specified in Section 1.1. If the build number match, proceed with the next step. Otherwise, wait a few minutes and repeat this step. 2. On the server, open the "ofcscan.ini" file in "\PCCSRV\". 3. Under the "Global Setting" section, add the "EnableEventlog" key and assign it a value of "1". [Global Setting] EnableEventlog=1 ("1" : enable, "0" : disable) 4. Open the OfficeScan server management console and click "Networked Computers > Global client settings" to access the "Global client settings" page. 5. Click "Save" to deploy the setting to clients. 6. Restart the OfficeScan client program to activate the setting. 6.3.2 (From Section 2.4 item 3) --------------------------------------------------------------------- Perform the following steps after installing this patch: 1. Restart clients with the same GUID. Although these clients will not be able to register back to the server at this time, the server will record these clients' data. 2. Perform "Connection Verification" from the OfficeScan server Web console (Networked Computers > Connection Verification) to notify the clients to change GUIDs and re-register to the server. 6.3.3 (From Section 2.4 item 17) --------------------------------------------------------------------- To enable the "OfficeScan client NT event log" function and specify the interval to write "Pattern too old" event logs: 1. Open the OfficeScan client folder and check if the build numbers of the files match the version numbers mentioned in Section 1.1. If the build numbers match, proceed with the next step. Otherwise, wait for a few minutes and repeat this step. 2. On the OfficeScan server, open the "ofcscan.ini" file in the "\PCCSRV\" directory. 3. Under the "Global Setting" section, add the following settings: [Global Setting] EnableEventlog=1 ("1 enables the event log function and "0" disables the event log function) EventLogCheckPatternTooOldInterval=x Where x is the time interval in seconds, default value is "3600". The OfficeScan client writes the "Pattern too old" event log at the end of this time interval. 4. Open the OfficeScan server management console and click "Networked Computers > Global client settings" to access the "Global client settings" page. 5. Enable the "Show the alert icon on the Windows taskbar if the virus pattern file is not updated after x day(s)" option in the "Global client settings" page. Note: The "Pattern too old" event log function is dependent on enabling this option. 6. Click "Save" to deploy the setting to clients. 7. Restart the OfficeScan client program to activate the setting. 6.3.4 (From Section 2.4 item 18) --------------------------------------------------------------------- To enable the OfficeScan NT firewall to bypass unknown TCP network traffic: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following key and set its value to "1". [Global Setting] DontDropUnknowTCP={x} Where "x": "0" = Disables the TCP network traffic bypassing feature (Default) "1" = Enables the TCP network traffic bypassing feature 3. Open the OfficeScan server Web console and go to "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. The OfficeScan client program automatically installs the following new registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ tmcfw\Parameters] "DontDropUnknowTCP"=dword:{x} Where "x": "0" = Disables the TCP network traffic bypassing feature (Default) "1" = Enables the TCP network traffic bypassing feature 5. Restart the OfficeScan client. 6.3.5 (From Section 2.4 item 19) --------------------------------------------------------------------- To enable Scheduled Clean: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder in the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following keys and assign the appropriate values: [Global Setting] ScheduleCleanEnable=1 (1: enable, default: 0 disable) ScheduleCleanInterval=60 (unit: minute, default: 120) 3. Open the OfficeScan server Web console and navigate to the "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. 5. The OfficeScan client program installs the following registry on the computer. [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\Schedule Clean] "ScheduleCleanEnable"=dword:{X} "ScheduleCleanInterval"=dword:{Y} Where "X": "0" = Disables Scheduled Clean (Default) "1" = Enables Scheduled Clean Where "Y": The Scheduled Clean interval value in minutes. TIP: For system performance concerns, Trend Micro recommends setting the interval at a value of at least 60 minutes per Scheduled Clean. 6.3.6 (From Section 2.4 item 20) --------------------------------------------------------------------- To enable exporting "Scan Exclusion Lists" information from the OfficeScan server console: 1. Open the "ofcserver.ini" file in the "\PCCSRV\Private" folder on the OfficeScan installation directory. 2. Add the following keys under the "INI_SERVER_SECTION" section of the "ofcserver.ini" file and assign the appropriate value to each key. [INI_SERVER_SECTION] EnableExportExclusionInformation={u} Where: u = 0, disallow users to export exclusion settings u = 1, allow users to export exclusion settings EnableDisplayClientExclusionInformation={v} Where: v = 0, export exclusion settings for domains only v = 1, export exclusion settings for clients and domains EnableDisplayManualScanExclusionSetting={w} Where: w = 0, disallow users to export exclusion settings for manual scans w = 1, allow users to export exclusion settings for manual scans EnableDisplayRealTimeScanExclusionSetting={x} Where: x = 0, disallow users to export exclusion settings for real-time scans x = 1, allow users to export exclusion settings for real-time scans EnableDisplayScheduledScanExclusionSetting={y} Where: y = 0, disallow users to export exclusion settings for scheduled scans y = 1, allow users to export exclusion settings for scheduled scans EnableDisplayScanNowExclusionSetting={z} Where: z = 0, disallow users to export exclusion settings for Scan Now z = 1, allow users to export exclusion settings for Scan Now 3. Open the OfficeScan server Web console and go to "Networked Computers > Client Management" screen. 4. Click "Export Scan Exclusions" to export the information. 6.3.7 (From Section 2.4 item 30) --------------------------------------------------------------------- To prevent OfficeScan clients from retrieving the Real-time scan enable/disable setting from the OfficeScan server: 1. Open the Registry Editor on the target OfficeScan client. 2. Manually add the "LockSetting" key to the following path and set its value to: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration\ LockSetting(DWORD)=1 1: OfficeScan clients' real-time scan enable/disable setting will be locked down. 0: Original or default behavior (clients get the setting from the OfficeScan server) 6.3.8 (From Section 2.4 item 38) --------------------------------------------------------------------- To disable the OfficeScan firewall application filter function: 1. Open the "ofcscan.ini" file in "\PCCSRV\". 2. Under the "Global Setting" section, add the "OfcPfwAppFilter" key and assign it a value of "0". [Global Setting] OfcPfwAppFilter=0 3. Open the OfficeScan server Web console and go to "Networked Computers > Global client settings" screen. 4. Click "Save" to deploy the setting to clients. 5. Restart the OfficeScan client system. 6.3.9 (From Section 2.4 item 44) --------------------------------------------------------------------- Perform the following steps after installing this patch: 1. Delete duplicated client entries from the OfficeScan server Web console. 2. Restart the OfficeScan clients with the same GUID. Although these clients will not be able to register back to the server at this time, the server will record the data for these clients. 3. Perform "Connection Verification" from the OfficeScan server Web console (Networked Computers > Connection Verification) to notify the clients to change GUIDs and re-register to the server. 6.3.10 (From Section 2.4 item 47) --------------------------------------------------------------------- To run a virus scan in Windows safe mode: 1. Open the OfficeScan client installation folder, typically, "C:\Program Files\Trend Micro\OfficeScan Client". 2. Click "PccNT.exe". 3. Run a manual scan. 6.3.11 (From Section 2.4 item 48) --------------------------------------------------------------------- To enable the approved Web site list feature: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server installation directory using a text editor. 2. Under the "Global Setting" section, add the following key and assign the appropriate value. [Global Setting] SEG_WhiteListIPNum=x, where x is the number of approved Web site IP's to be specified in IPv4, maximum is "10" SEG_WhiteListIP0=172.16.1.79 SEG_WhiteListIP1= ... SEG_WhiteListIP9= or [Global Setting] SEG_WhiteListIPV6Num=y, where y is the number of approved Web site IP's to be specified in IPv6, maximum is "10" SEG_WhiteListIPV60=240800405fff014cc97f0050f043dbe6 SEG_WhiteListIPV61= ... SEG_WhiteListIPV69= 3. Open the OfficeScan server Web console and go to "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. After the global settings are deployed to OfficeScan client computers, the following registry keys will be installed: [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList] - SEG_WhiteListIPNum=1 (DWORD) Note: Users are allowed to list the IP's of a maximum of 10 approved Web sites in IPv4. - SEG_WhiteListIPV6Num=1 (DWORD) Note: Users are allowed to list the IP's of a maximum of 10 approved Web sites in IPv6. The following installed subkeys based on the number of IP addresses you specified in the "SEG_WhiteListIPNum" or "SEG_WhiteListIPV6Num" key use the "SEG_WhiteListIP{X}" or "SEG_WhiteListIPV6{X}" format. Key: HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\ SEG_WhiteListIP0 Name: IPv4 Type: REG_DWORD Data: 0x4F0110AC Note: 172.16.1.79 = AC 10 01 4F (hexadecimal) IPv4=4F0110AC (reverse) Key: HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList\ SEG_WhiteListIPV60 Name: IPv6 Type: REG_BINARY Data: 24 08 00 40 5f ff 01 4c c9 7f 00 50 f0 43 db e6 Note: IPv6=240800405fff014cc97f0050f043dbe6 (binary length 16) 5. Restart the OfficeScan NT proxy service on OfficeScan client computers. 6.3.12 (From Section 2.4 item 54) --------------------------------------------------------------------- To enable the automatic mount point detection feature: 1. Open the "ofcscan.ini" file on the OfficeScan server using a text editor. 2. Add the following two (2) DWORD keys under the "Global Setting" section of the "ofcscan.ini" file and assign a preferred value for each key. [Global Setting] EnableAutoMountPointDetection=1; "1" = enabled, "0" = disabled (default) CheckMountPointInterval=x; where x = time interval in seconds between two mount point detection events, default value is 300 seconds 3. Deploy the global setting to OfficeScan clients from the OfficeScan server console, "Networked Computers" > "Global Client Settings" > Press "Save" button. OfficeScan clients will save the settings to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\Real Time Scan Configuration\ - EnableAutoMountPointDetection (DWORD value) - CheckMountPointInterval (DWORD value) 6.4 Post-Installation Configuration Steps for Patch 2 ===================================================================== 6.4.1 (From Section 2 Product Enhancements item 3) --------------------------------------------------------------------- To deploy a different update schedule for offline clients: Note: In order to deploy different update schedule for offline clients, the clients need to be connected to the server. --------------------------------------------------------------------- 1. On the OfficeScan server, open the "ofcscan.ini" file in "\PCCSRV\". 2. Under the "Global Setting" section, add the following settings: [Global Setting] OfflineScheduleUpdateEnableDisable=v Replace "v" with one of the following values: 0 - Disable scheduled updates for offline clients (default) 1 - Enable scheduled updates for offline clients OfflineScheduleUpdateStartWeekday=w Replace "w" with one of the following values to specify the day to start the scheduled updates for offline clients: 0 - Sunday 1 - Monday 2 - Tuesday 3 - Wednesday 4 - Thursday 5 - Friday 6 - Saturday 7 - Sunday OfflineScheduleUpdateStartHour=x Replace "x" with any integer from "0" to "23" to specify the hour value for the start time of scheduled updates for offline clients. OfflineScheduleUpdateStartMin=y Replace "y" with any integer from "0" to "59" to specify the minute value for the start time of scheduled updates for offline clients. OfflineScheduleUpdateInterval=z Replace "z" with any integer value from "5" to specify the time interval in minutes between scheduled updates. Set "z" to: - "30", for 30-minute intervals (default) - "1440", for daily updates - "10080", for weekly updates Example 1: Use the following settings to schedule HOURLY updates for offline clients: OfflineScheduleUpdateEnableDisable=1 OfflineScheduleUpdateStartWeekday=0 OfflineScheduleUpdateStartHour=0 OfflineScheduleUpdateStartMin=0 OfflineScheduleUpdateInterval=60 Example 2: Use the following settings to schedule DAILY updates for offline clients starting from 12:45 pm: OfflineScheduleUpdateEnableDisable=1 OfflineScheduleUpdateStartWeekday=0 OfflineScheduleUpdateStartHour=12 OfflineScheduleUpdateStartMin=45 OfflineScheduleUpdateInterval=1440 Example 3: Use the following settings to schedule WEEKLY updates for offline clients starting from Wednesday at 2:50 pm: OfflineScheduleUpdateEnableDisable=1 OfflineScheduleUpdateStartWeekday=3 OfflineScheduleUpdateStartHour=14 OfflineScheduleUpdateStartMin=50 OfflineScheduleUpdateInterval=10080 3. Open the OfficeScan server Web console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global client settings" page. 4. Click "Save" to deploy the setting to clients. 6.4.2 (From Section 2.5 item 1) --------------------------------------------------------------------- To configure the "Tmlisten.exe" to discover IIS server and Microsoft Exchange server related folders for exclusion from scans: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory. 2. Under the "Global Setting" section, add the following key and set its value to "1". [Global Setting] ExcludeExchangeStore={x} Where x: "0" = Disables the discovery process "1" = Enables the discovery process (Default) 3. Open the OfficeScan server Web console and go to the "Networked Computers > Global Client Settings" screen. 4. Click "Save" to deploy the setting to clients. 6.4.3 (From Section 2.5 item 3) --------------------------------------------------------------------- Complete the following on OfficeScan servers that encounter issues: 1. Stop the OfficeScan 8.0 MCP agent service. 2. Delete the file "OSCE_Client.txt" from the OfficeScan 8.0 server installation folder "...\PCCSRV\CMAgent". 3. Start the OfficeScan 8.0 MCP agent service. 6.4.4 (From Section 2.5 item 6) --------------------------------------------------------------------- To enable the OfficeScan server console to display the "Logon Name" field on the "Virus/Malware Log Details" page: 1. On the OfficeScan server, open the "ofcscan.ini" file using a text editor. 2. Add the following configuration in the "INI_VIRUSLOG_SECTION" of the "ofcscan.ini" file and set its value to "1": [INI_VIRUSLOG_SECTION] ViewLogonName=1 (default value is "0") Note: Setting "ViewLogonName=1" enables the OfficeScan server console to display the logon name in the "Virus/Malware Log Details" page. 3. Save the changes to the "ofcscn.ini" file. 6.4.5 (From Section 2.5 item 8) --------------------------------------------------------------------- To deny write access to multiple Temporary Internet Files folders on the system: 1. Specify the path of the directory to protect in the "Deny Write Settings" screen in Outbreak Prevention. For example, "C:\Documents and Settings\*\ Local Settings\Temporary Internet Files" where C: is the system drive. A wildcard (*) is used to match the Temporary Internet Files folders of all user accounts on this system. 2. Save the configuration in the "Deny Write Setting" screen and activate the Outbreak Prevention settings. 6.4.6 (From Section 2.5 item 19) --------------------------------------------------------------------- If the OfficeScan server encounters issues after installing this patch: 1. Stop the OfficeScan 8.0 MCP agent service. 2. Delete the file "OSCE_Client.txt" from the OfficeScan 8.0 server installation folder, "...\PCCSRV\CMAgent". 3. Start the OfficeScan 8.0 MCP agent service. 6.4.7 (From Section 2.5 item 21) --------------------------------------------------------------------- To enable the OfficeScan server to send the DNS domain name to the Control Manager server: 1. Open the "Product.ini" file using a text editor. 2. Add the following key under the "Configure" section of the "Product.ini" file and set its value to "1": [Configure] QueryDNSDomainName=1 3. Restart the OfficeScan MCP service. 6.4.8 (From Section 2.5 item 24) --------------------------------------------------------------------- To enable the approved Web site list feature: 1. Open the registry editor and add the following registry keys: [HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList] - UseWhiteList=1 (DWORD) (0 = Disabled, 1 = Enabled) - SEG_WhiteListIPNum=1 (DWORD) (Number of approved Web site list IP, Max value is 10) - SEG_WhiteListIPV6Num=1 (DWORD) (Number of approved Web site list IP, Max value is 10) 2. Create subkeys based on the number of IP addresses you specified in the "SEG_WhiteListIPNum" key. Subkeys use the format "SEG_WhiteListIP{X}" and specify each IP address in reverse notation. For example: When adding the subkey for the first IP address: Key: HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\ WhiteList\SEG_WhiteListIP0 Name: IPv4 Type: REG_DWORD Data: 0x4F0110AC Note: 172.16.1.79 = AC 10 01 4F (hexadecimal) IPv4=4F0110AC (reverse) 3. For IPv6, create subkeys based on the number of IP addresses you specified in the "SEG_WhiteListIPV6Num" key. Subkeys use the format "SEG_WhiteListIPV6{X}". For example: When adding the subkey of the first IP address: Key: HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\ WhiteList\SEG_WhiteListIPV60 Name: IPv6 Type: REG_BINARY Data: 24 08 00 40 5f ff 01 4c c9 7f 00 50 f0 43 db e6 Note: IPv6=240800405fff014cc97f0050f043dbe6 (binary length 16) 4. Restart the OfficeScan NT Proxy service. Note: OfficeScan client users need to restart their computers after applying this patch to load the new NSC driver version to the computers. 6.4.9 (From Section 2.5 item 25) --------------------------------------------------------------------- To enable the delay option of the firewall service, for each OfficeScan client: 1. Manually add the following new registry key: Key: HKLM\SOFTWARE\TrendMicro\NSC\PFW\ Name: InitSleep Type: REG_DWORD Value: in milliseconds 2. Set the value of "InitSleep" key to the chosen time of delay in milliseconds. For example, to set the delay to 60 seconds, set "InitSleep=60000". The new setting will take effect when the service is restarted. To enable the delay option globally: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server. 2. Under the "Global Setting" section, manually add the "OfcPfwSvcInitSleep" key and assign it a value of the chosen time of delay in milliseconds: For example, to set the delay to 60 seconds, set: [Global Setting] OfcPfwSvcInitSleep=60000 3. Open the OfficeScan server management console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global Client Settings" page. 4. Click "Save" to deploy the setting to clients. 6.4.10 (From Section 2.5 item 26) --------------------------------------------------------------------- To enable the "IpBroadcastSwitch" function: 1. Deploy the new registry key to the OfficeScan 8.0 Service Pack 1 Patch 1 clients. a. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server. b. Add "IpBroadcastSwitch=1" in the "Global Setting" section. c. Open the OfficeScan Web console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global Client Settings" page. d. Click "Save" to deploy the setting to clients. A new key, "IpBroadcastSwitch" with the value of "1", is automatically added under the registry folder on the OfficeScan 8.0 Service Pack 1 Patch 1 client computers: RegKey: \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\tmcfw\Parameters RegValue: IpBroadcastSwitch (DWORD)=1 2. Restart the OfficeScan 8.0 Service Pack 1 Patch 1 client computers to effect the setting. The deployed components with the new registry key settings prevent the blocked network stream issue. To disable the "IpBroadcastSwitch" function: 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server. 2. In the [Global Setting] section, set "IpBroadcastSwitch=0". 3. Open the OfficeScan Web console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global Client Settings" page. 4. Click "Save" to deploy the setting to clients. The value of the "IpBroadcastSwitch" key under the registry folder on each OfficeScan 8.0 Service Pack 1 Patch 1 client computer is automatically changed to "0". RegKey: \\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \tmcfw\Parameters RegValue: IpBroadcastSwitch (DWORD)=0 6.4.11 (From Section 2.5 item 30) --------------------------------------------------------------------- To enable and deploy the "NonSynProxySetting" setting to OfficeScan clients: 1. Open the "ofcscan.ini" file using a text editor. 2. Add the following key to the "Global Setting" section of the "ofcscan.ini" file: [Global Setting] NonSynProxySetting=x Where "x": "0" = The OfficeScan client will synchronize intranet proxy settings with the OfficeScan server. "1" = The OfficeScan client will not synchronize intranet proxy settings with the OfficeScan server. 3. Open the OfficeScan server Web console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global client settings" page. Click "Save" to deploy the setting to clients. 6.4.12 (From Section 2.5 item 31) --------------------------------------------------------------------- To prevent the OfficeScan 8.0 Service Pack 1 Web Reputation Service from blocking the webcam network stream: 1. Deploy the new components to the OfficeScan 8.0 Service Pack 1 clients. 2. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan server. 3. Add "TmProxy_Http_EnableRequestSndBuf" key under the "Global Setting" section and set its value to "0". [Global Setting] TmProxy_Http_EnableRequestSndBuf=0 4. Open the OfficeScan Web console and click "Networked Computers > Global Client Settings" on the main menu to access the "Global Client Settings" page. 5. Click "Save" to deploy the setting to clients. A new key, "EnableRequestSndBuf" with the value of "0", is automatically added under the registry folder on the OfficeScan 8.0 Service Pack 1 client computer: "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\NSC\TmProxy\ ProtocolHandler\http\config\" 6. Restart all OfficeScan 8.0 Service Pack 1 clients to effect the settings. The deployed components with the new registry key settings prevent the blocked network stream issue. Updating the Common Firewall Driver resets all port configurations and disconnects all applications. Some applications are reconnected automatically after the update while some applications need to be manually reconnected. OfficeScan client users need to restart their computers after applying this patch to load the new Firewall driver version to the computers. 6.4.13 (From Section 2.5 item 38) --------------------------------------------------------------------- The Trend Micro Internet Security personal firewall may block traffic coming from Vulnerability Scanner. To avoid this issue, add the following exceptions to the Trend Micro Internet Security personal firewall: a. Allow incoming ICMP packet b. Allow incoming UDP packet on port 40116 Refer to the Trend Micro Internet Security documentation for the procedure. 6.4.14 (From Section 2.5 item 55) --------------------------------------------------------------------- To set the time interval between rule update checking tasks: 1. Stop the OfficeScan NT firewall service. 2. Add the following registry key: RegKey: \\HKEY_LOCAL_MACHINE\Software\TrendMicro\NSC\PFW\ RegValue: RuleWriteInterval (DWORD) Value: time interval, in milliseconds Default value: 1800000 (30 minutes) 3. Start the OfficeScan NT firewall service. 6.5 Post-Installation Configuration Steps for Patch 1 ===================================================================== (For Section 2.6 item 6) To override the OfficeScan client's local exclusion folder setting: ------------------------------------------------------------------- 1. Open the "ofcscan.ini" file in the "\PCCSRV\" folder of the OfficeScan server. 2. Under the "[Global Setting]" section, add the value of your choice. [Global Setting] PSKeepLocalExcludeFolder=x --> for Scheduled Scan exclusion MSKeepLocalExcludeFolder=x --> for Manual Scan exclusion RTKeepLocalExcludeFolder=x --> for Real-time Scan exclusion SNKeepLocalExcludeFolder=x --> for Scan Now exclusion Where "x" can be: "1" - Exclusion folder setting will not be overwritten by the server's setting. "0" - Exclusion folder setting will be overwritten by the server's setting. 3. On the OfficeScan server Web console, navigate to "Networked Computers > Global Client Settings" and click "Save". 4. Open the Registry Editor and perform the following: a. Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ PC-cillinNTCorp\CurrentVersion\". b. Click the key of the scan type you configured in step 2. * Manual Scan Configuration * Prescheduled Scan Configuration * Real Time Scan Configuration * Scan Now Scan Configuration c. Add the following registry value to the key: * Name: KeepLocalExcludeFolder * Type: REG_DWORD * Value: 1 For example: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\ CurrentVersion\Prescheduled Scan Configuration\ KeepLocalExcludeFolder=1" 7. Known Issues ======================================================================== 1. Installing this patch automatically restarts the OfficeScan Master Service and Web service (World Wide Web Publishing service or Apache 2 service). Do not install this patch when an important task, such as a component update, is running. 2. Updating the Common Firewall Driver resets all port configurations and disconnects all applications. Applications that can reconnect on their own will be reconnected automatically. For applications that cannot reconnect, perform manual reconnection. 3. The administrator will not be able to remotely install OfficeScan client to Windows 7 x86 platforms without enabling the default administrator account. To resolve this issue: Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disables this feature. Option A: Use the domain administrator account to remotely install OfficeScan 10 Service Pack 1 clients to Windows 7 computers. Option B: Use the default administrator account: a. Type the "net user administrator /active:yes" command from the command console to enable the default administrator account. b. Use the default administrator account to remotely install the OfficeScan client to the Windows 7 machine. 4. Installing OfficeScan clients to Windows 7 in VMware may cause the system to stop responding. This is because of compatibility issues with the Intel(TM) Network Adapter Driver. 8. Release History ======================================================================== - OfficeScan 8.0 Service Pack 1 Patch 4, August 2009 - OfficeScan 8.0 Service Pack 1 Patch 3.1, June 2009 - OfficeScan 8.0 Service Pack 1 Patch 2, November 2008 - OfficeScan 8.0 Service Pack 1 Patch 1, August 2008 - OfficeScan 8.0 Service Pack 1, June 2008 - OfficeScan 8.0, June 2007 See the following Web site for more information about updates to this product: http://www.trendmicro.com/download/product.asp?productid=5 9. Files Included in this Release ======================================================================== Module File Name Installation Path Build No. ---------------- ----------------- --------- AutoPcc.exe PCCSRV 10.5.0.1228 AutoPccP.exe PCCSRV 10.5.0.1228 FlowControl.dll PCCSRV 8.0.0.3510 SvcMgr.dll PCCSRV 8.0.0.3510 SvrSvcSetup.exe PCCSRV 8.0.0.3510 VSAPI32.DLL PCCSRV 8.950.0.1092 hotfix_history.ini PCCSRV\Admin * OSCETSCLog.dll PCCSRV\Admin 10.5.0.1228 patchw64.dll PCCSRV\Admin 11.0.0.0 SetupMan.dll PCCSRV\Admin 8.0.0.3510 SvcMgr.dll PCCSRV\Admin 8.0.0.3510 SvcRunAp.exe PCCSRV\Admin 8.0.0.3510 TimeString.dll PCCSRV\Admin 10.5.0.1228 tmun PCCSRV\Admin * tmun_as PCCSRV\Admin * tmuninst.dll PCCSRV\Admin 10.5.0.1228 tmuninst.exe PCCSRV\Admin 10.5.0.1228 tmuninst.ptn PCCSRV\Admin * tmuninst_as.ptn PCCSRV\Admin * TmUpdate.dll PCCSRV\Admin 2.82.0.1074 TmUpdate64.dll PCCSRV\Admin 2.82.0.1074 TSC.ini PCCSRV\Admin * VSAPI32.DLL PCCSRV\Admin 8.950.0.1092 CLIENTMSISETUP_MSI PCCSRV\Admin\Utility\ClientPackager * ClnPack.exe PCCSRV\Admin\Utility\ClientPackager 8.0.0.3510 ClnPack.ini PCCSRV\Admin\Utility\ClientPackager * VSAPI32.DLL PCCSRV\Admin\Utility\ClientPackager 8.950.0.1092 ImgSetup.exe PCCSRV\Admin\Utility\ImgSetup 8.0.0.3510 TMNotify.dll PCCSRV\Admin\Utility\TMVS 1.3.0.1031 TMVS.exe PCCSRV\Admin\Utility\TMVS 8.0.0.3510 VSAPI32.DLL PCCSRV\Admin\Utility\VSEncrypt 8.950.0.1092 CGIResUTF8.dll PCCSRV\CmAgent 8.0.0.3510 En_I18N.dll PCCSRV\CmAgent 5.0.0.2010 En_Utility.dll PCCSRV\CmAgent 5.0.0.2010 ofcCMAgent.exe PCCSRV\CmAgent 8.0.0.3510 ProductLibrary.dll PCCSRV\CmAgent 8.0.0.3510 TrendAprWrapperDll.dll PCCSRV\CmAgent 5.0.0.2010 vstlib32.zip PCCSRV\download\engine vstlib64.zip PCCSRV\download\engine ssapi32.zip PCCSRV\download\engine\ssapi32_v6 ssapi64.zip PCCSRV\download\engine\ssapi64_v6 ssapi32.dll PCCSRV\engine 6.2.0.3015 VSAPI32.DLL PCCSRV\engine 8.950.0.1092 vstlib32.dll PCCSRV\engine 1.2.0.3015 ssapi64.dll PCCSRV\engine\X64 6.2.0.3015 vsapi64.dll PCCSRV\engine\X64 8.950.0.1092 vstlib64.dll PCCSRV\engine\X64 1.2.0.3015 ClientHelp.zip PCCSRV\Pccnt * libCNTProdRes.dll PCCSRV\Pccnt 10.5.0.1228 NTMonRes.dll PCCSRV\Pccnt 8.0.0.3510 NTRtScan.exe PCCSRV\Pccnt 10.5.0.1229 NTSvcRes.dll PCCSRV\Pccnt 8.0.0.3510 PccNTRes.dll PCCSRV\Pccnt 8.0.0.3510 SvcMgr.dll PCCSRV\Pccnt 8.0.0.3510 TMNotify.dll PCCSRV\Pccnt 1.3.0.1031 FlowControl.dll PCCSRV\Pccnt\Common 8.0.0.3510 libNetCtrl.dll PCCSRV\Pccnt\Common 10.5.0.1228 NTRmv.exe PCCSRV\Pccnt\Common 10.5.0.1228 OfcDog.dll PCCSRV\Pccnt\Common 10.5.0.1228 OfcDog.exe PCCSRV\Pccnt\Common 10.5.0.1228 OfcPfwCommon.dll PCCSRV\Pccnt\Common 10.5.0.1228 OfcPfwSvc.dll PCCSRV\Pccnt\Common 10.5.0.1228 PccNT.exe PCCSRV\Pccnt\Common 8.0.0.3510 PccNTMon.exe PCCSRV\Pccnt\Common 8.0.0.3510 PccNTUpd.exe PCCSRV\Pccnt\Common 10.5.0.1228 TmListen.dll PCCSRV\Pccnt\Common 10.5.0.1228 TmListen.exe PCCSRV\Pccnt\Common 10.5.0.1228 TmListenShare.dll PCCSRV\Pccnt\Common 10.5.0.1228 TmOPP.dll PCCSRV\Pccnt\Common 10.5.0.1228 TmSock.dll PCCSRV\Pccnt\Common 10.5.0.1228 tmufeng.dll PCCSRV\Pccnt\Common 3.0.0.1029 Upgrade.exe PCCSRV\Pccnt\Common 10.5.0.1228 PccWFWMo.dll PCCSRV\Pccnt\Common 1.0.0.0 tmCfwApi.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmFpHcEx.exe PCCSRV\Pccnt\Common 5.81.0.1056 tmHash.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmpeUrlF.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmpeVS.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmPfw.exe PCCSRV\Pccnt\Common 5.81.0.1056 TmPfw.exe.manifest PCCSRV\Pccnt\Common * TmPfwApi.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmPfwCtl.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmPfwLog.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmPfwRul.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmphHttp.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmphPop3.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmProxy.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmProxy.exe PCCSRV\Pccnt\Common 5.81.0.1056 TmProxy.exe.manifest PCCSRV\Pccnt\Common * TmpxCfg.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmpxHash.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmpxHelp.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmsmHttp.dll PCCSRV\Pccnt\Common 5.81.0.1056 TmsmMail.dll PCCSRV\Pccnt\Common 5.81.0.1056 tmwfpapi.dll PCCSRV\Pccnt\Common 5.81.0.1056 data1.cab PCCSRV\Pccnt\Disk1 * data1.hdr PCCSRV\Pccnt\Disk1 * data2.cab PCCSRV\Pccnt\Disk1 * setup.inx PCCSRV\Pccnt\Disk1 * DIFxAPI.dll PCCSRV\Pccnt\Drv 2.1.0.0 TMLWF.sys PCCSRV\Pccnt\Drv 5.81.0.1056 TMWFP.sys PCCSRV\Pccnt\Drv 5.81.0.1056 TM_CFW.inf PCCSRV\Pccnt\Drv * TM_CFW.sys PCCSRV\Pccnt\Drv 5.81.0.1056 TM_CFWMP.inf PCCSRV\Pccnt\Drv * TmTdi.inf PCCSRV\Pccnt\Drv * ncfg.exe PCCSRV\Pccnt\Drv 5.81.0.1056 tdiins.exe PCCSRV\Pccnt\Drv 5.81.0.1042 tm_cfw.cat PCCSRV\Pccnt\Drv * tmcomm.inf PCCSRV\Pccnt\Drv * tmcomm.sys PCCSRV\Pccnt\Drv 2.8.0.1079 tmlwf.cat PCCSRV\Pccnt\Drv * tmlwf.inf PCCSRV\Pccnt\Drv * tmlwfins.exe PCCSRV\Pccnt\Drv 5.81.0.1056 tmtdi.cat PCCSRV\Pccnt\Drv * tmtdi.dll PCCSRV\Pccnt\Drv 5.81.0.1042 tmtdi.sys PCCSRV\Pccnt\Drv 5.81.0.1042 tmwfp.cat PCCSRV\Pccnt\Drv * tmwfp.inf PCCSRV\Pccnt\Drv * tmwfpins.exe PCCSRV\Pccnt\Drv 5.81.0.1056 DIFxAPI.dll PCCSRV\Pccnt\Drv\X64 2.1.0.0 ncfg.exe PCCSRV\Pccnt\Drv\X64 5.81.0.1056 tdiins.exe PCCSRV\Pccnt\Drv\X64 5.81.0.1042 tm_cfw.cat PCCSRV\Pccnt\Drv\X64 * TM_CFW.inf PCCSRV\Pccnt\Drv\X64 * TM_CFW.sys PCCSRV\Pccnt\Drv\X64 5.81.0.1056 TM_CFWMP.inf PCCSRV\Pccnt\Drv\X64 * tmlwf.cat PCCSRV\Pccnt\Drv\X64 * tmlwf.inf PCCSRV\Pccnt\Drv\X64 * TMLWF.sys PCCSRV\Pccnt\Drv\X64 5.81.0.1056 tmlwfins.exe PCCSRV\Pccnt\Drv\X64 5.81.0.1056 tmtdi.cat PCCSRV\Pccnt\Drv\X64 * tmtdi.dll PCCSRV\Pccnt\Drv\X64 5.81.0.1042 TmTdi.inf PCCSRV\Pccnt\Drv\X64 * tmtdi.sys PCCSRV\Pccnt\Drv\X64 5.81.0.1042 tmwfp.cat PCCSRV\Pccnt\Drv\X64 * tmwfp.inf PCCSRV\Pccnt\Drv\X64 * TMWFP.sys PCCSRV\Pccnt\Drv\X64 5.81.0.1056 tmwfpins.exe PCCSRV\Pccnt\Drv\X64 5.81.0.1056 FlowControl_64x.dll PCCSRV\Pccnt\Win64\X64 8.0.0.3510 libCNTProdRes_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 libNetCtrl_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 NTRmv.exe PCCSRV\Pccnt\Win64\X64 10.5.0.1228 Ntrtscan.exe PCCSRV\Pccnt\Win64\X64 10.5.0.1229 OfcDog.exe PCCSRV\Pccnt\Win64\X64 10.5.0.1228 OfcDog_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 OfcPfwCommon_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 OfcPfwSvc_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 OSCETSCLog_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 PccNt.exe PCCSRV\Pccnt\Win64\X64 8.0.0.3510 PccNTMon.exe PCCSRV\Pccnt\Win64\X64 8.0.0.3510 PccNTUpd.exe PCCSRV\Pccnt\Win64\X64 10.5.0.1228 TimeString_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 TmListen.exe PCCSRV\Pccnt\Win64\X64 10.5.0.1228 TmListen_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 TmListenShare_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 TmOPP_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 TmSock_64x.dll PCCSRV\Pccnt\Win64\X64 10.5.0.1228 libeay32.dll(X64) PCCSRV\Pccnt\Win64\X64 * ssleay32.dll(X64) PCCSRV\Pccnt\Win64\X64 * TMNotify.dll(X64) PCCSRV\Pccnt\Win64\X64 1.3.0.1114 tmufeng.dll PCCSRV\Pccnt\Win64\X64 3.0.0.1029 Upgrade.exe PCCSRV\Pccnt\Win64\X64 10.5.0.1228 PccWFWMo_64x.dll PCCSRV\Pccnt\Win64\X64 1.0.0.0 tmCfwApi.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmFpHcEx.exe PCCSRV\Pccnt\Win64\X64 5.81.0.1056 tmHash.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmpeUrlF.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmpeVS.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmPfw.exe PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmPfw.exe.manifest PCCSRV\Pccnt\Win64\X64 * TmPfwApi.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmPfwCtl.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmPfwLog.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmPfwRul.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmphHttp.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmphPop3.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmProxy.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmProxy.exe PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmProxy.exe.manifest PCCSRV\Pccnt\Win64\X64 * TmpxCfg.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmpxHash.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmpxHelp.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmsmHttp.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 TmsmMail.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 tmwfpapi.dll PCCSRV\Pccnt\Win64\X64 5.81.0.1056 CGIOCommon.dll PCCSRV\Web\Service 8.0.0.3510 CGIRes.dll PCCSRV\Web\Service 8.0.0.3510 CGIResUTF8.dll PCCSRV\Web\Service 8.0.0.3510 CGIShare.dll PCCSRV\Web\Service 8.0.0.3510 CmdHLClient.dll PCCSRV\Web\Service 8.0.0.3510 CmdHOConsole.dll PCCSRV\Web\Service 8.0.0.3510 DbServer.exe PCCSRV\Web\Service 8.0.0.3510 LogCache.dll PCCSRV\Web\Service 8.0.0.3510 OfcDownload.dll PCCSRV\Web\Service 8.0.0.3510 OfcHotFix.exe PCCSRV\Web\Service 8.0.0.3510 OfcNotify.dll PCCSRV\Web\Service 8.0.0.3510 OfcNotifyQueue.dll PCCSRV\Web\Service 8.0.0.3510 OfcService.exe PCCSRV\Web\Service 8.0.0.3510 SvcMgr.dll PCCSRV\Web\Service 8.0.0.3510 TimeString.dll PCCSRV\Web\Service 10.5.0.1228 TMNotify.dll PCCSRV\Web\Service 1.3.0.1031 TmPrApiT.dll PCCSRV\Web\Service 1.2.0.1019 TmUpdate.dll PCCSRV\Web\Service 2.82.0.1074 VerConn.exe PCCSRV\Web\Service 8.0.0.3510 VSAPI32.DLL PCCSRV\Web\Service 8.950.0.1092 cgiCAV.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiCheckIP.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiCMAgent.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiExportInfo.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiGetClient.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiGetDomain.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiImportInfo.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiLog.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 CGIOCommon.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 CGIOCommonN.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnClientCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnClose.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnInst.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnMSCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnPSCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnRTCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnScan.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnStart.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnUnst.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiOnUpdate.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRecvFile.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 CGIRes.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 CGIResUTF8.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRqAlertMsg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRqCfg.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRqHotFix.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRqINI.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRqOPP.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 cgiRqService.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.1242 cgiRqUnInst.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 CGIShare.dll PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 jdkGetNotifyClient.exe PCCSRV\Web_OSCE\Web\CGI 8.0.0.3510 SSO_PKIHelper.dll PCCSRV\Web_OSCE\Web\CGI 5.0.0.2010 TimeString.dll PCCSRV\Web_OSCE\Web\CGI 10.5.0.1228 VSAPI32.DLL PCCSRV\Web_OSCE\Web\CGI 8.950.0.1092 OFCESCVPack.exe PCCSRV\Web_OSCE\Web\ClientUtility * cgiCmdNotify.exe PCCSRV\Web_OSCE\Web_console\CGI 5.0.0.2010 cgiFindClient.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 CGIOCommon.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 CGIRes.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 CGIResUTF8.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 CGIShare.dll PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 cgiShowCAV.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 cgiShowClientAdm.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 cgiShowLogs.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 cgiShowPFW.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 cgiShowSmb.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.1242 cgiShowSummary.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 cgiWebUpdate.exe PCCSRV\Web_OSCE\Web_console\CGI 8.0.0.3510 SSO_PKIHelper.dll PCCSRV\Web_OSCE\Web_console\CGI 5.0.0.2010 TimeString.dll PCCSRV\Web_OSCE\Web_console\CGI 10.5.0.1228 TMNotify.dll PCCSRV\Web_OSCE\Web_console\CGI 1.3.0.1031 TmUpdate.dll PCCSRV\Web_OSCE\Web_console\CGI 2.82.0.1074 TrendAprWrapperDll.dll PCCSRV\Web_OSCE\Web_console\CGI 5.0.0.2010 VSAPI32.DLL PCCSRV\Web_OSCE\Web_console\CGI 8.950.0.1092 ServerHelp.zip PCCSRV\Web_OSCE\Web_console\HTML * Install.cab PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall RemoveCtrl.cab PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall profile_edit.htm PCCSRV\Web_OSCE\Web_console\HTML\PFW client_cfg_manualscan.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_cfg_privileage.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_cfg_realtimelscan.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_cfg_scannow.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_cfg_schedulescan.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_globalsetting.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_list.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_urlfiltering_policies.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag client_urlfiltering_proxy.htm PCCSRV\Web_OSCE\Web_console\HTML\clientmag js-clientmag.js PCCSRV\Web_OSCE\Web_console\HTML\common js-common.js PCCSRV\Web_OSCE\Web_console\HTML\common ln_clientmag.js PCCSRV\Web_OSCE\Web_console\HTML\common ln_common.js PCCSRV\Web_OSCE\Web_console\HTML\common x_localization.xml PCCSRV\Web_OSCE\Web_console\HTML\common x_view_status.xsl PCCSRV\Web_OSCE\Web_console\HTML\common configuring_global_settings.htm PCCSRV\Web_OSCE\Web_console\HTML\ help\osce_topics setting_privileges.htm PCCSRV\Web_OSCE\Web_console\HTML\ help\osce_topics using_token_variables.htm PCCSRV\Web_OSCE\Web_console\HTML\ help\osce_topics log_client_upadte_detail.htm PCCSRV\Web_OSCE\Web_console\HTML\logs logs_pfw_view.htm PCCSRV\Web_OSCE\Web_console\HTML\logs Logs_spyware.htm PCCSRV\Web_OSCE\Web_console\HTML\logs Logs_spyware_apply.htm PCCSRV\Web_OSCE\Web_console\HTML\logs Logs_spyware_detail.htm PCCSRV\Web_OSCE\Web_console\HTML\logs logs_spyware_view.htm PCCSRV\Web_OSCE\Web_console\HTML\logs Logs_virus.htm PCCSRV\Web_OSCE\Web_console\HTML\logs Logs_virus_detail.htm PCCSRV\Web_OSCE\Web_console\HTML\logs Logs_virus_detail2.htm PCCSRV\Web_OSCE\Web_console\HTML\logs logs_virus_view.htm PCCSRV\Web_OSCE\Web_console\HTML\logs logs_WebSecurity.htm PCCSRV\Web_OSCE\Web_console\HTML\logs logs_WebSecurity_HideDetail.htm PCCSRV\Web_OSCE\Web_console\HTML\logs logs_WebSecurity_view.htm PCCSRV\Web_OSCE\Web_console\HTML\logs notify_outbreakalert.htm PCCSRV\Web_OSCE\Web_console\HTML\notify notify_standardalert.htm PCCSRV\Web_OSCE\Web_console\HTML\notify About.htm PCCSRV\Web_OSCE\Web_console\HTML\root AtxConsole.cab PCCSRV\Web_OSCE\Web_console\HTML\root AtxConsole.ocx PCCSRV\Web_OSCE\Web_console\HTML\root 8.0.0.3510 AtxEnc.cab PCCSRV\Web_OSCE\Web_console\HTML\root AtxPie.cab PCCSRV\Web_OSCE\Web_console\HTML\root calendar.htm PCCSRV\Web_OSCE\Web_console\HTML\root server_database_backup_now.htm PCCSRV\Web_OSCE\Web_console\HTML\serveradm summary.htm PCCSRV\Web_OSCE\Web_console\HTML\summary summary_top10_osce.htm PCCSRV\Web_OSCE\Web_console\HTML\summary client_deployment_manual.htm PCCSRV\Web_OSCE\Web_console\HTML\update CGIRes.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.0.0.3510 CGIShare.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.0.0.3510 SetupMan.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.0.0.3510 SvcMgr.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.0.0.3510 SvcRunAp.exe PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.0.0.3510 TimeString.dll PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 10.5.0.1228 VSAPI32.DLL PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI 8.950.0.1092 ---------------- ---------------------------------------------------- Policy Server Module File Name Installation Path Build No. ---------------- ----------------- --------- PolicyServer.exe PolicyServer 8.0.0.3510 cgiABConsole.exe PolicyServer\Web\Console\cgi 8.0.0.3510 cgiABLogon.exe PolicyServer\Web\Console\cgi 8.0.0.3510 CGIOCommonN.dll PolicyServer\Web\Console\cgi 8.0.0.3510 TimeString.dll PolicyServer\Web\Console\cgi 10.5.0.1228 --------------------------------------------------------------------- OfficeScan 8.0 Service Pack 1 Patch 5 Package Size 54.6MB (compressed) Windows(TM) 2000/XP/2003/Vista/2008 Client 22.7MB Windows x64 Client 35.2MB 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 1998-2010, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Control Manager, ServerProtect, Internet Security, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide