Summary
After upgrading to OfficeScan XG SP1, the administrator is unable to install or update the printer driver when Real-time Scan is enabled. However, when we narrow down which module is causing the issue, we’ve identified that Predictive Machine Learning is blocking the installation DYMOLabelWriter based on the ofcdebug and CCSF Debug log snippets below:
In osce_debug.log:
2018 04/17 07:42:43 [0a78 : 13a8] (00) (D) [-REAL-][ntrtscan.exe]CTrendXFileHandler::HandleFilePreCreate - >> PID: 4, File path: C:\PROGRAM FILES (X86)\DYMO\DYMO LABEL SOFTWARE\X64\DYMOLABELFRAMEWORKIEPLUGIN.DLL, DesiredAccess: 0xa1 - [cnttmnts_AegisActivityMonitorHandler.cpp(3711)] 2018 04/17 07:42:43 [0a78 : 13a8] (00) (D) [-REAL-][ntrtscan.exe]CTrendXFileHandler::HandleScriptHostInterestedFileEvent - >>> PID = 4, wstrFilePath = C:\PROGRAM FILES (X86)\DYMO\DYMO LABEL SOFTWARE\X64\DYMOLABELFRAMEWORKIEPLUGIN.DLL, ulDesiredAcces = 0xa1 - [cnttmnts_AegisActivityMonitorHandler.cpp(3667)] 2018 04/17 07:42:43 [0a78 : 13a8] (00) (D) [-REAL-][ntrtscan.exe]GetProcessPathFromPid - Failed to open process (4), Windows error = 5 - [cnttmnts_TmNTMain.cpp(13546)] ... 2018 04/17 07:42:43 [0a78 : 13a8] (00) (D) [-REAL-][ntrtscan.exe]CTrendXFileHandler::HandleScriptHostInterestedFileEvent - >>> PID = 4, wstrFilePath = C:\PROGRAM FILES (X86)\DYMO\DYMO LABEL SOFTWARE\X64\DYMOLABELFRAMEWORKIEPLUGIN.DLL, ulDesiredAcces = 0xa1 - [cnttmnts_AegisActivityMonitorHandler.cpp(3667)] 2018 04/17 07:42:43 [0a78 : 13a8] (00) (D) [-REAL-][ntrtscan.exe]GetProcessPathFromPid - Failed to open process (4), Windows error = 5 - [cnttmnts_TmNTMain.cpp(13546)] 2018 04/17 07:42:43 [0a78 : 13a8] (00) (D) [-REAL-][ntrtscan.exe]CLocalFileEvetFilter::IsScriptHost - <<< ret:[0] - [filetimeManager.cpp(1894)]
In CCSF_DebugLog.log:
2018/04/17 08:58:30.700,[07344:05648],[INFO],[Plugin Census], OnAccessEvent(): CreateProcess received. ImagePath=C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe,[Census_Impl.cpp(1634)] 2018/04/17 08:58:30.700,[07344:05648],[INFO],[Plugin Census], ==> CEngineCensus::IsWantedProcess,,[Census_Impl.cpp(4235)] 2018/04/17 08:58:30.700,[07344:05648],[WARNING],[Plugin Census], evtreport->ProcessEvent.CommandLine is nullptr.,[Census_Impl.cpp(4150)] 2018/04/17 08:58:30.700,[07344:05648],[INFO],[Plugin Census],
Isolation Procedure
- Disable Predictive Machine Learning on the target machine and check if it will make a difference.
- On the OfficeScan Server, log-in to Management Console.
- Go to Agents > Agent Management > Select the problematic machine > Settings > Predictive Machine Learning Settings.
- Uncheck Enable Predictive Machine Learning.
- Save the changes.
- If disabling Predictive Machine Learning remediates the issue, please try the solution below:
- On the OfficeScan Server, navigate to C:\Program Files (x86)\Trend Micro\OfficeScan\PCCSRV.
- Back up ofcscan.ini.
- Edit the original ofcscan.ini.
- Add the following line in the [Global Setting] section of ofcscan.ini.
ChannelLevel=0
1, enables the TrendX Non-Critical channel0, disables the TrendX Non-Critical channel
Non-critical channel is only for Portable Executable file, example of which are EXE, DLL, SYS (device driver)
- Save the changes.
- On the OfficeScan Server, log-in to Management Console.
- Go to Agents > Agent Global Settings > Click Save at the bottom.
Solution
Request Hot Fix Build 4417 from Trend Micro Technical Support.
