Views:

To collect debug log information:

Apply one of the following patches to update SAEGIS >= 2.976.2226 and tmsysevt >= 7.0.1169:

  • OfficeScan XG SP1 Patch 5400 or later
  • OfficeScan XG Patch & WFBS 9.5 Patch TBD

The dump can be collected by following the details in this section. If you are unable to apply the patches, please contact Trend Micro Technical Support directly for further assistance.

 

For checking the component:

  • BM folder location: %ProgramFiles%\TrendMicro\BM (x86 OS) / %ProgramFiles(x86)%\TrendMicro\BM (x64 OS)
  • SAEGIS - Check BM folder
  • tmsysevt - Check BM\Eyes\ folder
  1. Stop the agent.
  2. Set the following registry key:

    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS]
    EnableExploitDump=DWORD:00000001

  3. Start the agent.
  4. Replicate the issue.

    The dump file can be found in the BM\Debug folder.

  5. Stop the agent.
  6. Remove the registry key from Step 2.
  7. Start the agent.

Please contact Trend Micro Technical Support directly for further assistance.

  1. Use the Case Diagnostic Tool (CDT) and check “Collect AEGIS debug information”.

    CDT

  2. Once debug mode is enabled by CDT, reproduce the issue and confirm when the detection was triggered again.
  3. Stop CDT debug mode and collect the compressed log package.
  4. Provide feedback to Trend Micro Technical Support.
Keywords: exploit detection,exploit detection issue,officescan detected a behavior monitoring policy violation and blocked the offending process(es),threats/violations found,malicious behavior detections