If the server uses HTTPS to communicate with the agent, but the agent Tmlisten.exe process uses HTTP, then it will fail to communicate.
The server sends the “Client Hello” to the agent to negotiate the SSL, because the agent listens with HTTP protocol, it thinks this is not an HTTP packet, so responses “HTTP1.1 400 bad Request”.
On the other hand, if the server uses the HTTP to communicate with the agent, but the agent Tmlisten.exe process uses HTTPS, then it will fail to communicate.
The server sends the “http://agent-IP-address:port/?CAVIT” to the agent because the agent listens with HTTPS protocol. It thinks this is not an HTTPS packet, so it will wait for the correct HTTPS packet, then it will timeout and close this connection.
To fix the issue, do the following:
-
On the Server, check/add the parameter in the ofcscan.ini
[Global Setting]
UseSocketHTTPAdapter = 0 - Go to the server's web console. Go to Agents > Global Agent Settings then click the Save.
- Go to the agent, run Update Now to force the agent to sync up the setting to the server.
-
On the agent, check the registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion]
UseSocketHTTPAdapter=0 - To verify if the issue has been resolved, run the SATA tool on the agent again.