Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Think-Cell gets detected by Behavior Monitoring and blocked in Apex One

    • Updated:
    • 25 Jun 2021
    • Product/Version:
    • Apex One
    • OfficeScan All
    • Platform:
Summary

Sometimes, OfficeScan or Apex One will falsely block Think-Cell from running in Excel. This is caused by Behavior Monitoring’s Anti-Exploit IAT protection.

If this is occurring, you can disable a feature of Anti-Exploit detection to allow Think-Cell to run.

Details
Public

Before moving forward with the steps, We would highly recommend that the Apex One agent's settings are configured to the Best Practice Guide for malware protection.

To resolve this issue:

  1. Add the following registry key on one of the affected agents to allow thinkcell to get allow through apex agent check:

    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS]
    "SysUmExploitDefault"=DWORD:FFFFFEFF

    Please add Wow6432node to the path if it is a 64-bit machine):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\AEGIS]
    "SysUmExploitDefault"=DWORD:FFFFFEFF

  2. Restart the agent.

In case you have issues when inserting a Think-Cell chart or try to open the internal datasheet of an existing chart, you may do the following:

  1. Ensure that the Apex One server is up-to-date. Check Trend Micro Download Center for the latest patch.
     
    For Apex One as a Service concerns, please contact Trend Micro Technical Support.
     
  2. On the Apex One server, navigate to ..\TrendMicro\OfficeScan\PCCSRV\.
  3. Open the "ofcscan.ini" file.
  4. Under the "Global Setting" section, manually add the following key and set its value:
    [Global Setting]
    UnregUMHEventList=147
  5. Save the changes, and close the file.
  6. Open the Apex One web console and go to Agents > Global Agent Settings.
  7. Click Save to deploy the setting to agents.
     
    The changes may take some time to be received by all agents. Performing a manual update will force the agents to get the configuration changes.
     

If the issue persists, refer to Troubleshooting Behavior Monitoring exploit detection issues in Apex One, OfficeScan, and Worry-Free Business (WFBS).

Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot
Solution Id:
000267033
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.