Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

"Protection At Risk" error appears during upgrade due to inconsistent binary files in Apex One

    • Updated:
    • 5 Mar 2021
    • Product/Version:
    • Apex One All
    • Apex One as a Service
    • Platform:
Summary

This article explains the "Protection At Risk" error that appears when upgrading Apex One agent machines.

Details
Public

The error appears on the agent machines when the main Apex One process ntrtscan.exe crashes.

This issue is related to the TmCCSF file being inconsistent with the current agent patch level. This can happen when the affected file was not properly upgraded during the agent patch installation pushed by the local server or update agent, due to a failed overwrite because the file may have been locked by some other processes.

Event Viewer Log

The System event viewer logs record the crash of ntrtscan.exe in relation to the issue at hand. Upon checking Services.msc, the ntrtscan is not running:

Log Name:      Application
Source:        Application Error
Event ID:      1000
Task Category: Application Crashing Events
Level:         Error
Keywords:      Classic
User:          N/A
Description:
Faulting application name: ntrtscan.exe, version: 14.0.0.2062, time stamp: 0x5e3934f0
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1770, time stamp: 0x59bf2ba6
Exception code: 0xe06d7363
Fault offset: 0x0000000000033c58
Faulting process id: 0x28a4
Faulting application start time: 0x01d5f2c7a9fc09e4
Faulting application path: C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Faulting package full name: 
Faulting package-relative application ID:

Upgrade Log

The upgrade log indicates that the the agent upgrade cannot modify the file, so it skips the said file and proceeds to the next:

[RenameFileForAccessViolation] ===> 
[RenameFileForAccessViolation] Check if [C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll] is opening by other process.
[RenameLockPossibleFile] Create file handle [C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\TmBpIe64.dll] with write success. Should not be the cause.
[RenameFileForAccessViolation] <=== 
[RenameFileForAccessViolation] ===> 
[RenameFileForAccessViolation] Check if [C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll] is opening by other process.
[RenameLockPossibleFile] Create file handle [C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll] with write success. Should not be the cause.
[RenameFileForAccessViolation] <=== 

To resolve the issue:

  1. Verify if the Apex One Server is running the latest patches.

    You may check the latest patches available for the product in the Apex One Patch Download Center Portal.

  2. Ensure that the agent's update privilege is set to "All Components".

    For more information, refer to this article.

  3. Initiate the update from the agent side and confirm if the update is successful.
  4. Verify if the following agent files have the same build as the ones on the server side:

    [C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\]libCCSF_ClientLibrary.dll 14.0.0.xxxx
    [C:\Program Files (x86)\Trend Micro\OfficeScan Client\] CCSF_X64.zip 14.0.0.xxxx

Premium
Internal
Partner
Rating:
Category:
Troubleshoot; Upgrade; Update
Solution Id:
000285830
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.