Process | Description |
---|---|
Common Client Solution Framework (TMCCSF.exe) For WFBS 9.0 only. | This service is responsible for Browser Exploit Solution (BES) and Ravage (Memory Scan for real-time scan) functionality. |
SA Monitor (PccNTMon.exe) | This component is responsible for interfacing with the client user. It is responsible for:
This is done as part of auto-proxy detection functionality. IE settings can be used for Internet connectivity for Web Reputation Service and Active Update functionality. |
SA Console (PccNT.exe) | This is the CSA Console program. PccNTMon.exe calls this process to display the CSA information in the Security Dashboard and execute modified user settings on client computers. |
Plug-in Manager (AosUImanager.exe) | AosUImanager.exe is responsible for interfacing with the server-side Plugin Manager component. |
Trend Micro Security Agent Listener (TmListen.exe) | This service is responsible for receiving commands and notifications from the server. TmListen, as the service is sometimes called, is responsible for the following functionality:
|
Trend Micro Security Agent Real-time Scan (NTRtScan.exe) | This service is responsible for Manual, Scheduled, and Real-time scan function. NTRtScan performs scan in the following order:
|
Trend Micro Security Agent Proxy Service (TmProxy.exe) | This service is responsible for Web threat security and POP3 scan functionalities. TmProxy is responsible for receiving HTTP connections that the Trend Micro TDI driver intercepts as part of Web threat functionality. Upon receiving information about the connection, TmProxy uses the URL filtering engine to obtain a credibility rating, from Trend Micro, for the Web site that is being accessed. Depending on the rating that is returned, TmProxy can block or permit access to the site. |
Trend Micro Security Agent Firewall (TmPfw.exe) | This service is responsible for client firewall functionality. |
Trend Micro Unauthorized Change Prevention Service (TMBMSRV.exe) | This service is responsible for the AEGIS module. |
Security Server
Process | Description |
---|---|
OfcService.exe | The Master Service, or OfcService.exe, is the central management component of WFBS network. It processes commands to and from the agents and the console. Through this service, the following functionalities are provided for the MSA and CSA:
|
Dbserver.exe | This process is the only WFBS component that interfaces with the database. When the Security Server receives information from the CSA, such as the version of its update components, it sends this information to Dbserver.exe. The Dbserver.exe then modifies the client record on the database in order to reflect the updated component information for the client. |
iCRCService.exe | The Smart Scan Service, or iCRCService.exe, is the master service for the Integrated Smart Scan Server. It handles communication between a client's iCRCHandler and the server's activities. Stopping the Security Server Master Service simultaneously stops iCRCService.exe. |
OfcAoSMgr.exe | The Plug-in Manager Service prepares token-value pair, enumerates plug-in information, and specifies the user interface control. |
Client/Server Security Agent (CSA)
Process | Description |
---|---|
AMSP_LogServer.exe | AMSP_LogServer.exe generates logs about framework functionality and internal AMSP components. It complements the debugging mechanisms that are built into the individual core technology modules. It relies on three INI files to determine the amount of information that it will record for the different AMSP components:
|
coreFrameworkHost.exe | Aside from communicating with coreServiceShell.exe, coreFrameworkHost.exe also acts like a watchdog process for coreServiceShell.exe. When the latter terminates abnormally, coreFrameworkHost.exe will perform the following recovery tasks:
|
coreServiceShell.exe | Aside from being the interface for the Service Control Manager, coreServiceShell.exe also serves as the entry point for the whole AMSP framework. It is responsible for the overall management of the framework's components, including core modules and plug-ins. It also determines which AMSP modules to load by referring to the encrypted configuration file component_info.cfg, which is stored in %ProgramFiles%\Trend Micro\AMSP by default. |
TmListen.exe | This process is responsible for the following functionalities:
|
uiSeAgnt.exe | A component of UniClient, uiSeAgent.exe is also referred to as the Session Agent. It is the process for the Security Agent's task tray application and is responsible for the following tray properties: icon, tooltips (including balloon tooltips), and menus. Upon receiving a right-click event, uiSeAgent.exe provides the user with a menu that includes options to:
The Session Agent also monitors certain event changes for a user's session including:
Note: The status of uiSeAgent.exe, whether running or not, does not affect the protection status of Security Agent. |
uiWatchDog.exe | Another component of UniClient, uiWatchDog.exe is mainly responsible for ensuring that the uiSeAgent.exe process is always running. The watchdog monitors the exit code of the Session Agent. In the event that the latter process terminates with an exit code not equal to 0 (an indication of an abnormal termination), uiWatchDog.exe will attempt to reload uiSeAgent.exe. |
uiWinMgr.exe | The client main console uiWinMgr.exe runs whenever the user console is launched. |
Messaging Security Agent (MSA)
Process | Description |
SMEX_Master.exe | This is the main component of MSA, which handles all the major processing inside the product. |
SMEX_RemoteConfig.exe | This provides the user identity and the mechanism for configuration replication between MSA systems. |
SMEX_SystemWatcher.exe | This acts as a watchdog program for monitoring the status of ScanMail system. SMEX_SystemWatcher.exe is the process level equivalent for this service. |
EUQMonitor.exe (Not available in Junk Email Integration) | The End User Quarantine (EUQ) is a Trend Micro module responsible for moving spam messages to a user's spam folder. |