This article lists down the known issues in WFBS 7.0 SP 1.
Below is the list of known issues in WFBS. Click on the categories below for the details:
- When using Remote Install to install the Security Agent, note the following:
- The Windows system service "Server" must be running.
- Windows XP Home Edition is not supported.
- On Windows XP computers, Simple File Sharing must be disabled.
- On Windows Vista and Windows 7, the Remote Registry service must be running and the computer must allow File and Printer Sharing through the firewall on Windows.
- To completely reinstall or upgrade the Security Agent, you will need to restart the computer. Restarting is also necessary when updating some components including the firewall and the proxy drivers.
- After installing the Security Agent on a computer with Internet Information Services (IIS) 7.0, you need to restart the IIS service. IIS 7.0 may not work as expected with the Security Agent, which uses the Windows Filtering Platform, until it is restarted. This issue only occurs on Microsoft Windows 2008 without Service Pack 2.
- You cannot run the Autopcc.exe, the login script, and the Client Packager from a terminal session.
- The Trend Micro Web Protection Add-On may conflict with the Security Agent and must be removed before the Security Agent is installed.
- To use Trend Micro Vulnerability Scanner (TMVS) to deploy the Security Agent, you need to run TMVS on a computer running Windows Server 2003 or Windows Server 2008. TMVS does not support terminal sessions.
- Performing an iAU update through authenticated Proxy Server setting requires ISA 2004 SP3 or later.
- By default, there are multiple UiSeAgnt.exe processes on the Terminal Server for each RDP connection. These processes consume memory resource. To reduce the memory usage on memory-critical machines, administrators can manually set the maximum number of visible UiSeAgent from the registry. Open the Registry Editor and set the following values:
Always create a backup before modifying the registry. Incorrect registry changes may cause serious issues. Should this occur, restore it by referring to the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient\0\Install
Data: 1Once done, restart the Security Agent.
- The Security Server sends notifications for all triggered events whenever the Trend Micro Security Server Master Service is restarted.
- The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:
- HTTP: 8059
- SSL: 4343 and 4345
- If an Internet connection problem occurs during the Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem or the installer might freeze. A stable Internet connection is required during installation.
- During Security Server install/upgrade, Trustedinstaller.exe may occupy CPU usage up to 50 percent.
- One-time and scheduled reports only support HTML format in Internet Explorer 9.
- The manual scan process bar is not fully synchronized with the scan mechanism based on the scanned files count.
- Trend Micro recommends accessing the web console from computers that do not have adware installed. If Hotbar or other adware is installed, ActiveX errors may occur when accessing certain console screens.
- Trend Micro recommends setting Internet Explorer to Medium (or lower) security levels when accessing the web console. Higher security settings may block necessary ActiveX controls.
By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.
- Behavior Monitoring fully supports 32-bit operating systems; for 64-bit operating systems, only Vista x64 SP1 and later are supported.
- Device Control fully supports 32-bit operating systems; for 64-bit operating systems, only Vista x64 SP1 and later are supported.
- When Device Control Network Resource privilege of Device Control is set to "No Access", computers with 32-bit operation systems can still browse network folders.
- Machines with 64-bit operation systems will not be able to browse network folders because of limitations resulting from Windows behavior.
- Selecting or deselecting Security Settings > <group> > Enable Behavior Monitoring automatically restarts the Security Agent. This action terminates all current tasks (scanning or updating). Trend Micro recommends changing the Enable Behavior Monitoring setting only during non-work hours
- Client users can bypass URL filtering restrictions by changing the local time on their computers.
- Instant messaging software automatically logs users off when the Security Agent starts or stops.
- Instant Messenger Content Filtering does not work when the messenger connects to the network through a proxy server.
- Instant Messenger Content Filtering does not support AIM and MSN 2011.
- After Continue Browse is clicked, it may still be blocked again on slow computers.
- In an unstable network environment, the Trend Micro Web Reputation server may pass a website without filtering.
- Switching scan methods may require a full pattern file download which can slow traffic on the network.
- Threats contained in an unknown file can pose a risk to the client if the agent cannot access the Smart Scan service on the Security Server.
- When uninstalling the firewall driver, the client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).
- The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.
- On VMware clients, the Security Agent firewall may block all incoming packets. To address this issue, add the following value to the client's registry:
Always create a backup before modifying the registry. Incorrect registry changes may cause serious issues. Should this occur, restore it by referring to the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient\1600\PFW
- The firewall does not support IP version 6.
- When Web Reputation Service is disabled, the Trend Micro Toolbar does not work.
- Trend Micro Anti-Spam Toolbar does not support Windows Live Mail 2011.
- The MSA only supports typical installations of Exchange Server 2007 and 2010 that include the Hub Transport, the Mailbox, and the Client Access server roles.
- The MSA cannot be installed on a Windows EBS 2008 computer with the Exchange Server 2007 Edge Transport server role.
- As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.
- During MSA installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the MSA if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.
- When installing MSA remotely, using the web console or the WFBS Advanced installer on a computer running Windows Server 2008, SBS 2008, or EBS 2008, you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.
- Data Loss Prevention is only supported on Exchange 2007 (64- bit) and Exchange 2010 (64-bit).
- ERS is an online hosted service and its activation takes about eight hours.
- The Mac client cannot activate if the parent server firewall enables without adding port 61617 to the exception list.
- Java JRE which is necessary for TMSM installation cannot be auto-installed in 2008 platforms.
- After the Mac client is uninstalled, the entry will not be removed from the TMSM console.
- After TMSM is uninstalled and reinstalled again, the Mac client cannot register; only theWFBS client can.