Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Opportunistic locks (oplocks) issue in Deep Security

    • Updated:
    • 11 Sep 2015
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security as a Service 2.0
    • Platform:
    • Windows 2008 Server R2
    • Windows 7 32-bit
    • Windows 7 64-bit
Summary
An oplocks issue in Deep Security prevents scanning of files copied from Server Message Block (SMB) share into Windows 7 and Windows 2008 R2 computers.
This article discusses the issue and solutions that can be implemented.
Details
Public
Since the release of Windows 7 and Windows 2008 R2, there have been multiple changes in the NTFS architecture to improve performance. One of these changes include "opportunistic locks" (oplocks). For more information on oplocks, refer to this Microsoft article: What's New in NTFS.
Cause
Due to the current limitations in VMware vShield Endpoint and AMSP 2.1, this new NTFS architecture means that we cannot scan in real-time files coming from SMB share that are copied over to Windows 7 and Windows 2008 R2 computers. Manual scan and scheduled scan however are not affected by this limitation.
Who are affected
These three conditions need to be met to be affected by the oplocks issue:
Windows 7 and Windows 2008 R2 computers
Deep Security 8.0 Agent-Less or Agent Based Anti-Malware Protection feature is being used.
Anti-Malware Real-Time Scan is configured in write-only mode.
Workaround for Agent-based protection
Trend Micro is currently working on a permanent solution. For the meantime, change the Anti-Malware Real-Time Scan mode from Write-only to Read/Write to address the problem.
Solution for Agent-less protection
DS 8.0 SP2 DSVA release now includes the functionality to detect malware under the above conditions.  Please contact VMWare and ask for End Point driver version 5.1.0.1-8225062.  Without the correct VMWare driver the Trend Micro Agentless appliance will continue to function normally but will not detect viruses written to those shares in some cases when write only mode is used. Note that this issue does not apply when read or read/write modes are used because the virus will always be detected when it is accessed.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1060663
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.