You encountered a false detection after updating the Behavior Monitoring pattern. As a temporary workaround, you need to roll back the pattern file.
Example of Behavior Monitoring pattern version:
- New version = 1.331
- Old version = 1.330
To do a rollback:
- Open the ..\PCCSRV\Download\server.ini file using Notepad.
- Change the following entry:
From:
P.48040023=pattern/tmtd_en_133100.zip, 133100, 44232
P.48040082=pattern/tmtd64_en_133100.zip, 133100, 44729
To:
P.48040023=pattern/tmtd_en_133000.zip, 133000, 43920
P.48040082=pattern/tmtd64_en_133000.zip, 133100, 43529
P.48040023=pattern/tmtd_en_133000.zip, File_Version, ZIP_FileSize
Compress the roll back pattern into a zip file then check the file size (bytes) of the compressed file.
Modify P.48040023 and P.48040082 both for 32-bit and 64-bit pattern.
- Save and close the file.
- Go to the ..\PCCSRV\Download\Pattern\ directory, and copy tmtd_en_133000.zip and tmtd64_en_133000.zip.
- 5. Paste and extract tmtd_en_133000.zip and tmtd64_en_133000.zip to the ..\PCCSRV\Admin directory, and replace the existing tmtd.ptn.
- Copy the tmtouch tool from the ..\PCCSRV\Admin\Utility\Touch directory to the ..\PCCSRV \Admin folder.
-
Open the command prompt and run the following command under ..\PCCSRV \Admin> directory:
tmtouch tmtd.ptn
tmtouch tmtd64.ptn - On the target clients, run Autopcc.exe using command prompt to get the older pattern file:
\\<OfficeScan server IP>\ofcscan\autopcc.exe
