Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Hot fixes and enhancements included in OfficeScan 10.6 SP3

    • Updated:
    • 2 Dec 2016
    • Product/Version:
    • OfficeScan 10.6
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Server Core
    • Windows 2008 Standard
    • Windows 2012 Enterprise
    • Windows 2012 Web Server Edition
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

Know the previous hot fixes and enhancements that are already included in OfficeScan 10.6 Service Pack 3 (SP3).

Details
Public

The solution details for every hot fix in this article are included in the latest version of the readme. file.

Hot fix solutions for 10.0 SP1
22813007.130383059307730873096
Hot fix solutions for 10.5
1227.120292076209021632182
221422482253226022672271
227222812282228422902293
229522962318231923282337
233923422350235423572382
2387239024612776
Critical patch solutions for 10.5
2383
Hot fix solutions for 10.6
112412411251128112911293
130213121320132313301338
133913571358136413701371
1388
Hot fix solutions for 10.6 SP1
217021772180.1219322122216
240924132426244624482456.1
246124672476.1247724782478.1
2480.124832483.1248624872489
2490249324972497.125002501
250325042507251225132517
251825242527252825312532
253325342538253925412549
255525602561256225632564
256625682569257025712573
257425782579258025832597
2600
Hot fix solutions for 10.6 SP2
322432283231323332343235
323632383240324932513254
3258326132633263.132673272
327332743281328232833287.1
328832893290329132923293
329432963299330133033306
330733103311.1332033283334
334133593372338133843395
34073418
Critical patch solutions for 10.6 SP2
32363374
Hot fix solutions for 10.6 SP1 Custom Defense Pack
3864

The solution details for every hot fix in this article are included in the latest version of the readme. file.

Hot fix 2281

Issue: When the OfficeScan client "TSC.exe" process detects a violation, the generated logs do not follow the standard VSAPI format. This prevents Trend Micro Control Manager(TM) from displaying these virus logs properly.

Hot fix 3007.1

Issue 1: The OfficeScan Web Reputation function causes Microsoft(TM) Outlook(TM) Web Access to work slowly.

Issue 2: On Microsoft Windows(TM) environments, users may encounter an application error when the OfficeScan NT Firewall service does not stop properly while the computer is shutting down.

Issue 3: When the file input/output (I/O) task is intercepted by other applications, the real-time scan will not be able to perform the scan task and no error message is triggered.

Issue 4: After the client logs on and off, "OfcPfwSvc_64x.dll" creates an incorrect logon username for the debug log. When the debug log function calls this parameter, the OfficeScan agent stops unexpectedly.

Issue 5: Outlook stops responding when launched on computers running the OfficeScan Behavior Monitoring service.

Issue 6: An error message is generated in the Web server log file when an OfficeScan client performs updates. This issue occurs because during updates, the OfficeScan client attempts to download the "ini_xml.zip" file from the OfficeScan server but this file is not in the OfficeScan server and is not used by OfficeScan.

Issue 7: The Self-Protection feature of the OfficeScan client cannot prevent attacks from malicious programs. The system terminates the Real-time Scan service of the OfficeScan client when this situation occurs.

Hot fix 2448, Hot fix 3038, Hot fix 2776

Issue: Sometimes, OfficeScan clients that should require a password to uninstall no longer requires the password and can be successfully uninstalled using a particular command.

Hot fix 3077

Issue: When Microsoft(TM) Internet Explorer(TM) uses the PAC proxy setting to connect to the Internet and the proxy server name is set to "DIRECT", it should connect directly to the Internet without any proxies. However, under this situation, the Web Reputation Service (WRS) treats "DIRECT" as the actual proxy server name. This can prevent OfficeScan clients from connecting to the Internet.

Hot fix 3087

Issue: The "Scan" button on the "Manual Scan" page of the OfficeScan client console does not have shortcut attributes.

Hot fix 3096

Issue: During an update, the OfficeScan client iCRC Handler may send out smart filter update requests repeatedly when it cannot access a read-only file. This causes it to use up more network traffic than necessary.

Hot fix 1227.1

Issue: OfficeScan clients cannot receive settings or updates because the update source is not configured properly.

Hot fix 2029

Issue: The computer may stop unexpectedly while the OfficeScan client scans files in "Smart Scan" mode. This issue occurs when the OfficeScan client cannot connect with the Smart Scan server

Hot fix 2076

Issue: An error message is generated in the Web server log file when an OfficeScan client performs updates. This issue occurs because during updates, the OfficeScan client attempts to download the "ini_xml.zip" file from the OfficeScan server but this file is not in the OfficeScan server and is not used by OfficeScan.

Hot fix 2163

Issue: When the OfficeScan NT Listener service (TmListen.exe) cannot connect to a Web Reputation Service (WRS) server because of a connection timeout issue, the Listener service does not attempt to search for and connect to another available WRS server.

Hot fix 2182

Issue: The "View status page" option under "View Top 10 Security Risk Statistics" in the "Summary" page of the Web console is not grayed-out even when the current user does not have the necessary permissions to view the "Status" page. By design, users can access the status page from the client tree or the "Summary" page.

Hot fix 2214

Issue 1: An unload password is required to unload an OfficeScan client. However, a vulnerability may allow malicious programs to retrieve a particular client's unload password or bypass the password authentication process.

Issue 2: To prevent network disconnection, when OfficeScan disables the firewall, it only stops the firewall but does not remove the service and driver. The "RmvPFWifDisabled" setting should allow OfficeScan clients to remove the firewall service and driver when the firewall is disabled.

However, when the firewall is disabled in the "Product License" page of the OfficeScan server console, an OfficeScan client cannot remove the OfficeScan NT firewall service and driver even when "RmvPFWifDisabled =1" is set in the client.

Hot fix 2260

Issue: When NIC card is disconnected LAN cable, the Window Security Center warning message appears to say OfficeScan Firewall is disabled. It is because OfficeScan Firewall will be disabled when it cannot get any IP address.

Hot fix 2267

Issue 1: During remote installation, a program return error prompts the OfficeScan client to use the default client installation path even after users have specified another client installation path.

Issue 2: An OfficeScan client that is assigned the Update Agent role may become a normal client after a scheduled update.

Hot fix 2271

Issue: When certain issues occur on the OfficeScan database, such as when the database does not exist, the OfficeScan Master Service deletes the corresponding user account (TM_OSCE_) and recreates it. However, the OfficeScan Master Service does not delete the corresponding directory with the account.

Hot fix 2272

Issue: Driver conflict between an OfficeScan 10.5 Patch 4 component and a third-party software (LANDesk Endpoint Security) causes BSOD.

Hot fix 2281

Issue: When users run the "Svrsvcsetup.exe" tool to re-create IIS virtual directories in OfficeScan servers where the OfficeScan Plug-in Manager is installed, an issue prevents the OfficeScan web console from displaying the "Summary" and "Plug-in Manager" pages correctly. This can then prevent the tool from re-creating IIS virtual directories successfully.

Hot fix 2282

Issue: An unload password is required to unload an OfficeScan client. However, a vulnerability may allow malicious programs to change a particular client's unload password.

Hot fix 2284

Issue: When the Device Control settings are entered in to the database in the customer's environmnent, the OfficeScan Master Service may stop due to a buffer overrun.

Hot fix 2290

Issue: On some user environments, a process synchronization issue may allow OfficeScan to create duplicate domain entries in the OfficeScan database.

Hot fix 2293

Issue: After receiving new settings from the OfficeScan server, the client experienced a delay between clearing the exception folder settings and re-applying the new exception folder settings. This caused real-time scan to scan the exception folders.

Hot fix 2295

Issue: The OfficeScan client installed on computers running Windows XP can not detect malware located in the boot sector of a USB device when users log on Windows with a non-administrator account.

Hot fix 2296

Issue: According to Microsoft(TM) naming conventions (http://support.microsoft.com/kb/909264), DNS domain names can contain any number from 1 to 9 or a "-" character. However, users cannot input server names with top-level domain (TLD) names that use any of these characters.

Issue: On the OfficeScan proxy setting page, the server name field does not accept a fully qualified domain name (FQDN) if any of its parts is shorter than three alphanumeric characters.

Hot fix 2318

Issue: On the OfficeScan client console, when users drag and drop multiple shared folders for Manual Scan, Manual Scan skips the first shared folder and scans only one of the other shared folders.

Hot fix 2319

Issue: The "VSEncode.exe" tool decrypts quarantined files (.qtn) and restores these files to the original folders. While restoring files, this tool converts filenames using the multibyte character set (MBCS), however, this tool could not properly convert filenames that contain Unicode characters.

Hot fix 2328

Issue: The OfficeScan web console and online help page indicates that all of the OfficeScan client's self-protection features are automatically disabled in the OfficeScan server's platform. However, only the client's self-protection features on registry keys and processes are disabled automatically on the server platform.

Hot fix 2342

Issue: OfficeScan clients cannot scan network drives that use a UNIX-based system but converts their file systems to work like a Microsoft(TM) Windows(TM) file system.

Hot fix 2350

Issue: Depending on the OfficeScan client installation folder's security setting, the OfficeScan client may fail to take action against spyware when performing manual scan via OfficeScan client console. If the client performs another manual scan, the manual scan progress bar stops responding. (This issue does not occur in any method other than manual scan via OfficeScan client console )

Hot fix 2354

Issue: An interoperability issue between the Citrix driver (IVM.SYS) and the OfficeScan Behavior Monitoring driver can cause a blue screen of death (BSoD) on computers where both these drivers are installed.

Hot fix 2382

Issue: Using the client package to create the "Update Package" with the "ForceOverwrite" option enabled does not update the client package component. This situation occurs when the package was created from another server that manages the client.

Enabling the "ForceOverwrite" option results in the "-u" parameter of AutoPcc. In this case, AutoPcc does not check the "BypassServerChecking" parameter defined in the"ofcscan.ini" file, which causes this issue.

Hot fix 2387

Issue: The OfficeScan client update package only performs components update. However, there are circumstances when the OfficeScan client build version is lower than the version on the OfficeScan server (the server already installed updated hot fixes or patches).

When this situation occurs, when the OfficeScan client installs the update package, OfficeScan updates the client version, but it does not update any of the program files.

Hot fix 2461

Issue: When users attempt to install OfficeScan clients by remote installation using an account with administrator privileges, an error message appears to warn users that the account does not have administrator privileges.

Hot fix 1124

Issue: An error message is generated in the Web server log file when an OfficeScan client performs updates. This issue occurs because during updates, the OfficeScan client attempts to download the "ini_xml.zip" file from the OfficeScan server but this file is not in the OfficeScan server and is not used by OfficeScan.

Hot fix 1291

Issue: Sometimes, the OfficeScan Master Service stops unexpectedly while running a visibility update task on the Update Agent.

Hot fix 1323

Issue: On the OfficeScan client console "Manual Scan" page, users may not be able to view the items under each main item in directory or folder tree view.

Hot fix 1330

Issue 1: The OfficeScan Local Web Classification Server program encounters a memory leak issue.

Issue 2: An access violation to an unloaded binary's memory address may cause an application error and trigger the generation of the following system warning message in the Microsoft(TM) Windows(TM) Event viewer even when the Local Web Classification Service (LWCS) works normally:

Faulting application name: w3wp.exe,
version: 7.5.7601.17514, time stamp: 0x4ce7afa2
Faulting module name:
isapiLWCSProtocolModule.dll_unloaded,
version: 0.0.0.0, time stamp: 0x4dd3dad1
Exception code: 0xc0000005
Fault offset: 0x00000000017fcb43
Faulting process id: 0x978
Faulting application start time: 0x01ccc905092ebf57
Faulting application path:
c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: isapiLWCSProtocolModule.dll
Report Id: 5b015efa-35eb-11e1-bd55-00155d018f08

Hot fix 1357

Issue: "OfcService.exe" may stop unexpectedly while opening the Plug-in Service console. This occurs when the process attempts to accesses an address up to the corresponding sub-domain information while the plug-in service queries the domain data.

Hot fix 1358

Issue: On the OfficeScan client console, when users drag and drop multiple shared folders for Manual Scan, Manual Scan skips the first shared folder and scans only one of the other shared folders.

Hot fix 1364

Issue: On some Microsoft(TM) Windows(TM) 2003 platforms such as Windows 2003 Enterprise Service Pack 2 x86 and Windows 2003 Standard Service Pack 2 x86, the "Computer Name" field in Blocked Web Access Logs on the Smart Protection Server (SPS) console is blank. This issue occurs because the API used to query the computer name information in these platforms retrieves a null value.

Hot fix 1370

Issue: Hot fix 1258.1 updates the Trend Micro Unauthorized Change Prevention Service to version 2.95 which is not supported by OfficeScan clients running on OfficeScan 10.6 GM build. As a result, this service will not work on these clients.

Hot fix 1371

Issue: The Web Reputation Service (WRS) does not work after updating to OfficeScan 10.6 GM and Service Pack 2 because the list of approved web sites for WRS is not migrated during the upgrade.

Hot fix 1388

Issue: The link to outdated client status information is missing from the "Total client" field on the "Update Summary" page.

Hot fix 2426

Issue 1: Compliance reports incorrectly indicate that the 64-bit Behavior Monitoring Detection Pattern is 32 bit while the corresponding CSV output file indicates if the pattern is 32 or 64-bit which violates compliance specifications.

Issue 2: The OfficeScan summary page displays the wrong Virus Cleanup Engine (32/64-bit) and Spyware Scan Engine (32/64-bit) versions.

Hot fix 2446

Issue 1: OfficeScan clients receive several notification messages from the OfficeScan server to download a hot fix file and update more than 30 files in the OfficeScan client install directory which prompts these clients to perform the updates repeatedly.

Issue 2: The OfficeScan client stops unexpectedly while the TmListen, PccNT, or PccNTMon service starts.

Issue 3: When the OfficeScan client registry key "Hotfix" is empty, the OfficeScan client updates its firewall profiles repeatedly. This issue disrupts the network connection because OfficeScan clients are required to apply firewall profiles and disconnect from the network during each update.

Hot fix 2456.1

Issue 1: When Trend Micro Control Manager(TM) is redirected to the summary page of the OfficeScan Web console through single sign-on (SSO), "___SERVER_NAME___" is displayed on the title bar of the OfficeScan Web console's summary page instead of the server name.

Issue 2: When users add a new domain in the OfficeScan Web console, some garbage records are also added into the "dbclientextra" database table.

Issue 3: When users apply the "Spyware/Grayware Approve list" by selecting multiple subdomains, only the first subdomain and its child domain are deployed into policy tracking table.

Hot fix 2461

Issue: When users attempt to install OfficeScan clients by remote installation using an account with administrator privileges, an error message appears to warn users that the account does not have administrator privileges.

Hot fix 2467

Issue: An issue prevents version 6.0 of Trend Micro Control Manager(TM) from deploying 64-bit Behavior Monitoring Components to an OfficeScan(TM) server which is registered to it.

Hot fix 2480.1

Issue 1: The "TmListen.exe" service may stop unexpectedly while the OfficeScan client sends a log for a detected virus to the OfficeScan server. The corresponding event log shows a "0xc0000005" exception code.

Hot fix 2483

Issue: The TMNotify module sends SNMP messages without any IP address information and either displays "0.0.0.0" on the corresponding field or leaves it blank.

Hot fix 2486

Issue 1: The Trend Micro Early Boot Clean (TMEBC) driver may cause the system to encounter crash, hang, or perform repeated restarts on Windows platforms.

Hot fix 2487

Issue: The OfficeScan database table storing system event logs contains invalid memo data with the characters " \n ". This causes the OfficeScan master service to unsuccesfully parse event log data.

Hot fix 2489

Issue: A null pointer issue may cause the OfficeScan Master Service, "Ofcservice.exe", to stop unexpectedly.

Hot fix 2490

Issue: When OfficeScan creates a backup of the database to a UNC path, it uses multiple threads to back up each table. Each of these threads will establish a UNC connection and disconnect after completing its task. This can cause the database backup task to fail when a thread closes the connection while some other thread is still copying files.

Hot fix 2493

Issue 1: The Trend Micro Early Boot Clean (TMEBC) driver may cause the system to encounter crash, hang, or perform repeated restarts on Windows platforms.

Issue 2: The OfficeScan client installed on computers running Windows XP can not detect malware located in the boot sector of a USB device when users log on Windows with a non-administrator account.

Issue 3: The "Ntrtscan.exe" service may stop unexpectedly while the OfficeScan client performs a manual scan on a location with a path length that exceeds 260 characters.

Issue 4: The "TmListen.exe" service may stop unexpectedly while the OfficeScan client sends a log for a detected virus to the OfficeScan server. The corresponding event log shows a "0xc0000005" exception code.

Issue 5: After users enable the "Scan the boot sector of the USB storage device after plugging in" option in the Real- time Scan Settings and configure the "custom action" (real-time scan/manual scan/schedule scan) setting in the OfficeScan client user interface, the client setting is not applied to the database correctly. This occurs because the "custom action" setting reverts to the default value after users perform a manual update from the OfficeScan client.

Hot fix 2497

Issue: When the OfficeScan client "TSC.exe" process detects a violation, the generated logs do not follow the standard VSAPI format. This prevents Trend Micro Control Manager(TM) from displaying these virus logs properly.

Hot fix 2497.1

Issue 1: The OfficeScan Master Service process (ofcservice.exe) stops unexpectedly while processing a corrupted virus log that exceeds the virus log size limitation of 635 KB.

Issue 2: The OfficeScan Database Service (DbServer.exe) stops unexpectedly while the OfficeScan server handles the data of Update Agents.

Issue 3: Sometimes, the OfficeScan Master Service stops unexpectedly while running a visibility update task on the Update Agent.

Issue 4: The OfficeScan Master Service, "Ofcservice.exe", may stop unexpectedly while searching for clients by IP address on the OfficeScan web console. This can occur when the OfficeScan web console retrieves an invalid IP address from the database and attempts to access it.

Hot fix 2500

Issue: The number of entries for the Reference Server List is limited to 32.

Hot fix 2501

Issue: A fatal error occurs when Citrix Receiver(TM) starts on computers where Data Loss Prevention 5.6 SDK is also installed.

Hot fix 2504, 3407

Issue: The following error message appears when users attempt to upgrade OfficeScan through the OfficeScan Client Packager or "AutoPccP.exe":

"Unable to upgrade/update the OfficeScan client. At least one of the file cannot be replaced. Please try again."

This issue occurs because some backup files in the OfficeScan client temp folder have the same filename.

Hot fix 2506

Issue: On the OfficeScan client console "Manual Scan" page, users may not be able to view the items under each main item in directory or folder tree view.

Hot fix 2507

Issue: The OfficeScan client is unable to update components from an Update Agent or the OfficeScan server. The "7z.exe" process does not return a successful decompression after the process finishes. OfficeScan constantly waits for a successful return value, even though the process is already completed.

Hot fix 2513

Issue: During updates, an OfficeScan client's ActiveUpdate module may send a HEAD HTTP request to another OfficeScan client that acts as the update agent which then processes HTTP requests through its TmListen module. Since the TmListen module can handle GET HTTP requests only, a parsing error occurs. Under this situation, the TmListen service is set to wait for 10 seconds before acting on the HEAD HTTP request. This can then cause the updates to stop responding.

Hot fix 2518

Issue: The OfficeScan DbServer process stops unexpectedly from time to time and uses over 1 GB of memory.

Hot fix 2524

Issue: The OfficeScan Real-time Scan process unexpectedly stops. This occurs because the length of the exclusion folder or folder is equal to 260 characters causing buffer overflow.

Hot fix 2527

Issue: In the installation procedure of OfficeScan server, users can select to install the Integrated Smart Protection Server (ISPS) or not. After OfficeScan server has been installed, users cannot install or uninstall the ISPS.

Hot fix 2528

Issue: Newly-configured Web Reputation settings cannot be deployed and applied on OfficeScan clients that users have configured to use an update agent to update the domain settings.

Hot fix 2532

Issue: Enabling the OfficeScan client global setting "Add Manual Scan to Windows shortcut menu" allows users to trigger Manual Scan by right-clicking the Microsoft(TM) Windows(TM) icon and selecting "Scan with OfficeScan Client" from the Windows shortcut menu. However, when triggered using this method, Manual Scan scans the network drive even when it is configured to skip the network drive.

Hot fix 2533

Issue 1: After upgrading to OfficeScan 10.6 Service Pack 1, the AEGIS module may block some programs that are in its exception list.

Issue 2: Under certain conditions, the AEGIS driver interrupts VSAPI scans and can either cause the OfficeScan client's performance to slow down.

Hot fix 2538

Issue 1: An interoperability issue between the Citrix driver (IVM.SYS) and the OfficeScan AEGIS driver can cause blue screen of death (BSoD) on computers where both these drivers are installed.

Hot fix 2539

Issue: The OfficeScan client TmListen service stops unexpectedly while sending Trend Micro Data Loss Prevention(TM) logs to the OfficeScan server.

Hot fix 2541

Issue: Since the release of OfficeScan 10.6 Service Pack 1, 64-bit OfficeScan clients can support the Behavior Monitoring Pattern. However, the corresponding information on the following four relevant Behavior Monitoring Pattern components on the Trend Micro Control Manager(TM) server are not updated and still use the original version numbers: 

  • Policy Enforcement Pattern Description
  • Behavior Monitoring Configuration Pattern
  • Policy Enforcement Pattern
  • Digital Signature Pattern

As a result, the reports that Control Manager generates contain outdated version numbers for the components listed above.

Hot fix 2549

Issue:Certain applications may crash unexpectedly when running on computers with both Data Loss Prevention 5.6 SDK and NVIDIA's CoprocManager (used for optimizing the power usage in specific dual graphic card environments) installed.

Hot fix 2560

Issue: OfficeScan clients installed on the same computer as Trend Micro Deep Security(TM) Agent 7.5 cannot report to the OfficeScan server.

Hot fix 2561

Issue: Setting the following registry key to the specified value in x64 platforms changes the way OfficeScan allocates memory which forces OfficeScan to attempt to store a 64-bit value in a 32-bit variable. This causes an access violation which can trigger the TmListen service to stop unexpectedly.

Path: HKLM\System\CurrentControlSet\Control\Session Manager
\Memory Management\
Key: AllocationPreference
Type: REG_DWORD
Value: 0x100000

Hot fix 2562

Issue: When two smart protection servers are configured for OfficeScan and OfficeScan cannot connect to the first smart protection server, it switches to the web reputation backup server instead of switching to the second smart protection server. This issue occurs because the retry function of the Web Reputation service modules, which is enabled by default, forces OfficeScan to access the web reputation backup server if it cannot connect to the target smart protection server within a specified number of attempts in a specified time period.

Hot fix 2563

Issue: An access permission issue prevents OfficeScan clients from accessing and scanning folders specified by UNC paths.

Hot fix 2564

Issue: When the Web Reputation Services is disabled in roaming mode, OfficeScan clients still regularly connect to the network to search for available Smart Protection Servers (SPS) to send Web Reputation queries to which can keep the network busy.

Hot fix 2566

Issue: When the Trend Micro Vulnerability Scanner detects that a machine does not have the OfficeScan client installed, it attempts a remote installation from the OfficeScan server. This process may encounter issues when performed on a limited bandwidth. A user requests for a way for the Trend Micro Vulnerability Scanner to perform OfficeScan client remote installation from Update Agents in this situation.

Hot fix 2568

Issue: "OfcService.exe" may stop unexpectedly while opening the Plug-in Service console. This occurs when the process attempts to accesses an address up to the corresponding sub-domain information while the plug-in service queries the domain data.

Hot fix 2569

Issue: In some environments, the OfficeScan server may not be able to register to Trend Micro Control Manager(TM) because the allotted buffer is insufficient to retrieve the adapter information.

Hot fix 2570

Issue: When users update OfficeScan 10.6 GM build to version 10.6 Service Pack 1 after applying a Trend Micro Unauthorized Change Prevention Service hot fix, Trend Micro Unauthorized Change Prevention Service x64 components are not installed during the upgrade.

Hot fix 2571

Issue: When Damage Cleanup Service (DCS) cleans a spyware during a real-time scan, a real-time scan log and a DCS log are generated. However, when users view the DCS logs on Trend Micro Control Manager(TM), the scan type field displays "Manual scan" which misleads users.

Hot fix 2573

Issue: The Web Reputation Services(TM) in OfficeScan clients automatically tag Web sites that are in the list of blocked URLs as "DANGEROUS", however, the Trend Micro Control Manager(TM) server may record these Web sites as "SAFE (3)" in the database.

Hot fix 2574

Issue: When using Microsoft(TM) Exchange(TM) Outlook(TM) Web Access, attachments uploaded from mapped network drives cannot be correctly checked by Data Loss Prevention clients.

Hot fix 2578

Issue: Under certain conditions, Microsoft(TM) Outlook(TM) 2007 stops responding when users attempt to attach a Microsoft Word, Excel, PowerPoint, or PDF file to a message by right-clicking the file and selecting the "Copy" and "Paste" options in succession.

Hot fix 2579

Issue: On computers where both Trend Micro Data Loss Prevention(TM) 5.6 SDK and Trend Micro bBox are installed, it may take a long time to open files encrypted by bBox, and Trend Micro Data Loss Prevention(TM) 5.6 SDK blocks users from saving sensitive content to these files.

Hot fix 2580

Issue: In component update logs, the "Update source" column does not show any information for the computer that served as the update agent for the specific component update.

Hot fix 2583

Issue: Newly-installed OfficeScan clients cannot retrieve firewall settings from the parent domain which can prevent these clients from registering to the OfficeScan server successfully.

Hotfix 2597

Issue: OfficeScan Unauthorized Change Prevention Service may consume a large portion of memory when accessing applications resulting in reduced performance.

Hotfix 2600

Issue: OfficeScan servers configured with proxy servers that require authentication to connect to the Smart Protection Network are unable to authenticate lengthy user account names causing Smart Feedback to be unable to send feedback.

Hot fix 3224

Issue: After the OfficeScan client upgrades to version 10.6 Service Pack 2, the TmLisen service may delete some update files immediately after downloading these from the OfficeScan server. As a result, some files may not be updated successfully.

Hot fix 3228

Issue: The OfficeScan Real-time Scan process unexpectedly stops. This occurs because the length of the exclusion folder or folder is equal to 260 characters causing buffer overflow.

Hot fix 3231

Issue: The security status of unreachable computers appears as "No Officescan client installed" in the OfficeScan server console's "Outside Server Management" screen.

Hot fix 3233

Issue 1: An interoperability issue between the Citrix driver (IVM.SYS) and the OfficeScan Behavior Monitoring Driver can cause blue screen of death (BSoD) on computers where both these drivers are installed.

Issue 2: When the OfficeScan client program runs with Behavior Monitor Core Service 2.95.1150 or later versions, the Behavior Monitor Core Service exception list may not work correctly.

Hot fix 3235

Issue: The Reference Server List on the OfficeScan web console is limited to 32 entries.

Hot fix 3236

Issue: The TMNotify module sends SNMP messages without any IP address information and either displays "0.0.0.0" on the corresponding field or leaves it blank.

Hot fix 3238

Issue: On some Microsoft(TM) Windows(TM) 2003 platforms such as Windows 2003 Enterprise Service Pack 2 x86 and Windows 2003 Standard Service Pack 2 x86, the "Computer Name" field in Blocked Web Access Logs on the Smart Protection Server (SPS) console is blank. This issue occurs because the API used to query the computer name information in these platforms retrieves a null value.

Hot fix 3240

Issue: A vulnerability issue in an OfficeScan kernel driver may allow an attacker to execute arbitrary commands within the kernel.

Hot fix 3249

Issue 1: When Trend Micro Control Manager(TM) is redirected to the summary page of the OfficeScan web console through single sign-on (SSO), "___SERVER_NAME___" is displayed on the title bar of the OfficeScan web console's summary page instead of the server name.

Issue 2: When users add a new domain in the OfficeScan web console, some garbage records are also added into the "dbclientextra" database table.

Issue 3: When users apply the "Spyware/Grayware Approved List" by selecting multiple subdomains, only the first subdomain and its child domains are deployed into the policy tracking table.

Hot fix 3254

Issue: Users cannot use a non built-in Microsoft(TM) Windows(TM) administrator account to query Trend Micro Data Loss Prevention(TM) (DLP) violation logs from the OfficeScan client console. This occurs because OfficeScan clients re-index the database while processing DLP log queries and this task will fail when the user account does not have the necessary permissions.

Hot fix 3258

Issue: Depending on the OfficeScan client installation folder's security setting, the OfficeScan client may not be able to take action against spyware when performing manual scan from the OfficeScan client console. If the client performs another manual scan, the manual scan progress bar stops responding.

Hot fix 3261

Issue: On computers running on the Microsoft(TM) Windows(TM) 8 platform, the performance of OfficeScan slows down after users enable the Web Reputation feature.

Hot fix 3263

Issue: Setting the following registry key to the specified value in x64 platforms changes the way OfficeScan allocates memory which forces OfficeScan to attempt to store a 64-bit value in a 32-bit variable. This causes an access violation which can trigger the TmListen service to stop unexpectedly.

Path: HKLM\System\CurrentControlSet\Control\Session Manager
\Memory Management\
Key: AllocationPreference
Type: REG_DWORD
Value: 0x100000

Hot fix 3263.1

Issue: OfficeScan clients that are set to retrieve the domain settings from the Update Agent may receive incorrect Web Reputation Services (WRS) settings. When this happens, these OfficeScan clients are forced to apply the default WRS settings.

Hot fix 3267

Issue: The following error message appears when users attempt to disable the "Virus/Malware Infection Source" notifications in the OfficeScan server's "Client User Notifications" page and the corresponding notification message field is empty.

"The client alert message for the infection source must be between 1 to 1024 characters."

Hot fix 3272

Issue: On some user environments, a process synchronization issue may allow OfficeScan to create duplicate domain entries in the OfficeScan database.

Hot fix 3273

Issue: An exception error that occurs while the OfficeScan client's NT Listener service processes ZIP files causes the NT Listener service to stop unexpectedly.

Hot fix 3281

Issue 1: After clicking the root domain on the client tree, the "Number of clients" occasionally displays an incorrect value.

Issue 2: "DbServer.exe" may stop unexpectedly, cause a high CPU usage issue, or corrupt data.

Hot fix 3282

Issue: The OfficeScan DbServer process stops unexpectedly from time to time and uses over 1 GB of memory.

Hot fix 3283

Issue: OfficeScan cannot globally deploy settings controlled by registry keys that are over 256 characters long.

Hot fix 3287.1

Issue: By design, the OfficeScan server supports up to 500 web sites each in the approved and blocked lists of the Web Reputation Services (WRS). However, the OfficeScan server does not display any warning message when users attempt to add more than 500 web sites to these lists.

Hot fix 3288

Issue: On computers where OfficeScan, Trend Micro Data Loss Prevention(TM) 5.7 SDK, and Trend Micro bBox are installed, it may take a long time to open files encrypted by bBox, and Data Loss Prevention 5.7 SDK blocks users from saving sensitive content to these files.

Hot fix 3289

Issue: An issue prevents users from making and saving changes to the POP3 mail scan configuration on OfficeScan clients that run on the Microsoft(TM) Windows(TM) 8 or Windows 2012 platform.

Hot fix 3290

Issue: When the OfficeScan client program executes a manual scan on Windows 32-bit junction folders, the client may stop responding or experience long scan times. This is due to redundant looping caused by the junction points.

Hot fix 3292

Issue: Under certain conditions, Microsoft(TM) Outlook(TM) 2007 stops responding when users attempt to attach a Microsoft Word, Excel, PowerPoint, or PDF file to a message by right-clicking the file and selecting the "Copy" and "Paste" options in succession.

Hot fix 3293

Issue 1: A high CPU-usage issue may occur on computers where both OfficeScan 10.6 Service Pack 2 and Symantec(TM) Endpoint Protection 12 MP1 client are installed. Trend Micro Virus Scan Engine version 9.720.1008 and higher versions can prevent this issue but requires users to deploy the registry to all OfficeScan clients after installation.

Issue 2: When the OfficeScan client program performs a manual scan on Microsoft(TM) Windows(TM) 32-bit junction folders, the client may stop responding or the scans may take longer than usual because of redundant looping in the junction points. Trend Micro Behavior Monitor driver (Eye's module) version 5.50.1079 and higher versions can prevent this issue but requires users to deploy the registry to all OfficeScan clients after installation.

Issue 3: When the OfficeScan client program executes a manual scan on Windows 32-bit junction folders, the client may stop responding or experience long scan times. This is due to redundant looping caused by the junction points.

Hot fix 3294

Issue: When two smart protection servers are configured for OfficeScan and OfficeScan cannot connect to the first smart protection server, it switches to the web reputation backup server instead of switching to the second smart protection server. This issue occurs because the retry function of the Web Reputation service modules, which is enabled by default, forces OfficeScan to access the web reputation backup server if it cannot connect to the target smart protection server within a specified number of attempts in a specified time period.

Hot fix 3296

Issue: The Microsoft(TM) Internet Explorer(TM) web browser cannot start successfully on computers running on the Microsoft Windows(TM) 7 platform after users install Trend Micro Data Loss Prevention(TM) Endpoint SDK on these computers.

Hot fix 3299

Issue: When the computer screen resolution changes and the OfficeScan client console "Update Now" dialog box shrinks to adjust to the change, the position of each button relative to the top left side of the dialog box does not change causing these to appear truncated instead.

Hot fix 3301

Issue: When two smart protection servers are configured for OfficeScan and OfficeScan cannot connect to the first smart protection server, it switches to the web reputation backup server instead of switching to the second smart protection server. This issue occurs because the retry function of the Web Reputation service modules, which is enabled by default, forces OfficeScan to access the web reputation backup server if it cannot connect to the target smart protection server within a specified number of attempts in a specified time period.

Hot fix 3306

Issue: Sometimes, users cannot access the OfficeScan web console because the OfficeScan server compacts the database daily and the compact database task could take a long time to complete when the database is larger that 1 GB. This issue can be triggered by any of the following scenarios:

  • The OfficeScan Master Service compacts the database everyday
  • The OfficeScan DbServer runs compact database tasks before database backup tasks

Hot fix 3307

Issue: In version 10 of the Microsoft(TM) Internet Explorer(TM) web browser, the user account login message box does not appear when users attempt to install OfficeScan clients through the Outside Server Management assessment results page.

Hot fix 3311.1

Issue: When Web Reputation is set to assessment mode, OfficeScan clients do not block dangerous web sites but should still be able to detect and record these events. However, OfficeScan clients do not record the detection under this scenario.

Hot fix 3320

Issue: OfficeScan clients always keep two virus patterns. As a result, OfficeScan servers cannot rollback an OfficeScan client's virus pattern to any version that is older than the second virus pattern that the OfficeScan client keeps.

Hot fix 3328

Issue 1: When the OfficeScan Master Service starts, the parameter for "Maximum Client Connections" is not set in the cache memory using the values in the ofcscan.ini file. This occurs because the cache memory has not yet initialized so the default values are set instead.

Issue 2: 64-bit OfficeScan clients can support the Behavior Monitoring Pattern. However, the corresponding information on the following four relevant Behavior Monitoring Pattern components on the Trend Micro Control Manager(TM) server are not updated and still use the original version numbers: 

  • Policy Enforcement Pattern Description
  • Behavior Monitoring Configuration Pattern
  • Policy Enforcement Pattern
  • Digital Signature Pattern

As a result, the reports that Control Manager generates contain outdated version numbers for the components listed above.

Hot fix 3341

Issue: It may take users a long time to access Microsoft(TM) Excel(TM) files that are stored on Microsoft Distributed File System (DFS) servers through computers protected by Trend Micro Data Loss Prevention(TM) Endpoint SDK.

Hot fix 3372

Issue: When the length of the proxy password of the standard Smart Protection Server (SPS) goes beyond the maximum length of 128 characters, it causes the OfficeScan common client ("Tmlisten.exe") to crash.

Hot fix 3381, 2390

Issue: The "icrchdler.dll" process of the OfficeScan client experiences high CPU usage when the network connection is slow or unstable. When the Cyclic Redundancy Check (CRC) queue becomes full, it causes a thread that continuously checks for a free slot, which causes the high CPU usage issue.

Hot fix 3384

Issue: The OfficeScan common client ("Tmlisten.exe") encounters memory leak issues, which slows down the system performance

Hot fix 3395

Issue 1: Damage Cleanup Engine 7.0 cannot clean virus or malware in shared folders or network mapping disks.

Issue 2: When OfficeScan clients update the Damage Cleanup Engine only, an issue causes the update status to remain as "Component update in progress. Please wait."

Critical patch 3236

Issue 1: OfficeScan 10.6 Service Pack 2 servers display incorrect IP addresses, MAC addresses, client program information, and platform information for OfficeScan clients running on OfficeScan 8.0 or 10.0.

Issue 2: After the OfficeScan client upgrades to version 10.6 Service Pack 2, the TmLisen service may delete some update files immediately after downloading these from the OfficeScan server. As a result, some files may not be updated successfully.

Hot fix 3864

Issue: Certain applications may crash unexpectedly when running on computers with both Data Loss Prevention 5.7 SDK and NVIDIA's CoprocManager (used for optimizing the power usage in specific dual graphic card environments) installed.

Hot fix 2214

Enhancement: Hot fix 2214 provides an enhanced "Block AutoRun function on USB devices" function on the OfficeScan Device Control. This enhanced function validates AutoRun items first and allows AutoRun to proceed when it finds that all executable files in the USB device are valid. The unenhanced version will always block AutoRun tasks when enabled.

Hot fix 2248

Enhancement: This hot fix allows users to customize the format of the date/time strings in the "Notifications" page of OfficeScan 10.5 servers.

Hot fix 2337

Enhancement: Users can transfer clients from one OfficeScan server to another within the same domain using the "Move Client" command on the OfficeScan web console or the Client Mover tool "IpXfer.exe". Since OfficeScan clients can only be moved in the same domain hierarchy in the target OfficeScan server as in the previous OfficeScan server, it is important that the complete OfficeScan client domain information can be retrieved successfully when moving clients. This hot fix adds the full domain information of the OfficeScan client computer through the following registry key in the client registry:

Path: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp
\CurrentVersion
Key: FullDomain

Hot fix 2339

Enhancement: This hot fix provides options to globally deploy the registry of the OfficeScan client from the server.

Hot fix 2357

Enhancement: This hot fix ensures that OfficeScan clients do not send firewall logs when the log count is "0" to help reduce the web server load.

Hot fix 3234

Enhancement: This hot fix adds a way to prevent OfficeScan clients from checking the digital signature of OfficeScan client program files.

Hot fix 3335

Enhancement: This hot fix enables the OfficeScan server to send the following OfficeScan client information to the Trend Micro Control Manager(TM) server:

  • Real-time Scan status : enabled/disabled
  • Firewall status : enabled/disabled
  • Last Virus Scan time for:
  • Scheduled Scan
  • Scan Now
  • Manual Scan

Hot fix 2512

Enhancement: This hot fix adds an option to enable OfficeScan to display one blocked device warning message for several blocked device instances when the blocking action involves the same device and accessing process and each instance occurs within a specified time frame from the preceding instance.

Hot fix 2517

Enhancement: When both the USB storage device automatic scanning and the Data Loss Prevention USB-blocking features are enabled, the USB storage device automatic scanning feature may override the Data Loss Prevention USB-blocking feature.

Hot fix 3291

Enhancement: This hot fix adds an option to allow administrators to move "unreachable" OfficeScan clients between OfficeScan servers.

Hot fix 3303

Enhancement: This hot fix enables administrators to select "Pass" as the first action in the Real-time Scan Settings. The "Pass" action will appear in Virus/Malware Server and Client Logs, Spyware/Grayware Server and Client Logs, and in Standard Notifications. End users who have sufficient privileges to configure the Real-time Scan Settings can also add the "Pass" action under the Settings > Real-time Scan of client console.

Hot fix 3310

Enhancement: This hot fix increases the maximum number of entries that the USB exception list in device control policies can support from 200 to 1024 entries.

Hot fix 3334

Enhancement: Users can transfer clients from one OfficeScan server to another within the same domain using the "Move Client" command on the OfficeScan web console or the Client Mover tool "IpXfer.exe". Since OfficeScan clients can only be moved in the same domain hierarchy in the target OfficeScan server as in the previous OfficeScan server, it is important that the complete OfficeScan client domain information can be retrieved successfully when moving clients. This hot fix adds the full domain information of the OfficeScan client computer through the following registry key in the client registry:

Path: HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp
\CurrentVersion
Key: FullDomain

Critical patch 3374, Critical patch 2383

Enhancement: Enhanced Web Reputation Service by allowing incremental updates for the Web Blocking List. This reduces the memory and network bandwidth usage when loading the Web Blocking List. The new database needs 2GB or more of extra disk space(\PCCSRV\LWCS\wcspatterns\ws\cupcake). This is because the Web Blocking List will continue to increase in size as more sites get blocked. The new database needs extra 2 GB disk space and it will grow up to 3 GB in 2014. For more information about the size of the database, refer to: https://success.trendmicro.com/solution/1098328-disk-space-is-reduced-after-installing-the-wrs-enhancement-in-smart-protection-server

The downloaded Web Blocking List will also use a new format.
  • Current format: x.xxx.xxxxx
  • New format: xxxxxxxx
    x represent s a numerical number.

For more information, download the latest copy of the readme file.

Premium
Internal
Rating:
Category:
Deploy; Install; Migrate
Solution Id:
1097407
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.