Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Compatibility issue between Microsoft Security Update MS14-066 and Data Loss Prevention

    • Updated:
    • 14 Apr 2016
    • Product/Version:
    • Data Loss Prevention Endpoint 5.5
    • Platform:
    • Windows 2000 Advanced Server
    • Windows 2000 Datacenter Server
    • Windows 2000 Professional
    • Windows 2000 Server
    • Windows 2003 Datacenter
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2003 Web Server Edition
    • Windows 2008 Standard
    • Windows 7 32-bit
    • Windows Vista 32-bit
    • Windows XP Home
    • Windows XP Professional
Summary

The agents with Data Loss Prevention (DLP) 5.5 or 5.6 cannot connect to the server after installing the Microsoft Security Update MS14-066. This windows update resolves the vulnerability in the Microsoft Secure Channel (Schannel) security package. However, it breaks the DLP agent-server connection.

This issue affects the following agent versions:

    • 5.6 EN & JP: 5.6.1364
    • 5.5 EN: 5.5.1147
    • 5.5 JP: 5.5.1446

Applying the appropriate DLP hot fix cannot resolve the issue on the agents with MS14-066 because the agent-server connection is broken. Thus, the affected agents are unable to receive the component updates that can fix this issue.

Below are the related hot fix numbers:

    • 5.6 EN & JP: Critical Patch 1149
    • 5.5 EN & JP: Critical Patch 1446
Details
Public

To resolve the issue, restore the agent-server connection on the agents with MS14-066. Do one of the following options:

Option 1: Temporarily remove the MS14-066 update to allow the agents receive the new component updates

  1. Apply the appropriate critical patch to the DLP server.
  2. Navigate to Control Panel > Programs > Programs and Features.
  3. Click Installed Updates.
  4. Select Security Updates for Microsoft Windows (KB2992611).

    Security Updates for Microsoft Windows (KB2992611)

  5. Click Uninstall.
  6. When the connection between the server and agent has been re-established, update the agents to the correct version.
  7. Reinstall the Windows Security Update MS14-066.

Option 2: Reinstall the agents on the endpoint using run_dtool_update.bat

  1. Apply the appropriate critical patch to the DLP server.
  2. Download the DLP client installation package.
  3. Use an account with administrator privileges to execute run_dtool_update.bat.
 
This procedure will only work on local installation. For the domain deployment, we will provide an update for the procedures.

To get the necessary critical patch, contact Trend Micro Technical Support.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1106290
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.