Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

OfficeScan (OSCE) 11 SP1 Hot Fix B3071/B4172 and Worry-Free Business Security (WFBS) 9.0 SP2 Hot Fix B3205 - Enabling detection for newly encountered programs to defend against ransomware

    • Updated:
    • 8 Sep 2015
    • Product/Version:
    • OfficeScan 11.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2003 Datacenter 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Server R2
    • Windows 2003 Standard 64-bit
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Enterprise R2
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Essentials
    • Windows 2012 Standard
    • Windows 2012 Standard R2
Summary

Ransomwares are usually downloaded by unwitting users by visiting malicious, compromised websites, or spam emails.

To help defend against this, we can enable an existing OfficeScan and Worry-Free feature that enables monitoring of newly downloaded programs.

This feature works in conjunction with Web Reputation Services to verify the prevalence of files downloaded through HTTP channels or email applications.

Trend Micro classifies a program as newly encountered based on the number of file detections or historical age of the file as determined by the Smart Protection Network.

The hot fix package provided here can help configure this feature in response to recent widespread ransomware attacks.

Details
Public

Release date: August 2015

Download the Hot Fix depending on your OSCE SP1 version:

 
For the localized versions of these Hot Fixes, contact Trend Micro Technical Support.

Hot Fix B3071/B4172 contains the following enhancements for OSCE:

  • Enables the feature “Monitor newly encountered programs downloaded through HTTP or email applications”.
  • Sets the default action from “Log Only” to “Prompt user before executing”

    Prompt user before executing as default action

                                                 Click image to enlarge.

     
    Upon detection, OSCE temporarily blocks the program and prompts users to select an action ("Block Once" or "Allow Once"). If users do not select an action within the specified time period, the program is automatically blocked.
  • Enhanced detection pop out message to provide notification on potential ransomware activity.

    Enhanced detection pop out message

                                          Click image to enlarge.

For more information, check the attached Readme files:

Release date: August 14, 2015

You may download a copy of the hot fix using this link.

To help defend against Ransomware, download and install Hot Fix Build 3205 and enable the existing feature that enables monitoring of newly downloaded programs in WFBS.

                                           Click image to enlarge.

This feature works in conjunction with Web Reputation Services to verify the prevalence of files downloaded through HTTP channels or email applications. Upon detecting a newly encountered program downloaded through HTTP or email applications, WFBS temporarily blocks the program and prompts users to select an action ("Block once" or "Allow once"). If users do not select an action within the specified time period, the program is automatically blocked.

                      Click image to enlarge.

 
This Hot Fix Build 3205 only affects Desktop groups and prior installation of WFBS 9.0 SP2 is required.

For more information, check the attached Readme file.

What is required to use this function?

Both Behavior Monitoring(Unauthorized Change Prevention Service) and Web Reputation must be enabled. If either is disabled, this function will not work normally.

Will this hotfix automatically enable Behavior Monitoring(Unauthorized Change Prevention Service) and Web Reputation?

No. This hotfix can only enable the “Monitor newly encountered programs downloaded through HTTP or email applications”.

Can I enable this feature on server platforms?

No. This feature can only work on desktop platforms.

Is there possibility of false detection?

Yes, since this function checks for prevalence or historical age of a file, it could potentially alert users when it encounters a new but non-malicious sample. Users can simply allow access to the file on the pop out alert.

Can we add whitelist or exception for this feature?

No, this feature does not support whitelist or exception on current version.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1112193
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.