When the Ransomware module is enabled in OfficeScan (OSCE), Behavior Monitoring falsely detects an application as suspicious/malicious and then blocks it. This article lists the options to follow in order to avoid the issue.
To solve the Behavior Monitoring issue, choose from any of the following options:
Wildcard exclusions are available for the following versions (higher or lower):
- OSCE 11.0 Hot Fix Build 6315 English, French, German, and Japanese versions
- OSCE XG Patch 1 Build 1556 English
- OSCE XG Patch 1 Build 1576 German, French, and Spanish
Meanwhile, patches that supported wildcard input were:
- OSCE XG Patch 1 (both EN and Localized versions)
- OSCE 11.0 SP1 Win10 Creators Update Critical Patch (EN: CP6355 / Localized versions: CP6367)
Only when the application is Digitally Signed, full path of the application can be added to the Trusted Program List.
- Go to Agents > Agent Management.
- Click Settings > Trusted Program List.
- Type the program full path and then choose Add to Trusted Program List.
- Click Save.
Customer can submit the detected application to Trend Micro support for verification and whitelisting.
Once the application has been verified to be normal, it will be whitelisted to avoid further detection.
However, in order for this to work, customer must enable the Certified Safe Software Services.
This option is available for software developers only.
Software developers can apply for the Trend Micro GRID program where they can submit the application before public release. You may refer to The GRID: Goodware Resource and Information Database for more information.