Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Mitigating false Behavior Monitoring detection related to Ransomware module in OSCE and WFBS

    • Updated:
    • 15 Nov 2016
    • Product/Version:
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Platform:
    • Windows 10
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2003 Server R2
    • Windows 2008 Server R2
    • Windows 2012
    • Windows 2016
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
Summary

When the Ransomware module is enabled in OfficeScan (OSCE) and Worry-Free Business Security (WFBS), Behavior Monitoring falsely detects an application as suspicious/malicious and then blocks it. This article lists the options to follow in order to avoid the issue.

Details
Public

To solve the Behavior Monitoring issue, choose from any of the following options:

Add full path of the application to the Exception List of OSCE.

  1. Go to Agents > Agent Management.
  2. Click Settings > Behavior Monitoring Settings.
  3. Type the full program path and then choose Add to Approved List.
    Behavior Monitoring Settings
  4. Click Save.
 
Wildcard is currently not supported.

Only when the application is Digitally Signed, full path of the application can be added to the Trusted Program List.

  1. Go to Agents > Agent Management.
  2. Click Settings > Trusted Program List.
  3. Type the program full path and then choose Add to Trusted Program List.
    Trusted Program List
  4. Click Save.
 
Wildcard is currently not supported.

Customer can submit the detected application to Trend Micro support for verification and whitelisting.

Once the application has been verified to be normal, it will be whitelisted to avoid further detection.

However, in order for this to work, customer must enable the Certified Safe Software Services.

  1. Go to Agents > Global Agent Settings.
  2. Under Certified Safe Software Service Settings, select Enable the Certified Safe Software Service for Behavior Monitoring, Firewall, and antivirus scans option.
    Enabling Certified Safe Software Service

This option is available for software developers only.

Software developers can apply for the Trend Micro GRID program where they can submit the application before public release. You may refer to The GRID: Goodware Resource and Information Database for more information. 

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1115668
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.