Behavior Monitoring may falsely detect applications if they exhibit malicious behavior. The following detection name may appear on the Behavior Monitoring logs:
- Malware Behavior Blocking
- Unauthorized File Encryption
- Rapid Proliferation
This article provides different steps on how to prevent the issue.
Choose among these options:
The following files are required to be submitted:
- The file detected by Behavior Monitoring
- Behavior Monitoring Logs containing the detection
You may refer to User Guide: New Requests (see section, “Files that require immediate action”) for steps on how to submit a case to Technical Support.
Once the file has been verified to be normal, it will be whitelisted to prevent false detection.
- Go to Agents > Global Agent Settings.
- Go to the ‘System’ tab.
- Put a check on ‘Enable the Certified Safe Software Service for Behavior Monitoring, Firewall, and antivirus scans’ and click Save.
Wildcard exclusions are available for the following versions:
- OfficeScan 11.0 Service Pack 1 (SP1) Hot Fix Build 6315 and later builds
- OfficeScan XG Patch 1 and later builds
- OfficeScan XG Service Pack 1 (SP1) and later builds
For further reference about the use of wildcards in the exception lists, you may refer to Exception List Wildcard Support.
The Trusted Programs List excludes programs and all child processes called by the program from Real-time Scan and Behavior Monitoring scanning.
- Go to Agents > Agent Management.
- In the Agent Tree, select the OfficeScan Server/Domain/Computer.
- Go to Settings > Trusted Program List.
- Add the full path of the file and click Add to Trusted Program List.
- Click Save.
- Programs under the Windows system folder
- Programs with no valid digital signature
This option is available for software developers only.
Software developers can apply for the Trend Micro GRID program where they can submit the application before public release. You may refer to The GRID: Goodware Resource and Information Database for more information.