Fix the Behavior Monitoring issue

Preventing Behavior Monitoring false detections in OfficeScan

- Updated:
- 13 Mar 2020
- Product/Version:
- OfficeScan 11.0
- OfficeScan 11.0
- OfficeScan XG
- OfficeScan XG.All
- Platform:
- Windows 10
- Windows 10 32-bit
- Windows 10 64-bit
- Windows 2003 Server R2
- Windows 2008 Server R2
- Windows 2012
- Windows 2016
- Windows 7 32-Bit
- Windows 7 64-Bit
- Windows 8 32-Bit
- Windows 8 64-Bit
- Windows 8.1 32-Bit
- Windows 8.1 64-Bit

Choose among these options:

Option 1: Submit the file to Trend Micro for verification and whitelisting

The following files are required to be submitted:

The file detected by Behavior Monitoring
Behavior Monitoring Logs containing the detection

You may refer to User Guide: New Requests (see section, “Files that require immediate action”) for steps on how to submit a case to Technical Support.

Once the file has been verified to be normal, it will be whitelisted to prevent false detection.

The OfficeScan Agent requires Internet connection and the following service so that it can query the Trend Micro servers in the cloud containing the whitelist:

Go to Agents > Global Agent Settings.
Go to the ‘System’ tab.
Put a check on ‘Enable the Certified Safe Software Service for Behavior Monitoring, Firewall, and antivirus scans’ and click Save.

Option 2: Add the full path of the file to Behavior Monitoring Exceptions

Go to Agents > Agent Management.
In the Agent Tree, select the OfficeScan Server/Domain/Computer.
Go to Settings > Behavior Monitoring Settings > Exceptions tab.
Add the full path of the file and click Add to Approved List.
Click Save.

Option 3: Use wildcard for the file path

Wildcard exclusions are available for the following versions:

OfficeScan 11.0 Service Pack 1 (SP1) Hot Fix Build 6315 and later builds
OfficeScan XG Patch 1 and later builds
OfficeScan XG Service Pack 1 (SP1) and later builds

For further reference about the use of wildcards in the exception lists, you may refer to Exception List Wildcard Support.

Option 4: Add the file to the Trusted Program List

The Trusted Programs List excludes programs and all child processes called by the program from Real-time Scan and Behavior Monitoring scanning.

Go to Agents > Agent Management.
In the Agent Tree, select the OfficeScan Server/Domain/Computer.
Go to Settings > Trusted Program List.
Add the full path of the file and click Add to Trusted Program List.
Click Save.

For security reasons, the Trusted Program feature will not take effect on the following:

Programs under the Windows system folder
Programs with no valid digital signature

Option 5: Trend Micro GRID Application

This option is available for software developers only.

Software developers can apply for the Trend Micro GRID program where they can submit the application before public release. You may refer to The GRID: Goodware Resource and Information Database for more information.