Summary
When the OSCE client and EAC are both enabled on a computer, it will hang after trying to log into the endpoint.
Several symptoms include:
- Black screen with only the mouse pointer showing (can last for a day)
- Blue Screen of Death (BSoD)
To resolve the issue:
- Boot in safe mode.
- In services.msc, switch the Startup type for the Trend Micro Endpoint Application Control Agent Service from "Automatic" to "Disabled".
- Restart in Normal Mode.
This issue was isolated to the Real-Time Scan module of OSCE.
Details
To resolve this issue, do the following:
- Add the main Endpoint Application Control Service (full path) into the Trusted Program List within the OSCE web console by going to Agents > Agent Management > Select a Domain/Agent > Settings > Trusted Program List:
C:\Program Files\Trend Micro\Endpoint Application Control Agent\ac_bin\AcAgentService.exe
- Also add the following processes of EAC into the Exception List of the Behavior Monitoring Approved List and Real-Time Scan:
C:\Program Files\Trend Micro\Endpoint Application Control Agent\ac_bin\AcAgentScan.exe
C:\Program Files\Trend Micro\Endpoint Application Control Agent\ac_bin\AcAgentService.exe
C:\Program Files\Trend Micro\Endpoint Application Control Agent\ac_bin\AcAgentUI.exe
C:\Program Files\Trend Micro\Endpoint Application Control Agent\ac_bin\AcAgentUINotify.exe- For Real-Time Scan exclusions, go to OSCE web console > Agents > Agent Management > Select a Domain/Agent > Settings > Scan Settings > Real-Time Scan Settings > Scan Exclusion tab.
- For Behavior Monitoring Approved List, go to OSCE web console > Agents > Agent Management > Select a Domain/Agent > Settings > Behavior Monitoring Settings > Add To Approved List.
The 5 paths listed above are the default paths. They may vary depending of your environment.
