Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Unable to create Hyper-V vSwitch on a Windows 10 machine with OfficeScan

    • Updated:
    • 11 Sep 2018
    • Product/Version:
    • OfficeScan 11.0
    • Platform:
    • Windows 2008 Standard
    • Windows 2012 Standard
Summary

When attempting to create a Hyper-V vSwitch on a Windows 10 machine, it fails. However, when the customer disables the following OfficeScan Agent self-protection features, the installation of Hyper-V vSwitch is successful:

  • Protect OfficeScan agent registry keys
  • Protect OfficeScan agent processes

The Hyper-V process vmms.exe is responsible in creating a virtual switch. The process needs to have persmission to read network adapter files. In such cases, the creation of a new vSwitch fails because vmms.exe does not have permission to read TmLwF registry entries.

It shows in the Process Monitor logs that there is an "ACCESS DENIED" error when svchost.exe calls RegDeleteKey.

16:35.2  svchost.exe        10420    RegDeleteKey
HKLM\System\CurrentControlSet\Services\TmLwf\Parameters\Adapters
{A259701F-827D-4BD8-9AE5-71566887FF9C}

{5CBF81BD-5055-47CD-9055-A76B2B4E3698}
-0000 ACCESS DENIED
Details
Public

To resolve the issue:

Refer customer to the following Microsoft KB Article: Recommended antivirus exclusions for Hyper-V hosts.

If scan exclusions are already set, but the issue persists, request OfficeScan 11.0 Hot Fix Build 6447 from Trend Micro Technical Support or apply the latest patch from Trend Micro Download Center.

Once the hot fix has been applied:

  1. Open the Ofcscan.ini file in the \PCCSRV\ folder on the OfficeScan server installation directory using a text editor.
  2. Under the Global Setting section, manually add the following key and set its value to "1".

    [Global Setting]
    SP_DisableTmLwfRegistryKeyProtection=1

  3. Save the change and close the file.
  4. Open the OfficeScan web console and go to the Agents > Global Agent Settings screen.
  5. Click Saveto deploy the setting to agents.

    The OfficeScan server deploys the command to OfficeScan agents and adds the following registry entry on all OfficeScan agent computers:

    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
    Key: SP_DisableTmLwfRegistryKeyProtection
    Type: DWORD
    Value: 1

Verify if the issue persists.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1120119
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.