Trend Micro has received some reports of a potential sharing violation issue on OfficeScan (OSCE) XG SP1 Critical Patch 5338, Apex One (on premise) as well as Apex One as a Service when a user tries to save Microsoft Office files (e.g. xlsx, docx) on a network shared (i.e. SMB) path.
Criteria:
This issue has been reported to be triggered when the following criteria are met:
- One of the specific products/versions above are installed and Predictive Machine Learning (PML) is enabled on the endpoint which has network shared folder; and,
- When other users try to save MS Office files to the shared folder, it will sometimes return a sharing violation error.
Workaround:
This issue can temporarily be solved by using one of the following workarounds:
[Option I]
Disable PML function on the endpoint with the shared folder.
[Option II – Preferred]
- On the OfficeScan server, locate ofcscan.ini and open it with text editor.
- Find [Global Setting] section and amend the content below:
[Global Setting]
DS_ProcessCount=1*
DS_ProcessName000*=systemPlease alter the items with an asterisk (*) if there are already some entries in place. - Save and deploy to all agents.
Based on in-house testing, a minor side-effect of this workaround is that certain *.tmp files cannot be deleted. Customers who encounter this tmp file lock issue are advised to also add the following settings to ofcscan.ini:
[Global Setting]
AvoidExcelSaveIssue=1
ExcelSDT=500
These settings are used to stagger the file lock period for scan engines, and do not diminish the protection level in any way.
Long Term Mitigation Plan:
- Trend Micro is preparing to release a hot fix for OSCE XG SP1 and Apex One on premise to address this issue in early May 2019, and can be obtained by contacting Trend Micro technical support.
- Apex One as a Service is scheduled to be updated with the permanent solution in June maintenance release. Customers who are currently encountering this issue may contact Trend Micro Technical Support to apply the workaround from the backend.
