Major Bug in Trend Micro OfficeScan 8.0

Problem Description:-
There is a major bug in Trend Micro OfficeScan 8.0
The client will keep on sending quanrantine file in C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT folder to the Trend Micro OfficeScan 8.0 Server.

It impact Trend Micro OfficeScan 8.0 with Service Pack 1 (Shown below is the component version of the impacted machine.


Damage ? :-
The damange is so massive and u can call this an internal major DDOS attack.

Root cause?
Unknown. Some trend engineer claim it is due to the scan engine 8.950.1094 and some claim it is due to the folder permission is correct.

Solution?
There is no real solution at the moment.
But you ease the damage by doing the following task.

a) rename the cgirecvfile.exe on the OfficeScan server (\pccsrv\web_osce\web\cgi) to prevent high CPU usage on the OSCE server.
b) change virus clean action from IntelliAction to Clean or Delete..(the idea here is not to choose the quarantine as part of the clean action item)

Well u might have thought the action above will solve the issue will ya? Well u r wrong!!!
The client will still continue sending nonsense to the server cause the C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT folder is not empty yet. It might not be able to establish a connection but will still continue to ping the server.

u might want to write a script which stop the ntrtscan and tmlisten and then del all content in C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT

:)

Well by doing all this u r protected from your internal menace from the time being..

Conclusion:-

Stay away from scan engine 8.950 the quality of trend micro product is really going from bad to worst..god i hate this...


LATEST UPDATE!!!

Ok this bug is mainly due to these 2 folder permission change mysteriously:-

C:\Program Files\Trend Micro\OfficeScan Client\FLog
C:\Program Files\Trend Micro\OfficeScan Client\Suspect

To fix it u need to grant full permission to everyone on the two folder above..

u can either script it or do it manually...cheers.

or Trend Micro did recommend this:- change the security from normal to high back to normal.

Mission Accomplish.

Comments

Post a Comment

Popular posts from this blog

How to disable Trend Micro OfficeScan using cmd.

Sometimes i find the Trend Micro OfficeScan is annoying when u wanna download some stuff from some cracks sites..so to disable the real time scan using command prompt, you can follow this guide.. 1. Start command prompt. Start->run-> cmd 2. Type "net stop tmlisten" 3. Type "net stop ntrtscan" and voila you Trend Micro OfficeScan real time scan is disable!!
Read more

Fake torrent from www.YayMovies.com .. Beware !!! It is a Scam !!

Have u ever downloaded a torrent from www.YayMovies.com The file will be password protected..and inside there is a readme which states the following... >>> Hello, This video is password protected to stop automated leeching and detection. To get your password, Please visit: www.YayMovies.com We apologize for the inconvenience.   --------- Note: The password is case sensitive. So please enter is exactly as it is displayed. Have a nice day :) ---------- <<<< It's a scam. Makes you choose one of the 6 or 7 quizzes. After ask for cellphone #. With that, they begin to bill you a monthly service. Heres the details---------------Minimum age restrictions may apply. You must be at least 18 to participate in the following states: Florida.With Playphone Platinum Plus Subscription Plan you will get unlimited credits (10 ringtone credits and unlimited credits for video's, games and wallpapers) every month for $14.99/month and 2 Playphone Backstage Alerts. To cancel text
Read more

Zishan Z1 firmware Update and Manual

I found out Zishan has released a new firmware for Z1 player. It supports three new playback modes. download here.. The update is simple. All you need is the ZiShan_Z1_0.2.zip and a TF card. I used a 32GB TF card in FAT32 format. 1) Turn off Z1 player; 2) Extract app.bin from ZiShan_Z1_0.2.zip, and put it in the root directory of the TF card; 3) Insert the TF card into the player; 4) Turn on the Z1 player. The LED light will be on for 3 seconds and then blink ultra-fast for around 5 seconds. (Done). 5) Remove the file app.bin in the card. What's new in v0.2: 1) Add 180 EQ settings. (WTF...it's a screen-less player.) 2) Add 3 playback modes: Repeat, Shuffle and Default. (Very useful for me.) 3) Fix a DSD problem. How to choose playback modes: Press 'Prev' for a few seconds until the LED light blinks faster than normal, then release. And: a) Press 'Prev' to choose Repeat track mode. b) Press 'Stop' to choose Shuffle all tracks mode. c)
Read more