Trend Micro, Inc.

July 2015

Trend Micro™ Worry-Free Business Security™

Version 9.0 Service Pack 2

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp.

Contents

1. About Worry-Free Business Security

2. What's New

   • New in this Release (WFBS 9.0 SP2)
   • Resolved Known Issues
   • New in this Release (WFBS 9.0 SP1)
   • New in this Release (WFBS 9.0)
3. Document Set
4. System Requirements

5. Installation

6. Post-installation Configuration
7. Known Issues
8. Contact Information
9. About Trend Micro
10. License Agreement

1. About Worry-Free Business Security

Trend Micro Worry-Free Business Security (WFBS) protects small business users and assets from data theft, identity theft, risky Web sites, and spam (Advanced Only).

Back to top

2. What's New

Worry-Free Business Security includes the following new features and enhancements:

What's New in WFBS 9.0 Service Pack 2

Windows 10 Support

Worry-Free Business Security now supports Security Agent installation on Windows 10.

Ransomware Protection for Documents

Enhanced scan features can identify and block ransomware programs that target documents that run on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs.

Back to top

Resolved Known Issues

WFBS 9.0 SP2 resolves the following product issues:

Issue 1: The Security Agent may still protect Intuit files after the user disables the Intuit QuickBooks Protection function.

Solution 1: [Hot Fix: 2363] This hot fix ensures that users can disable the Intuit Quickbooks Protection function successfully.

Issue 2: The Security Agent may still protect folders after the user disables the folder protection function.

Solution 2: [Hot Fix: 2363] This hot fix ensures that users can disable the folder protection function successfully.

Issue 3: When starting the Worry-Free Business Security Agent with POP3 email scanning enabled, the Real-time Scan (Ntrtscan.exe) service may not be able to start due to a timing conflict with the Trend Micro Security Agent Listener (TmListen.exe) service.

Solution 3: [Critical Patch: 2453] This critical patch resolves the timing conflict by ensuring that the Trend Micro Security Agent Listener service allows the RealTime Scan service to start before starting other services.

Issue 4: On some environments, part of the scanning process may hang and the Worry-Free Business Security Agent may be unable to perform any action on the detected malware. When this happens, Worry-Free Business Security does not display a pop-up warning or generate a detection log.

Solution 4: [Critical Patch: 2453] This critical patch enables Worry-Free Business Security Agent to perform the required action on malware detected under the scenario described above.

Issue 5: The Manual Scan progress window stops responding during a manual scan.

Solution 5: [Hot Fix: 2479] This hot fix ensures that manual scans run and completes normally.

Issue 6: An issue prevents Worry-Free Business Security 9.0 Service Pack 1 servers from updating the Smart Scan Pattern successfully. When this happens, the live status of the Smart Scan Service on the server's web console becomes "unavailable".

Solution 6: [Hot Fix: 2500] This hot fix ensures that Worry-Free Business Security 9.0 Service Pack 1 servers can update the Smart Scan Pattern successfully.

Issue 7: An issue prevents users from performing a fresh installation of the Security Agent after upgrading Worry-Free Business Security from version 9.0 to 9.0 Service Pack 1.

Solution 7: [Hot Fix 2501] This hot fix ensures that Worry-Free Business Security 9.0 Service Pack 1 Security Agent can be installed successfully under the scenario described above.

Issue 8: An issue prevents Worry-Free Business Security 9.0 Service Pack 1 servers from disabling the global setting: "Send Web Reputation and URL Filtering Logs to the Security Server".

Solution 8: [Hot Fix: 2502] This hot fix ensures that Worry-Free Business Security 9.0 Service Pack 1 servers can disable the setting "Send Web Reputation and URL Filtering Logs to the Security Server".

Issue 9: On Microsoft(TM) 64-bit operating systems, the 32-bit version of Internet Explorer 9 might crash when it coexists with the Security Agent.

Solution 9: [Hot Fix: 2503] This hot fix ensures that this browser works fine when it coexists with the Security Agent on Microsoft 64-bit operating systems.

Issue 10: The SMTP mail scan feature is enabled by default when the Worry-Free Business Security 9.0 Service Pack 1 agent is installed on the Microsoft™ Windows™ 8.0, 8.1, or Server 2012 R2 platform. When this happens, both the platform's email server and client may not be able to send or receive some email messages.

Solution 10: [Hot Fix: 2510] This hot fix ensures that the Security Agent works well with the platform email server and client.

Issue 11: Users cannot perform a manual update on the Security Agent console even when the "Allow users to perform manual update" on setting is enabled on the Security Server web console.

Solution 11: [Hot Fix: 2511] This hot fix ensures that Worry-Free Business Security 9.0 Service Pack 1 agent can perform a manual update correctly.

Issue 12: Users may encounter performance issues on computers where the Worry-Free Business Security Agent is installed.

Solution 12: [Hot Fix: 2514] This hot fix resolves the performance issues on affected computers.

Issue 13: An issue related to the "coreTaskManager.dll" binary file may trigger a heap leak issue after the Worry-Free Business Security agent is installed on the computer.

Solution 13: [Hot Fix: 2515] This hot fix resolves the heap leak issue on affected computers.

Issue 14: Users may be unable to install the Trend Micro Remote Manager agent on computers where the Worry-Free Business Security server is installed. When this happens, users will be unable to register Worry-Free Business Security to the Trend Micro Remote Manager using its existing GUID.

Solution 14: [Hot Fix: 2516] This hot fix resolves the installation issues to ensure that users can install the Trend Micro Remote Manager agent on computers where the Worry-Free Business Security server is installed.

Issue 15: Computers where the Worry-Free Business Security agent is installed may stop responding after the Real-time Scan feature is enabled.

Solution 15: [Hot Fix: 2517] This hot fix ensures that the Real-time Scan feature Worry-Free Business Security agents works normally.

Issue 16: Users may encounter system crash problems when installing the Worry-Free Business Security 9.0 Service Pack 1 Agent.

Solution 16: [Hot Fix: 2519] This hot fix resolves the system crash issues when installing the Worry-Free Business Security 9.0 Service Pack 1 Agent.

Issue 17: Sometimes, Worry-Free Business Security 9.0 Service Pack 1 cannot detect a USB disk device that has been ejected from and plugged back into a protected computer.

Solution 17: [Hot Fix: 2520] This hot fix ensures that Worry-Free Business Security 9.0 Service Pack 1 can detect USB disk devices that are plugged into protected computers.

Issue 18: Users may encounter system crash problems after installing the Worry-Free Business Security 9.0 Service Pack 1 Agent.

Solution 18: [Hot Fix: 2534] This hot fix resolves the system crash issues when installing the Worry-Free Business Security 9.0 Service Pack 1 Agent.

Issue 19: The Worry-Free Business Security 9.0 Service Pack 1 Security Agent may delay the Remote Desktop logoff process from the Microsoft(TM) Windows(TM) 2003 Terminal Server which triggers the "ending task pccntmon.mainframe" message to appear in the Remote Desktop Section during logoff.

Solution 19: [Hot Fix 2536] This hot fix provides an option to change the default thread timeout value. (Default value is 10 seconds)
Procedure: To change the timeout value:

1. Open the Registry Editor.
2. Set the preferred timeout value in milliseconds in the following registry key.
   Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
   Type: DWORD
   Key: OIPC_THREADTIMEOUT
Value: in milliseconds, 1000 = 1 second

Issue 20: Worry-Free Business Security 9.0 Service Pack 1 may stop unexpectedly or trigger blue screen of death (BSOD) in a Microsoft™ Windows™ Server environment with a Cluster Shared Volumes (CSV) disk.

Solution 20: [Hot Fix: 2541] This hot fix ensures that Worry-Free Business Security 9.0 Service Pack 1 works well with CSV disks within a Windows Server Failover Cluster.

Back to top

What's New in WFBS 9.0 Service Pack 1

Detection Improvements

• Outbreak prevention protection against compressed executable files (packers)
• Improved Damage Cleanup Engine performance

Enhancements

Web reputation logs include running processes information

Usability Improvements

• Security Server version displays on the log on screen
• Updated UI text to better reflect how WFBS works

Back to top

What's New in WFBS 9.0

Microsoft Exchange Support

WFBS now supports Microsoft Exchange Server 2010 SP3 and Microsoft Exchange Server 2013

Windows Support

WFBS now supports Microsoft Windows 8.1 and Windows Server 2012 R2

Mobile device security

WFBS Advanced now supports mobile device data protection and access control. Mobile device security has the following features:

• Device Access Control

  • Allow access to the Exchange server based on user, operating system, and/or email client
  • Specify the access granted to specific mailbox components

• Device Management

  • Perform a device wipe on lost or stolen devices
  • Apply security settings to specific users including:
  • Password strength requirements
  • Automatic device lock after being inactive
  • Encryption
  • Unsuccessful sign-in data purge

Activation Code Enhancement

Post-paid Activation Code support

Detection Improvements

• Enhanced Memory Scan for real-time scan
• Known and potential threat mode for Behavior Monitoring
• Browser Exploit Prevention
• Newly encountered program download detection

Usability Improvements

• Global and group Approval/Block lists for Web Reputation and URL Filtering
• IP exception list for Web Reputation and URL Filtering in the Global Settings
• Removal of ActiveX from Client Tree and Remote installation page
• Customized Outbreak Defense
• Outlook 2013 and Windows Live Mail 2012 support for Trend Micro Anti-Spam Toolbar
• Update Agent to update from Trend Micro ActiveUpdate only
• Stop Server updates
• Keep patterns when upgrading the Server and Agent
• Help Link and Infection Source virus logs

Back to top

3. Document Set

The Worry-Free Business Security Standard solution consists of an on-premise server (Security Server) and desktop protection software (Security Agent).

The Worry-Free Business Security Advanced solution consists of two components hosted/offsite email protection service (Trend Micro Hosted Email Security) and on-premise server (Security Server), desktop(Security Agent), and email protection (Messaging Security Agent) software.

The documents for Trend Micro Hosted Email Security are available at http://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx.

The document set for the Worry-Free Business Security Server includes:

• Installation and Upgrade Guide: A PDF document that discusses requirements and procedures for installing the Security server, and upgrading the server and agents
• Administrator's Guide: A PDF document that discusses getting started information, agent installation procedures, and Security server and agent management
• Help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information
• Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation.
• Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com

Back to top

4. System Requirements

See the System Requirements Guide for Worry-Free Business Security 9.0 for a complete list of installation and upgrade requirements:

http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_sysreq.pdf

You can refer to the system requirements for Windows 8/8.1 when installing Security Agents on Windows 10 endpoints.

Important: Worry-Free Business Security 9.0 Service Pack 2 does not support running the Security Server on Windows 10 endpoints.

Back to top

5. Installation

Important: Be sure to install or upgrade to Worry-Free Business Security 9.0 Service Pack 1 before installing this service pack.

Download the installation packages for version 9.0 and this service pack at:

Worry-Free Business Security - Advanced 9.0:
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4482&lang_loc=1

Worry-Free Business Security - Standard 9.0 :
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4483&lang_loc=1

5.1. Installing/Upgrading to Worry-Free Business Security 9.0

See the Installation and Upgrade Guide for Worry-Free Business Security 9.0 for installation and upgrade instructions.

http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_iug.pdf

5.2. Installing this Service Pack

1. Copy the installation package to the Worry-Free Business Security server.
2. Launch the installation package.
3. Accept the license agreement and then click Next.
4. If a prompt message displays, read the pre-installation information carefully and follow instructions, if any.
5. Click Next to start the installation process.
6. Click OK to complete the installation process.

5.3. Inserting Contact Information (for Resellers and Partners)

Resellers and partners can add their contact information to the Security Server web console by performing the following steps:

1. On the computer where the Security Server is installed, navigate to {Security Server installation folder}\PCCSRV\Private. {Security Server installation folder} is typically C:\Program Files\Trend Micro\Security Server.
2. Open contact_info.ini using a text editor such as Notepad and then type the relevant contact information. Save the file. Log on to the Security Server web console and navigate to Preferences > Product License. A Reseller Information section is added to the Product License screen.

Back to top

6. Post-installation Configuration

See the post-installation tasks in the Installation and Upgrade Guide if you:

• Installed the Security Server
• Upgraded the Security Server and agents
• If you installed agents, see the agent post-installation tasks in the Administrator's Guide.

Back to top

7. Known Issues

Some product features do not support certain operating systems and associated applications. For details, visit http://docs.trendmicro.com/en-us/smb/worry-free-business-security/agent_features/.

The following are the known issues in this release:

• Security Agent Deployment, Upgrade, and Usage
• Security Server
• Web Console
• Behavior Monitoring/Device Control
• Web Reputation/URL Filtering
• Firewall
• Messaging Security Agent
• Mac Security

7.1. Security Agent Deployment, Upgrade, and Usage

Note: For details about installation limitations on certain operating systems, see the Help topic:
http://docs.trendmicro.com/en-us/smb/worry-free-business-security/install_meth/

1. To completely reinstall or upgrade the Security Agent, you will need to restart the computer. A restart will also be necessary when updating some components, including the firewall and the proxy drivers.

WFBS supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.

2. In a Terminal Services environment, administrators can decide whether to show or hide the Security Agent icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.

   If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:

   a. On the Security Agent host, open the registry.

   b. Create/modify the following REG name/value pair:

   Key:

   For 32-bit: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

   For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

   Name: RCS

   Type: DWORD

   Value: 202 (in decimal format)

   There will be no PccNTMon instances created when its value is set to 202.

3. The manual scan process bar is not fully synchronized to Files scanned count based scan mechanism.

7.2. Security Server

1. The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:

   HTTP: 8059 and 8082
   SSL: 4343 and 4345

2. If an Internet connection problem occurs during the Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem or the installer might freeze. A stable Internet connection is required during installation.
3. During Security Server install/upgrade, Setup.exe or TrustedInstaller.exe may use up to 50% of CPU resources.

7.3. Web Console

1. Trend Micro recommends setting Internet Explorer to Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.

   By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.

7.4. Behavior Monitoring/Device Control

1. Behavior Monitoring and Device Control fully support 32-bit operating systems. On 64-bit operating systems, only Vista x64 SP1 and later are supported.

7.5. Web Reputation/URL Filtering

1. Browser Exploit Prevention supports Internet Explorer versions 6, 7, 8, 9, 10, and 11.

2. In an unstable network environment, the Trend Micro Web Reputation server may pass a website without filtering.

7.6. Firewall

1. When uninstalling the firewall driver, the Client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).

2. The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.

3. On VMware clients, the Security Agent firewall may block all incoming packets. To address this issue, add the following value to the client's registry:

   Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
   Name: EnableBypassRule
   Type: REG_DWORD
   Value =1
   1 means enable, 0 means disable

7.7. Messaging Security Agent

1. The Messaging Security Agent only supports typical installations of Exchange Server 2007, 2010, and 2013 that include the Hub Transport, the Mailbox, and the Client Access server roles.

2. Device Access Control for mobile devices is only supported for Exchange 2010 and 2013.

3. As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.

4. The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as the database availability group (DAG).

5. During Messaging Security Agent installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the Messaging Security Agent if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.

6. When installing Messaging Security Agent remotely, using the Web console or the Worry-Free Business Security Advanced installer on a computer running Windows Server 2008, SBS 2008, EBS 2008, SBS 2011 Standard, 2008 R2, 2012, or 2012 R2 you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.

7. Messaging Security Agent cannot be installed on the domain controller server when the operating system is Windows Server 2012 and above. This is a limitation of SQL Server 2008 R2 on Windows Server 2012 and above.

8. Mobile Security Policies are kept on the Exchange Server after the Messaging Security Agent is uninstalled.

9. Messaging Security Agent server console does not support Windows 10 Microsoft Edge browser. Use Internet Explorer 11 or later if you encounter any problems when accessing the console using the Edge browser or previous versions of Internet Explorer.

7.8. Mac Security

1. For a list of all Trend Micro Security (for Mac) known issues, refer to the readme:
   http://docs.trendmicro.com/all/ent/tmsm/v2.1/en-us/tmsm_2.1_readme.htm

Back to top

8. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our website.

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

Back to top

9. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, TrendProtect, TrendSecure, Worry-Free, OfficeScan, ServerProtect, PC-cillin, InterScan, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top

10. License Agreement

Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

License Attributions can be viewed from the Worry-Free Business Security web console.

Back to top