Trend Micro Incorporated

March 2016

Trend Micro? Worry-Free? Business Security

Version 9.0 Service Pack 3

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/smb/worry-free-business-security.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey.aspx.

Contents

1. About Worry-Free Business Security

2. What's New

   • What's New in this Release (Worry-Free Business Security 9.0 Service Pack 3)
   • Resolved Known Issues
   • What's New in Worry-Free Business Security 9.0 Service Pack 2
   • What's New in Worry-Free Business Security 9.0 Service Pack 1
   • What's New in Worry-Free Business Security 9.0
3. Documentation Set
4. System Requirements

5. Installation

6. Post-installation Configuration
7. Known Issues
8. Contact Information
9. About Trend Micro
10. License Agreement

1. About Worry-Free Business Security

Trend Micro Worry-Free Business Security (WFBS) protects small business users and assets from data theft, identity theft, risky websites, and spam (Advanced Only).

Back to top

2. What's New

Worry-Free Business Security includes the following new features and enhancements:

What's New in Worry-Free Business Security 9.0 Service Pack 3

Microsoft? Windows? 10 November Update Support

Worry-Free Business Security now supports Security Agent installation on Windows 10 machines installed with the November update.

Program Inspection

Worry-Free Business Security provides increased ransomware protection by monitoring and hooking processes on endpoints to detect compromised executable files and improve the overall detection ratio.

Document Protection Enhancements

Worry-Free Business Security improves document protection against unauthorized encryption or modification to prevent possible ransomware attacks.

Increased Behavior Monitoring Protection

Worry-Free Business Security now enables the following behavior monitoring features by default:

• User notifications before executing newly encountered programs
• Document protection against unauthorized encryption or modification
• Automatic backups of files modified by suspicious programs
• Monitoring and hooking of processes
• Blocking of processes associated with ransomware

Ransomware Live Status Information

Worry-Free Business Security now displays a Ransomware tab under the Threat Status section of the Live Status page. The new tab provides information on the total number of blocked encryption attempts, affected devices, and ransomware detections.

SHA-2 Support

Worry-Free Business Security now supports certificates signed with SHA-2.

Back to top

Resolved Known Issues

Worry-Free Business Security 9.0 Service Pack 3 resolves the following product issues:

Issue 1: The Trend Micro Messaging Security Agent disappears from the client tree on the Worry-Free Business Security Server management console when users reinstall the Messaging Security Agent after upgrading to Worry-Free Business Security 9.0 Service Pack 2.

Solution 1: [Hotfix: 3150] This release ensures that the Messaging Security Agent can successfully register to the Worry-Free Business Security 9.0 Service Pack 2 Security Server.

Issue 2: Protected computers may be vulnerable to ransomware from recent widespread attacks. 

Solution 2: [Hotfix: 3205] This release monitors new programs downloaded through HTTP or email applications on Security Agents to increase protection against possible ransomware attacks.

Issue 3: Users may not be able to access any website after enabling the Web Reputation feature of the Worry-Free Business Security 9.0 Service Pack 2 agent.

Solution 3: [Hotfix: 3288] This release ensures that the Web Reputation feature works normally.

Issue 4: After users upgrade to Worry-Free Business Security 9.0 Service Pack 2, the "Edit settings" quick link cannot be displayed normally on the Worry-Free Business Security Server management console.

Solution 4: [Hotfix: 3290] This release ensures that the Worry-Free Business Security Server management console displays the "Edit settings" quick link correctly.

Issue 5: Users cannot redeploy the Worry-Free Security Agents using Group Policy Object (GPO) after uninstalling the Security Agents from the control panel. This happens because the Security Agent installation program detects the Worry-Free Security Agent product key that was generated by GPO and takes it to mean that the product is already installed which then triggers it to terminate the installation.

Solution 5: [Hotfix: 3304] This release ensures that users can successfully redeploy the Security Agents from GPO.

Issue 6: Users might experience a localStorage unsuccessfully browser error message while accessing the Security Agent for Security Setting page.

Solution 6: [Hotfix: 3323] This release ensures that when users browse through the client tree and the custom user interface layout setting fails, the browser displays the default user interface layout to the user.

Issue 7: The AEGIS module may trigger some processes to close unexpectedly.

Solution 7: [Hotfix: 3326] This release updates the Behavior Monitoring Service module to ensure that the AEGIS module no longer triggers processes to close unexpectedly.

Issue 8: The Microsoft Internet Explorer? add-on of Worry-Free Business Security stops unexpectedly when users browse certain websites after enabling its Browser Exploit Prevention feature.

Solution 8: [Hotfix: 3330] This release ensures that the Internet Explorer add-on works normally when the "Browser Exploit Prevention" feature is enabled.

Issue 9: ActiveSync does not work when the HTTP Authorization header field does not contain any user information.

Solution 9: [Hotfix: MSA 11.1.1306] This release enables Worry-Free Business Security to automatically gather user information if the HTTP Authorization header field does not contain any user information. This helps ensure that ActiveSync works normally.

This release also addresses some Messaging Security Agent user interface issues. After this release is applied, Worry-Free Business Security opens the Messaging Security Agent (MSA) web console on a new Internet Explorer tab.

Issue 10: The Worry-Free Business Security 9.0 Service Pack 3 Agent program may be vulnerable to "Path Traversal" and "HTTP-Header-Injection" attacks.

Solution 10: [Critical Patch: 4060] This release improves the checking mechanism of the Worry-Free Business Security 9.0 Service Pack 3 Security Agent program to protect it against "Path Traversal" and "HTTP-Header-Injection" attacks.

Back to top

What's New in Worry-Free Business Security 9.0 Service Pack 2

Windows 10 Support

Worry-Free Business Security now supports Security Agent installation on Windows 10.

Ransomware Protection for Documents

Enhanced scan features can identify and block ransomware programs that target documents that run on endpoints by identifying common behaviors and blocking processes commonly associated with ransomware programs.

Back to top

What's New in Worry-Free Business Security 9.0 Service Pack 1

Detection Improvements

• Outbreak prevention protection against compressed executable files (packers)
• Improved Damage Cleanup Engine performance

Enhancements

Web reputation logs now include information about running processes

Usability Improvements

• Security Server version appears on the log on screen
• Updated information on the web console to better reflect how Worry-Free Business Security works

Back to top

What's New in Worry-Free Business Security 9.0

Microsoft Exchange Support

Worry-Free Business Security now supports Microsoft Exchange? Server 2010 Service Pack 3 and Microsoft Exchange Server 2013

Windows Support

Worry-Free Business Security now supports Microsoft Windows 8.1 and Windows Server 2012 R2

Mobile Device Security

Worry-Free Business Security Advanced now supports mobile device data protection and access control. Mobile device security has the following features:

• Device Access Control

  • Allows access to the Exchange server based on user, operating system, and/or email client
  • Specifies the access granted to specific mailbox components

• Device Management

  • Performs a device wipe on lost or stolen devices
  • Applies security settings to specific users including:
  • Password strength requirements
  • Automatic device lock after being inactive
  • Encryption
  • Unsuccessful sign-in data purge

Activation Code Enhancement

Post-paid Activation Code support

Detection Improvements

• Enhanced Memory Scan for real-time scan
• Known and potential threat mode for Behavior Monitoring
• Browser Exploit Prevention
• Newly encountered program download detection

Usability Improvements

• Global and group Approved/Blocked lists for Web Reputation and URL Filtering
• IP exception list for Web Reputation and URL Filtering in the Global Settings
• Removal of ActiveX from Client Tree and Remote installation page
• Customized Outbreak Defense
• Microsoft Outlook? 2013 and Windows Live? Mail 2012 support for Trend Micro Anti-Spam Toolbar
• Update Agent to update from Trend Micro ActiveUpdate only
• Stop Server updates
• Keep patterns when upgrading the Server and Agent
• Help Link and Infection Source virus logs

Back to top

3. Documentation Set

The Worry-Free Business Security Standard solution consists of an on-premise server (Security Server) and desktop protection software (Security Agent).

The Worry-Free Business Security Advanced solution consists of two components hosted/offsite email protection service (Trend Micro Hosted Email Security) and on-premise server (Security Server), desktop(Security Agent), and email protection (Messaging Security Agent) software.

The documents for Trend Micro Hosted Email Security are available at http://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx.

The document set for the Worry-Free Business Security Server includes:

• Installation and Upgrade Guide: A PDF document that discusses requirements and procedures for installing the Security server, and upgrading the server and agents
• Administrator's Guide: A PDF document that discusses getting started information, agent installation procedures, and Security server and agent management
• Help: HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information
• Readme file: Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation.
• Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com

Back to top

4. System Requirements

See the System Requirements Guide for Worry-Free Business Security 9.0 for a complete list of installation and upgrade requirements:

http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_sysreq.pdf

You can refer to the system requirements for Windows 8 or 8.1 when installing Security Agents on Windows 10 endpoints.

Important: Worry-Free Business Security 9.0 Service Pack 3 does not support running the Security Server on Windows 10 endpoints.

Back to top

5. Installation

Important:

For Full Installation Package:

This installation package only supports fresh installation. The installation program performs a complete, sequential, fresh installation of the following releases:

Worry-Free Business Security 9.0 Service Pack 1

Worry-Free Business Security 9.0 Service Pack 3

For Standalone Package:

Be sure to install or upgrade to Worry-Free Business Security 9.0 Service Pack 2 before installing this service pack.

Download the installation packages for version 9.0 and this service pack at:

Worry-Free Business Security - Advanced 9.0:
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4482&lang_loc=1

Worry-Free Business Security - Standard 9.0 :
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4483&lang_loc=1

5.1. Installing/Upgrading to Worry-Free Business Security 9.0

See the Installation and Upgrade Guide for Worry-Free Business Security 9.0 for installation and upgrade instructions.

http://docs.trendmicro.com/all/smb/wfbs-s/v9.0/en-us/wfbs_9.0_iug.pdf

5.2. Installing this Service Pack

1. Copy the installation package to the Worry-Free Business Security server.
2. Launch the installation package.
3. Accept the license agreement and then click Next.
4. If a prompt message displays, read the pre-installation information carefully and follow instructions, if any.
5. Click Next to start the installation process.
6. Click OK to complete the installation process.

5.3. Inserting Contact Information (for Resellers and Partners)

Resellers and partners can add their contact information to the Security Server web console by performing the following steps:

1. On the computer where the Security Server is installed, navigate to {Security Server installation folder}\PCCSRV\Private. {Security Server installation folder} is typically C:\Program Files\Trend Micro\Security Server.
2. Open contact_info.ini using a text editor such as Notepad and then type the relevant contact information. Save the changes. Log on to the Security Server web console and navigate to Preferences > Product License. A Reseller Information section is added to the Product License screen.

Back to top

6. Post-installation Configuration

See the post-installation tasks in the Installation and Upgrade Guide if you:

• Installed the Security Server
• Upgraded the Security Server and agents
• If you installed agents, see the agent post-installation tasks in the Administrator's Guide.

Back to top

7. Known Issues

Some product features do not support certain operating systems and associated applications. For details, visit http://docs.trendmicro.com/en-us/smb/worry-free-business-security/agent_features/.

The following are the known issues in this release:

• Security Agent Deployment, Upgrade, and Usage
• Security Server
• Web Console
• Behavior Monitoring/Device Control
• Web Reputation/URL Filtering
• Firewall
• Messaging Security Agent
• Mac Security

7.1. Security Agent Deployment, Upgrade, and Usage

Note: For details about installation limitations on certain operating systems, see the Help topic:
http://docs.trendmicro.com/en-us/smb/worry-free-business-security/install_meth/

1. To completely reinstall or upgrade the Security Agent, you will need to restart the computer. A restart will also be necessary when updating some components, including the firewall and the proxy drivers.

Worry-Free Business Security supports Remote Desktop, Remote Web Workplace, and Citrix server terminal applications.

2. In a Terminal Services environment, administrators can decide whether to show or hide the Security Agent icon in the Windows task bar. This setting applies to all or none of the active user sessions. It is not possible to apply the setting to individual user sessions.

   If the icon shows on all active user sessions, memory usage may increase. To prevent this issue from occurring:

   a. On the Security Agent host, open the registry.

   b. Create/modify the following REG name/value pair:

   Key:

   For 32-bit: HKLM\SOFTWARE\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

   For 64-bit: HKLM\SOFTWARE\Wow6432Node\TrendMicro\PCcillinNTCorp\CurrentVersion\Misc.

   Name: RCS

   Type: DWORD

   Value: 202 (in decimal format)

   There will be no PccNTMon instances created when its value is set to 202.

3. The manual scan process bar is not fully synchronized with the Files scanned count based scan mechanism.

7.2. Security Server

1. The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:

   HTTP: 8059 and 8082
   SSL: 4343 and 4345

2. If an Internet connection problem occurs during the Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem or the installer might freeze. A stable Internet connection is required during installation.
3. During Security Server install/upgrade, Setup.exe or TrustedInstaller.exe may use up to 50% of CPU resources.

7.3. Web Console

Trend Micro recommends setting Internet Explorer to Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.

By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.

7.4. Behavior Monitoring/Device Control

Behavior Monitoring and Device Control fully support 32-bit operating systems. On 64-bit operating systems, only Microsoft Vista? x64 Service Pack 1 and later are supported.

7.5. Web Reputation/URL Filtering

1. Browser Exploit Prevention supports Internet Explorer versions 6, 7, 8, 9, 10, and 11.

2. In an unstable network environment, the Trend Micro Web Reputation server may allow a website to pass without filtering.

7.6. Firewall

1. When uninstalling the firewall driver, the Client could temporarily lose the network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop, could be affected by the disconnection. If this occurs, restart the application after disabling the firewall (which also completes the uninstallation process).

2. The Security Agent firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.

3. On VMware clients, the Security Agent firewall may block all incoming packets. To address this issue, add the following key to the client's registry:

   Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
   Name: EnableBypassRule
   Type: REG_DWORD
   Value =1
   1 means enable, 0 means disable

7.7. Messaging Security Agent

1. The Messaging Security Agent only supports typical installations of Exchange Server 2007, 2010, and 2013 that include the Hub Transport, the Mailbox, and the Client Access server roles.

2. Device Access Control for mobile devices is only supported for Exchange 2010 and 2013.

3. As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2 or above. This requires that the Intelligent Message Filter (IMF) be preinstalled.

4. The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as the database availability group (DAG). To work around this issue, enable the Mailbox, Client Access, and Hub Transport server roles in all MS Exchange servers.

5. During Messaging Security Agent installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the Messaging Security Agent if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.

6. When installing Messaging Security Agent remotely, using the Web console or the Worry-Free Business Security Advanced installer on a computer running Windows Server 2008, SBS 2008, EBS 2008, SBS 2011 Standard, 2008 R2, 2012, or 2012 R2 you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.

7. Messaging Security Agent cannot be installed on the domain controller server when the operating system is Windows Server 2012 and above. This is a limitation of SQL Server 2008 R2 on Windows Server 2012 and above.

8. Mobile Security Policies are kept on the Exchange Server after the Messaging Security Agent is uninstalled.

9. MSA server console does not support Windows 10 Microsoft Edge browser. Use Internet Explorer 7 or later if you encounter any problems when accessing the console using the Edge browser.

7.8. Mac? Security

For a list of all Trend Micro Security (for Mac) known issues, refer to the readme:
http://docs.trendmicro.com/all/ent/tmsm/v2.1/en-us/tmsm_2.1_readme.htm

Back to top

8. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

http://www.trendmicro.com/us/about-us/contact/index.html

Note: This information is subject to change without notice.

Back to top

9. About Trend Micro

Smart, simple, security that fits

As a global leader in IT security, Trend Micro develops innovative  security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2016, Trend Micro Incorporated. All rights reserved.

Trend Micro, Worry-Free, and the Trend Micro t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.

Back to top

10. License Agreement

View information about your license agreement with Trend Micro at:

http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/

Third-party licensing agreements can be viewed:

- By selecting the "About" option in the application user interface

- By referring to the "Legal" page of the Administrator's Guide 

Back to top