Known issues in Worry-Free Business Security (WFBS) Standard / Advanced 6.0

Solution ID:	EN-1053800
Product:	Worry-Free Business Security Advanced - 6.0; Worry-Free Business Security Standard - 6.0
Operating System:	Windows - 2000 Standard SP3, 2000 Standard SP4, 2003 SBS SP1, 2003 SBS SP2, 2008 EBS, 2008 EBS SP1, 2008 SBS, 2008 SBS SP1, 7, Home Server, Server 2003 R2, Server 2003 with SP1, Small Business Server 2000, Vista - SP1, Vista SP2, XP Professional Edition (SP 2), XP Professional Edition (SP 3)
Published:	6/9/2009 5:34 AM

Solution:

Public

The following are known issues in WFBS Standard / Advanced 6.0:

• Client Deployment and Upgrade

    o Worry-Free Business Security is unable to install CSA to a Windows Vista computer using Remote Install if the Remote Registry service is not running or if the computer does not allow File and Printer Sharing through Windows Firewall.

    o When remotely installing an agent to a computer running Windows XP, disable Simple File Sharing on the target computer. Also, note that you cannot use Remote Install to deploy to a computer with Windows XP Home Edition.

    o To completely reinstall or upgrade CSA, you will need to restart the computer. A restart will also be necessary when updating some components, including the firewall and the proxy drivers.

    o After installing CSA on a computer with IIS 7.0, you must restart the IIS service. IIS 7.0 may not work as expected with CSA, which uses the Windows Filtering Platform, until it is restarted.

    o You cannot run the Autopcc.exe, the login script, and the Client Packager from a terminal session.

    o You cannot run Update Now on Windows 2000 computers from a terminal session.

    o When accessing a computer with CSA from a terminal session, another unnecessary instance of the PccNTMon process is created in memory on the remote computer.

    o Some CSA components, such as the Trend Micro Web Protection Add-On or the TrendProtect Desktop, can be installed without CSA. These components may conflict with the CSA installation and must be removed before CSA is installed.

    o To use Trend Micro Vulnerability Scanner (TMVS) to deploy the CSA, you need to run TMVS on a computer running Windows 2000 or Windows Server 2003. TMVS does not support terminal sessions.

    o Real-time scan on CSA can prevent Hyper-V Manager from creating virtual machines. If you encounter this issue, configure real-time scan to exclude the storage folder for your virtual machines from scanning. Hyper-V Manager uses "C:\ProgramData\Microsoft\Windows\Hyper-V" as the default storage folder, but a different folder may be specified during virtual machine creation.

    o Installing or uninstalling the CSA on Windows 7 Build 7048 or Build 7057 will cause the Network Interface Card to get an IP address through DHCP with a 169.254 prefix, no matter the IP address is configured (static or dynamic). The NIC must be disabled first before installation to prevent this issue.

• Security Server

    o The Security Server sends notifications for all triggered events whenever the Trend Micro Security Server Master Service is restarted.

    o The following default Security Server and Scan Server ports must not be used or blocked by other applications, such as Microsoft ISA Server and other firewalls:

        - HTTP: 8059
        - SSL: 4343 and 4345

    o Behavior Monitoring only blocks programs in the exact path specified in the list of blocked programs.

    o No plug-in programs are currently available for versions 5.1 and 6.0.

    o The Security Server installation automatically checks for Microsoft Data Access Components (MDAC) 2.6 or later. If MDAC 2.6 or later is not installed, it automatically installs MDAC 2.8.

        Note: MDAC installation requires a restart.

    o Update agents do not roll back to a previous pattern file, even if the Security Server rolled back to a previous version. If the agent updates its components from the Update Agent, the agent pattern file is used, not the Security Server pattern file.

    o If an Internet connection problem occurs during Security Server installation, the installer will keep trying to validate the Activation Code without indicating any problem.

    o Web installation and Remote installation will fail if another computer on the network has the same name as the Security Server.

• Web Console

    o Trend Micro recommends accessing the Web console from computers that do not have adware installed. If Hotbar or other adware is installed, ActiveX errors may occur when accessing certain console screens.

    o Trend Micro recommends setting Internet Explorer to apply Medium or lower security levels when accessing the Web console. Higher security settings may block necessary ActiveX controls.

        By default, Internet Explorer applies Medium-low security levels for intranet sites and Medium security levels for sites in its Trusted Sites list. To help ensure you can access the console properly, add it to the Trusted Sites list.

• Firewall

    o While installing CSA, the computer could temporarily lose network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop could be affected by the disconnection. If this occurs, restart the application after installing CSA.

    o The CSA firewall might conflict with other firewall applications. Trend Micro recommends uninstalling or disabling the other firewall applications.

    o On VMWare clients, the CSA firewall may block all incoming packets. To address this issue, add the following value to the client's registry:

        - Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW
        - Name: EnableBypassRule
        - Type: REG_DWORD
        - Data: 1

• Transaction Protector

    o After Transaction Protector scans a wireless access point, it shows the "unchecked" status if a timeout occurs while trying to connect to the access point.

    o Transaction Protector only supports:

        - Windows XP SP2 32-bit
        - Windows Vista and Vista SP1 (32-bit and 64-bit)

    o Transaction Protector does not support remote administration software, such as Remote Desktop.

• TrendProtect

    o TrendProtect cannot start automatically when installed for the first time on a computer with Internet Explorer 7.0 and Windows XP. To manually enable TrendProtect, go to View > Toolbars > TrendProtect in the Internet Explorer menu.

    o TrendProtect only supports:


        - Windows 2000 Professional
        - Windows XP SP2 32-bit
        - Windows Vista and Vista SP1 (32-bit and 64-bit)

• Behavior Monitoring

    o Behavior Monitoring only supports 32-bit operating systems; 64-bit operating systems are not supported.

    o Files without valid digital signatures that violate policies may be blocked by Behavior Monitoring. Files with valid signatures are always allowed to start.

• Trend Micro Anti-Spam Toolbar

    o The Trend Micro Anti-Spam Toolbar only supports:

        - Windows XP SP2 32-bit
        - Windows Vista and Vista SP1 (32-bit and 64-bit)

• Messaging Security Agent

    o The Messaging Security Agent (MSA) only supports typical installations of Exchange Server 2007 that include the Hub Transport, the Mailbox, and the Client Access server roles.

    o As an anti-spam solution on Exchange Server 2003, users can choose between EUQ or Junk Mail integration. If you use Junk Mail integration, install Exchange Server 2003 SP2, which includes the Intelligent Message Filter (IMF), before installing MSA.

    o During MSA installation, the installer may be unable to submit passwords that have special, non-alphanumeric characters to the Exchange Server computer. As a result, you may be unable to install the MSA if the domain administrator account you are using has a complex password. To work around this issue, temporarily change the password for the domain administrator account.

    o When installing MSA remotely using the Web console or the Worry-Free Business Security Advanced installer to a computer running Windows Server 2008, SBS 2008, or EBS 2008, you need to specify the built-in domain administrator account because of User Access Control restrictions. Note that for computers with other operating systems, you need an account that is in the Exchange Organization Administrators group.

    o During MSA installation, the setup program adds a Windows Firewall exception on the Exchange Server computer to allow the MSA to communicate with the Security Server through port 16372.

    o The MSA cannot be installed on a Windows EBS 2008 computer with the Exchange Server 2007 Edge Transport server role.

• Email Reputation Services

    o Email Reputation Services (ERS) is an online hosted service and its activation takes about eight hours.

• Remote Manager Agent

o Agents automatically transmit three days worth of certain WFBS data upon registration. If an agent is uninstalled and then reinstalled within a three-day period, the agent will likely pull data that will overlap with data that it pulled before it was uninstalled.

Rate this Solution
Did this article help you?	Comments:
Yes No

	This form uses an automated system and does not provide feedback.

Print This Solution