Search Related Articles All Products Worry-Free Business Security Standard/AdvancedOfficeScanHosted Email SecurityControl ManagerInterScan Messaging Security SuiteDeep Security Advanced Reporting and Management for InterScan Web SecurityClient / Server Suite for SMBClient Server Messaging Security for SMBControl ManagerCore Protection for Virtual MachinesCore Protection ModuleData Loss PreventionData Loss Prevention EndpointDeep SecurityEmail Reputation ServicesEmail Security Platform for Service Providers - White LabelEndpoint Security PlatformHosted Email SecurityHosted Email Security - Inbound FilteringInstant Messaging SecurityInterScan eManagerInterScan Gateway Security ApplianceInterScan Messaging Security Appliance 5000InterScan Messaging Security SuiteInterScan Messaging Security Virtual ApplianceInterScan VirusWallInterScan VirusWall for NTInterScan VirusWall for SMBInterScan Web Security Appliance 2500InterScan Web Security SuiteInterScan Web Security Virtual ApplianceInterScan WebProtectIntrusion Defense FirewallLeakProofLicensing Management PlatformMobile Armor DataArmor Full Disk EncryptionMobile Armor PolicyServerNetwork VirusWallOfficeScanPortalProtectScanMail for ExchangeScanMail for Lotus DominoSecureCloudServerProtect for EMC CelerraServerProtect for LinuxServerProtect for Microsoft Windows/Novell NetwareServerProtect for Network Appliance FilerThreat Discovery ApplianceThreat Intelligence ManagerTrend Micro Email Encryption GatewayTrend Micro Email Encryption HostedTrend Micro Encryption for EmailTrend Micro Endpoint EncryptionTrend Micro Mobile SecurityTrend Micro SafeSync for BusinessTrend Micro Security for MacintoshTrend Micro Smart Protection ServerTrend Micro Vulnerability Management ServicesWorry-Free Business Security HostedWorry-Free Business Security ServicesWorry-Free Business Security Services for DellWorry-Free Business Security Standard/AdvancedWorry-Free Remote Manager Business Knowledge Base All Support Advanced Search | View Search Tips Trend Micro and Microsoft Kernel Driver conflict issue[Hot Fix] B4207 - Trend Micro TDi Driver allows an attacker to execute an arbitrary code within the kernel in Worry-Free Business Security (WFBS) 6.0 SP3[Hot Fix] B1293 - Blue Screen of Death (BSOD) occurs due to an interoperability issue between the Trend Micro Firewall driver and the Intel driverI get the message “Serious driver installation error” when I install my Trend Micro productEncountering kernel panic caused by nonwildcard_match_inDir() in ServerProtect for Linux (SPLX) More Trend Micro and Microsoft Kernel Driver conflict issueSolution IDLast Updated1038433Date : 2011/05/11 Time: 11:25 PM (PST)Product/VersionPlatformClient Server Messaging Security for SMB - 3.6; OfficeScan - 10.0, 10.5, 8.0; Trend Micro Internet Security - 2008, 2009; Worry-Free Business Security - 5.0Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise Server, 2003 Standard Server Edition, Vista 32-bit, XP Home
Search Related Articles All Products Worry-Free Business Security Standard/AdvancedOfficeScanHosted Email SecurityControl ManagerInterScan Messaging Security SuiteDeep Security Advanced Reporting and Management for InterScan Web SecurityClient / Server Suite for SMBClient Server Messaging Security for SMBControl ManagerCore Protection for Virtual MachinesCore Protection ModuleData Loss PreventionData Loss Prevention EndpointDeep SecurityEmail Reputation ServicesEmail Security Platform for Service Providers - White LabelEndpoint Security PlatformHosted Email SecurityHosted Email Security - Inbound FilteringInstant Messaging SecurityInterScan eManagerInterScan Gateway Security ApplianceInterScan Messaging Security Appliance 5000InterScan Messaging Security SuiteInterScan Messaging Security Virtual ApplianceInterScan VirusWallInterScan VirusWall for NTInterScan VirusWall for SMBInterScan Web Security Appliance 2500InterScan Web Security SuiteInterScan Web Security Virtual ApplianceInterScan WebProtectIntrusion Defense FirewallLeakProofLicensing Management PlatformMobile Armor DataArmor Full Disk EncryptionMobile Armor PolicyServerNetwork VirusWallOfficeScanPortalProtectScanMail for ExchangeScanMail for Lotus DominoSecureCloudServerProtect for EMC CelerraServerProtect for LinuxServerProtect for Microsoft Windows/Novell NetwareServerProtect for Network Appliance FilerThreat Discovery ApplianceThreat Intelligence ManagerTrend Micro Email Encryption GatewayTrend Micro Email Encryption HostedTrend Micro Encryption for EmailTrend Micro Endpoint EncryptionTrend Micro Mobile SecurityTrend Micro SafeSync for BusinessTrend Micro Security for MacintoshTrend Micro Smart Protection ServerTrend Micro Vulnerability Management ServicesWorry-Free Business Security HostedWorry-Free Business Security ServicesWorry-Free Business Security Services for DellWorry-Free Business Security Standard/AdvancedWorry-Free Remote Manager Business Knowledge Base All Support Advanced Search | View Search Tips Trend Micro and Microsoft Kernel Driver conflict issue[Hot Fix] B4207 - Trend Micro TDi Driver allows an attacker to execute an arbitrary code within the kernel in Worry-Free Business Security (WFBS) 6.0 SP3[Hot Fix] B1293 - Blue Screen of Death (BSOD) occurs due to an interoperability issue between the Trend Micro Firewall driver and the Intel driverI get the message “Serious driver installation error” when I install my Trend Micro productEncountering kernel panic caused by nonwildcard_match_inDir() in ServerProtect for Linux (SPLX) More Trend Micro and Microsoft Kernel Driver conflict issueSolution IDLast Updated1038433Date : 2011/05/11 Time: 11:25 PM (PST)Product/VersionPlatformClient Server Messaging Security for SMB - 3.6; OfficeScan - 10.0, 10.5, 8.0; Trend Micro Internet Security - 2008, 2009; Worry-Free Business Security - 5.0Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise Server, 2003 Standard Server Edition, Vista 32-bit, XP Home
Problem DescriptionCrash issue occuring after applying recent Microsoft security update on some versions of Trend Micro endpoint products. This document list down the affected Trend Micro products as well as what are the recommendations to address this issue. Solution I. Description: Trend Micro has become aware of an issue that affects some versions of Trend Micro desktop and server-based products whereby a system crash may occur if a customer initiates a manual or scheduled scan after applying a recent Microsoft security update without rebooting and updating the pattern file. II. Products Affected: This issue affects the following Trend Micro products and versions: • Trend Micro OfficeScan (OSCE) versions 8.0 and above • Trend Micro Worry-Free Business Security (WFBS) version 5.0 • Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 • Trend Micro Internet Security versions 15.x (2007), 16.x (2008) and 17.x (2009) III. Background: Microsoft released security update MS08-064 on October 14, 2008, to address a reported vulnerability in Virtual Address Descriptor. This security update addresses the vulnerability by modifying the way that Virtual Address Descriptor in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 handles memory allocation variables. Several key kernel drivers in Windows are modified, such as ntosknl.exe, and a reboot is required after the update. A critical error (BSOD) was found to occur in certain rare cases when a system with one of the affected products above was updated with MS08-064, was not rebooted as required by Microsoft, performed a pattern update, and then initiated a manual or scheduled scan. Upon analysis it was found the tmcomm.sys driver in the affected products had an internal address value that was incorrectly computed. This occurs when the ntosknl.exe version differs in memory compared to the driver, due to the Microsoft security update being applied without the required reboot. When the product scan is initiated in these circumstances, a critical error may result. An example is that tmcomm service failed to start. This error does not occur on systems that have rebooted after applying the Microsoft security update since the correct internal address would be available and used by the affected Trend Micro products. IV. Impact: Customers who apply MS08-064 without subsequently rebooting as required by Microsoft, perform a pattern update, and then initiate a manual or scheduled scan may encounter a critical error (BSOD). V. Recommended Solution: A reboot of the affected system after applying the security update will resolve the issue, as per Microsoft’s restart requirement on security update MS08-064. It is recommended that customers, especially in large environments, that are planning to deploy MS08-064 during a scheduled maintenance window also allow for reboot time so that any potential issues can be avoided. VI. Alternate Solution: A hotfix tmcomm.sys patch (2.2.0.1032) has been created for customers that may have issues rebooting affected products. More information, as well as the patch itself, can be obtained from Trend Micro technical support. Please note, that the preferred solution is the recommend solution provided above, since other stability and kernel memory scenarios not directly related to this issue could also be present when not following Microsoft’s instructions to reboot. VII. Reference: Click here for more information about Microsoft Security Bulletin MS08-064. VIII. Other Information: Users who believe they may have been affected by this issue can contact their authorized Trend Micro technical support services provider in their region for further assistance.
Problem DescriptionCrash issue occuring after applying recent Microsoft security update on some versions of Trend Micro endpoint products. This document list down the affected Trend Micro products as well as what are the recommendations to address this issue. Solution I. Description: Trend Micro has become aware of an issue that affects some versions of Trend Micro desktop and server-based products whereby a system crash may occur if a customer initiates a manual or scheduled scan after applying a recent Microsoft security update without rebooting and updating the pattern file. II. Products Affected: This issue affects the following Trend Micro products and versions: • Trend Micro OfficeScan (OSCE) versions 8.0 and above • Trend Micro Worry-Free Business Security (WFBS) version 5.0 • Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 • Trend Micro Internet Security versions 15.x (2007), 16.x (2008) and 17.x (2009) III. Background: Microsoft released security update MS08-064 on October 14, 2008, to address a reported vulnerability in Virtual Address Descriptor. This security update addresses the vulnerability by modifying the way that Virtual Address Descriptor in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 handles memory allocation variables. Several key kernel drivers in Windows are modified, such as ntosknl.exe, and a reboot is required after the update. A critical error (BSOD) was found to occur in certain rare cases when a system with one of the affected products above was updated with MS08-064, was not rebooted as required by Microsoft, performed a pattern update, and then initiated a manual or scheduled scan. Upon analysis it was found the tmcomm.sys driver in the affected products had an internal address value that was incorrectly computed. This occurs when the ntosknl.exe version differs in memory compared to the driver, due to the Microsoft security update being applied without the required reboot. When the product scan is initiated in these circumstances, a critical error may result. An example is that tmcomm service failed to start. This error does not occur on systems that have rebooted after applying the Microsoft security update since the correct internal address would be available and used by the affected Trend Micro products. IV. Impact: Customers who apply MS08-064 without subsequently rebooting as required by Microsoft, perform a pattern update, and then initiate a manual or scheduled scan may encounter a critical error (BSOD). V. Recommended Solution: A reboot of the affected system after applying the security update will resolve the issue, as per Microsoft’s restart requirement on security update MS08-064. It is recommended that customers, especially in large environments, that are planning to deploy MS08-064 during a scheduled maintenance window also allow for reboot time so that any potential issues can be avoided. VI. Alternate Solution: A hotfix tmcomm.sys patch (2.2.0.1032) has been created for customers that may have issues rebooting affected products. More information, as well as the patch itself, can be obtained from Trend Micro technical support. Please note, that the preferred solution is the recommend solution provided above, since other stability and kernel memory scenarios not directly related to this issue could also be present when not following Microsoft’s instructions to reboot. VII. Reference: Click here for more information about Microsoft Security Bulletin MS08-064. VIII. Other Information: Users who believe they may have been affected by this issue can contact their authorized Trend Micro technical support services provider in their region for further assistance.
Connect with us on
| | | |