Search Related Articles All Products Worry-Free Business Security Standard/AdvancedOfficeScanHosted Email SecurityControl ManagerInterScan Messaging Security SuiteDeep Security Advanced Reporting and Management for InterScan Web SecurityClient / Server Suite for SMBClient Server Messaging Security for SMBControl ManagerCore Protection for Virtual MachinesCore Protection ModuleData Loss PreventionData Loss Prevention EndpointDeep DiscoveryDeep Discovery InspectorDeep SecurityDeep Security as a ServiceEmail Reputation ServicesEmail Security Platform for Service Providers - White LabelEndpoint Security PlatformHosted Email SecurityHosted Email Security - Inbound FilteringInstant Messaging SecurityInterScan eManagerInterScan Gateway Security ApplianceInterScan Messaging Security Appliance 5000InterScan Messaging Security SuiteInterScan Messaging Security Virtual ApplianceInterScan VirusWallInterScan VirusWall for NTInterScan VirusWall for SMBInterScan Web Security Appliance 2500InterScan Web Security SuiteInterScan Web Security Virtual ApplianceInterScan WebProtectIntrusion Defense FirewallLeakProofLicensing Management PlatformMobile Armor DataArmor Full Disk EncryptionMobile Armor FileArmorMobile Armor KeyArmorMobile Armor PolicyServerNetwork VirusWallOfficeScanPortalProtectSafeSync for EnterpriseScanMail for ExchangeScanMail for Lotus DominoSecureCloudServerProtect for EMC CelerraServerProtect for LinuxServerProtect for Microsoft Windows/Novell NetwareServerProtect for Network Appliance FilerThreat Discovery ApplianceThreat Intelligence ManagerTrend Micro Email Encryption GatewayTrend Micro Email Encryption HostedTrend Micro Encryption for EmailTrend Micro Endpoint EncryptionTrend Micro Hosted Mobile SecurityTrend Micro Mobile SecurityTrend Micro Portable SecurityTrend Micro SafeSync for BusinessTrend Micro Security for MacintoshTrend Micro Smart Protection ServerTrend Micro Vulnerability Management ServicesWorry-Free Business Security ServicesWorry-Free Business Security Services for DellWorry-Free Business Security Standard/AdvancedWorry-Free Remote Manager Business Knowledge Base All Support Advanced Search | View Search Tips Upgrading Client Server Security (CS)/Client Server Messaging Security for SMB (CSM) 3.6 to Worry-Free Business Security (WFBS) 6.0 Service Pack (SP) 2Upgrading Client Server Messaging Security for SMB (CSM) 3.5 and 3.6 to Worry-Free Business Security (WFBS) Advanced 5.1End of Support (EOS) for Client Server Security for SMB (CS) and Client Server Messaging Security for SMB (CSM)[Hot Fix] B1170 - Unable to configure the scan action for the generic virus type in Client Server Messaging Security for SMB (CSM) 3.6Using the Move tool to migrate Client Server Messaging Security for SMB (CSM) 3.0 clients to a new server Solution ID Last Updated 1038433 Date : 2011/05/13 Time:8:46 AM , (PST) Product/Version Platform Client Server Messaging Security for SMB - 3.6;OfficeScan - 10.0, OfficeScan - 10.5, OfficeScan - 8.0;Trend Micro Internet Security - 2008, Trend Micro Internet Security - 2009;Worry-Free Business Security - 5.0; Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise Server, 2003 Standard Server Edition, Vista 32-bit, XP Home
Search Related Articles All Products Worry-Free Business Security Standard/AdvancedOfficeScanHosted Email SecurityControl ManagerInterScan Messaging Security SuiteDeep Security Advanced Reporting and Management for InterScan Web SecurityClient / Server Suite for SMBClient Server Messaging Security for SMBControl ManagerCore Protection for Virtual MachinesCore Protection ModuleData Loss PreventionData Loss Prevention EndpointDeep DiscoveryDeep Discovery InspectorDeep SecurityDeep Security as a ServiceEmail Reputation ServicesEmail Security Platform for Service Providers - White LabelEndpoint Security PlatformHosted Email SecurityHosted Email Security - Inbound FilteringInstant Messaging SecurityInterScan eManagerInterScan Gateway Security ApplianceInterScan Messaging Security Appliance 5000InterScan Messaging Security SuiteInterScan Messaging Security Virtual ApplianceInterScan VirusWallInterScan VirusWall for NTInterScan VirusWall for SMBInterScan Web Security Appliance 2500InterScan Web Security SuiteInterScan Web Security Virtual ApplianceInterScan WebProtectIntrusion Defense FirewallLeakProofLicensing Management PlatformMobile Armor DataArmor Full Disk EncryptionMobile Armor FileArmorMobile Armor KeyArmorMobile Armor PolicyServerNetwork VirusWallOfficeScanPortalProtectSafeSync for EnterpriseScanMail for ExchangeScanMail for Lotus DominoSecureCloudServerProtect for EMC CelerraServerProtect for LinuxServerProtect for Microsoft Windows/Novell NetwareServerProtect for Network Appliance FilerThreat Discovery ApplianceThreat Intelligence ManagerTrend Micro Email Encryption GatewayTrend Micro Email Encryption HostedTrend Micro Encryption for EmailTrend Micro Endpoint EncryptionTrend Micro Hosted Mobile SecurityTrend Micro Mobile SecurityTrend Micro Portable SecurityTrend Micro SafeSync for BusinessTrend Micro Security for MacintoshTrend Micro Smart Protection ServerTrend Micro Vulnerability Management ServicesWorry-Free Business Security ServicesWorry-Free Business Security Services for DellWorry-Free Business Security Standard/AdvancedWorry-Free Remote Manager Business Knowledge Base All Support Advanced Search | View Search Tips Upgrading Client Server Security (CS)/Client Server Messaging Security for SMB (CSM) 3.6 to Worry-Free Business Security (WFBS) 6.0 Service Pack (SP) 2Upgrading Client Server Messaging Security for SMB (CSM) 3.5 and 3.6 to Worry-Free Business Security (WFBS) Advanced 5.1End of Support (EOS) for Client Server Security for SMB (CS) and Client Server Messaging Security for SMB (CSM)[Hot Fix] B1170 - Unable to configure the scan action for the generic virus type in Client Server Messaging Security for SMB (CSM) 3.6Using the Move tool to migrate Client Server Messaging Security for SMB (CSM) 3.0 clients to a new server Solution ID Last Updated 1038433 Date : 2011/05/13 Time:8:46 AM , (PST) Product/Version Platform Client Server Messaging Security for SMB - 3.6;OfficeScan - 10.0, OfficeScan - 10.5, OfficeScan - 8.0;Trend Micro Internet Security - 2008, Trend Micro Internet Security - 2009;Worry-Free Business Security - 5.0; Windows - 2000 Advanced Server, 2000 Server, 2003 Enterprise Server, 2003 Standard Server Edition, Vista 32-bit, XP Home
Problem Description Crash issue occuring after applying recent Microsoft security update on some versions of Trend Micro endpoint products. This document list down the affected Trend Micro products as well as what are the recommendations to address this issue. Solution I. Description: Trend Micro has become aware of an issue that affects some versions of Trend Micro desktop and server-based products whereby a system crash may occur if a customer initiates a manual or scheduled scan after applying a recent Microsoft security update without rebooting and updating the pattern file. II. Products Affected: This issue affects the following Trend Micro products and versions: • Trend Micro OfficeScan (OSCE) versions 8.0 and above • Trend Micro Worry-Free Business Security (WFBS) version 5.0 • Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 • Trend Micro Internet Security versions 15.x (2007), 16.x (2008) and 17.x (2009) III. Background: Microsoft released security update MS08-064 on October 14, 2008, to address a reported vulnerability in Virtual Address Descriptor. This security update addresses the vulnerability by modifying the way that Virtual Address Descriptor in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 handles memory allocation variables. Several key kernel drivers in Windows are modified, such as ntosknl.exe, and a reboot is required after the update. A critical error (BSOD) was found to occur in certain rare cases when a system with one of the affected products above was updated with MS08-064, was not rebooted as required by Microsoft, performed a pattern update, and then initiated a manual or scheduled scan. Upon analysis it was found the tmcomm.sys driver in the affected products had an internal address value that was incorrectly computed. This occurs when the ntosknl.exe version differs in memory compared to the driver, due to the Microsoft security update being applied without the required reboot. When the product scan is initiated in these circumstances, a critical error may result. An example is that tmcomm service failed to start. This error does not occur on systems that have rebooted after applying the Microsoft security update since the correct internal address would be available and used by the affected Trend Micro products. IV. Impact: Customers who apply MS08-064 without subsequently rebooting as required by Microsoft, perform a pattern update, and then initiate a manual or scheduled scan may encounter a critical error (BSOD). V. Recommended Solution: A reboot of the affected system after applying the security update will resolve the issue, as per Microsoft’s restart requirement on security update MS08-064. It is recommended that customers, especially in large environments, that are planning to deploy MS08-064 during a scheduled maintenance window also allow for reboot time so that any potential issues can be avoided. VI. Alternate Solution: A hotfix tmcomm.sys patch (2.2.0.1032) has been created for customers that may have issues rebooting affected products. More information, as well as the patch itself, can be obtained from Trend Micro technical support. Please note, that the preferred solution is the recommend solution provided above, since other stability and kernel memory scenarios not directly related to this issue could also be present when not following Microsoft’s instructions to reboot. VII. Reference: Click here for more information about Microsoft Security Bulletin MS08-064. VIII. Other Information: Users who believe they may have been affected by this issue can contact their authorized Trend Micro technical support services provider in their region for further assistance.
Problem Description Crash issue occuring after applying recent Microsoft security update on some versions of Trend Micro endpoint products. This document list down the affected Trend Micro products as well as what are the recommendations to address this issue. Solution I. Description: Trend Micro has become aware of an issue that affects some versions of Trend Micro desktop and server-based products whereby a system crash may occur if a customer initiates a manual or scheduled scan after applying a recent Microsoft security update without rebooting and updating the pattern file. II. Products Affected: This issue affects the following Trend Micro products and versions: • Trend Micro OfficeScan (OSCE) versions 8.0 and above • Trend Micro Worry-Free Business Security (WFBS) version 5.0 • Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6 • Trend Micro Internet Security versions 15.x (2007), 16.x (2008) and 17.x (2009) III. Background: Microsoft released security update MS08-064 on October 14, 2008, to address a reported vulnerability in Virtual Address Descriptor. This security update addresses the vulnerability by modifying the way that Virtual Address Descriptor in Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 handles memory allocation variables. Several key kernel drivers in Windows are modified, such as ntosknl.exe, and a reboot is required after the update. A critical error (BSOD) was found to occur in certain rare cases when a system with one of the affected products above was updated with MS08-064, was not rebooted as required by Microsoft, performed a pattern update, and then initiated a manual or scheduled scan. Upon analysis it was found the tmcomm.sys driver in the affected products had an internal address value that was incorrectly computed. This occurs when the ntosknl.exe version differs in memory compared to the driver, due to the Microsoft security update being applied without the required reboot. When the product scan is initiated in these circumstances, a critical error may result. An example is that tmcomm service failed to start. This error does not occur on systems that have rebooted after applying the Microsoft security update since the correct internal address would be available and used by the affected Trend Micro products. IV. Impact: Customers who apply MS08-064 without subsequently rebooting as required by Microsoft, perform a pattern update, and then initiate a manual or scheduled scan may encounter a critical error (BSOD). V. Recommended Solution: A reboot of the affected system after applying the security update will resolve the issue, as per Microsoft’s restart requirement on security update MS08-064. It is recommended that customers, especially in large environments, that are planning to deploy MS08-064 during a scheduled maintenance window also allow for reboot time so that any potential issues can be avoided. VI. Alternate Solution: A hotfix tmcomm.sys patch (2.2.0.1032) has been created for customers that may have issues rebooting affected products. More information, as well as the patch itself, can be obtained from Trend Micro technical support. Please note, that the preferred solution is the recommend solution provided above, since other stability and kernel memory scenarios not directly related to this issue could also be present when not following Microsoft’s instructions to reboot. VII. Reference: Click here for more information about Microsoft Security Bulletin MS08-064. VIII. Other Information: Users who believe they may have been affected by this issue can contact their authorized Trend Micro technical support services provider in their region for further assistance.
Connect with us on
| | | |