List of known issues in OfficeScan 10.5

Solution ID Last Updated
1056419 Sep. 17, 2013 9:05 AM (PST)

Product / Version Platform
OfficeScan - 10.5;
Windows - 2003 Compute Cluster Server, 2003 Datacenter Server, 2003 Datacenter Server Edition 64-bit, 2003 Enterprise Server, 2003 Home Server, 2003 Standard Server Edition, 2003 Standard Server Edition 64-bit, 2003 Storage Server, 2003 Web Server Edition, 2008 Datacenter Server, 2008 Datacenter Server Edition 64-bit, 2008 Enterprise Server, 2008 Enterprise Server Edition 64-bit, 2008 Essential Business Server, 2008 Small Business Server, 2008 Standard Server Edition, 2008 Standard Server Edition 64-bit, 2008 Storage Server, 2008 Web Server Edition, 2008 Web Server Edition 64-bit, 7 32-bit, 7 64-bit, Vista 32-bit, Vista 64-bit, XP Home, XP Professional, XP Professional 64-bit

Problem Description

This article enumerates the known issues for OfficeScan 10.5, their explanations and workaround.


[ Expand All ]


Server installation, Upgrade and Uninstallation

  1. After upgrading from version 7.3, OfficeScan displays the spyware count as 0. This is because OfficeScan 7.3 and older versions use the same logs for virus/malware and spyware/grayware. After upgrading, OfficeScan displays the number of new spyware/grayware.
  2. Unable to access the OfficeScan web console and all OfficeScan services when OfficeScan is installed on Windows 2008 or Windows 2008 R2 before joining the domain.
    To resolve this issue, do the following:
    Windows 2008
    1. Go to Control Panel > System Security > Windows Firewall > Exception tab.
    2. Enable exception for File and Printer Sharing.
    3. Add the following port exceptions:
      • Trend Micro Local Web Classification Server HTTP, TCP port 5274
      • Trend Micro OfficeScan Server HTTP, TCP port 8080
      • Trend Micro OfficeScan Server HTTPS, TCP port 4343
      • Trend Micro Smart Scan Server (Integrated) HTTP, TCP port 8082
      • Trend Micro Smart Scan Server (Integrated) HTTPS, TCP port 4345
    4. Click OK.
    Windows 2008 R2
    1. Go to Control Panel > System and Security > Windows Firewall > Allowed Programs.
    2. Select the following features and allow access for Domain profile:
      • File and Printer Sharing
      • Trend Micro Local Web Classification Server HTTP
      • Trend Micro OfficeScan Server HTTP
      • Trend Micro OfficeScan Server HTTPS
      • Trend Micro Smart Scan Server (Integrated) HTTP
      • Trend Micro Smart Scan Server (Integrated) HTTPS
    3. Click OK.
  3. After installing the OfficeScan server remotely to a Windows 2008 computer, the Web console shortcut does not immediately display on the computer's desktop.
    To resolve this, refresh the desktop by pressing F5.
  4. When the OfficeScan server is installed to a disk using the FAT32 file system, role-based logon to the OfficeScan web console does not work.
  5. When an ACE/RSA software runs with the OfficeScan server on a Windows 2003 computer, all logon tokens created for the ACE/RSA software receive access denied error.
    To avoid this issue, install the OfficeScan server to a computer that does not run ACE/RSA software.
  6. The upgrade process may time out when the existing database file (found in the HTTPDB folder under OfficeScan/PCCSRV) is very large.
    Trend Micro recommends purging the database before performing the upgrade. Do the following:
    1. Log on to the OfficeScan management console.
    2. Go to Administration > Database Backup > Backup Now.
      Note: back up all the important configuration files and database before upgrading to version 10.5.


Client installation, Upgrade and Uninstallation

    1. After moving an OfficeScan client form an OfficeScan 7.3, 8.0, or 8.0 SP1 server to version 10.5 server, the client successfully upgrades, but reloads several times.
      To avoid this issue, Trend Micro recommends using Login Script or Client packager to upgrade the OfficeScan client. Using these methods can ensure that the client will only reload once.
    2. Upgrade may fail when using an MSI package to upgrade an OfficeScan client that was originally installed using an MSI package.
      As a workaround, make sure that the new MSI package has the same file name as the original one. If you do not know the file name of the original package, launch the new package and you will be notified on the file name. Rename the new package and then launch it again.
      Use a command prompt to execute the package with the "/fvo" parameter.
      For example, c:\ package.msi /fvo
    3. The OfficeScan client is unable to query the Web Reputation servers after performing a fresh installation or upgrade.
      To resolve this issue, ensure that the clients restart their computers once prompted.
    4. When creating a login script in Active Directory and then logging on as administrator on Windows Vista Home, 2008, or 7 computer, the OfficeScan client will not be installed to the computer. The message the displays states that the account used is not an administrator account.
    5. When installing OfficeScan 10.5 on a Citrix Presentation server, the Citrix client loses connection with the server.
      To address this issue, follow these steps:
      1. Open the Registry Editor on the Citrix server.
        Important: Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems
      2. Navigate to HKLM\SOFTWARE\TrendMicro\NSC\TmProxy\WhiteList
      3. Click Edit > New > Key and then name the key "IIS".
      4. Under this new key, create a string value (Edit > New > String Value) named "ProcessImageName". Set the value to "w3wp.exe".
      5. Restart the OfficeScan NT Listener service.
    6. When an application that locks the Windows Service Control Manager (SCM) is launched, the OfficeScan client cannot be installed or upgraded.
      Before upgrading or installing OfficeScan, make sure that no SCM-locking application is running.
    7. When running the Vulnerability Scanner on a computer running Windows 2008, the DHCP tab does not display on the tool's console.
    8. The ServerProtect Normal Server Migration tool is unable to:
      • Detect ServerProtect for Windows 5.8 with Patch 7 or later
      • Restart the target computer after installing the OfficeScan client even if the Restart after installation option is selected.
      To resolve these issues, open the Registry Editor on both Normal and Information Servers and then add the following registry key:
      Important: Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
      Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\CurrentVersion\RPC
      Name: AgentFilter
      Type: REG_SZ (string value)
      Value: IP addresses or computer name of the OfficeScan server
    9. Microsoft IIS does not work when:
      • Running Setup to install both the OfficeScan server and client on a Windows 2008 computer without Service Pack 2, and then specifying IIS 7 as the web server. The web console cannot be opened after installation and all the applications using IIS do not work.
      • Installing the OfficeScan client to a Windows 2008 computer with Microsoft IIS 7. All applications using IIS do not work.
      A message displays on the computer using Windows 2008 without SP2 asking the users to restart the IIS service to resolve the issue.
    10. When installing the client form the web install page, users may get an error message stating that ActiveX setup controls did not download information needed for installation. When users retry the installation, the error message no longer displays and installation proceeds.
    11. To avoid seeing the error message, enable
Automatic prompting for ActiveX controls
    in Internet Explorer.
  1. To perform client Web installation on computers with a 64-bit processor architecture, you must use the 32-bit version of Internet Explorer. The 64-bit version of Internet Explorer is not supported.
  2. The OfficeScan client may not install correctly if Norton SystemWorks™ antivirus is installed on the computer. To resolve this, uninstall Norton before installing the OfficeScan client.
  3. If the OfficeScan client is installed using the "per-user" method, the OfficeScan client shortcut will still appear on all the users' Windows Start menu.
  4. When the OfficeScan client is installed using the "per-user" method and the server notifies the client to perform uninstallation, the program entry on the Add/Remove Program list will not be removed.
  5. When cloning virtual machine images using Microsoft's "sysprep" utility, cloning is unsuccessful in OfficeScan client installed on the source virtual machine.
    To resolve this issue, do the following:
    1. Disable Local Area Connection on the source virtual machine.
    2. Power off the virtual machine and start cloning the image.
    3. Configure custom settings on the cloned image.
    4. Power on the virtual machine.
  6. The Common Firewall Installer (ncfg.exe) may hang during upgrade. This may be caused by network disk services like Dropbox.
    To prevent this issue, stop the service before upgrading.
  7. If the Web console setting Clients can update components but not upgrade the client program or deploy hot fixes is enabled, OfficeScan clients are unable to upgrade the Spyware Scan Engine from version 5 to 6.
  8. The following issues occur after upgrading OfficeScan:
    • When upgrading from OfficeScan 8.0 Patch 2, the OfficeScan firewall service may not start even if this service and the Common Firewall Driver are up-to-date.
      The following error appears in the Setupapi.log file found under %systemroot%:
      "0x800b0100: No signature was present in the subject."
    • When upgrading from version 8.0 Service Pack 1 by moving a client to an OfficeScan 10.5 server, the OfficeScan firewall service cannot be started and the Common Firewall Pattern version is 0.
    • When upgrading by moving a client to an OfficeScan 10.5 server, the Common Firewall Pattern version is "N/A".
    To resolve these issues, do the following:
    • Stop the Cryptographic Services from the Microsoft Management console.
    • Go to C:\Windows\system32 and rename the catroot2 folder to "oldcatroot2".
    • Start the Cryptographic Services.
    • Open a command prompt and run the following commands:
      regsvr32 wintrust.dll
      regsvr32 netcfgx.dll
    • Restart the computer.
  9. When disabling automatic client upgrade on an OfficeScan 8.0 SP1 client and then upgrading the server, the client is not upgraded and its program version becomes 8.0.
  10. If the OfficeScan 7.3 server is upgraded to version 10.5 but the client is not, the Virus Cleanup Engine in the client will not be upgraded.
    To resolve this issue, upgrade the client to version 10.5 to automatically upgrade the Virus Cleanup Engine.
  11. Upgrading the OfficeScan 7.3 client to version 10.5 through VPN is not supported if Check Point SecureClient is installed on the client computer.
  12. The OfficeScan client unloads and then reloads three times when upgraded to this version. This happens if the client upgrades, applies smart scan as its scan method, and then applies the domain level scan method.
  13. After successfully uninstalling an OfficeScan client in a VPN environment, the client is not removed on the web console's client tree and its status becomes offline.
  14. When configuring connection settings on the web console (Administration > Connection Settings) to move OfficeScan 10 clients to a server that runs the same or a higher version, clients will only move after they are reloaded or after restarting the client computers. Clients will not work properly without the required reload or restart.
    Trend Micro recommends using the Client Mover function from the client tree to move clients to a different server. To do this, go to Networked Computers > Client Management > Manage Client Tree > Move Client.
  15. If you create a login script in Active Directory and then log on as administrator on a Windows Vista Home or 2008 computer, the OfficeScan client cannot be installed to the computer and the message that displays states that the account used is not an administrator account.
  16. The administrator will not be able to remotely install OfficeScan client to Windows 7 x86 platforms without enabling the default administrator account.
    To resolve this issue, choose from the options below:
    Note: Enable the Remote Registry service on the Windows 7 machine. By default, Windows 7 machines disable this feature.
    Option A: Use the domain administrator account to remotely install OfficeScan 10.5 clients to Windows 7 machines.
    Option B: Use the default administrator account:
    1. Execute the "net user administrator /active:yes" command from the command console to enable the default administrator account.
    2. Use the default administrator account to remotely install the OfficeScan client to the Windows 7 machine.
  17. Installing OfficeScan clients to Windows 7 or Windows Server 2008 R2 in VMware may cause the system to stop responding. This is because of compatibility issues with the Intel™ Network Adapter Driver.



  1. A Microsoft Hyper-V virtual machine might not be able to start if the host computer has OfficeScan client installed. This is because the OfficeScan client and Hyper-V virtual machine accesses the same Hyper-V xml file and causes file access violation.
    As a workaround:
    • Set the exclusion folder for the virtual machine xml file located in C:\ProgramData\Microsoft\Virtual Machine Manager\.
    • Turn off file mapping scan by modifying the TmFilter/TmxpFilter registry value.
  2. OfficeScan 10.5 only supports cleaning compressed spyware in zip format.
  3. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option to disable spyware/grayware scan, which means that during Manual Scan, OfficeScan will always scan for spyware/grayware.
  4. When scanning is complete, OfficeScan displays a notification page. On a Windows 2008 computer, the background color of the page does not conform to the standard color for OfficeScan notification pages.
  5. When OfficeScan is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through the Terminal Service client.
  6. When an email containing an attachment with spyware/grayware is retrieved through the Eudora email client and POP3 Mail Scan is disabled, OfficeScan's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora client displays a message informing the user that access to the email is denied.
  7. In a Citrix environment, When the OfficeScan client detects a security risk during a particular user session, the notification message for the security risk displays on all the active user sessions.
    Security risk can be any of the following:
    • Virus/Malware
    • Spyware/Grayware
    • Firewall policy violation
    • Web Reputation policy violation
    • Unauthorized access to external devices
  8. When OfficeScan detects virus/malware and the computer restart is required to clean the infected file, a notification message prompts the user to restart. If the user did not restart the computer and generic virus/malware was detected, the restart notification displays again even if a restart is not required for the generic virus/malware detection.


Server Update

When updating OfficeScan patterns and engines from Control Manager, administrators are not notified of the update status even if the notifications are enabled. The update status can be viewed from the Control Manager console.


Client Update

  1. OfficeScan clients with client-level settings can only download settings from the OfficeScan server, and not from the Update Agents.
  2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of the number of these patterns it has previously downloaded.
  3. When the OfficeScan server notifies clients to update components, the clients that obtain updates from an Update Agent will not be able to update if the Update Agent has not been upgraded to version 8.0 SP1 or higher. However, these clients can still obtain the updates directly from the OfficeScan server.
  4. On the OfficeScan client computer, automatic proxy detection in Internet Explorer does not work if the administrator enables the Client Console Access Restriction option on the OfficeScan server web console's Privileges and Other Settings screen.
  5. When the server and client computers are located on geographical locations with different time zones, the client cannot be configured to update based on the server's time zone.


Server Management

  1. The Active Directory scope may display as empty or redirect to the Active Directory integration screen when querying Outside Server Management reports with a broad scope.
    To resolve this issue, make sure that the first task is finished before performing another query.
  2. The User Role has access and configure permissions on the client Manual Update page, but only for selected domains. However, all clients receive the notification when this role clicks Initiate Update.
  3. When the computer's date/time format is changed, the date/time format on the OfficeScan console does not automatically change.
  4. Web console logon is unsuccessful when using the x64 version of Internet Explorer 6.0 or later and the computer runs a x64 type platform.
    To resolve this issue, use the x86 version of Internet Explorer to log on successfully.
  5. When the web console is opened in Internet Explorer 7 or later, a certificate error displays.
  6. If Hotbar or other adware exists on the computer you are using to access the OfficeScan server web console, ActiveX errors may appear on some web console screens.
    Trend Micro recommends accessing the web console from computers that do not have this kind of software.
  7. The Internet Explorer default settings may prohibit ActiveX controls. You may need to add the address of the OfficeScan web console to the list of trusted sites in the Internet Explorer browser to have the web console function properly.
  8. Control Manager can only replicate OfficeScan configuration settings for the same version.


Client Management

  1. Client names in the OfficeScan client tree support only 15 characters and truncate the succeeding characters.
  2. Three Antivirus components do not display on the console. The components are:
    • TmFilter.sys - Virus Scan Driver
    • TmXPFlt.sys - Virus Scan Driver (For engine)
    • TmPreFlt.sys - Virus Scan Driver (For file hooking)
  3. The internal proxy used for client and server communication does not support the SOCKS 4 protocol.
  4. Double-byte characters (characters typically used in East Asian languages) cannot be used when specifying the notification message for virus/malware infection source (Notifications > Client User Notifications > Virus/Malware tab > Virus/Malware Infection source).
  5. If an outbreak prevention policy is enforced only to a specific domain, a newly installed client belonging to the domain will not apply the outbreak prevention policy.
    To make sure that the newly installed clients also apply the policy, select root instead of domain in the client tree when enforcing a policy.
  6. If the client security level configured on the Web console is set to "High", connection through the Nortel VPN client cannot be established.


Device Control

  1. When the permission for plug-in devices (USB) is "read only", users can still create a new folder on the device but the folder cannot be renamed and no file can be saved to the folder.
  2. The Device Control feature is unable to block recording of files (or "file burning") to optical disks.


OfficeScan Firewall

  1. OfficeScan blocks all inbound and outbound processes if the Security level is set to "High" and there are no policy exceptions.
    To resolve this issue, make sure that the necessary processes have been included in the Exception list before deploying the firewall policy to clients.
  2. The Firewall rule for outgoing traffic will not work as expected if a machine has several IP addresses with different Firewall policies.
  3. Incoming packets to a computer on a VMware client are dropped if the computer has OfficeScan client installed.
    Workaround for all clients:
    1. On the server computer, go to the \PCCSRV folder and open the ofcscan.ini file.
    2. Add the following parameter under the [Global Setting] section:
    3. Save and close the file.
    4. Log on to the OfficeScan web console.
    5. Go to Networked Computers > Global Client Settings.
    6. Click Save to deploy the setting to all the clients.
    Workaround for specific clients:
    1. Open the Registry Editor of the client computer.
      Important: Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
    2. Add the following registry value:
      For x64 computers:
      Name: EnableBypassRule
      Type: REG_DWORD
      Value: 1
    3. Reload the client for the settings to take effect.
  4. If the client runs on a Windows Server 2003 computer without any Microsoft service pack, the OfficeScan firewall may block connection to the integrated Smart Protection Server.
    To avoid encountering this issue, apply the latest service pack.
  5. The OfficeScan firewall service and driver cannot be installed if a previous version of the firewall driver exists and is running. This happens when there is no Trend Micro Common Firewall in the network protocol.


Smart Scan

  1. Smart scan clients are unable to update the virus pattern file for the POP3 and Outlook Mail Scan features.
    To get the latest components, change the scan method for clients that use POP3 and Outlook Mail scan to conventional scan.
  2. Only Internet Explorer is supported for configuring proxy settings used by clients to connect to the Global Smart Protection Server. If proxy settings are configured in other browsers, clients will not be able to connect to the Global Smart Protection Server.


Web Reputation

  1. The OfficeScan client is unable to get the Web reputation rating. This occurs if the client is installed on a Windows 2008 32-bit, 64-bit, or Windows 2008 R2 64-bit server with Apache that supports IPv6.
    As a workaround, turn off IPv6 on the Windows 2008 server.
  2. After changing the DNS server, the DNS query function for Web Reputation may continue using the previous DNS server.
  3. Some proxy servers do not work if the OfficeScan NT Proxy Service (TmProxy.exe) is enabled. TmProxy.exe intercepts network traffic originating from a proxy server and then redirects the traffic again to the proxy server, resulting in a loop.
    If you encounter this issue, the only workaround is to disable Web Reputation (for both internal and external computers) from the OfficeScan web console by going to Networked Computers > Client Management > Settings > Web Reputation Settings.
    Note: Disabling Web Reputation leaves your client computers unprotected from web threats.
  4. Clients can browse blocked sites when using Juniper Networks VPN and proxy servers to connect to the Internet.
    To resolve this issue:
    1. Connect to the network using Juniper Networks VPN.
    2. Go to Internet Options > Connection > LAN Settings.
    3. Disable the Automatic configuration settings.
    4. Enable the Proxy server and specify the IP address and port of your proxy server.
    5. Click OK.


Policy Server and Cisco Trust Agent

  1. The installation and removal of the Cisco Trust Agent (CTA) on client computers require the use of a Windows Utility (netsh.exe) to add/remove CTA from the Windows Firewall Program Exception list. This is done to allow CTA to communicate even when Windows Firewall is enabled.
  2. Computer restart is required after the Cisco Trust Agent 2.x Supplicant package is deployed.


Control Manager Integration

  1. Unable to finish querying Outside Server Management reports when accessed through the Control Manager Single sign on page.
    To resolve this issue, use the OfficeScan web console to query Outside Server Management reports.
  2. OfficeScan client registers and unregisters to Control Manager if the mobile client frequently changes IP address. This can cause network bandwidth issues for Control Manager 5.0.
  3. When generating one-time reports from the Control Manager 5.0 management console, the Common Firewall Driver version is 0. The correct version of the driver displays when performing the following tasks:
    • Querying Control Manager logs (Managed Product Scan Engine Status)
    • Navigating to Products > New Entity > {OfficeScan server} > Domain > Client and selecting OfficeScan 8.0 & Above Engine View
    • Viewing server or client information using the single-sign function of Control Manager
  4. The Integrated Windows Authentication protocol is not supported when registering OfficeScan to Control Manager and specifying web server authentication credentials for the IIS server. Only basic access authentication is supported.
  5. When accessing the OfficeScan server using the single-sign on function in Control Manager:
    • Users are sometimes prompted that the OfficeScan screen contains non-secure items.
    • The "Action cancelled" warning screen may sometimes display.
    As a workaround, refresh the page when any of the above conditions occur.
  6. The Control Manager server must use port 80 or 443 to allow migration from the Trend Micro Management (TMI) protocol to the Control Manager Management Communication Protocol (MCP) agent.


Additional Release Notes

  1. There are several tools included in this version. Refer to the OfficeScan server Help for instructions on how to use them. The tool folders are located under \PCCSRV\Admin\Utility.
  2. Download the latest components after upgrading to keep your security risk protection current.
  3. The following are the permissions for the OfficeScan folders:
    Directory/UserAdministratorEveryoneIUser _<Server Name>SystemNetwork Service
    \PCCSRV Full control RX N/A Full control N/A
    \PCCSRV\Download Full control N/A R Full control N/A
    \PCCSRV\HTTPDB Full control N/A N/A N/A N/A
    \PCCSRV\Log Full control N/A N/A Full control N/A
    \PCCSRV\Private Full control N/A N/A Full control RX
    \PCCSRV\Temp Full control N/A RWXD N/A RWXD
    \PCCSRV\Virus Full control N/A RW (Special Access) N/A N/A
    \PCCSRV\Web Full control N/A R Full control N/A
    \PCCSRV\Web\Cgi Full control N/A RX N/A N/A
    \PCCSRV\Web_OSCE\Web_console Full control RX N/A Full control N/A
    \PCCSRV\Web_OSCE\Web_console\ HTML\ClientInstall Full control N/A RWXD N/A N/A
    \PCCSRV\Web_OSCE\Web_console\ RemoteInstallCGI Full control N/A RWXD N/A N/A

Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.

Connect with us on