<<USE COURIER REGULAR 10 FONT IF YOU WOULD LIKE TO PRINT THIS DOCUMENT>>
Trend Micro Incorporated January 17, 2025
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trend Micro(TM) ServerProtect(TM) for Storage 6.0
Patch 3 - Build 1816
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This Readme file was current as of the date above. However,
all customers are advised to check Trend Micro's website for
documentation updates.
GM release documentation:
http://docs.trendmicro.com
Patch/SP release documentation:
http://www.trendmicro.com/download
TIP: Register online with Trend Micro within 30 days of
installation to continue downloading new pattern files and
product updates from the Trend Micro website. Register
during installation or online at:
https://clp.trendmicro.com/FullRegistration?T=TM
Contents
==========================================================
1. About Trend Micro ServerProtect for Storage 6.0
1.1 Overview of This Release
1.2 Who Should Install This Release
2. What's New
2.1 Enhancements
2.2 Resolved Known Issues
3. Documentation Set
4. System Requirements
5. Installation
5.1 Installing
5.2 Uninstalling
6. Post-Installation Configuration
6.1 Post-Installation Configuration (from Previous Versions)
7. Known Issues
8. Release History
9. Files Included in This Release
10. Contact Information
11. About Trend Micro
12. License Agreement
==========================================================
1. About Trend Micro ServerProtect for Storage 6.0
========================================================================
ServerProtect for Storage 6.0 is an enhanced version of
ServerProtect developed exclusively to provide antivirus solutions
for NetApp devices, EMC Celerra, VNX/VNXe series and storage
devices supporting Internet Content Adaptation Protocol (ICAP)
antivirus scanner.
1.1 Overview of this Release
===================================================================
This Patch includes all modifications released since
ServerProtect for Storage 6.0 General Release Build 1095.
1.2 Who Should Install this Release
===================================================================
You should install this patch if you are currently running
ServerProtect for Storage 6.0.
2. What's New
========================================================================
Note: Please install the Patch/SP before completing any procedures in
this section (see "Installation").
This patch addresses the following issues and/or includes the following
enhancement(s):
2.1 Enhancements
====================================================================
Enhancement 1: [VRTS-7422][Hotfix 1307 EN]
This patch upgrades the ActiveUpdate module to
remove some vulnerabilities.
Enhancement 2: [VRTS-7412][Hotfix 1307 EN]
This patch upgrades the CMAgent SDK module to
remove some vulnerabilities.
Enhancement 3: [SEG-160182][Hotfix 1329 EN]
This patch fixes the issues reported by the Fortify
Static Code Analyzer tool.
Enhancement 4: [SEG-160181][Hotfix 1329 EN]
In some network environments, the Normal Server (NS)
cannot resolve the hostname of the Information
Server (IS). This patch adds the FIXAgentAddress
hidden key to resolve the issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 4: To configure this feature:
1. Go to the NS machine.
2. Run Regedit to open the Registry Editor.
3. Go to key
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProt
ect\CurrentVersion\RPC.
4. Add a key entry (REG_SZ) named "FIXAgentAddress".
5. Set the value of this entry to the IP address
of the IS machine.
The following is an example:
Path:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect
\CurrentVersion\RPC
Key: FIXAgentAddress
Kind: REG_SZ
Value: 192.168.0.1
6. Restart the Trend Micro ServerProtect service
on the NS machine.
Enhancement 5: [TMINTERNAL-217][Critical Patch 1416 EN]
This version of ServerProtect for Storage runs with
Microsoft Visual C++ 2015 Redistributable Package,
which brings an adaptability update for common
components.
Enhancement 6: [PCT-7980][Hotfix 1424 EN]
For certain storage devices, a mechanism to modify
the response type is provided to match the standard
ICAP protocol.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 6: To modify the response type of the ICAP
encapsulated header:
1. Apply this hotfix.
2. Set Regedit on the NS server:
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect
\CurrentVersion\Engine\IcapSetting]
"ResponseType"=dword:00000002
3. Restart the Spntsvc service.
Enhancement 7: [PCT-4406][Hotfix 1424 EN]
A feature is added to support setting the
notification email sending port to 587.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 7: To configure this feature:
1. Open the Registry Editor.
2. Set Regedit on the NS server:
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerPr
otect\CurrentVersion\Notification]
"SMTPMailServerPort"=dword:0x0000024b
3. Restart the Trend Micro ServerProtect
service on the NS server.
Enhancement 8: [PCT-18560][Hotfix 1430 EN]
This patch reduces the time to get the engine/pattern
information to improve the ICAP scan performance.
2.2 Resolved Known Issues
=====================================================================
NOTE: Please install the release before completing any procedures in
this section (see "Installation").
This release resolves the following issue(s):
Issue 1: [SEG-136848][Hotfix 1307 EN]
Sometimes, virus or spyware pattern updates cannot
succeed with error code 46 reported.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This patch resolves this issue.
Issue 2: [SEG-142345][Hotfix 1307 EN]
If the sender or recipient address set for
notifications exceeds 49 bytes, issues may occur:
* The sender address will be truncated on the
Management Console.
* Notifications cannot be sent to the recipient
successfully.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This patch resolves the issues.
Issue 3: [SEG-135026][Hotfix 1307 EN]
Some customers reported that they could not open the
management console when port 1000 was occupied by
other programs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This patch resolves this issue.
Issue 4: [SEG-140254][Hotfix 1307 EN]
The Normal Server may exit abnormally upon the
failure to create the DCE engine process.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4: This patch resolves this issue.
Issue 5: [SEG-139356][Hotfix 1329 EN]
Sometimes, tsc64.exe crashes during startup.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5: This patch upgrades the DCE module to resolve the
issue.
Issue 6: [SEG-158693][Hotfix 1329 EN]
Spyware alerts could not work properly in storage
scanning.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6: This patch resolves this issue.
Issue 7: [SEG-159874][Hotfix 1329 EN]
Users could not save the device list after providing
correct username and password in the device list.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7: This patch extends the password length support from
32 to 48 bytes to resolve the issue.
Issue 8: [SEG-190399][Hotfix 1341 EN]
ServerProtect reported several virus alerts in
Real-time Scan about virus "+" in "?." after the Virus
Scan Engine had upgraded to 22.610-1017.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8: This patch resolves this issue.
Issue 9: [SEG-177705][Hotfix 1341 EN]
Process StOPP started unexpectedly and might cause
service crash sometimes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9: This patch resolves this issue.
Issue 10: [PCT-7602][Hotfix 1424 EN]
SPFS did not send the latest pattern information to
the ONTAP AV Connector after a pattern update.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 10: This patch resolves this issue.
Issue 11: [PCT-9846][Hotfix 1424 EN]
Sometimes, ICAP scanning causes a Normal Server crash.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 11: This patch resolves this issue.
Issue 12: [SEG-184008][Hotfix 1424 EN]
Sometimes, ICAP scanning leads to over 90% of CPU
usage by the SpntSvc service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 12: This patch resolves this issue.
Issue 13: [PCT-12467][Hotfix 1428 EN]
When scan requests are received with no preview and an
empty file, Normal Server returns an error.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 13: This patch resolves this issue.
Issue 14: [PCT-9580][Hotfix 1430 EN]
When Apex Central only allows specific SSL Cipher
list, SPFS failed to register with Apex Central.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 14: This patch enables SPFS to the
"SSL_Cipher_List" value from agent.ini when it tries
to connect to Apex Central.
Issue 15: [PCT-21706][Hotfix 1430 EN]
Occasionally, RPC scanning triggers a Normal Server
crash every 30 minutes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 15: This patch resolves this issue.
Issue 16: [PCT-20257][Hotfix 1430 EN]
ServerProtect returns "400 Bad Request" if the actual
file size does not match the value set in
"Content-Length" of the ICAP header.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 16: ServerProtect supports ignoring the error.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 16: Add the following registry key.
Path:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\
CurrentVersion\Engine\IcapSetting
Key: isCheckingChunkSize
Type: DWORD
Value: 0
If isCheckingChunkSize is set to 0, the error will be
ignored; otherwise the error will not be ignored.
Issue 17: [PCT-23907][Hotfix 1430 EN]
Though the Named Pipe protocol is not used, the Named
Pipe names are still added to "Network access: Named
Pipes that can be accessed anonymously".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 17: If the Named Pipe protocol is not enabled, the Named
Pipe names are not added to "Network access: Named
Pipes that can be accessed anonymously".
Issue 18: [PCT-22921][Hotfix 1430 EN]
The ServerProtect service crashes when the "Host"
field of the ICAP request is NULL.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 18: This patch resolves this issue.
Issue 19: [PCT-25925][Hotfix 1430 EN]
In ICAP mode, high CPU utilization occurs on SPFS
servers when the filename contains special characters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 19: This patch resolves this issue.
Issue 20: [PCT-24094][Hotfix 1431 JP]
There are garbled characters in "Match scan actions
with the virus type" on the SPFS management console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 20: This patch resolves this issue.
Issue 21: [PCT-38948]
If the Normal Server (NS) was remoted installed with
a source version between 6.0.1416 and 6.0.1430, the NS
may fail to be updated to a higher version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 21: This patch resolves this issue by removing the
requirement of file "tmeng.dll" during the NS update.
3. Documentation Set
========================================================================
To download or view electronic versions of the documentation set for
this product, go to http://docs.trendmicro.com
In addition to this Readme file, the documentation set for this
product includes the following:
- Online Help: The Online Help contains an overview of features
and key concepts, and information on configuring and
maintaining <product name>.
To access the Online Help, go to http://docs.trendmicro.com
- Getting Started Guide (GSG): The Getting Started Guide
contains product overview, installation planning, installation
and configuration instructions, and basic information intended
to get <product name> "up and running".
- Support Portal: The Support Portal contains information on
troubleshooting and resolving known issues.
To access the Support Portal, go to https://success.trendmicro.com
4. System Requirements
========================================================================
Refer to the ServerProtect for Storage 6.0 readme file for the
complete list of system requirements.
NOTE: Microsoft Windows Server 2008 and 2008 R2 are no longer
supported since ServerProtect for Storage 6.0 Patch 3.
5. Installation
========================================================================
5.1 Installation
===================================================================
This Patch must be installed on the Information Server. After the
installation is completed, the Information Server automatically
deploys this Patch to all the Normal Servers.
Important: Do not install this Patch directly on the Normal
Server or on the Management Console server. If the
installation is unsuccessful, contact Trend Micro
technical support.
To apply this Patch on the Information Server:
1. Close the Management Console. If the Management Console is not
running at the time of installation, proceed to the next step.
2. Check the operating system of your Information Server.
If your Information Servers are running on Windows Server 2012
R2 or an earlier version, install "Visual C++ Redistributable
for Visual Studio 2015" on your Information Servers before
applying this patch. Download the Microsoft package from the
following location:
https://www.microsoft.com/en-us/download/details.aspx?id=48145
3. Check the operating system of your Normal Server.
If your Normal Servers are running on Windows Server 2012 R2 or
below, install "Visual C++ Redistributable for Visual Studio
2015" on your Normal Servers before applying this patch. The
package version depends on the version of the Microsoft Windows
Server.
4. On your Information Server, do the following:
a. Copy the "spfs_600_win_en_patch3_b1816_for_spfs.exe" patch
installation file to a temporary folder.
b. Run the Patch file. The license screen appears.
c. Choose the "I accept the terms of the legal agreement" and
click "Next". The "readme" appears.
d. Click "Install" to start the installation.
Wait until the installation is successfully completed.
Once the installation is completed, the Information Server
automatically deploys this Patch to all the Normal Servers.
During the deployment, the Normal Server service will be
restarted. Make sure you do not interrupt the service
restart.
If your Management Console is not associated with the computer
hosting the Information Server or is not installed in the same
folder with the Information Server, you need to apply the patch on
the Management Console server.
To apply this Patch on your Management Console server:
1. Make sure you have applied the Patch to the Information Server.
2. Close the Management Console.
3. Go to the Management Console home directory and back up the
following files to another location.
- admin.exe
- Adm_enu.dll
- AgentClient.dll
- ADM_ENU.chm
- EventMsg2.dll
- spuninst.exe
- spuninstrc.DLL
4. On the Information Server, copy the following files from the
Information Server home directory to the Management Console
home directory to overwrite the local files.
- admin.exe
- Adm_enu.dll
- AgentClient.dll
- ADM_ENU.chm
- EventMsg2.dll
- spuninst.exe
- spuninstrc.DLL
5. Go to the Management Console home directory, add the following
key under the section "[ADMINServer]" of the file ADMIN.INI
if this key does not exist. If this key exists but its value is
not "1", please change its value to "1".
ShowISVersion=1
5.2 Uninstallation
===================================================================
To roll back to the previous build:
5.2.1 Uninstallation of Information Server and Normal Server
-------------------------------------------------------------------
1. On the Normal Server, run the following Shell command to stop
the Normal Server service:
net stop spntsvc
2. On the Information Server, run the following Shell command to
stop the Information Server service:
net stop earthagent
3. On the Information Server, run the following Shell command to
stop the CMAgent service:
net stop ServerProtectCMAgent
4. On the Normal Server, rename the backup files in the
ServerProtect home directory and use them to replace the
current files. The names of the backup files have "bak" in
the extension.
5. On the Information Server, open the Information Server's home
directory and copy the files from the ".\backup\patch3\
filegroup10" folder to the current directory.
6. On the Information Server, open CMAgent's home directory and
copy the files from the "..\backup\patch3\filegroup100" folder
to the current directory.
7. On the Information Server,
a. Open "Agent.ini" in CMAgent's home directory.
b. Set the "Agent_BuildNumber" key in the "Common" section
to the previous version.
c. Set the "Agent_Version" key in the "Common" section to the
previous version.
d. Open "Product.ini" in CMAgent's home directory.
e. Set the "UpdateInfo" key in the "Product_Info" section to 1.
f. Set the "MenuVersion" key in the "Product_Info" section to
the previous version.
The previous version can be verified in the following file:
.\backup\patch3\filegroup100\ProductUI.zip\ProductInfo.xml
8. On the Normal Server, run the following command to start the
Normal Server service:
net start spntsvc
9. On the Information Server, run the following command to start
the Information Server service:
net start earthagent
10.On the Information Server, run the following command to start
the CMAgent service:
net start ServerProtectCMAgent
5.2.2 Uninstalling the Management Console
-------------------------------------------------------------------
NOTE: It is not necessary to roll back the Management Console
separately. You should roll back the Management Console only
when it is not installed on the same machine as the
Information Server or when it is not installed in the same
folder as the Information Server.
1. On Management Console, open the backup directory of the
following files in the installation section:
- admin.exe
- Adm_enu.dll
- AgentClient.dll
- ADM_ENU.chm
- EventMsg2.dll
- spuninst.exe
- spuninstrc.DLL
2. Copy the files in the list above to the management console home
directory to overwrite the local files.
6. Post-Installation Configuration
========================================================================
No special post-installation steps are required.
NOTE: Trend Micro recommends updating all components immediately
after installing the product.
7. Known Issues
========================================================================
Here are the known issues in this release:
7.1 When the delete file feature for HDI storage is enabled, it is
possible for a user to access a file before the file is deleted
from HDI.
===================================================================
ServerProtect for Storage implements this feature after the
Real-time Scan Callback function. Since the Callback function is
called asynchronously after the scan completes, there is a time
gap (shorter than 500ms during testing) between the HDI allowing
file access and deleting the file from HDI. Users are able to
access files that are to be deleted during the time gap.
7.2 When the delete file feature for HDI storage is enabled, files
in HDI may not be deleted successfully if another user is accessing
it.
===================================================================
Related to Known Issue 7.4, if ServerProtect for Storage deletes
files on HDI storage while someone is accessing the file, the
file may not be deleted successfully.
7.3 When the delete file feature for HDI storage is enabled, files
in HDI may not be deleted successfully if the same files are copied
to HDI again within a short period of time.
===================================================================
Because of the Windows SMB cache, when the same file is copied to
an HDI storage again within a short time, Hitachi Server Protect
Agent (HSPA) will not process the file and does not trigger the
delete action.
Refer to the following KB to disable all three kinds of caches
to work around this known issue:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro
/windows-7/ff686200(v=ws.10)
7.4 When the delete file feature for HDI storage is enabled and
users copy a large number of files to HDI, some of the files that
are to be deleted are left on the HDI storage.
===================================================================
This is because HSPA misses some files while copying a large
number of files to HDI, which prevents ServerProtect from
scanning any missing file and triggering the delete action. This
issue can be fixed by adding more servers where HSPA is installed
to balance the load.
7.5 When the delete file feature for HDI storage is enabled, target
files may still be copied from HDI before being deleted.
===================================================================
Since HDI does not block the file access before HSPA touches
files, there is a short period of time when the files that are
to be deleted can still be copied. This issue can be fixed by
configuring the "Deny access" setting to "Procedure if scanning
fails" under the HDI Scanner servers' scan condition.
8. Release History
========================================================================
For more information about updates to this product, go to:
http://www.trendmicro.com/download
Previous releases include the following:
- ServerProtect for Storage 6.0 Patch 2, January 12, 2022
- ServerProtect for Storage 6.0 Patch 1, June 19, 2018
- ServerProtect for Storage 6.0, July 13, 2015
8.1 Patch 1
===================================================================
8.1.1 Enhancements
===================================================================
The following enhancements are included in Patch 1:
Enhancement 1: [Hotfix 1107 EN]
Asynchronous input/output has been implemented to
improve the accepting thread for ICAP servers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 1: To configure the maximum number of threads that
can be handled by the accepting thread:
1. Open a registry editor on the Normal Server.
2. Add the following key and set its value to "4":
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\Engine\
IcapSetting
Key: AcceptorHandlerThreadsNumber
Type: DWORD
Value: The default value is 4, but it is
sufficient to improve the performance
of the accepting thread.
3. Restart the Normal Server service.
Enhancement 2: [Hotfix 1124 EN]
The ICAP Scanner in ServerProtect for Storage 6.0
now supports ICAP REQMOD requests. The service
name for REQMOD requests is "SPFS-AV-REQ" and
should be in the following URI format:
icap://[IP][:PORT]/SPFS-AV-REQ
Enhancement 3: [Hotfix 1135 EN]
ServerProtect for Storage 6.0 now displays the
long virus names instead of the short virus names.
Enhancement 4: [Critical Patch 1164 EN]
A special antivirus program compatibility registry
key has been added to the Normal Server and
Information Server. Microsoft checks for this
special registry key value on the computer before
running the next Security Update for Windows.
Microsoft KB4056892 was released on January 4,
2018 and requires the new registry key be
installed before you can apply the update.
For more information about Microsoft KB4056892,
refer to the following link:
https://support.microsoft.com/en-us/help/4056892/
windows-10-update-kb4056892
This registry is created automatically each time
spntsvc restarts even after this key has been
deleted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 4: To disable this behavior:
1. Open the Registry Editor.
2. Add the following key:
Key="HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\SpntService"
Name="DisableSUVPCompat"
Type="REG_DWORD"
Value="0x00000001"
Enhancement 5: [Hotfix 1178 EN]
ServerProtect for Storage can now locate and
delete files on HDI storage by true file type.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 5: To enable ServerProtect for Storage to locate and
delete files on HDI storage by true file type:
1. On the Normal Server:
For 64-bit operating systems, open
".\Trend\SProtect\x64\TFTD.ini".
For 32-bit operating systems, open
".\Trend\SProtect\TFTD.ini".
2. Locate "EnableDeleteAction" and set it to "1".
NOTE: Set "EnableDeleteAction=0" to disable
the feature.
3. Set the HDI server count in the "Count" key
under the "ServerList" section.
4. Set HDI server information in the "Server1"
key under the "ServerList" section.
NOTE: To add more than one HDI server, set
the information in "Server2" and so on.
5. Set the true file type count in the "Count"
key under the "TrueFileTypeList" section.
6. Set the true file type value in the
"FileType1" key.
NOTE: To add more than one true file type, set
the information in "FileType2" and so on.
The true file type value table is defined in
"TFTD.ini".
Enhancement 6: [Hotfix 1179 EN]
Users can now set the sleep time between scanning
each folder during a manual scan or scheduled
scan. Adjusting this time interval can help
balance ServerProtect for Storage's CPU usage with
its scan speed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 6: To set the sleep time between scanning each folder
during a manual scan or scheduled scan:
1. Open a registry editor on the Normal Server.
2. Add the following key and set the time interval
in milliseconds:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\SpntService
Key: ManualScanWaitTime
Type: DWORD
Value: The default value is "0", the unit is
milliseconds
3. Restart the Normal Server service.
Enhancement 7: [SPNT Hotfix 1494 EN]
After updating MCP SDK to version 5.0.0.2270,
ServerProtect for Storage provides many cipher
suites when starting an HTTPS connection.
Enhancement 8: [Patch 1 1194 EN]
Virus Scan Engine (user mode) has been updated
to version 10.000.0.1040 to support more true
file type detections.
Enhancement 9: [Patch 1 1194 EN]
The ICAP client now sends requests without passing
the file size by "Content-Length" header or
ICAP_HEAD_X_SCAN_FILE_LENGTH.
Enhancement 10: [Patch 1 1194 EN]
Some ICAP debug level logs have been adjusted to
error level logs.
Enhancement 11: [Patch 1 1194 EN]
ServerProtect for Storage now downloads and deploys
Virus Scan Engine (user mode) from the ActiveUpdate
server.
Enhancement 12: [Patch 1 1194 EN]
ServerProtect for Storage can now be configured to
exclude processes during real-time scanning.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 12: To configure the Exclude Process List:
1. Open the Registry Editor.
2. Add the following key:
Path: "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\Engine\
Exception"
Key: ProcessList
Type: Multi-String Value
Value: add the process full path to this
ProcessList
3. Restart the Normal Server Service "Spntsvc".
Enhancement 13: [Patch 1 1194 EN]
ServerProtect for Storage now shows the ellipsis
sign (...) in server names that are too long
in logs.
8.1.2 Resolved Known Issues
===================================================================
The following known issues are resolved in Patch 1:
Issue 1: [Hotfix 1099 EN]
ServerProtect for Storage 6.0 cannot establish
connections when it receives 215 or more connection
requests within a short period of time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: ServerProtect for Storage 6.0 now processes connection
requests faster to ensure that it can handle up to 500
connection requests received within a short period of
time.
Issue 2: [Hotfix 1120 EN]
A previous hotfix changed the IP string format. As a
result, ServerProtect for Storage cannot perform ICAP
client validation by IP address.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: ServerProtect for Storage can now perform ICAP client
validation by IP address successfully.
Issue 3: [Hotfix 1120 EN]
If the ServerProtect Normal Server with ICAP mode is
installed on the Japanese version of the Windows
server, Japanese characters appear in the "Date"
header of ICAP responses.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: Japanese characters no longer appear in ICAP responses
under the scenario described above.
Issue 4: [Hotfix 1126 EN]
When the C-mode Filer has been removed or unregistered
from ServerProtect for Storage but the scanner server
is still configured in the C-mode Filer, AV-Connect
will still send scan requests to ServerProtect for
Storage. As a result, the C-mode Filer may stop
responding.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4: The RPC Scanner in ServerProtect for Storage now
rejects requests from the AV-Connector if the filer
has been removed or unregistered from ServerProtect
for Storage.
Issue 5: [Hotfix 1126 EN]
When the first action fails, the second action does
not appear in email virus notifications.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5: The action description in email virus notifications
are now consistent with the information in the
corresponding log records.
Issue 6: [Hotfix 1133 EN]
The ICAP Scanner records a large number of compress
violation logs as virus logs, which makes it difficult
for users to manage virus logs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6: The ICAP Scanner no longer records compress violation
logs as virus logs. If any file in a compressed file
is skipped during a scan because of a compress scan
policy in ICAP Scanner, the ICAP scanner will record a
warning event log. By default, ServerProtect will send
these warning event logs to users, but users can
prevent ServerProtect from sending these logs through
the registry.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 6: To prevent ServerProtect from sending these warning
event logs:
1. Open a registry editor on the Normal Server.
2. Add the following key and set its value to "1":
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\Engine\
IcapSetting
Key: DisableCompressWanLog
Type: DWORD
Value: 1
NOTE: To receive the logs again, set the key to
"0".
3. Restart the Normal Server.
Issue 7: [Hotfix 1145 EN]
When ServerProtect for Storage 6.0 is installed on
Windows Server 2016, the wrong platform version
appears on the Management Console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7: The correct platform version now appears on the
Management Console.
Issue 8: [Hotfix 1145 EN]
When ServerProtect for Storage 6.0 is installed on
Windows Server 2016 and registered to Control Manager,
the wrong operating system information appears on the
Control Manager console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8: The correct operating system information now appears
on the Control Manager console.
Issue 9: [Hotfix 1147 EN]
When ServerProtect for Storage 6.0 runs, the
"SPNTSVC.exe" process goes up to over 90% of CPU
utilization, and it remains at that level.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9: The CPU usage of the "SPNTSVC.exe" process has been
reduced to ensure that the program works normally.
Issue 10: [Hotfix 1148 EN]
When ServerProtect for Storage 6.0 is running, the
file name with a leading space is sent to the scanner
through a scan request, and the scanner returns a
"400 bad request" response to HNAS.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 10: The scanner now treats the request as a normal scan
request.
Issue 11: [Hotfix 1150 EN]
When ServerProtect for Storage 6.0 restarts, the
corresponding item on the Control Manager console
appears yellow and does not go back to green until
after the Trend Micro Management Communication
Protocol (MCP) Control Manager Agent (CMAgent) service
has restarted again.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 11: The Information Server now restarts before the MCP
CMAgent so that ServerProtect for Storage 6.0 appears
in green on the Control Manager console after it
restarts.
Issue 12: [Hotfix 1152 JP]
Under certain conditions, a heap corruption issue
triggers the Japanese version of ServerProtect for
Storage 6.0 to stop unexpectedly while its spntsvc
service attempts to send an email notification.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 12: ServerProtect for Storage now allocates enough memory
to operate to prevent the heap corruption issue so it
can send out email notifications normally.
Issue 13: [Hotfix 1154 JP]
Before scanning a compressed file, ServerProtect first
determines whether the file can be scanned or not by
checking if the contents exceed the maximum size
configured by the user. There is no limit to the value
that users can set the maximum content size to on the
Management Console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 13: The Management Console no longer allows users to set
the maximum content size to any value larger than
2 GB.
Issue 14: [Hotfix 1158 EN]
In ICAP mode, the ICAP server returns a code "400 bad
request" error if it receives an ICAP request
containing a file name with illegal characters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 14: The workflow has been updated to enable ServerProtect
for Storage to create a temporary file after receiving
an ICAP request to make sure that the ICAP server
works normally when the request contains a file name
with illegal characters.
Issue 15: [Hotfix 1158 EN]
In ICAP mode, the ICAP server returns a code "400 bad
request" error if it receives an ICAP request with
certain file names from an ICAP client.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 15: The workflow for extracting file names from ICAP
requests has been updated to ensure that file names
are extracted correctly.
Issue 16: [Hotfix 1158 EN]
When an ICAP client uses an HTTP persistent connection
in ICAP mode, the ICAP server closes the connection
to this ICAP client after it sends a "400 bad request"
response to the ICAP client.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 16: The ICAP server now closes the connection to an ICAP
client on an HTTP persistent connection in ICAP mode
only after it sends a "408 request timeout" response
to the ICAP client.
Issue 17: [Hotfix 1160 EN]
When ServerProtect for Storage receives a large number
of RPC scan requests during a pattern update, the RPC
scan threads might stall and running scans may fail.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 17: A read-write lock has been added for pattern
operations to help ensure that scans proceed normally
during pattern updates.
Issue 18: [Hotfix 1163 JP]
When ServerProtect for Storage scans files in a
C-mode filer, it will request to set up an SMB
session each time it opens a file. As a result, it
takes longer to scan files in C-mode filers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 18: All scan threads now establish a persistent network
connection for every C-mode filer address sent from
the AV connector. This eliminates the need to set up
an SMB session each time ServerProtect for Storage
opens a file in a C-mode filer for scanning.
Issue 19: [Hotfix 1169 EN]
The CMAgent stops responding when it receives certain
abnormal commands.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 19: CMAgent can now handle these abnormal commands.
Issue 20: [SPNT Hotfix 1465 EN]
An issue prevents the exclusion extensions setting
from working normally after the Normal Server
restarts.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 20: The issue has been resolved to ensure that the
exclusion extensions setting works normally.
Issue 21: [SPNT Hotfix 1467 JP]
The CMAgent for ServerProtect may stop unexpectedly
while running vulnerability scanner tools. This
happens if the CMAgent receives unexpected data from
any of the vulnerability scanner tools which then
trigger an exception error.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 21: The ServerProtect CMAgent can now handle the
exception, which helps prevent it from stopping
unexpectedly when it receives unexpected data from
vulnerability scanner tools.
Issue 22: [SPNT Hotfix 1468 JP]
The ServerProtect CMAgent stops unexpectedly after
starting simultaneously with Control Manager.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 22: The ServerProtect CMAgent now works normally.
Issue 23: [SPNAF Hotfix 1244 JP]
The "spntsvc.exe" service may stop unexpectedly while
attempting to free the "NtApRpc.dll" library when the
RPC scan threads are handling scan requests.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 23: ServerProtect now forces RPC scan threads to exit in
time when the"spntsvc.exe" service frees the
"NtApRpc.dll" library.
Issue 24: [Patch 1 1194 EN]
In email notifications of the ICAP storage, the
"Infection Source" section shows the Normal Server's
computer name.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 24: The "Infection Source" field now displays the IP
address of the storage server.
Issue 25: [Patch 1 1194 EN]
In log records of the ICAP storage, the "Infection
Source" section shows "None", and the "User" section
shows the IP address of the storage server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 25: The "Infection Source" field now shows the IP address
of the storage server while the "User" field shows the
IP address of the storage server in log records of the
ICAP storage.
Issue 26: [Patch 1 1194 EN]
Control Manager 7.0 cannot manually download the
patchagent for ServerProtect for Storage.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 26: The patchagent information has been added to the
profile that is sent to Control Manager.
8.2 Patch 2
===================================================================
8.2.1 Enhancements
===================================================================
The following enhancements are included in Patch 2:
Enhancement 1: [SEG-32649][Hotfix 1214 JP]
Information Server - This patch enables the
Information Server to verify the version
information of any Management Console that attempts
to connect to it. This helps ensure that the
correct Management Console version connects to the
Information Server.
NOTE: If your Management Console is not installed in the
same path as the Information Server, please refer
to Section 5.1 Installation for the steps to
replace files for the Management Console.
Enhancement 2: [SEG-32649][Hotfix 1214 JP]
Management Console - This patch enables the
Information Server to display its version
information in the Management Console middle tree
control list by default.
NOTE: The Management Console will be able to connect only
to an Information Server with the same version.
Enhancement 3: [SEG-32258][Hotfix 1214 JP]
CMAgent - This patch enables CMAgent to keep its
previous status (registered/unregistered) after a
hotfix is applied.
Enhancement 4: [SEG-40399][Hotfix 1224 JP]
Manual/Scheduled Scan - This patch adds an alert
log for instances when the last manual scan or task
scan did not complete normally.
Enhancement 5: [SEG-42430][Hotfix 1227 JP]
ICAP scan - This patch removes the file name
validation in ICAP mode.
Enhancement 6: [VRTS-3827][VRTS-5859][VRTS-6664]
[Critical Patch 1256 EN][Critical Patch 1284 EN]
This patch resolves some vulnerabilities.
Enhancement 7: [SEG-78499][Hotfix 1266 JP]
Storage Scan - This patch improves the scan
performance by allowing users to set the maximum
number of threads for sending scan results to each
storage device.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 7: To configure this option:
1. Install this patch (see "Installation").
2. Open a registry editor on the Normal Server.
3. Add the following key and set it to the
preferred maximum number of threads.
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\Engine\
Filers
Key: SendResultThreadsNumberForEachFiler
Type: DWORD
Value: maximum number of threads, the default
value is "1", supports any integer from
1 to 64.
4. Restart the Normal Server.
Enhancement 8: [VRTS-4737][VRTS-6226][Critical Patch 1268 EN]
Damage Cleanup Engine - This patch updates the
Damage Cleanup Engine (DCE) engine files to remove
certain vulnerabilities.
Enhancement 9: [VRTS-4600][Critical Patch 1268 EN]
Tmcomm Engine - This patch updates the Tmcomm
engine files to remove certain vulnerabilities.
Enhancement 10: [SEG-27595][SPNT Hotfix 1518 JP]
Management Console - This patch enables
ServerProtect to use an ellipsis (...) when
displaying server names that are too long in logs.
Enhancement 11: [SEG-60808][SPNT Critical Patch 1548 EN]
ActiveUpdate - This patch enables ServerProtect to
use HTTPS for component updates by Active Update.
Refer to the following KB for information on how to
configure customized security options:
https://success.trendmicro.com/solution/000253323
Enhancement 12: [SEG-48873][SPNAF Hotfix 1269 EN]
Scan Fail Log - This patch enables the Normal
Server to generate scan fail logs for
Manual/Scheduled Scan, Real-time Scan and Netapp
Storage Scan.
Enhancement 13: [SEG-66143][SPNAF Service Pack 1 Patch 2 1281 EN]
ActiveUpdate - This patch enables the network
send/receive timeout configuration for
ActiveUpdate.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 13: To configure this feature:
1. Install this patch (see "Installation").
2. Open the Registry Editor.
3. Add the following key in the Information Server:
32-bit Operating System:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\
InformationServer
64-bit Operating System:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
TrendMicro\ServerProtect\CurrentVersion\
InformationServer
Key: AUNetworkTimeout
Type: String(REG_SZ)
Value: timeout value (Seconds)
Enhancement 14: [SEG-66143][SPNAF Service Pack 1 Patch 2 1281 EN]
ActiveUpdate - This patch enables the network
connection timeout configuration for ActiveUpdate.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 14: To configure this feature:
1. Install this patch (see "Installation").
2. Open the Registry Editor.
3. Add the following key in the Information Server:
32-bit Operating System:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\
InformationServer
64-bit Operating System:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
TrendMicro\ServerProtect\CurrentVersion\
InformationServer
Key: AUConnectTimeout
Type: String(REG_SZ)
Value: timeout value (Seconds)
Enhancement 15: [SEG-122871]
Debug Log - This patch removes some strings that
contain password information from the debug log.
Enhancement 16: [SEG-123670]
Normal server Dump generation - This patch adds
dump generation feature when Normal Server crashes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 16: To enable this behavior:
1. Install this patch (see "Installation").
2. Open the Registry Editor.
3. Add the following keys:
Path: LOCAL_MACHINE\SOFTWARE\TrendMicro\
ServerProtect\CurrentVersion\
SpntService
Key: EnableDumpGeneration
Type: REG_DWORD
Value: The default value is "0", which disables
dump generation. Setting this key to "1"
enables dump generation.
Key: DumpPath
Type: REG_SZ
Value: Dump generation path (eg."C:\DumpFiles")
4. Restart the Normal Server service.
NOTES:
1. The feature works only when both keys are
set.
2. "DumpPath" should be set to an existing path.
Enhancement 17: [SEG-123670][SEG-127109]
Log Database File - This patch enables
ServerProtect to send a Windows event log
notification when the log database file behaves
abnormally.
Enhancement 18: [SEG-123138]
ActiveUpdate - This patch updates the error string
in the Message Box an engine or pattern file update
fails.
8.2.2 Resolved Known Issues
===================================================================
The following known issues are resolved in Patch 2:
Issue 1: [SEG-28895][Hotfix 1205 EN]
The Message Box notifications is disabled since
Microsoft(TM) Windows(TM) Server 2008.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This patch replaces the "NetMessageBufferSend"
function with Windows Terminal Services (WTS) API to
re-enable Message Box notifications on Windows Server
2008 and any later versions.
Please refer to the following KB link for more details
on how to use this feature:
https://success.trendmicro.com/solution/1120585
Issue 2: [SEG-34307][Hotfix 1214 JP]
Sometimes, the SPNTSVC process stops unexpectedly
because of an invalid memory access issue in
"tmnotify.dll".
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This patch resolves the issue by preventing the
invalid memory access issue.
Issue 3: [SEG-38240][Hotfix 1216 JP]
Sometimes, the "Message-ID" column in notification
email messages display duplicate message IDs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This patch resolves the issue by ensuring that
ServerProtect for Storage generates and assigns
unique message IDs.
Issue 4: [SEG-39038][Hotfix 1218 EN]
When users choose to deploy only pattern updates from
the Information Server to the Normal Server, the
pattern version in the "ISTag" key of the
corresponding ICAP response is not updated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 4: This patch ensures that the ICAP server responds
with the correct pattern version in the "ISTag" key
under the scenario described above.
Issue 5: [SEG-37036][Hotfix 1220 JP]
ServerProtect for Storage cannot deploy pattern files
if there is "Program" file under the C drive.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 5: This patch resolves the issue by ensuring that
ServerProtect for Storage could deploy pattern files
successfully.
Issue 6: [SEG-43807][Hotfix 1226 EN]
CMAgent sends incorrect operating system information
to Trend Micro Control Manager(TM) when the current
operating system is Windows Server 2019.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 6: This patch makes sure that CMAgent submits the
correct operating system information.
Issue 7: [SEG-42430][Hotfix 1227 JP]
The ICAP Scanner of ServerProtect for Storage
sometimes cannot extract the correct file name when
the full file path contains Japanese characters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 7: This patch ensures that ServerProtect for Storage
extracts the filenames correctly.
Issue 8: [SEG-52883][Hotfix 1243 EN]
Sometimes, file scan fails on Network Appliance
Cluster-Mode devices when the server name for
ServerProtect for Storage contains lowercase letters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 8: This patch ensures that file scans are successful
even when the server name for ServerProtect for
Storage contains lowercase letters.
Issue 9: [SEG-45992][Hotfix 1243 EN]
A "The specified network password is not correct"
error appears when users add devices with long domain
names on the Management Console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 9: This patch resolves this issue by extending the size
of the array that holds domain names.
Issue 10: [SEG-49268][Hotfix 1243 EN]
In "keep-alive" mode, ServerProtect for Storage may
respond with an "ICAP/1.0 501 Not implemented"
message even when the error occurred in the previous
ICAP request.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 10: This patch enables ServerProtect for Storage to
close the TCP connection after it sends the ICAP
error code response.
Issue 11: [SEG-67526][Critical Patch 1256 EN]
The Normal Server uninstallation mechanism does not
notify the Information Server.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 11: This patch ensures that the Information Server is
always notified of Normal Server uninstallation.
Issue 12: [SEG-70066][Hotfix 1259 EN]
The Normal Server notifies the EMC storage to flush
old pattern or engine files even if the pattern or
engine was not be updated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 12: This patch ensures that the Normal Server notifies
the EMC storage to flush old pattern or engine files
only after a successful pattern or engine update.
Issue 13: [SEG-82190][Critical Patch 1268 EN]
The ICAP server returns a "500 Server Error" code to
Nutanix when scanning certain zero size files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 13: This patch resolves this issue by updating the
scanning process.
Issue 14: [VRTS-4962][Critical Patch 1270 EN]
The ActiveUpdate module is affected by certain
vulnerabilities.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 14: This patch updates the ActiveUpdate module to resolve
the issue.
Issue 15: [SEG-91075][Hotfix 1273 EN]
A stack overflow issue causes the spntsvc service to
stop unexpectedly and prevents it from restarting.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 15: This patch resolves the stack overflow issue.
Issue 16: [SEG-98502][Hotfix 1279 EN]
Sometimes, the following error displays after users
click the "Download Now" icon on the Management
Console.
"Failed to complete this operation. Your file waiting
to be printed was deleted."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 16: This patch resolves this issue by enabling
ServerProtect to dynamically load the "TmUpdate.dll"
ActiveUpdate library.
Issue 17: [SEG-98747][Hotfix 1279 EN]
Sometimes, when a pattern or engine update runs during
a scheduled scan or manual scan, and fails, some
related files remain locked. This can cause the Normal
Server to stop responding.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 17: This patch resolves this issue by enabling
ServerProtect to release locked resources completely
after a pattern or engine update fails.
Issue 18: [SEG-100881][Hotfix 1279 EN]
Virus infection logs are not recorded in the Windows
Event log for the ICAP Scanner of ServerProtect for
Storage.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 18: This patch ensures that virus infection logs are
recorded in the Windows Event log for the ICAP
Scanner.
Issue 19: [SEG-105031][Critical Patch 1284 EN]
Sometimes, users cannot successfully add a
freshly-installed Normal Server to an Information
Server with a higher version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 19: This patch resolves this issue.
Issue 20: [SEG-107349][Critical Patch 1284 EN]
Sometimes, the Normal Server cannot start because the
DCE runs for too long after the system restarts.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 20: This patch resolves this issue by setting a time-out
value for waiting for the DCE to complete its run
after the system restarts.
Issue 21: [SEG-114346][Critical Patch 1284 EN]
Sometimes, RPC scan results are not sent to NetApp
ONTAP Antivirus Connector when there are too many scan
requests. Some of the scan requests remain in the scan
queue until time-out.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 21: This patch ensures that all the scan results are sent
to NetApp ONTAP Antivirus Connector.
Issue 22: [SEG-32642][SPNT Hotfix 1518 JP]
When the Information Server's home path is added to
the scan exclusion folder, it will be deleted
unexpectedly after ServerProtect downloads a component
update.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 22: This patch ensures that the Information Server's home
path is not deleted unexpectedly from the scan
exclusion folder while ServerProtect downloads
component updates.
Issue 23: [SEG-45591][SPNT Hotfix 1521 JP]
When the Information Server password is longer than
16 characters, silent installation fails.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 23: This patch ensures that silent installation runs
normally under the scenario described above.
Issue 24: [SEG-51168][SPNT Hotfix 1528 JP]
The status of a Normal Server appears as "service
stop" on the Control Manager web console but the
ServerProtect web console indicates that the Normal
Server is working normally.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 24: This patch resolves the issue by adding a validity
check when the MCP CMAgent receives the response for
the CMD_REGISTER command from the Information Server.
Issue 25: [SPFS-247][SPNAF Service Pack 1 Patch 2 1281 EN]
The Information Server version disappears from the
Management Console after the Information Server
restarts.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 25: This patch resolves this issue by enabling the
Management Console to refresh the version information
after the Information Server restarts.
Issue 26: [SEG-86584][SPNAF Hotfix 1294 EN]
Sometimes, the spntsvc service stops unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 26: This patch resolves this issue.
Issue 27: [SEG-127881]
CMAgent sends incorrect operating system information
to Control Manager when the current operating system
is Windows Server 2022.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 27: This patch makes sure that CMAgent submits the
correct operating system information.
Issue 28: [SEG-127460]
Sometimes, the Management Console stops unexpectedly
when it receives certain illegal messages.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 28: This patch resolves the issue by adding some validity
checks to ensure that the Management Console can
handle these messages.
9. Files Included in This Release
========================================================================
Module Filename Build No.
-------------------------------------------------------------------
32-bit Normal Server
AgRpcCln.dll 6.00.0.1816
AgentClient.dll 6.00.0.1816
Build.exe 2.86.0.4044
CheckEVC.dll 6.00.0.1816
CheckSecurityPatch.dll 6.00.0.1816
CheckUsr.dll 6.00.0.1816
DCE.dll 6.00.0.1816
DCEEvent.dll 6.00.0.1816
DCEOut.dll 6.00.0.1816
DllForWin2008.dll 6.00.0.1816
EventMsg2.dll 6.00.0.1816
GetRemoteVer.dll 6.00.0.1816
HDITakeAction.exe 6.00.0.1816
LogDb.dll 6.00.0.1816
LogDbTool.dll 6.00.0.1816
LogMaster.dll 6.00.0.1816
LogViewer.exe 6.00.0.1816
NetworkTrap.exe 6.00.0.1816
Notification.dll 6.00.0.1816
NtApRPC.dll 6.00.0.1816
NtIcapServer.dll 6.00.0.1816
Patch.exe 2.86.0.4044
RpcCrypt.dll 6.00.0.1816
SP5NSLst.ini n/a
SPCommonLog.dll 6.00.0.1816
SPLog.conf n/a
ScanNow.exe 6.00.0.1816
ServiceTray.exe 6.00.0.1816
SetDefaultMsg.dll 6.00.0.1816
SetDefaultMsgRc.dll 6.00.0.1816
SetUserInfo.exe 6.00.0.1816
SpTrace.dll 6.00.0.1816
SpntSvc.exe 6.00.0.1816
StCommon.dll 6.00.0.1816
StHotFix.exe 6.00.0.1816
StOPP.exe 6.00.0.1816
StRpcCln.dll 6.00.0.1816
StRpcSrv.dll 6.00.0.1816
StUpdate.exe 6.00.0.1816
StWatchDog.exe 6.00.0.1816
TMNotify.dll 6.00.0.1816
TmOpp.dll 6.00.0.1816
TmRpcSrv.dll 6.00.0.1816
TmUpdate.dll 2.86.0.4044
TmdMon.exe 6.00.0.1816
cert5.db n/a
ciuas32.dll 0.0.2075
ciussi32.dll 0.0.2074
eng50.dll 6.00.0.1816
expapply.dll 5.2.0
expbuild.dll 4.2.0
icrcauapi.dll 2.83.0.1044
libcrypto-3.dll 3.1.0
liblwtpciu32.dll 1.0.0.1005
libssl-3.dll 3.1.0
loadhttp.dll 1.32.0.1018
log4cxx.dll 10.0.1
log.conf n/a
TFTD.ini n/a
mfc140u.dll 14.0.23026.0
msvcp140.dll 14.00.23026.0
patchbld.dll 12.21
patchw32.dll 12.22
psmc.dll 8.42
rmvnssvc.exe 6.00.0.1816
spuninst.exe 6.00.0.1816
spuninstrc.dll 6.00.0.1816
startnssvc.exe 6.00.0.1816
tmeng.dll 6.800-1034
tsc.exe 7.5.0.1186
vcruntime140.dll 14.00.23026.0
VSAPI32.dll 21.600.0.1007
x500.db n/a
64-bit Normal Server
AgRpcCln.dll 6.00.0.1816
AgentClient.dll 6.00.0.1816
Build.exe 2.86.0.4044
CheckEVC.dll 6.00.0.1816
CheckSecurityPatch.dll 6.00.0.1816
CheckUsr.dll 6.00.0.1816
DCE.dll 6.00.0.1816
DCEEvent.dll 6.00.0.1816
DCEOut.dll 6.00.0.1816
DCEOut64.dll 6.00.0.1816
DllForWin2008.dll 6.00.0.1816
EventMsg2.dll 6.00.0.1816
GetRemoteVer.dll 6.00.0.1816
HDITakeAction.exe 6.00.0.1816
LogDb.dll 6.00.0.1816
LogDbTool.dll 6.00.0.1816
LogMaster.dll 6.00.0.1816
LogViewer.exe 6.00.0.1816
NetworkTrap.exe 6.00.0.1816
Notification.dll 6.00.0.1816
NtApRPC.dll 6.00.0.1816
NtIcapServer.dll 6.00.0.1816
Patch.exe 2.86.0.4044
RpcCrypt.dll 6.00.0.1816
SP5NSLst.ini n/a
SPCommonLog.dll 6.00.0.1816
SPLog.conf n/a
ScanNow.exe 6.00.0.1816
ServiceTray.exe 6.00.0.1816
SetDefaultMsg.dll 6.00.0.1816
SetDefaultMsgRc.dll 6.00.0.1816
SetUserInfo.exe 6.00.0.1816
SpTrace.dll 6.00.0.1816
SpTrace32.dll 6.00.0.1816
SpntSvc.exe 6.00.0.1816
StCommon.dll 6.00.0.1816
StHotFix.exe 6.00.0.1816
StOPP.exe 6.00.0.1816
StRpcCln.dll 6.00.0.1816
StRpcSrv.dll 6.00.0.1816
StUpdate.exe 6.00.0.1816
StUpdate_32.exe 6.00.0.1816
StWatchDog.exe 6.00.0.1816
TMNotify.dll 6.00.0.1816
TmOpp.dll 6.00.0.1816
TmRpcSrv.dll 6.00.0.1816
TmUpdate.dll 2.86.0.4044
TmdMon.exe 6.00.0.1816
cert5.db n/a
ciuas32.dll 0.0.2075
ciussi32.dll 0.0.2074
eng50.dll 6.00.0.1816
expapply.dll 5.2.0
expbuild.dll 4.2.0
icrcauapi.dll 2.83.0.1044
libcrypto-3-X64.dll 3.1.0
liblwtpciu32.dll 1.0.0.1005
libssl-3-X64.dll 3.1.0
loadhttp.dll 1.32.0.1018
log4cxx.dll 10.0.1
log.conf n/a
TFTD.ini n/a
mfc140u.dll 14.0.23026.0
msvcp140.dll 14.00.23026.0
patchbld.dll 12.21
patchw32.dll 12.22
psmc.dll 8.42
rmvnssvc.exe 6.00.0.1816
spuninst.exe 6.00.0.1816
startnssvc.exe 6.00.0.1816
tsc.exe 7.5.0.1186
tsc64.exe 7.5.0.1186
vcruntime140.dll 14.00.23026.0
VSAPI32.dll 21.600.0.1007
VSAPI64.dll 21.600.0.1007
x500.db n/a
Information Server and Management Console
Adm_enu.dll 6.00.0.1816
Admin.exe 6.00.0.1816
AgentClient.dll 6.00.0.1816
BIFSender.exe 6.00.0.1816
Build.exe 2.86.0.4044
CheckEVC.dll 6.00.0.1816
CheckSecurityPatch.dll 6.00.0.1816
CheckUsr.dll 6.00.0.1816
DeployTool.exe 6.00.0.1816
EarthAgent.exe 6.00.0.1816
EventMsg2.dll 6.00.0.1816
GetRemoteVer.dll 6.00.0.1816
ISReg.dll 1.0.0.1007
ISSetup.dll 28.0.759
NotifMsg.ini n/a
Notification.dll 6.00.0.1816
Patch.exe 2.86.0.4044
Quarantine.exe 6.00.0.1816
RemoteInstall.exe 6.00.0.1816
Rpc4Setup.dll 6.00.0.1816
RpcCrypt.dll 6.00.0.1816
SP5NSLst.ini n/a
SetUserInfo.exe 6.00.0.1816
SpTrace.dll 6.00.0.1816
SpnwClient.dll 6.00.0.1816
StCommon.dll 6.00.0.1816
StHotFix.exe 6.00.0.1816
StRpcCln.dll 6.00.0.1816
StUpdate.exe 6.00.0.1816
TMCrypt.dll 1.0.0.1007
TMNotify.dll 6.00.0.1816
TMReg.dll 1.0.0.1007
TmRpcSrv.dll 6.00.0.1816
TmUpdate.dll 2.86.0.4044
TmdMon.exe 6.00.0.1816
Tmnotify_v1.dll 6.00.0.1816
cert5.db n/a
ciuas32.dll 0.0.2075
ciussi32.dll 0.0.2074
data1.cab n/a
data1.hdr n/a
data2.cab n/a
dce-exe-mssign-v75-1186.zip n/a
dce-exe-mssign-x64-v75-1186.zip n/a
expapply.dll 5.2.0
expbuild.dll 4.2.0
icrcauapi.dll 2.83.0.1044
layout.bin n/a
libcrypto-3.dll 3.0.8
libcurl.dll 7.88.1
liblwtpciu32.dll 1.0.0.1005
libssl-3.dll 3.0.8
loadhttp.dll 1.32.0.1018
mfc140u.dll 14.0.23026.0
mfc80u.dll 8.00.50727.762
msvcp140.dll 14.00.23026.0
msvcp80.dll 8.00.50727.762
msvcr80.dll 8.00.50727.762
patchbld.dll 12.21
patchw32.dll 12.22
psmc.dll 8.42
rmvagsvc.exe 6.00.0.1816
setup.exe 6.0.0.0
setup.iss n/a
setup.inx n/a
0x0409.ini n/a
spuninst.exe 6.00.0.1816
spuninstrc.dll 6.00.0.1816
startagsvc.exe 6.00.0.1816
tmeng.dll 6.800-1034
tsc.exe 7.5.0.1186
tsc64.exe 7.5.0.1186
vcruntime140.dll 14.00.23026.0
x500.db n/a
zlibwapi.dll 1.2.11
Server+Protect+for+Storage+6.0+3P+Licenses+11.13.14.docx
ADM_ENU.chm n/a
MCP CMAgent
CMAgent.exe 6.00.0.1816
CMAgentLog.dll 6.00.0.1816
En_BlobConvertUtility.dll 5.0.0.2614
En_I18N.dll 5.0.0.2614
En_Utility.dll 5.0.0.2614
MySplashScreen.dll 6.00.0.1816
ProductLibrary.dll 6.00.0.1816
SSO_PKIHelper.dll 5.0.0.2614
TrendAprWrapperDll.dll 5.0.0.2614
cgiCmdNotify.exe 5.0.0.2614
libapr-1.dll 1.5.2
libcrypto-3.dll 3.0.8
libcurl.dll 7.88.1
libssl-3.dll 3.0.8
msvcp140.dll 14.00.23026.0
vcruntime140.dll 14.00.23026.0
zlibwapi.dll 1.2.11
ProductUI.zip
Patch Files
License.txt n/a
Readme.txt n/a
TMPatch.exe 2.2.0.1057
UpdateComponent.cmd n/a
hotfix.ini n/a
setup.ini n/a
10. Contact Information
========================================================================
A license to Trend Micro software usually includes the right to
product updates, pattern file updates, and basic technical support
for one (1) year from the date of purchase only. After the first
year, you must renew Maintenance on an annual basis at Trend Micro's
then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website
to download evaluation copies of Trend Micro products.
https://www.trendmicro.com/en_us/contact.html
NOTE: This information is subject to change without notice.
11. About Trend Micro
========================================================================
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative
security solutions that make the world safe for businesses and
consumers to exchange digital information.
Copyright 2024, Trend Micro Incorporated. All rights reserved.
Trend Micro, ServerProtect, Control Manager, and the t-ball logo
are trademarks of Trend Micro Incorporated and are registered in
some jurisdictions. All other marks are the trademarks or registered
trademarks of their respective companies.
12. License Agreement
========================================================================
View information about your license agreement with Trend Micro at:
https://www.trendmicro.com/en_us/about/legal.html
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide