Trend Micro Incorporated
December 2023

Trend Micro™ Worry-Free Business Security Services™
Version 6.7

NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com.

Contents

1. About Worry-Free Business Security Services

2. What's New

3. Documentation Set

4. Security Agent System Requirements

5. Known Issues

6. Contact Information

7. About Trend Micro

8. License Agreement

1. About Worry-Free Business Security Services

Trend Micro™ Worry-Free Business Security Services™ for small offices protects multiple Windows computers, Macs, and Android devices located in or out of the office from viruses and other threats from the web. Unique Web Threat Protection stops threats before they reach devices and inflict damage or steal data. This safer, smarter, simpler protection from web threats will not cause devices to slow down. You can centrally manage security from anywhere without the need to add a server, install server software, configure settings, or maintain updates. Trend Micro security experts host and constantly update the service for you. Trend Micro™ Worry-Free Business Security Services™ is:

Back to top

2. What's New

Visit the following website for a complete list of new features and enhancements:

https://docs.trendmicro.com/en-us/smb/worry-free-business-security-services-67-server-help/wfbs-new-in-this-rel.aspx

Back to top

3. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

In addition to this Readme file, the documentation set for this product includes the following:

Back to top

4. Security Agent System Requirements

The Worry-Free Business Security Services Security Agent can be installed on Microsoft Windows, Mac OS, iOS, or Android platforms. The Security Agent is also compatible with various third-party products.

Visit the following website for a complete list of system requirements and compatible third-party products:

https://docs.trendmicro.com/en-us/smb/worry-free-business-security-services-67-server-help/security-agent-insta_001/preparation/wfbs-svc-system-requ.aspx

Back to top

5. Known Issues

Known issues in this release:

Web Console Known Issues

  1. When the following conditions apply, newly encountered programs downloaded from the web are logged as "email client" in the Source field.

    • The end user's file system is in FAT32 format.

    • The Prompt users before executing newly encountered programs downloaded through HTTP or email applications (Server platforms excluded) setting is enabled in POLICIES > Global Security Agent Settings > Security Settings on the Worry-Free Business Security Services web console.

  2. After Windows 10 users uninstall the Security Agent, Windows Defender does not turn on automatically.

  3. If users click the web console URL in an email notification without signing into the web console first, users are redirected to the Sign In screen. After signing in, users have to click the web console URL in the email notification again to be redirected to the log events screen.

  4. If users sign into the web console using Account A and then click the web console URL in an email notification configured in Account B, Worry-Free Business Security Services automatically signs out Account A. To view the log events, sign in using Account B and then click the web console URL in the email notification again.

  5. Issue: Once the Worry-Free Business Security Services license has expired, BitLocker automatically triggers the decryption process on managed endpoints. If the endpoints happen to be in Suspended or Locked status, BitLocker cannot decrypt the endpoints.

    Workaround: Resume BitLocker protection or unlock the endpoint, and then uninstall the Security Agent to trigger the decryption process again.

  6. The "JavaScript Required" screen cannot display in Google Chrome. Users must click the Submit button on the screen to see the content.

  7. The Security Agents screen cannot display the Wi-Fi and Bluetooth MAC addresses of Android 7.0 devices.

  8. When a synchronization issue occurs in one of the Active Directory domains, synchronization with other domains also stops. Synchronization resumes once the issue is resolved.

  9. After uninstalling the Common Active Directory Synchronization Tool, the file containing the Active Directory settings still exists on the endpoint.

  10. The Unsupported Operating Systems group appears in the Security Agent Tree only when Security Agents that meet the following conditions are found:

    • Windows Security Agent version 6.3.1283 or later

    • Run unsupported operating systems

    After upgrading the Worry-Free Business Security Services web console to version 6.7, users must reload these Security Agents to appear in the Unsupported Operating Systems group.

  11. The Common Active Directory Synchronization Tool does not support IPv6.

  12. Azure Active Directory (Azure AD) integration does not provide domain or user information the same way as Active Directory Server integration. Windows Security Agents synchronized through Azure AD cannot display the domain name in the Domain column in Manual Groups.

 

Windows Security Agent Known Issues

Security Agent Deployment and Upgrade

  1. When the following conditions apply, the proxy server information needs to be added to the firewall exception list in the Worry-Free Business Security Services web console.

    • Endpoints are installed on Windows 8, Windows Server 2012, or later and use a proxy server.

    • The firewall security level is set to High in the advanced mode in the Worry-Free Business Security Services web console.

  2. Endpoints may lose network connection temporarily during installation.

  3. Users cannot deploy the Security Agent program when Internet Explorer 10 or later is running in Metro mode on Windows 8 or later.

  4. The email installation link does not work properly when users try to re-activate the Security Agent using Microsoft Edge. However, Microsoft intends to resolve this issue in a later release.

  5. After users install the Security Agent and then open Firefox, sometimes the Firefox extension installation process does not start. Users need to manually enable the extension in Add-ons Manager.

  6. Issue: The Security Agent cannot upgrade to version 6.7 if Microsoft Visual C++ 2019 Runtime cannot install successfully on the endpoint. Operating systems that do not meet the prerequisites for the Universal C Runtime (CRT) update might take a long time to complete Microsoft Visual C++ 2019 Runtime installation. For more information on the update, see https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170.

    Workaround: Install the latest Windows Update or the Universal CRT update (2999226) on the endpoint so that Microsoft Visual C++ 2019 Runtime can install successfully during the regular Security Agent upgrade process.

Security Agent

  1. If the Security Agent is enabled and a malware program resides in the Security Agent folder before Real-time Scan starts, the Security Agent cannot restrict that malware from updating the registry.

  2. On Windows 10 endpoints, Worry-Free Business Security Services alerts may be hidden behind the Microsoft Edge browser window. Users must check for any unauthorized event or threat alerts that may appear.

  3. If the Security Agent is installed on a Windows endpoint running Enhanced Mitigation Experience Toolkit (EMET), there might be some performance and conflict issues. Trend Micro recommends not installing the Security Agent and Microsoft EMET on the same endpoint.

  4. Issue: If users have installed Windows Update KB3076895 (MS15-084), the Msxml6.dll 6.20.5008.0 file included in the update might cause issues in the TmListen.exe service and policy setting deployments.

    Workaround: Install Windows Update KB3092627 or later to update the Msxml6.dll file.

  5. When multiple logon sessions exist on an endpoint, some agent process files might crash after an agent upgrade. Users might need to manually start the Security Agent.

  6. Security Agents running Windows Server 2016 (or later) cannot report security statuses to Windows Security Center because Windows Server 2016 (or later) does not provide the Windows Security Center service. If Windows Defender is enabled on Windows Server 2016 (or later) with the Security Agent installed, performance issues may occur. Trend Micro recommends disabling Windows Defender before installing the Security Agent.

  7. The following NT Event Log is generated when a Security Agent computer shuts down or restarts.

    Event ID: 7043

    Level: Error

    Message: The Trend Micro Security Agent Listener service did not shut down properly after receiving a preshutdown control.

  8. Security Agents are not able to use the proxy exception list configured in Windows.

Firewall

  1. During Security Agent installation or firewall driver uninstallation, the endpoint may temporarily lose its network connection. Some applications, such as Secure Shell (SSH), Terminal Services Client, or Remote Desktop could be affected by the disconnection. If the network connection is lost, restart the application after installing the Security Agent or after disabling the firewall.

  2. The Security Agent firewall may conflict with other firewall applications. Trend Micro recommends uninstalling or disabling other firewall applications.

  3. On VMware clients, the Security Agent firewall may block all incoming packets.

    To address this issue, add the following value to the VMware client registry:

    • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\PFW

    • Name: EnableBypassRule

    • Type: REG_DWORD

    • Data: 1

Web Reputation and URL Filtering

  1. When running Internet Explorer 9 or later with Internet Explorer Enhanced Security Configuration, the Web Reputation plug-in module (TmIEPlugInBHO Class) cannot be automatically applied. Risky URLs using SSL cannot be blocked.

  2. Web Reputation Services and URL Filtering are not supported when Internet Explorer 10 or later is running in Metro mode on Windows 8 or later.

  3. Issue: If Chrome is open while the Security Agent updates Web Reputation Services and URL Filtering components, the Security Agent will not be able to block HTTPS websites.

    Workaround: Restart Chrome to resolve the issue.

  4. If proxy settings are configured on Windows 10, HTTPS Web Threat Protection cannot work on Microsoft Edge.

Windows Small Business Server Dashboard Add-In Tool

  1. Dashboard Add-in is not compatible with Internet Explorer Enhanced Security Configuration. Ensure this option is disabled before opening the Dashboard.

Login Script Setup Tool

  1. Endpoints installed on Windows Vista or later and have User Account Control (UAC) enabled cannot run automatic installation.

Device Control

  1. Multiple log entries appear when a user tries to access or copy files to a USB device. Device Control detects each instance as a single policy violation but includes multiple entries in the logs to differentiate the OS versions.

  2. Device Control supports all 32-bit operating systems and only the following 64-bit platforms: Windows Vista SP1 x64 and later.

  3. New folders can still be created on restricted USB storage devices when the permission is set to List device content only.

Application Control

  1. When using HTML tags that might be exploited by Cross-Site Scripting (XSS) attacks to search in the Certified Safe Software List, the search function ignores the tags to prevent script injections.

  2. When multiple logon sessions exist on an endpoint, the Application Control feature will increase CPU usage for a while.

Full Disk Encryption

  1. BitLocker cannot encrypt endpoints that run multiple operating systems when users install Windows 7 first and then install Windows 10. In this scenario, the default system partition size on both operating systems will be 100 MB, but BitLocker requires at least 350 MB of system partition size on Windows 10.

Data Loss Prevention

  1. When uninstalling the Security Agent with Data Loss Prevention enabled, users must restart the endpoints to completely remove the Data Loss Prevention components. Currently there is no reminder of the requirement.

    If users try to reinstall the Security Agent without restarting the endpoints, the Data Loss Prevention components cannot be installed until users restart the endpoints. After reinstalling the Data Loss Prevention components, users must restart the endpoints again.

  2. The Device List Tool only supports the following languages:

    • English

    • Japanese

    • Simplified Chinese

    • Traditional Chinese

  3. Data Loss Prevention cannot detect violations triggered from Google Backup and Sync 3.42.9858.3671 or later.

Endpoint Sensor

  1. If a Command line criteria contains spaces in an assessment, the endpoint that triggered the command cannot be matched.

  2. The root cause analysis view cannot display in Internet Explorer when Compatibility View is enabled.

  3. Although fileless malware detection includes Windows Management Instrumentation (WMI), IOC does not support WMI. Running a threat investigation from WMI logs does not return matched objects.

Sample Submission

  1. Sample Submission cannot exclude document files that already exist in the Scan Exclusion Lists for Manual Scan.

 

Mac Security Agent Known Issues

  1. The Security Agent does not support root accounts.

  2. Issue: After upgrading from macOS Sierra (10.12) to macOS High Sierra (10.13), users must click the Allow button in System Preferences > Security & Privacy > General within 30 minutes. Otherwise, the button will disappear.

    Workaround: Restart the endpoint so that the Allow button can reappear.

  3. Mac Device Control detailed logs cannot display device information (vendor, model, and serial ID).

  4. Issue: The Full Disk Access feature introduced in macOS Mojave (10.14) may cause compatibility issues. Full Disk Access requires the Security Agent to be given full permission to access a user's data on the endpoint.

    Workaround: Manually allow the Security Agent to access data on the endpoint.

    For more information, see https://success.trendmicro.com/solution/1122542-preventing-compatibility-issues-in-macos-mojave-10-14-with-worry-free-business-security-services

  5. If the required browser extension is not installed, the end user's browser on macOS Big Sur does not display a blocking page when a Web Reputation or URL Filtering detection occurs. The website that the user attempted to visit is still blocked, and the detection log is recorded.

 

Android Security Agent Known Issues

  1. Worry-Free Business Security Services cannot be installed on rooted Android devices.

  2. On an Android device, if the user goes to Settings > Apps > Worry-Free Security > Storage and taps CLEAR CACHE, the Security Agent might not be able to connect to the server to receive updates. The user would need to re-enroll the device.

  3. If other installed apps interfere with the device's network connection, the Security Agent might not be able to connect to the server to receive updates.

  4. When using the "Remote Locate" feature to find a mobile device, the language code (for example: en, jp, fr) that displays in the browser for the embedded Google Maps may not be the same as the language used by the web console.

  5. Worry-Free Business Security Services uses Firebase Cloud Messaging (FCM) for Android mobile device management commands. Commands sent to Android devices can take some time to be received, or the commands may be unsuccessful.

  6. If multiple device administrators manage a single Android device, some commands may not be successful (for example: reset password). Worry-Free Business Security Services uses the Android Device Administrator for mobile device management commands. When more than one Device Administrator exists for the same Android device, the stricter policy on the device has priority. For example, if two apps both require users to follow a password policy, only the stricter policy is applied.

  7. For Android devices that contain multiple user profiles, the Security Agent can only be installed in the owner's profile. An error occurs when users try to install the Security Agent in other user profiles.

  8. The Reset Password command can only apply once to Android 7 or later devices that have not set up a password.

  9. The accessibility permission for Worry-Free Business Security Services may be disabled during the Security Agent program upgrade process or when the device becomes unresponsive. When this issue occurs, Android displays a notification to prompt you to set the required accessibility permission.

  10. After scanning the QR code or clicking the URL to install the Android Security Agent through Managed Google Play, the system does not automatically sign in. To manually sign in, scan the QR code using the Security Agent or click the URL on the Android device again.

iOS Security Profile Known Issues

  1. Worry-Free Business Security Services uses the Apple Push Notification service (APNs) for iOS mobile device management commands. Commands sent to iOS devices can take some time to be received, or the commands may be unsuccessful.

  2. If the Private Browsing feature in Safari is enabled (https://support.apple.com/en-ph/HT203036), iOS devices may not successfully complete device enrollment.

  3. Users cannot install the Security Profile when the iOS device uses a proxy server to connect to the Internet.

  4. Installing the Security Profile on iPadOS devices requires that the Request Mobile Website setting is enabled in Safari on the iPadOS devices.

  5. Users cannot install the Security Profile on an iOS device if the device is registered to an Azure Active Directory (AAD).

Back to top

6. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

http://www.trendmicro.com/us/about-us/contact/index.html

NOTE: This information is subject to change without notice.

Back to top

7. About Trend Micro

Smart, simple, security that fits

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information

Copyright 2022, Trend Micro Incorporated. All rights reserved.

Trend Micro, Worry-Free Business Security Services, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.

Back to top

8. License Agreement

View information about your license agreement with Trend Micro at:

http://www.trendmicro.com/us/about-us/legal-policies/license-agreements

License Attributions can be viewed from the Worry-Free Business Security Services web console.

Back to top