Monthly Archives: September 2010

Trend Micro WFBS – Excessive Policy Violation Detected Notification

 Users of Trend Micro Worry Free Business Security Standard and Advanced (SP1 and SP2) ran into a bit of a surprise over the last 24 hours or so. If you are getting messages of 
“Unauthorized changes blocked” for the TMBSRV.exe process (Unauthorized changes blocked! Client/Server Security Agent has blocked the following programs to protect your computer. To unblock the programs, contact your administrator), then you need to run the hotfix provided this afternoon (9/21/2010) from Trend Micro:



Details are at http://esupport.trendmicro.com/4/Behavior-Monitoring-blocks-the-TMBMSRVexe-process.aspx.
To address the problem, please apply Critical Patch Build 3221. You can download it from the following links.
Critical Patch Build 3221 for Worry-Free Business Security Standard/Advanced 6.0 SP1 or SP2
Readme
 
A workaround that appears to be working according to Kevin Royalty is:


Disabling Behavior Monitoring in the Trend console, then updating the client machines either by update now or let them auto update. Turn Behavior Monitoring back on after they have updated.


http://community.trendmicro.com/t5/Business-Security-Forum/Mass-Policy-Violations-from-TMBMSRV-exe/td-p/14038/page/8

What’s all this about Windows Intune?

Come find out tonight as Paul Bourgeau, the lead for Microsoft’s Windows Intune project (www.windowsintune.com) will be speaking with the Puget Sound Small Business Server (PSSBS) group, followed by a general group discussion.


6 PM at Microsoft’s  Lincoln Square offices in Bellevue, WA. We’ll be serving up pizza tonight, so bring $5 to help cover the cost. Soft drinks, juice, and coffee (and the room) will be provided by Microsoft.


Our meetings are the third Thursday of each month and are held at Microsoft’s Lincoln Square offices in downtown Bellevue (700 Bellevue Way NE – Lincoln Square, Bellevue, WA 98004).
Park in the Lincoln Square garage and meet at the elevators on the first floor by 6 PM to head up to the meeting (take a ticket when you enter the garage, but parking will be free for the evening).
Meeting times are 6:00 PM – 8:30 PM.


Check out PSSBS online at our various hangouts:


http://www.pssbs.org

http://groups.yahoo.com/group/pssbs/join

http://www.linkedin.com/groups?gid=2145158

http://www.facebook.com/group.php?gid=103175053982

Manually uninstalling the Worry-Free Remote Manager (WFRM) 1.0 / 2.0 Agent

When upgrading to WFBS and WFBSA 6.x from previous versions of Trend Micro WFBS and CSM for SMB, I’ve had multiple times where the Worry-Free Remote Manager Agent install fails and gives the following pop-up error:



Unable to load Library C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}\zlib1.dll.



If you run across this, Trend has a great KB that will walk you through doing a manual removal. If you keep the GUID in your Worry Free Remote Management Console, then you can do a copy and paste into the new install of the agent and you’ll be set.



If you don’t feel like clicking through to the KB, here’s a copy of it as of 9/8/2010:



Manually uninstalling the Worry-Free Remote Manager (WFRM) 1.0 / 2.0 Agent 
 
Solution ID: EN-1035023
Product: Client Server Messaging Security for SMB – 3.5, 3.6; Client Server Security for SMB – 3.5, 3.6; Worry-Free Remote Manager – 1.0
Operating System: Windows Server 2003 Standard Edition – SP1; Windows 2000 Server – SP4
Published: 4/3/2009 1:00 AM 
 
 
Solution: Public


——————————————————————————–


Please do the following:
 
     
1. Stop the Trend Micro Worry-Free Remote Manager Agent service.


   a. Click Start > Run.
        
   b. Type “cmd” on the command line and then press the Enter key.
        
      Run this command:   
      net stop Trend Micro Worry-Free Remote Manager Agent
 
     
2. Remove the Trend Micro Worry-Free Remote Manager Agent service.
        
   a. On the command line, use the change directory (cd) command to go to the WFRM Agent directory.
        
   b. Run this command:
        
      TMICAgent -u
     
3. Remove the program files.
     
   Delete [agent install directory] – WFRMAgentForCSM
     
4. Open the Registry Editor (regedit.exe) and then remove these registry keys:
     
   Important:Always create a backup before modifying the registry. Incorrect registry changes may cause serious issues. Should this occur, restore it by referring to the “Restoring the Registry” Help topic in Regedit.exe or the “Restoring a Registry Key” Help topic in Regedt32.exe.
     
   •  HKEY_OCAL_MACHINE\SOFTWARE\TrendMicro\TMIC4CSM\Agent\…
        
   •  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ 23FC8F347B51DD440AD13A73D13A73D22D58E6
        
   •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23FC8F347B51DD440AD13A73D13A73D22D58E6
        
   •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}
        
   •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}
        
   •  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_\{43F8CF32-15B7-44DD-A01D-A3372DD2856E}
     
5. Remove the WFRM Agent shortcut from the Start menu.
        
   a. On the desktop, click My Computer.
   b. Change the current directory to ..\Documents and Settings\All Users\Start Menu\Programs.
   c. Delete the Worry-Free Remote Manager Agent folder.