Trend and the dog file

On January 28, 2006, in Security, by


 













Problem:   After deploying new OfficeScan clients, the user sees small executable files on the WINNT\Temp or Windows\Temp folder of the client machine. The size of the files is 169 KB and has random names. Also, the files have a small dog icon.
 
Solution:   The file is the OfficeScan Watchdog service on the anti-hacking mode. The Watchdog service keeps an eye on the OfficeScan client services. The Watchdog service also restarts the OfficeScan services when they are unexpectedly terminated due to hacker or virus attack. The anti-hack mode allows the Watchdog service to have random names to prevent viruses or other malicious threats from identifying the service and terminating it.

 

3 Responses to Trend and the dog file

  1. Cal says:

    But looks and acts suspiciously like a virus or other malcontent

  2. Q says:

    Agreed. I wasted 15 minutes during a support call tracking down thi randomly-named program running out of Windows\Temp. Yet another reason I’m not using Trend…

  3. sandi says:

    Many viruses now target antivirus and antispyware by searching for and renaming static named services. The file is randomly named to prevent such targeted attacks – other programmes use exactly the same routine to guard protective services (Rootkitrevealer being one that comes to mind). The icon is identical to ofcdog.exe (a Trend client file). It took me five minutes, tops, to work out what the file was.