Solved

WFBS 9.0 Issues

Posted on 2015-02-24
3
157 Views
Last Modified: 2015-03-11
This has been going on for quite some time on several customer's networks. On several of the workstations the tmlisten and ntrtscan services do not start when the computer boots or stop somewhere along the way. What good does it do to have virus software when the services either don't start or for some reason stop?
0
Comment
Question by:LockDown32
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40630335
in fact i see this in same context (with 2 more processes) stopped running. it is like "killing" Trend Micro Officescan w/o password but these can restart (if working expectedly), however, you likely able to change their executable file ext (c:\program files\trend micro\OfficeScan Client) to others e.g *.exe2...this kind of trying to remove TM. Meaning no protective service in next reboot cycle likely unless there is watchdog from TM to revert to clean slate always and minimally load into memory for the first time and stay there persistently - unless it is unload from memory like the instance below...probably the indepth effectiveness of the protection has to be clarified by their support.

taskkill /F /IM TmListen.exe
taskkill /F /IM NTRtScan.exe
taskkill /F /IM TmProxy.exe
taskkill /F /IM TmPfw.exe

This is an example using net stop for uninstalling.
http://www.chadfixit.com/scripting/automate-a-selent-trend-micro-officescan-uninstall-batch-file/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 40634083
Your response was a bit hard to understand Btan. I am looking for reasons that the tmlistem and/or the ntrtscan fail to start. I know how to stop and start services. I am trying to find out why they stop.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40634522
noted, as the query initially is what happened if they are stopped instead of why they are stopped. Of course, one rationale is the manual mean or intentional stopping, if that is disputed, then it is likely some ill intended stoppage as these stopping has intend to remove the AV and stop its scanning first as pre-requisites.

So let first if that is the OS doing and intended, there is debug log to see any traces e.g. for Ntrtscan and tmlisten inside ofcdebug.log depicted there is the pattern file (lpt$vpn.xxx) is either missing or corrupted. As in the link, it stated as common issue with clients installed from a Client Packager generated on the OfficeScan server.
http://esupport.trendmicro.com/solution/en-us/1059201.aspx

Just a note that the debug log need to be enable though in the "ofcdebug.ini", see this http://esupport.trendmicro.com/solution/en-us/1059202.aspx

There is also time when there is high CPU that can cause irregularity in the process esp encountered on computers installed with applications that have large files like SQL and VMWare. ONe wokaround stated is to disable the digital signature cache on the affected machine. http://esupport.trendmicro.com/solution/en-us/1060249.aspx

You can check out more to even consider if scan exclusions to apply for OfficeScan if that helps...
http://esupport.trendmicro.com/solution/en-us/1097788.aspx?name=recommended%20solutions%20to%20high%20cpu%20utilization%20caused%20by%20ntrtscan%20or%20dbserver.exe
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Secure/Block uploads to ftp server 8 128
Is there a free online virus scanner for emails? 1 38
optimal method deal ransomware in files folders 9 132
VMware Black Screen 13 119
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question