Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

WFBS 9.0 Issues

Posted on 2015-02-24
3
Medium Priority
?
190 Views
Last Modified: 2015-03-11
This has been going on for quite some time on several customer's networks. On several of the workstations the tmlisten and ntrtscan services do not start when the computer boots or stop somewhere along the way. What good does it do to have virus software when the services either don't start or for some reason stop?
0
Comment
Question by:LockDown32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Expert Comment

by:btan
ID: 40630335
in fact i see this in same context (with 2 more processes) stopped running. it is like "killing" Trend Micro Officescan w/o password but these can restart (if working expectedly), however, you likely able to change their executable file ext (c:\program files\trend micro\OfficeScan Client) to others e.g *.exe2...this kind of trying to remove TM. Meaning no protective service in next reboot cycle likely unless there is watchdog from TM to revert to clean slate always and minimally load into memory for the first time and stay there persistently - unless it is unload from memory like the instance below...probably the indepth effectiveness of the protection has to be clarified by their support.

taskkill /F /IM TmListen.exe
taskkill /F /IM NTRtScan.exe
taskkill /F /IM TmProxy.exe
taskkill /F /IM TmPfw.exe

This is an example using net stop for uninstalling.
http://www.chadfixit.com/scripting/automate-a-selent-trend-micro-officescan-uninstall-batch-file/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 40634083
Your response was a bit hard to understand Btan. I am looking for reasons that the tmlistem and/or the ntrtscan fail to start. I know how to stop and start services. I am trying to find out why they stop.
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40634522
noted, as the query initially is what happened if they are stopped instead of why they are stopped. Of course, one rationale is the manual mean or intentional stopping, if that is disputed, then it is likely some ill intended stoppage as these stopping has intend to remove the AV and stop its scanning first as pre-requisites.

So let first if that is the OS doing and intended, there is debug log to see any traces e.g. for Ntrtscan and tmlisten inside ofcdebug.log depicted there is the pattern file (lpt$vpn.xxx) is either missing or corrupted. As in the link, it stated as common issue with clients installed from a Client Packager generated on the OfficeScan server.
http://esupport.trendmicro.com/solution/en-us/1059201.aspx

Just a note that the debug log need to be enable though in the "ofcdebug.ini", see this http://esupport.trendmicro.com/solution/en-us/1059202.aspx

There is also time when there is high CPU that can cause irregularity in the process esp encountered on computers installed with applications that have large files like SQL and VMWare. ONe wokaround stated is to disable the digital signature cache on the affected machine. http://esupport.trendmicro.com/solution/en-us/1060249.aspx

You can check out more to even consider if scan exclusions to apply for OfficeScan if that helps...
http://esupport.trendmicro.com/solution/en-us/1097788.aspx?name=recommended%20solutions%20to%20high%20cpu%20utilization%20caused%20by%20ntrtscan%20or%20dbserver.exe
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question