Solved

WFBS 9.0 Issues

Posted on 2015-02-24
3
141 Views
Last Modified: 2015-03-11
This has been going on for quite some time on several customer's networks. On several of the workstations the tmlisten and ntrtscan services do not start when the computer boots or stop somewhere along the way. What good does it do to have virus software when the services either don't start or for some reason stop?
0
Comment
Question by:LockDown32
  • 2
3 Comments
 
LVL 61

Expert Comment

by:btan
ID: 40630335
in fact i see this in same context (with 2 more processes) stopped running. it is like "killing" Trend Micro Officescan w/o password but these can restart (if working expectedly), however, you likely able to change their executable file ext (c:\program files\trend micro\OfficeScan Client) to others e.g *.exe2...this kind of trying to remove TM. Meaning no protective service in next reboot cycle likely unless there is watchdog from TM to revert to clean slate always and minimally load into memory for the first time and stay there persistently - unless it is unload from memory like the instance below...probably the indepth effectiveness of the protection has to be clarified by their support.

taskkill /F /IM TmListen.exe
taskkill /F /IM NTRtScan.exe
taskkill /F /IM TmProxy.exe
taskkill /F /IM TmPfw.exe

This is an example using net stop for uninstalling.
http://www.chadfixit.com/scripting/automate-a-selent-trend-micro-officescan-uninstall-batch-file/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 40634083
Your response was a bit hard to understand Btan. I am looking for reasons that the tmlistem and/or the ntrtscan fail to start. I know how to stop and start services. I am trying to find out why they stop.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40634522
noted, as the query initially is what happened if they are stopped instead of why they are stopped. Of course, one rationale is the manual mean or intentional stopping, if that is disputed, then it is likely some ill intended stoppage as these stopping has intend to remove the AV and stop its scanning first as pre-requisites.

So let first if that is the OS doing and intended, there is debug log to see any traces e.g. for Ntrtscan and tmlisten inside ofcdebug.log depicted there is the pattern file (lpt$vpn.xxx) is either missing or corrupted. As in the link, it stated as common issue with clients installed from a Client Packager generated on the OfficeScan server.
http://esupport.trendmicro.com/solution/en-us/1059201.aspx

Just a note that the debug log need to be enable though in the "ofcdebug.ini", see this http://esupport.trendmicro.com/solution/en-us/1059202.aspx

There is also time when there is high CPU that can cause irregularity in the process esp encountered on computers installed with applications that have large files like SQL and VMWare. ONe wokaround stated is to disable the digital signature cache on the affected machine. http://esupport.trendmicro.com/solution/en-us/1060249.aspx

You can check out more to even consider if scan exclusions to apply for OfficeScan if that helps...
http://esupport.trendmicro.com/solution/en-us/1097788.aspx?name=recommended%20solutions%20to%20high%20cpu%20utilization%20caused%20by%20ntrtscan%20or%20dbserver.exe
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now