Solved

WFBS 9.0 Issues

Posted on 2015-02-24
3
171 Views
Last Modified: 2015-03-11
This has been going on for quite some time on several customer's networks. On several of the workstations the tmlisten and ntrtscan services do not start when the computer boots or stop somewhere along the way. What good does it do to have virus software when the services either don't start or for some reason stop?
0
Comment
Question by:LockDown32
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40630335
in fact i see this in same context (with 2 more processes) stopped running. it is like "killing" Trend Micro Officescan w/o password but these can restart (if working expectedly), however, you likely able to change their executable file ext (c:\program files\trend micro\OfficeScan Client) to others e.g *.exe2...this kind of trying to remove TM. Meaning no protective service in next reboot cycle likely unless there is watchdog from TM to revert to clean slate always and minimally load into memory for the first time and stay there persistently - unless it is unload from memory like the instance below...probably the indepth effectiveness of the protection has to be clarified by their support.

taskkill /F /IM TmListen.exe
taskkill /F /IM NTRtScan.exe
taskkill /F /IM TmProxy.exe
taskkill /F /IM TmPfw.exe

This is an example using net stop for uninstalling.
http://www.chadfixit.com/scripting/automate-a-selent-trend-micro-officescan-uninstall-batch-file/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 40634083
Your response was a bit hard to understand Btan. I am looking for reasons that the tmlistem and/or the ntrtscan fail to start. I know how to stop and start services. I am trying to find out why they stop.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40634522
noted, as the query initially is what happened if they are stopped instead of why they are stopped. Of course, one rationale is the manual mean or intentional stopping, if that is disputed, then it is likely some ill intended stoppage as these stopping has intend to remove the AV and stop its scanning first as pre-requisites.

So let first if that is the OS doing and intended, there is debug log to see any traces e.g. for Ntrtscan and tmlisten inside ofcdebug.log depicted there is the pattern file (lpt$vpn.xxx) is either missing or corrupted. As in the link, it stated as common issue with clients installed from a Client Packager generated on the OfficeScan server.
http://esupport.trendmicro.com/solution/en-us/1059201.aspx

Just a note that the debug log need to be enable though in the "ofcdebug.ini", see this http://esupport.trendmicro.com/solution/en-us/1059202.aspx

There is also time when there is high CPU that can cause irregularity in the process esp encountered on computers installed with applications that have large files like SQL and VMWare. ONe wokaround stated is to disable the digital signature cache on the affected machine. http://esupport.trendmicro.com/solution/en-us/1060249.aspx

You can check out more to even consider if scan exclusions to apply for OfficeScan if that helps...
http://esupport.trendmicro.com/solution/en-us/1097788.aspx?name=recommended%20solutions%20to%20high%20cpu%20utilization%20caused%20by%20ntrtscan%20or%20dbserver.exe
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Web Browsers Start Page Hijacker 14 244
quarantine versus delete 6 89
Ransomware and encrypted backups 5 160
Measure time after installing Antivirus 8 105
12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question