Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

WFBS 9.0 Issues

Posted on 2015-02-24
3
Medium Priority
?
202 Views
Last Modified: 2015-03-11
This has been going on for quite some time on several customer's networks. On several of the workstations the tmlisten and ntrtscan services do not start when the computer boots or stop somewhere along the way. What good does it do to have virus software when the services either don't start or for some reason stop?
0
Comment
Question by:LockDown32
  • 2
3 Comments
 
LVL 65

Expert Comment

by:btan
ID: 40630335
in fact i see this in same context (with 2 more processes) stopped running. it is like "killing" Trend Micro Officescan w/o password but these can restart (if working expectedly), however, you likely able to change their executable file ext (c:\program files\trend micro\OfficeScan Client) to others e.g *.exe2...this kind of trying to remove TM. Meaning no protective service in next reboot cycle likely unless there is watchdog from TM to revert to clean slate always and minimally load into memory for the first time and stay there persistently - unless it is unload from memory like the instance below...probably the indepth effectiveness of the protection has to be clarified by their support.

taskkill /F /IM TmListen.exe
taskkill /F /IM NTRtScan.exe
taskkill /F /IM TmProxy.exe
taskkill /F /IM TmPfw.exe

This is an example using net stop for uninstalling.
http://www.chadfixit.com/scripting/automate-a-selent-trend-micro-officescan-uninstall-batch-file/
0
 
LVL 15

Author Comment

by:LockDown32
ID: 40634083
Your response was a bit hard to understand Btan. I am looking for reasons that the tmlistem and/or the ntrtscan fail to start. I know how to stop and start services. I am trying to find out why they stop.
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40634522
noted, as the query initially is what happened if they are stopped instead of why they are stopped. Of course, one rationale is the manual mean or intentional stopping, if that is disputed, then it is likely some ill intended stoppage as these stopping has intend to remove the AV and stop its scanning first as pre-requisites.

So let first if that is the OS doing and intended, there is debug log to see any traces e.g. for Ntrtscan and tmlisten inside ofcdebug.log depicted there is the pattern file (lpt$vpn.xxx) is either missing or corrupted. As in the link, it stated as common issue with clients installed from a Client Packager generated on the OfficeScan server.
http://esupport.trendmicro.com/solution/en-us/1059201.aspx

Just a note that the debug log need to be enable though in the "ofcdebug.ini", see this http://esupport.trendmicro.com/solution/en-us/1059202.aspx

There is also time when there is high CPU that can cause irregularity in the process esp encountered on computers installed with applications that have large files like SQL and VMWare. ONe wokaround stated is to disable the digital signature cache on the affected machine. http://esupport.trendmicro.com/solution/en-us/1060249.aspx

You can check out more to even consider if scan exclusions to apply for OfficeScan if that helps...
http://esupport.trendmicro.com/solution/en-us/1097788.aspx?name=recommended%20solutions%20to%20high%20cpu%20utilization%20caused%20by%20ntrtscan%20or%20dbserver.exe
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question