Deploy the Trend Worry Free Business Client via Group Policy

KB ID 0000491

Problem

Trend Worry Free is a nice product, though to deploy the client software out to your machines, you need them to be switched on, have the firewalls off, and the remote registry service running. You can of course connect the clients to the web portal and install the client on a machine by machine basis, (default https://servername:4343), but if you are rolling out a lot of machines this can get tedious.

So you can either script the install or use Group Policies.

Solution

1. Firstly you need to create the install file, on the server that Worry Free is installed navigate to;

[box]

Worry Free Version 7

C:\Program Files (x86)\Trend Micro\Security Server\Admin Utility Client Packager

Worry Free Version 8

C:\Program Files (x86)\Trend Micro\Security Server\PCCSRV\Admin Utility ClientPackager\

[/box]

Locate the ClnPack.exe file and run it.

2. We want a setup package, select your platform, I want it to install silently and NOT to do a prescan. Save the output file somewhere you can find it and click “Create”.

3. Note: If have x64 bit clients that you are also going to deploy software to, you will need to repeat the process and create another package for x64 bit installations as well.

How to Tell if Windows is 32 or 64 bit

You can use a WMI filter to make sure the right policies apply to the right clients;

Using 32 and 64 Bit WMI Filters For Group Policy

4. After a while it should say it was successful, close down the client packager.

5. Create a network share and allow the “Everyone Group” read access to it, then copy the setup file you created above into this share.

6. On a domain controller, Start > Administrative tools > Group Policy Editor > Either edit an existing policy or create a new one. (Remember it’s a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).

Navigate to:

[box] Computer Configuration > Policies > Software installation [/box]

And create a new package.

7. Browse to the UNC path of the setup file DO NOT browse to the local drive letter!

8. Set as “Assigned” > OK.

9. Make Sure: That if you have x64 bit clients, you open the advanced properties of this package, and remove the option to deploy this software to x64 bit clients.

10. Repeat the process for the x64 bit client if you also have x64 bit machines.

11. Close the policy and group policy editor window.

12.  Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Related Articles, References, Credits, or External Links

Original article written 11/08/11

Trend Micro (Worry-Free Business Security) Cannot Remove Agent

KB ID 0000630 

Problem

While working on a badly Malware affected server the other day, I tried to resurrect the Trend Micro Security Agent. It refused to run, so I attempted to remove it. Then I could reinstall it cleanly. (I knew the password that it required for removal). However this it what happened when I tried;

Trend Micro Worry-Free Business Security Agent Setup
Unable to Uninstall

An error has stopped the removal of the Trend Micro Worry-Free Business Security Agent. No changes have been made to this computer. Please contact Trend Micro for help.

Click the button below to close this window.

Solution

This procedure was carried out on Worry-Free Business Security Version 7.

1. Download and extract this zip file, (password novirus) to your desktop.

2. Run the SA_Uninstall_2360.exe file, it will create a folder on your desktop called SA_Uninstall.

3. Open that folder and run the ‘uninstall.bat’ file.

4. Press a key when prompted, then enter ‘Y’ to reboot.

5. Post reboot, I went back to Add/Remove programs, and it was still there! however now it let me uninstall it without error.

6. I now went to the server running the Worry-Free console, and pushed out a fresh agent to this machine, updated it, and did a full manual scan.

Related Articles, References, Credits, or External Links

NA

Outlook Error 0x800CCC0F – Using POP3 To Exchange – Behind a Cisco CSC (Trend InterScan) Module

KB ID 0000642 

Problem

I upgraded a clients firewall and CSC software a couple of weeks ago, and ever since “some” users saw the following errors,

Error 0x800CCC0F

Task ‘{email address} – Sending’ reports error (0x800CCC0F): #The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).’

Eventually it would time out altogether with the following error,

Error 0x800CCC0B

Task ‘{email address} – Sending’ reported error (0x800CCC0B): ‘Unknown Error 0x800CCC0B’

Solution

All I could discern from Googling the error, was that the AV (In this case the Trend Micro InterScan for Cisco CSC SSM), in the Cisco CSC Module) was probably the culprit.

I tried stopping the POP3 Service on the CSC that did NOT fix the error.

I confirmed that the CSC module was the root cause of the problem, by disabling the entire module with the following command on the Cisco ASA firewall;

[box]hw-module module 1 shutdown[/box]

Warning: If you do this, your CSC settings must be set to “csc fail-open” or web and email traffic will stop! Once you have confirmed this IS the problem you can re-enable the module with the following command.

[box]hw-module module 1 reset[/box]

I tried from my office and it worked fine, I could not replicate the error, I tried from various servers and Citrix box’s from other clients who kindly let me test from their network. Still I could not replicate the error! I went home and that was the first time I could see the same error their users were seeing. Sadly this led me on a wild goose chase, (I use Outlook 2007 at home and Outlook 2010 everywhere else so I (wrongly) assumed that was the problem).

Breakthrough!

As I could now replicate the error, I could at least do some testing, I attempted a send/receive and looked at the CSC Logging.

Note: To view CSC Logging, connect to the ASDM > Monitoring > Logging > Trend Micro Content Security > Continue > Enter the password > OK > View.

Every time it failed, I saw my public IP being logged with a RejectWithErrorCide-550 and RBL-Fail,QIL-NA. At last something I could work with.

This error indicates a problem with the Email Reputation system, I logged into the CSC web management console > and located this.

Then I disabled the ‘SMTP Anti-spam (Email Reputation)’, and everything started to work.

Conclusion

I understand the need for this system, but the nature of POP3 email clients, dictates they can connect in from anywhere, usually from a home ISP account on a DHCP address. I know from experience that major ISP’s IP ranges get put in RBL block lists (I checked by popping my IP in here, and sure enough it was blocked).

If you are going to use POP3 then you need to leave this system disabled, but to be honest, if you have Exchange, simply swap over to Outlook Anywhere and stop using POP3.

Related Articles, References, Credits, or External Links

Special thanks to Jenny Ames for her patience while I fought with this over a number of days.