[THIN] Re: Trend Micro Office Scan 7.3 vs Server Protect

  • From: "Euan Cooper" <euan.cooper@xxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Fri, 15 Jun 2007 09:20:01 +1200

I have installed Office Scan 8.0[1] on our test TS and there is no
pccntmon.exe process that I can see - there is a single system process
called ntrtscan.exe which looks like it does the real time scan.    I
did try downloading eicar.zip from the trend site on my test box and
Office scan was all over it[2].  Early days of testing and I'm still a
way off committing to deployment on production servers but so far
looking good.

-Ec

1 I know the subject line says 7.3 but earlier in the week when
searching the trend
  site for docs/guidelines for Office Scan on TS I found they had
released 8.0

2 like a donkey on a waffle

pccntmon.exe
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeremy Saunders
Sent: Friday, 15 June 2007 12:25 a.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Trend Micro Office Scan 7.3 vs Server Protect

That's true Rick. I personally set a policy to remove the process from
the RUN key on all my deployments, but customers are not always
comfortable with that, because it means that you're disabling real-time
scanning. I guess you could then run a Scheduled Task an an
Administrative user to execute the PccNTMon.exe process. But I've not
tried that.

Cheers,
Jeremy.



 

             "Rick Mack"

             <ulrich.mack@gmai

             l.com>
To 
             Sent by:                  thin@xxxxxxxxxxxxx

             thin-bounce@freel
cc 
             ists.org

 
Subject 
                                       [THIN] Re: Trend Micro Office
Scan  
             14/06/2007 06:14          7.3 vs Server Protect

             PM

 

 

             Please respond to

             thin@xxxxxxxxxxxx

                     g

 

 





Hi Jeremy,

But that's why we've got group policies.

In your TS server OU group policy under machine configuration > windows
settings > security settings > file system, and add file > pccntmon.exe.
Just set the ACL on pccntmon.exe to admin read/execute only and remove
users.

It's also a great way to get rid of stuff like the Altiris agent,
ctfmon.exe etc on your terminal servers.

regards,

Rick

--
Ulrich Mack
Commander Australia


On 6/14/07, Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx> wrote:
  I don't know about that. There were definitely some engine issues with
  ServerProtect that caused some issues over the years, but it's a lot
less

  intrusive than OfficeScan. OfficeScan runs the PccNTMon.exe process in
  every session, which is its version of the real-time scan monitor. In
my
  opinion OfficeScan uses more resources overall. I guess it depends on
  your
  particular environment as to whether or not this really matters.

  Cheers.

  Kind regards,

  Jeremy Saunders
  Senior Technical Specialist

SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation
mode use the below link:
//www.freelists.org/list/thin
************************************************
SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

Other related posts: