[THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
- From: "Jeremy Saunders" <Jeremy.Saunders@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 17 Nov 2009 13:33:01 +1100
Hi Gehan,
As you know, I have always removed the Run registry entry. This has not
caused any issues in the past on many customer sites. However, with the
release of OfficeScan 10, Trend have now FINALLY removed the "user"
process altogether, and everything is now contained in the service. It's
now more like ServerProtect, and has a much lower footprint. I would
look at upgrading to that as soon as possible.
Cheers,
Jeremy.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Gehan.DeSilva@xxxxxxxxxxx
Sent: Tuesday, November 17, 2009 10:10 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
Hello
I want to remove pccntmon.exe from being run in each users session on
citrix boxes.
Theres a few ways to achieve this that I know of and that work:
1) Remove HKLM key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OfficeScanNT Monitor "U:\Program Files\Trend Micro\OfficeScan
Client\pccntmon.exe" -HideWindow
2) Modify ACL's on %systemdrive%\Trend Micro\OfficeScan
Client\pccntmon.exe to only have Admins & System users applied to the
ACL.
I have used an eicar test file to verify if a virus is detected with
pccntmon.exe not running, the only thing im not sure about is if Trend
email alerting picks out the user that tried to download the virus i
think here may be a problem with our server in that respect but i did
notice that the virus was detected and trend displayed the info on the
console session.
I guess the question is which of the above two is best ? has anyone come
across issues with pccntmon.exe not running in a users session ?
Regards
____________________________________________________
Gehan De Silva
Exceptional Service Exceptional Results
Assurance - Business Advisory - Corporate Finance - Risk Management -
Tax - Turnaround & Insolvency
This Communication is intended only for the use of the individual or
entity to which it is addressed and may contain information that is
privileged, confidential or copyright. You are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited without the authority of the sender. If you have received
this e-mail message in error or are not the intended recipient, please
delete and destroy all copies and notify us immediately by return mail.
Any views expressed in this communication are those of the individual
sender, except where the sender specifically states otherwise. If you no
longer want to receive notifications, simply reply to this e-mail.
Liability limited by a scheme approved under Professional Standards
Legislation.
---------------------------------------------------------------------
#####################################################################################
Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information
contained in the pages is confidential and contains legally privileged
information. If you are not the addressee indicated in this message (or
responsible for delivery of the message to such person), you may not copy or
deliver this message to anyone, and you should destroy this message and kindly
notify the sender by reply email. Confidentiality and legal privilege are not
waived or lost by reason of mistaken delivery to you.
#####################################################################################
Other related posts:
