Hi Gehan, You may have a look to that article http://esupport.trendmicro.com/Pages/Decrease-the-memory-usage-of-OfficeScan-client-on-a-terminal-server.aspx Kind regards, Safdar. From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeremy Saunders Sent: Tuesday, November 17, 2009 05:16 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box Hi Gehan, My notes from a recent audit… “It was difficult to determine the exact version of Trend Officescan deployed, as this was not displayed in Add/Remove Programs or the registry. It was taken from the “Program_Version” value in the ofcscan.ini file found in the “C:\Program Files\Trend Micro\OfficeScan Client” folder on each server. It was also interesting to note that the “Trend Micro Network VirusWall PEAgent” is not installed consistently across the fleet, and seems to have no correlation with the program version.” I’ve found that it’s better to uninstall and then re-install. An in-place upgrade of OfficeScan leaves inconsistent results. I’m also not sure if the upgrade to version 10 will remove the “Run” key. Maybe only a clean install will leave it out altogether. Cheers, Jeremy. From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Gehan.DeSilva@xxxxxxxxxxx Sent: Tuesday, November 17, 2009 12:05 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box Hi Jeremy We have upgraded to 10. I found pccntmon.exe was still loading ? in each user session when i first looked. I will double check that. ____________________________________________________ Gehan De Silva Senior Network Administrator RSM Bird Cameron 8 St Georges Terrace Perth WA 6000 GPO Box R1253 Perth WA 6844 T (08) 9261 9437 F (08) 9261 9112 www.rsmi.com.au<http://www.rsmi.com.au/> From: "Jeremy Saunders" <Jeremy.Saunders@xxxxxxxxxxxxxx> To: <thin@xxxxxxxxxxxxx> Date: 17/11/2009 10:34 AM Subject: [THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box Sent by: thin-bounce@xxxxxxxxxxxxx ________________________________ Hi Gehan, As you know, I have always removed the Run registry entry. This has not caused any issues in the past on many customer sites. However, with the release of OfficeScan 10, Trend have now FINALLY removed the “user” process altogether, and everything is now contained in the service. It’s now more like ServerProtect, and has a much lower footprint. I would look at upgrading to that as soon as possible. Cheers, Jeremy. From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Gehan.DeSilva@xxxxxxxxxxx Sent: Tuesday, November 17, 2009 10:10 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box Hello I want to remove pccntmon.exe from being run in each users session on citrix boxes. Theres a few ways to achieve this that I know of and that work: 1) Remove HKLM key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OfficeScanNT Monitor "U:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow 2) Modify ACL's on %systemdrive%\Trend Micro\OfficeScan Client\pccntmon.exe to only have Admins & System users applied to the ACL. I have used an eicar test file to verify if a virus is detected with pccntmon.exe not running, the only thing im not sure about is if Trend email alerting picks out the user that tried to download the virus i think here may be a problem with our server in that respect but i did notice that the virus was detected and trend displayed the info on the console session. I guess the question is which of the above two is best ? has anyone come across issues with pccntmon.exe not running in a users session ? Regards ____________________________________________________ Gehan De Silva Exceptional Service Exceptional Results Assurance - Business Advisory - Corporate Finance - Risk Management - Tax - Turnaround & Insolvency This Communication is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential or copyright. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without the authority of the sender. If you have received this e-mail message in error or are not the intended recipient, please delete and destroy all copies and notify us immediately by return mail. Any views expressed in this communication are those of the individual sender, except where the sender specifically states otherwise. If you no longer want to receive notifications, simply reply to this e-mail. Liability limited by a scheme approved under Professional Standards Legislation. --------------------------------------------------------------------- ________________________________ Confidentiality and Privilege Notice This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. ________________________________ Exceptional Service Exceptional Results Assurance - Business Advisory - Corporate Finance - Risk Management - Tax - Turnaround & Insolvency This Communication is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential or copyright. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without the authority of the sender. If you have received this e-mail message in error or are not the intended recipient, please delete and destroy all copies and notify us immediately by return mail. Any views expressed in this communication are those of the individual sender, except where the sender specifically states otherwise. If you no longer want to receive notifications, simply reply to this e-mail. Liability limited by a scheme approved under Professional Standards Legislation. --------------------------------------------------------------------- ________________________________ Confidentiality and Privilege Notice This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. ________________________________