[THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
- From: "Alibay, Safdar" <salibay@xxxxxxxxxxxxxxxx>
- To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
- Date: Tue, 17 Nov 2009 09:32:49 +0100
Hi Gehan,
You may have a look to that article
http://esupport.trendmicro.com/Pages/Decrease-the-memory-usage-of-OfficeScan-client-on-a-terminal-server.aspx
Kind regards,
Safdar.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Jeremy Saunders
Sent: Tuesday, November 17, 2009 05:16
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
Hi Gehan,
My notes from a recent audit…
“It was difficult to determine the exact version of Trend Officescan deployed,
as this was not displayed in Add/Remove Programs or the registry. It was taken
from the “Program_Version” value in the ofcscan.ini file found in the
“C:\Program Files\Trend Micro\OfficeScan Client” folder on each server. It was
also interesting to note that the “Trend Micro Network VirusWall PEAgent” is
not installed consistently across the fleet, and seems to have no correlation
with the program version.”
I’ve found that it’s better to uninstall and then re-install. An in-place
upgrade of OfficeScan leaves inconsistent results.
I’m also not sure if the upgrade to version 10 will remove the “Run” key. Maybe
only a clean install will leave it out altogether.
Cheers,
Jeremy.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Gehan.DeSilva@xxxxxxxxxxx
Sent: Tuesday, November 17, 2009 12:05 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
Hi Jeremy
We have upgraded to 10.
I found pccntmon.exe was still loading ? in each user session when i first
looked.
I will double check that.
____________________________________________________
Gehan De Silva
Senior Network Administrator
RSM Bird Cameron
8 St Georges Terrace Perth WA 6000
GPO Box R1253 Perth WA 6844
T (08) 9261 9437 F (08) 9261 9112
www.rsmi.com.au<http://www.rsmi.com.au/>
From:
"Jeremy Saunders" <Jeremy.Saunders@xxxxxxxxxxxxxx>
To:
<thin@xxxxxxxxxxxxx>
Date:
17/11/2009 10:34 AM
Subject:
[THIN] Re: Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
Sent by:
thin-bounce@xxxxxxxxxxxxx
________________________________
Hi Gehan,
As you know, I have always removed the Run registry entry. This has not caused
any issues in the past on many customer sites. However, with the release of
OfficeScan 10, Trend have now FINALLY removed the “user” process altogether,
and everything is now contained in the service. It’s now more like
ServerProtect, and has a much lower footprint. I would look at upgrading to
that as soon as possible.
Cheers,
Jeremy.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Gehan.DeSilva@xxxxxxxxxxx
Sent: Tuesday, November 17, 2009 10:10 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Trend OfficeScan 10.0 (pccntmon.exe) on Citrix Box
Hello
I want to remove pccntmon.exe from being run in each users session on citrix
boxes.
Theres a few ways to achieve this that I know of and that work:
1) Remove HKLM key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OfficeScanNT Monitor "U:\Program Files\Trend Micro\OfficeScan
Client\pccntmon.exe" -HideWindow
2) Modify ACL's on %systemdrive%\Trend Micro\OfficeScan Client\pccntmon.exe to
only have Admins & System users applied to the ACL.
I have used an eicar test file to verify if a virus is detected with
pccntmon.exe not running, the only thing im not sure about is if Trend email
alerting picks out the user that tried to download the virus i think here may
be a problem with our server in that respect but i did notice that the virus
was detected and trend displayed the info on the console session.
I guess the question is which of the above two is best ? has anyone come across
issues with pccntmon.exe not running in a users session ?
Regards
____________________________________________________
Gehan De Silva
Exceptional Service Exceptional Results
Assurance - Business Advisory - Corporate Finance - Risk Management - Tax -
Turnaround & Insolvency
This Communication is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential or copyright. You are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited without
the authority of the sender. If you have received this e-mail message in error
or are not the intended recipient, please delete and destroy all copies and
notify us immediately by return mail. Any views expressed in this communication
are those of the individual sender, except where the sender specifically states
otherwise. If you no longer want to receive notifications, simply reply to this
e-mail.
Liability limited by a scheme approved under Professional Standards Legislation.
---------------------------------------------------------------------
________________________________
Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information
contained in the pages is confidential and contains legally privileged
information. If you are not the addressee indicated in this message (or
responsible for delivery of the message to such person), you may not copy or
deliver this message to anyone, and you should destroy this message and kindly
notify the sender by reply email. Confidentiality and legal privilege are not
waived or lost by reason of mistaken delivery to you.
________________________________
Exceptional Service Exceptional Results
Assurance - Business Advisory - Corporate Finance - Risk Management - Tax -
Turnaround & Insolvency
This Communication is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential or copyright. You are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited without
the authority of the sender. If you have received this e-mail message in error
or are not the intended recipient, please delete and destroy all copies and
notify us immediately by return mail. Any views expressed in this communication
are those of the individual sender, except where the sender specifically states
otherwise. If you no longer want to receive notifications, simply reply to this
e-mail.
Liability limited by a scheme approved under Professional Standards Legislation.
---------------------------------------------------------------------
________________________________
Confidentiality and Privilege Notice
This document is intended solely for the named addressee. The information
contained in the pages is confidential and contains legally privileged
information. If you are not the addressee indicated in this message (or
responsible for delivery of the message to such person), you may not copy or
deliver this message to anyone, and you should destroy this message and kindly
notify the sender by reply email. Confidentiality and legal privilege are not
waived or lost by reason of mistaken delivery to you.
________________________________
Other related posts: