Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Trend Micro Officescan 8.x UNINSTALLS SPYBOT!!!

  1. #11
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,387

    Default

    Trend Micro tells us that they don't need a reason - Symantec did it, McAfee does it, and we should just f... off.

    Still waiting for the lawyers to sort this out, Trend Micro imho has already received a Cease & Decist, but you know how legal steps usually take months to years...

    In my opinion, software that forcily removes other legit security software is just malware. Don't want to lower us to their moral level though, even though it's sometimes itching to react the same ugly way
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  2. #12
    Junior Member
    Join Date
    Jan 2008
    Posts
    1

    Default

    Trend Micro is keen on removing competing software. Load AVG anti-virus, then install Office Scan, and see what happens. Bingo, AVG gone!

    I'm assuming they do this to Spybot to eliminate competition between the two detections.

  3. #13
    Junior Member
    Join Date
    Feb 2008
    Posts
    1

    Default

    I've been struggling with this w/OfficeScan 8 at my org for 6+ months. We recommend SpyBot in addition to Trend. Here's what I've discovered so far...

    Search for tmun (no extension) and tmuninst.ptn on the OfficeScan servers. Edit them in notepad and remove the Spybot entry:

    [Spybot Search & Destroy 1.3/1.4]
    ProductKey = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1
    UninstallKey = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1
    Platform = WinNT
    UnloadProgram = GenericUnload
    UninstProduct = UninstSpybot13
    Support = 1

    These appear in several directories as loose files, in several zip files, and in a .cab file. Chime in if you find it anywhere else.

    Look here:
    Program Files\Trend Micro\OfficeScan\PCCSRV\Admin
    Program Files\Trend Micro\OfficeScan\PCCSRV\Download\tmnewpnt.zip
    Program Files\Trend Micro\OfficeScan\PCCSRV\Download\tmnewpX64.zip
    Program Files\Trend Micro\OfficeScan\PCCSRV\Backup\Patch1.1_B1117\Web_OSCE\Web_console\HTML\ClientInstall\Install.cab
    Program Files\Trend Micro\OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\ClientInstall\WinNTWinNT.cab

    I think the first dir is used by the client packager, the next 2 are used by OSCE client software update process, and the last 2 are when using the web installer.

    Not sure if it's worth affecting these files in the backup directories...
    Program Files\Trend Micro\OfficeScan\PCCSRV\Backup\ {{PATCH #}}} \Download\tmnewpnt.zip
    Program Files\Trend Micro\OfficeScan\PCCSRV\Backup\ {{PATCH #}}} \Download\tmnewpX64.zip

    The web-install cabs are signed & timestamped by Trend. Not sure if this is to make IE happy w.r.t the web installer or to make Trend happy via some integrity checks. If it's the latter, it means no tampering is allowed. If its the former, you could probably get away with it by re-signing the cabs with your own code signing cert (if all of your clients trust your CA certificate) and/or a commercial one.

    You'll probably have to rebuild client installers with the Client Packager to prevent them from removing SpyBot after making changes.

    P.S., you'll probably have to repeat this every time you patch your OfficeScan servers or write some script/app to do it for you
    Last edited by scottt732; 2008-02-01 at 23:17.

  4. #14
    Senior Member
    Join Date
    Jan 2008
    Posts
    586

    Lightbulb

    The described behaviour of the Trend Micro software, if correct is at best rogue behaviour. The simplest and most fitting solution is to change to another product.

  5. #15
    Junior Member
    Join Date
    Mar 2008
    Posts
    1

    Default

    This gets worse and worse. While searching for some info about this on Trend Micro's site, I came across a pdf document entitled Defending Against Spyware . Here's something I found in that document:



    This seems more than unprofessional on Trend Micro's part. I'm a bit surprised!

    ..c..

  6. #16
    Junior Member
    Join Date
    Apr 2008
    Posts
    9

    Default Spybot

    i have just installed Trend Worry Free 5.0 (replaces CSM3.6) I have my home pc loaded with this and when it upgraded the client on my pc it unistalled spybot 1.5.2, this is really crap, is there anything that can be done ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •