PDA

View Full Version : TrendMicro Internet Security 2007 conflict.



GideonD
2006-12-06, 15:49
I've recently been sent a free upgrade from TrendMicro for Internet Security 2007 from PC-Cillain 2006. I've got several issues I've found with it. According to a poster on Wilders Security Forums, he had contact Trend Micro about these issues, which include high memory and CPU usage and problems with their spyware applications, and their tech support told him to uninstall TrendMicro, delete it's program folder, then undo immunizations for Spybot and uninstall Spybot before reinstalling Trend Micro IS2007. Evidently this resolved his issues. Are there any known conflicts between these two products? I never had any issues with their 2006 software.

PepiMK
2006-12-07, 09:54
There's absolutely no reason to uninstall Spybot-S&D; if some parts would conflict, just those parts could be disabled.

Will refrain from any more words right now, since this topic is just bad for my stomach ;)

GideonD
2006-12-07, 13:55
I've reverted 2 out or 3 PCs back to 2006 now anyway. I was finding way too much slowdown and too many issues with 2007. I left one just to play with and see if I can work out any issues or if TrendMicro will fix any issues in a timely manner. Thanks for the input.

MikeMcD
2006-12-12, 05:18
Trend Micro PC Cillin ???? had a conflict with some other security software a couple of years ago, I think we finally concluded TM-PCC was just trying to displace the other software ... we dumped Trend Micro and are now quite happy with AVG

Argus
2006-12-12, 10:18
The issue apparently is with the immunization feature, I've been having fun and games with this for a few days now.
TM's real time spyware scanner detects all the immunization entries as infections, as well as spybots host list, as well as their 'on-demand' scanner.
The support guy said I could re-install spybot after I had installed TM. Just about to see how that goes...

PepiMK
2006-12-12, 13:07
Interesting, that's kind of a massive false positive by TM then! I remember a few years ago that happened by MS AntiSpyware (?) as well... they just detect the presence of the entry then, not whether it's declared as "allowed" or "denied" then. I though we would've passed those superficial times already :D:

Argus
2006-12-12, 13:34
Installing spybot again after installing TM seems to resolved the issues, but I agree, it is just a massive continual false +'ve. After checking the spyware scan log in TM i can see why it had consumed all the cpu, It had 'detected' all the immunizations (i also had spyware blaster) and hosts entries as spyware over and over again.
Much happier now that spybots back on my pc :-)

bitman
2006-12-13, 04:18
This situation is MUCH worse than the Microsoft AntiSpyware issue. In that case MSAS only detected entries such as www.badsite.tld when they were in the process of being added to the registry by spybot, since it didn't recognize that the entry wasn't yet complete with the associated value. This has been fixed in Windows Defender, which now simply detects changes to the hosts file and displays the complete list as a notification.

Actually, Microsoft never intended these lists to be automated in this way, but then again, they never intended for malware writers to abuse them either. Microsoft and Spybot appear to have a fairly good relationship at this point, which is why I continue to support both.

An application that isn't aware of these types of uses and detects such entries during a static scan isn't very aware of the current realities. I don't think I'd trust such an application to detect anything really iimportant until they get the basics taken care of. Is this product a beta version?

Bitman

mdsok
2006-12-14, 08:13
Here is my experience. Around December 2nd the “System” process started constantly using 95% of my CPU and accessing my harddrive. I ended up isolating the problem to PC-cllin 2006. I had been running PC-cllin Internet Security 2006 for over a year with no problems. I’m not sure if this problem was triggered by an update to PC-cillin or by me upgrading to IE 7. All the harddrive access turned out to be PC-cillin writing multiple GBs of temp files for seemingly no reason. I updated to the 2007 version but that didn't fix the problem.

Trend Micro put a KB article up http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1033903&id=EN-1033903 that states that Spybot's immunization causes the PC-cllin Internet Security 2007 Scan engine to use lots of CPU power. Removing the immunizations helped lower the CPU usage in my case but I also had to uninstall IE 7 in order to bring the CPU usage all the way back to normal.

I also uninstalled SpywareBlaster since its only purpose is an immunization feature similar to the one in Spybot.

Has anyone else had a similar problem? Do you think PC-cillin 2007 provides enough protection without also running other programs such as Spybot and Windows Defender (which is also incompatible with the 2007 version http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1032885&id=EN-1032885 ) ?

I agree with bitman, the 2007 release still seems to be in the beta stage.

rokbottom47
2006-12-26, 19:04
I also had "upgraded" to IE7.0, followed by Trend Micro's Internet Security 2007. My computer ground to a crawl, and I also saw the resource-hogging TM programs tmproxy.exe and pcsnsrv.exe. I didn't like IE 7 anyway, so uninstalled it and went back to IE 6. This did not seem to make a difference in TM IS 2007. I finally uninstalled TM 2007 and went back to 2006. Everything works fine now. I got a response from TM with a link to the SpyBot S&D problem. I don't know if I'm willing to go through the whole process again, because I'm not sure that will solve all the issues with TM 2007. Seems like it wanted to update itself frequently, which was annoying.

If anyone has experience with TM 2007 after "correcting" the S&D issue, please let me know.
Thanks

jjjdavidson
2007-01-30, 18:38
The latest version of Trend Internet Security gives a message at installation: Trend Micro PC-cillin Internet Security 2007 is incompatible with Spybot - Search & Destroy 1.4. As a result, you cannot run both on your computer. Click "Yes" to install Trend Micro PC-cillin Internet Security 2007 and uninstall Spybot - Search & Destroy 1.4, or click "No" to stop the installation.

Anybody who insists on removing other security software before installing theirs is putting their interests ahead of their users' security, and shouldn't be selling security software at all.

wader
2007-02-01, 00:32
But, there is a subsequent dialog message - before it actually begins Spybot uninstall - which notes that you primarily need to concern yourself with specific changes made by Spybot, mentioning the immunization updates.

It also says that you probably don't need to actually uninstall - just back out those changes.

I realize this is a stopgap update to Trend Micro's installer routine as a way of minimizing known problems, but they need to become more graceful with recognizing Spybot immunization changes as a long-term fix, it would seem.

- wader

jonathanbean
2007-02-07, 18:12
Would this conflict explain the following (I posted to another area by mistake):

I enabled the host file protection and when my Trend Micro scanned it searched nearly 3,000 hosts files and labeled 107 "suspects" and high privacy threat.

When I asked for more info. about each item, however, it said that not all hosts files are spyware. Gee, that's helpful.

Is this a usual false positive when enabling Spybot's 127.0.0.1 hosts option?

Why didn't it find all of the files "suspect?"

The 107 were all grouped under two items:

Adware_Memwatcher (94 items)
TSPYW_Small (13 items).

It won't let me copy the results to paste here.

Argus
2007-02-14, 05:53
Hi all, so can anyone confirm that spybot and tmis07 will happily exist on the same machine, as long as I don't use immunization and spybot hosts?
TMIS07 now has an IDS thing, but rather than blocking the changes until the user gives permission, it lets the changes occur, then tells you that they have occured, and lets you change them back. I miss my spybot, and want it back!

jonathanbean
2007-02-14, 06:29
Trend Micro was the ONLY anti-spyware program to detect those HOST files as spyware. When I removed the HOST files, Trend Micro found no spyware.

Two assumptions:

1. I doubt Spybot allows individuals to download its program full of spyware!

2. Given the negative findings of other programs (AVG, Spybot, Panda), I believe these were false positives. If you are really paranoid, you could simply remove the 100 HOST files and leave all the rest.

However, I had Trend Micro Anti-Spyware 3.5 for a year and it kept missing spyware so I junked it. I wouldn't rely on it.

Argus
2007-02-14, 06:42
bit the bullet and installed spybot again, without using immunization or hosts, all ok
:eek:

whynot
2007-02-19, 17:10
just new to the forum, I think after reading all of your posts I will leave TM 2006 installed instead of 2007. that seems to work fine. I will contact TM and let them know that it's not nice to be asked to uninstall another perfectly good product, so that they don't have to deal with the problem they obviously created with their new version. thanks for the input.

Stormy3000
2007-03-06, 21:52
All Trend is doing is searching for key words and since Spybot list all the bad and evil sites out there in the hosts. file to put them to invaild address Trend thinks it is ADWARE_MEMWATCHER. Just ignore the message.

mdsok
2007-03-11, 04:22
For those of you having slow down problems with Trend Micro PC-cillin 2007 version 15.3 was just released which adds Vista support and may help with speed issues.

You can see the KB article on slow down here http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1033903 and download the update here http://esupport.trendmicro.com/support/viewxml.do?ContentID=1034407

I'm not sure why Trend Micro doesn't have PC-cillin automatically update itself to this new version.

sncuser
2007-03-21, 01:31
This is complicated, but I'm going to try and explain what has happened to me in two cases. I'm a computer pro (since 1987) and this was very hard to figure out:
I always use Spybot. For the last 2 years I have always used TrendMicro (I'm a reseller, and Symantec and McAffee have both disappointed me).
I upgraded to 'TrendMicro Client/Server/Messaging' for our company. I had no problems until (and I don't know which of these are pertinent):

1. I upgraded to Windows Media Player 11 which included .net 2.0 (why it had to be upgraded I don't know, I think Premiere required it or something)
2. and added Adobe Premiere Elements
Then I received a large (109 Mb) .avi file from someone. That day my drive light came on and would not go out. The computer churned into unbelievable slowness.
I tried several 'fixes' including replacing the drive and Ghost'ing the image back on the computer. Shortly after booting, the drive light would come on and would not go out.

To shorten a two-week process, I'll just give the ending: I uninstalled Spybot --no improvement. I put Spybot back on. I uninstalled Trend--no improvement.

Finally, I uninstalled Spybot, rebooted. I then uninstalled TrendMicro, rebooted.

After that, the drive is behaving normally and all is okay. I put Trend back on, and it still is working fine.
I want to put Spybot back on, but I am going to call Trend and post this in the forum before I do.

The summary is that Something is up with TrendMicro and Spybot, but what is it. . . ?

Part of my diagnosys included using Sysinternals procmon, and I do know that Teatimer and a Trend process (pcsomething...) were going nuts and that the page file was getting hammered and growing.

I hope this helps in some way, I promise anyone that Trend does NOT find spyware anywhere near as well as Spybot does. I wish they had never added that 'feature' to the virus scan. This trend of adding more and more 'features' to software is causing a lot of trouble.

sncuser
2007-03-21, 01:36
The product that I was using was NOT Pc-Cillin, it was technically 'Client Server Messaging Security for SMB 3.0'

I wonder if they use the same engine or something. --sncuser

Lord Cobol
2007-05-09, 02:02
Last I checked, PC-cillin still requires that you un-install Spybot before you install PC-c, but you can re-install Spybot later.

I run PC-c with the "Suspicious Software Alarm System" turned off. It generates so many false alarms I would have it off anyway, even without Spybot, and anyway Teatimer beta 1.5 seems MUCH better. I also avoid their "list of suspicious changes", and after one bad mess-up, will NEVER let it try to undo any settings it thinks are suspicious. Maybe that's why I have fewer problems than some other posters (?).

Specifically, I never had the horrible slowdowns reports by some other users. PC-c 2007 seems sluggish compared to 2006, but that seems to have nothing to do with Spybot. I tried Trend Micro's slowdown fix (undo Spybot immunizations and delete one of their files), and it had zero effect on my PC, either in terms of responsiveness or the size of their file when it was rebuilt, so I re-immunized.

I had the same 107 false positives as someone else mentions, with PC-c's spyware scan complaining about Spybot hosts file entries. Spoke with their tech support back in late 2006 and they agreed they shouldn't find those, but I don't think it has been fixed -- whatever else you think of Trend Micro, give them points for having free phone support. Anyway, my fix was to run a PC-c scan with it set to "always ask" instead of "always quarantine", and then tell it to "always ignore" those entries, so it's just a one-time thing, no big deal.

FWIW, I run PC-c with most other features on, settings at or above default. Spybot I run with sdhelper, hosts file, immunize, and IE tweak "lock hosts file". Teatimer is either off or 1.5 beta, because 1.4 also drove me crazy with false alarms. I run with lots of Windows tweaks, such as disabling some useless services, which might also explain differences between my results and other people's.

HTH

Caskin
2007-05-10, 04:30
Two weeks ago i downloaded Trendmicro IS 2007 they newest release from site. When installing it makes you uninstall Spybot, have done this a couple times. The company i work for only uses Trendmicro for some reason (not a fan) and i am a faithful Spybot user. It seems only to ask you to remove Spybot when using the newest downloaded version, not the version that is on the CD's that we are getting in.

Can someone confirm this, and if so will installing Spybot after TM have any negative effects on either software.

Thanks.

Lord Cobol
2007-05-11, 03:39
I think the requirement to uninstall Spybot started with an update to the 2007 version, but was not in the original 2007. But if you want to be current, I think you are stuck, because you have to go thru something almost like a new install when you go from original to ver 15.30. Actually, the original version had lots of bugs, and you are generally better off with the later versions that object to Spybot. If you haven't already, manually download the 15.30 version (either full or the upgrade kit), because it won't update automagically.

I think the issues with Spybot & PC-c have been mentioned in my earlier post or others before, at least as long as you run the two programs the way I described. Most importantly, avoid PC-c's "suspicious software alarm system", and do not let their "changes found - list of suspicious changes" try to fix anything.
Letting the "list of suspicious changes" fix something that had nothing to do with Spybot cost me hours of detective work and fixup -- never again. Also it found over 2000 suspicious hosts file entries (probably the whole Spybot list), not just the 100+ that the spyware scan found.
I would expect that if you run the "suspicious software alarm system" with all its features active, its hosts-file monitoring feature would conflict with Spybot's hosts-file features. It may have had other Spybot issues too, but I don't recall exactly. I couldn't stand its false alarms anyway, so no issue -- just turn it all off and let Spybot do everything you want it to.

The only other thing I can think of was that on one other PC, the 1st PC-c spyware scan after installing 2007 took far too long, but I'm not sure that had anything to do with Spybot, and I think it was fixed in a later version of PC-c, and anyway it was a 1st-time-only thing, so I wouldn't worry about it unless someone else posts a horror story.

I have exchanged emails with their tech support in the last couple days, mostly to try to nudge them into being more tolerant of Spybot in the 2008 version. They stick to their line that you can't make the two programs coexist and shouldn't try. I don't agree, but I can understand that a company that offers free email AND PHONE support for a $49 product might really, really hate the idea of lots of extra support calls from users who have conflicting software and don't know how to fix things.

Caskin
2007-05-14, 23:29
Well i always turn off suspicious software alarm anyway, customers complained a lot about it popping up to much. I haven't really noticed any issues myself that would make me consider not installing SB after TM.
Thank you for the detailed post. I'm not sure what's worse though, running TM 2006 and not doing the best job or TM 2007 hogging all the PC's resources and doing better job. If was up to me i wouldn't use it at all but thats besides the point. Thanks again.

Cynthia
2007-05-16, 22:19
Hi everyone, my TrendMicro 2006 expires in 3 days so I paid for the TrendMicro 2007 subscription not knowing there'd be a Spybot conflict, which there is. I'm a computer idiot and don't know how to uninstall and tweak stuff, can only follow simple steps, so I did not go through with the TMicro install once they warned me of the conflict.

Conflict #2 is that today I upgraded my Webroot SpySweeper subscription to include Antivirus (instead of just antispyware) and I paid for it not knowing there'd be a TrendMicro conflict, which there is (SpySweeper alerted me of it, so I didn't go through with the install of that either).

So now with double conflicts with TrendMicro 2007, I'm thinking to take the $50 loss on it and not install it, use Webroot SpySweeper with antivirus and Spybot and the Windows firewall that came with the computer. You guys think I'll be alright, or should I do something else??? (I've also got SpywareBlaster and AdAware)
Thanks.

Zenobia
2007-05-17, 00:05
About the Windows firewall:Do you mind my asking which operating system you're running?
The reason I ask is that the windows firewall that comes with Windows XP only filters incoming data,but doesn't control outgoing traffic.So,if you were to become infected with malware/viruses,they could access the Internet without restrictions.
And,the Windows firewall which comes with Vista can control outgoing traffic,but that option isn't turned on by default,you have to turn that option on,and I personally found it very difficult to configure when I did turn it on.
So,if you would prefer not to run Windows firewall,I could put up a few firewall suggestions for you,if you like.If you have Windows XP,there are quite a few choices.
If you have Windows Vista,there are less third-party firewall choices,but I know where there's a list of a few of them that should be compatible with Vista,and I could post a link to those if you like.

Lord Cobol
2007-05-17, 04:47
Cynthia

If you are really lucky, maybe TM might agree to let you extend your 2006 licences in exchange for your 2007 license. FWIW, when I called them about problems with 2007 soon after it came out, they asked if I wanted to revert to 2006, so it might not be hopeless.
Try calling them. Your PC will run faster on 2006. It will get less protection from PC-cillin, but might still be as safe overall if the switch means you can run other programs like Spybot. (And I don't exactly hate the idea of them getting more negative feedback from Spybot fans -- it might improve our chances of getting better treatment in the 2008 version).
At work we still have some machines on 2006. They still get signature updates but not program updates.

Or, getting 2007 to co-exist with Spybot isn't all that hard.

Sorry, can't help with the other programs.

Hint for everyone else -- between home, work and relatives, I administer about 25 PCs with Pc-cillin, plus a few with Trend Micro corporate and 2 with ZoneAlarm (the full internet security suite). I have issues with all of them, but I think most other people with $50 to spare would be better off with ZoneAlarm. To me PC-c 2006 is "the good old days".

Cynthia
2007-05-17, 07:44
Thanks Zonobia and Lord Cobol for your compassion and willingness to share your knowledge, and so quickly, too. To follow-up:

1) - I have XP not Vista, but do not understand the significance of being able to control outgoing traffic--I am the only user of this computer and am unclear if this firewall feature is necessary in such a case--I mean, can someone remotely control my outgoing traffic or what?
2) - I will try your suggestion, Lord Cobol, and call TMicro and ask them to extend the 2006 in exchange for the 2007 I already paid for, and
3) - I do have $50 to spare for Zone Alarm, but isn't there a free one on the internet, or is it not good enough?

Again, thank you, I'm impressed with the support here.

Zenobia
2007-05-17, 09:09
If you were unknowlingly infected with malware/viruses,the malware/virus might transmit private information from your computer to the bad guys.There's more here about Inbound and Outbound filtering:
http://www.bleepingcomputer.com/tutorials/tutorial60.html#features

Here is a list of popular firewalls,if you decide to download any of them,it's best to download only one,and you'd also need to turn off Windows firewall if you install another firewall:
http://www.bleepingcomputer.com/tutorials/tutorial60.html#pop

Here is how to turn off Windows Firewall:
http://support.microsoft.com/kb/283673

Lord Cobol
2007-05-17, 21:29
Glad to help

Also, if you decide to go with the free stuff, get an anti-virus program and at least one rootkit scanner, in addition to the firewall and antispyware programs. AVG has free av, anti-spyware, and anti-rootkit. Another free rootkit pgm is RootkitRevealer, by SysInternals.
I have used RootkitRevealer, AVG's rootkit pgm, and Zonealarm free firewall, with no special problems.
The rootkit programs are for occasional full scans, not real-time protection, and I don't *think* they conflict with anything. You can have both, but don't plan on doing anything else while they are scanning.

BTW, PC-cillin 2007 has an anti-rootkit feature which I think the 2006 version does not. If I am correct about 2006 not having it, that would be the most important advantage of the 2007 version -- at least to me, since I don't use the other new features that they make more noise about.

raiderxl7
2007-05-20, 15:35
is trend micro helpful with their support you dont think this is turning into another anti virus taking on spybot s&d like that norton fiasco do you??:red:

Cynthia
2007-05-21, 07:38
So far I haven't been impressed with TrendMicro's helpfulness in my personal situation as a computer idiot, however, since I only have 1-year experience owning a computer and am only used to TM (and an idiot) and have been fortunate not to have problems, I'm probably gonna stick with the 2006 TrendMicro.

What happened with me is that because I didn't want to abandon Spybot I declined to install the TrendMicro 2007, though I'd already paid for it, upon TM warning me of the Spybot incompatibility. Then I took Lord Cobal's advice and tried (repeatedly) to call TM (using different TM phone #s) to ask if instead of the 2007 they'd just extend my 2006 TM, since it is compatible. Either TM's phone was busy or rang without answering. The day after that, though, I noticed the expiration date of my TM 2006 was extended a year anyway--weird, maybe TM just does that when a person declines to go through with the install?

Back to TM support, the one time last year I did manage to get through to TM support (by reaching them through a phone # not for home computer users), the individual was rather impatient and not willing to explain to my newbie self the feature I wasn't understanding (Wi-Fi Intrusion Detection), and just said to disable the feature. That's all I know. (and to Lord Cobal--I noted your Rootkit advice, thanks)

Lord Cobol
2007-05-24, 00:59
I've had mixed results with their tech support over the years, but not really worse than with other companies. Its just too bad they don't have a forum like this one.

--------------------------

I think Cynthia's expiration date extended because their home-user registrations & money are not really tied to any specific year's version of the software.

You don't have to wait till your expiration to update to next year, or give them more money to get the next year before your expiration. Renew / pay them just before expiration, then after the new version comes out, download the "trial" version and install it using the paid-for registration number.

Pretty wallet-friendly, considering the $50 license is good for 3 PCs.

Just be sure you to keep the registration number safe.

Incidentally, if you had 2006 and paid $50 for a new 2007, you might have paid too much. You could have just renewed 2006 for a bit less and still gotten 2007, with all its accompanying "fun" :) Or, you could have gotten 2007 for free months ago.
Not sure if this applies to pre-installed versions on a new computer, though.

jazcan
2007-06-07, 15:17
Hi there,
Well, after 3 days of scratching my head I finally fixed my extremely slow computer. I had seen this thread as well as the Trend Micros solution and my computer was still crawling. I thought I had followed the directions but after discovering a certain registry key: HKEY USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS had thousands of entrys in it I decided to check further. If you look at Trend Micro's file usrwl.dat (open it with notepad- for me it was an extremely large file) you will see what the process PcScnSrv.exe is checking against when windows is loading. In my case it was checking against all the entries in the registry key mentioned above. These entries are where Spybot puts all the bad products when you immunize your system. When I first installed TM I let it uninstall Spybot as directed. After finding this forum I reinstalled and followed the directions but I did so without first updating spybot (I had always kept spybot up-to-date) and immunizing first so when I clicked UNDO to NOT protect against all bad products it did not recognize that those thousands of entries were still in the registry. Last night I reinstalled Spybot and updated with the latest immunization list. I then immunized my system. When I then clicked UNDO- it removed all the entries (over 29,000) from the registry key above. When I rebooted - VOILA - my system was back to its speedy self.
So, if you are still have problems with Trend Micro slowing your system to a crawl try reinstalling spybot, updating, immunizing and then click undo.

I hope this helps.