Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection Agent Not Starting With Trend Micro 11/XG Installed

CB Protection Agent Not Starting With Trend Micro 11/XG Installed

Version
7.x - 8.x


Issue

Devices that have both Trend Micro XG or 11 installed and the CB Protection Agent are unable to start the CB Protection Agent Service.

Symptoms
CB Protection service does not start on a reboot. Attempting to restart the service manually results in an immediate 1053: Service Timeout.


Cause
The cause of this is an injection of the Trend Micro DLLs into the Parity.exe process. Because the Trend Micro kernel filter load prior to the CB Protection agent, a load of the DLL is injected into the process.

This causes the Tamper Protection built into the filter driver to realize the process has been modified or changed and will stop the Parity.exe.

Solution

Unlike most Antivirus Trend Micro has multiple addons that can cause this issue, which do not use the default Exclusion list. A list below are the known exclusions that need to be added, other exclusions may need to be added in the future.

1. Firstly add the items from the following document to the normal Trend Exclusion list:

Anti-Virus Exclusions for Cb Protection Agent (Windows)

2. Secondly navigate in Trend's console to Agents > Management

3. In the agent tree select Settings > Behavior Monitoring Settings.

4. Select the Exceptions tab and the items listed in the following article:

Anti-Virus Exclusions for Cb Protection Agent (Windows)


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-10-2017
Views:
992