Trend Micro cloud-based “Worry-Free Business Security Services” version 6.1.1280*
Trend Micro "Office Scan" version 12.0.1556* * The Trend Micro we know of where the issue started is on the above versions and newer
Customers who have Cb Protection and certain versions of Trend Micro products may experience hangs on shutdown or reboot.
During an endpoint’s system shutdown, a Trend Micro kernel module acquires exclusive system lock (PushLock) that is synchronizing access to a process’ virtual memory and does not release it. This results in other processing in the kernel that requires the lock to pause until the lock is released. Multiple threads in the stack result in a Wait state including the Cb Protection driver when the system is attempting a shutdown. Because the lock is never released, the system cannot continue shutting down and hangs. We recommend replacing the files listed in the Resolution section below with the Trend Micro version prior to the ones exhibiting the behavior.
Trend Micro issued the following Hotfix:
OfficeScan Server, Version: XG Service Pack 1
Please contact Trend Micro to request the Hotfix.
Details on Trend Micro versions
From the memory dump file, the following timestamp is seen for the version of TMEvtMgr and TMPrefilt drivers that are problematic and exhibiting this behavior: