C:\Program Files\Trend Micro\OfficeScan Client?Visual C++ Runtime Library error.Yes, RADS 4.0 can be installed on desktops and servers. There is no difference in the software for either configuration.
RADS can be uninstalled from your computer's Add or Remove Programs area. You will need to remove the software labeled Trend Micro OfficeScan Client.
Laptop users should use the default installation. The system will report into and receive updates from the server while it is connected to the Internet. You should only choose Disconnected Client if you do not want the system to be centrally managed and would rather it use a completely standalone configuration.
Windows 2000/XP/2003 systems generate a file called SETUP.LOG, which by default
is located in the same folder from which the setup program was launched. This is usually in a
temporary folder. You can use the Search option from the Start
menu to look for the SetupRADS.exe file. The SETUP.LOG file should
be in the same folder. Typically the log file resides in a randomly named folder under the
C:\Documents and Settings\<Your Profile Name>\Local Settings\Temp folder
where <Your Profile Name> is the name of the user account that installed
the software.
In addition, there may be a file named OFCNT.LOG in the C:\WINDOWS
directory that you can check.
To fix this problem you'll need to copy the C:\WINDOWS\Repair\AUTOEXEC.NT file to the
C:\WINDOWS\system32 folder, which can be done as follows:
C:\WINDOWS, navigate there instead.The easiest way to remove an incompatible application from your system is by using the Add/Remove Programs option in Control Panel.
If the application you are trying to remove does not appear there, you may need to search the registry to determine if it can be removed by issuing a command. To do this, you'll need to perform the following steps:
| NOTE: |
| Editing the registry can have serious consequences if you do not follow the instructions as outlined below. |
regedit.exe and click Open. This will start
the Registry Editor tool.CTRL button and press C to
copy the command. Click OK.CTRL button and press P to paste the command
into the Open field and then click Open.To manually McAfee VirusScan from your system:
Start > Run and type cmd.exe (or command.com
if you are running Windows 95/98/ME) and click OK.MSIEXEC.EXE /x <product code> replacing <product
code> with the product code from the table below that corresponds to the version of
McAfee VirusScan that you are trying to remove:| Software | Product Code |
|---|---|
| McAfee VirusScan Enterprise 8.0i | {5DF3D1BB-894E-4DCD-8275-159AC9829B43} |
| McAfee VirusScan Enterprise 7.1 | {59224777-298D-4E9C-9AEB-4A91BDA01B27} |
| McAfee VirusScan Enterprise 7.0 | {1912F734-6580-4620-8AFD-ECCCEA19CDE2} |
| McAfee VirusScan MultiPlatform 4.5.1 | {87AEFD84-BC0D-11D4-B885-00508B022A51} |
If you are still unable to remove McAfee VirusScan from your system, you may need to review one of the following McAfee support articles for instructions on how to manually remove the software from your system:
To manually remove the ePO Agent from your system:
Start > Run and type cmd.exe (or command.com
if you are running Windows 95/98/ME) and click OK.cd /d "C:\Program Files\Network Associates\Common Framework"
and press ENTER. (If your system is not installed on the C: drive,
substitute the appropriate drive letter.)FRMINST.EXE /REMOVE=Agent /FORCEUNINSTALL and press ENTER.If the path does not exist on your system, the ePO agent may not have been completely removed from your system. To fix this issue, follow the instructions in this FAQ. When looking in the application list, you'll need to find the entry for McAfee ePolicy Orchestrator Agent 3.x.
To manually remove RADS 3.x or earlier from your system:
Start > Run and type regedit.exe and click OK.HKEY_LOCAL_MACHINE and then navigate to
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RADS and delete the key.C:\Program Files\RADS folder from your computer.If the RADS Installer cannot remove any of these programs, you will need to remove them "manually".
The RADS Installer detects installed applications by checking to see if certain keys in the system registry exist. If all of the keys exist in the registry, it thinks the application is installed. In some situations, the registry keys may be present even though the software is not installed on the system. This is usually due to a faulty uninstall program provided by the application's vendor.
If the RADS Installer detects software that you know you have removed, you can use the procedure outlined below to fix the issue. Once you have removed the registry keys, you must restart the installer.
| NOTE: |
| Editing the registry can have serious consequences if you do not follow the instructions as outlined below. |
Start > Run and type regedit.exe and click
OK.Delete key on your keyboard.RADS should not interfere with the Ad Aware or Spybot software packages. You can continue to use Ad Aware and Spybot if you wish as supplemental spyware protection, however, RADS has spyware protection built into it as well.
Windows Defender will prompt you to approve application changes during the installation of RADS but should also continue to function normally after RADS is installed.
Under some circumstances this error may appear if your system needs to be rebooted because files were in use. Rebooting should clear the error.
If this error appears, it may indicate an issue with the value of the environment variables TEMP and/or TMP. To fix this error, you will need to do the following:
This error can occur during installation because the process linked to the wrong scanning engine file. To correct this issue:
VSAPI32.DLL. Make sure Local Hard Drives
is selected under Look in. Click Search.C:\Program Files\Trend Micro\OfficeScan Client?While we recommend keeping the default installation directory for RADS/OfficeScan, there
may be situations where the software needs to be installed in a different location such as
your C: drive running low on free space. You can change the installation
path on the RADS Server Selection page during the installation wizard.
Simply change the Server Profile setting to <Custom Profile>
and then modify the Installation Folder setting to the location
in which you want to install the program. A recommended alternative is D:\Program
Files\Trend Micro\OfficeScan Client.
If you are using the command-line to install the software using deployment software such
as SMS or Altiris, you can use the OFFICESCAN_INSTALL_FOLDER setting to override
the installation folder. See the Information for System
Administrators page for more information.
If the Trend Micro OfficeScan Client installer never launches from the RADS Setup Wizard,
this may indicate a corrupt AUTOEXEC.NT file on your system. To fix this problem:
C:\WINDOWS, navigate there instead.If this still fails to correct your problem, you may need to attempt a manual installation of OfficeScan as follows:
C:\Program Files\Trend Micro\OfficeScan Client. You
may need to create this folder if your ZIP utility doesn't do it for you automatically.C:\Program Files\Trend Micro\OfficeScan Client folder, double-click the INSTREG.EXE
file and wait a minute or two.Visual C++ Runtime Library error.This problem may occur if you had installed a previous version of RADS or McAfee VirusScan on your system, installed the ImageNow software, and then upgraded to the RADS 4.0/Trend Micro product. Currently, the only known workaround is to reinstall the ImageNow application on your system. You may need to reboot once the installation completes.
This should only occur during the switch from McAfee to Trend Micro. Once you have re-installed the ImageNow application, the error should disappear.
If the OfficeScan software fails to install completely, or if it fails to remove itself successfully from your system, you may need to perform a manual uninstallation. Please review the following Trend Micro support article.
Updates are automatically received by clients once they are available at the server unless the client is behind a firewall that blocks incoming TCP port 8081 or is on non-routable address space such as 192.168.0.0 or 10.0.0.0. For this reason, scheduled updates occur overnight between 1am and 5am unless you system administrator has configured them differently. Clients do not need to configure automatic updates unless they are operating in Disconnected Mode. If the client is operating in this mode, they will need to use the Scheduled Update Configuration Tool to configure updates.
The RADS servers check hourly for both software and antivirus/anti-spyware DAT/pattern files from Trend Micro. As soon as our servers receive an update, they begin notifying clients that an update is available. Clients will then automatically download the new updates. In addition to these "event-driven" updates, clients will also run a scheduled update every night between 1 and 5am (unless the time has been configured differently by your system administrator). This also serves clients that were unable to be automatically notified of the available update.
If a client is turned off overnight, it will check for updates on the next boot up.
If a client is rebooted during the day or if the OfficeScan related services are restarted on the system, it will also check for updates as well.
Finally, if a client's IP address changes, it will report into the RADS server within 3 minutes of receiving the new address and check for updates.
If a client is operating in Disconnected Mode, it will only check for updates during its scheduled update period, which can be configured using the Scheduled Upate Configuration Tool.
If your pattern files are more than a week old, the OfficeScan Client system tray icon will change to include an exclamation point in it. You can find out the date of your pattern files by doing the following:
If you wish to force your system to check for updates, you can simply do the following:
You can also force an update by using the Update Now command-line tool. Simply download the tool and double-click on it. This will start an update within a minute or two.
This error typically occurs after a prolonged connection loss between the client and server. The issue will prevent RADS from updating manually, although automatic updates will generally continue to work as expected. To restore manual update functionality, please try the following procedure:
This will reset your status on the server and should resolve manual update issues.
Additionally, this error can occur for several reasons:
ping.exe <server
name> where <server name> is the name of the server your
client is reporting to. If you receive any errors, this means that your internet connection
is not working correctly.If your system does not have internet connectivity, or if you wish to manually update the DAT/pattern files for OfficeScan from a CD or other media, follow these steps:
C:\Program Files\Trend Micro\OfficeScan Client. The files should be
named something similar to TMAPTN.??? and LPT$VPN.???, where
the question marks represent the pattern versions.By default the quarantine folder is set to C:\VIRUS. You can change this location if you desire by doing the following:
You can also change the quarantine directory for scheduled and manual scans in the same fashion. Simply select the corresponding tab on the Options page.
If you cannot access the Options menu, it means that your system administrator has locked down your system and that you do not have administrative rights. In order to modify the OfficeScan Client options, you need access to modify entries within the system registry. You should consult your system administrator if you need access to this menu.
When you download email from your server using POP3, typically messages are written into a single database mailbox file or a file for each mail folder. Mail messages themsevles are not written to individual files. The POP3 scanning feature of the OfficeScan client allow you to scan the actual text content of your POP3 messages as they are read and/or retrieved from the server. The POP3 mail scanning feature is currently only compatible with Outlook Express and Eudora and will not work with SSL-enabled POP connections, APOP connections, or Secure Password Authentication (SPA) in Outlook Express.
Since all Rutgers e-mail services now require a secure connection, POP3 Email scanning will not work with Rutgers e-mail accounts.
The Outlook mail scan feature simply scans the mail messages in your your Personal Folders, which either reside locally on your computer or on your Exchange server. Outlook mail scanning does not occur in real-time meaning that you must perform a manual scan on the messages. Your mail server should be protected by antivirus software already, so the Outlook scanning simply provides a secondary layer of protection. Any attachments or files that are written locally to disk will be scanned by the OfficeScan real-time scanning engine. Since this feature scans the contents already on your computer, it will work with any mail accounts regardless of whether they are protected by SSL.
In short, yes. The vast majority of viruses that spread via email come either as an attachment or attempt to obtain information by redirecting a user to a website to enter personal information, a process known as phishing. Although the actual text content of your messages may not be getting scanned, any attachment or file that is downloaded to your local disk will be scanned by the OfficeScan real-time scanning engine. This protects your system from attack. The POP3 scanning feature just gives you an additional layer of security and provides somewhat of a "double" check for viruses.
The POP3 scanning feature is only supported for Eudora and Outlook Express. In addition, it does not support connections over SSL, APOP, or authentication using SPA (Secure Password Authentication).
If you are using SPA, simply turn that feature off and check to see if that fixes the issue.
Otherwise, you should simply turn off the POP3 scanning feature to fix the issue.
Real-time mail scanning is only available for POP3 connections. If you are using Outlook, you can use the Outlook scanning feature to manually scan any of your Personal Folders regardless of whether or not you use POP3, IMAP, or Exchange.
Although no additional scanning is available for other IMAP clients, any attachments from email messages that are written locally to disk will be scanned by the real-time scanning engine. This allows your system to remain protected even though the actual text content of your messages is not being scanned by OfficeScan.
Before switching to disconnected mode, be sure to review the Disconnected Client Information page. Once you have read the page, understand the consequences, and still wish to proceed, you can follow the instructions outlined in the next paragraph.
In order to switch from connected to disconnected mode, you must download the Client Transfer Tool and save it to your computer. Once you have downloaded the tool, navigate to the folder in which you saved it and run the command:
ipxfer.exe -s mssg-osce-disconnected.rutgers.edu -p 80 -m 1 -c 8081
This will switch your client to report to the mssg-osce-disconnected.rutgers.edu server, which does not and never will exist. Your client will not receive settings from or report settings to any server after this. To verify the change, you will see the OfficeScan Client icon in the system tray change status. In addition, you can review this FAQ to verify that your computer is reporting to the correct server.
If you wish to switch back to connected mode, follow the instructions below. You can select one of the active OIT servers or contact your system administrator if your department is running its own server.
To determine the server your system is reporting to, perform the following steps:
WARNING:
This topic involves advanced techniques with Windows. You should only perform this if you are
comfortable using command-line tools and know what you are doing. An incorrectly configured system
could be left vulnerable to viruses and spyware.
Before changing the server that your system reports to, you will need to know the fully qualified DNS domain name of the new server and the port that the OfficeScan server is running on, which is usually port 80. Once you have this information, download and save the Client Transfer Tool to your computer and then do the following:
ipxfer.exe -s <server name> -p <server port> -m 1 -c 8081
where <server name> is the DNS name of the new server and <server
port> is the port the server is listening on.If you wish to use an OIT server, select an active one from the OIT server list.
Roaming mode clients will only get pattern updates from the server when the updates are manually deployed by an administrator or when a normally scheduled update occurs. They do not receive any other notifications from the server. This mode is typically used for laptop users on low bandwidth dialup or wireless connections who only wish to receive the absolute minimum communication from the server.
To enable or disable roaming mode:
The configuration settings for the OfficeScan Client reside in 2 INI files and the system registry. To back up your settings, back up the INI files and the registry settings specified below:
C:\Program Files\Trend Micro\OfficeScan Client\ofcscan.iniC:\Program Files\Trend Micro\OfficeScan Client\ous.iniHKEY_LOCAL_MACHINE\Software\TrendMicro (32-bit client)HKEY_LOCAL_MACHINE\Software\Wow6432Node\TrendMicro (64-bit client):
PC-cillin\MailScanPC-cillinNTCorp\CurrentVersion\Internet SettingsPC-cillinNTCorp\CurrentVersion\Manual Scan ConfigurationPC-cillinNTCorp\CurrentVersion\Misc.PC-cillinNTCorp\CurrentVersion\PFWPC-cillinNTCorp\CurrentVersion\Prescheduled Scan ConfigurationPC-cillinNTCorp\CurrentVersion\Real Time Scan ConfigurationPC-cillinNTCorp\CurrentVersion\Scan Now ConfigurationPC-cillinNTCorp\CurrentVersion\Schedule UpdateYou should also backup your firewall settings if you have enabled the OfficeScan firewall.
If you are running Microsoft SQL Server, you should exclude the folders holding your databases, the log files, and database backups. OfficeScan can scan these folders, however, doing so may impact the performance of the databases as they tend to be quite read/write intensive.
If you are running Microsoft Exchange Server, you should exclude the following folders from scanning:
Exchsvr\MdbDataExchsvr\MtaDataExchsvr\<server name>.logExchsvr\Mailroot (and subfolders)Exchsvr\SrsDataExchsvr\MdbDataUtilityExchsvr\MdbDataExchsvr\MtaDataExchsvr\<server name>.logExchsvr\Mailroot (and subfolders)Exchsvr\SrsData%SystemRoot%\system32\InetsrvExchsvr\ImcData\InExchsvr\ImcData\OutExchsvr\MdbDataThe logs are located in the <OfficeScan install folder>\report folder. By
default, RADS/OfficeScan is installed in the C:\Program Files\Trend Micro\OfficeScan
folder. The name of the log file will correspond to the date on which the scheduled scan was run.
If you are running firewall software on your system or are behind a hardware firewall, you will need to open inbound TCP port 8081. This was the same port that previous versions of RADS used, so you may not need to configure this again. If you choose not to open this port, your system will not receive automatic update notifications from the server. It will rely on scheduled updates to get the latest components and pattern files.
If you wish to open up port 8081 to specific IP addresses only and are using the OIT RADS servers, check the OIT server list below for the names and status of the OIT servers.
If your client is reporting to a non-OIT server, check with your system administrator.
The firewall settings for the OfficeScan Client are installed in the PFW folder
inside of the client installation folder, which is by default C:\Program Files\Trend
Micro\OfficeScan Client.
To backup your firewall settings:
C:\Program Files\Trend Micro\OfficeScan Client\PFW to
another location such as a USB key drive or elsewhere on your computer.To restore your firewall settings:
C:\Program Files\Trend Micro\OfficeScan
Client\PFW.The IDS feature of OfficeScan protects your system against the following intrusions:
When the OfficeScan Enterprise Client Firewall detects these attacks, it will simply drop the packets and log the appropriate information to the firewall log. Normal traffic will continue to flow.
The various OfficeScan system tray icons are described in the table below:
| Icon | Description | Real-time Scan Status | Manual / Scheduled Scan Status |
|---|---|---|---|
 |
Client operating in connected mode | Enabled | Enabled |
 |
Client operating in connected mode but the pattern file is outdated | Enabled | Enabled |
 |
Scan Now, manual scan, or scheduled scan is running | Enabled | Enabled |
 |
Client operating in connected mode but the real-time scan feature has been disabled | Disabled | Enabled |
 |
Client operating in connected mode but the real-time scan feature has been disabled and the pattern file is outdated | Disabled | Enabled |
 |
Client operating in connected mode but the real-time scan service is not running | Disabled | Disabled |
 |
Client operating in connected mode but the real-time scan service is not running and the pattern file is outdated | Disabled | Disabled |
 |
Client operating in disconnected mode | Enabled | Enabled |
 |
Client operating in disconnected mode but the pattern file is outdated | Enabled | Enabled |
 |
Client operating in disconnected mode but the real-time scan feature has been disabled | Disabled | Enabled |
 |
Client operating in disconnected mode but the real-time scan feature has been disabled and the pattern file is outdated | Disabled | Enabled |
 |
Client operating in disconnected mode but the real-time scan service is not running | Disabled | Disabled |
 |
Client operating in disconnected mode but the real-time scan service is not running and the pattern file is outdated | Disabled | Disabled |
 |
Client operating in roaming mode | Enabled | Enabled |
 |
Client operating in roaming mode but the pattern file is outdated | Enabled | Enabled |
 |
Client operating in roaming mode but the real-time scan feature has been disabled | Disabled | Enabled |
 |
Client operating in roaming mode but the real-time scan feature has been disabled and the pattern file is outdated | Disabled | Enabled |
 |
Client operating in roaming mode but the real-time scan service is not running | Disabled | Disabled |
 |
Client operating in roaming mode but the real-time scan service is not running and the pattern file is outdated | Disabled | Disabled |
The table below shows the list of our servers and their current status:
| Server Name | Server Port | Status |
|---|---|---|
| mssg-osce-c1.rutgers.edu | 80 | Online |
| mssg-osce-c2.rutgers.edu | 80 | Online |
| mssg-osce-c3.rutgers.edu | 80 | Online - Default for new clients |
| mssg-osce-c4.rutgers.edu | 80 | Inactive |
| mssg-osce-c5.rutgers.edu | 80 | Inactive |
Each server listed above is actually a 2 node, fault tolerant Windows 2003 Server Enterprise cluster. In the event that of the cluster nodes fails, the other node will automatically take over for it.
The table below describes the processes and services associated with RADS 4.0 / Trend Micro OfficeScan Client:
| Process / Service | Description |
|---|---|
| OfficeScanNT Listener | Service that communicates with the OfficeScan / RADS server to retrieve updates, report status, etc. |
| OfficeScanNT Personal Firewall | Service that enables the firewall features of OfficeScan Client |
| OfficeScanNT RealTime Scan | Service that handles scanning of files that are being written to (and optionally read from) the local disk |
NTRtScan.exe |
Executable for OfficeScanNT RealTime Scan service |
OfcPfwSvc.exe |
Executable for OfficeScanNT Personal Firewall service |
PccNTMon.exe |
OfficeScan Client monitor that runs in the system tray to inform you of changes in the status of your client |
TmListen.exe |
Executable for OfficeScanNT Listener service |
PccNtUpd.exe |
May be running if the client is in the middle of an update process |
| Random Name | You may see a strange, randomly named process running on your system as well. This
is most likely the OfficeScan WatchDog process. Some viruses attempt to disable antivirus
software as soon as they infect a machine. The WatchDog process is randomly named so that
viruses cannot kill it. It will automatically restart the OfficeScan processes should
they be killed by a virus. This application typically runs from the TEMP folder inside of the Windows installation folder, typically C:\WINDOWS. If you view the EXE through explorer, the icon should appear as a small dog:  |
The list above is for Windows NT/2000/XP/2003 systems. Executable names may vary slightly for Windows 95/98/ME systems.