Platform Support:


Additional Notes


Platform Support:

The Core Protection Module currently supports the following platforms:



Windows 2008


CPM Dashboard Terms


Scanning from CPM Dashboard

On Demand scans are user initiated scans or a scheduled scan and can be initiated using the "New On-Demand Settings Task Wizard".

To configure a Scan select Create Scan Task from New On-Demand Settings Task Wizard, create the Task, and Save. Open the new Task under On-Demand Settings: Run On-Demand Scan [Core Protection Module] and deploy as a Policy configuring runtime frequency in the Execution Tab without an expiration date. Other options can also be configured in the Task such as Target, Users, Messages, etc.

To configure a Task to configure settings, use Create Configuration Task from the Wizard, create a new Task, Save the Task, and then open this newly created Task under On-Demand Settings: Configure Default On-Demand Scan Settings [Core Protection Module] to deploy as a Policy and specify such options as Target, Execution, Messages, etc.


Real-time scan protects the system in real-time and is constantly running and detecting real-time activities.

Real-time scans run constantly and do not need to be deployed like an On-Demand Scan however settings be configured using "New Real-Time Settings Task" and can be configured like other BES Tasks for Target, Execution, Messages, etc.

  1. What is the best settings/policy for on-demand scan?
  2. What is the best settings/policy for real-time scans? How should this be setup and used?


Recommended Scan-Exclusion List

Database and encrypted type files should generally be excluded from scanning to avoid performance and functionality issues. Below are exclusions to consider depending on the type of machine you are installing the OfficeScan client on.

General Exclusions for all Windows platforms


Microsoft Active Directory Domain Controller

Microsoft IIS Server: Web Server log files should be excluded from scanning. By default.

Domino Data Directory: The data directory is used to store Domino email messages. Repeated scanning of this folder while it is being updated with new messages is not an efficient way to scan locally stored email. Use virus scanning applications like ScanMail for Domino to handle email viruses. By default, the Domino data directory for a non-partitioned installation:

Cisco CallManager

Microsoft SQL Server: Because scanning may hinder performance, large databases should not be scanned. Since Microsoft SQL Server databases are dynamic, exclude the directory and backup folders from the scan list. If it is necessary to scan database files, a scheduled task can be created to scan them during off-peak hours.

Cluster Servers

Microsoft Sharepoint Portal Server

Microsoft Systems Management Server (SMS)

Microsoft Operations Manager Server (MOM)

Microsoft Operations Manager

Microsoft Internet Security and Acceleration Server (ISA)

Microsoft Windows System Update Server (WSUS)

VMWare Other file extension types that should be added to the exclusion list include large flat and designed files, such as VMWare disk partition. Scanning VMWare partitions while attempting to access them can affect session loading performance and the ability interact with the virtual machine. Exclusions can be configured for the directory(ies) that contain the Virtual Machines, or by excluding *.vmdk and *.vmem files. Microsoft Exchange Server Exclude the directory or partition where MS Exchange stores its mailbox. Use virus scanning applications like ScanMail for Exchange to handle email viruses. Installable File System (IFS) drive M must also be excluded to prevent the corruption of the Exchange Information Store. Exchange 5.5

Exchange 2000

Exchange 2003

Exchange 2007 See exclusions required for the various Exchange 2007 roles Mapped Drives / Shared Folders This option is best disabled. If it is enabled, it may create unnecessary network traffic when the end users access remote paths or mapped network drives. It can severely impact the user’s experience. Consider disabling this function if all workstations have OfficeScan client installed, and updated to the latest virus signature.

Volume Shadow Copies Backup process takes longer to finish when real-time scan is enabled. There are also instances when real-time scan detects an infected file in the volume shadow copy but cannot enforce the scan action because volume shadow copies have read-only access. It is also advisable to apply the latest Microsoft patches for the Volume Shadow Copies service:

Other Trend Micro Products Make sure the check box for Exclude from scanning the directories where Trend Micro products are installed is enabled in OfficeScan’s Exclusion List settings.

Additional References:


CPM Agent Information

To ensure the installation process was completed properly, please check the following verification list.

x86 system:

x64 system:

x86 system:

x64 system:

  1. The following services are created and running:
  2. The following registry keys exist:
  3. The following folders exist:
  4. The following registry key is set to corresponding program version of CPM package (ex.1.0):

CPM Agent Logging

To enable debug logging for the CPM client:






  1. Create a file ofcdebug.ini with the following content in C:\Program Files\Trend Micro\OfficeScan Client\
  2. Run Logserver.exe from C:\Program Files\Trend Micro\OfficeScan Client.

Additional logging can be found:

C:\Program Files\Trend Micro\Core Protection Module\Bin\AU_Data\AU_Log