RE: Trend Micro Officescan for Win2k strange behaviour
From: Seth Hall (seth_at_iotaengineering.com)
To: <email@example.com> Date: Thu, 15 Jul 2004 17:09:49 -0700
You don't have to be an administrator of the local machine to start and
By default, members of the Power Users group have the ability to stop
and start services on their local computer, which is probably what you
are logged on as. Members of the Users group cannot, by default, stop
and start services. I was able to stop my officescan service from a
Power User account, but not from a User account (just checked to make
sure Trend hadn't put in any proprietary settings).
Your net admin should either not be giving out power user status or
should be locking down services so that members of the Power Users group
cant control their stop/start (which may or may not be possible).
Trend is powerless against incorrect configuration, I'd imagine.
From: Marco Monicelli [mailto:firstname.lastname@example.org]
Sent: Wednesday, July 14, 2004 2:28 AM
Subject: Trend Micro Officescan for Win2k strange behaviour
I've noticed the following "weird" behaviour of the Trend Micro
client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for
The AV client is protected for unloading the Realtime Scan agent
for a password (which I don't know of course). Moreover I have NOT admin
rights which allows me to perform a full system scan but not to unload
client and/or the realtime protection.
Playing with the "net" command on a DOS prompt, I found out that the AV
launches itself and the realtime prot as services automatically. Then I
tried to stop the services with the simple command
net stop "OfficeScanNT Listener"
net stop "OfficeScanNT RealTime Scan"
Guess what? The two services have been successfully stopped from my
What do you guys think of this? Should I advise the AV Company of this
this is normal behaviour?
Tnx for feedback.
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625