Blog Post

Core Infrastructure and Security Blog
2 MIN READ

WARNING: Issue with Trend Micro AV definitions affecting SharePoint

ronalg's avatar
ronalg
Icon for Microsoft rankMicrosoft
Feb 08, 2019

First published on MSDN on Dec 06, 2016
UPDATE: 12/7 - We have released a KB article to provide more information.
https://support.microsoft.com/en-us/kb/3211219

I've been alerted to an issue with Trend Micro antivirus scanners causing problems for SharePoint, and reporting SharePoint files as being infected with a virus. Apparently there was an issue with the updates released sometime last night/this am, which flagged SharePoint javascript files (initstrings.js, maybe others) as being infected on both the client and server. I believe Trend Micro updated their AV definitions at noon eastern time on 12/6/2016(today) to address this problem. I understand that there are at least two options to resolve this, as told to me by SharePoint farm owners.

    1. Role back the definition update. Ensure the servers and client machines get this update - I've been told this started making things work.

 

    1. Stop AV scan on the SharePoint servers. Replace/restore any missing/quarantined files. Roll back or roll past the update on the client machines.



This post should NOT serve as the definitive guidance for this issue. Please contact TrendMicro support for the correct guidance. This post is meant to be an advisory post.

If you're running TrendMicro on SharePoint Servers, it's critical to have the proper file exclusions in place. See the KB below for proper info.

https://support.microsoft.com/en-in/kb/952167



UDPATE: Info from TrendMicro

https://success.trendmicro.com/product-support/officescan-xg
"December 6, 2016:
Trend Micro received several customer reports of a false alarm (FA) detection on what is believed to be a file related to Microsoft SharePoint: “initstrings.js” with the detection name of JS_NEMUCOD.SMAA15 using the Official Pattern Release (OPR) of 12.941.00 .

As of 15:15 GMT, Trend Micro has removed OPR 12.941.00 from our global ActiveUpdate (AU) servers and is in the process of uploading a rollback version of the last known good pattern file ( 12.943.00 ).

The Global Smart Scan version of 12.943.00 is available now (as of approximately 15:40 GMT) and the conventional version of the pattern is estimated to be available by 17:00 GMT."

Updated Apr 28, 2020
Version 3.0
No CommentsBe the first to comment