• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

Client Server Messaging Security 3.5/3.6 Issues – Resolution

December 8, 2007 by Wayne Small 2 Comments

Trend have passed the following information for me to inform the community about this issue. In short – there are 4 similar issues – some of which are resolved by existing hot fixes that have been available for some time – others using new hot fixes. In addition Trend will release on December 15, a roll up of a number of hot fixes specifically for CSM 3.5/3.6.

Please review it as there are multiple solutions dependant on the issue you see specifically.

If you find that you try these solutions and they do not resolve the issues you are seeing, please ensure you contact your local Trend Support line and lodge the case with them citing the specific patches that you have installed already.

I’d like to thank Trend for working with us in the community to get to a resolution on this quickly. Thanks also to those of you who emailed me your case numbers – this helped them more quickly identify a number of seeming unrelated cases.

Problems

1. Machine boots up slowly with heavy disk IO

2. Computer performance is slow during start up and DCE (tsc.exe) keeps running for a long time after start up
3. High memory utilization
4. Overuse of kernel memory prevents the system drivers and applications from working properly

Phenomenon, Root cause, Solutions, and References of the Problems

1. Machine boots up slowly with heavy disk IO

Phenomenon: Heavy disk IO causes the machine to boot slowly. Using a performance monitor to observe the CSA process (pccntmon.exe), the IO graph peaks continuously.

clip_image002

Fig. 1: Performance of the CSA process using a performance monitor

Root Cause: A CSA function needs to traverse the CSA folder. If the login user profile setting (My Documents path) is on a remote machine, this problem arises.

Solution: CSM 3.6 hotfix 1142 (already released). Customers may either get the hotfix through tech-support, or wait for CSM 3.5/3.6 2007 Q4 patch that include this hotfix (available December 15). Customers may download the patch from the following URL:

Client Server Messaging Security:

http://www.trendmicro.com/download/product.asp?productid=39

Client Server Security: http://www.trendmicro.com/download/product.asp?productid=40

Reference: Refer to the following Solution Bank entry: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034528&id=EN-1034528

2. System performance drop down and become slow during start up. DCE (TSC.exe) keeps running for a long time after start up. Ntrtscan.exe s CPU utilization is high.

Phenomenon: Slow start up and tsc.exe is running for extended periods.

Root Cause: When CSA starts, by default, TSC.exe scans for Trojans. Typically, it takes about 10 seconds to complete the scan. However, in a few environments TSC.exe needs much longer times to scan; up to 10 minutes to complete the scan.

Solution: CSM 3.6 hotfix 1159 (already released).
Customers may either get the hot fix through tech-support then follow the hotfix instruction to apply it, or wait for the CSM 3.5/3.6 2007 Q4 patch that includes this hot fix (available December 15). Customers may download the patch from the following URL:

Client Server Messaging Security: http://www.trendmicro.com/download/product.asp?productid=39

Client Server Security: http://www.trendmicro.com/download/product.asp?productid=40

3. High memory utilization

Phenomenon: The memory utilization of CSA increased rapidly after October 2007.

Root Cause: Many new samples have been added to the virus/spyware pattern (signature file) causing its size to increase drastically.

Solution: Trend Micro has optimized the pattern file and released the downsized spyware pattern (5.75) on 11/28/2007. The new pattern reduces at least 15~20 MB memory.
Trend Micro continuously strives to optimize the size of the patterns files.

4. Overuse of kernel memory prevents the system drivers and applications from working properly

Phenomenon: CSA s system resource (kernel mode memory) usage is very high and prevents other applications and/or system drivers from working properly.

Root Cause: Scan Engine 8.55 (released on 10/31/2007) disabled the SystemMapView option, to fix a conflict with Express Mail Server. Disabling the option increased kernel memory utilization by 18~20MB. The growing virus pattern (LPT$VPN.*) also uses kernel memory.

Solution: Enable the SystemMapView option and set the PagePoolSize option to the maximum value.

Customers can contact technical support and ask for the hotfix and a server-side tool that can automate this process for all clients.

Note: These settings are retained during upgrades.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: TrendMicro

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. Andy Haigh says

    December 10, 2007 at 5:26 pm

    Hi Wayne,
    It seems patch 1159 was never released as an English version. Trend support are telling me to use patches 1154 and 1158 to fix the problems!!

    Reply
  2. Mental Alertness says

    April 24, 2014 at 10:02 am

    Hi I am so grateful I found your blog page, I really
    found you by accident, while I was researching on Google for something else, Nonetheless I am here
    now and would just like to say thanks for a incredible post and
    a all round exciting blog (I also love the theme/design), I don’t have time to read through it all at
    the moment but I have bookmarked it and also included your RSS feeds, so when I
    have time I will be back to read a great deal more, Please do keep up the excellent job.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in