How to configure Malwarebytes and Trend Micro OfficeScan XG to avoid conflicts

Document created by rsullinger Employee on Aug 15, 2017Last modified by rsullinger Employee on Aug 23, 2017
Version 7Show Document
  • View in full screen mode

Configuration on the management console

 

  1.  First, open up the management console and click on the policy pane.

 


 

2. From there, open up the policy you wish to configure and click on the Protection tab. Once there, ensure that the Startup Delay is enabled and set.

 

 

3. After that, click on the Ignore List tab and add these items to the ignore list:

 

C:\Program Files (x86)\Trend Micro\*
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\*
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\ProgramData\Trend Micro\*
C:\Windows\system32\drivers\tmactmon.sys
C:\Windows\system32\drivers\tmcomm.sys
C:\Windows\system32\drivers\TMEBC64.sys
C:\Windows\system32\drivers\tmeevw.sys
C:\Windows\system32\drivers\tmevtmgr.sys
C:\Windows\system32\drivers\tmlwf.sys
C:\Windows\system32\drivers\tmnciesc.sys
C:\Windows\system32\drivers\TMUMH.sys
C:\Windows\system32\drivers\tmusa.sys
C:\Windows\system32\drivers\tmwfp.sys
C:\Windows\System32\tmumh\*
C:\Windows\SysWOW64\tmumh\*
C:\Windows\System32\DriverStore\FileRepository\*
C:\Windows\appcompat\Programs\Install\*
C:\Windows\INF\Perf_iCrcPerfMonMgr\*
C:\Windows\System32\log\*

 

That will ensure that Trend Micro is excluded on the Management console side.

 

Configuration on the cloud platform

 

 

1. Log into the cloud platform and go to the settings > exclusions pane to enter in these exclusions:

 

C:\Program Files (x86)\Trend Micro\*
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\*
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\ProgramData\Trend Micro\*
C:\Windows\system32\drivers\tmactmon.sys
C:\Windows\system32\drivers\tmcomm.sys
C:\Windows\system32\drivers\TMEBC64.sys
C:\Windows\system32\drivers\tmeevw.sys
C:\Windows\system32\drivers\tmevtmgr.sys
C:\Windows\system32\drivers\tmlwf.sys
C:\Windows\system32\drivers\tmnciesc.sys
C:\Windows\system32\drivers\TMUMH.sys
C:\Windows\system32\drivers\tmusa.sys
C:\Windows\system32\drivers\tmwfp.sys
C:\Windows\System32\tmumh\*
C:\Windows\SysWOW64\tmumh\*
C:\Windows\System32\DriverStore\FileRepository\*
C:\Windows\appcompat\Programs\Install\*
C:\Windows\INF\Perf_iCrcPerfMonMgr\*
C:\Windows\System32\log\*

 

2. Go into the policy pane and edit a policy on Endpoint protection. Find the same option for start up deal and enable it as well.

 

 

That is all you need to configure for the cloud platform.

 

Configuration on Trend Micro OfficeScan XG

 

For the trend exclusions, please download these files to assist in the configuration. 

 

1. First thing to do – please import list of trusted programs. these settings supposed to override all other behavioral modules and globally whitelist trusted processes for all the rest of modules.

 
click on “Import” and set up to the file from the download link above – TrustedProgram.dat.
It should look like this when completed:
 
 
 
2. Set up exclusions for Behavioral Monitoring as this module also tries to interfere with Mbam and MB3.
 
 
 
copy and paste contents of “behavior monitoring exclusions.txt
 
3. Lastly, from the file SHA1.txt, the SHA-1 list for all Malwarebytes Processes, DLLs and Drivers will needed to be added. This will make them not be detected by the Predictive Machine Learning technology. There is no way to automate import the process so you will have to insert lines one by one manually.
 
 
Once you do that, you should be configured in both Malwarebytes and Trend Micro OfficeScan XG to have both products work side by side. 

Attachments

    Outcomes