UPDATE: 12/7 – We have released a KB article to provide more information.
- Role back the definition update. Ensure the servers and client machines get this update – I’ve been told this started making things work.
- Stop AV scan on the SharePoint servers. Replace/restore any missing/quarantined files. Roll back or roll past the update on the client machines.
This post should NOT serve as the definitive guidance for this issue. Please contact TrendMicro support for the correct guidance. This post is meant to be an advisory post.
If you’re running TrendMicro on SharePoint Servers, it’s critical to have the proper file exclusions in place. See the KB below for proper info.
UDPATE: Info from TrendMicro
“December 6, 2016: Trend Micro received several customer reports of a false alarm (FA) detection on what is believed to be a file related to Microsoft SharePoint: “initstrings.js” with the detection name of JS_NEMUCOD.SMAA15 using the Official Pattern Release (OPR) of 12.941.00.
As of 15:15 GMT, Trend Micro has removed OPR 12.941.00 from our global ActiveUpdate (AU) servers and is in the process of uploading a rollback version of the last known good pattern file (12.943.00).
The Global Smart Scan version of 12.943.00 is available now (as of approximately 15:40 GMT) and the conventional version of the pattern is estimated to be available by 17:00 GMT.”