Friday 9 September 2016

Win10 and TrendMicro OfficeScan - ANOMALY: use of REX.w is meaningless

For a few days now, I get the message:

[0x7FFAD4C870E3] ANOMALY: use of REX.w is meaningless (default operand size is 64)

when calling pretty much any network related command in a cmd-shell. This is the case for both normal and elevated shells.

The symptom went away when disabling TrendMicro OfficeScan on my machine.

It probably came with the latest patch from TrendMicro to provide compatibility with Win10 anniversary edition:

Apart from that, there are no negative effects on my system so far.

UPDATE:

Read on --> HERE <-- for the follow-up

6 comments:

  1. if you disable
    "Enable program inspection to detect and block compromised executable files (Server platforms excluded"
    it wil go away

    ReplyDelete
    Replies
    1. Related, as a work-around you can stop the error from occurring on a specific command if you add it to the Exception List of Behaviour Monitoring (Settings > Protection > Behaviour Monitoring).

      The ANOMALY error was breaking one of my scripts that relied on Ping output, so I added PING.EXE to the Exception List, allowing my script to function correctly.

      Delete
    2. OfficeScan Web Console->Agents->Agent Management->Settings->Behavior Monitoring Settings, untick "Enable program inspection to detect and block compromised executable files (Server platforms excluded)"

      Then Apply to All Agents. Enable it back once OfficeScan release new patch to fix this patch problem.

      Delete
  2. Contact Trend suport for latest hotfix 6178 it have resulved it on my system

    ReplyDelete
    Replies
    1. I contacted their support and they promised to send the patch. - Thank you!

      Delete