Tuesday, January 6, 2015

Stupid TrendMicro Windows 98 User Agent

In the world of security, software that lies about what it really is, is technically malicious software.
Its bad enough the bad guys do this, so we shouldn't have supposedly legitimate software sporting false user-agent strings.

I've been googling around this for a while to see if there is a way to get this modified. Haven't found a solution yet. If you don't know what I am talking about. The user agent string sent by its update service says it is a windows 98 machine. If you are running TrendMicro Anti-virus and also run some kind of network discovery software, or network intrusion systems; you probably already noticed this and are completely annoyed like I am.

Below is the user agent string in a network packet.

& èíÈd1P. u E 7 /@€ HÔÀ¨ FØD
‹Ü¸Pne ×û/U P   g;GET /activeupdate/server.ini HTTP/1.1
Host: wfbs-svc30-p.activeupdate.trendmicro.com:80
User-Agent: Mozilla/4.0 (compatible;MSIE 5.0; Windows 98)
Accept: */*
Pragma: No-Cache
Cache-Control: no-store, no-cache
Connection: Close

I hope to get a ticket into Trend Micro about this and see if there is anything they can do to fix this issue. Either Way, I will post my findings.

1 comment:

  1. January 2017 and Trend Micro still uses the Windows98 UA. This reported from my IDS from Trend agent version 12.0.1222 Office Scan XG.