August 3, 2018

USB Access Through Trend Office Scan


After gaining administrator privilege then gaining access to USB thumb drive available. It’s identified that a software name Micro Trend Office Scan is responsible for controlling the device. But one flaw is found, it takes time to load the service thus giving the user a chance to disable the service even further disable the password, lastly even uninstall.


The data was obtained by simulating the bypass of my own laptop, not even using my Windows but using a virtual machine with Windows 7 in it. Then I downloaded Micro Trend Office Scan, asked for trial for 30 days, and install in my Windows 7 virtual machine. In other words an environment similar to the host was created, not performing on the real host.


As in Figure 5, “Micro Trend Office Scan” is responsible for blocking USB Thumb Drive Access. There’s a time limit to unblock this. At the beginning after restarting the PC:
a)      Quickly login.
b)      Quickly go to services (you may type “services” in search bar).
c)       Disable TMBMServer shown on Figure 6.
d)      Now data transfer is possible as shown on Figure 7.
e)      To disable password, edit the registry.
f)   Edit the value of “NoPwdProtect” at “HKEY_LOCAL_MACHINE\SOFTWARE\ TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.” from “0” to “1”.
g)      There is also “Allow Uninstall” and you may edit.
h)      Figure 8 shows Micro Trend Office Agent unlocked.
This method is one at a time use only. I meant that you have to repeat these steps again if you reboot your PC. Further action needed if you want to maintain the access which will be explained at the next section.
Figure 5. Unable to perform data transfer using flash disk
Figure 6. Disabling Trend Micro Unauthorized change
Figure 7. Able to perform data transfer using flash disk

Figure 8. Unlock office scan agent 

No comments:

Post a Comment