by lunarg on April 22nd 2015, at 12:58

The Trend Micro OfficeScan AEGIS engine may cause a desktop not to load during logon, resulting in a black screen with only the mouse cursor visible. The process explorer.exe is not loaded, nor can it be loaded through Task Manager.

The problem usually occurs on provisioned desktops, either through VDI (VMWare View) or some other 3rd party management solution (Dell Kace, etc). Various components of these solutions hook into key Windows components (Winlogon, Explorer extensions, etc), and are then being blocked by the Trend Micro Behavioral Analysis service (the AEGIS-engine).

A workaround is to either whitelist all the components, but this is often not a straight-forward solution. Another more attainable method is to work around the issue by disabling the Trend Micro AEGIS engine altogether.

  1. From the OfficeScan server, browse to the ...\PCCSRV folder.
  2. Open the file OFCSCAN.INI with Notepad.
  3. Look for the line:
  4. Change it to:
  5. Save the file.

Push the changes to the clients:

  1. Log onto the OfficeScan management console.
  2. In the menu, expand Networked Computers, and open the global client settings.
  3. Without changing anything, click Save.
  4. On the client machine, wait for the configuration changes to propagate, or update them manually (OfficeScan icon in the system tray > Update now), then reboot the client.

To verify that AEGIS is turned off, open services.msc, look for the service Trend Micro Unauthorized Change Prevention Service, and check:

  • Status: not running
  • Startup type: Manual
« February 2024»
« If the batteries of a TV remote run out, why do we press the buttons so much harder? »