ntrtscan.exe – What is it, & How to Fix High CPU/Memory?

ntrtscan.exe file is a process for the software suite called Trend Micro Office Scan. It is developed and maintained by Trend Micro Inc. It is a Tokyo-based multinational company that was founded in Los Angeles by Steve Chang in 1988. Trend Micro Inc. provides cybersecurity, defense services and develops security software for servers, networks, etc. on an enterprise level.

ntrtscan.exe

It also facilitates security products for virtualization and cloud-based environments like VMware, Amazon AWS, Google Cloud Platform, etc.

The full form of ntrtscan is Network Real-Time Scan Service. 

File Size & Location

Ntrtscan.exe file is located under the C:\Program Files (x86)\Trend Micro\OfficeScan Client\ directory and the average size is approx 10.5 MB.

File Name:ntrtscan.exe
File Size:10.52 MB or 11.08 MB
File Location:‘C:\Program Files (x86)\Trend Micro\OfficeScan Client\’
Publisher:Trend Micro Inc.

Uses

As mentioned earlier, ntrtscan.exe is a process for Trend Micro Office Scan. The ntrtscan.exe process is responsible for running the Network Real-Time Scanner which performs regular security scans on its clients.

It is generally used for enterprise networks. The Trend Micro Office Scan Suite provides security services to its clients via a cloud-based system and automatically deploys software updates, notification messages, and other security settings.  

Is ntrtscan.exe safe or a virus?

It is completely safe, legitimate, and very unlikely to cause any harm to your system, but there is always a possibility for it to be used as a virus to run malicious activities. Thus, there are some ways by which you can determine if it is legitimate or a virus. Try these methods –

Checking the location

Go to Task Manager > Details, right-click on the ntrtscan.exe process to choose Open file location. Now verify the directory and make sure that it is running from the following location –

C:\Program Files\trend micro\officescan client\

Checking the Digital Signature 

You also check the executable file’s Properties>Digital signature and verify if it is from a trusted vendor.

Error Common Errors of ntrtscan & How to fix it

Many users have complaints that ntrtscan.exe consuming high CPU or memory on their Windows system. Many times this service stopped too. Below are few simple methods that can be used to fix this issue.

Ntrtscan.exe process takes High Disk I/O Operation :

The ntrtscan.exe process can take up high disk input/output operations sometimes. This will make your disk slow, ultimately slowing down your system. This can happen even when the Real-Time Scan is disabled.

This problem is often encountered when a user installs an application that stores/handle large files. Softwares like SQL and VMWare can cause such issues.

One very efficient way to fix this problem is by disabling the Digital Signature cache on the machine that is causing that problem.

  • Open the Web Console of the OfficeScan’s Server.
  • Navigate to Agents > Agent Management.
  • Select the Machine/Group that needs to be configured.
  • Go to Settings > Privileges and Other Settings, then to the Other Settings
  • Un-check the checkbox that says – “Enable the digital signature cache”, which can be found under Cache Settings for Scan.
  • Save it and wait for the operation to complete.

Now, check the I/O operations. It should get back to normal.

High CPU Usage

Due to high CPU usage on the Office Scan Server, it becomes difficult to make a server, and the OfficeScan software starts lagging and performs slowly.

This happens when multiple instances or copies of CGI processes or dbserver.exe are running simultaneously. The errors show up when you try to apply the latest update patch for OfficeScan.

To fix this error, you need to restart the server that hosts OfficeScan. This will clear out all the extra instances.

For further diagnosis, you can do the following:

  • Open Windows Services, press WIN + R, type – ‘services.msc’, and hit Enter
  • Then, Stop the OfficeScan Service.
  • Open Windows Explorer using WIN + E and go to the following location:

‘C:\Program Files\Trend Micro\OfficeScan\PCCSRV\HTTPDB’

  • If there is a *.TMP file inside the HTTP directory, then the database must have been corrupted.

You can simply fix this issue by:

1. Make sure to backup all the contents under the HTTPD directory.

2. Delete everything inside the HTTPD directory.

3. Restart the services in the sequential order as listed below –

(a) Web Server.

(b) Trend Micro OfficeScan Master services.

4. Clear Web Browser data such as History, Cache, and Cookies. 

Now, to ensure that the issue has been resolved:

1. Open the OfficeScan Management Console and log on.

2. Open the Task Manager and see if there are still multiple processes of CGI running.

3. Now, download the latest OfficeScan Patch and install it.

Office-Scan slows down the SCCM server and it locks up.

SCCM stands for System Centre Configuration Manager.

Enabling the OfficeScan Real-Time scanner can slow the SCCM server and it can lockup the system as well.      This becomes hard to diagnose as there won’t be any sign of High CPU or memory usage by a system process.

To check, you can go to the following directory – ‘D:\Microsoft Configuration Manager\inboxes\’ and see if there is a large number of *.RPL and *.TRS files created. These files are maintained by SCCM and a large amount of these files will indicate that the SCCM is not working properly. If that’s the case then you need to follow the steps as mentioned below to fix the issue:

1. Go to the OfficeScan server on the client and locate the path where the OfficeScan server was installed, i.e., ‘C:\Program Files\Trend Micro\OfficeScan\PCCSRV\HTTPDB’ (default location).

2. Open the ini file to edit.

3. Search for the parameter called ‘TmfilterDisableCtProcCheck=’ and change its value to 1. The default value is either ‘-1’ or ‘0’ depending on the OSCE version you have.

4. Save the file.

5. Now, Log on to the OfficeScan Management Console, go to the Global Client Settings and Save it.

6. To verify, on the client’s system, navigate to the following registry location – “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TmFilter\Parameters”, and make sure that the DWORD: DisableCtProcCheck has a value of ‘1’. 

uninstall How to Remove or Delete ntrtscan.exe

I would suggest you not to remove any software that is completely legit and is not harmful. But, if you still want to uninstall this software, you can do it by following these steps:

As ntrtscan.exe is a process of Trend Micro Antivirus, we will have to remove the whole software package to get rid of it.

1. Press the combination of WIN + R, type appwiz.cpl, and click on OK button

appwiz cpl

2. Search for Trend Micro Antivirus, right-click to Uninstall it.

Search program and features trend micro antivirus

Conclusion :

This was all about the ntrtscan.exe file. I have tried to cover all the details, errors, and their fixes regarding ntrtscan.exe. Please let us know if you are facing some other errors that I haven’t listed.

And, feel free to comment if you have any doubts or queries.

nv-author-image

Ankita

Founder and Writer @ WinOSBite. Future plan is to make this platform open to community to resolve and discuss various issues, usage related to Operating System.

Leave a Reply

Your email address will not be published. Required fields are marked *