Enable USB Drive Scanning on insertion - Need advice

Hi everyone,

I am having problem configuring endpoints installed with Bigfix Protection. I have used the wizard to create a Real-Time Scan setting fixlet and deployed out to the clients. However the setting “EnableRTScanUSBInsert = 1” does not have any effects as the analyse (Returns every report) returns “none” even though the fixlet is completed with no error.

Server and clients are on 9.5.1. Trend Micro are mostly on ver 11 SP1. I have no physically plugged in any USB as the bigfix instance is located in China. Any advise?

Some information from logs are below:

Extracted from realtime.ini
[Global Setting]
EnableRTScanUSBInsert = 1

Client Log extracts
Relevant - TM - Real-Time Scan Settings - All Clients (fixlet:27786)
At 11:50:06 +0800 -
ActionLogMessage: (action:27786) Action signature verified for Execution
ActionLogMessage: (action:27786) starting action
At 11:50:09 +0800 - actionsite (http://SERVER/cgi-bin/bfgather.exe/actionsite)
Command succeeded delete No ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\actionsite\realtime.ini’ exists to delete, no failure reported (action:27786)
Command succeeded delete “C:\Program Files (x86)\Trend Micro\Core Protection Module\realtime.ini” (action:27786)
Command succeeded createfile until (action:27786)
Command succeeded copy __createfile “C:\Program Files (x86)\Trend Micro\Core Protection Module\realtime.ini” (action:27786)
Command started - waithidden “C:\Program Files (x86)\Trend Micro\Core Protection Module\TMCPMCLI.exe” CONFIG -i “C:\Program Files (x86)\Trend Micro\Core Protection Module\realtime.ini” (action:27786)
At 11:50:40 +0800 - actionsite (http://SERVER/cgi-bin/bfgather.exe/actionsite)
Command succeeded (Exit Code=0) waithidden “C:\Program Files (x86)\Trend Micro\Core Protection Module\TMCPMCLI.exe” CONFIG -i “C:\Program Files (x86)\Trend Micro\Core Protection Module\realtime.ini” (action:27786)
Command succeeded regset “[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM]” “SetCPMRealTimeSettingsActionID”=“27786” (action:27786)
At 11:50:41 +0800 -
ActionLogMessage: (action:27786) ending action
At 11:50:41 +0800 - actionsite (http://SERVER/cgi-bin/bfgather.exe/actionsite)
Not Relevant - TM - Real-Time Scan Settings - All Clients (fixlet:27786)