Contents
1. Hotfix Release Information 
Resolved Known Issues
Trend Micro Apex Central™ as a Service
This hotfix resolves the following issue(s):
When users add email addresses to the "Event Notification > Watchlisted Recipients At Risk" list, only the first 64 characters of the string will be saved.
Solution:
This hotfix ensures that users can add email messages normally into the "Watchlisted At Risk" list.
An issue prevents Apex Central from generating manual or scheduled reports when the scan date data is empty.
Solution:
This hotfix resolves the issue to ensure that Apex Central can generate reports normally.
Users cannot log on to the Apex Central web console using a password that contains a space character.
Solution:
This hotfix enables users to use passwords that contain a space character to log on to the Apex Central web console.
The UI debug log displays the wrong message when the OpenIOC file has been uploaded successfully.
Solution:
This hotfix ensures that UI debug log displays the correct message after the OpenIOC file has been uploaded successfully.
The UI layout does not display when users click on "Show working panel" while editing the Custom Report template.
Solution:
This hotfix ensures that the UI layout displays normally when users click the "Show working panel" button while editing the Custom Report template.
Trend Micro Apex One™ as a Service
This hotfix resolves the following issue(s):
The Smart Scan Service may behave abnormally on Apex One Security Agents when multiple proxy servers have been configured for each protocol (HTTP, Secure, FTP, Socks) in Microsoft(TM) Internet Explorer(TM).
Solution:
This hotfix updates the Apex One Security Agent program to ensure that the Smart Scan Service works normally when multiple proxy servers are configured for Internet Explorer.
In Microsoft Windows(TM) 10, the new system process "MemCompression" may incorrectly trigger a false detection for violating the Device Access Control (DAC) policies.
Solution:
This hotfix updates the DAC policies to prevent the false alarms.
A high CPU usage issue occurs during policy deployment.
Solution:
This hotfix improves the database access efficiency by batch to help reduce the CPU usage of the Apex One Vulnerability Protection program during policy deployment.
The Apex One Vulnerability Protection server service takes a very long time to process detection logs from the Security Agent.
Solution:
This hotfix improves the Apex One Intrusion Prevention log processing capacity by enabling it to queue the logs into a cache table. This helps shortens the time it takes for the Security Agent to acknowledge the logs.
The "Pass/Log" action in "Intrusion Prevention" logs on log query results may confuse users.
Solution:
This hotfix replaces the "Pass/Log" action on the log query results page to "Log" when in "detect only" mode.
After a hotfix is applied, the pattern version and last update time of "Certified Safe Software pattern" are reset to "0", and as a result, the wrong pattern information appears on the Apex Central dashboard.
Solution:
This hotfix updates the Apex One server files to resolve this issue.
When the Trend Micro Data Loss Prevention(TM) (DLP) service is enabled on Apex One security agent computers, Google Chrome version 75 and higher versions may stop unexpectedly while accessing certain URLs.
Solution:
This hotfix updates the DLP module to resolve this issue.
Device Control still blocks users that belong to an Active Directory (AD) group after users have synched the AD.
Solution:
This hotfix enables Device Control to handle the backslash "\" escape character to solve this issue.
The Apex One dashboard in outdated agents may respond slowly.
Solution:
This hotfix updates the SQL query method to prevent this issue.
An issue prevents Apex One as a Service from completing the backup task after collecting Endpoint Sensor logs using the Case Diagnostic Tool (CDT).
Solution:
This hotfix ensures that the backup task completes normally.
Garbled characters may appear in syslog if the language setting of the operating system contains Big-5 characters.
Solution:
This hotfix resolves the issue.
Trend Micro Apex One™ (Mac) as a Service
There are no Apex One (Mac) as a Service issues for this hotfix release.
Enhancements
Trend Micro Apex Central™ as a Service
The following enhancements are included in this hotfix:
This hotfix updates the Active Directory (AD) sync tool to enable it to limit or approve which Organizational Units (OUs) are synced to Apex Central. Users can configure this feature by setting-up the approved and exception lists in the "ADSyncOUList.config" file.
This hotfix prevents Cross-site Scripting (XSS) issues in the filter by criteria mechanism when creating policies.
This hotfix enables Apex Central to send File Hash detection logs and Network Content Inspection logs to the Threat Investigation Center (TIC).
This hotfix ensures that the LogForwarder tool sends pattern update status logs and engine update status logs normally.
This hotfix helps prevent a misconfiguration issue that may trigger the generation of a large number of violation logs, by blocking the use of an asterisk "*" wildcard character in the root file path properties and each certificate properties on the "Application Control Criteria" setting page.
This hotfix enables Apex Central to support the new component "Advanced Threat Scan Engine (Mac, 64-bit)" for Apex One (Mac(TM)).
Trend Micro Apex One™ as a Service
The following enhancements are included in this hotfix:
This hotfix helps prevent a misconfiguration issue that may trigger the generation of a large number of violation logs, by blocking the use of an asterisk "*" wildcard character in the root file path properties and each certificate properties on the "Application Control Criteria" setting page.
This hotfix improves the accuracy of the Apex One Application Control version reporting to Apex Central.
Advanced Threat Assessment has a new process that collects additional information. This hotfix adds this new process to the Apex One agent's self-protection feature.
This hotfix provides a way to configure Apex One to keep track of when USB storage devices are plugged into Apex One Security Agent computers. The logs can be queried in the Device Control violations on the Apex Central web console. These events are also recorded in the "UsbInsert_yyyymmdd.log" file on the Apex One server "\PCCSRV\Log" folder.
NOTES:
- This feature requires the installation of a corresponding Trend Micro Control Manager(TM) hotfix to enable Control Manager to support this feature.
- The logs in the "UsbInsert_yyyymmdd.log" file will appear in the following format: [Timestamp] [Log Generation Time] [Agent GUID] [Computer Name] [Action] [USB:Vendor:Model:Serial ID]
- The "UsbInsert_yyyymmdd.log" file will be deleted regularly according to the "Purge Offset" and "Maximum Log Age" settings in the "Log Maintenance" page on the Apex Central web console. You need to ensure that the feature is enabled with the "Device Control log" log type selected.
Procedure:
To configure Apex One to keep track of when USB storage devices are plugged into Apex One Security Agent computers:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- EnableUsbLogging=1
NOTE: To disable the setting, set this key to "0".
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One Security Agents and adds the following registry entry on all Apex One Security Agent computers:
- Path:
- 32-bit: \HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- 64-bit: \HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\DlpLite
- Key: EnableUsbLogging
- Type: DWORD
- Value: 1
Trend Micro Apex One™ (Mac) as a Service
The following enhancements are included in this hotfix:
This hotfix improves the error handling mechanism of the Apex One (Mac) 2019.
Additional Information
Trend Micro Apex Central™ as a Service
No additional information available.
Trend Micro Apex One™ as a Service
Security Agent version: 14.0.4033
Security Agent restart: Required
Estimated size of network traffic (in terms of bandwidth) required for deployment:
- 32-bit Security Agent hotfix = 95 MB
- 64-bit Security Agent hotfix = 121 MB
Trend Micro Apex One™ (Mac) as a Service
Security Agent version : 3.5.3028
Security Agent restart requirement : Not required
Estimated size of network traffic (in terms of bandwidth) required for deployment:
- 64-bit Security Agent hotfix = 109.9 MB
2. Documentation Set
-
The document set includes:
- Trend Micro Apex One™ as a Service documents
- Readme: Contains a list of known issues and may also contain late-breaking product information not found in the Online Help or printed documentation.
- Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com
- Trend Micro Apex Central™ as a Service documents
- Administrator's Guide: A PDF document that provides detailed instructions for how to configure and manage the Trend Micro Apex Central™ as a Service console and features.
- Data Protection Lists (Chapter 1 only): A PDF document that lists predefined data identifiers and templates for Data Loss Prevention.
- Widget and Policy Management Guide: Explains how to configure Dashboard widgets and Policy Management widgets on the Trend Micro Apex Central™ as a Service console.
- Automation API Guide: A PDF document that explains how to use Trend Micro Apex Central™ Automation APIs.
- Online Help: Provides "how to's", usage advice, and field-specific information. The Help is also accessible from the Trend Micro Apex Central™ as a Service console.
- Trend Micro Apex One™ server documents
- Administrator's Guide: A PDF document that discusses getting started information and Trend Micro Apex One™ server administration.
- Online Help: Provides "how to's", usage advice, and field-specific information. The Help is accessible from the Trend Micro Apex One™ server, agent, and Policy Server consoles, and from the OfficeScan Master Setup.
- Trend Micro Apex One™ (Mac) server documents
- Administrator's Guide: A PDF document that discusses getting started information and Trend Micro Apex One™ (Mac) server administration.
- Online Help: Provides "how to's", usage advice, and field-specific information for Trend Micro. The Help is also accessible from the Trend Micro Apex One™ as a Service console.
- Security Agent documents
- Trend Micro Apex One™ Security Agent Online Help: Discusses getting started information, Trend Micro Apex One™ Security Agent installation procedures, and Trend Micro Apex One™ Security Agent management.
- Trend Micro Apex One™ Security Agent Readme: Contains a list of known issues and may also contain late-breaking product information not found in the Online Help or printed documentation.
- Trend Micro Apex One™ (Mac) Security Agent Online Help: Discusses getting started information, Trend Micro Apex One™ (Mac) Security Agent installation procedures, and Trend Micro Apex One™ (Mac) Security Agent management.
Download the latest versions of the PDF documents and readme at our online documentation.
3. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
4. Known Issues
Trend Micro Apex Central™ as a Service
Known issues in this release:
The file name of the attached ZIP file for a generated report contains garbled text if the report name contains non-alphanumeric characters.
The attached ZIP file for a generated report cannot be opened of the report name contains Traditional Chinese characters.
If Apex Central as a Service is the Node Apex Central of an on-premises Hub Apex Central server, Apex Central as a Service might not be able to receive Suspicious Object Lists from the on-premises Hub Apex Central.
To resolve this issue, contact your support representative.
Trend Micro Apex One™ as a Service
Trend Micro Apex One™ (Mac) as a Service
Known issues in this release:
Endpoint Sensor processing of files on Mac endpoints is case insensitive. Preliminary investigation results on the Apex Central console include all entries for a file name with different capitalization.
After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.
5. Release History
Prior Hotfixes
Trend Micro Apex Central™ as a Service
(SEG-48480), (SEG-48481)
The Web Console Timeout setting does not work normally.
Solution:
This hotfix ensures that the Web Console Timeout setting works normally.
(SEG-52169)
Apex Central cannot overwrite policy settings when the Apex One agent changes a policy locally.
Solution:
This hotfix ensures that policies are deployed normally.
(SEG-56525)
An I18N issue is found in Users/Endpoints.
Solution:
This hotfix resolves the I18N issue.
(SEG-54122)
The pie chart in "DLP template Matches" widget displays the "Others" category even when the option is not selected.
Solution:
This hotfix adds an additional filter logic to ensure that information categorized under "Others" does not appear in the pie chart when the option is not selected.
(SEG-54401)
Apex Central deploys the wrong action setting for IP-type User-Defined Suspicious Objects (UDSO) that have been added to the SO list using Custom Intelligence Automation APIs.
Solution:
This hotfix ensures that the correct action for IP-type USDOs are deployed to managed products.
(SEG-56742)
An issue prevents automation APIs from relocating or uninstalling agents.
Solution:
This hotfix helps ensure that agents can be relocated or uninstalled using automation APIs.
(SEG-56480)
The "Trusted Program List" of the Apex One Security Agent policy setting is case-sensitive.
Solution:
This hotfix makes the "Trusted Program List" policy setting case-insensitive.
(SEG-55731)
Uses cannot download and save reports when there are non-English alphanumeric characters in the report name.
Solution:
This hotfix resolves the issue so users can save and download reports using file names with non-English alphanumeric characters.
(SEG-56044)
Apex Central SaaS displays unrelated categories in static report template on Microsoft(TM) Internet Explorer(TM) 11.
Solution:
The hotfix ensures that only the following four categories are displayed in static reports in Apex Central SaaS.
- Executive summary
- Desktop products
- Data Loss Prevention
- Data Discovery
(SEG-47407)
The "Virus Scan Engine (Windows XP/Server 2003, x64)" component name is no longer accurate since Control Manager stopped support for Microsoft(TM) Windows(TM) Server 2003.
Solution:
This hotfix renames the "Virus Scan Engine (Windows XP/Server 2003, x64)" component to "Virus Scan Engine (Windows)".
(SEG-53908)
Apex Central Log Queries take a very long time to complete when there are more than 200000 agents.
Solution:
This hotfix improves the Log Query performance when there are more than 200000 agents.
(SEG-56611)
Apex Central stops synchronizing the suspicious object (SO) list from Trend Deep Discovery Analyzer once multiple Deep Discovery Analyzers have registered to Apex Central.
Solution:
This hotfix ensures that Apex Central synchronizes the SO list successfully when multiple Deep Discovery Analyzers are registered to Apex Central.
(SEG-56555)
The "Pass/Log" action in "Intrusion Prevention" logs on log query results may confuse users.
Solution:
This hotfix replaces the "Pass/Log" action on the log query results page to "Log" when in "detect only" mode.
(SEG-52539)
This hotfix ensures that sub services can restart normally after stopping unexpectedly.
(SEG-56425)
This hotfix enables Apex Central to add user name information in Device Control syslog messages.
(SEG-57251)
This hotfix enables Apex Central to apply policies promptly to an agent that originally does not have a policy once it triggers a filter policy because of changes to its properties, such as an IP change resulting in matching the filter policy's criteria, instead of waiting until the daily policy re-enforcement to apply policies on the agent.
(SEG-56849)
The original default values of "Maximum TCP Connections" and "Maximum UDP Connections" in the "Apex One Security Agent > Vulnerability Protection > Network Engine Setting" tab are too small and cause the generation of a large number of Intrusion Prevention logs.
This hotfix applies the following changes to limit the number of Intrusion prevention logs:
- Increasing the minimum value of "Maximum TCP/UDP Connection" for the Network Engine Setting to "2000"
- Changing the default value to "1000000"
- Applying the new default value to policies created with original default values
(SEG-57424)
The hotfix ensures that the policy status displays correctly after deployment.
(SEG-45082)
The license information of Trend Micro ServerProtect(TM) for Linux(TM) does not display in the product directory.
Solution:
This hotfix ensures that the ServerProtect for Linux license information does displays normally in the product directory.
(SEG-39862)
The MDR server receives incomplete log from Control Manager when network is slow.
Solution:
This hotfix would ensure that Control Manager send complete log to MDR server.
(SEG-47934)
The "Product Connection Status" widget does not display any information.
Solution:
This hotfix ensures that the "Product Connection Status" widget displays information normally.
(SEG-51696)
In the "Log Maintenance" page, the number of product event logs always shows "0" even when there are logs in tb_AVEventLog.
Solution:
This hotfix ensures that the correct product event log count displays on the "Log Maintenance" page.
(SEG-49098)
When users add a User-Defined Suspicious Object with Scan Action set to "Block", the action will be saved as "Log" instead of "Block".
Solution:
This hotfix resolves the issue to ensure that users can save User-Defined Suspicious Objects with "Block" scan action normally.
(SEG-51689)
The endpoint count on Compliance Reports generated by Control Manager does not match the actual Trend Micro OfficeScan(TM) agent count.
Solution:
This hotfix ensures that the correct endpoint count appears in Control Manager Compliance Reports.
(VRTS-3308), (VRTS-3300)
An information leakage issue was found in the Dashboard.
Solution:
This hotfix resolves the issue.
(VRTS-2782), (VRTS-3307), (VRTS-3303), (VRTS-2634), (VRTS-3302), (VRTS-3305), (VRTS-3306)
The Dashboard, LogQuery, Active Directory, and Compliance Settings pages of the Control Manager web console are affected by Reflected Cross-Site Scripting (XSS) issues.
Solution:
This hotfix removes these issues.
(SEG-50646), (SEG-50211)
An issue prevents Control Manager from applying Device Control Setting rules to the Trend Micro OfficeScan(TM) Agent Policy.
Solution:
This hotfix resolves the issue so Control Manager can apply Device Control Setting rules to the OfficeScan Agent Policy.
(SEG-49142)
A performance issue prevents the Control Manager web console from displaying Log Query results.
Solution:
This hotfix resolves the performance issue so Log Query results can be displayed normally.
(SEG-52299)
The AD sync function cannot work normally when there is a large number of AD Organizational Units (OU).
Solution:
This hotfix ensures that the AD sync function can handle a large number of AD OUs.
(SEG-53232)
The information in exported CSV and XML files may not match the corresponding information in the Control Manager web console.
Solution:
This hotfix ensures that the information in exported CSV and XML files match the information on the Control Manager web console.
(SEG-46083)
Control Manager could not deploy the policy to agents with an IP address in the IPv6 ISATAP format.
Solution:
This hotfix ensures that Control Manager translates the IPv6 ISATAP address to binary so it can deploy policies to affected agents correctly.
(SEG-50524)
Administrators cannot deploy policy settings from Control Manager to Apex One.
Solution:
This hotfix resolves the issue to ensure that Control Manager successfully deploys policy settings to Apex One.
(SEG-53424)
The Antivirus Pattern Compliance dashboard of Control Manager incorrectly shows "-1%".
Solution:
This hotfix ensures that Antivirus Pattern Compliance dashboard correctly shows the true value.
(SEG-50431)
The following Network Content Inspection Engine (NCIE) log headers are confusing users:
- Traffic/Connection
- Endpoint IP
- Endpoint Port
- Destination IP
- Destination Port
- Destination Domain
- Target Process
Solution:
This hotfix renames the following Network Content Inspection Engine (NCIE) log headers to minimize confusion:
CONFUSING HEADING -> FIXED HEADING
- Traffic/Connection -> Traffic Direction
- Endpoint IP -> Local IP Address
- Endpoint Port -> Local IP Address Port
- Destination IP -> Remote IP Address
- Destination Port -> Remote Address Port
- Destination Domain -> Remote Domain
- Target Process -> Process
(SEG-52169)
The Apex Central policy cannot overwrite an Apex One agent configuration that has been edited locally.
Solution:
This hotfix ensures that policies deployed to Apex One work normally.
(SEG-55203)
The scan exclusion settings for Apex One Security Agent child policies are lost if the parent policy is edited.
Solution:
This hotfix resolves the issue.
(SEG-25746)
This hotfix integrates Control Manager with version 9.1 of Trend Micro InterScan(TM) Messaging Security Suite (IMSS) for Linux(TM).
(SEG-45978)
This hotfix adds a new filter type "Unscannable message filter" in the log query page.
(SEG-48870)
This hotfix adds the new "Predictive Machine Learning Local File Model" pattern.
(SEG-47616)
This hotfix redefines the following variables in Trend Micro Data Loss Prevention(TM) (DLP) syslog content.
Product_Entity/Endpoint - endpoint name Managing_Server – Trend Micro OfficeScan(TM) server name
(SEG-46207)
This hotfix updates the Deep Discovery Advanced Filter search mechanism to prevent a UI script injection error.
(SEG-45978)
This hotfix renames the "Unscannable message filter" entry in the log query page to "Security risk scan filter".
(SEG-45978)
This hotfix renames the "Unscannable message filter" entry in the log query page to "Security risk scan filter".
(SEG-46207)
This hotfix updates the Deep Discovery Advanced Filter search mechanism to prevent a UI script injection error.
(SEG-41900)
This hotfix adds the following two fields in the "Incident Details" page.
- Last modified date
- Last modified by
(SEG-51288)
This hotfix adds the option to configure Apex Central to use a proxy server for hub/node registration and synchronization.
(SEG-54282)
This hotfix enables Control Manager to support TMES 1.6 Update 6.
(SEG-41891)
Duplicate GUID Agents now are recorded.
(SEG-54795)
The PHP execution time will be extended.
(SEG-54570), (SEG-54549)
Enhancement Trend Micro Security for Mac policy deployment on reliability and optimizing for huge amount of agent counts environment.
(SEG-52290)
This hotfix ensures that when users trigger the duplicate policy tasks, redundant tasks are not sent.
(SEG-54068), (SEG-53261)
This hotfix improves the performance of the policy detail pages of the Apex Central web console.
(SEG-52537)
This hotfix ensures that LogForwarder enables the ping function only when the connection protocol is UDP.
(SEG-55171)
Cloud service integration with Cloud App Security allows you to sweep protected mailboxes, correlate Active Directory user information, and generate Analysis Chains in Apex Central to better understand threat vectors and distribution across the entire network.
(SEG-45534)
If a child policy is set to inherit the settings from a parent policy that does not have a scan exclusion list, the child policy will not display the scan exclusion list after it is added to the parent policy.
Solution:
This hotfix ensures a child policy that is set to inherit the settings from a parent policy displays the scan exclusion list once it is added to the parent policy.
(SEG-45636)
Some user accounts that have just been assigned read only access roles receive "Scheduled incident summary" and "Scheduled incident increase" notifications.
Solution:
This hotfix ensures that user accounts that have read only access roles do not receive "Scheduled incident summary" and "Scheduled incident increase" notifications.
NOTE: This solution does not cover existing roles. You need to save each existing role again to apply the solution.
(SEG-49807)
The Application Control Criteria could not be exported in Microsoft(TM) Internet Explorer(TM) or Edge web browser.
Solution:
This hotfix updates the Apex Central files to fix this issue.
(SEG-49481)
Users cannot see the users and endpoints in the "User/Endpoint Directory" page in Internet Explorer 11.
Solution:
This hotfix ensures that the "User/Endpoint Directory" page displays normally in Internet Explorer 11.
(VRTS-3263), (VRTS-3192)
There are some Cross-Site Scripting (XSS) vulnerabilities in the "Policy Management" page.
Solution:
This hotfix removes these XSS vulnerabilities from the "Policy Management" page.
(SEG-49409)
The AD sync function cannot work normally when there is a large number of AD Organizational Units (OU).
Solution:
This hotfix ensures that the AD sync function can handle a large number of AD OUs.
(SEG-49993)
Users encounter an "Out of memory" error when synching the Active Directory (AD) if there is a large number of AD groups.
Solution:
This hotfix ensures that the AD sync function can handle a large number of AD groups.
(SEG-50522)
An issue prevents Apex Central from applying "Run cleanup when probable virus/malware is detected" to the Apex One Agent Policy.
Solution:
This hotfix resolves the issue .
(VRTS-3308)
The sample php files used to test for "log4php" show the internal path of applications.
Solution:
This hotfix removes this potential vulnerability.
(VRTS-2782), (VRTS-3307), (VRTS-3303), (VRTS-2634), (VRTS-3302), (VRTS-3305), (VRTS-3306)
The Dashboard, LogQuery, Active Directory, and Compliance Settings pages of the Apex Central web console are affected by Reflected Cross-Site Scripting (XSS) vulnerabilities.
Solution:
This hotfix removes these vulnerabilities.
(SEG-36321)
It takes long time to display the contents of Active Directory (AD) domains in the "User/Endpoint Directory" page.
Solution:
This hotfix improves the performance of some related queries so that the "User/Endpoint Directory" page can display the contents of AD domains faster.
(SEG-34084)
The scheduled hourly download job does not run on time.
Solution:
This hotfix ensures that the scheduled hourly download job runs on time.
(SEG-40641)
An issue prevents Node Apex Central from syncing the Suspicious Objects list with the Hub Apex Central.
Solution:
This hotfix resolves the issue so that Node Apex Central can sync the Suspicious Objects list with the Hub Apex Central successfully.
(SEG-41523)
Sometimes, Apex Central is unable to SSO to Apex One server.
Solution:
This hotfix ensures that Apex Central is able to SSO to Apex One server successfully.
(SEG-32352)
A high CPU usage issue occurs when the value of the "bigwatermark" field is NULL.
Solution:
This hotfix prevents the high CPU usage issue under this scenario.
(SEG-39360)
Data Discovery ad hoc query results cannot be generated.
Solution:
This hotfix ensures that the Data Discovery ad hoc query results contain complete and accurate information.
(SEG-44127)
The "AD connection disabled" warning icon appears in the "User/Endpoint Directory" page of the Apex Central console when the Active Directory (AD) server name is too long.
Solution:
This hotfix ensures that long AD server names no longer trigger the warning icon on the "User/Endpoint Directory" page.
(SEG-43280)
When the Active Directory (AD) filter is re-set, all child under a parent with a "half-checked" checkbox are not counted and re-selected.
Solution:
This hotfix ensures that when counting the total number of ADs, each parent with a half-checked checkbox counts and reselects all child under it.
(SEG-42916)
Users cannot Single Sign-On (SSO) to the Trend Micro Apex One web console from the Apex Central web console.
Solution:
This hotfix ensures that users can SSO to the Apex One web console from the Apex Central web console.
(SEG-40690)
A performance issue prevents users from downloading the "Unmanaged Endpoints" list from the Dashboard Operation Center widget.
Solution:
This hotfix resolves the performance issue so users can download the "Unmanaged Endpoints" list from the Dashboard Operation Center widget successfully.
(SEG-39577), (SEG-44216)
The "DLP Incidents by Channel" widget does not display any information when users click on the "Incidents by Action" pie chart.
Solution:
The hotfix ensures that the corresponding information displays after users click on the "Incidents by Action" chart on the "DLP Incidents by Channel" widget.
(SEG-43688)
Widgets in the "DLP Incident Investigation" page do not display any information.
Solution:
This hotfix ensures that widgets in the "DLP Incident Investigation" page display information normally.
(SEG-44877)
The C&C Callback Events widget does not display correct results.
Solution:
This hotfix ensures that the C&C Callback Events widget displays complete and accurate query results.
(SEG-43152)
In the "Scheduled/Manual update" pages, if a user saves changes to the settings a second time without refreshing the page and without changing the UNC password, the original UNC password will be cleared, resulting in update failures.
Solution:
This hotfix allows the user to save the changes in the "Scheduled/Manual update" pages multiple times without refreshing the pages.
(SEG-44397)
The scheduled hourly download job does not run on time.
Solution:
This hotfix ensures that the scheduled hourly download job runs on time.
(SEG-46675)
Users may not be able to see some Active Directory (AD) users under specific domains while adding users to the "Active Directory user or group" list.
Solution:
This hotfix ensures that users can view all users under each domain.
(SEG-47473)
On the Apex Central web console, "N/A" appears on the "Scan Method" column for Apex One agents that use "Conventional Scan".
Solution:
This hotfix ensures that the correct Apex One agent scan method information is displayed on the Apex Central web console.
(SEG-46058)
The scheduled hourly download job does not run on time.
Solution:
This hotfix ensures that the scheduled hourly download job runs on time.
(SEG-50522)
An issue prevents Apex Central from applying "Run cleanup when probable virus/malware is detected" to the apex One Security Agent Policy.
Solution:
This hotfix resolves the issue .
(SEG-49365)
An issue false to parse the Log Generation Time.
Solution:
This hotfix resolves the issue.
This hotfix adds a new "Syslog Settings" page where users can configure Apex Central to automatically forward supported log types to a syslog server.
This hotfix updates the Apex One 2019 files to support the lockdown assessment feature for Application Control. This new feature can be enabled from the Application Control policy setting in Apex Central.
This hotfix updates the "Top Blocked Application" widget in Apex Central. This widget provides an overview of the top applications that users attempted to access which violates an Application Control policy. This widget can use "process" or "file" as display type.
(SEG-47568), (SEG-47574)
This hotfix updates the Apex Central files to display more information about Application Control violation logs.
(SEG-49333)
This hotfix removes the following two event notifications:
- Product service started
- Product service stopped
(SEG-53430)
This hotfix introduces the following enhancements for Endpoint Sensor.
- MITRE ATT&CK(TM) Enterprise Tactics and Techniques integration and AMSI information in Advance discovery detection logs and in related notifications and exported logs
- Threat Connect and VirusTotal as third-party intelligence information in preliminary investigation, root cause analysis, and details investigation
- Upgrades to the database schema and synchronization mechanism and related functions from the on-premises to the SaaS.
- Support for preliminary investigation by querying meta using SHA-256 and MD5
- Shortened meta upload frequency to 15 minutes
- Investigation task management
- Option to search for investigation tasks by endpoint names, IP addresses, task names, criteria and creators for One-time Investigation and Scheduled Investigation
- RCA reports to contain invalid signer on visualized RCA information and explanation for suspicious objects
- The option to show or hide the license request message in terms of license in the agent policy Converted TUID to GUID in inputs and outputs of the open API interfaces in open API
(SEG-42289)
This hotfix adds the "Risk Level" field in the Log Query page for Attack Discovery detections.
(SEG-43028)
This hotfix adds the following eight fields in the Log Query page for Attack Discovery detections.
- Auth Priv Name
- Auth Priv Attribute
- Auth Priv Disable All
- Source IP Address
- Source IP Address Port
- Destination URL
- WMI Event
- Windows Event Log Content
(SEG-50314)
This hotfix adds the following five fields in the Log Query page for Attack Discovery detections.
- AMSI App Name
- AMSI App File
- AMSI App Version
- AMSI App Content File
- AMSI Content
(SEG-44954)
This hotfix enables the AD to sync with the Global Catalog and to support SSL connections.
(SEG-41759)
This hotfix allows users to import the Device Control approved list from the "Policies > Policy Resource > Device Control Approved Device List" page and apply the list to all Security Agent Policies.
(SEG-29449)
The hotfix enables Apex Central to use the report title to name the corresponding report notification email attachment.
(SEG-49374)
This hotfix updates the expression for the Data Loss Prevention(TM) (DLP) data identifier "Japan: Date" to the new era "令和".
Policy widget enhancements for Apex One (Mac):
- Web Reputation: Includes a new option to send web reputation logs to the Apex One (Mac) server
- Device Control: Allows underscores (_) for the vendor name in the USB Storage Approved List
The bell icon in the top right corner of the Apex Central management console provides information about new system updates, including when Apex One as a Service will be offline for scheduled maintenance.
(SEG-49078)
A missing setting in Apex Central causes the sp_BatchPurge process to go into an endless loop which then triggers a high DTU usage issue.
Solution:
This hotfix updates sp_BatchPurge to enable it to exit the endless loop normally to prevent the high DTU usage issue.
(SEG-49691)
Currently, when a product server queries Apex Central for Suspicious Object journals, and there are no new journals for that product server, the response body would be replaced by the IIS's custom response body, which may cause the product server to behave abnormally.
Solution:
This hotfix adds a setting in "web.config" which allows users to prevent the IIS server from replacing the response body with its own message.
(SEG-45472)
Users cannot export CSV files from the Log Query function when the value of the date is null in the database.
Solution:
The hotfix resolves this issue by enabling Apex Central as a Service to successfully export CSV files from the Log Query function even when the value of date is null in the database.
(SEG-44127)
The "AD connection disabled" warning icon appears in the "User/Endpoint Directory" page of the Apex Central as a Service console when the Active Directory (AD) server name is too long.
Solution:
This hotfix ensures that long AD server names no longer trigger the warning icon on the "User/Endpoint Directory" page.
(SEG-46311)
This hotfix extends the service response timeout setting to help prevent timeout issues.
(SEG-43646)
This hotfix hides non-endpoint features for "Reports" on the Apex Central as a Service web console.
(SEG-43087)
A "Proxy Execution Failed" error appears when users login to the Apex Central as a Service web console. This happens because an issue related to the tempdb out of space.
Solution:
This hotfix resolves the issue so tempdb does not run out of space and users can login to the Apex Central as a Service web console without any error.
(SEG-32352)
A high CPU usage issue occurs when the value of the "bigwatermark" field is NULL.
Solution:
This hotfix prevents the high CPU usage issue under this scenario.
(SEG-43497)
Users are redirected to blank result pages after clicking the respective links in the "DLP Incidents by Channel" and "DLP Template Matches" widgets.
Solution:
This hotfix ensures that the corresponding result pages display complete and accurate information.
(SEG-40588)
The policy deployment status of a new policy that is being deployed to agents remains "Pending".
Solution:
This hotfix ensures that the correct policy deployment status displays.
(SEG-42809)
When users create or modify a policy using IP address filtering in Microsoft(TM) Edge, the policy cannot be deployed.
Solution:
This hotfix ensures that users can create or modify a policy using IP address filtering in Microsoft Edge.
NOTE: The affected policies need to be reopened to reset the IP address range.
(SEG-43609)
A UUID index issue slows down the database performance.
Solution:
This hotfix prevents the performance issue by enabling related database tables to use sequential UUIDs.
(SEG-25274)
The Full Name of the Product Licensing Service (PLS) account is not updated when users re-run the AssignCustomer script.
Solution:
This hotfix updates the SaaS Utility Tool to help ensure that the full name of the PLS account can be updated successfully.
(SEG-42050)
The indices of Data Loss Prevention(TM) (DLP) related tables are based on GUID as a result, the indexes may fragment easily which raises the Apex Central as a Service database DTU.
Solution:
This hotfix prevents the issue by enabling Apex Central to rebuild the indices of DLP related tables at 00:00:30 daily.
(SEG-42436)
In reports, the x-axis labels on bar charts may overlap when there are multiple bars.
Procedure:
To configure the angle at for the x-axis labels in bar graphs on reports:
- Install this hotfix (see "Installation").
- Open the "Systemconfiguration.xml" file.
- Add the following key and set it to the preferred angle: m_iBarChart_XLabelAngle=y, supports values from -90 to 90
- Save the changes and close the file.
(SEG-40762)
The Apex One (Mac) 3.5 Policy Widget needs some updates to its input control feature and the corresponding information.
Solution:
This hotfix improves the Policy Widget input control and updates the required information.
(SEG-40762)
The specified "Maximum database size" setting under the WCU Endpoint Sensor Settings may not be sufficient.
Solution:
This hotfix changes the value of "Maximum database size" to 1 GB.
(SEG-40762)
There are WCU localization enhancements.
Solution:
This hotfix applies these enhancements.
(SEG-41100)
If the user clicked the generated link of root cause chain, the page may be blocked by the browser by default and the user may not notice the generated page.
Solution:
This hotfix adds a pop-up block warning when the generated root cause chain is blocked by the browser.
(SEG-40386)
Trend Micro Apex Central as a Service does not update the product profile string promptly after a product updates it profile. As a result, the old product profile still appears on the Apex Central as a Service web console.
Solution:
This hotfix ensures that product profile updates are saved promptly and appear on the Apex Central as a Service web console.
(SEG-40545)
This hotfix updates the support link for Apex Central/Apex One.
(SEG-40496)
This hotfix replaces the Secunia vulnerability information with TippingPoing vulnerability information.
Trend Micro Apex One™ as a Service
Trend Micro Apex One™ (Mac) as a Service
The tooltip on folders with names that contain special characters cannot be displayed normally on the Apex One (Mac) as a Service agent console.
Solution:
This hotfix enables Apex One (Mac) as a Service to URL encode the special characters to ensure that the tooltips display normally on the agent console.
Users cannot delete a custom scan file by clicking the X button on the Custom Scan Window on the Apex One (Mac) as a Service agent if the file name contains special characters.
Solution:
This hotfix enables Apex One (Mac) as a Service to URL encode the special characters so users can delete the custom scan file by clicking the X button on the page.
This hotfix enhances the database encryption mechanism in Apex One (Mac) as a Service.
This hotfix improves SQL query performance when retrieving client status information for Apex Central.
This hotfix enhances the endpoint sensor data collection mechanism to filter out some noise data.
This hotfix enhances the Apex One (Mac) agent's scanning performance in Mac OS 10.14.
This hotfix improves the error handling mechanism of the Apex One (Mac) 2019 server.
This hotfix updates the Apex One (Mac) as a Service server configuration.
(SEG-43563)
Launching the Apex One (Mac) agent console from the toolbar can cause a Mac running on the Mojave platform to stop unexpectedly.
Solution:
This hotfix enables the Apex One (Mac) agent to support Mojave platform variables to fix this issue.
Two "X" text clear buttons appear in the "Search for endpoints" input box when you open the Apex One (Mac) web console on Microsoft(TM) Internet Explorer(TM) or Edge.
In Internet Explorer, long user names appear garbled on the top right corner of the Apex One (Mac) web console.
This hotfix improves the error handling mechanism of the Apex One (Mac) 2019 server's move agent function and ensures that the correct error message displays.
6. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
7. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2019, Trend Micro Incorporated. All rights reserved.
Trend Micro, Trend Micro Apex Central, Trend Micro Apex One, Trend Micro Apex One (Mac) and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.
8. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide