An issue prevents an Apex Central server from searching for Active Directory (AD) users normally and as a result, users cannot query the information.

The "w3wp.exe" file may trigger high CPU usage issues.

If a user role does not have sufficient access rights, users assigned this role will not be able to view the threat details on the Log Query page.

The "With acceptable threat detections" condition in the DLP Compliance template is not specific enough to work effectively.

Sometimes, the "ProcessManager.exe" stops responding when the Apex Central service starts and the SQL server is not ready.

Apex Central cannot Single Sign-on (SSO) to Trend Micro ScanMail(TM) for Microsoft(TM) Exchange(TM) in a pure IPv6 network.

Hotfix installation fails when users run the "MigrationJobExecutor.NET.exe" tool during the installation.

An issue related to the proxy settings prevents Apex Central from displaying QR codes.

Users encounter the following error message after attempting to delete logs from the "Apex Central > Detections > Logs > Log Maintenance" page.

"Problem: Database connection failure"

Some products do not send SlotID to Apex Central which may trigger "CmdProcessor.exe" to work abnormally.

An issue prevents the Application Control server from handling criteria properly when a policy applies too many rules. When this happens, the Application Control criteria may not be deployed to agents successfully.

The Application Control agent sends inaccurate managed server name information for detection logs which prevents users from identifying which server is being referred to.

An issue related to the program update checking logic of the Apex One Security Agent may cause the agent upgrade process to go into a loop which prevents the agent program from upgrading successfully. When this happens, the Apex One Security Agent will consume lots of network bandwidth to retrieve the component updates.

When users change the action of the Device Control rule for USB storage drives from "Block" to any other action, the Device Control feature of the Data Protection service may still incorrectly block allowed USB storage devices.

An issue related to process termination may prevent users from upgrading Security Agents from Trend Micro OfficeScan(TM) XG or XG Service Pack 1 to Apex One.

Blue screen of death (BSOD) may occur on Apex One Security Agent computers when the Apex One Firewall Service is enabled.

The Apex One Firewall Service does not block traffic as configured in the Firewall Policy when the third-party Check Point Endpoint Security VPN program is installed on the same computer.

An enhancement to the Apex One Program Inspection Engine for supporting environments with specialized applications may cause some third-party applications to behave abnormally.

This Hotfix enables Apex Central to automatically disable the Endpoint Sensor setting section in the Security Agent Policy if there is no agent enabling Endpoint Sensor feature (Apex Central SAAS only).

This Hotfix adds the "Last Connected" column into the Users/Endpoints and Product Status View page.

This Hotfix adds the "File MD5" column in the detailed log query results pages from the Ransomware Prevention widget.

This Hotfix improves the stability of the service restart mechanism by enhancing a mechanism that accesses the "systemconfiguration.xml" file.

This Hotfix improves the readability of act, cs3, cn1 and cs6 of Content Violations in syslog.

This Hotfix resolves an Authentication Privilege Escalation security issue in Apex One Security Agent.

This Hotfix resolves a Resource Exhaustion Denial-of-Service security issue in the Apex One Security Agent program.

This Hotfix enables the Apex One Security Agent program to support the local Program Inspection Monitoring Pattern for the Program Inspection Engine.

This Hotfix enables the Apex One Security Agent program to support the new Behavior Monitoring Detection Pattern for the Behavior Monitoring module.

This Hotfix improves the ransomware protection feature of Apex One to ensure that documents are protected against unauthorized encryption or modification.

This Hotfix updates the Trend Micro Control Manager(TM) MCP AgentSDK to prevent a potential vulnerability issue.

This Hotfix enables the Apex One Security Agent program to support Microsoft(TM) Windows(TM) 10 (version 21H2) November 2021 Update.

This Hotfix adds a subject process name for terminated Apex One Security Agent processes in the System Event Logs of Apex One.

This Hotfix enables the Apex One (Mac) Security Agent program to support macOS(TM) 12 (Monterey).

This Hotfix replaces "iCore Service.app" with "iCore Service" in the "Allow Full Disk Access" page of the Apex One (Mac) Security Agent console.

This Hotfix enables the Apex One (Mac) Security Agent program to support the "Automatic Proxy Configuration" and "Bypass proxy settings for these Hosts & Domains" system proxy settings.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

The EC module may stop responding while handling NULL data which may cause the ESEService and ADE functionality to behave abnormally.

In rare conditions, ESEService stops responding while unloading.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a slash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.