<<<>>> Trend Micro Incorporated January 22nd, 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Endpoint Application Control 2.0 - Service Pack 1 - Patch 4 English - Windows - 32-bit / 64-bit Patch 4 Build 1863 Server, Client ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ============================================================================== 1. Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hotfixes 8. Contact Information 9. About Trend Micro 10. License Agreement ============================================================================== 1. Patch Release Information ============================================================================== 1.1 Resolved Known Issues ============================================================================ This Patch resolves the following issue(s): Issue 1: On screens where there is the option to "Remove" items, the "Remove XX Selected" label displayed an inaccurate count. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The count logic has been updated to resolve the inaccurate value issue. Issue 2: The "Cancel" button on the Updates screen does not cancel the Automatic Updates changes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The Automatic Updates enable/disable controls are automatically applied and are not affected by the Cancel action. This hotfix disables the Cancel and Save buttons on the Updates screen if no other configuration changes are detected. Issue 3: The Trend Micro Endpoint Application Control (TMEAC) UI does not display normally on the "Plug-in Manager" page when users Single Sign-on to the OfficeScan web console from the Trend Micro Control Manager(TM) console. This happens because some HTML and JS files are specified using absolute URL paths. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch replaces the absolute URL paths with relative URL paths to resolve this issue. 1.2 Enhancements ============================================================================ The following enhancements are included in this Patch: Enhancement 1: This patch updates the following third-party programs to the version listed: * PHP 7.2.11 * Java 1.8.192 Enhancement 2: A message on the Add/Edit Policy screen indicates whether the selected targets are able to apply a Lockdown rule. Note: Lockdown rules only apply to endpoints and the “SYSTEM” user. If you select any other user or group, the Lockdown rule does not apply. Enhancement 3: This patch enables the Trend Micro Endpoint Application Control 2.0 Service Pack 1 Patch 4 agent program to support Microsoft(TM) Windows(TM) 10 (version 1809) October 2018 Update. 2. Documentation Set ============================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://esupport.trendmicro.com 3. System Requirements ============================================================================== No requirements 4. Installation/Uninstallation ============================================================================== This section explains key steps for installing the Patch. 4.1 Installing ============================================================================ For information on agent deployment, see Endpoint Application Control online help: https://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx 4.2 Uninstalling ============================================================================ No uninstallation instructions are provided. 5. Post-installation Configuration ============================================================================== No post-installation steps are required. 6. Known Issues ============================================================================== Known issues in this release: #1 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Endpoint Application Control agents running version 2.0 SP1 Patch 3 display blocked events for "**Windows-Apps**" only in single-user desktop environments. The agent notification window does not display blocked events for "Windows-Apps" when multiple users are logged on at the same time. #2 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] When blocking "**Windows-Apps**", the agent notification window may display for blocked "Windows-App" files during user log on if the "Windows-App" is pinned to the Windows Start Menu. To resolve this issue, ensure the blocked "Windows-App" is removed from the Windows Start Menu. #3 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Endpoint Application Control agents running version 2.0 SP1 Patch 3 are not supported on Endpoint Application Control servers running versions prior to 2.0 SP1 Patch 2. To resolve this issue, upgrade the server to version 2.0 SP1 Patch 2 or later. #4 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] The server web console renders unexpectedly due to incorrect resource file loading. To resolve this issue, clear the browser cache and refresh the web page. #5 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Endpoint Application Control is unable to properly detect system proxy settings that use SOCKS protocol. To resolve this issue, manually configure proxy settings on the Proxy Settings screen (**Administration > Proxy Settings**). #6 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] After Endpoint Application Control agents are installed using the Endpoint Application Control OfficeScan Plug-in, system accounts such as `IUSR` display in [Users and Endpoints]. This is normal behavior. Activity from these accounts should be tracked to allow administrators to monitor system account activity for non-standard behavior. The system service accounts that are normally not displayed are `SECURITY_LOCAL_SERVICE_RID` and `SECURITY_NETWORK_SERVICE_RID`. These accounts include `LOCAL SERVICE`, `NETWORK SERVICE` and `DWM-1`. * System service IIS accounts that display include the following: `IIS_IUSRS`, `IUSR`, `DefaultAppPool` and `ASP.NET v4.0` * System service AppPool accounts that display include the following: `IWAM` * System service Win32_UserAccount accounts that display include the following: `PCX\Administrator`, `PCX\Guest` * System service Win32_SystemAccount accounts that display include the following: `PCX\ANONYMOUS LOGON`, `PCX\Authenticated Users`, `PCX\BATCH`, `PCX\BUILTIN`, `PCX\CREATOR GROUP`, `PCX\ CREATOR GROUP SERVER`, `PCX\CREATOR OWNER`, `PCX\CREATOR OWNER SERVER`, `PCX\DIALUP`, `PCX\ENTERPRISE DOMAIN CONTROLLERS`, `PCX\Everyone`, `PCX\INTERACTIVE`, `PCX\IUSR`, `PCX\ LOCAL`, `PCX\LOCAL SERVICE`, `PCX\NETWORK`, `PCX\NETWORK SERVICE`, `PCX\OWNER RIGHTS`, `PCX\PROXY`, `PCX\REMOTE INTERACTIVE LOGON`, `PCX\RESTRICTED`, `PCX\SELF`, `PCX\ SERVICE`, `PCX\SYSTEM` and `PCX\TERMINAL SERVER USER` #7 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Endpoint Application Control is unable to display correct processor and memory use information in the **Server Summary** widget (**Dashboard > Summary**). The information is calculated based on application scope where virtual memory and memory used by runtime platforms are ignored and data are collected by polling on a five-minute interval and by averaging the results. To determine the total current processor and memory use, including virtual and runtime platform memory, use Windows Task Manager. #8 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] "Unknown" applications or files may appear under the **Configure conflict resolutions** (**Management > Rules, Add/Edit Rule**) screen. This issue may be caused by the following: * Applications and files are [pending addition] to the TMCSSS database. * Some data may not be available in the TMCSSS database. * Endpoint Application Control is unable to connect to the services that provide additional or updated information for files in the local TMCSSS database. To resolve this issue, you may need to do one or all of the following: * Look up the relevant SHA-1 hash values on the **Logs > Query** screen to determine if and where they exist in the environment. * Verify the Internet connection of the Endpoint Application Control server and retry later. An Internet connection provides additional and updated information. #9 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] The **Key Performance Indicators** widget displays "--" for periods that contain incomplete data because the Endpoint Application Control server is unable to distinguish between inactivity and absence of data. To resolve this issue, verify your log purging schedules (**Logs > Maintenance** screen) and make sure not to purge data at a schedule that cuts into any indicator schedules. #10 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] A simple search can perform the search based on all data columns instead of the displayed columns due to processing resource and time considerations. To search within specific columns, use dynamic search. For more information about dynamic search, see the Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx #11 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] The **Add** or **Edit Rule** screen is unable to display correct path information where drive letters other than `C` or `D` will be missing if matching is based on **File paths** and **Location: Any local storage** is allowed. To resolve this issue, select **Location: *empty*** to display all matched paths. #12 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] The Endpoint Application Control server web console is unable to resolve SHA-1 hash value shortcuts to their actual paths. In Windows, shortcuts are special link files. Unless otherwise implemented inside the web browser, shortcuts are not resolved to their target files. The Endpoint Application Control web console can only use the actual file, not the shortcut. To resolve this issue, follow the steps below: 1. Click **Select Files**. The file window browser appears. 2. Right-click the shortcut and select **follow the shortcut**. 3. Select **Open file location**. The shortcut target appears. 4. Click **OK**. #13 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Data entries in the **Query** screen (**Logs > Query**) may not be display in order when it is accessed for the first time. To resolve this issue, manually click a column name to sort. #14 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Widget data on **Dashboard** may not be updated immediately after changes are applied. To resolve the issue, do one of the following: * Refresh the browser window. * Log off and then log on to the web console. #15 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] While accessing the server web console, browser memory consumption can increase sharply depending on the browser type, browser version, and usage time. Some browsers may not call destruction events. To resolve the issue, do one or more of the following: * Use an up-to-date browser version. * Use a different supported browser. * Refresh or reopen the browser window occasionally. #16 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Percentage information in the **User and Endpoint Summary** table and the chart may not always match. Charts display percentage among the top values, but the table shows the percentage relative to all values. #17 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] On the **Application, Rule, and Policy Events** widget, the top and bottom values may disappear after deleting conditions and then reopening the settings page. #18 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] The **Period** setting may not be saved for the **Applications, Rule, and Policy Events** widgets if they are also saved as templates. To resolve this issue, manually set **Period** for each of the **Application, Rule, and Policy Events** widget on your **Dashboard**. For more information, see the topic on Application, Rule, and Policy Events Widget in Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx #19 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] Endpoint Application Control may experience a certificate chain error on a computer with which the server console is accessed remotely and that the server is installed on Internet Information Services. To resolve this issue, follow the steps below to import the root CA certificate from the server installation folder to the remote endpoint experiencing the issue: 1. Deploy the root CA certificate: * Go to the Endpoint Application Control server installation folder. * Copy the CA certificate **TMEAC_CA_Cer.pem** and save it to the desktop. * Rename the certificate file to a .CER file, for example, **TM-CA.cer** 2. Configure the MMC Snap-in: * On the server platform, go to the Start menu, run "mmc" and press **Enter**. * Go to **File** > **Add/Remove Snap-Ins**. * From the list of Available snap-ins, choose **Certificates** and click **Add >**. * In the pop-up window, select **Computer account** and click **Next**. * Select **Another computer** and browse for the remote computer experiencing the issue. * Click **Next** to finish the configuration. 3. Import the CA certificate: * In the MMC, go to **Console Root** > **Trusted Root Certificate Authorities/Certificates** > **Certificates**. * Right-click **Trusted Root Certificate Authorities/Certificates**. * On the Context menu, click **All Tasks** > **Import**. * Select the previously exported public key file that contains the **TM-CA.cer** file and import it. * Verify that the CA is imported to the trust store. #20 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] ##### Control Manager Endpoint Application Control server widgets only display data for the connected server, and are unable to display integrated data from multiple Endpoint Application Control servers. Endpoint Application Control only shares data across servers via Control Manager. To integrate data from several servers, the Control Manager version of widgets would need to implement their own logic and processing. To resolve the issue [cluster separate Endpoint Application Control servers to create a single source of data. Any server belonging to the cluster returns the same information to widgets. #21 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] ##### Control Manager The Control Manager KPI widget will continue to display last known indicator values even when all Endpoint Application Control servers are removed. The widget only updates when new data is available. Consider deleting the widget if it is no longer needed. #22 Known Issue: [Reported at: TMEAC 2.0.1 SP1 - Patch 3 B1741] ##### Control Manager After removing all Endpoint Application Control servers from **Server Visibility** in Control Center, rules continue to display in the **Rule Management** widget. The widget only updates when new data is available. Consider deleting the widget if it no longer needed. The Rule Management widget caches rules in order to provide rule synchronization among connected Endpoint Application Control servers. 7. Release History ============================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 7.1 Prior Hotfixes ============================================================================ Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1766] Issue: Applications typically take 50% more time to start in Endpoint Application Control agent computers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix reduces the typical overhead to 15% by improving caches within the agent to minimize the number of required registry lookups, file hash calculations, and certificate checks. [Hotfix 1764] Issue: Endpoint Application Control uses Microsoft(TM) Windows(TM) APIs to get detailed information on processes and users that started them. These Windows APIs may occasionally query user information from the Active Directory which may slowdown the entire system when the network is slow. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the issue by implementing a caching mechanism for user information. This enables Endpoint Application Control to query the information once for each unique user ID instead of every time the information is needed. [Hotfix 1763] Issue: An Endpoint Application Control agent may not be able to apply policy rules after Endpoint Application Control rearranges policy rule settings. When this happens, the agent service restarts itself continuously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the issue by updating the Endpoint Application Control agent program to ensure that it can apply policy rule changes successfully. [Hotfix 1761] Issue: When the current policy is using the "trusted source: permanent" setting, the Endpoint Application Control agent may read several application files at the same time which may then apply a shared lock on these files. If this happens, users may not be able to install certain applications on the agent machine and may also encounter other application issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables the feature to read several application files at the same time only when these files have not been touched by the applications that have been marked with permanent trust for several minutes. Enhancement: The Trend Micro OfficeScan(TM) client cannot add Endpoint Application Control Agent executables to its exclusion list automatically. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the issue by updating the Endpoint Application Control agent program to ensure that OfficeScan clients can read information about the Endpoint Application Control agent service for the exclusion list. [Hotfix 1754] Issue: The agent log contains a large number of "UNIQUE constraint failed: TrustedHashes.Hash" errors. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix improves the way Endpoint Application Control handles the insertion of duplicate hash values in the trusted source database to minimize the errors in the agent log. [Hotfix 1751] Enhancement: To prevent users with administrator privileges from uninstalling the Endpoint Application Control agent using the Microsoft Windows uninstallation function, Endpoint Application Control has added the ability to set a required global agent uninstallation password. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To configure the uninstallation password: 1. Create an UTF-8 encoded, plain text file with the following content: property.client.uninstall.password: thepassword 2. Replace "thepassword" with the uninstallation password you want to apply to all Endpoint Application Control agents. 3. Copy the file to the following directory: `INSTALL_PATH\AcServer-Data` 4. Rename the file as follows: `import-settings.properties` 5. Deploy the updated policy settings to agents. To remove the uninstallation password: 1. Create an UTF-8 encoded, plain text file with the following content: property.client.uninstall.password: NOTE: Do not specify any password text. 2. Copy the file to the following directory: `INSTALL_PATH\AcServer-Data` 3. Rename the file as follows: `import-settings.properties` 4. Deploy the updated policy settings to agents. NOTE: Agents apply the password settings after receiving a policy update. [Hotfix 1749] Issue 1: The CPU consumption on Endpoint Application Control Agent becomes high during policy updates even if the received update is minor. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix optimizes the policy storage to avoid extra CPU consumption. This issue was previously caused by creating full per-user copies of sharable policy data on every update. Issue 2: The number of local user accounts affects the time for a policy or policy update takes effect on an Endpoint Application Control Agent. The length of time increases when the policy is large. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix optimizes the policy storage and prevents the creation of full per user copies of shareable policy data, which was initially received or changed during an update. Issue 3: The Endpoint Application Control agent scans for policy changes even when it knows that no updates exist on the server. This process increases the server load and network utilization. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix optimizes the agent to scan for policy changes only when the regular server connection check indicates that updates exist. Issue 4: The Endpoint Application Control agent may fail to match path rules if the file being checked is accessed using the legacy Microsoft Windows short path notation and the path rule is not specifically defining a pattern for the short path. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The agent normalizes paths to long paths to ensure path rules do not need to define patterns for legacy short paths. [Hotfix 1743] Issue: "AcAgentUI.exe" does not start on endpoints that are set to the Italian locale. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix fixes an invalid XML line in the Italian l10n file to ensure that "AcAgentUI.exe" can start normally on endpoints set to the Italian locale. Enhancement: The AcAgentUI can be started manually. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix prevents users from starting AcAgentUI manually. [Hotfix 1742] Issue: A request permission request returns an error if it does not complete within five seconds. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the issue by extending the request timeout to 30 seconds. [Patch 1741] Issue 1: Unable to select policy targets using Active Directory Organizational Units when deploying an Endpoint Application Control Policy from the Control Manager 7.0 console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: Enhanced Control Manager 7.0 integration to enable support for target assignment of Active Directory computers using the "filter" or "specify targets" functions for Endpoint Application Control policies. Issue 2: An invalid Endpoint Application Control agent version may appear in the endpoint list of the OfficeScan plug-in console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: Updated the synchronization mechanism of the OfficeScan plug-in to properly display the installed Endpoint Application Control agent version. Issue 3: The Endpoint Application Control server may be vulnerable to the FileDrop Directory Traversal Remote Code Execution Vulnerability (ZDI-CAN-5640). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This critical patch fixes the vulnerability by ensuring that files uploaded by users logged onto the web console are only allowed in server folders assigned to the logged on user. Issue 4: The bundled"hashlist-importer" utility tool is unable to import SHA1 lists to the Endpoint Application Control server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The Endpoint Application Control server has been updated to properly accept SHA1 lists from the "hashlist-importer" utility tool. Issue 5: The server uninstallation program does not verify that all used network ports are properly closed before finishing the uninstallation process. Some ports may appear to be in use for several seconds after the uninstallation completes, which prevents the re-installation of the server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: The uninstallation program has been enhanced to verify that all used network ports are closed before finishing the uninstallation process. Issue 6: Opening the web console directly after the installation may result in the "HTTP-404" browser error because not all required processes have started. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The installation program has been enhanced to verify that all required processes have started before displaying the installation "complete" message. Issue 7: When using the OfficeScan plug-in program to install Endpoint Application Control agents, if the agent installation is unsuccessful, the plug-in console may display the "Installing..." state indefinitely. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The synchronization function of the Endpoint Application Control OfficeScan plug-in has been enhanced to properly display the current installation state of agents. Issue 8: When in Lockdown mode, endpoints block updates of the Endpoint Application Control agent program. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The product name of the signed installer has been updated to properly allow the Endpoint Application Control agent to detect that an update installation is allowed. Issue 9: On Windows 10 platforms, the Endpoint Application Control agent reports and registers the temporary User-Mode Driver Framework (UMDF) user accounts used to upgrade the agent from a previous version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The Endpoint Application Control agent does not register temporary UMDF user account associations in the endpoint list. Note: Temporary UMDF user account information is still accessible using the "SYSTEM" account. Issue 10: The domain name field may be empty for certain endpoints in the results of the periodic check for changes to endpoint and domain names on the "Management > User Endpoints" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: Updated the periodic name checking mechanism to help ensure that the correct endpoint domain names are displayed on the periodic check results. Issue 11: The Endpoint Application Control agent console may not correctly display the server connection status after an agent becomes disconnected from the server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The Endpoint Application Control agent has been enhanced to always displays the correct connection status. Issue 12: The content removed from the "Certified Safe Software" list pattern files is not removed from the "Known Applications" list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: The pattern loading component on the server has been enhanced to inspect the existing content in the "Known Applications" list and remove all entries that originated from an earlier pattern version and are no longer present in the current pattern. Issue 13: The Endpoint Application Control agent console does not show the element "*Request permission to use this application*" on localized agent console versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: Corrected the size of the notification window to ensure that the element "*Request permission to use this application*" is visible on all console versions. Enhancement 1: Reduced the update time of the "Certified Safe Software" pattern for "Known Applications" through an incremental update process. Enhancement 2: Reduced the initial loading time of the "Certified Safe Software" list pattern through use of a predefined "well-known files" database compiled from the the Trend Micro web service. Enhancement 3: Added support for continuing an unfinished inventory scan at the last scanned file when an endpoint is restarted. Enhancement 4: You can configure Endpoint Application Control to automatically remove inactive user associations with endpoints from the Users and Endpoints list. Enabled by default, this feature helps to remove excess user data from the database and avoid stability and performance issues caused by one-time or former user access to endpoints. Enhancement 5: Policy configuration has been enhanced to allow specialized log tagging of endpoint inventory collections that you can use to dynamically update the "Known applications dynamic search" list. You can use this feature to dynamically update the Known applications list and deploy the updated list to all other endpoints on your network. Enhancement 6: Policy configuration has been enhanced to allow specialized log tagging of applications that you can use to dynamically update the "Allowed" or "Blocked" lists using the "Known applications dynamic search" list. You can use this feature to dynamically update the Known applications list on a test endpoint and deploy the updated list to all other endpoints on your network. Enhancement 7: Added additional columns to the policy list that provide a better differentiation between the various endpoint states (no policy, outdated policy, online, or offline) to improve visibility about whether further action is required. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: Note: The column configuration for the policy list is saved within the browser and will not change by default. If you have upgraded the server, use the "Reset columns" option from the list menu to enable the new default view or manually select the columns of your preference from the "Select columns" menu. Enhancement 8: Added and enabled a fully automated incremental backup and restore process for content in the "Known Applications" log from sources other than the "Certified Safe Software" list to ensure that no data is lost if the "Known Applications" log becomes corrupted. Enhancement 9: Enhanced low disk space monitoring helps to avoid critical issues (such as database/log corruption and unresponsive server commands) by safely stopping affected processes before the server runs out of free disk space. When the remaining disk space is low, the server console displays the current disk space status including the minimum required disk space although certain log collection features are disabled. Once the remaining disk space is increased, any stopped processes are restarted automatically. To prevent damage during initialization, the Endpoint Application Control server service may not start (or restart) if the free disk space on the server is critically low. Enhancement 10: Enhanced the Endpoint Application Control agent console to display blocked events for "Windows Apps" in single-user desktop environments. Displaying block events for "Windows Apps" is not supported if multiple users are logged on. 8. Contact Information ============================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ============================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2019, Trend Micro Incorporated. All rights reserved. Trend Micro, Endpoint Application Control, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ============================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide