1. What's New

Note: Please install the Patch before completing any procedures in this section (see "Installation"). This Patch addresses the following issues and/or includes the following exhancement (s):

Enhancements

The following enhancements are included in this Patch:

Enhancement 1 (SEG-169356),

This Patch enables Apex Central to support the following components for ScanMail for Microsoft Exchange:

  • Anti-spam Engine (FIPS, 64-bit)
  • URL Filtering Engine (Dynamic, 64-bit)
  • Contextual Intelligence Query Handler (Dynamic, 64-bit)

Resolved Known Issues

This Patch resolves the following issue(s):

Issue 1 (VRTS-8910),

A potential Cross-Site Scripting (XSS) vulnerability is found in Apex Central.

Solution

This Patch updates the related modules to resolve the issue.

Issue 2 (SEG-170830),

Users are unable to search for specific Security Agent endpoints in Apex Central.

Solution

This Patch updates the related modules to resolve the issue.

Issue 3 (SEG-165708),

Single Sign-On (SSO) to the Apex One web console from the Apex Central web console may be unsuccessful.

Solution

This Patch updates the related modules to resolve the issue.

Issue 4 (VRTS-8885), (VRTS-8910),

Widgets on the Dashboard may be exposed to potential Cross-Site Scripting (XSS) vulnerabilities.

Solution

This Patch updates the related components to protect against the vulnerabilities.

2. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

  • Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.


To access the Online Help, go to http://docs.trendmicro.com

  • Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
  • Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
  • Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
  • To access the Support Portal, go to http://success.trendmicro.com

3. System Requirements

1. Trend Micro Apex Central Build 3752 - English - Windows - x32-x64

4. Installation

Installing

No special installation instructions are provided.


Uninstalling

No special uninstallation instructions are provided.

Control Manager service packs, patches, and hotfixes can be found on the Trend Micro website or obtained from a technical support engineer.
http://downloadcenter.trendmicro.com/index.php?clk=latest&clkval=5180

5. Post-installation Configuration

No post-installation steps required.

NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.

Post-installation Configuration (from Previous Versions)

No post-installation steps required.

NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.

6. Known Issues

Known issues in this release:

Known issue 1

Users cannot configure proxy or authentication settings for Deep Discovery Inspector or Deep Discovery Email Inspector on the Edit Server screen.

Known issue 2

The user or account name in Attack Discovery logs may be empty.

Known issue 3

The signer info in the Attack Discovery logs may be empty.

Known issue 4

This release of Apex Central does not currently link to the latest documentation. For the latest Online Help content, refer to the following link: https://docs.trendmicro.com/en-us/enterprise/apex-central-patch-2-online-help/Home

7. Release History

Prior Hotfixes

Only this Patch was tested for this release. Prior hotfixes were tested at the time of their release.
Issue Hotfix 6370 (SEG-166037),

Apex Central may send duplicate C&C Callback syslogs to the SIEM server.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (SEG-166596),

Users cannot Single Sign-On (SSO) to the Apex one web console from the Apex Central web console.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (SEG-164601),

Apex Central may take an excessive amount of time for policy deployment.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (PDGJIRA-2890), (SEG-164586),

Apex Central may not send detection logs and endpoint information to Trend Vision One.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (SEG-163105),

An issue related to the server GUID length may prevent Apex Central from displaying assessment results from Apex One on the Historical Investigation screen.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (SEG-162713),

An issue related to the timestamp provided through API calls in the syslog may prevent Splunk from displaying related event information on the console.

Solution

This Hotfix resolves the issue.

Procedure

Modify the query string by adding the newly added parameter "prefix_time_format". The value "ISO" should be reflected in the prefix timestamp format.

  • useQueryString="?output_format=CEF&page_token=0&since_time=0&prefix_time_format=ISO"

Issue Hotfix 6370 (SEG-167413),

During Active Directory synchronization, the system may unexpectedly filter data from approved organizational units (OU).

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (SEG-166751),

The system may generate logs that cannot be manipulated on the DLP Incident Information screen.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6370 (VRTS-8882), (VRTS-8906), (VRTS-8908),

Widgets on the Dashboard may be exposed to potential Cross-Site Scripting (XSS) vulnerabilities.

Solution

The Hotfix updates the related components to protect against the vulnerabilities.

Enhancement Hotfix 6370 (PDGJIRA-2711),

This Hotfix enhances the Users/Endpoints > Endpoints screen to display the OS Version column.

Enhancement Hotfix 6370 (SEG-153570),

This Hotfix adds cookies to enhance Apex One server login authentication and optimize System Event Logs for login events.

Enhancement Hotfix 6370 (SEG-164462),

This Hotfix updates error codes in Apex Central to enhance the error message for Apex One (Mac) server configuration.

Enhancement Hotfix 6370 (SEG-168701), (SEG-169234),

This Hotfix enhanced the Apex Central web console to include a tooltip for the Application Reputation List on Application Control Criteria screen.

Enhancement Hotfix 6370 (SEG-165766),

This Hotfix enhances the security agent status synchronization process to improve system performance.

Enhancement Hotfix 6370 (SEG-163867),

This Hotfix enhances the CommandTracking function in Apex Central to improve system performance.

Enhancement Hotfix 6370 (SEG-167717),

This Hotfix enables Apex Central to support the "Contextual Intelligence Query Handler (Linux, 64-bit, Dynamic)" component for Trend Micro Deep Discovery Inspector 6.3.

Enhancement Hotfix 6370 (SEG-169898), (PDGJIRA-2499),

This Hotfix enhances the Smart Feedback feature for comprehensive targeted detection scans and automatic notifications.

Procedure

To enabled the enhanced Smart Feedback feature, perform the following:

  1. Apply this Hotfix on Apex Central.
  2. Log onto each managed Apex One server to enable and acknowledge the Smart Feedback permission settings.

Note: The Apex Central console displays the Comprehensive Targeted Attack Detection Scans pop-up screen upon logon when the updated Smart Feedback permission settings are not acknowledged on one or more managed Apex One servers.

Issue Hotfix 6315 (SEG-158733),

When the "Adjust for daylight saving time automatically" setting is enabled, the system displays the incorrect timestamp for the CEF key "rt" value in Pattern/Engine Update Status logs.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6315 (SEG-158580),

During daylight saving time, the timestamp in email notifications is incorrect by one hour.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6315 (SEG-162738),

Policy data processing errors in the Application Control module cause the system to set the policy status to "With issue".

Solution

This Hotfix updates the related files to resolve the issue.

Issue Hotfix 6315 (SEG-158147),

The system does not display the "Block" action for user-defined IP address suspicious objects imported using OpenIOC.

Solution

This Hotfix resolves the display issue.

Issue Hotfix 6315 (SEG-161399),

The policy with the name "nopolicy" prevents the system from displaying the policy list properly.

Solution

This Hotfix resolves the issue.

Enhancement Hotfix 6315 (VRTS-8685), (VRTS-8745), (VRTS-8728), (VRTS-8759),

This Hotfix updates the log query module to protect against Cross-Site Scripting (XSS) security issues.

Enhancement Hotfix 6315 (SEG-163891),

This Hotfix enables Apex Central to display the policy name and version information on the Log Query screen for Apex One (Mac) Security Agents.

Issue Critical Patch 6288 (SEG-148650),

An issue related to case-sensitivity settings may result in unsuccessful Active Directory synchronization.

Solution

This Critical Patch resolves the issue.

Issue Critical Patch 6288 (VRTS-8108),

A known vulnerability (CVE-2018-1285) is found in Apache log4net 2.0.10 and earlier versions.

Solution

This Critical Patch updates the log4net version in Apex Central to enhance product security.

Issue Critical Patch 6288 (SEG-159394),

Active Directory user names containing a single quote character may cause the system to send email messages with the one-time report every minute.

Solution

This Critical Patch resolves the issue.

Issue Critical Patch 6288 (SEG-158223),

An issue related to security headers causes the "Control traffic on isolated endpoints" setting to be unconfigurable.

Solution

This Critical Patch resolves the issue.

Issue Critical Patch 6288 (SEG-160327),

A missing byte-order mark (BOM) in the CSV file exported from the User-Defined Suspicious Objects screen causes the system to display garbled text on the web console after importing the file.

Solution

This Critical Patch resolves the issue.

Issue Critical Patch 6288 (VRTS-8508),

A known vulnerability (CVE-2022-31629) is found in PHP 7.4.32 and earlier versions.

Solution

This Critical Patch updates the PHP version in Apex Central to enhance product security.

Issue Critical Patch 6288 (VRTS-7534),

A Session Fixation vulnerability is found in Apex Central.

Solution

This Critical Patch updates the related modules to protect against a potential security issue.

Issue Critical Patch 6288 (SEG-160595),

No logs display when users single sign-on to Apex One and try to perform a log search from the Agent Tree or view detection logs from the Dashboard.

Solution

This Critical Patch resolves the issue.

Enhancement Critical Patch 6288 (PDGJIRA-2264),

This Critical Patch adds a new CEF key "TMCMdevicePlatform" to include the operating system information in all detection syslogs.

Enhancement Critical Patch 6288 (VRTS-8115),

This Critical Patch fixes the SQL injection security issue.

Enhancement Critical Patch 6288 (SEG-150924),

This Critical Patch enhances the performance of historical investigation when multiple Apex One servers are connected to Apex Central.

Enhancement Critical Patch 6288 (SEG-157664),

This Critical Patch enables Apex Central to support the "Network Content Inspection Engine (5.14, Kernel mode, 64-bit, Conf: 6500)" component for Trend Micro Deep Discovery Inspector 6.5.

Enhancement Critical Patch 6288 (VRTS-7853),

This Critical Patch updates the related modules to prevent the username information from being exposed in the Uniform Resource Locator (URL).

Enhancement Critical Patch 6288 (PDGJIRA-2305),

This Critical Patch enables Apex Central to display Apex One (Mac) policies in Product Status View.

Issue Hotfix 6258 (SEG-154794), (SEG-153403),

After updating the Certified Safe Software Pattern, the Default Criteria - Assess Gray Software List Applications criteria for Application Control may not display, resulting in the need to reselect the criteria and redeploy the policy.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6258 (SEG-153275),

When a registered Apex One server is disconnected after applying a hotfix, the system continues to update the "Last Report" time of the Apex One server on the Server Registration screen.

Solution

This Hotfix resolves the issue to stop updating the "Last Report" time when the Apex One server is disconnected during product updates.

Issue Hotfix 6258 (SEG-123760),

The system uses the product code instead of the product name for the CEF key deviceFacility.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6258 (SEG-156789),

The system does not sort the users/endpoints list correctly after clicking the "Last Connected" column.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6258 (VRTS-7863),

User accounts with a weak password may be at risk of being compromised through password guessing attacks.

Solution

This Hotfix enforces a stronger password complexity policy.

Issue Hotfix 6258 (SEG-153500), (SEG-157658),

An issue related to the product profile module causes the web console to display an empty Component List.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6258 (SEG-142093),

Changing the root domain name unexpectedly starts the filtering function in the Active Directory synchronization tool.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6258 (SEG-151882),

A database deadlock issue is found in the policy management module.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6258 (SEG-154867),

When configuring IP address auto label rules on the Label Settings screen, the system does not check the IP address range format.

Solution

This Hotfix resolves the issue.

Enhancement Hotfix 6258 (SEG-153573), (SEG-154539),

This Hotfix supports the import of Application Control hash value criteria without the file path in CSV files.

Enhancement Hotfix 6258 (PDGJIRA-991),

This Hotfix enhances the Single Sign-on (SSO) feature to improve user experience.

Issue Hotfix 6240 (SEG-154853), (SEG-155045),

Detailed information does not display after clicking a number on the following widgets:

  • C&C Callback Events
  • DLP Incidents by Severity and Status
  • DLP Incidents by User

Solution

This Hotfix resolves the issue.

Issue Hotfix 6240 (SEG-149081),

Configuring the "Control traffic on isolated endpoints" settings for an endpoint may restore the endpoint connection.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6240 (SEG-151369),

The Apex Central web console displays the incorrect URL on the Virtual Analyzer Suspicious Objects > Configure Scan Actions screen.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6240 (SEG-151396),

Users are unable to log into Apex Central if the account password contains the pound symbol "£".

Solution

This Hotfix resolves the issue.

Issue Hotfix 6240 (VRTS-6511),

An issue related to the web console module may cause a potential information leak.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6240 (VRTS-7776), (VRTS-7777),

Known vulnerabilities (CVE-2022-31625 and CVE-2022-31626) are found in PHP 7.4.30 and earlier versions.

Solution

This Hotfix updates the PHP version in Apex Central to enhance product security.

Issue Hotfix 6240 (SEG-155575),

Users are unable to export logs from the web console.

Solution

This Hotfix resolves the issue.

Enhancement Hotfix 6240 (SEG-152849),

This Hotfix removes the CEF key "suser" in CEF Virus/Malware logs for better user experience.

Enhancement Hotfix 6240 (SEG-154549),

This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.5.

Enhancement Hotfix 6240 (SEG-150064), (PDGJIRA-2233),

This Hotfix adds the CEF key "dvchost" in CEF Suspicious File Logs for better user experience.

Enhancement Hotfix 6240 (SEG-149902),

This Hotfix adds support for TxOne StellarOne 2.0 integration in Apex Central.

Enhancement Hotfix 6240 (PDGJIRA-1726),

This Hotfix enhances the API (/WebApp/api/AgentResource/ProductAgents) to provide additional Security Agent information.

Enhancement Hotfix 6240 (PDGJIRA-1726),

This Hotfix adds a new API (/WebApp/API/V2/AgentResource/ProductAgents) to provide additional Security Agent information.

Issue Hotfix 6201 (SEG-148219),

When extended SMTP (ESMTP) is enabled, users are unable to receive two-factor authentication (2FA) email messages.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6201 (SEG-151463),

Users are unable to register the Apex One server to Apex Central.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6201 (VRTS-7670),

An issue related to the LogQuery module may make the system prone to potential CSV Excel Macro Injection (CEMI) attacks.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6201 (SEG-146113), (SEG-145950), (SEG-152473), (PDGJIRA-2031),

The policy target information is not available when the user account used to create the policy is deleted.

Solution

This Hotfix sets the web console to display a warning screen when deleting a user account that owns one or more policies.

Issue Hotfix 6201 (SEG-152476), (SEG-146013), (PDGJIRA-2087),

User-defined URL suspicious objects that contain invisible characters may result in unsuccessful user-defined suspicious object list synchronization with Apex One and Deep Security.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6201 (VRTS-7870),

An information exposure vulnerability is found in the web console module.

Solution

This Hotfix resolves the issue by setting the web console to redirect email account logon sessions to the Identity Provider.

Issue Hotfix 6201 (VRTS-7669),

A Cross-Site Scripting (XSS) vulnerability is found in the product tree module.

Solution

This Hotfix updates the module to resolve the issue.

Issue Hotfix 6201 (SEG-150989),

The web console may display an enlarged icon after isolating an offline agent.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6201 (SEG-150583),

The system automatically overwrites the logon user information in Users/Endpoints on a regular basis.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6201 (VRTS-7851),

A CSRF token is not set to secure mode.

Solution

This Hotfix sets the token to secure mode.

Issue Hotfix 6201 (VRTS-7668),

A Cross-Site Scripting (XSS) vulnerability is found in the Server list module.

Solution

This Hotfix updates the module to resolve the issue.

Enhancement Hotfix 6201 (VRTS-7867),

This Hotfix fixes the Cross-Site Scripting (XSS) security issue.

Enhancement Hotfix 6201 (PDGJIRA-2139), (SEG-148751), (SEG-150776),

This Hotfix allows accounts with special characters in the user name to log into the web console.

Issue Hotfix 6165 (SEG-146915),

In web access policy violation event notifications, the URL field may contain the complete URLs of malicious websites that users can click.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6165 (VRTS-7851),

The system does not send a cookie that is not set to secure in HTTPS connections.

Solution

This Hotfix sets the cookie to secure to resolve this issue.

Issue Hotfix 6165 (SEG-146039),

The system does not display the required pattern/engine properly on the Download screen due to unsuccessful configuration file merge.

Solution

This Hotfix resolves the issue.

Enhancement Hotfix 6165 (SEG-65238),

This Hotfix adds the event messages in debug logs for the EncryptDecryptUtility module.

Issue Hotfix 6138 (SEG-143482),

The system generates a Windows event log when the TICAgentForMDR.exe service becomes unresponsive.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6138 (SEG-143548),

Users with read-only accounts can still import device list files on the Device Control Allowed Devices screen.

Solution

This Hotfix updates the related modules to prevent read-only user accounts from modifying the Device Control Allowed Devices settings.

Issue Hotfix 6138 (PDGJIRA-1709),

An issue related to file name display prevents users from downloading Data Loss Prevention (DLP) forensic files.

Solution

This Hotfix resolves the issue.

Enhancement Hotfix 6138 (PDGJIRA-1623),

This Hotfix enhances the Apex Central service to prevent an unsuccessful service startup due to a large debug log size.

Enhancement Hotfix 6138 (SEG-105785),

This Hotfix updates the file aucfg.ini to retain customized settings and improve the agent patch update process.

Enhancement Hotfix 6138 (PDGJIRA-1816),

This Hotfix updates the system to automatically delete phantom endpoints that the system no longer manages on the Users/Endpoints screen.

Enhancement Hotfix 6138 (PDGJIRA-1965),

This Hotfix enhances the syslog to include the email subject information for security event logs.

Enhancement Hotfix 6138 (SEG-140046),

This Hotfix adds support for TxOne StellarOne integration in Apex Central.

Issue Hotfix 6104 (PDGJIRA-9248), (PDGJIRA-9249),

Exported images on the User/Endpoint Directory screen in Timeline view contain no data.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6104 (SEG-137391),

For Active Directory user accounts, Apex Central is unable to synchronize the associated email address information from Active Directory.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6104 (SEG-141139),

The web console displays an empty Component List due to a product profile issue.

Solution

This Hotfix resolves the issue.

Issue Hotfix 6104 (SEG-141794),

If multiple Security Agents are associated with the same endpoint, the User Name displayed for the product status is incorrect.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6104 (SEG-141642),

The User/Endpoint Directory screen does not display entries for all Security Agents.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6104 (VRTS-6744),

The database connection credential is encrypted but not hashed.

Solution

This Hotfix enables credential hashing to improve product security.

Enhancement Hotfix 6104 (SEG-139245),

This Hotfix allows you to set the UTCTimeFormat parameter to 1 to include the local component updated time in the Engine/Pattern Update Status logs. The default value is 0.

Enhancement Hotfix 6104 (SEG-138583),

This Hotfix enhances the web console to display the correct license status during the grace period on the License Information screen after re-deployment.

Issue Hotfix 6076 (SEG-137943),

Users are unable to search for endpoints.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6076 (SEG-130297),

If more than one server is selected, the system is unable to generate a scheduled report.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6076 (SEG-140150),

An issue prevents users from generating one-time or scheduled reports.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6076 (SEG-137942),

In forwarded syslog entries, the dvchost value is an internal environment code instead of the hostname.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6076 (SEG-131455),

If the Approved_List section is configured in ADSyncOUList.config, Apex Central is unable to synchronize domains from Active Directory.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6076 (SEG-137887),

Two- factor authentication (2FA) is unsuccessful if user names do not contain more than three characters.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6076 (VRTS-4146),

A Cross-Site Scripting vulnerability is found in the Policy Management module.

Solution

This Hotfix resolves this issue.

Enhancement Hotfix 6076 (SEG-134515),

This Hotfix removes two CEF keys (cs1 and cs1Label) and adds a new CEF key (TMCMLogTarget) to enhance the Behavior Monitoring syslog content.

Enhancement Hotfix 6076 (SEG-124354),

This Hotfix enhances memory management to prevent LogRetriever.exe from becoming unresponsive.

Enhancement Hotfix 6076 (SEG-136327),

This Hotfix adds a new CEF key (deviceDirection) in the C&C Callbacks syslog to indicate network traffic direction (1: Inbound or 2: Outbound).

Enhancement Hotfix 6076 (SEG-137320),

This Hotfix updates the Data Loss Prevention Syslog feature to include log information for all DLP templates and DLP rules.

Enhancement Hotfix 6076 (PDGJIRA-1609),
  1. When Apex One Security Agent policy is deployed and the Endpoint Sensor agent is replaced with the XDR Endpoint Sensor agent on an endpoint, the Apex Central management console displays "XDR Endpoint Sensor Deployed" instead of "Endpoint Sensor Service deployed" for the policy description.
  2. When performing a search for endpoints on the Users/Endpoints screen with the "Endpoint Sensor Service Enable/Disable" search criteria, the system does not include endpoints with the XDR Endpoint Sensor agent installed in the search result.
Enhancement Hotfix 6076 (PDGJIRA-1606),

Apex Central can now synchronize Endpoint Sensor service status with the managed Apex One servers.

Issue Hotfix 6048 (SEG-135334),

AD synchronization cannot work normally.

Solution

This hotfix resolves this issue.

Issue Hotfix 6048 (SEG-137258), (SEG-125537),

When the Application Control feature uses the system proxy settings, Apex Central policy deployment to Apex One is unsuccessful.

Solution

This hotfix updates the related files to resolve this issue.

Issue Hotfix 6048 (SEG-135009), (PDGJIRA-1051),

After patch installation process is complete, some database schema error logs are generated.

Solution

This hotfix updates the SQL syntax to resolve this issue.

Issue Hotfix 6048 (SEG-137512),

The Server Registration screen displays two single sign-on (SSO) links for Trend Micro Email Security (TMEMS).

Solution

This Hotfix resolves this issue.

Issue Hotfix 6048 (SEG-135260),

The logon screen of the web console may stop responding or time out.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6048 (SEG-126617),

Apex Central is unable to synchronize tree information with Active Directory properly due to special characters (for example, ()+-&#) in object names.

Solution

This Hotfix resolves this issue.

Issue Hotfix 6048 (SEG-137795),

Apex Central is unable to send static reports in email messages with the following SMTP server settings:

  • Login with SSL
  • NTLM
  • NTLM with SSL

Solution

This Hotfix resolves this issue.

Issue Hotfix 6048 (VRTS-7108),

A privilege escalation vulnerability has been found in the policy resource file.

Solution

This Hotfix updates the affected file to enhance product security.

Enhancement Hotfix 6048 (SEG-125214),

This Hotfix improves Apex Central performance in Inventory view.

Enhancement Hotfix 6048 (SEG-134015),

The systemconfiguration.xml file update process is enhanced to improve system stability.

Issue Patch 6016 (SEG-129632),

User cannot reorder filtered policy.

Solution

This Patch resolves this issue.

Issue Patch 6016 (SEG-128927),

AD synchronization cannot work normally.

Solution

This Patch resolves this issue.

Issue Patch 6016 (SEG-132000), (SEG-120886),

The subject and body of scheduled report email are garbled.

Solution

This Patch resolves this issue.

Issue Patch 6016 (SEG-131486),

Administrator may encounter the child process day shows "Undefined" of deviation page on Apex Central Policy.

Solution

This Patch resolves this issue.

Issue Patch 6016 (SEG-128019),

An issue prevents customers from using the Automation API to get data from Apex Central.

Solution

This Patch resolves this issue.

Issue Patch 6016 (SEG-128079),

An issue prevents users from accessing the "Dashboard > Security Posture" page.

Solution

The Patch resolves this issue.

Issue Patch 6016 (SEG-134284),

The system cannot send out standard email notifications if the system has the following settings:

  1. There is more than one additional recipient in a contact group.
  2. The end of line in message body ends with a backslash ("\").

Solution

The Patch resolves this issue by ensuring that the system can send out standard email notifications.

Issue Patch 6016 (SEG-131640),

The "Log Query" page does not show any data when users click on the link in the "Top Endpoints Affected by IPS Events" widget.

Solution

This Patch resolves the issue.

Issue Patch 6016 (PDGJIRA-1264),

A vulnerability has been found in the Active Update module.

Solution

This Patch resolves this issue.

Issue Patch 6016 (VRTS-7067), (VRTS-7068),

A remote code execution vulnerability has been found in the file handling module. The CVE ID is CVE-2022-26871.

Solution

This Patch resolves this issue.

Enhancement Patch 6016 (SEG-116277),

Add the following three optional columns for the log query of Product Status.

  • Policy Name (Apex One)
  • Policy Status (Apex One)
  • Policy Version Deployed (Apex One)
Enhancement Patch 6016 (PDGJIRA-917),

This Patch improves the upgrade mechanism to help reduce the upgrade failure rates.

Enhancement Patch 6016 (SEG-125436),

This Patch increases the maximum capacity of labels in the "Users/Endpoint Directory" page.

Enhancement Patch 6016 (SEG-131550),

This Patch improves the performance of the information display on the Users/Endpoints screen.

Enhancement Patch 6016 (SEG-127988),

This Patch increases the acceptable file size for the hash data import file in the Application Control criteria found in the Apex Central page.

Refer to "https://success.trendmicro.com/solution/000290549" for details.

Enhancement Patch 6016 (PDGJIRA-1105),

To minimize excessive false-positive detections, MITRE policy import is not supported.

Enhancement Patch 6016 (PDGJIRA-1259),

This Patch adds support for Microsoft Windows Server 2022.

Enhancement Patch 6016 (SEG-134001),

This Patch enhances the way to store debug logs to prevent the Apex Central server disk from becoming full.

Issue Hotfix 5960 (SEG-125368),

Behavior Monitoring and Predictive Machine Learning log queries return blank results.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (SEG-128320),

Users cannot Single Sign-on (SSO) to the Apex One server using an account name that is longer than 36 characters.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (SEG-128605),

An issue prevents the Apex Central web console from exporting policies.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (SEG-114776),

The managed detection and response (MDR) service does not resume after suspending the MDR service.

Solution

This Hotfix resolves this issue by ensuring that the MDR service resumes after it has been suspended.

Issue Hotfix 5960 (SEG-124413),

Scheduled Update settings change unexpectedly after an Apex One Hotfix is applied.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (SEG-127047),

An issue prevents the Dashboard from displaying widgets properly.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5960 (SEG-126105),

The Activation Code cannot be deployed to the product server due to an improper Product Profile merge.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (SEG-124727),

Adding new entries using the User-Defined Suspicious Object (UDSO) API returns an error when multiple requests are sent within a short time period.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5960 (SEG-128485),

An issue causes the MsgReceiver.exe application to stop responding.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (PDGJIRA-187),

The display format and symbol for the file path are incorrect.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5960 (SEG-119828),

It takes a long time to query email recipients which causes delays in sending out email notifications.

Solution

This Hotfix resolves this issue to ensure that email notifications are sent and received promptly.

Issue Hotfix 5960 (SEG-128051),

An issue prevents users from deploying pattern/engine updates to endpoints through Scheduled Update or Manual Update.

Solution

This Hotfix resolves the issue so users can deploy pattern/engine updates to endpoints through Scheduled Update or Manual Update.

Issue Hotfix 5960 (PDGJIRA-847), (SEG-131836),

The system configuration file becomes corrupted because the configuration was saved without any content integrity check.

Solution

This Hotfix ensures that Apex Central checks the integrity of the contents of the system configuration file before saving it.

Issue Hotfix 5960 (PDGJIRA-847), (SEG-131836),

Email notifications are not triggered because the process cannot retrieve the correct configuration.

Solution

This Hotfix resolves the issue so email notifications work normally.

Issue Hotfix 5960 (SEG-131836), (PDGJIRA-847),

Component updates do not work normally because of an issue that prevents the process from retrieving the correct configuration.

Solution

This Hotfix resolves the issue so component updates work normally.

Enhancement Hotfix 5960 (PDGJIRA-1123), (PDGJIRA-1124), (PDGJIRA-1125),

This Hotfix helps minimize SQL exceptions during Apex Central updates.

Enhancement Hotfix 5960 (SEG-128860),

This Hotfix hides the "Migrate logs" option for the Agent Migration Tool.

Enhancement Hotfix 5960 (SEG-122609), (PDGJIRA-639),

This Hotfix integrates Apex Central with Microsoft(TM) 365 and GMail as the SMTP server.

Enhancement Hotfix 5960 (SEG-126573),

This Hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.2.

Enhancement Hotfix 5960 (SEG-128162),

This Hotfix extends the capacity of the database column that stores the department name from the Active Directory (AD) from 64 to 256 characters.

Enhancement Hotfix 5960 (SEG-118929),

This Hotfix adds the requested support identifiers for the following:

  • Social Security Number for Hungary
  • Tax Identification Number for Hungary
Enhancement Hotfix 5960 (SEG-126818),

This Hotfix enables LogForwarder to forward mapping string labels instead of numbers when forwarding the contents of the Action, Policy, Event_Type, Operation, and Risk_Level columns in Behavior Monitoring logs.

Enhancement Hotfix 5960 (SEG-22975),

For better synergy with Security Information and Event Management (SIEM) servers, this Hotfix adds a %processname% variable as the process name that accesses the URL in the web access policy violation event notifications found in the Microsoft Windows(TM) event logs.

Enhancement Hotfix 5960 (PDGJIRA-1217),

This Hotfix adds the "Policy Name" column into the Firewall Violations View page.

Issue Hotfix 5909 (SEG-123422),

An issue prevents an Apex Central server from searching for Active Directory (AD) users normally and as a result, users cannot query the information.

Solution

This Hotfix resolves the issue so users can query AD user information from the Apex Central server.

Issue Hotfix 5909 (SEG-122725),

The "w3wp.exe" file may trigger high CPU usage issues.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5909 (SEG-108300),

If a user role does not have sufficient access rights, users assigned this role will not be able to view the threat details on the Log Query page.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5909 (SEG-123146),

The "With acceptable threat detections" condition in the DLP Compliance template is not specific enough to work effectively.

Solution

This Hotfix updates the condition to resolve this issue.

Issue Hotfix 5909 (SEG-118162),

Sometimes, the "ProcessManager.exe" stops responding when the Apex Central service starts and the SQL server is not ready.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5909 (SEG-118346),

Apex Central cannot Single Sign-on (SSO) to Trend Micro ScanMail(TM) for Microsoft(TM) Exchange(TM) in a pure IPv6 network.

Solution

This Hotfix enables Apex Central to SSO to ScanMail for Exchange in a pure IPv6 network.

Issue Hotfix 5909 (SEG-123818),

Hotfix installation fails when users run the "MigrationJobExecutor.NET.exe" tool during the installation.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5909 (SEG-111814),

An issue related to the proxy settings prevents Apex Central from displaying QR codes.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5909 (SEG-121576),

Users encounter the following error message after attempting to delete logs from the "Apex Central > Detections > Logs > Log Maintenance" page.

"Problem: Database connection failure"

Solution

This Hotfix resolves this issue by removing a transaction mechanism that runs when users delete logs.

Issue Hotfix 5909 (SEG-120539),

Some products do not send SlotID to Apex Central which may trigger "CmdProcessor.exe" to work abnormally.

Solution

This Hotfix resolves this issue.

Enhancement Hotfix 5909 (PDGJIRA-903),

This Hotfix adds the "Last Connected" column into the Users/Endpoints and Product Status View page.

Enhancement Hotfix 5909 (SEG-123407),

Remove the option of 15000000 in the Suspicious Threats Log on the Log Maintenance page. It won't affect the customer who have selected the option of 15000000 unless they change the setting to other number.

Enhancement Hotfix 5909 (SEG-120597),

This Hotfix adds the "File MD5" column in the detailed log query results pages from the Ransomware Prevention widget.

Enhancement Hotfix 5909 (SEG-114282),

This Hotfix improves the stability of the service restart mechanism by enhancing a mechanism that accesses the "systemconfiguration.xml" file.

Enhancement Hotfix 5909 (SEG-111121),

This Hotfix improves the readability of act, cs3, cn1 and cs6 of Content Violations in syslog.

Issue Hotfix 5874 (SEG-115618),

An issue prevents Apex Central from receiving Personal Firewall logs.

Solution

This Hotfix resolves the issue so Apex Central receives Personal Firewall logs normally.

Issue Hotfix 5874 (SEG-118598), (PDGJIRA-1037),

An issue prevents users from successfully editing the Intrusion Prevention Rules (IPS) mode on the IPS page.

Solution

This Hotfix updates the Apex Central Vulnerability Protection program to resolve this issue.

Issue Hotfix 5874 (SEG-120742),

Some attributes display as "N/A" in User Access logs when the user account type is "AD Account".

Solution

This Hotfix resolve the issue.

Issue Hotfix 5874 (SEG-121868),

In certain environments, the Application Control policy cannot be deployed through a network proxy successfully.

Solution

This hotfix updates the Application Control files to resolve this issue.

Issue Hotfix 5874 (SEG-120202),

When an Apex Central deploys policies to multiple Apex One servers and one or more Apex One Servers are unavailable, the Application Control policy will not be deployed to the other normal Apex One servers.

Solution

This hotfix updates the Application Control files to resolve this issue.

Issue Hotfix 5874 (SEG-111183),

It takes a long time to generate Static Reports.

Solution

This Hotfix improves the generation time of Static Reports.

Issue Hotfix 5874 (SEG-100835),

An issue prevents Apex Central from syncing the Suspicious Object (SO) list.

Solution

This Hotfix resolves the issue so the SO list can be synced normally.

Issue Hotfix 5874 (SEG-100835),

A watermark overflow issue prevents Apex Central from syncing the SO list.

Solution

This Hotfix resolves the issue so the SO list can be synced normally.

Issue Hotfix 5874 (SEG-121329),

The "dntdom" CEF key displays incorrect values in Device Access Control syslogs.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5874 (SEG-121116),

A Hub Apex Central does not apply the correct Scan Action specified in the Scan Action Settings on incoming Virtual Analyzer Suspicious Objects.

Solution

This Hotfix ensures that the Scan Action Settings are implemented successfully.

Issue Hotfix 5874 (SEG-118269),

Duplicate Virtual Analyzer Suspicious Object (VASO) entries trigger errors when users attempt to view the Custom Intelligence and Virtual Analyzer Suspicious Objects lists.

Solution

The Hotfix resolves this issue.

Issue Hotfix 5874 (SEG-118834),

The SSO URL displays IP address instead of FQDN.

Solution

This Hotfix ensures that the SSO URL displays FQDN.

Issue Hotfix 5874 (SEG-121671),

DLP Template and DLP Data Identifiers page loading very slow

Solution

The issue is resolved.

Issue Hotfix 5874 (SEG-116730),

Threats detailed logs do not display after users Single Sign-On (SSO) to Trend Micro Apex One(TM) from Apex Central.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5874 (SEG-118463),

Log Query results do not display when generated by specifying a specific group within a product.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5874 (SEG-125629), (SEG-112245), (SEG-67265),

Users encounter a "Request parameter otpdestination is invalid" error message while attempting to Single Sign-on (SSO) to another product's web console from Apex Central.

Solution

This Hotfix resolves this issue.

Enhancement Hotfix 5874 (SEG-122001),

The help is updated.

Enhancement Hotfix 5874 (SEG-122609),

This Hotfix enables Apex Central to support NTLM authentication in SMTP Server Settings.

Enhancement Hotfix 5874 (SEG-117567),

This Hotfix updates the Behavior Monitoring Detection Pattern (32-bit) and Behavior Monitoring Detection Pattern (64-bit) components to enhance security.

Enhancement Hotfix 5874 (PDGJIRA-726), (PDGJIRA-791),

Support for Security Agent installation on endpoints running Windows Server 2022 and Windows 11.

Issue Hotfix 5832 (SEG-114409),

The "Spyware Pattern V6" field in Detailed Summary Reports displays inaccurate information.

Solution

This Hotfix ensures that the correct information appears on the "Spyware Pattern V6" field in Detailed Summary Reports.

Issue Hotfix 5832 (SEG-112392),

An irregular Active Directory (AD) synchronization schedule may corrupt existing AD information.

Solution

The Hotfix resolves this issue.

Issue Hotfix 5832 (SEG-117048),

Event notification settings are unexpectedly disabled.

Solution

The Hotfix resolves this issue.

Issue Hotfix 5832 (PDGJIRA-468),

Scheduled download tasks might result in redundant files that occupy disk space.

Solution

This hotfix resolves this issue by removing redundant files after a scheduled download.

Issue Hotfix 5832 (SEG-116750),

When using the Apex One Domain policy filter to select a range of targets, the system only selects a subset of the targets in the specified range.

Solution

This hotfix resolves this issue by removing the selection limit for the Apex One Domain policy filter.

Issue Hotfix 5832 (SEG-118266),

The status logs might occupy too much disk space.

Solution

This hotfix resolves this issue.

Issue Hotfix 5832 (SEG-119074),

Users are unable to search for AD user accounts on the Device Control Rule screen.

Solution

This hotfix resolves this issue.

Enhancement Hotfix 5832 (SEG-113784),

This hotfix enables the Apex Central web console to support special characters in the Application Control criteria of certificates.

Issue Patch 5815 (SEG-109797),

Certain specific paths cannot be added into the exception list of the Apex One Server from the policy setting page of the Apex Central console.

Solution

This Patch updates the Apex Central policy component to resolve the issue.

Issue Patch 5815 (SEG-103792),

The device control list disappears from the policy deployment page of the Apex Central console after migration.

Solution

This Patch updates the Apex Central policy deployment module to resolve the issue.

Issue Patch 5815 (SEG-113455),

A case-sensitivity issue prevents Apex Central from generating reports successfully.

Solution

This Patch resolves the issue so Apex Central can generate reports normally.

Issue Patch 5815 (SEG-111033),

Chinese characters appear garbled in report email notifications.

Solution

This Patch ensures that Chinese characters display normally in report email notifications.

Issue Patch 5815 (SEG-106147), (SEG-67134),

The information in SNMP notifications does not match the information in the MIB file.

Solution

This Patch ensures that the information in SNMP notifications is consistent with the corresponding information in the MIB file.

Issue Patch 5815 (SEG-109243),

The Windows Event Log is not triggered by a "Pattern file/Cleanup template update successful" event when the "Available Users and Groups list" is empty.

Solution

This Patch resolves this issue.

Issue Patch 5815 (SEG-110619),

An error occurs when users add a user defined Suspicious Object (UDSO) through the AddUserDefinedSO API.

Solution

This Patch resolves the error.

Issue Patch 5815 (SEG-113571),

Apex Central sends outdated detection notifications.

Solution

This Patch ensures that only new detection logs trigger notifications.

Enhancement Patch 5815 (SEG-112421), (PDGJIRA-1035),

This Patch enables the Apex One Vulnerability Protection module to support up to 100 entries in the approved IP list.

Enhancement Patch 5815 (SEG-115659),

This Patch extends the timeout value from 30 seconds to 180 seconds to help minimize SQL exceptions during Apex Central installation.

Enhancement Patch 5815 (SEG-109481),

This Patch enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.1.

Enhancement Patch 5815 (SEG-111228), (SEG-111225), (SEG-111226), (SEG-109118),

This Patch adds the following information in syslog:

  • Apex Central Hostname
  • A unique Message ID for each detection log
  • Agent tree path
Enhancement Patch 5815 (SEG-111227),

This Patch enables Apex Central to support Device Control Logs from Trend Micro Security for Mac(TM). On-premise Trend Micro Security for Mac installations require Trend Micro Security for Mac 2021 Patch 3 to support this enhancement.

Enhancement Patch 5815 (SEG-116687),

This Patch enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 6000)" engine component for Trend Micro Deep Discovery Inspector 6.0.

Enhancement Patch 5815 (SEG-22679),

Currently, when a user sends an isolation/restore isolation task through Apex Central, the page will display a message indicating that the command has been sent and is now wait for the agent to be notified. To refresh the status, users need to navigate away from the page and go back again.

Issue Hotfix 5770 (SEG-112129),

Users encounter an internal server error while searching for specific users or endpoints in the "User/Endpoint Directory" page.

Solution

This Hotfix ensures that users can search for specific name or endpoints in the "User/Endpoint Directory" page normally.

Issue Hotfix 5770 (SEG-110356),

When configuring policies, users were unable to sort Active Directory as a criteria option.

Solution

The issue has been resolved.

Issue Hotfix 5770 (SEG-111493),

The search results on the "DLP Incident By User" widget do not accurately apply the selected time range.

Solution

The issue has been resolved.

Issue Hotfix 5770 (SEG-111177),

The Server Registration/Product Server screen may display the server IP address instead of the server URL.

Solution

The default display of the Server URL has been updated to the server name (FQDN / Hostname) first and then the IP address.

Issue Hotfix 5770 (SEG-111656),

Summarizing the Data Loss Prevention Log may consume an unexpected volume of SQL Server CPU resources.

Solution

The summarizing process has been updated to reduce the CPU resource consumption.

Issue Hotfix 5770 (SEG-110835),

The "Product Events" logs on Log Maintenance are not purged daily.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5770 (SEG-107755), (SEG-106147), (SEG-59704),

"CmdProcessor.exe" may not release some memory blocks or handles promptly after completing certain actions such as component updates.

Solution

This Hotfix improves resource management and memory/handle cleanup for "CmdProcessor.exe" to prevent this issue.

Enhancement Hotfix 5770 (SEG-110113),

This release supports the following new components: -- Damage Cleanup Engine (Universal) -- Virus Scan Engine (Universal) -- Advanced Threat Scan Engine (Universal)

Enhancement Hotfix 5770 (SEG-112084),

This Hotfix reduces detailed step logs when "LogProcessor.exe" is on debug mode.

Issue Hotfix 5739 (SEG-107617),

The general information about certain security threats do not display normally on the Control Manager web console.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5739 (SEG-104288),

The Data Loss Prevention(TM) (DLP) module does not accept some valid regular expressions on the Control Manager web console.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5739 (SEG-106593),

The "cs5" CEF key displays a numerical value instead of a meaningful string in Content Security Logs.

Solution

This Hotfix ensures that the correct information appears in Content Security Logs.

Issue Hotfix 5739 (SEG-108993),

An issue prevents Apex Central from forwarding Web Violation Logs to the SIEM server.

Solution

This Hotfix resolves the issue so Apex Central can forward Web Violation Logs to the SIEM server normally.

Issue Hotfix 5739 (SEG-109580),

One-time reports generated with custom templates do not follow the specified time period.

Solution

This Hotfix ensures that custom one-time reports display events that occur in the specified time period.

Issue Hotfix 5739 (SEG-111360),

When users search for endpoints on the "User/Endpoint Directory" page, the search results display only up to 15 endpoints.

Solution

This Hotfix ensures that all endpoint search results display normally on the "User/Endpoint Directory" page.

Enhancement Hotfix 5739 (SEG-105948),

This Hotfix extends the supported range of Discover and Maestro Credit Card Numbers in Control Manager.

Enhancement Hotfix 5739 (SEG-101107),

This Hotfix adds the following two custom CEF keys for all detection logs except for Content Violations and Application Control logs.

  • TMCMLogDetectedHost
  • TMCMLogDetectedIP
Issue Hotfix 5708 (SEG-101938),

The "Retain tree structure" option for the Agent Migration Tool does not work.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-100949),

Users can modify Apex One settings after accessing the Apex One console through Single Sign-On (SSO) using an account with "Read-Only" privileges.

Solution

This Hotfix ensures that only accounts with the required privileges can be used to modify the Apex One settings.

Issue Hotfix 5708 (SEG-103496),

An issue prevents users from successfully exporting advanced search results on the "User/Endpoint Directory" page.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5708 (SEG-103195),

The open and close parenthesis characters, "(" and ")", cannot be used in regular expressions.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-102545),

An issue prevents Apex Central from generating weekly spyware reports.

Solution

This Hotfix resolves the issue to ensure that weekly spyware reports are generated successfully.

Issue Hotfix 5708 (SEG-101371),

After the Active Directory (AD) sync process has been updated to make it deterministic, it may not be able to run normally in some AD environments.

Solution

This Hotfix ensures that AD sync runs normally.

Issue Hotfix 5708 (SEG-102791),

When the inheritance option is set to "Extend from Parent", the scan exclusion list becomes read only and the "Deviations" field in the policy list displays "N/A". When this happens, users cannot add exclusions to child policies.

Solution

The Hotfix ensures that users can edit child policies.

NOTE: Policies will need to be deployed again after applying this Hotfix.

Procedure

To deploy the policies again:

  1. Save a copy of the child policy exclusion list or export the policy as backup.
  2. Install this Hotfix (see "Installation").
  3. Click each Child Policy and Click "Deploy"
  4. Click the Parent policy and click "Deploy". The Deviations of child policies that belong to the parent policy should change from "N/A" to a number value. 

NOTES: If the Deviations becomes "0", follow the steps below to recover the exclusion list.

To recover the exclusion list:

  1. Open the exported policy file in Notes.
  2. Locate the following line:

    "policyName":"YOUR_ORIGIONAL_POLICY_NAME"

  3. Replace "YOUR_ORIGIONAL_POLICY_NAME" in the "YOUR_ORIGIONAL_POLICY_NAME_copy" format.
  4. Save the changes and close the file.
  5. Import this policy into Apex Central. The "YOUR_ORIGIONAL_POLICY_NAME_copy" Policy is created.
  6. Compare the contents of "YOUR_ORIGIONAL_POLICY_NAME_copy" Policy to the backup you created in step 1 and add the missing items to the child policy.

Issue Hotfix 5708 (SEG-104381),

An issue prevents Apex Central from deploying patterns to Trend Micro InterScan(TM) for Microsoft(TM) Exchange(TM) (ISME).

Solution

This Hotfix resolves this issue so Apex Central can deploy patterns to InterScan for Microsoft Exchange.

Issue Hotfix 5708 (SEG-103504),

An issue prevents Apex Central from downloading forensic files when it is connected to the Apex One Server through an HTTP Proxy.

Solution

This Hotfix ensures that Apex Central can download forensic files normally while connected to the Apex One Server through an HTTP Proxy.

Issue Hotfix 5708 (SEG-102584),

A full program path that contains an ampersand character "&" cannot be deleted from the approved programs list of the Behavior Monitoring policy.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-105455),

All agents are incorrectly sorted into "without policy" if the owner of an existing policy has been removed from Apex Central.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-104354),

An out-of-memory exception prevents the Active Directory (AD) sync job from completing normally.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5708 (SEG-105774),

The "Log On with Domain Credentials" button on the login page is disabled.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-107160),

SSO fails because it uses up a large amount of port resources.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-86048),

An issue causes "CmdProcessor.exe" to stop unexpectedly.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-101748),

An issue triggers Apex Central to stop sending event logs to Threat Intelligence Center.

Solution

This Hotfix resolves the issue so Apex Central sends event logs to Threat Intelligence Center normally.

Issue Hotfix 5708 (SEG-94260),

An issue prevents users from importing the User-Defined Suspicious Object (UDSO) list manually using "ImportSOFromCSV.exe".

Solution

This Hotfix resolves this issue so the USDO list can be imported manually using "ImportSOFromCSV.exe".

Issue Hotfix 5708 (SEG-98544),

An issue prevents Apex Central from updating the product information for InterScan for Microsoft Exchange.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5708 (SEG-74099),

Apex Central cannot update the status of endpoints while running MDR tasks when the IP address list contains a semicolon ";".

Solution

This Hotfix resolves the issue by enabling the parsing process to recognize the semicolon as a delimiter when sending information to the TIC server.

Enhancement Hotfix 5708 (SEG-103537),

This Hotfix enables Apex Central to match both Account Display Name and sAMAccountName when users search for User Accounts in the Device Control Rule and Application Control Rule of the Apex One Security Agent policy. Apex Central will return both the matching Account Display Name and sAMAccountName in the "Display Name \ sAMAccountName" format.

Enhancement Hotfix 5708 (SEG-105141),

This Hotfix replaces "Unactivated Licenses" to "Inactive Licenses" on the Apex Central web console.

Enhancement Hotfix 5708 (SEG-104757),

This Hotfix enables the Apex One Vulnerability Protection module to support user-defined mode changes for each Intrusion Prevention rule.

NOTE: This feature requires the installation of Apex One Patch 9565 or above.

Procedure

To configure the user-defined mode:

  1. Install this Hotfix (see "Installation").
  2. Open the Apex Central web console and go to the "Policies > Policy Resources > Intrusion Prevention Rules" screen.
  3. Click on the "Mode" of the target rule.
  4. Select the preferred mode option and click "Save" to save the changes.
  5. Go to the "Policies > Policy Management" screen and deploy the policy to agents.

Issue Hotfix 5639 (SEG-97846),

An unexpected "Database Busy" warning message displays in the "User/Endpoint Directory" page when users attempt to update the Apex Central web console.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-89050),

Duplicate email addresses appear in customized reports generated by Apex Central.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-99776),

Inaccurate information displays when users drill down the "Agent Connection Status" widget.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-99204),

An issue prevents Apex Central from sending logs to the syslog server.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-99751), (SEG-99824),

Users cannot specify a time range while creating a new custom template.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-95490),

Inaccurate information displays when users drill down the "Product Component Status" widget.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-96935),

A memory leak issue causes high CPU usage on protected computers.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5639 (SEG-98596),

An issue prevents users from accessing the application control console and deploying the log maintenance module.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5639 (SEG-87216),

Report contents do not display properly because of an improper template setting.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5639 (SEG-100949),

Users can modify Apex One settings after accessing the Apex One console through Single Sign-On (SSO) using an account with "Read-Only" privileges.

Solution

This Hotfix ensures that only accounts with the required privileges can be used to modify the Apex One settings.

Issue Hotfix 5639 (SEG-101405),

Duplicate organizational unit (OU) entries cause the Active Directory (AD) sync to fail.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5639 (SEG-96936),

Inaccurate Product Status information appear in Log Query results.

Solution

This Hotfix ensures that the correct Product Status information appears in Log Query results.

Issue Hotfix 5639 (SEG-96186),

"Suspicious object detections by channel/infection layer" reports cannot be generated successfully because the number of detection logs exceeds the limit.

Solution

This Hotfix extends the limit to ensure that the reports can be generated successfully.

Issue Hotfix 5639 (SEG-96599),

A policy cannot be deployed when a large number of AD OUs are selected as filter criteria.

Solution

This Hotfix helps ensure successful policy deployment.

Issue Hotfix 5639 (SEG-100596),

Users can select the "SSO_User" role when creating accounts.

Solution

This Hotfix ensures that the "SSO_User" role does not appear on the list when users create accounts.

Issue Hotfix 5639 (SEG-99101),

The SMTP server settings do not accept Fully Qualified Domain Names (FQDN) with last domain names longer than three characters.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-96866),

"CasProcessor.exe" stops unexpectedly.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5639 (SEG-93235),

The Data Loss Prevention(TM) (DLP) module does not support CJK Compatibility Ideographs.

Solution

This Hotfix enables the DLP module to support CJK Compatibility Ideographs.

Issue Hotfix 5639 (SEG-102461),

An issue false to remove schedule task which prevents Apex Central to pull logs from Product.

Solution

The hotfix resolves this issue.

Issue Hotfix 5639 (SEG-99144),

OU names that contain diacritics cause AD sync to fail.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5639 (SEG-98424),

An issue prevents users from retrieving the "Last Manual Scan" time information from the log query after running a manual scan on an agent computer.

Solution

This Hotfix resolves the issue so users can retrieve the "Last Manual Scan" time information correctly.

Issue Hotfix 5639 (SEG-94993),

Users are redirected to a different web page after clicking the "Learn More" link under "Ransomware Prevention" on the dashboard.

Solution

This Hotfix ensures that users are redirected to the correct page after clicking the link.

Issue Hotfix 5639 (SEG-96422),

The customized email notification templates for Attack Discovery detections revert to the default setting after upgrading.

Solution

This hotfix resolves this issue.

Issue Hotfix 5639 (SEG-93638),

The number of logs in the "Endpoint Spyware/Grayware" custom reports does not match the information in "Detailed Spyware/Grayware Information" custom reports.

Solution

This Hotfix changes the query criteria for "Detailed Spyware/Grayware Information" custom reports to use the detection time to ensure that the number of logs match the information in "Endpoint Spyware/Grayware" custom reports.

Issue Hotfix 5639 (SEG-103464),

The Application Control criteria in the Apex One Security Agent policy disappears from the Apex Central policy.

Solution

This Hotfix updates the Application Control files to resolve this issue.

Enhancement Hotfix 5639 (SEG-86135),

This Hotfix enables Apex Central to support the new engine component "Virtual Analyzer Sensors (Linux)" for Trend Micro Deep Discovery Analyzer 7.0.

Enhancement Hotfix 5639 (SEG-99952),

This Hotfix ensures that users can configure email messages using the "mail" or "proxyAddresses" attribute of Active Directory (AD) users.

Enhancement Hotfix 5639 (SEG-84618),

This Hotfix improves the Isolate, Restore, Relocate, or Uninstall Security Agent API by adding the "host_name_filter" to the following blur search criteria for the "host_name" variable.

  • Start with
  • End with
  • Contains
  • Not start with
  • Not end with
  • Not contains

For more information, refer to "https://automation.trendmicro.com/apex-central/home".

Enhancement Hotfix 5639 (SEG-95029), (SEG-98214),

This Hotfix enables the Security Posture Widget to display Mac Agents under managed endpoints.

Enhancement Hotfix 5639 (SEG-100904),

This Hotfix updates the Application Control files to extend the maximum number of Application Control Criteria to 350 in the Apex Central console.

Enhancement Hotfix 5639 (SEG-100906),

This Hotfix adds the "Assessment" option in the Application Control rule assignment page.

Enhancement Hotfix 5639 (SEG-97203),

This Hotfix ensures that Apex Central can deploy policies and API_key to Trend Micro InterScan(TM) Messaging Security Suite (IMSS) successfully.

Enhancement Hotfix 5639 (SEG-98984),

This Hotfix enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5800)" engine component for Trend Micro Deep Discovery Inspector 5.8.

Enhancement Hotfix 5639 (SEG-96851), (SEG-101033),

This Hotfix improves the stability of deploying Active Keys from Apex Central.

Issue Critical Patch 5534 (SEG-94001),

The "cn3Lable" CEF key displays the wrong value in Virus/Malware syslogs.

Solution

This Hotfix resolves this issue.

Issue Critical Patch 5534 (SEG-93629),

Garbled characters appear in the subject field of event notification email messages.

Solution

This Hotfix resolves the issue only on fresh installations of Apex Central.

Issue Critical Patch 5534 (VRTS-5342),

Each user account can run more than one session simultaneously even when the "Enforce one session per account" feature is enabled.

Solution

This Hotfix ensures that each user account can run only one session at a time when the "Enforce one session per account" feature is enabled.

Issue Critical Patch 5534 (SEG-96376),

The "%BM_policy%" token variable displays the wrong information in Behavior Monitoring notification email messages.

Solution

This Hotfix ensures that the "%BM_policy%" token variable works normally.

Issue Critical Patch 5534 (SEG-96075),

An issue prevents users from performing Single Sign-on (SSO) to Apex One from the "Product Servers" page.

Solution

This Critical Patch resolves the issue so users can SSO to Apex One from the "Product Servers" page normally.

Issue Critical Patch 5534 (SEG-83960),

Inaccurate Spyware/Grayware log query results may appear on the Apex Central web console and the "Action result" field in Spyware/Grayware Found notification email messages may also display inaccurate information.

Solution

This Hotfix ensures that the correct information appears in both instances.

Issue Critical Patch 5534 (SEG-82535),

Static Template Apex One client information reports may indicate that some up-to-date agent components are outdated.

Solution

This Critical Patch ensures that the reports display the correct agent component status.

Issue Critical Patch 5534 (SEG-92408),

Single Sign-On (SSO) from Apex Central may not work when a large number of users are active simultaneously.

Solution

This Hotfix resolves this issue so users can SSO from Apex Central normally.

Issue Critical Patch 5534 (SEG-92560),

Insufficient system memory causes IIS to work abnormally.

Solution

This Hotfix resolves the memory issue.

Issue Critical Patch 5534 (VRTS-5412),

A Cross-Site Scripting (XSS) vulnerability has been detected in HTTP headers.

Solution

This Hotfix adds an X-XSS-Protection Header to prevent the XSS vulnerability.

Issue Critical Patch 5534 (VRTS-5448),

The logon pages of the Apex Central web console are affected by stored XSS vulnerabilities.

Solution

This Hotfix resolves the vulnerabilities.

Issue Critical Patch 5534 (VRTS-5341),

A privilege escalation issue has been found in the Reports module.

Solution

This Critical Patch resolves the issue.

Issue Critical Patch 5534 (SEG-95880),

Apex Central cannot generate reports because the report generating module cannot read the database configuration correctly.

Solution

This Critical Patch resolves the issue.

Issue Critical Patch 5534 (SEG-90588),

An issue causes "CmdProcessor.NET.exe" to stop unexpectedly on the "Users/Endpoints" page.

Solution

This Critical Patch resolves this issue.

Issue Critical Patch 5534 (SEG-95247),

Users encounter an "Access Deny" message while attempting to copy Apex One Agent policies.

Solution

This Critical Patch ensures that users can copy Apex One policies successfully.

Enhancement Critical Patch 5534 (SEG-92035),

This Critical Patch adds a retry mechanism to help minimize SQL exceptions during Apex Central installation.

Enhancement Critical Patch 5534 (SEG-91537),

This Hotfix updates the Apex One Vulnerability Protection module to remove unnecessary information in the description of Intrusion Prevention Rules.

Enhancement Critical Patch 5534 (SEG-97048),

This Hotfix updates the VSAPI/ATSE engine to version 12.5 to resolve CHM (Compiled HTML) vulnerabilities.

Enhancement Critical Patch 5534 (SEG-78060),

This Critical Patch enables Apex Central to re-deploy filter type child polices after a parent policy is edited.

Enhancement Critical Patch 5534

This Critical Patch adds the configuration settings for DLP policy Rules and Exceptions applied to Internal and External agents to the external API "Data Loss Prevention".

Enhancement Critical Patch 5534 (SEG-91885),

This Hotfix improves the command tracking description for the results of sending suspicious objects to managed products.

Issue Hotfix 5449 (SEG-83297),

An issue prevents a node Apex Central from registering successfully to a hub Apex Central.

Solution

This Hotfix resolves the issue so a node Apex Central can register to the hub Apex Central normally.

Issue Hotfix 5449 (SEG-91264),

C&C callback event notifications display inaccurate callback address information.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-89339),

Long URL strings do not display normally in the "Top Threats" widget.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (SEG-88353),

An error occurs when automation APIs are used to retrieve web security syslog data.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-91976),

If a user account or contact group has been chosen to be included onto a scheduled Report Recipients, and the Report Creator does not include these Recipients or Contact Group, the Report Creator's My Report List does not list the Scheduled Report instance.

Solution

This Hotfix resolves this issue by ensuring that the Creator's My Report List always lists the Scheduled Report instances correctly.

Issue Hotfix 5449 (SEG-83319),

An error prevents popup windows from appearing after users click the deviation link on the Policy page.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92672),

Users encounter an error message while editing an existing user account.

Solution

This Hotfix ensures that users can edit existing user accounts successfully.

Issue Hotfix 5449 (SEG-90645),

The "%time%" variable in email notifications for both Behavior Monitoring violations and predictive Machine Learning detections display the wrong time information.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92121),

When the policy owner changes, user accounts with administrator roles do not receive the corresponding notification email.

Solution

This Hotfix ensures that administrator user accounts receive policy owner change notification email messages.

Issue Hotfix 5449 (SEG-92671),

Apex Central sends out an SNMP test notification when it should send out an email policy violation event SNMP notification.

Solution

This Hotfix ensures that Apex Central sends out the correct SNMP notifications.

Issue Hotfix 5449 (SEG-85933),

The "Domain Login" option disappears from the web console after the Apex Central service restarts.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-87216),

The DLP Scheduled incident summary attached in Event Notification email messages may contain inaccurate information when the DLP log count field is empty.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-88134),

An Active Directory (AD) sync job fails when the AD user does not have enough permission to sync up whole trusted domains.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92823),

An issue prevents Apex One SaaS from registering to XDR.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-87217), (SEG-91532),

The Deep Security Agent blocks Apex Central Update and Hotfix installation.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-90191),

Product registration to Apex Central fails because the soft server entity count has reached the maximum value. This may happen when Apex Central does not detect Deep Security Agents as Server Entities.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92082),

A report generation issue causes "cmdProcessor.exe" to stop unexpectedly.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-87618),

An issue prevents Apex Central from sending out Predictive Machine Learning detections Notifications.

Solution

This Hotfix resolves this issue.

Enhancement Hotfix 5449 (SEG-89809),

This Hotfix renames the "Malware Pattern for Android (Advanced)" pattern to "MARS Pattern for Android".

Enhancement Hotfix 5449 (SEG-78622),

This Hotfix adds the log name in the header of CEF Intrusion Prevention Log notifications and renames the following CEF keys.

  • from "SLF_RuleID" to "cn1Label Rule"
  • from "SLF_RuleContent" to "cs1Label Reason/Rule"
  • from "SLF_IsDetectionOnly" to "cn2Label Mode"
  • from "SLF_ConnectionType" to "cs2Label Application_Type"
  • from "SLF_Rank" to "cn3Label Priority"
  • from "SLF_SeverityCode" to "cn4Label Severity"
Enhancement Hotfix 5449 (SEG-89829),

This Hotfix adds the "File Name", "File Path", and "Scan Type" columns in Spyware/Grayware detections log query results and the "Scan Type" column in Virus/Malware detections log query results.

Enhancement Hotfix 5449 (SEG-76695),

This Hotfix adds the "User Name" column to the Product Status log query results.

Enhancement Hotfix 5449 (SEG-90862),

This Hotfix adds the following two Windows Events:

  • Windows Event 9001: Apex One Server is unreachable from Apex Central while user click the Single Sign On (Apex One as a Service Only )
  • Windows Event 9002: Apex Central Trend Micro Infrastructure Service is unreachable while user click the Single Sign On.
Enhancement Hotfix 5449

Added a new external API to get Apex One DLP Policy information.

This new API allows users to get all existing DLP policy names and deployed agent lists.

Enhancement Hotfix 5449

Refined the time range options for Apex Central dashboard widgets to specify the number of days instead of weeks.

Enhancement Hotfix 5449 (SEG-90726),

This Hotfix updates the Apex One Vulnerability Protection feature to add the following settings under the Network Engine Settings.

  • Block Same Src-Dest IP Address
  • Minimum Fragment Offset
  • Minimum Fragment Size
Issue Hotfix 5399 (SEG-85643),

An issue prevents Apex Central from running manual downloads and scheduled downloads normally.

Solution

This Hotfix resolves the issue so Apex Central can run manual downloads and scheduled downloads normally.

Issue Hotfix 5366 (SEG-84419),

"CmdProcessor.exe" stops unexpectedly.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5366 (VRTS-4775),

An improper cookie configuration issue has been found.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5366 (SEG-86056),

A DM server queueing issue prevents report-generating jobs from running normally.

Solution

This Hotfix resolves the issue so reports are generated successfully.

Issue Hotfix 5366 (SEG-82615),

Active Directory (AD) synchronization fails if the current user does not have the required permissions to access the AD.

Solution

This Hotfix ensures that AD synchronization proceeds normally under the scenario above.

Issue Hotfix 5366 (SEG-87203),

An issue prevents users from deploying the Trend Micro Data Loss Prevention(TM)(DLP) policy from Apex Central when there are identical entries in the exclusion list.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5366 (SEG-82139),

The value of the field "File/Data Size" in DLP logs always appears as "2147483647" on the Apex Central server web console when the triggering file on the endpoint is larger than 2 GB.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5366 (SEG-82045),

A case-sensitivity issue causes AD synchronization to fail.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5366 (SEG-87322),

Custom Data Loss Prevention(TM) (DLP) expressions that contain a question mark and colon in sequence "?:" are invalid.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5366 (SEG-83675),

Single Sign-On (SSO) fails when the proxy server requires NTLM authentication.

Solution

This Hotfix resolves the issue so users can still perform SSO under the scenario above.

Issue Hotfix 5366 (SEG-76144),

The "Matched Content" information is missing from the event named scheduled incident summary notification.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5366 (SEG-86854),

The "C&C List Source" column will show "103" rather than the "Relevance rule".

Solution

This Hotfix resolves this issue.

Issue Hotfix 5366 (SEG-83570),

During Daylight Saving Time (DST), inaccurate "Detection Time" information appear in Predicted Machine Learning logs.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5366 (SEG-88731),

An issue prevents Apex Central from synchronizing agent and domain information from managed products.

Solution

This Hotfix resolves the issue to ensure that Apex Central can synchronize agent and domain information from managed products successfully.

Issue Hotfix 5366 (SEG-73839),

The following DLL files stop unexpectedly in debug mode.

  • cmdHandlerDeployNow.dll
  • cmdHandlerProductManager.dll
  • cmdHandlerScheduleDownload.dll

Solution

This Hotfix ensures that the libraries work normally in debug mode.

Issue Hotfix 5366 (SEG-86689),

Users cannot save the "Allowed USB Devices" list on the Apex Central console if the device information contains an "@" character.

Solution

This hotfix resolves the issue so users can save the "Allowed USB Devices" list.

Enhancement Hotfix 5366 (SEG-86857),

This Hotfix improves the performance of the "Automated Analyses" page in handling queries.

Enhancement Hotfix 5366 (SEG-57640),

This Hotfix adds the "Domain Hierarchy" column in policy target search results.

Enhancement Hotfix 5366 (SEG-82919),

This Hotfix enables Apex Central to support the following token variables in Behavioral Monitoring event notifications.

  • %domain%
  • %hierarchy%
  • %BM_policy%
  • %risklevel%
  • %target%
Enhancement Hotfix 5366 (SEG-89809),

This Hotfix adds the new "Malware Pattern for Android (Advanced)" component.

Enhancement Hotfix 5366 (PDGJIRA-7668),

This hotfix enhances the readability and consistency of default user role names by renaming default plural role names to the singular name for all roles (for example, the "Administrators" role is now "Administrator"). If the renamed user role already exists, Apex Central adds "_(1)" after the renamed user role name.

Enhancement Hotfix 5366 (PDGJIRA-7684),

This Hotfix upgrades the PHP module to build 7.4.6.

Enhancement Hotfix 5366

Policy widget enhancement for Apex One (Mac): The "Pass" action is renamed to "Deny access" for Real-time Scan to align with the action name in Apex One. This name change does not affect the functionality.

Issue Hotfix 5299 (SEG-82010),

When administrators add Active Directory (AD) domains to the "ADSyncOUList.config" approved list without specifying the Organizational Unit (OU), Apex Central is unable to synchronize the Active Directory domains.

Solution

This hotfix resolves the issue so that users can add AD domains to the "ADSyncOUList.config" approved list without specifying the OU.

Issue Hotfix 5299 (SEG-82724),

When the Active Directory (AD) manager has only one reporting staff and the staff account on the AD server is disabled between synchronization tasks, Apex Central is unable to synchronize the Active Directory.

Solution

This hotfix resolves the issue so that Apex Central can synchronize the Active Directory even if a reporting staff account is disabled between synchronization tasks.

Issue Hotfix 5299 (SEG-79468),

Apex Central may not be able to send scheduled reports by email when there is a large number of reports.

Solution

This hotfix resolves the issue.

Issue Hotfix 5299 (SEG-44878),

In C&C callback event notifications, the callback address field may contain complete URLs of malicious websites which users can click.

Solution

This hotfix resolves this issue.

Issue Hotfix 5299 (SEG-84122),

Users encounter an error message while editing an existing user account.

Solution

This hotfix ensures that users can edit existing user accounts successfully.

Issue Hotfix 5299 (SEG-84979),

The SIEM server displays inaccurate information when Apex Central sends Attack Discovery logs containing JSON content.

Solution

This hotfix ensures that SIEM servers display complete and accurate information for Attack Discovery logs containing JSON content.

Issue Hotfix 5299 (SEG-83710),

The Trend Micro Infrastructure (TMI) service stops unexpectedly.

Solution

This hotfix resolves this issue.

Issue Hotfix 5299 (SEG-85722),

Apex Central is unable to deploy new components downloaded from the ActiveUpdate (AU) server.

Solution

This hotfix ensures that Apex Central can deploy newly downloaded components from the AU server.

Issue Hotfix 5299 (SEG-75516),

There is a typographical error in the syslog content for the following log types:

  • Virus/Malware
  • Web Violations
  • Content Violations

Solution

This hotfix corrects the typographical error.

Issue Hotfix 5299 (SEG-76147),

The "%vloginuser%" token does not display any information in C&C callback notifications.

Solution

This hotfix ensures that the "%vloginuser%" token displays the required information in C&C callback notifications.

Issue Hotfix 5299 (SEG-39822), (SEG-82550),

An issue may corrupt the "Systemconfiguration.xml" file and prevent services from starting properly.

Solution

This hotfix adds a mechanism to help protect the "Systemconfiguration.xml" file from corruption.

Issue Hotfix 5299 (VRTS-4428),

Some components on the Dashboard are out-of-date.

Solution

This hotfix updates the components.

Issue Hotfix 5299 (SEG-83240),

A database timeout issue prevents policy deployment.

Solution

This hotfix resolves this issue.

Issue Hotfix 5299 (SEG-82054),

An issue prevents programs in the Plug-in Program List from appearing on Manual Update and Scheduled Update program lists.

Solution

This hotfix ensures that these plug-in programs appear in the Manual Update and Scheduled Update lists.

Issue Hotfix 5299 (SEG-73320),

If a Root Cause Analysis does not return any matching targets, "N/A" appears in the corresponding "Users/Endpoints" field.

Solution

After applying this hotfix, "No Match" displays in the "Users/Endpoints" field for Root Cause Analysis results that do not return any matching targets.

Issue Hotfix 5299 (SEG-73373),

Users cannot click the "Deploy" button when creating a new policy.

Solution

This hotfix resolves the issue.

Issue Hotfix 5299 (SEG-83354),

User name information does not appear in Virus/Malware syslog messages.

Solution

This hotfix resolves the issue.

Issue Hotfix 5299 (PDGJIRA-7599),

The Deep Security Agent connection status does not display on the Apex Central Agent Connection Status dashboard widget.

Solution

This Hotfix ensures that the Agent Connection Status widget displays the status of the Deep Security Agent.

Issue Hotfix 5299 (SEG-77893),

In environments where a proxy server is required to establish the connection between Apex One and Apex Central, a communication error occurs and prevents Apex Central from deploying policies successfully.

Solution

This hotfix resolves the communication error and ensures that Apex Central successfully deploys policies when connecting to Apex One through a proxy server.

Enhancement Hotfix 5299 (SEG-84232),

This hotfix improves IIS stability.

Enhancement Hotfix 5299 (SEG-79053),

This hotfix adds the "UK: RD&E Hospital Number" field to the DLP module rule template.

Enhancement Hotfix 5299 (SEG-76695),

This hotfix adds the "User Name" column to the Product Status log query results.

Enhancement Hotfix 5299 (SEG-76413),

If an Active Directory domain only has one child domain, Apex Central does not automatically a parent domain when filtering policy targets by Active Directory structure.

Enhancement Hotfix 5299 (SEG-78710),

This hotfix enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5700)" engine component for Trend Micro Deep Discovery Inspector 5.7.

Enhancement Hotfix 5299 (SEG-84614),

This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.0.

Enhancement Hotfix 5299

The "System" and "SSO_User" user accounts and user roles are hidden by default.

Issue Hotfix 5243 (SEG-76601),

The banner on the "User-Defined Suspicious Objects" tab contains inaccurate information.

Solution

This hotfix ensures that the banner displays accurate information.

Issue Hotfix 5243 (SEG-71991),

C&C Callback event notifications display an "unknown action" error when users attempt to use the "%act%" token variable.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-70172),

Filtered policies cannot be deployed successfully to agents in subdomains that contain an apostrophe "'".

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-80627),

When Data Loss Prevention(TM) (DLP) logs are sent in syslog form, policy names appear as "N/A".

Solution

This hotfix ensures that the correct policy names appear in the DLP logs.

Issue Hotfix 5243 (SEG-81320),

Device Control logs cannot be queried from the "Logs Query" page.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-81379),

CSS style errors cause columns to overlap when printing pages.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-78345),

It may take a long time to generate a report using a template that contains the "Endpoint Pattern/Engine Status Summary". When this happens, the report generation task remains in "In progress" status.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-79000),

Users do not receive scheduled report notification email messages.

Solution

This hotfix ensures that users receive a notification email each time a scheduled report is generated.

Issue Hotfix 5243 (SEG-81846),

The wrong scan method information appears in the "Product View" page.

Solution

This hotfix ensures that the correct scan method information displays in the "Product View" page.

Issue Hotfix 5243 (SEG-80613),

No results display when users run a Log Query and select the same date in the two date fields of the "Custom Range" date filter.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-76127),

An issue prevents Apex Central from generating Active Directory user group reports successfully.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-82738),

An issue prevents Apex Central from forwarding Intrusion Prevention logs to the syslog server.

Solution

This hotfix resolves the issue so Apex Central can forward Intrusion Prevention logs to the syslog server normally.

Issue Hotfix 5243 (SEG-80624),

An exception occurs when users click the "View" in the Security Threat Details table of the Threats tab.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-65309),

Apex Central is unable to save SSO service URLs that contain special characters.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-81742),

The Active Directory (AD) cannot be synched successfully if running in a database with "Estonian_CI_AS" collation.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-79612),

A Deploy Pattern Update command may be cancelled by the next Deploy Pattern update command even if the commands contain different components. As a result, some components are not deployed to the product server.

Solution

This hotfix ensures that a new Deploy Pattern Update command will cancel the previous Deploy Pattern Update command only if they have exactly the same component types.

Issue Hotfix 5243 (SEG-83614),

Users cannot import policies normally.

Solution

This hotfix ensures that users can import policies successfully.

Issue Hotfix 5243

There are some Cross-Site Scripting (XSS) vulnerabilities in Custom Intelligence

Solution

The hotfix fixes Cross-Site Scripting (XSS) vulnerabilities in Custom Intelligence

Enhancement Hotfix 5243 (SEG-74478),

This hotfix improves the product profile merge operation to reduce job failures.

Enhancement Hotfix 5243 (SEG-70114),

This hotfix increases the maximum supported DLP file size from 2 GB to 1024 GB.

Enhancement Hotfix 5243 (SEG-81523), (SEG-82991),

This hotfix applies the following changes to the Firewall Violations log:

  • Renames the following columns:

    • "Endpoint IP" to "Destination IP"
    • "Endpoint Port" to "Destination Port"
    • "Target Application" to "Target Process"
  • Adds the "Source Port" column
Enhancement Hotfix 5243 (SEG-75186),

This hotfix updates the following error messages that display when iVP policy deployment fails.

Error Code 130 From: Vulnerability Protection Service: Policy deployment unsuccessful: Unable to uninstall incompatible agent program To: Vulnerability Protection Service: Unable to deploy. Deep Security installed

Error Code 112 From: Vulnerability Protection Service: Policy deployment unsuccessful: Incompatible agent program on endpoint To: Vulnerability Protection Service: Policy deployment unsuccessful: Unable to deploy. Deep Security installed

Enhancement Hotfix 5243 (SEG-76997),

CEF syslogs include "Active Directory domain" and "Apex One domain hierarchy" information for each log type.

Issue Patch 5158 (SEG-71235),

Accounts in User Roles without a Policy Resource or Response permissions are logged-out of the web console after any of the following widgets are added into the first page of the Dashboard.

Top Violated Application Control Criteria Top Blocked Applications Attack Discovery Detections Top Endpoints Affected by IPS Events Top IPS Events Top IPS Attack Sources Vulnerability Protection

Solution

The hotfix resolves this issue.

Enhancement Patch 5158

SQL Server support

Apex Central supports Microsoft SQL Server 2019 Cumulative Update 4 (CU4) and SQL Server Express CU4.

Enhancement Patch 5158

Web browser support

Apex Central supports Microsoft Edge (Chromium).

Enhancement Patch 5158

Syslog enhancements

• Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server. • Common Event Format (CEF) syslogs indicate the type of critical threat detected.

Enhancement Patch 5158

Policy inheritance

Enhancements to Behavior Monitoring, Predictive Machine Learning, and the Trusted Program List policies allow for policy inheritance support.

Enhancement Patch 5158

Additional Advanced Threat Activity notifications

Apex Central supports Advanced Threat Activity event notifications for Behavior Monitoring violations and Predictive Machine Learning detections.

Enhancement Patch 5158

Vulnerability patches

Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.

Enhancement Patch 5158

Enhanced API integration

Apex Central provides APIs for forwarding detection logs in CEF format, Product Auditing Events, Security Agent pattern update statuses, or Security Agent engine update statuses to SIEM servers.

For more information, see https://automation.trendmicro.com/apex-central/home.

Enhancement Patch 5158

Advanced Logging Policy optimization

The Advanced Logging Policy for Apex One Vulnerability Protection (Policies > Policy Management > Apex One Security Agent > Vulnerability Protection Settings > Network Engine Settings) uses "Stateful, Frag, and Verifier Suppression" by default to exclude fragmentation and verifier related events.

Enhancement Patch 5158

Concurrent session limitation

Apex Central allows administrators to prevent multiple web console sessions per user account.

Enhancement Patch 5158

Critical event auditing

The Apex One server and Security Agents collect Windows event logs related to critical system events (move Security Agent, uninstall Security Agent, reset password) and sends the logs to Apex Central Product Auditing Event logs.

Enhancement Patch 5158

Dashboard enhancements

  • The name of the Operation Center tab has changed to Security Posture, the name of the Threat Detection tab has changed to Threat Statistics, and the widgets on the former DLP Incident Investigation tab have moved to the Data Loss Prevention tab.
  • Toggle the Table view on the Security Posture dashboard tab to display the chart nodes, critical threats, and antivirus pattern compliance information in a table.
Enhancement Patch 5158

Impact Analysis enhancement

The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.

Enhancement Patch 5158

New dashboard widgets

  • The Quick Investigation widget allows you to start Historical Investigations directly from the dashboard.
  • Use the Attack Discovery Detections widget to view detection logs generated by the Endpoint Sensor Attack Discovery feature.

Attack Discovery logs include MITRE™ Tactics and Techniques information and Windows Antimalware Scan Interface (AMSI) data.

  • The Top Endpoints Affected by IPS Events, Top IPS Attack Sources, and Top IPS Events widgets provide greater visibility for Intrusion Prevention events on your network.
Enhancement Patch 5158

Password complexity enhancement

  • Apex Central user accounts have stronger password complexity requirements.
  • The Unload and Uninstall Security Agent features include enhanced password complexity requirements for better security.
Issue Hotfix 5123 (SEG-75309),

The "Policy Management" page loads repeatedly after users click the "Endpoints/Products without policies" count on the page.

Solution

The hotfix ensures that the relevant information displays under the scenario described above.

Issue Hotfix 5123 (SEG-77255),

Active Directory (AD) synchronization may fail because the mail column in the database is too small.

Solution

This hotfix makes the necessary adjustments so AD synchronization runs normally.

Issue Hotfix 5123 (SEG-57747), (SEG-71642), (SEG-76629),

Active Directory synchronization is unsuccessful if the root domain of domain is unrecognition

Solution

This hotfix resolves the issue.

Issue Hotfix 5123 (SEG-71724),

The "%Hierarchy%" token does not display any information in email notifications.

Solution

This hotfix ensures that the "%Hierarchy%" token displays the required information in email notifications.

Issue Hotfix 5123 (SEG-69179),

After Trend Micro Apex One(TM) (Mac(TM)) registers to Apex Central, the "Product Component Status" field displays "No data to display".

Solution

This hotfix resolves this issue so the correct product component status appears on the Apex Central web console.

Issue Hotfix 5123 (SEG-75104),

An issue prevents the Policy Management screen from displaying properly.

Solution

This hotfix resolves the issue to ensure that the Policy Management screen displays properly.

Issue Hotfix 5123 (SEG-72541),

File paths appear in the wrong format in syslogs.

Solution

This hotfix ensures that file paths appear in the proper syslog format.

Issue Hotfix 5123 (SEG-72270),

Apex Central services stops unexpectedly.

Solution

This hotfix resolves this issue.

Issue Hotfix 5123 (SEG-75796),

The "Local Folder" node on the product tree can be expanded when users create an Active Directory (AD) account with the "DLP_Compliance_Officer" or "DLP_Incident_Reviewer" role.

Solution

This hotfix ensures that the "Local Folder" node is greyed-out under this scenario.

Issue Hotfix 5123 (SEG-78270),

Users do not receive C&C callback outbreak alert notifications.

Solution

This hotfix ensures that users receive C&C callback outbreak alert notifications.

Issue Hotfix 5123 (SEG-75262),

The "Host Name" field in Behavior Monitoring Violations notifications displays the product server host name instead of the endpoint host name.

Solution

This hotfix ensures that the "Host Name" field in Behavior Monitoring Violations notifications displays the endpoint host name.

Issue Hotfix 5123 (SEG-67259),

The action field in log query results may display "Reboot system required" instead of "Reboot system successfully" even when the endpoint has restarted successfully.

Solution

This hotfix ensures that the action field in log query results displays "Reboot system successfully" when the endpoint has restarted successfully.

Issue Hotfix 5123 (SEG-72218),

A high CPU usage issue occurs on the SQL server when purging Web Violations logs.

Solution

This hotfix prevents the high CPU usage issue from occurring in this scenario.

Issue Hotfix 5123 (SEG-73469),

A performance issue causes an "Unable to execute SQL command. The database is busy. Try again after a few minutes." error in the "Historical Investigation" page of the Apex Central web console.

Solution

This hotfix prevents the error by improving the performance of the "Historical Investigation" page.

Issue Hotfix 5123 (SEG-71627),

Users cannot search for targets to deploy policies by "Filter by Criteria" or "Specify Target(s)" in the "Policy Management" page.

Solution

This hotfix ensures that users can search for targets for policy deployment correctly.

Issue Hotfix 5123 (VRTS-4140),

The Product Directory page is affected by Cross-Site Scripting (XSS) issues.

Solution

This hotfix resolves the issue.

Enhancement Hotfix 5123 (SEG-78163),

This hotfix renames the "Host Name" field to "Endpoint" in unmanaged endpoints dataview.

Enhancement Hotfix 5123 (SEG-59481),

This hotfix expands the IP address columns used in the Data Loss Prevention(TM) (DLP) violation log so that it can support the IPv6 address format.

Enhancement Hotfix 5123 (SEG-70825),

This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 6.9.

Enhancement Hotfix 5123 (SEG-76626),

This hotfix adds the new "Endpoint Sensor Activity Filtering Pattern" pattern.

Issue Hotfix 5105 (SEG-71627),

Users cannot search for targets to deploy policies by "Filter by Criteria" or "Specify Target(s)" in the "Policy Management" page.

Solution

This hotfix ensures that users can search for targets for policy deployment correctly.

Issue Hotfix 5104 (SEG-73934),

Users do not receive event notifications if the log generation time field is empty.

Solution

This Hotfix ensures that Apex Central can send event notifications successfully when the log generation time field is empty.

Issue Hotfix 5104 (SEG-74460),

Apex Central does not allow the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.

Solution

This Hotfix enables Apex Central to support the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.

Enhancement Hotfix 5104

Syslog Forwarding Enhancement

Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server.

Enhancement Hotfix 5104

Vulnerability Patches

Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.

Enhancement Hotfix 5104

Password Complexity Enhancement

Apex One as a Service user account passwords and the Apex One Security Agent uninstallation password have the same password complexity requirements.

Enhancement Hotfix 5104

Security Agent Password Complexity

The Uninstall Security Agent feature includes enhanced password complexity requirements for better security.

Enhancement Hotfix 5104 (SEG-73451),

This Hotfix adds new informational metadata in the Intrusion Prevention rules and disables the Informational rules by default in security mode.

Issue Hotfix 4604 (SEG-68259),

When the "m_iDuplicateAll" setting in the "SystemConfiguration.xml" file is enabled, Apex Central downloads only the engine and program files and skips the pattern files.

Solution

This Hotfix ensures that Apex Central downloads pattern, program, and engine files normally when the "m_iDuplicateAll" setting is enabled in "SystemConfiguration.xml".

Issue Hotfix 4604 (SEG-64007), (SEG-66447), (SEG-64333),

Apex Central does not run the deploy command even if it already downloaded new components from the ActiveUpdate (AU) server.

Solution

This Hotfix ensures that Apex Central can run the deploy command after downloading new components from the AU server.

Issue Hotfix 4604 (SEG-69509),

Inaccurate information may appear in Virus Event Notifications.

Solution

This Hotfix ensures that Virus Event Notifications display complete and accurate information.

Issue Hotfix 4604 (VRTS-4291),

Apex Central displays complete software version information in error pages.

Solution

This Hotfix prevents Apex Central from displaying the complete software version information in error pages.

Issue Hotfix 4604 (SEG-68531),

The wrong information displays in the "Action" field on Behavior Monitoring event notifications.

Solution

This Hotfix ensures that Behavior Monitoring event notifications displays complete and accurate information.

Issue Hotfix 4604 (SEG-74460),

Apex Central does not allow the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.

Solution

This Hotfix enables Apex Central to support the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.

Enhancement Hotfix 4604 (SEG-70034),

This Hotfix enables the "Device Type" field in device control logs to display "Mobile devices" instead of "Non-storage USB".

Enhancement Hotfix 4604 (SEG-52919),

This hotfix enables the Apex Central Threat Statistics widget to detect the following violation log types:

  • Firewall Violation
  • Behavior Monitoring
  • Network Content Inspection
  • Device Control
  • Suspicious Files
  • Predictive Machine Learning
Issue Hotfix 4600 (SEG-69664),

The time range setting does not work in Detail Application Control View of the Report Template.

Solution

This hotfix ensures that the time range setting works normally on the Report Template.

Issue Hotfix 4600 (SEG-74196),

The number of policy targets that displays on the Policy Management is incorrect because the count does not include offline Security Agents.

Solution

This hotfix updates the policy target number to display the correct value, including offline Security Agents.

Issue Hotfix 4600 (SEG-73934),

Users do not receive event notifications if the log generation time field is empty.

Solution

This Hotfix ensures that Apex Central can send event notifications successfully when the log generation time field is empty.

Issue Hotfix 4600 (SEG-73750),

Users cannot Single Sign-on (SSO) to Apex One from the Apex Central web console in debug mode.

Solution

This Hotfix ensures that users can SSO to Apex One from the Apex Central web console in debug mode.

Issue Hotfix 4600 (SEG-73949),

Apex Central Service may stop unexpectedly while recording output database connection errors to debug logs.

Solution

This Hotfix resolves this issue.

Enhancement Hotfix 4600 (SEG-22176),

This hotfix enables Apex Central Policy Management to support Trend Micro Mobile Security for Enterprise (Security Mode).

Enhancement Hotfix 4600 (SEG-55754),

This hotfix enables Apex Central to support suspicious object upload and synching in Trend Micro Web Security.

Issue Hotfix 4591 (SEG-65272),

Users cannot open the Apex Central web console on macOS Catalina because the Apex Central self-signed certificate does not comply with the new security requirements in iOS 13 and macOS 10.15.

Solution

To resolve this issue:

  1. Open a command prompt.
  2. Change to the Apex Central directory, for example, "C:\Program Files (x86)\Trend Micro\Control Manager".
  3. Run the following command: IISCfg.exe -REPLACE_CERT

Issue Hotfix 4591 (SEG-69738),

If user click assess impact in "quick investigation" widget will not bring the parameter to Historical Investigation page.

Solution

This hotfix fixes this issue.

Issue Hotfix 4591 (SEG-70058),

The content in generated reports that use the "TM Managed Product Connection Component Status" custom template shows "no data to display" when "Tags and Filters" are selected as targets.

Solution

This hotfix ensures that Apex Central can generate "TM Managed Product Connection Component Status" reports correctly.

Issue Hotfix 4591 (SEG-64659),

The PDF creator cannot parse <wbr> tags correctly which causes it to record inaccurate report size information.

Solution

This hotfix replaces the <wbr> tag with another word-break tag to ensure that reports are formatted correctly.

Issue Hotfix 4591 (SEG-68867),

Logforwarder cannot forward logs when the IP address field contains multiple IP addresses and one of the addresses is in IPv6 format.

Solution

This hotfix ensures that the Logforwarder can forward logs normally under the scenario described above.

Issue Hotfix 4591 (SEG-69030),

A high CPU usage issue occurs on the SQL server when purging Behavior Monitoring logs.

Solution

This hotfix prevents the high CPU usage issue from occurring in this scenario.

Issue Hotfix 4591 (SEG-68902),

When the Security Agent is unregistered from Apex Central, reports and log queries display a different number of Malware/Virus detection logs.

Solution

This hotfix ensures that reports and log queries display the same number of Malware/Virus detection logs.

Issue Hotfix 4591 (VRTS-4126),

Users with Read-Only privileges may be able to export the Data Loss Prevention™ (DLP) pattern.

Solution

This hotfix ensures that only users with the required permissions can export the DLP pattern.

Issue Hotfix 4591 (SEG-69530),

When users create a filter policy and select "Directories: Product Directory" in the "Filter by Criteria" page, the product directory does not display any product.

Solution

This hotfix ensures that the product directory displays normally in the "Filter by Criteria" page.

Issue Hotfix 4591 (SEG-66914),

In event logs, the event time does not match the recorded time that an email was received.

Solution

This hotfix ensures that the event time in event logs matches the time of receipt of the email message.

Issue Hotfix 4591 (SEG-71937),

The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.

Solution

This hotfix ensures that the policy settings display properly.

Issue Hotfix 4591 (SEG-68452),

If disable 'Display a notification on endpoints when probably virus/malware is detected' then deploy the policy, the settings will have reverted to enable on Web console.

Solution

This hotfix is to update User Interface dependency on web console to solve this issue.

Enhancement Hotfix 4591

Simplified log maintenance

Apex Central automatically deletes logs from Trend Micro servers after 90 days for new customers.

**Note: **

If you are an existing customer and previously changed the default Maximum Log Age, Apex Central retains logs on Trend Micro servers according to the previously configured setting.

Enhancement Hotfix 4591

Performance Enhancement

Apex One (Mac)

This hotfix improves the performance of Apex One (Mac) as a Service.

Enhancement Hotfix 4591 (SEG-69881),

This hotfix allows users to search for endpoint names that contains an underscore character "_" in the terminate object page of the Endpoint Sensor web console.

Enhancement Hotfix 4591 (SEG-69881),

This hotfix resolves an error to ensure that the Endpoint Sensor can perform a scheduled investigation normally.

Enhancement Hotfix 4591 (SEG-32695),

This hotfix allows users to Single Sign-on (SSO) to other products from the Apex Central web console using a proxy server.

Enhancement Hotfix 4591 (SEG-60191),

This hotfix enhances Apex Central to share Deep Discovery Analyzer (DDAN) in the hub site to managed OfficeScan (OSCE)/Apex One in the node site.

Issue Hotfix 4476 (SEG-69530),

When users create a filter policy and select "Directories: Product Directory" in the "Filter by Criteria" page, the product directory does not display any product.

Solution

This hotfix ensures that the product directory displays normally in the "Filter by Criteria" page.

Issue Hotfix 4476 (SEG-66914),

In event logs, the event time does not match the recorded time that an email was received.

Solution

This hotfix ensures that the event time in event logs matches the time of receipt of the email message.

Issue Hotfix 4476 (SEG-69738),

If user click assess impact in "quick investigation" widget will not bring the parameter to Historical Investigation page.

Solution

This hotfix fixes this issue.

Issue Hotfix 4476 (SEG-71937),

Issue: The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.

Solution

Solution: This hotfix ensures that the policy settings display properly.

Note: To ensure that child policies deploy correctly, expand the Trusted Program List or Predictive Machine Learning Settings for the parent policy and click Deploy.

Enhancement Hotfix 4476 (SEG-32695),

This hotfix allows users to Single Sign-on (SSO) to other products from the Apex Central web console using a proxy server.

Enhancement Hotfix 4476 (SEG-69881),

This hotfix allows users to search for endpoint names that contains an underscore character "_" in the terminate object page of the Endpoint Sensor web console.

Enhancement Hotfix 4476 (SEG-69738),

This hotfix resolves an error to ensure that the Endpoint Sensor can perform a scheduled investigation normally.

Issue Hotfix 4474 (SEG-66877),

Users cannot Single Sign-On (SSO) to the Apex One web console from the Apex Central web console.

Solution

This hotfix resolves the issue.

Issue Hotfix 4474 (SEG-71937),

Issue: The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.

Solution

Solution: This hotfix ensures that the policy settings display properly.

Note: To ensure that child policies deploy correctly, expand the Trusted Program List or Predictive Machine Learning Settings for the parent policy and click Deploy.

Issue Hotfix 4473 (VRTS-4126),

Users with Read-Only privileges may be able to export the Data Loss Prevention(TM) (DLP) pattern.

Solution

This hotfix ensures that only users with the required permissions can export the DLP pattern.

Issue Hotfix 4473 (SEG-54954),

An issue prevents Apex Central to acquire logs.

Solution

This hotfix fixes this issue.

Issue Hotfix 4473 (SEG-69895),

Domain users are unable to install Apex Central hotfixes.

Solution

This hotfix ensures that domain user accounts can successfully install Apex Central hotfixes.

Enhancement Hotfix 4473 (SEG-60191),

This hotfix enhances Apex Central to share Deep Discovery Analyzer (DDAN) in the hub site to managed OfficeScan (OSCE)/Apex One in the node site.

Enhancement Hotfix 4473

Vulnerability Patches

Apex Central has patched Cross Site Scripting (XSS) vulnerabilities.

Enhancement Hotfix 4473

Performance Enhancement

Apex One (Mac)

This hotfix enhances the performance of Apex One (Mac) as a Service.

Enhancement Hotfix 4473

Performance Enhancement

Apex One (Mac)

This hotfix improves the startup speed and startup flow of the Apex One Security Agent to help reduce unexpected errors during Security Agent startup.

Enhancement Hotfix 4473

New Features

Security Agent Uninstallation

Apex One (Mac) provides enhanced password security for Security Agent uninstallation on endpoints when an uninstallation password is required.

Enhancement Hotfix 4473

New Features

Policy Management Enhancement

Apex One Security Agent policies support inheritance for Predictive Machine Learning settings.

Enhancement Hotfix 4473

New Features

Enhanced API Integration

Apex Central supports a new API that forwards detection logs in CEF format to SIEM servers.

Issue Hotfix 4365 (SEG-63762),

The Apex Central server times out when the SQL server queries large data sets.

Solution

This hotfix resolves the server timeout issue.

Issue Hotfix 4363 (SEG-66418),

The Trend Micro Deep Discovery Web Inspector product profile cannot be merged successfully because it contains unnecessary ASCII characters.

Solution

This hotfix removes unnecessary ASCII characters from the Deep Discovery Web Inspector product profile to ensure that the profile can be merged successfully.

Issue Hotfix 4363 (SEG-62090),

The number of queried Attach Discovery Detection logs on Log Query differ from the number of forwarded Syslog entries forwarded.

Solution

This hotfix ensures that there is no discrepancy between the number of queried Attach Discovery Detection logs on Log Query and the number of forwarded Syslog entries.

Issue Hotfix 4363 (SEG-67181),

An issue prevents the Syslog Forward function from working under the UDP protocol.

Solution

This hotfix resolves the issue.

Issue Hotfix 4363 (VRTS-3590), (VRTS-3863),

A path traversal vulnerability has been found in Apex Central 2019.

Solution

The hotfix resolves the path traversal vulnerability.

Issue Hotfix 4363 (SEG-64901),

The system does not save non-monitored targets in the Data Loss Prevention(TM) (DLP) policy setting if the target contains uppercase characters.

Solution

This hotfix resolves this issue by ensuring that the system saves non-monitored targets in the DLP policy setting even if the target contains uppercase characters.

Issue Hotfix 4363 (SEG-67195),

The intrusion prevention rules are missing on the Apex Central version running on Norway platforms.

Solution

This hotfix resolves this issue by enabling the rule update function to properly support Norway platforms.

Issue Hotfix 4363 (SEG-64392),

An issue prevents the Operation Center from merging custom reporting line circles so it displays random custom reporting line names instead. This issue occurs if the custom reporting lines include an Active Directory user that does not have a manager.

Solution

The hotfix ensures that the custom reporting line displays correctly in this situation.

Issue Hotfix 4363 (SEG-66466),

An issue prevents Apex Central from deploying policies after it is upgraded from Control Manager 6.0.

Solution

The hotfix resolves this issue.

Issue Hotfix 4363 (SEG-67182),

An issue prevents Apex Central from purging Behavior Monitoring Logs.

Solution

The hotfix resolves the issue so that Behavior Monitoring Logs are purged correctly.

Issue Hotfix 4363 (SEG-66885),

An issue triggers false rebuild attack discovery detections every hour, which affects Apex Central performance.

Solution

This hotfix resolves the issue.

Issue Hotfix 4363 (SEG-64841),

The "Database is busy. Please..." error message appears on the "User/Endpoint Directory" page when the SQL server and database use different collation settings.

Solution

This hotfix resolves the error by updating the SQL script to enable it to use the database collation settings instead of the SQL server collation settings.

Enhancement Hotfix 4363 (SEG-60909),

This hotfix enables Apex Central to sort policy changing domain agents every 10 minutes instead of at 15:15 everyday.

Enhancement Hotfix 4363 (SEG-67527),

This hotfix adds a new error message containing the workaround for when Single-Sign On (SSO) fails because the browser cookie length limit has been exceeded.

Enhancement Hotfix 4363 (SEG-67916), (SEG-67462),

This hotfix enables Apex One as a Service Hybrid mode to support Data Lake integration for Root Cause Analyses.

Issue Hotfix 4265 (SEG-66418),

The Deep Discovery Web Inspector product profile cannot be merged successfully because it contains unnecessary ASCII characters.

Solution

This hotfix removes unnecessary ASCII characters from the Deep Discovery Web Inspector product profile to ensure that the profile can be merged successfully.

Issue Hotfix 4265 (SEG-65270),

The web console of Apex Central as a Service displays a warning message and a disabled "Start Retro Scan" button in the Security Threat information for a URL.

Solution

This hotfix removes the warning message and the disabled "Start Retro Scan" button from the Security Threat page for URLs.

Issue Hotfix 4264 (SEG-61428),

An issue prevents Apex Central from generating reports successfully.

Solution

This hotfix resolves the issue to ensure that Apex Central can generate reports successfully.

Issue Hotfix 4264 (SEG-64336),

Deep Discovery Web Inspector (DDWI) does not support Single Sign-On (SSO) but the SSO link for Deep Discovery Web Inspector appears on the "Server Registration" page.

Solution

This hotfix removes the SSO link for Deep Discovery Web Inspector (DDWI) from the "Server Registration" page.

Issue Hotfix 4263 (SEG-58419),

The Root Cause Analysis task runs continuously if the target agent has been removed.

Solution

This hotfix adds a timeout value for the Root Cause Analysis task.

Issue Hotfix 4263 (VRTS-3589),

Passwords are not salted individually.

Solution

This hotfix ensures that passwords are salted individually.

Enhancement Hotfix 4263 (SEG-41899),

This hotfix enables Apex Central to support the Login Sharing Prevention feature.

Enhancement Hotfix 4263 (SEG-56603),

This hotfix enables the Operation Center to display information in Chart View and Table View.

Issue Hotfix 4241 (SEG-56595),

When receiving Web Violation logs, the corresponding Web Access Policy Violation Alerts under Event Notifications do not display the login user information.

Solution

This hotfix ensures that Web Access Policy Violation Alerts display the login user information normally.

Issue Hotfix 4241 (SEG-64156),

Apex Central is affected by PHP vulnerabilities.

Solution

This hotfix upgrades the PHP module to build 7.1.33.

Issue Hotfix 4241 (VRTS-3849),

The OpenSSL and libcurl modules are affected by a Code Injection Vulnerability.

Solution

This hotfix resolves the vulnerability.

Enhancement Hotfix 4241 (SEG-32094),

This hotfix adds Behavior Monitoring violations alert settings under the Event Notification settings.

Enhancement Hotfix 4241 (SEG-32096),

This hotfix adds Predictive Machine Learning detections alert settings under the Event Notification settings.

Enhancement Hotfix 4241 (SEG-43637),

LogForwarder forwards mapping string labels instead of the integer when forwarding Action column content of Behavior Monitoring.

Enhancement Hotfix 4241 (SEG-61455),

This hotfix enables Apex Central to support the new engine component "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5600)" for Trend Micro Deep Discovery Inspector 5.6.

Issue Hotfix 4240 (SEG-60067),

When users create criteria using the Application Reputation List on Apex Central, some applications that were selected from the list become unselected after a TMCSS pattern update.

Solution

This hotfix updates the Apex Central file to resolve this issue.

Issue Hotfix 4239 (SEG-61089),

The Trend Micro Interscan(TM) Messaging Security (IMSS) policy is not fully functional on Apex Central.

Solution

This hotfix ensures that the IMSS policy is fully functional on Apex Central.

Issue Hotfix 4238 (SEG-61629), (SEG-61784),

The "Filter by criteria" function cannot match keywords when users specify multiple keywords and separate each by a comma.

Solution

This hotfix ensures that the "Filter by criteria" function matches multiple keywords normally.

Enhancement Hotfix 4238 (SEG-61185),

This hotfix enables Apex Central as a Service to monitor Single Sign-On issues through Microsoft(TM) Windows(TM) event logs.

Enhancement Hotfix 4238 (SEG-63480),

This hotfix renames the "InterScan Web Security as a Service" Server Type option to "Trend Micro Web Security" in the "Administrator > Server Registration" page on the Apex Central web console.

Issue Hotfix 4237 (SEG-62153),

A specific SQL query blocks several processes on the Control Manager server.

Solution

This hotfix ensures that the specific SQL query does not block processes on the Control Manager server.

Enhancement Hotfix 4237 (SEG-53909),

This hotfix enables Apex Central to support Trend Micro Deep Discovery Web Inspector.

Enhancement Hotfix 4236 (SEG-63797),

This hotfix enables the following three widgets to display information from the past 30 days.

  • Top Endpoints Affected by IPS Events
  • Top IPS Attack Sources
  • Top IPS Events

Procedure

To summarize data from the last 30 days:

  1. Install this hotfix (see "Installation").
  2. Open a command prompt and log in using an administrator account.
  3. Go to the Apex Central installation home folder.
  4. Run the following command "echo sp_Presummary_IntrustionPrevention_30Days > SumIPS.sql | SQLExecutor.NET.exe -f=SumIPS.sql"

Issue Hotfix 4235 (SEG-61339),

Policies are not deployed if there is a carriage return in the filter criteria.

Solution

The hotfix ensures that policies are deployed successfully.

Issue Hotfix 4235 (VRTS-3668),

Users encounter "4624(S): An account was successfully logged on" events with Logon Type 8 which warns that passwords are recorded in clear text on the server memory.

Solution

The hotfix prevents passwords from being saved in clear text on the server memory.

Enhancement Hotfix 4235 (SEG-59130),

This hotfix allows users to select a virtual analyzer to be used for an Apex One as a Service server on the "Server Registration" page in hybrid mode.

Enhancement Hotfix 4235 (SEG-61384), (SEG-62946),

This hotfix adds the following three new widgets in Apex Central to provide users with information on Intrusion Prevention (IPS) events.

Top Endpoints Affected by IPS Events Top IPS Attack Sources Top IPS Events

Enhancement Hotfix 4235 (SEG-63674),

Dashboard enhancements

The widgets on the former DLP Incident Investigation tab are now on the Data Loss Prevention tab.

Enhancement Hotfix 4235 (SEG-63674),

Impact Analysis enhancement

The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.

Enhancement Hotfix 4235 (SEG-63674),

Web Console Auto Refresh enhancement

You can configure the Apex Central management console to automatically refresh the screen every 600 seconds (enabled by default).

Enhancement Hotfix 4235 (SEG-49778),

This hotfix provides an iAC log purge function in the "Log Maintenance" page of the Apex Central web console.

Issue Hotfix 3983 (SEG-61440),

An issue prevents users from selecting targets to deploy Apex Central policies.

Solution

The hotfix ensures that Apex Central policies are deployed normally.

Issue Hotfix 3982 (SEG-56557),

When users search for Active Directory (AD) user names or user groups while creating a policy under the Device Control Settings, the AD user names or user groups do not display on the search bar.

Solution

This hotfix ensures that users can search for AD user names or user groups normally when creating Device Control policies.

Issue Hotfix 3981 (SEG-58852),

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Solution

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Enhancement Hotfix 3981 (SEG-52242),

This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 6.8.

Enhancement Hotfix 3980 (SEG-34121), (SEG-41962), (SEG-52917), (SEG-48792),

This hotfix adds the new column "Expiration date" for User-Defined Suspicious Objects (UDSO) in Apex Central.

Issue Hotfix 3979 (SEG-58967),

An SQL function usage compatibility issue causes hotfix installation to fail.

Solution

This hotfix resolves the issue to ensure that hotfixes can be installed normally.

Enhancement Hotfix 3979 (SEG-43643),

This hotfix ensures that activation (AC) keys are renewed automatically when the keys are added or redeployed to products.

Enhancement Hotfix 3979 (SEG-41902),

This hotfix enables users to add "unmanaged endpoints" information to custom reports.

Issue Hotfix 3978 (SEG-59166),

An issue prevents the "Product Component Status" widget from displaying information normally.

Solution

This hotfix resolves the issue so that the "Product Component Status" widget can display information normally.

Enhancement Hotfix 3978 (SEG-56940),

This hotfix enables Apex Central to support Trend Micro Safe Lock(TM) 3.0.

Issue Hotfix 3977 (SEG-56503),

In the Data Loss Prevention(TM) (DLP) Policy Settings page, the device serial ID field supports up to 32 characters only.

Solution

This hotfix extends the maximum device serial ID length to 64 characters.

Issue Hotfix 3976 (SEG-59272),

The "This feature supports only IPv4" warning in the "Apex One Data Loss Prevention Settings > Apex One DLP" screen is misleading.

Solution

This hotfix removes the "This feature supports only IPv4" warning from the "Apex One DLP" settings screen.

Enhancement Hotfix 3975 (SEG-58041),

This hotfix ensures that Microsoft(TM) Azure Active Directory (AD) could Single Sign-On (SSO) to the Apex Central web console normally.

Enhancement Hotfix 3975 (SEG-43622),

This hotfix enables users to add the Apex One domain hierarchy information in applicable virus event notifications using the "%hierarchy%" token.

Issue Hotfix 3974 (SEG-56232),

The Active Directory (AD) cannot be synched successfully because "Logprocessor.exe" runs out of memory during AD synchronization.

Solution

This hotfix prevents the out-of-memory issue to ensure that AD can be synched successfully.

Enhancement Hotfix 3973 (SEG-55073),

This hotfix allows Apex Central to enable the "self-integrity check" setting for the ActiveUpdate (AU) module by default.

Enhancement Hotfix 3972 (SEG-58238),

This hotfix helps prevent a misconfiguration issue that may trigger the generation of a large number of violation logs, by blocking the use of an asterisk "*" wildcard character in the root file path properties and each certificate properties on the "Application Control Criteria" setting page.

Enhancement Hotfix 3972 (SEG-55846),

This hotfix enables Apex Central to support the new component "Advanced Threat Scan Engine (Mac, 64-bit)" for Apex One (Mac(TM)).

Issue Hotfix 3971 (SEG-58234),

The UI layout does not display when users click on "Show working panel" while editing the Custom Report template.

Solution

This hotfix ensures that the UI layout displays normally when users click the "Show working panel" button while editing the Custom Report template.

Enhancement Hotfix 3970 (SEG-56048),

This hotfix ensures that the LogForwarder tool sends pattern update status logs and engine update status logs normally.

Enhancement Hotfix 3966 (SEG-54994),

This hotfix enables Apex Central to send File Hash detection logs and Network Content Inspection logs to the Threat Investigation Center (TIC).

Issue Hotfix 3965 (SEG-56869),

Users cannot log on to the Apex Central web console using a password that contains a space character.

Solution

This hotfix enables users to use passwords that contain a space character to log on to the Apex Central web console.

Issue Hotfix 3965 (SEG-58224),

The UI debug log displays the wrong message when the OpenIOC file has been uploaded successfully.

Solution

This hotfix ensures that UI debug log displays the correct message after the OpenIOC file has been uploaded successfully.

Issue Hotfix 3964 (SEG-51336),

When users add email addresses to the "Event Notification > Watchlisted Recipients At Risk" list, only the first 64 characters of the string will be saved.

Solution

This hotfix ensures that users can add email messages normally into the "Watchlisted At Risk" list.

Issue Hotfix 3964 (SEG-57402),

An issue prevents Apex Central from generating manual or scheduled reports when the scan date data is empty.

Solution

This hotfix resolves the issue to ensure that Apex Central can generate reports normally.

Enhancement Hotfix 3964 (SEG-44904),

This hotfix updates the Active Directory (AD) sync tool to enable it to limit or approve which Organizational Units (OUs) are synced to Apex Central. Users can configure this feature by setting-up the approved and exception lists in the "ADSyncOUList.config" file.

Enhancement Hotfix 3964 (SEG-53604),

This hotfix prevents Cross-site Scripting (XSS) issues in the filter by criteria mechanism when creating policies.

Issue Hotfix 3951 (SEG-56742),

An issue prevents automation APIs from relocating or uninstalling agents.

Solution

The hotfix helps ensure that agents can be relocated or uninstalled using automation APIs.

Issue Hotfix 3951 (SEG-48480), (SEG-48481),

The Web Console Timeout setting does not work normally.

Solution

This hotfix ensures that the Web Console Timeout setting works normally.

Issue Hotfix 3951 (SEG-52169),

Apex Central cannot overwrite policy settings when the Apex One agent changes a policy locally.

Solution

This hotfix ensures that policies are deployed normally.

Issue Hotfix 3951 (SEG-56525),

An I18N issue is found in Users/Endpoints.

Solution

This hotfix resolves the I18N issue.

Issue Hotfix 3951 (SEG-54122),

The pie chart in "DLP template Matches" widget displays the "Others" category even when the option is not selected.

Solution

This hotfix adds an additional filter logic to ensure that information categorized under "Others" does not appear in the pie chart when the option is not selected.

Issue Hotfix 3951 (SEG-54401),

Apex Central deploys the wrong action setting for IP-type User-Defined Suspicious Objects (UDSO) that have been added to the SO list using Custom Intelligence Automation APIs.

Solution

This hotfix ensures that the correct action for IP-type USDOs are deployed to managed products.

Issue Hotfix 3951 (SEG-56480),

The "Trusted Program List" of the Apex One Security Agent policy setting is case-sensitive.

Solution

This hotfix makes the "Trusted Program List" policy setting case-insensitive.

Issue Hotfix 3951 (SEG-55731),

Uses cannot download and save reports when there are non-English alphanumeric characters in the report name.

Solution

This hotfix resolves the issue so users can save and download reports using file names with non-English alphanumeric characters.

Issue Hotfix 3951 (SEG-56044),

Apex Central SaaS displays unrelated categories in static report template on Microsoft(TM) Internet Explorer(TM) 11.

Solution

The hotfix ensures that only the following four categories are displayed in static reports in Apex Central SaaS.

  • Executive summary
  • Desktop products
  • Data Loss Prevention
  • Data Discovery

Issue Hotfix 3951 (SEG-47407),

The "Virus Scan Engine (Windows XP/Server 2003, x64)" component name is no longer accurate since Control Manager stopped support for Microsoft(TM) Windows(TM) Server 2003.

Solution

This hotfix renames the "Virus Scan Engine (Windows XP/Server 2003, x64)" component to "Virus Scan Engine (Windows)".

Issue Hotfix 3951 (SEG-56611),

Apex Central stops synchronizing the suspicious object (SO) list from Trend Deep Discovery Analyzer once multiple Deep Discovery Analyzers have registered to Apex Central.

Solution

This hotfix ensures that Apex Central synchronizes the SO list successfully when multiple Deep Discovery Analyzers are registered to Apex Central.

Issue Hotfix 3951 (SEG-56555),

The "Pass/Log" action in "Intrusion Prevention" logs on log query results may confuse users.

Solution

This hotfix replaces the "Pass/Log" action on the log query results page to "Log" when in "detect only" mode.

Enhancement Hotfix 3951 (SEG-56425),

This hotfix enables Apex Central to add user name information in Device Control syslog messages.

Enhancement Hotfix 3951 (SEG-52539),

This hotfix ensures that sub services can restart normally after stopping unexpectedly.

Enhancement Hotfix 3951 (SEG-57251),

This hotfix enables Apex Central to apply policies promptly to an agent that originally does not have a policy once it triggers a filter policy because of changes to its properties, such as an IP change resulting in matching the filter policy's criteria, instead of waiting until the daily policy re-enforcement to apply policies on the agent.

Enhancement Hotfix 3951 (SEG-56849),

The original default values of "Maximum TCP Connections" and "Maximum UDP Connections" in the "Apex One Security Agent > Vulnerability Protection > Network Engine Setting" tab are too small and cause the generation of a large number of Intrusion Prevention logs.

This hotfix applies the following changes to limit the number of Intrusion prevention logs:

  • Increasing the minimum value of "Maximum TCP/UDP Connection" for the Network Engine Setting to "2000"
  • Changing the default value to "1000000"
  • Applying the new default value to policies created with original default values
Issue Hotfix 3943 (SEG-53908),

Apex Central Log Queries take a very long time to complete when there are more than 200000 agents.

Solution

This hotfix improves the Log Query performance when there are more than 200000 agents.

Issue Hotfix 3943 (SEG-58068),

User may fail to upload the IOC file for investigation if the Apex Central did not installed in C disk.

Solution

This hotfix has fixed this issue.

Enhancement Hotfix 3943 (SEG-57424),

The hotfix ensures that the policy status displays correctly after deployment.

Issue Hotfix 3942 (SEG-54401),

Apex Central deploys the wrong action setting for IP-type User-Defined Suspicious Objects (UDSO) that have been added to the SO list using Custom Intelligence Automation APIs.

Solution

This hotfix ensures that the correct action for IP-type USDOs are deployed to managed products.

Issue Hotfix 3941 (SEG-54122),

The pie chart in "DLP template Matches" widget displays the "Others" category even when the option is not selected.

Solution

This hotfix adds an additional filter logic to ensure that information categorized under "Others" does not appear in the pie chart when the option is not selected.

Issue Hotfix 3940 (SEG-56525),

An I18N issue is found in Users/Endpoints.

Solution

This hotfix resolves the I18N issue.

Issue Hotfix 3939 (SEG-52169),

Apex Central cannot overwrite policy settings when the Apex One agent changes a policy locally.

Solution

This hotfix ensures that policies are deployed normally.

Enhancement Hotfix 3939 (SEG-52539),

This hotfix ensures that sub services can restart normally after stopping unexpectedly.

Issue Hotfix 3938 (SEG-48481),

The Web Console Timeout setting does not work normally.

Solution

This hotfix ensures that the Web Console Timeout setting works normally.

Issue Hotfix 3934 (SEG-53424),

The Antivirus Pattern Compliance dashboard of Control Manager incorrectly shows "-1%".

Solution

This hotfix ensures that Antivirus Pattern Compliance dashboard correctly shows the true value.

Issue Hotfix 3934 (SEG-46083),

Apex Central could not deploy the policy to agents with an IP address in the IPv6 ISATAP format.

Solution

This hotfix ensures that Apex Central translates the IPv6 ISATAP address to binary so it can deploy policies to affected agents correctly.

Issue Hotfix 3934 (SEG-47934),

The "Product Connection Status" widget does not display any information.

Solution

This hotfix ensures that the "Product Connection Status" widget displays information normally.

Issue Hotfix 3934 (VRTS-3302),

The Dashboard is affected by Cross-Site Scripting (XSS) issues.

Solution

This hotfix resolves the issue.

Issue Hotfix 3934 (SEG-55203),

The scan exclusion settings for Apex One Security Agent child policies are lost if the parent policy is edited.

Solution

This hotfix resolves the issue.

Issue Hotfix 3934 (SEG-52169),

The Apex Central policy cannot overwrite an Apex One agent configuration that has been edited locally.

Solution

This hotfix ensures that policies deployed to Apex One work normally.

Issue Hotfix 3934 (SEG-45082),

The license information of Trend Micro ServerProtect(TM) for Linux(TM) does not display in the product directory.

Solution

This hotfix ensures that the ServerProtect for Linux license information does displays normally in the product directory.

Issue Hotfix 3934 (SEG-39862),

The MDR server receives incomplete log from Control Manager when network is slow.

Solution

This hotfix would ensure that Control Manager send complete log to MDR server.

Issue Hotfix 3934 (SEG-51696),

In the "Log Maintenance" page, the number of product event logs always shows "0" even when there are logs in tb_AVEventLog.

Solution

This hotfix ensures that the correct product event log count displays on the "Log Maintenance" page.

Issue Hotfix 3934 (SEG-49098),

When users add a User-Defined Suspicious Object with Scan Action set to "Block", the action will be saved as "Log" instead of "Block".

Solution

This hotfix resolves the issue to ensure that users can save User-Defined Suspicious Objects with "Block" scan action normally.

Issue Hotfix 3934 (SEG-51689),

The endpoint count on Compliance Reports generated by Control Manager does not match the actual Trend Micro OfficeScan(TM) agent count.

Solution

This hotfix ensures that the correct endpoint count appears in Control Manager Compliance Reports.

Issue Hotfix 3934 (VRTS-3308), (VRTS-3300),

An information leakage issue was found in the Dashboard.

Solution

This hotfix resolves the issue.

Issue Hotfix 3934 (SEG-2782), (SEG-3307), (SEG-3303), (SEG-2634), (SEG-3302), (SEG-3305), (SEG-3306),

The Dashboard, LogQuery, Active Directory, and Compliance Settings pages of the Control Manager web console are affected by Reflected Cross-Site Scripting (XSS) issues.

Solution

This hotfix removes these issues.

Issue Hotfix 3934 (SEG-50646), (SEG-50211),

An issue prevents Control Manager from applying Device Control Setting rules to the Trend Micro OfficeScan(TM) Agent Policy.

Solution

This hotfix resolves the issue so Control Manager can apply Device Control Setting rules to the OfficeScan Agent Policy.

Issue Hotfix 3934 (SEG-49142),

A performance issue prevents the Control Manager web console from displaying Log Query results.

Solution

This hotfix resolves the performance issue so Log Query results can be displayed normally.

Issue Hotfix 3934 (SEG-52299),

The AD sync function cannot work normally when there is a large number of AD Organizational Units (OU).

Solution

This hotfix ensures that the AD sync function can handle a large number of AD OUs.

Issue Hotfix 3934 (SEG-53232),

The information in exported CSV and XML files may not match the corresponding information in the Control Manager web console.

Solution

This hotfix ensures that the information in exported CSV and XML files match the information on the Control Manager web console.

Issue Hotfix 3934 (SEG-50524),

Administrators cannot deploy policy settings from Control Manager to Apex One.

Solution

This hotfix resolves the issue to ensure that Control Manager successfully deploys policy settings to Apex One.

Issue Hotfix 3934 (SEG-50431),

The following Network Content Inspection Engine (NCIE) log headers are confusing users:

  • Traffic/Connection
  • Endpoint IP
  • Endpoint Port
  • Destination IP
  • Destination Port
  • Destination Domain
  • Target Process

Solution

This hotfix renames the following Network Content Inspection Engine (NCIE) log headers to minimize confusion: CONFUSING HEADING -> FIXED HEADING

  • Traffic/Connection -> Traffic Direction
  • Endpoint IP -> Local IP Address
  • Endpoint Port -> Local IP Address Port
  • Destination IP -> Remote IP Address
  • Destination Port -> Remote Address Port
  • Destination Domain -> Remote Domain
  • Target Process -> Process

Enhancement Hotfix 3934 (SEG-46207),

This hotfix updates the Deep Discovery Advanced Filter search mechanism to prevent a UI script injection error.

Enhancement Hotfix 3934 (SEG-45978),

This hotfix adds a new filter type "Security risk scan filter" in the log query page.

Enhancement Hotfix 3934 (SEG-52911),

This hotfix enables Apex Central to support Trend Micro Deep Discovery Director 5.0.

Enhancement Hotfix 3934 (SEG-51288),

This hotfix adds the option to configure Apex Central to use a proxy server for hub/node registration and synchronization.

Enhancement Hotfix 3934 (SEG-54282),

This hotfix enables Control Manager to support TMES 1.6 Update 6.

Enhancement Hotfix 3934 (SEG-41891),

Duplicate GUID Agents now are recorded.

Enhancement Hotfix 3934 (SEG-54795),

The update extends PHP execution time.

Enhancement Hotfix 3934 (SEG-54570), (SEG-54549),

Trend Micro Security for Mac policy deployment on reliability and optimizing for huge amount of agent counts environment.

Enhancement Hotfix 3934 (SEG-52290),

This hotfix ensures that when users trigger the duplicate policy tasks, redundant tasks are not sent.

Enhancement Hotfix 3934 (SEG-52537),

This hotfix ensures that LogForwarder enables the ping function only when the connection protocol is UDP.

Enhancement Hotfix 3934 (SEG-50431),

The following Network Content Inspection Engine (NCIE) log headers are confusing users:

  • Traffic/Connection
  • Endpoint IP
  • Endpoint Port
  • Destination IP
  • Destination Port
  • Destination Domain
  • Target Process
Enhancement Hotfix 3934 (SEG-25746),

This hotfix integrates Control Manager with version 9.1 of Trend Micro InterScan(TM) Messaging Security Suite (IMSS) for Linux(TM).

Enhancement Hotfix 3934 (SEG-48870),

This hotfix adds the new "Predictive Machine Learning Local File Model" pattern.

Enhancement Hotfix 3934 (SEG-48870),

This hotfix adds the new "Predictive Machine Learning Local File Model" pattern.

Enhancement Hotfix 3934 (SEG-47616),

This hotfix redefines the following variables in Trend Micro Data Loss Prevention(TM) (DLP) syslog content.

  • Product_Entity/Endpoint - endpoint name
  • Managing_Server – Trend Micro OfficeScan(TM) server name
Enhancement Hotfix 3934 (SEG-41900),

This hotfix adds the following two fields in the "Incident Details" page.

  • Last modified date
  • Last modified by
Enhancement Hotfix 3934 (SEG-54068), (SEG-53261),

This hotfix improves the performance of the policy detail pages of the Apex Central web console.

Enhancement Hotfix 3934 (SEG-55171),

Cloud service integration with Cloud App Security allows you to sweep protected mailboxes, correlate Active Directory user information, and generate Analysis Chains in Apex Central to better understand threat vectors and distribution across the entire network.

Issue Hotfix 3926 (SEG-53424),

The Antivirus Pattern Compliance dashboard of Control Manager incorrectly shows "-1%".

Solution

This hotfix ensures that Antivirus Pattern Compliance dashboard correctly shows the true value.

Enhancement Hotfix 3926 (SEG-54068),

This hotfix improves the performance of the policy detail pages of the Apex Central web console.

Enhancement Hotfix 3926 (SEG-52290),

This hotfix ensures that when users trigger the duplicate policy tasks, redundant tasks are not sent.

Issue Hotfix 3920 (VRTS-3302),

The Dashboard is affected by Cross-Site Scripting (XSS) issues.

Solution

This hotfix resolves the issue.

Issue Hotfix 3919 (SEG-49993),

Users encounter an "Out of memory" error when synching the Active Directory (AD) if there is a large number of AD groups.

Solution

This hotfix ensures that the AD sync function can handle a large number of AD groups.

Issue Hotfix 3919 (VRTS-3308),

The sample php files used to test for "log4php" show the internal path of applications.

Solution

This hotfix removes this potential vulnerability.

Issue Hotfix 3919 (SEG-49409),

The AD sync function cannot work normally when there is a large number of AD Organizational Units (OU).

Solution

This hotfix ensures that the AD sync function can handle a large number of AD OUs.

Issue Hotfix 3919 (VRTS-2782), (VRTS-3307), (VRTS-3303), (VRTS-2634), (VRTS-3302), (VRTS-3305), (VRTS-3306),

The Dashboard, LogQuery, Active Directory, and Compliance Settings pages of the Apex Central web console are affected by Reflected Cross-Site Scripting (XSS) vulnerabilities.

Solution

This hotfix removes these vulnerabilities.

Issue Hotfix 3919 (SEG-36321),

It takes long time to display the contents of Active Directory (AD) domains in the "User/Endpoint Directory" page.

Solution

This hotfix improves the performance of some related queries so that the "User/Endpoint Directory" page can display the contents of AD domains faster.

Issue Hotfix 3919 (SEG-34084),

In Control Manager 7.0 GM Build Patch 1, the scheduled hourly download job does not run on time.

Solution

This hotfix ensures that the scheduled hourly download job runs on time.

Issue Hotfix 3919 (SEG-40641),

An issue prevents Node Apex Central from syncing the Suspicious Objects list with the Hub Apex Central.

Solution

This hotfix resolves the issue so that Node Apex Central can sync the Suspicious Objects list with the Hub Apex Central successfully.

Issue Hotfix 3919 (SEG-41523),

Sometimes, Apex Central is unable to SSO to Apex One server.

Solution

This hotfix ensures that Apex Central is able to SSO to Apex One server successfully.

Issue Hotfix 3919 (SEG-32352),

A high CPU usage issue occurs when the value of the "bigwatermark" field is NULL.

Solution

This hotfix prevents the high CPU usage issue under this scenario.

Issue Hotfix 3919 (SEG-39360),

Data Discovery ad hoc query results cannot be generated.

Solution

This hotfix ensures that the Data Discovery ad hoc query results contain complete and accurate information.

Issue Hotfix 3919 (SEG-40362),

An issue prevents Apex Central from pushing the Data Loss Prevention(TM) (DLP) template to Trend Micro InterScan(TM) Web Security Virtual Appliance (IWSVA).

Solution

This hotfix resolves the issue so that Apex Central can push the DLP template to IWSVA successfully

Issue Hotfix 3919 (SEG-44127),

The "AD connection disabled" warning icon appears in the "User/Endpoint Directory" page of the Apex Central console when the Active Directory (AD) server name is too long.

Solution

This hotfix ensures that long AD server names no longer trigger the warning icon on the "User/Endpoint Directory" page.

Issue Hotfix 3919 (SEG-43280),

When the Active Directory (AD) filter is re-set, all child under a parent with a "half-checked" checkbox are not counted and re-selected.

Solution

This hotfix ensures that when counting the total number of ADs, each parent with a half-checked checkbox counts and reselects all child under it.

Issue Hotfix 3919 (SEG-42916),

Users cannot Single Sign-On (SSO) to the Apex one web console from the Apex Central web console.

Solution

This hotfix ensures that users can SSO to the Apex One web console from the Apex Central web console.

Issue Hotfix 3919 (SEG-40690),

A performance issue prevents users from downloading the "Unmanaged Endpoints" list from the Dashboard Operation Center widget.

Solution

This hotfix resolves the performance issue so users can download the "Unmanaged Endpoints" list from the Dashboard Operation Center widget successfully.

Issue Hotfix 3919 (SEG-39577), (SEG-44216),

The "DLP Incidents by Channel" widget does not display any information when users click on the "Incidents by Action" pie chart.

Solution

The hotfix ensures that the corresponding information displays after users click on the "Incidents by Action" chart on the "DLP Incidents by Channel" widget.

Issue Hotfix 3919 (SEG-43688),

Widgets in the "DLP Incident Investigation" page do not display any information.

Solution

This hotfix ensures that widgets in the "DLP Incident Investigation" page display information normally.

Issue Hotfix 3919 (SEG-44877),

The C&C Callback Events widget does not display correct results.

Solution

This hotfix ensures that the C&C Callback Events widget displays complete and accurate query results.

Issue Hotfix 3919 (SEG-43152),

In the "Scheduled/Manual update" pages, if a user saves changes to the settings a second time without refreshing the page and without changing the UNC password, the original UNC password will be cleared, resulting in update failures.

Solution

This hotfix allows the user to save the changes in the "Scheduled/Manual update" pages multiple times without refreshing the pages.

Issue Hotfix 3919 (SEG-44397),

The scheduled hourly download job does not run on time.

Solution

This hotfix ensures that the scheduled hourly download job runs on time.

Issue Hotfix 3919 (SEG-46675),

Users may not be able to see some Active Directory (AD) users under specific domains while adding users to the "Active Directory user or group" list.

Solution

This hotfix ensures that users can view all users under each domain.

Issue Hotfix 3919 (SEG-46690),

In Microsoft(TM) Edge, the Top Email Recipients of Advanced Threats widget and Email Messages with Advanced Threats widget display a blank page when users drill down on any information on the widgets.

Solution

This hotfix ensures that the widgets display complete and accurate information in Microsoft Edge.

Issue Hotfix 3919 (SEG-47693),

When Apex Central deploys commands directly to the Trend Micro ServerProtect for Microsoft(TM) Windows(TM) NT Normal Server, the deployment may fail.

Solution

This hotfix ensures that Apex Central can deploy commands to the ServerProtect Normal Server normally.

Issue Hotfix 3919 (SEG-47473),

On the Apex Central web console, "N/A" appears on the "Scan Method" column for Apex One agents that use "Conventional Scan".

Solution

This hotfix ensures that the correct Apex One agent scan method information is displayed on the Apex Central web console.

Issue Hotfix 3919 (SEG-46058),

The scheduled hourly download job does not run on time.

Solution

This hotfix ensures that the scheduled hourly download job runs on time.

Issue Hotfix 3919 (SEG-50522),

An issue prevents Apex Central from applying "Run cleanup when probable virus/malware is detected" to the apex One Security Agent Policy.

Solution

This hotfix resolves the issue.

Issue Hotfix 3919 (SEG-45534),

If a child policy is set to inherit the settings from a parent policy that does not have a scan exclusion list, the child policy will not display the scan exclusion list after it is added to the parent policy.

Solution

This hotfix ensures a child policy that is set to inherit the settings from a parent policy displays the scan exclusion list once it is added to the parent policy.

Issue Hotfix 3919 (VRTS-3263), (VRTS-3192),

There are some Cross-Site Scripting (XSS) vulnerabilities in the "Policy Management" page.

Solution

This hotfix removes these XSS vulnerabilities from the "Policy Management" page.

Issue Hotfix 3919 (SEG-45636),

Some user accounts that have just been assigned read only access roles receive "Scheduled incident summary" and "Scheduled incident increase" notifications.

Solution

This hotfix ensures that user accounts that have read only access roles do not receive "Scheduled incident summary" and "Scheduled incident increase" notifications.

NOTE: This solution does not cover existing roles. You need to save each existing role again to apply the solution.

Issue Hotfix 3919 (SEG-49807),

The Application Control Criteria could not be exported in Microsoft(TM) Internet Explorer(TM) or Edge web browser.

Solution

This hotfix updates the Apex Central files to fix this issue.

Issue Hotfix 3919 (SEG-49481),

Users cannot see the users and endpoints in the "User/Endpoint Directory" page in Internet Explorer 11.

Solution

This hotfix ensures that the "User/Endpoint Directory" page displays normally in Internet Explorer 11.

Enhancement Hotfix 3919 (SEG-47568),

This hotfix adds the following four hidden default fields in the Log Query page for iAC detection logs.

  • Matched File Path
  • Detections
  • File Last Modified
Enhancement Hotfix 3919 (SEG-47574),

This hotfix adds the "Application" hidden default field in the Log Query page for iAC application control logs.

Enhancement Hotfix 3919 (SEG-42289),

This hotfix adds the "Risk Level" field in the Log Query page for Attack Discovery detections.

Enhancement Hotfix 3919 (SEG-43028),

This hotfix adds the following eight fields in the Log Query page for Attack Discovery detections.

  • Auth Priv Name
  • Auth Priv Attribute
  • Auth Priv Disable All
  • Source IP Address
  • Source IP Address Port
  • Destination URL
  • WMI Event
  • Windows Event Log Content
Enhancement Hotfix 3919 (SEG-50314),

This hotfix adds the following five fields in the Log Query page for Attack Discovery detections.

  • AMSI App Name
  • AMSI App File
  • AMSI App Version
  • AMSI App Content File
  • AMSI Content
Enhancement Hotfix 3919 (SEG-33968),

This hotfix enables Apex Central to support Trend Micro SafeLock.

Enhancement Hotfix 3919 (SEG-40749),

This hotfix enables Apex Central to support Deep Discovery Director 3.5

Enhancement Hotfix 3919 (SEG-42421),

This hotfix enables Apex Central to support the new engine component "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5500)" for Trend Micro Deep Discovery Inspector 5.5.

Enhancement Hotfix 3919 (SEG-44954),

This hotfix enables the AD to sync with the Global Catalog and to support SSL connections.

Enhancement Hotfix 3919 (SEG-41759),

This hotfix allows users to import the Device Control approved list from the "Policies > Policy Resource > Device Control Approved Device List" page and apply the list to all Apex One Security Agent Policies.

Enhancement Hotfix 3919 (SEG-46798),

This hotfix updates the Apex One (Mac) 2019 policy setting in Apex Central to support the latest build of the Apex One (Mac) 2019 agent.

Enhancement Hotfix 3919 (SEG-29449),

The hotfix enables Apex Central to use the report title to name the corresponding report notification email attachment.

Enhancement Hotfix 3919 (SEG-49374),

This hotfix updates the expression for the Data Loss Prevention(TM) (DLP) data identifier "Japan: Date" to the new era "令和".

Enhancement Hotfix 3919 (SEG-53430),

This hotfix introduces the following enhancements for Endpoint Sensor.

  • MITRE ATT&CK(TM) Enterprise Tactics and Techniques integration and AMSI information in Advance discovery detection logs and in related notifications and exported logs
  • Threat Connect and VirusTotal as third-party intelligence information in preliminary investigation, root cause analysis, and details investigation
  • Upgrades to the database schema and synchronization mechanism and related functions from the on-premises to the SaaS.
  • Support for preliminary investigation by querying meta using SHA-256 and MD5
  • Shortened meta upload frequency to 15 minutes
  • Investigation task management
  • Option to search for investigation tasks by endpoint names, IP addresses, task names, criteria and creators for One-time Investigation and Scheduled Investigation
  • RCA reports to contain invalid signer on visualized RCA information and explanation for suspicious objects
  • The option to show or hide the license request message in terms of license in the agent policy Converted TUID to GUID in inputs and outputs of the open API interfaces in open API
Enhancement Hotfix 3919

Policy widget enhancements for Apex One (Mac):

  • Web Reputation: Includes a new option to send web reputation logs to the Apex One (Mac) server
  • Device Control: Allows underscores (_) for the vendor name in the USB Storage Approved List

8. Files Included in This Release

There are no files included in this Patch release.

9. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

https://www.trendmicro.com/en_us/contact.html

NOTE: This information is subject to change without notice.

10. About Trend Micro

Smart, simple, security that fits.

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2023, Trend Micro Incorporated. All rights reserved.

Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

11. License Agreement

View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html

Third-party licensing agreements can be viewed:

  • By selecting the "About" option in the application user interface
  • By referring to the "Legal" page of the Administrator's Guide
Back to Top