Contents
1. Patch Release Information
Resolved Known Issues
This Patch resolves the following issue(s):
The Apex One Vulnerability Protection service cannot start successfully on the Turkish version of the Microsoft(TM) Windows(TM) server platform because it uses the all caps version of the database column name, "SYSTEMVERSİONID".
Solution:
This patch updates the database column name in the Apex One Vulnerability Protection server to "SystemVersionID" to resolve this issue.
A program on an endpoint triggers the Behavior Monitoring module.
Solution:
This patch adds a command related to the program to the exception list to solve this issue.
Procedure:
To apply and deploy the solution globally:
- Install this patch (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the following keys and values.
- [Global Setting]
- AegisSPSetCMDCount=1
- AegisSPSetCMDSubImagePath0=C:\Windows\System32\cmd.exe
- AegisSPSetCMDImagePath0=certutil.exe
- AegisSPSetCMDCmdLine0=-urlcache-splithttpzip*
- AegisSPSetCMDAct0=0
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the settings to agents. The Apex One server deploys the command to security agents and adds the following registry entries on all security agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDCount
- Type: DWORD
- Value: 1
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDSubImagePath0
- Type: REG_SZ
- Value: C:\Windows\System32\cmd.exe
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDCmdLine0
- Type: REG_SZ
- Value: -urlcache-splithttpzip*
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDImagePath0
- Type: REG_SZ
- Value: certutil.exe
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDAct0
- Type: DWORD
- Value: 0
Enhancements
The following enhancements are included in this Patch:
This patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1909) November 2019 Update.
This patch adds a mechanism that can help reduce the probability of errors during Apex One server and Apex One security agent updates.
Files Included in this Release
A. Files for Current Issue(s) ------------------------------------------------------------------- Filename Build Number ------------------------------ ------------ Apex One\PCCSRV\Admin\Utility\EdgeServer\*.* Apex One\PCCSRV\Admin\Utility\SQL\*.* Apex One\PCCSRV\Pccnt\Disk1\*.* Apex One\PCCSRV\ ------------------------------------------------------------------- AutoPcc.exe 14.0.0.2087 AUTOPCC.MSG * AutoPccP.exe 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 DatFHS.dll 14.0.0.2038 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 loadhttp.dll 14.0.0.2038 ofc_loadhttp.dll 14.0.0.2038 OfcPfwCommon.dll 14.0.0.2038 OfcPIPC.dll 14.0.0.2038 OfcSvcConfig.exe 14.0.0.2087 readme.htm * ssleay32.dll 1.0.2.20 SvrSvcSetup.exe 14.0.0.2087 Apex One\PCCSRV\Admin\ ------------------------------------------------------------------- Build.exe 2.86.0.2088 Build64.exe 2.86.0.2088 InstReg.exe 14.0.0.2038 loadhttp.dll 14.0.0.2038 ofc_loadhttp.dll 14.0.0.2038 patch.exe 2.86.0.2088 patch64.exe 2.86.0.2088 SetupMan.dll 14.0.0.2087 TmUpdate.dll 2.86.0.2088 TmUpdate64.dll 2.86.0.2088 TSC.exe 7.5.0.1137 TSC64.exe 7.5.0.1137 Wizard.exe 14.0.0.2038 Wizard_64x.exe 14.0.0.2038 Apex One\PCCSRV\Admin\Utility\ClientPackager\ ------------------------------------------------------------------- CLIENTMSISETUP_MSI * ClnPack.exe 14.0.0.2087 ClnPack.ini * OfcPfwCommon.dll 14.0.0.2038 Apex One\PCCSRV\Admin\Utility\IpXfer\ ------------------------------------------------------------------- IpXfer.exe 14.0.0.2038 IpXfer_x64.exe 14.0.0.2038 Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x64\ ------------------------------------------------------------------- osfExt_iACClient_x64.dll 3.0.0.2005 osfExt_iATASClient_x64.dll 1.7.0.1035 osfExt_iESClient_x64.dll 3.0.0.1528 osfExt_iVPClient_x64.dll 3.0.0.2032 Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x86\ ------------------------------------------------------------------- osfExt_iACClient.dll 3.0.0.2005 osfExt_iATASClient.dll 1.7.0.1035 osfExt_iESClient.dll 3.0.0.1528 osfExt_iVPClient.dll 3.0.0.2032 Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iAC\ ------------------------------------------------------------------- osfExt_iACCMAGENT.dll 3.0.0.2005 osfExt_iACMasterService.dll 3.0.0.2005 Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iES\ ------------------------------------------------------------------- osfExt_iESCMAGENT.dll 3.0.0.1528 osfExt_iESMasterService.dll 3.0.0.1528 Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iVP\ ------------------------------------------------------------------- osfExt_iVPCMAGENT.dll 3.0.0.2032 osfExt_iVPMasterService.dll 3.0.0.2032 Apex One\PCCSRV\Admin\Utility\ListDeviceInfo\ ------------------------------------------------------------------- listDeviceInfo.conf.ini * listDeviceInfo.exe 6.2.0.1249 Apex One\PCCSRV\Admin\Utility\MessageQueue\ ------------------------------------------------------------------- libOsceMsmq.dll 14.0.0.2087 Apex One\PCCSRV\Admin\Utility\PolicyExportTool\ ------------------------------------------------------------------- ApexOneSettingsExportTool.exe 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 ServerMigrationTool.ex_ 14.0.0.2087 Apex One\PCCSRV\Admin\Utility\ServerMigrationTool\ ------------------------------------------------------------------- CGIOCommon.dll 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 ServerMigrationTool.exe 14.0.0.2087 Apex One\PCCSRV\Admin\Utility\SQL\ ------------------------------------------------------------------- SqlTxfr.exe 14.0.0.2087 Apex One\PCCSRV\Admin\Utility\TCacheGen\ ------------------------------------------------------------------- TCacheGen.exe 14.0.0.2087 TCacheGen_x64.exe 14.0.0.2087 TCacheGenCli.exe 14.0.0.2087 TCacheGenCli_x64.exe 14.0.0.2087 Apex One\PCCSRV\Admin\Utility\TMVS\ ------------------------------------------------------------------- DatFHS.dll 14.0.0.2038 libeay32.dll 1.0.2.20 loadhttp.dll 14.0.0.2038 ssleay32.dll 1.0.2.20 TMVS.exe 14.0.0.2087 Apex One\PCCSRV\CmAgent\ ------------------------------------------------------------------- CGIResUTF8.dll 14.0.0.2087 DatFHS.dll 14.0.0.2038 En_I18N.dll 5.0.0.2363 En_Utility.dll 5.0.0.2363 libapr-1.dll 1.5.2.0 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 ProductLibrary.dll 14.0.0.2087 ProductUI.zip * ssleay32.dll 1.0.2.20 TrendAprWrapperDll.dll 5.0.0.2363 zlibwapi.dll 1.2.11.1002 Apex One\PCCSRV\Download\ ------------------------------------------------------------------- ClnPack_files.xml * Apex One\PCCSRV\Download\Engine\ ------------------------------------------------------------------- TMEBC32.sig * TMEBC32.zip * TMEBC64.sig * TMEBC64.zip * TSC.sig * TSC.zip * TSC64.sig * TSC64.zip * Apex One\PCCSRV\Download\Product\ ------------------------------------------------------------------- DlpLite.sig * DlpLite_3rdParty.zip 6.2.1307 DlpLite_3rdParty_x64.zip 6.2.1307 DlpLite_Common.zip 6.2.1319 DlpLite_Common_x64.zip 6.2.1319 DlpLite_x64.sig * Apex One\PCCSRV\Engine\ ------------------------------------------------------------------- ssapi32.dll 6.2.1.4035 TmAegisSysEvt.dll 2.98.0.1260 TmAMSIProvider.dll 8.50.0.2071 TMBMCLI.dll 2.98.0.1260 TMBMSRV.exe 2.98.0.1260 tmcomeng.dll 2.98.0.1260 TmEngDrv.dll 2.98.0.1260 TMPEM.dll 2.98.0.1260 TmSysEvt.dll 8.50.0.2071 tmwlutil.dll 2.98.0.1260 Apex One\PCCSRV\Engine\CCSF\TrxHandler\ ------------------------------------------------------------------- libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 ssleay32.dll 1.0.2.20 trxhandler.dll 1.100.0.1071 Apex One\PCCSRV\Engine\x64\ ------------------------------------------------------------------- ssapi64.dll 6.2.1.4035 TmAegisSysEvt.dll 2.98.0.1260 TmAMSIProvider64.dll 8.50.0.2071 TMBMCLI.dll 2.98.0.1260 TMBMSRV.exe 2.98.0.1260 tmcomeng.dll 2.98.0.1260 TmEngDrv.dll 2.98.0.1260 TMPEM.dll 2.98.0.1260 TmSysEvt.dll 8.50.0.2071 tmwlutil.dll 2.98.0.1260 TSC64.exe 7.5.0.1137 Apex One\PCCSRV\Engine\x64\CCSF\TrxHandler\ ------------------------------------------------------------------- libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 ssleay32.dll 1.0.2.20 trxhandler.dll 1.100.0.1071 Apex One\PCCSRV\OSF_Extension\iAC\ ------------------------------------------------------------------- osfExt_iACCMAGENT.dll 3.0.0.2005 osfExt_iACMasterService.dll 3.0.0.2005 Apex One\PCCSRV\OSF_Extension\iES\ ------------------------------------------------------------------- osfExt_iESCMAGENT.dll 3.0.0.1528 osfExt_iESMasterService.dll 3.0.0.1528 Apex One\PCCSRV\OSF_Extension\iVP\ ------------------------------------------------------------------- osfExt_iVPCMAGENT.dll 3.0.0.2032 osfExt_iVPMasterService.dll 3.0.0.2032 Apex One\PCCSRV\Pccnt\ ------------------------------------------------------------------- ClientConsole.zip * NTRtScan.exe 14.0.0.2038 Apex One\PCCSRV\Pccnt\Common\ ------------------------------------------------------------------- CCSF_WIN32.zip * DatFHS.dll 14.0.0.2038 fcWofieUI.dll 14.0.0.2038 ICRCHdler.dll 2.83.0.1021 libCNTTmPollingModule.dll 14.0.0.2038 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 loadhttp.dll 14.0.0.2038 NTRmv.exe 14.0.0.2038 ofc_loadhttp.dll 14.0.0.2038 OfcCCCAUpdate.exe 14.0.0.2038 OfcPfwCommon.dll 14.0.0.2038 OfcPfwSvc.dll 14.0.0.2038 OfcPIPC.dll 14.0.0.2038 osfExt_iACClient.dll 3.0.0.2005 osfExt_iATASClient.dll 1.7.0.1035 osfExt_iESClient.dll 3.0.0.1528 osfExt_iVPClient.dll 3.0.0.2032 PccNT.exe 14.0.0.2038 PccNTMon.exe 14.0.0.2038 ssleay32.dll 1.0.2.20 TmListen.exe 14.0.0.2038 TmListenShare.dll 14.0.0.2038 TmopCfg.dll 3.7.0.1134 Tmopcfscan.dll 3.7.0.1134 TmopCtl.dll 3.7.0.1134 TmopDbg.dll 3.7.0.1134 TmoppeCertPin.dll 3.7.0.1134 TmoppeEvts.dll 3.7.0.1134 TmoppeHosF.dll 3.7.0.1134 TmoppePDP.dll 3.7.0.1134 TmoppeSAL.dll 3.7.0.1134 TmoppeSsF.dll 3.7.0.1134 TmoppeUrlF.dll 3.7.0.1134 TmoppeVS.dll 3.7.0.1134 TmopphDns.dll 3.7.0.1134 TmopphHttp.dll 3.7.0.1134 TmopphHttp2.dll 3.7.0.1134 TmopphPop3.dll 3.7.0.1134 TmopphSmtp.dll 3.7.0.1134 TmopphSocks.dll 3.7.0.1134 TmopphSvrHello.dll 3.7.0.1134 TmopPlgAdp.dll 3.7.0.1134 Tmopsent.dll 3.7.0.1134 TmopsmHttp.dll 3.7.0.1134 TmopsmMail.dll 3.7.0.1134 TmopsmProxy.dll 3.7.0.1134 TmopsmSvrHello.dll 3.7.0.1134 TmPac.dll 14.0.0.2038 TmSock.dll 14.0.0.2038 TmSSClient.exe 14.0.0.2038 tmufeng.dll 3.91.0.1021 TmWatchdog.dll 14.0.0.2038 TmWatchdog.exe 14.0.0.2038 Upgrade.exe 14.0.0.2038 WofieLauncher.exe 14.0.0.2038 Apex One\PCCSRV\Pccnt\Drv\ ------------------------------------------------------------------- tmactmon.cat * tmactmon.inf * tmactmon.sys 2.98.0.1203 tmcomm.cat * tmcomm.inf * tmcomm.sys 8.20.0.1030 tmebc.cat * TMEBC.inf * TMEBC32.sys 1.5.0.1045 tmevtmgr.cat * tmevtmgr.inf * tmevtmgr.sys 2.98.0.1203 Apex One\PCCSRV\Pccnt\Drv\X64\ ------------------------------------------------------------------- tmactmon.cat * tmactmon.inf * tmactmon.sys 2.98.0.1203 tmcomm.cat * tmcomm.inf * tmcomm.sys 8.20.0.1030 tmebc.cat * TMEBC.inf * TMEBC64.sys 1.5.0.1045 tmevtmgr.cat * tmevtmgr.inf * tmevtmgr.sys 2.98.0.1203 Apex One\PCCSRV\Pccnt\Win64\X64\ ------------------------------------------------------------------- CCSF_X64.zip * DatFHS.dll 14.0.0.2038 fcWofieUI.dll 14.0.0.2038 ICRCHdler.dll 2.83.0.1021 InstReg.exe 14.0.0.2038 libCNTTmPollingModule_64x.dll 14.0.0.2038 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 loadhttp_64x.dll 14.0.0.2038 NTRmv.exe 14.0.0.2038 Ntrtscan.exe 14.0.0.2038 ofc_loadhttp_64x.dll 14.0.0.2038 OfcCCCAUpdate.exe 14.0.0.2038 OfcPfwCommon_64x.dll 14.0.0.2038 OfcPfwSvc_64x.dll 14.0.0.2038 OfcPIPC_64x.dll 14.0.0.2038 osfExt_iACClient_x64.dll 3.0.0.2005 osfExt_iATASClient_x64.dll 1.7.0.1035 osfExt_iESClient_x64.dll 3.0.0.1528 osfExt_iVPClient_x64.dll 3.0.0.2032 PccNT.exe 14.0.0.2038 PccNTMon.exe 14.0.0.2038 ssleay32.dll 1.0.2.20 TmListen.exe 14.0.0.2038 TmListenShare_64x.dll 14.0.0.2038 TmopCfg.dll 3.7.0.1134 Tmopcfscan.dll 3.7.0.1134 TmopCtl.dll 3.7.0.1134 TmopDbg.dll 3.7.0.1134 TmoppeCertPin.dll 3.7.0.1134 TmoppeEvts.dll 3.7.0.1134 TmoppeHosF.dll 3.7.0.1134 TmoppePDP.dll 3.7.0.1134 TmoppeSAL.dll 3.7.0.1134 TmoppeSsF.dll 3.7.0.1134 TmoppeUrlF.dll 3.7.0.1134 TmoppeVS.dll 3.7.0.1134 TmopphDns.dll 3.7.0.1134 TmopphHttp.dll 3.7.0.1134 TmopphHttp2.dll 3.7.0.1134 TmopphPop3.dll 3.7.0.1134 TmopphSmtp.dll 3.7.0.1134 TmopphSocks.dll 3.7.0.1134 TmopphSvrHello.dll 3.7.0.1134 TmopPlgAdp.dll 3.7.0.1134 Tmopsent.dll 3.7.0.1134 TmopsmHttp.dll 3.7.0.1134 TmopsmMail.dll 3.7.0.1134 TmopsmProxy.dll 3.7.0.1134 TmopsmSvrHello.dll 3.7.0.1134 TmPac_64x.dll 14.0.0.2038 TmSock_64x.dll 14.0.0.2038 TmSSClient.exe 14.0.0.2038 tmufeng.dll 3.91.0.1021 TmWatchdog.dll 14.0.0.2038 TmWatchdog.exe 14.0.0.2038 Upgrade.exe 14.0.0.2038 WofieLauncher.exe 14.0.0.2038 Apex One\PCCSRV\Private\ ------------------------------------------------------------------- DlpClc.xml * Apex One\PCCSRV\Private\certificate\ ------------------------------------------------------------------- libeay32.dll 1.0.2.20 openssl.exe * ssleay32.dll 1.0.2.20 Apex One\PCCSRV\Web\Service\ ------------------------------------------------------------------- Build.exe 2.86.0.2088 CGIOCommon.dll 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 CmdHOConsole.dll 14.0.0.2087 DatFHS.dll 14.0.0.2038 DbServer.exe 14.0.0.2087 libCmdHndlrClientV2.dll 14.0.0.2087 libCmdHndlrConsoleV2.dll 14.0.0.2087 libCmdHndlrSA.dll 14.0.0.2087 libcurl.dll 7.66.0.0 libcurl_ofc.dll 7.66.0.0 libeay32.dll 1.0.2.20 libLogHandler.dll 14.0.0.2087 libOsceMsmq.dll 14.0.0.2087 libOSFSvcClient.dll 14.0.0.2087 loadhttp.dll 14.0.0.2038 ofc_loadhttp.dll 14.0.0.2038 OfcCCCAUpdate.exe 14.0.0.2038 OfcDBBackup.exe 14.0.0.2087 OfcDownload.dll 14.0.0.2087 OfcHotFix.exe 14.0.0.2087 OfcNotifyQueue.dll 14.0.0.2087 OfcPfwCommon.dll 14.0.0.2038 OfcPurgeLog.dll 14.0.0.2087 OfcService.exe 14.0.0.2087 patch.exe 2.86.0.2088 ssleay32.dll 1.0.2.20 TmUpdate.dll 2.86.0.2088 VerConn.exe 14.0.0.2087 Apex One\PCCSRV\Web_OSCE\Web\CGI\ ------------------------------------------------------------------- CGIOCommon.dll 14.0.0.2087 cgiRecvFile.exe 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 isapiClient.dll 14.0.0.2087 isapiClientx64.dll 14.0.0.2087 isapiClientX86.dll 14.0.0.2087 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 loadhttp.dll 14.0.0.2038 OfcPfwCommon.dll 14.0.0.2038 ssleay32.dll 1.0.2.20 SSO_PKIHelper.dll 5.0.0.2363 Apex One\PCCSRV\Web_OSCE\Web_Console\CGI\ ------------------------------------------------------------------- cgiAuthManagement.exe 14.0.0.2087 cgiCmdNotify.exe 5.0.0.2363 CGIOCommon.dll 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 cgiShowActiveDirectory.exe 14.0.0.2087 cgiShowClientAdm.exe 14.0.0.2087 cgiShowComplianceReport.exe 14.0.0.2087 cgiShowLogs.exe 14.0.0.2087 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 loadhttp.dll 14.0.0.2038 OfcPfwCommon.dll 14.0.0.2038 ssleay32.dll 1.0.2.20 SSO_PKIHelper.dll 5.0.0.2363 TmUpdate.dll 2.86.0.2088 TrendAprWrapperDll.dll 5.0.0.2363 Apex One\PCCSRV\Web_OSCE\Web_console\HTML\ad_integration\ ------------------------------------------------------------------- ad_integration.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\Auth\ ------------------------------------------------------------------- admin_account_info.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\ ------------------------------------------------------------------- bm_settings.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ ------------------------------------------------------------------- client_list_2.htm * client_move.htm * client_ofsc_services.htm * client_searchwindow.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\ ------------------------------------------------------------------- ln_common.js * ln_logs.js * trend-ui-opt_list.js * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\css\ ------------------------------------------------------------------- l10n-style.css * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\ ------------------------------------------------------------------- l10n.behavior_monitoring.js * l10n.clientmag.js * l10n.logs.js * l10n.vdi.js * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\util\ ------------------------------------------------------------------- common.js * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\ ------------------------------------------------------------------- installing_computers.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\dlp\ ------------------------------------------------------------------- dlp_Entities_addedit.htm * dlp_settings.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\logs\ ------------------------------------------------------------------- logs_ccca.htm * logs_pfw.htm * logs_pfw_view.htm * logs_spyware.htm * logs_WebSecurity.htm * Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\summary\ ------------------------------------------------------------------- summary_top10_osce.htm * Apex One\PCCSRV\Web_OSCE\Web_console\HTML\tools\ ------------------------------------------------------------------- tools_admin_clients.htm * Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\update\ ------------------------------------------------------------------- client_deployment_automatic.htm * Apex One\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\ ------------------------------------------------------------------- CGIOCommon.dll 14.0.0.2087 cgiRemoteInstall.exe 14.0.0.2087 CGIResUTF8.dll 14.0.0.2087 libcurl.dll 7.66.0.0 libeay32.dll 1.0.2.20 loadhttp.dll 14.0.0.2038 SetupMan.dll 14.0.0.2087 Wizard.exe 14.0.0.2038 Wizard_64x.exe 14.0.0.2038 Apex One\PCCSRV\Download\Product\iService\ ------------------------------------------------------------------- hfx_iAC.zip * hfx_iAC_x64.zip * instupg_iAC.zip * instupg_iAC_x64.zip * hfx_iATAS.zip * hfx_iATAS_x64.zip * instupg_iATAS.zip * instupg_iATAS_x64.zip * instupg_iES.zip * instupg_iES_x64.zip * hfx_iVP.zip * hfx_iVP_x64.zip * instupg_iVP.zip * instupg_iVP_x64.zip * iServiceInst.ini * iServiceUpd.ini * B. Network Traffic Required in Deployment ------------------------------------------------------------------- Estimated size (in terms of bandwidth) of deployed agent files in this patch. - 32-bit agent total = 215.6 MB - 64-bit agent total = 273.2 MB
2. Documentation Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
- Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
- To access the Support Portal, go to http://esupport.trendmicro.com
3. System Requirements
4. Installation/Uninstallation
Installing
To install:
- Copy the Patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This Patch installation package automatically rolls back the Apex One server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.
Uninstalling
To manually roll back to the previous build:
- Locate the backup folder that the Patch package created in the "\PCCSRV\Backup\Patch1_B2087" directory.
- Stop the Apex One Master Service.
- Stop the Apex One Apex Central Agent Service.
- Copy the backup modules to the original folders.
- Start the Apex One Apex Central Agent Service.
- Start the Apex One Master Service.
5. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
6. Known Issues
There are no known issues for this Patch release.
7. Release History
Prior Hotfixes
Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.
(VRTS-3171)
A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(SEG-50319)
Changes in the Google API prevents Data Loss Prevention(TM) (DLP) from detecting sensitive information sent through Gmail in Google Chrome 73.
Solution:
This hotfix resolves the issue by enabling the DLP module to support the "Http/Https" and "Open file dialog" functionality in Google Chrome 73.
(SEG-49467)
The tmlisten service stops unexpectedly when users add an NIC description in the Personal Firewall (PFW) profile and deploy the profile to agents.
Solution:
This hotfix updates the Apex One Security Agent program to resolve the issue.
(SEG-49381)
The Smart Scan Pattern of File Reputation Services occupies a large amount of disk space on the Apex One server.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-48555)
When users install Apex One and use a domain account to connect to the database, the installation will not be able to create a database and iES will not be installed successfully.
Solution:
This hotfix updates the impersonate method to solve this issue.
(SEG-49534)
When the Apex One environment runs an sqlpackage older that 2016 or one that contains both x86 and x64 versions of version 2016, iES will not be able to create the database because of an incompatible sqlpackage version.
Solution:
This hotfix resolves the issue by enabling the installer to prioritize the x64 version of the sqlpackage during installation.
(SEG-50727)
When a user starts a Security Agent outside the corporate network, the Security Agent does not communicate on Online status to the Edge Relay Server.
Solution:
This hotfix updates Security Agent program to send an Online status to the Edge Relay Server as soon as the Security Agent program starts.
(SEG-51198)
The Apex One Application Control lockdown feature does not work after users switch to a different user account.
Solution:
This hotfix ensures that the feature works normally.
(SEG-50399)
This hotfix updates the DLP template to reduce the performance impact of Apex One.
(SEG-45353)
The Security Agent program may become corrupted when users install it from the MSI installation package (Windows Installer) using the wrong command in the command line.
Solution:
This critical patch enables the Apex One security agent installation to abort the MSI installation process if it encounters an unexpected command.
(SEG-49936), (SEG-49847)
An issue related to the Microsoft(TM) Excel(TM) files with macro content cannot be saved to a network shared folder from an endpoint, some Microsoft Excel temp files cannot be deleted after trying to save the files.
Solution:
This critical patch updates the Apex One security agent program to resolve this issue.
(SEG-50774)
This critical patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1903) May 2019 Update.
(VRTS-3389)
An unquoted service path enumeration vulnerability may allow an attacker administrator privileges to the Apex One security agent service.
Solution:
This hotfix updates the Apex One security agent program to remove the vulnerability.
(SEG-53931)
Coexisting Apex One security agents cannot set the server information of the Smart Protection Service Proxy correctly. When this happens, the coexisting agents do not send query requests through the Smart Protection Service proxy but directly to the Trend Micro Smart Protection Network instead. This may cause a connection issue if the agents cannot connect to the Internet.
Solution:
This hotfix updates the Apex One security agent program to resolve the issue.
(SEG-52575)
The installation status on the "Agent Installation Progress" page of the Apex One web console is inaccurate.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52409)
A specific keyword triggers the DLP template that does not have any criteria specified.
Solution:
This hotfix updates the DLP template to resolve this issue.
(SEG-50435)
The Connection Status (Online/Offline) of an agent on the web console changes each time a user logs on or off from the client computer.
Solution:
This hotfix updates the Apex One agent program to resolve the issue.
(SEG-52048)
Attempting to restart or stop the WMI service (winmgmt) is unsuccessful on endpoints with the Security Agent installed. The tmlisten service of the Security Agent has a dependency with the WMI service.
Solution:
This hotfix updates the Security Agent program to remove the WMI service dependency.
(SEG-52302)
When the Apex One server registers to the Apex Central server, the Apex One Master Service may stop unexpectedly because of an empty private key.
Solution:
This hotfix updates the Apex One server program to ensure that it can handle an empty public/private key.
(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)
An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.
Solution:
This hotfix helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.
(SEG-49807)
Users cannot export the Application Control criteria in Microsoft(TM) Internet Explorer(TM) or the Edge web browser.
Solution:
This hotfix updates the Apex Central files to resolve this issue.
(SEG-53729)
When the "Do not allow users to access the Security Agent console from the system tray or Windows Start menu setting" option is enabled on the Apex One web console, the Apex One Security Agent console cannot be accessed while "PccNT.exe" is running.
Solution:
This hotfix updates a parameter in "wofielauncher.exe" to resolve the issue.
(SEG-54390)
The Vulnerability Protection server service start up fails on platforms that disable Transport Layer Security (TLS) 1.0.
Solution:
This hotfix updates the Vulnerability Protection server to prevent the TLS version issue.
(SEG-51211)
Vulnerability Protection causes unusual CPU usage on some workstations and servers.
Solution:
This hotfix modifies the Vulnerability Protection service to prevent unusual CPU usage.
(VRTS-3314)
This hotfix adds a dynamic share key for Apex One security agents in the encryption and decryption algorithm.
(SEG-51005)
This hotfix adds new Regular Expressions to the Trend Micro Data Loss Prevention(TM) (DLP) Data Identifiers.
(SEG-47568)
This hotfix updates the Apex Central files to display more information about the Application Control violation log entries.
NOTE: This feature requires the installation of Apex Central hotfix 3919 or above.
(SEG-53904)
Security Agents with the Behavior Monitoring program inspection feature enabled may cause Adobe Acrobat/Reader to stop unexpectedly.
Solution:
This hotfix updates the program inspection feature to resolve this issue.
(SEG-52740)
When users attempt to configure the Device Control settings on an Apex One Security Agent by deploying a policy from the Apex Central web console, the Device Control settings cannot be applied on the agent if Data Loss Prevention(TM) (DLP) is not enabled on the agent.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52269)
If the activation (AC) key is deployed after its expiration date has been extended, the ES service will still receive the original expiration date.
Solution:
This hotfix ensures that the ES service will receive the AC key's new expiration date.
(SEG-54380)
The Endpoint Sensor may purge the Root Cause Analysis results by mistake when Apex Central is managing more than one Apex One server.
Solution:
This hotfix resolves the issue.
(SEG-52034)
In rare instances, the Endpoint Sensor may receive the investigation results from an agent at the same time that the same agent is being uninstalled. When this happens, the Endpoint Sensor may not be able to send all the results back to TIC.
Solution:
This hotfix prevents this issue.
(SEG-49402), (SEG-53432)
An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
Solution:
This hotfix prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.
(SEG-52560)
There is a typographical error in the "Type the full program path" hint on the "Behavior Monitoring Settings" page of the Apex One web console.
Solution:
This hotfix updates the Apex One server files to correct the error.
(SEG-48859)
An issue causes Apex One security agent remote installation to fail.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52978)
An issue prevents the Data Loss Prevention(TM) (DLP) license from being deployed from Apex Central to Apex One.
Solution:
This hotfix adds support for the DLP AC key type to solve this issue.
(SEG-53295), (SEG-55029)
An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.
Solution:
This hotfix resolves the error so ATAS can start normally.
(SEG-53958)
The operating system may stop responding when users switch both the Scan Engine (VSAPI) and the Endpoint Sensor to debug mode at the same time using the Case Diagnostic Tool (CDT).
Solution:
This hotfix resolves the issue by ensuring that CDT works normally when both VSAPI and Endpoint Sensor are enabled.
(SEG-40590)
An Apex One agent that runs on Windows 7 and automatically detects proxy settings will not be able to connect to the Apex One server.
Solution:
This hotfix resolves the issue by updating the Apex One agent program to ensure that it can retrieve the correct proxy configuration.
(SEG-53180), (SEG-56186)
When the agents call "cgiOnScan.exe" and fails, the system keeps resending the request without waiting. This issue generates lots of records in the IIS log.
Solution:
This hotfix updates the Apex One agent program to wait for few seconds before retrying.
(SEG-53304)
This hotfix enables Apex One to send "Dropped" and "Accepted" action results in firewall violation logs to Apex Central. This ensures that both action results display normally on Apex Central instead of being displayed as "unknown".
(SEG-55009)
TmListen stops unexpectedly when the Apex One agent queries Suspicious Object (SO) information that contains a null notify setting.
Solution:
This critical patch updates Apex One agent program to resolve the issue.
(SEG-53351), (SEG-55781)
On the 64-bit Microsoft (TM) Windows (TM) 10 platform, an error occurs while running a 64-bit debug script in Microsoft Visual Studio 2017.
Solution:
This critical patch updates the Behavior Monitoring Module to prevent the error.
(SEG-54736)
The Apex One server may not be able to register to the Apex Central server if the TLS 1.2 protocol is enabled on Apex One servers only.
Solution:
This critical patch updates the Apex One server program to resolve this issue.
Procedure:
To apply the solution:
- Install this critical patch (see "Installation").
- Open the "Agent.ini" file in the "\PCCSRV\CmAgent\" folder on the Apex One server installation directory using a text editor.
- Under the "Network" section, manually modify the value of the following key.
- [Network]
- SSL_Cipher_List=ECDHE-RSA-AES256-GCM-SHA384
- Save the changes and close the file.
- Unregister from the Apex Central server.
- Register the Apex Central again.
(SEG-52386)
The Apex One server tool "IpXfer.exe" cannot run properly when the Apex One Security Agent is offline.
Solution:
This critical patch updates Apex One server tools to resolve this issue.
(SEG-54240)
The Apex One server updates the timestamp of the Last Spyware Scan (Manual) according to the last connection establishment time.
Solution:
This critical patch updates the Apex One server program to ensure that the last Spyware Scan (Manual) time is updated accurately.
(SEG-54167)
When users create a "Setup" installer package for the Apex One security agent using Agent Packager, the Vulnerability Protection and Application Control agent installers are not included by default.
Solution:
This critical patch updates the Apex One server program to ensure that the Agent Packager includes both installers in the Apex One security agent "Setup" installer package.
(SEG-56087)
The digital signature of some DLP files are expired.
Solution:
This critical patch updates the DLP module to update the digital signatures.
(SEG-52955)
The DLP module does not work on the Microsoft Edge web browser.
Solution:
This critical patch updates the DLP module to resolve this issue.
Procedure:
To enable Apex One security agents to block sensitive information on the Edge web browser.
- Install this critical patch (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the Apex One server.
- Under the "Configure" section, manually add the following key and value.
- [Configure]
- ENABLE_DYNAMIC_CODE_POLICY=true
- Save the changes and close the file.
- Open the Apex One web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The Apex One server deploys the settings to Apex One agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- enable_dynamic_code_policy=true
(SEG-57250), (SEG-57429)
Users cannot expand the domains or add spyware/greyware detections into the approve list on the Apex One server web console.
Solution:
This critical patch updates the Apex One server files to resolve this issue.
(SEG-55399)
Duplicate Apex One agents appear in the Microsoft Windows Startup console.
Solution:
This critical patch updates the Apex One server programs to resolve this issue.
(SEG-56828)
When the trust permission of the Application Control Criteria is set to "Inheritable execution rights", the criteria information remains on the Apex One Security Agent database after users remove the criteria from the policy setting.
Solution:
This critical patch ensures that the criteria information can be removed normally from Apex One Security Agents.
(SEG-57659)
In rare situations, the Apex One Vulnerability Protection program uses up a huge amount of memory when processing a large number of Intrusion Prevention logs.
Solution:
This critical patch prevents the high memory usage issue when the Apex One Vulnerability Protection program processes a large number of Intrusion Prevention logs.
(SEG-57454)
The Apex One server does not send the policy information to Apex Central after deploying a policy.
Solution:
This issue updates the Apex One server program to resolve this issue.
(SEG-53295), (SEG-55029)
An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.
Solution:
This critical patch resolves the error so ATAS can start normally.
(SEG-49402), (SEG-53432)
An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
Solution:
This critical patch prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.
(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)
An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.
Solution:
This critical patch helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.
(SEG-57949), (SEG-53820)
The Trend Micro Vulnerability Protection Service cannot start while processing a specific certificate.
Solution:
This critical patch updates the Apex One Vulnerability Protection server to prevent the certificate processing error.
(SEG-56264)
This critical patch updates some Apex One files to detect inconsistent certifications from the Microsoft Management Console certificate store. If it detects an inconsistency, Apex One will automatically recover the authentication file (OfcIPCer.dat) from the Microsoft Management Console certificate store on the Apex One server.
(SEG-55353)
During license key deployment, Endpoint Sensor may not be able to receive the product key and storage key properties.
Solution:
This hotfix improves the Apex One server's key deployment mechanism to solve this issue.
(SEG-55841), (SEG-57122)
Some Security Agents may be unable to retrieve new policy settings from the Apex Central server.
Solution:
This hotfix purges old policy records from the policy tracking table to fix this issue.
(SEG-57410)
The Endpoint Sensor on Apex One agents may not be able to calculate the hash value of a specific process which can prevent the terminate process function from terminating the process.
Solution:
This hotfix updates the Endpoint Sensor hash calculation mechanism to resolve this issue.
(SEG-53875)
The Endpoint Sensor feature has been enhanced to only monitor and record memory "Read" events for the lsaas.exe process. All other "Read" events are ignored. In addition, a cache has been implemented for processes that open the memory "Write" event to avoid recording duplicated events that may cause a resource issue on the endpoint.
(VRTS-3537)
The "Active Directory Integration" page may expose the credential key when the page is opened with developer tools on a web browser.
Solution:
This hotfix updates the Apex One server program to remove the vulnerability.
(SEG-56341), (SEG-57814)
When the Trend Micro Data Loss Prevention(TM) (DLP) service is enabled on Apex One security agent computers, Google Chrome version 75 and higher versions may stop unexpectedly while accessing certain URLs.
Solution:
This hotfix updates the DLP module to resolve this issue.
(SEG-56100)
On the web console, "Advanced Search" from "Agents > Agent Management" page yields inaccurate results when the "Restart Required" is enabled and both "Update" and "Cleanup" options are selected.
Solution:
This hotfix updates the Apex One server program to resolve the problem.
(SEG-57258)
In Microsoft(TM) Windows(TM) 10, the new system process "MemCompression" may incorrectly trigger a false detection for violating the Device Access Control (DAC) policies.
Solution:
This hotfix updates the DAC policies to prevent the false alarms.
(SEG-58435)
Users are able to change to a password that contains German Umlaut characters but will not be allowed to log in to the web console after the change. The pop-up error message is not triggered that prevents from saving invalid password.
Solution:
This hotfix updates the server program to ensure that the corresponding pop-up error message that prevents users from saving invalid passwords is triggered correctly.
When users deploy an agent policy to enable or disable the Endpoint Sensor feature while registering or unregistering from the TIC at the same time, the policy deployment will fail.
Solution:
This hotfix updates the policy deployment mechanism to solve the policy conflict issue.
(SEG-58818)
After a hotfix is applied, the pattern version and last update time of "Certified Safe Software pattern" are reset to "0", and as a result, the wrong pattern information appears on the Apex Central dashboard.
Solution:
This hotfix updates the Apex One server files to resolve this issue.
This hotfix integrates an Antimalware Scan Interface (AMSI) for suspicious PowerShell detection to the Endpoint Sensor.
(SEG-54758)
The device control function does not work if the policy is deployed for a specific user and the username contains Hebrew characters.
Solution:
This hotfix updates Apex One security agent program to resolve the issue.
(SEG-57436)
The Smart Scan Service may behave abnormally on Apex One Security Agents when multiple proxy servers have been configured for each protocol (HTTP, Secure, FTP, Socks) in the Microsoft(TM) Internet Explorer(TM).
Solution:
This hotfix updates the Apex One Security Agent program to ensure that the Smart Scan Service works normally when multiple proxy servers are configured for Internet Explorer.
(SEG-56322)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the specified Microsoft Windows(TM) account that manages the existing Apex One SQL database does not have sufficient web service framework access permissions.
Solution:
This hotfix resolves the issue by updating the SQL Server Database Configuration Tool to add the Windows account to the IIS_IUSRS group to obtain the correct permissions.
Procedure:
To add the Windows account to the IIS_IUSRS group to obtain the correct permissions:
- Install this hotfix (see "Installation").
- On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click "SQLTxfr.exe" to run the tool.
- Provide the authentication credentials of the Windows account for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or Active Directory (AD) built-in administrator.
- Click "Start" to apply the configuration changes.
(SEG-55537)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because:
- The specified Windows account that manages the existing Apex One SQL database changes the logon credentials used to connect to the existing database.
- Users change the Authentication Type of the existing Apex One SQL database from "Windows Account" to "SQL Server Account".
Solution:
This hotfix updates the SQL Server Database Configuration Tool to ensure that the Apex One server uses the correct authentication credentials for the SQL Server database.
Procedure:
To ensure that the Apex One server uses the correct authentication credentials for the SQL Server database:
- Install this hotfix (see "Installation").
- On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click "SQLTxfr.exe" to run the tool.
- Provide the authentication credentials for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or AD built-in administrator.
- Click "Start" to apply the configuration changes.
(SEG-58926)
This hotfix improves the accuracy of the Apex One Application Control version reporting to Apex Central.
(SEG-58478)
The Apex One Security Agent service stops responding while starting after Apex One Hotfix 1141 is applied.
Solution:
This hotfix updates the Apex One security agent program to resolve this issue.
(SEG-57057), (SEG-59380)
An issue prevents users from successfully installing the Application Control agent on endpoints with Chinese computer names.
Solution:
This hotfix resolves the issue so the Application Control can be installed successfully on affected endpoints.
(SEG-59297)
The information in the "action" column on Data Loss Prevention(TM) (DLP) logs in Apex One server is not consistent with the corresponding information in the DLP logs on Apex Central server.
Solution:
This hotfix resolves the issue by modifying the wording in the "action" column in DLP logs on both the Apex One server and agents.
(SEG-58872), (SEG-59531)
An issue prevents the Trend Micro Advanced Threat Assessment Service from starting successfully.
Solution:
This hotfix resolves the issue.
(SEG-58404)
Garbled characters may appear in syslog if the language setting of the operating system contains Big-5 characters.
Solution:
This hotfix resolves the issue.
(SEG-53929)
The Apex One Endpoint Sensor cannot detect the dump of lsass.exe (Local Security Authority Process).
Solution:
This hotfix resolves this issue by adding hooking points for event correlation to detect the suspicious attack behavior.
(SEG-59121)
Advanced Threat Assessment has a new process that collects additional information.
(SEG-51255)
After a built-in Active Directory (AD) user group, for example "Administrators", is added in the "User Accounts" settings, and users login to Apex One using an AD account in this group, the Apex One console will not display any user or domain in "Agent Management" view.
Solution:
This hotfix updates Apex One server program to resolve the issue.
(SEG-59191)
This hotfix enables Apex One to support Microsoft Windows 8.0.
NOTE: If the security agent has been installed on Windows 8.0, it will be registered to the Apex One server after it restarts.
(SEG-59816)
This hotfix updates the Trend Micro Data Loss Prevention(TM) (DLP) module to ensure that it can block drag-and-drop file operations in Google Chrome 76 and 77.
(SEG-58126)
In certain environments, the Behavior Monitoring feature may add the "csrss.exe" file to the kernel exception later than expected which can then cause an interoperability issue that can trigger security agent computers to stop unexpectedly.
Solution:
This hotfix updates the Behavior Monitoring module and enables users to configure the Behavior Monitoring feature to add "csrss.exe" to the kernel exception earlier to prevent the interoperability issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the "AegisAsyncCsrssEvent" key and set its value to "1".
- [Global Setting]
- AegisAsyncCsrssEvent=1
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following registry entry on all security agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: AsyncCsrssEvent
- Type: DWORD
- Value: 1
- Restart the security agent
(SEG-60611)
Enhanced security policies may not be sent to Security Agents across the network successfully when users manage the Apex One server from the Apex Central web console. This happens when the Apex One SQL database is installed on a Microsoft(TM) SQL Server that users a collation method other than the default "SQL_Latin1_General_CP1_CI_AS".
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-58737)
This hotfix enables users to query the OSFWebApp web service status through the "svrsvcsetup.exe" tool using the following command on the Apex One server command prompt.
svrsvcsetup.exe -testosfwebapp
(SEG-58056)
This hotfix enables users to search for multiple agents on the "Agent Management" page by specifying multiple agent names in the "Search for endpoints" text box.
NOTES:
- Use a blank character " " delimiter to separate each agent name in the "Search for endpoints" text box.
- The field supports wildcard characters. Use a question mark "?" to represent a single character and an asterisk "*" to represent several characters.
- The field supports a maximum of 256 characters.
(VRTS-3681)
A directory traversal vulnerability may allow an attacker to log on to the Apex One Management Console as a root user.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(VRTS-3708)
A command injection vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in Apex One server.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(SEG-50003)
This hotfix provides a way to delay Application Control hooking events while an endpoint computer starts up.
Procedure:
To apply this solution:
- Install this hotfix (see "Installation").
- Unload the Apex One security agent.
- Open the registry editor, add the following key, and specify the preferred time delay in minutes:
- Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\iACAgent\DelayLoadAC
- Type: DWORD
- Valid Range: 0-10 (min)
- Restart the Apex One security agent.
(SEG-61081)
The Apex One security agent does not send the "Logon User" information to the Apex One server when the Apex One server restricts the user's access to the security agent console only from the system tray or from the Microsoft(TM) Windows(TM) "Start" menu.
Solution:
This hotfix updates the Apex One security agent program to ensure that Apex One security agents send the "Logon User" information to the Apex One server under the scenario described above.
(SEG-57796)
The Apex One Endpoint Sensor receives several user mode events that can prevent Microsoft(TM) RemoteApp from updating the event source.
Solution:
The Apex One Endpoint Sensor changes the event source from User mode to kernel mode to resolve this issue.
(SEG-60179)
The Export Info Tool stops unexpectedly when querying virus logs.
Solution:
This hotfix updates the Apex One server program to resolve the issue.
(SEG-58746)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the Apex One server does not handle the license key string properly.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-46847)
The Apex One NT Listener service (TmListen.exe) may cause a high CPU usage issue on security agents.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV" folder of the Apex One server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- IgnoreScanIncompleteFlagFromServer=1
- Save the changes and close the file.
- Open the Apex One Web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One agents and adds the following registry entry on all Apex One agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\URL Filtering
- Key: IgnoreScanIncompleteFlagFromServer
- Type: DWORD
- Value: 1
(SEG-58250)
The Trend Micro Vulnerability Scanner (TMVS) cannot perform remote installation when the logon account password includes special characters.
Solution:
This hotfix updates TMVS to resolve this issue.
(VRTS-3564)
On the Apex One web console, users may be able to view the user account that have just been logged out by pressing the back button of the web browser.
Solution:
This hotfix updates the Apex One server program to prevent this issue from occurring.
(VRTS-3567), (VRTS-3605)
On the Apex One web console, the "PHPSESSID" and "wf_CSRF_token" cookies are the same for every logon session.
Solution:
This hotfix ensures that the widget framework generates new "PHPSESSID" and "wf_CSRF_token" cookies for each new logon session.
(SEG-62734)
An issue prevents the Apex One server from deploying the following settings to Apex One security agents properly.
Under the "Privileges and Other Settings > Other Settings".
- Do not allow users to access the Security Agent console from the system tray or Windows Start menu
Solution:
This hotfix updates the Apex One server program to resolve the issue.
(SEG-58210)
The maximum supported character length of the following registry key on Apex One security agents may be insufficient to save the proxy exceptions list.
- [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
- WinProxySpecifiedProxyBypass
Solution:
This hotfix extends the registry key's maximum supported character length to resolve this issue.
(SEG-59016)
A performance issue occurs on Apex One agent computers because a module generates a large number of logs.
Solution:
This hotfix updates the user mode event related module to version 8.5.2065 to solve the issue.
(SEG-63106)
The Apex One Predictive Machine Learning feature may prevent users from running scripts through a third-party application normally.
Solution:
This hotfix provides a way for users to make and edit a list of approved programs to run with deferred scanning by Predictive Machine Learning to prevent these issues.
Procedure:
To create and edit the list of approved programs to run with deferred scanning by Predictive Machine Learning:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the following keys and specify each approved program separately.
- [Global Setting]
- DS_ProcessCount=the number of programs in the approved list, supports any integer from 1 to 1000
- DS_ProcessName000=process name of the approved program, where "000" notes the first item on the list
For example:
- [Global Setting]
- DS_ProcessCount=2
- DS_ProcessName000=cscript.exe
- DS_ProcessName001=wscript.exe
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following entries of TXS.ini on all security agent computers:
- [TrendX_Settings]
- DS_ProcessCount=2
- DS_ProcessName000="The encrypted string of the preferred program"
- DS_ProcessName001="The encrypted string of the preferred program"
8. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2019, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide