Contents
1. Critical Patch Release Information 
Resolved Known Issues
This Critical Patch resolves the following issue(s):
A directory traversal vulnerability may allow an attacker to log on to the Apex One Management Console as a root user.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
A command injection vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in Apex One server.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
Enhancements
The following enhancements are included in this Critical Patch:
This hotfix provides a way to delay Application Control hooking events while an endpoint computer starts up.
Procedure:
To apply this solution:
- Install this hotfix (see "Installation").
- Unload the Apex One security agent.
- Open the registry editor, add the following key, and specify the preferred time delay in minutes:
- Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\iACAgent\DelayLoadAC
- Type: DWORD
- Valid Range: 0-10 (min)
- Restart the Apex One security agent.
Files Included in this Release
A. Files for Current Issue(s)
-------------------------------------------------------------------
Filename Build Number
------------------------------ ------------
Apex One\PCCSRV\Admin\Utility\EdgeServer\*.*
Apex One\PCCSRV\Admin\Utility\SQL\*.*
Apex One\PCCSRV\Pccnt\Disk1\*.*
Apex One\PCCSRV\
-------------------------------------------------------------------
AutoPcc.exe 14.0.0.2049
AUTOPCC.MSG *
AutoPccP.exe 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
DatFHS.dll 14.0.0.2014
loadhttp.dll 14.0.0.2014
ofc_loadhttp.dll 14.0.0.2014
OfcPfwCommon.dll 14.0.0.2014
OfcPIPC.dll 14.0.0.2014
OfcSvcConfig.exe 14.0.0.2049
readme.htm *
Apex One\PCCSRV\Admin\
-------------------------------------------------------------------
InstReg.exe 14.0.0.2014
loadhttp.dll 14.0.0.2014
ofc_loadhttp.dll 14.0.0.2014
SetupMan.dll 14.0.0.2049
TSC.exe 7.5.0.1136
TSC64.exe 7.5.0.1136
Wizard.exe 14.0.0.2014
Wizard_64x.exe 14.0.0.2014
Apex One\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
CLIENTMSISETUP_MSI *
ClnPack.exe 14.0.0.2049
ClnPack.ini *
OfcPfwCommon.dll 14.0.0.2014
Apex One\PCCSRV\Admin\Utility\IpXfer\
-------------------------------------------------------------------
IpXfer.exe 14.0.0.2014
IpXfer_x64.exe 14.0.0.2014
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x64\
-------------------------------------------------------------------
osfExt_iACClient_x64.dll 3.0.0.2003
osfExt_iATASClient_x64.dll 1.7.0.1035
osfExt_iESClient_x64.dll 3.0.0.1516
osfExt_iVPClient_x64.dll 3.0.0.2030
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x86\
-------------------------------------------------------------------
osfExt_iACClient.dll 3.0.0.2003
osfExt_iATASClient.dll 1.7.0.1035
osfExt_iESClient.dll 3.0.0.1516
osfExt_iVPClient.dll 3.0.0.2030
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iAC\
-------------------------------------------------------------------
osfExt_iACCMAGENT.dll 3.0.0.2003
osfExt_iACMasterService.dll 3.0.0.2003
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iES\
-------------------------------------------------------------------
osfExt_iESCMAGENT.dll 3.0.0.1516
osfExt_iESMasterService.dll 3.0.0.1516
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iVP\
-------------------------------------------------------------------
osfExt_iVPCMAGENT.dll 3.0.0.2030
osfExt_iVPMasterService.dll 3.0.0.2030
Apex One\PCCSRV\Admin\Utility\ListDeviceInfo\
-------------------------------------------------------------------
listDeviceInfo.conf.ini *
listDeviceInfo.exe 6.2.0.1249
Apex One\PCCSRV\Admin\Utility\MessageQueue\
-------------------------------------------------------------------
libOsceMsmq.dll 14.0.0.2049
Apex One\PCCSRV\Admin\Utility\PolicyExportTool\
-------------------------------------------------------------------
ApexOneSettingsExportTool.exe 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
ServerMigrationTool.ex_ 14.0.0.2049
Apex One\PCCSRV\Admin\Utility\ServerMigrationTool\
-------------------------------------------------------------------
CGIOCommon.dll 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
ServerMigrationTool.exe 14.0.0.2049
Apex One\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
SqlTxfr.exe 14.0.0.2049
Apex One\PCCSRV\Admin\Utility\TCacheGen\
-------------------------------------------------------------------
TCacheGen.exe 14.0.0.2049
TCacheGen_x64.exe 14.0.0.2049
TCacheGenCli.exe 14.0.0.2049
TCacheGenCli_x64.exe 14.0.0.2049
Apex One\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
DatFHS.dll 14.0.0.2014
loadhttp.dll 14.0.0.2014
Apex One\PCCSRV\CmAgent\
-------------------------------------------------------------------
CGIResUTF8.dll 14.0.0.2049
DatFHS.dll 14.0.0.2014
ProductLibrary.dll 14.0.0.2049
ProductUI.zip *
Apex One\PCCSRV\Download\
-------------------------------------------------------------------
ClnPack_files.xml *
Apex One\PCCSRV\Download\Engine\
-------------------------------------------------------------------
dce-exe-mssign-32x64-v75-1136.sig *
dce-exe-mssign-32x64-v75-1136.zip *
dce-exe-mssign-v75-1136.sig *
dce-exe-mssign-v75-1136.zip *
Apex One\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite.sig *
DlpLite_3rdParty.zip *
DlpLite_3rdParty_x64.zip *
DlpLite_Common.zip 6.2.1307
DlpLite_Common_x64.zip 6.2.1307
DlpLite_x64.sig *
Apex One\PCCSRV\Engine\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.98.0.1242
TmAMSIProvider.dll 8.50.0.2046
TMBMCLI.dll 2.98.0.1242
TMBMSRV.exe 2.98.0.1242
tmcomeng.dll 2.98.0.1242
TmEngDrv.dll 2.98.0.1242
TMPEM.dll 2.98.0.1242
TmSysEvt.dll 8.50.0.2046
tmwlutil.dll 2.98.0.1242
Apex One\PCCSRV\Engine\x64\
-------------------------------------------------------------------
TmAegisSysEvt.dll 2.98.0.1242
TmAMSIProvider64.dll 8.50.0.2046
TMBMCLI.dll 2.98.0.1242
TMBMSRV.exe 2.98.0.1242
tmcomeng.dll 2.98.0.1242
TmEngDrv.dll 2.98.0.1242
TMPEM.dll 2.98.0.1242
TmSysEvt.dll 8.50.0.2046
tmwlutil.dll 2.98.0.1242
TSC64.exe 7.5.0.1136
Apex One\PCCSRV\OSF_Extension\iAC\
-------------------------------------------------------------------
osfExt_iACCMAGENT.dll 3.0.0.2003
osfExt_iACMasterService.dll 3.0.0.2003
Apex One\PCCSRV\OSF_Extension\iES\
-------------------------------------------------------------------
osfExt_iESCMAGENT.dll 3.0.0.1516
osfExt_iESMasterService.dll 3.0.0.1516
Apex One\PCCSRV\OSF_Extension\iVP\
-------------------------------------------------------------------
osfExt_iVPCMAGENT.dll 3.0.0.2030
osfExt_iVPMasterService.dll 3.0.0.2030
Apex One\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip *
NTRtScan.exe 14.0.0.2014
Apex One\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
CCSF_WIN32.zip *
crc0filter.dll 2.83.0.1013
DatFHS.dll 14.0.0.2014
fcWofieUI.dll 14.0.0.2014
ICRCHdler.dll 2.83.0.1013
libCNTTmPollingModule.dll 14.0.0.2014
libcurl.dll 7.64.0.0
libeay32.dll 1.0.2.18
loadhttp.dll 14.0.0.2014
NTRmv.exe 14.0.0.2014
ofc_loadhttp.dll 14.0.0.2014
OfcCCCAUpdate.exe 14.0.0.2014
OfcPfwCommon.dll 14.0.0.2014
OfcPfwSvc.dll 14.0.0.2014
OfcPIPC.dll 14.0.0.2014
osfExt_iACClient.dll 3.0.0.2003
osfExt_iATASClient.dll 1.7.0.1035
osfExt_iESClient.dll 3.0.0.1516
osfExt_iVPClient.dll 3.0.0.2030
PccNT.exe 14.0.0.2014
PccNTMon.exe 14.0.0.2014
ssleay32.dll 1.0.2.18
TmListen.exe 14.0.0.2014
TmListenShare.dll 14.0.0.2014
TmopCfg.dll 3.7.0.1134
Tmopcfscan.dll 3.7.0.1134
TmopCtl.dll 3.7.0.1134
TmopDbg.dll 3.7.0.1134
TmoppeCertPin.dll 3.7.0.1134
TmoppeEvts.dll 3.7.0.1134
TmoppeHosF.dll 3.7.0.1134
TmoppePDP.dll 3.7.0.1134
TmoppeSAL.dll 3.7.0.1134
TmoppeSsF.dll 3.7.0.1134
TmoppeUrlF.dll 3.7.0.1134
TmoppeVS.dll 3.7.0.1134
TmopphDns.dll 3.7.0.1134
TmopphHttp.dll 3.7.0.1134
TmopphHttp2.dll 3.7.0.1134
TmopphPop3.dll 3.7.0.1134
TmopphSmtp.dll 3.7.0.1134
TmopphSocks.dll 3.7.0.1134
TmopphSvrHello.dll 3.7.0.1134
TmopPlgAdp.dll 3.7.0.1134
Tmopsent.dll 3.7.0.1134
TmopsmHttp.dll 3.7.0.1134
TmopsmMail.dll 3.7.0.1134
TmopsmProxy.dll 3.7.0.1134
TmopsmSvrHello.dll 3.7.0.1134
TmPac.dll 14.0.0.2014
TmSock.dll 14.0.0.2014
TmSSClient.exe 14.0.0.2014
tmufeng.dll 3.91.0.1021
TmWatchdog.dll 14.0.0.2014
TmWatchdog.exe 14.0.0.2014
Upgrade.exe 14.0.0.2014
WofieLauncher.exe 14.0.0.2014
Apex One\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat *
tmactmon.inf *
tmactmon.sys 2.98.0.1203
tmcomm.cat *
tmcomm.inf *
tmcomm.sys 8.20.0.1028
tmevtmgr.cat *
tmevtmgr.inf *
tmevtmgr.sys 2.98.0.1203
Apex One\PCCSRV\Pccnt\Drv\X64\
-------------------------------------------------------------------
tmactmon.cat *
tmactmon.inf *
tmactmon.sys 2.98.0.1203
tmcomm.cat *
tmcomm.inf *
tmcomm.sys 8.20.0.1028
tmevtmgr.cat *
tmevtmgr.inf *
tmevtmgr.sys 2.98.0.1203
Apex One\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
CCSF_X64.zip *
crc0filter.dll 2.83.0.1013
DatFHS.dll 14.0.0.2014
fcWofieUI.dll 14.0.0.2014
ICRCHdler.dll 2.83.0.1013
InstReg.exe 14.0.0.2014
libCNTTmPollingModule_64x.dll 14.0.0.2014
libcurl.dll 7.64.0.0
libeay32.dll 1.0.2.18
loadhttp_64x.dll 14.0.0.2014
NTRmv.exe 14.0.0.2014
Ntrtscan.exe 14.0.0.2014
ofc_loadhttp_64x.dll 14.0.0.2014
OfcCCCAUpdate.exe 14.0.0.2014
OfcPfwCommon_64x.dll 14.0.0.2014
OfcPfwSvc_64x.dll 14.0.0.2014
OfcPIPC_64x.dll 14.0.0.2014
osfExt_iACClient_x64.dll 3.0.0.2003
osfExt_iATASClient_x64.dll 1.7.0.1035
osfExt_iESClient_x64.dll 3.0.0.1516
osfExt_iVPClient_x64.dll 3.0.0.2030
PccNT.exe 14.0.0.2014
PccNTMon.exe 14.0.0.2014
ssleay32.dll 1.0.2.18
TmListen.exe 14.0.0.2014
TmListenShare_64x.dll 14.0.0.2014
TmopCfg.dll 3.7.0.1134
Tmopcfscan.dll 3.7.0.1134
TmopCtl.dll 3.7.0.1134
TmopDbg.dll 3.7.0.1134
TmoppeCertPin.dll 3.7.0.1134
TmoppeEvts.dll 3.7.0.1134
TmoppeHosF.dll 3.7.0.1134
TmoppePDP.dll 3.7.0.1134
TmoppeSAL.dll 3.7.0.1134
TmoppeSsF.dll 3.7.0.1134
TmoppeUrlF.dll 3.7.0.1134
TmoppeVS.dll 3.7.0.1134
TmopphDns.dll 3.7.0.1134
TmopphHttp.dll 3.7.0.1134
TmopphHttp2.dll 3.7.0.1134
TmopphPop3.dll 3.7.0.1134
TmopphSmtp.dll 3.7.0.1134
TmopphSocks.dll 3.7.0.1134
TmopphSvrHello.dll 3.7.0.1134
TmopPlgAdp.dll 3.7.0.1134
Tmopsent.dll 3.7.0.1134
TmopsmHttp.dll 3.7.0.1134
TmopsmMail.dll 3.7.0.1134
TmopsmProxy.dll 3.7.0.1134
TmopsmSvrHello.dll 3.7.0.1134
TmPac_64x.dll 14.0.0.2014
TmSock_64x.dll 14.0.0.2014
TmSSClient.exe 14.0.0.2014
tmufeng.dll 3.91.0.1021
TmWatchdog.dll 14.0.0.2014
TmWatchdog.exe 14.0.0.2014
Upgrade.exe 14.0.0.2014
WofieLauncher.exe 14.0.0.2014
Apex One\PCCSRV\Private\
-------------------------------------------------------------------
DlpClc.xml *
Apex One\PCCSRV\Web\Service\
-------------------------------------------------------------------
CGIOCommon.dll 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
CmdHOConsole.dll 14.0.0.2049
DatFHS.dll 14.0.0.2014
DbServer.exe 14.0.0.2049
libCmdHndlrClientV2.dll 14.0.0.2049
libCmdHndlrConsoleV2.dll 14.0.0.2049
libCmdHndlrSA.dll 14.0.0.2049
libLogHandler.dll 14.0.0.2049
libOsceMsmq.dll 14.0.0.2049
libOSFSvcClient.dll 14.0.0.2049
loadhttp.dll 14.0.0.2014
ofc_loadhttp.dll 14.0.0.2014
OfcCCCAUpdate.exe 14.0.0.2014
OfcDBBackup.exe 14.0.0.2049
OfcDownload.dll 14.0.0.2049
OfcHotFix.exe 14.0.0.2049
OfcNotifyQueue.dll 14.0.0.2049
OfcPfwCommon.dll 14.0.0.2014
OfcPurgeLog.dll 14.0.0.2049
OfcService.exe 14.0.0.2049
VerConn.exe 14.0.0.2049
Apex One\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
CGIOCommon.dll 14.0.0.2049
cgiRecvFile.exe 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
isapiClient.dll 14.0.0.2049
isapiClientx64.dll 14.0.0.2049
isapiClientX86.dll 14.0.0.2049
loadhttp.dll 14.0.0.2014
OfcPfwCommon.dll 14.0.0.2014
Apex One\PCCSRV\Web_OSCE\Web_Console\CGI\
-------------------------------------------------------------------
cgiAuthManagement.exe 14.0.0.2049
CGIOCommon.dll 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
cgiShowActiveDirectory.exe 14.0.0.2049
cgiShowClientAdm.exe 14.0.0.2049
cgiShowComplianceReport.exe 14.0.0.2049
cgiShowLogs.exe 14.0.0.2049
loadhttp.dll 14.0.0.2014
OfcPfwCommon.dll 14.0.0.2014
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\ad_integration\
-------------------------------------------------------------------
ad_integration.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\
-------------------------------------------------------------------
bm_settings.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_list_2.htm *
client_move.htm *
client_ofsc_services.htm *
client_searchwindow.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
ln_common.js *
ln_logs.js *
trend-ui-opt_list.js *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\css\
-------------------------------------------------------------------
l10n-style.css *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.behavior_monitoring.js *
l10n.clientmag.js *
l10n.logs.js *
l10n.vdi.js *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\util\
-------------------------------------------------------------------
common.js *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\
-------------------------------------------------------------------
installing_computers.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\dlp\
-------------------------------------------------------------------
dlp_Entities_addedit.htm *
dlp_settings.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\logs\
-------------------------------------------------------------------
logs_ccca.htm *
logs_pfw.htm *
logs_pfw_view.htm *
logs_spyware.htm *
logs_WebSecurity.htm *
Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\summary\
-------------------------------------------------------------------
summary_top10_osce.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\tools\
-------------------------------------------------------------------
tools_admin_clients.htm *
Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\update\
-------------------------------------------------------------------
client_deployment_automatic.htm *
Apex One\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\
-------------------------------------------------------------------
CGIOCommon.dll 14.0.0.2049
cgiRemoteInstall.exe 14.0.0.2049
CGIResUTF8.dll 14.0.0.2049
loadhttp.dll 14.0.0.2014
SetupMan.dll 14.0.0.2049
Wizard.exe 14.0.0.2014
Wizard_64x.exe 14.0.0.2014
Apex One\PCCSRV\Download\Product\iService\
-------------------------------------------------------------------
hfx_iAC.zip *
hfx_iAC_x64.zip *
instupg_iAC.zip *
instupg_iAC_x64.zip *
hfx_iATAS.zip *
hfx_iATAS_x64.zip *
instupg_iATAS.zip *
instupg_iATAS_x64.zip *
instupg_iES.zip *
instupg_iES_x64.zip *
hfx_iVP.zip *
hfx_iVP_x64.zip *
instupg_iVP.zip *
instupg_iVP_x64.zip *
iServiceInst.ini *
iServiceUpd.ini *
B. Network Traffic Required in Deployment
-------------------------------------------------------------------
Estimated size (in terms of bandwidth) of deployed agent files
in this critical patch.
- 32-bit agent total = 207.5 MB
- 64-bit agent total = 258.9 MB
2. Documentation Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
- Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
- To access the Support Portal, go to http://esupport.trendmicro.com
3. System Requirements
4. Installation/Uninstallation
Installing
To install:
- Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This Critical Patch installation package automatically rolls back the Apex One server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.
Uninstalling
To manually roll back to the previous build:
- Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\Critical Patch_B2049" directory.
- Stop the Apex One Master Service.
- Stop the Apex One Apex Central Agent Service.
- Copy the backup modules to the original folders.
- Start the Apex One Apex Central Agent Service.
- Start the Apex One Master Service.
5. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
6. Known Issues
There are no known issues for this Critical Patch release.
7. Release History
Prior Hotfixes
Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.
(VRTS-3171)
A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(SEG-50319)
Changes in the Google API prevents Data Loss Prevention(TM) (DLP) from detecting sensitive information sent through Gmail in Google Chrome 73.
Solution:
This hotfix resolves the issue by enabling the DLP module to support the "Http/Https" and "Open file dialog" functionality in Google Chrome 73.
(SEG-49467)
The tmlisten service stops unexpectedly when users add an NIC description in the Personal Firewall (PFW) profile and deploy the profile to agents.
Solution:
This hotfix updates the Apex One Security Agent program to resolve the issue.
(SEG-49381)
The Smart Scan Pattern of File Reputation Services occupies a large amount of disk space on the Apex One server.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-48555)
When users install Apex One and use a domain account to connect to the database, the installation will not be able to create a database and iES will not be installed successfully.
Solution:
This hotfix updates the impersonate method to solve this issue.
(SEG-49534)
When the Apex One environment runs an sqlpackage older that 2016 or one that contains both x86 and x64 versions of version 2016, iES will not be able to create the database because of an incompatible sqlpackage version.
Solution:
This hotfix resolves the issue by enabling the installer to prioritize the x64 version of the sqlpackage during installation.
(SEG-50727)
When a user starts a Security Agent outside the corporate network, the Security Agent does not communicate on Online status to the Edge Relay Server.
Solution:
This hotfix updates Security Agent program to send an Online status to the Edge Relay Server as soon as the Security Agent program starts.
(SEG-51198)
The Apex One Application Control lockdown feature does not work after users switch to a different user account.
Solution:
This hotfix ensures that the feature works normally.
(SEG-50399)
This hotfix updates the DLP template to reduce the performance impact of Apex One.
(SEG-45353)
The Security Agent program may become corrupted when users install it from the MSI installation package (Windows Installer) using the wrong command in the command line.
Solution:
This critical patch enables the Apex One security agent installation to abort the MSI installation process if it encounters an unexpected command.
(SEG-49936), (SEG-49847)
An issue related to the Microsoft(TM) Excel(TM) files with macro content cannot be saved to a network shared folder from an endpoint, some Microsoft Excel temp files cannot be deleted after trying to save the files.
Solution:
This critical patch updates the Apex One security agent program to resolve this issue.
(SEG-50774)
This critical patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1903) May 2019 Update.
(VRTS-3389)
An unquoted service path enumeration vulnerability may allow an attacker administrator privileges to the Apex One security agent service.
Solution:
This hotfix updates the Apex One security agent program to remove the vulnerability.
(SEG-53931)
Coexisting Apex One security agents cannot set the server information of the Smart Protection Service Proxy correctly. When this happens, the coexisting agents do not send query requests through the Smart Protection Service proxy but directly to the Trend Micro Smart Protection Network instead. This may cause a connection issue if the agents cannot connect to the Internet.
Solution:
This hotfix updates the Apex One security agent program to resolve the issue.
(SEG-52575)
The installation status on the "Agent Installation Progress" page of the Apex One web console is inaccurate.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52409)
A specific keyword triggers the DLP template that does not have any criteria specified.
Solution:
This hotfix updates the DLP template to resolve this issue.
(SEG-50435)
The Connection Status (Online/Offline) of an agent on the web console changes each time a user logs on or off from the client computer.
Solution:
This hotfix updates the Apex One agent program to resolve the issue.
(SEG-52048)
Attempting to restart or stop the WMI service (winmgmt) is unsuccessful on endpoints with the Security Agent installed. The tmlisten service of the Security Agent has a dependency with the WMI service.
Solution:
This hotfix updates the Security Agent program to remove the WMI service dependency.
(SEG-52302)
When the Apex One server registers to the Apex Central server, the Apex One Master Service may stop unexpectedly because of an empty private key.
Solution:
This hotfix updates the Apex One server program to ensure that it can handle an empty public/private key.
(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)
An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.
Solution:
This hotfix helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.
(SEG-49807)
Users cannot export the Application Control criteria in Microsoft(TM) Internet Explorer(TM) or the Edge web browser.
Solution:
This hotfix updates the Apex Central files to resolve this issue.
(SEG-53729)
When the "Do not allow users to access the Security Agent console from the system tray or Windows Start menu setting" option is enabled on the Apex One web console, the Apex One Security Agent console cannot be accessed while "PccNT.exe" is running.
Solution:
This hotfix updates a parameter in "wofielauncher.exe" to resolve the issue.
(SEG-54390)
The Vulnerability Protection server service start up fails on platforms that disable Transport Layer Security (TLS) 1.0.
Solution:
This hotfix updates the Vulnerability Protection server to prevent the TLS version issue.
(SEG-51211)
Vulnerability Protection causes unusual CPU usage on some workstations and servers.
Solution:
This hotfix modifies the Vulnerability Protection service to prevent unusual CPU usage.
(VRTS-3314)
This hotfix adds a dynamic share key for Apex One security agents in the encryption and decryption algorithm.
(SEG-51005)
This hotfix adds new Regular Expressions to the Trend Micro Data Loss Prevention(TM) (DLP) Data Identifiers.
(SEG-47568)
This hotfix updates the Apex Central files to display more information about the Application Control violation log entries.
NOTE: This feature requires the installation of Apex Central hotfix 3919 or above.
(SEG-53904)
Security Agents with the Behavior Monitoring program inspection feature enabled may cause Adobe Acrobat/Reader to stop unexpectedly.
Solution:
This hotfix updates the program inspection feature to resolve this issue.
(SEG-52740)
When users attempt to configure the Device Control settings on an Apex One Security Agent by deploying a policy from the Apex Central web console, the Device Control settings cannot be applied on the agent if Data Loss Prevention(TM) (DLP) is not enabled on the agent.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52269)
If the activation (AC) key is deployed after its expiration date has been extended, the ES service will still receive the original expiration date.
Solution:
This hotfix ensures that the ES service will receive the AC key's new expiration date.
(SEG-54380)
The Endpoint Sensor may purge the Root Cause Analysis results by mistake when Apex Central is managing more than one Apex One server.
Solution:
This hotfix resolves the issue.
(SEG-52034)
In rare instances, the Endpoint Sensor may receive the investigation results from an agent at the same time that the same agent is being uninstalled. When this happens, the Endpoint Sensor may not be able to send all the results back to TIC.
Solution:
This hotfix prevents this issue.
(SEG-49402), (SEG-53432)
An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
Solution:
This hotfix prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.
(SEG-52560)
There is a typographical error in the "Type the full program path" hint on the "Behavior Monitoring Settings" page of the Apex One web console.
Solution:
This hotfix updates the Apex One server files to correct the error.
(SEG-48859)
An issue causes Apex One security agent remote installation to fail.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52978)
An issue prevents the Data Loss Prevention(TM) (DLP) license from being deployed from Apex Central to Apex One.
Solution:
This hotfix adds support for the DLP AC key type to solve this issue.
(SEG-53295), (SEG-55029)
An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.
Solution:
This hotfix resolves the error so ATAS can start normally.
(SEG-53958)
The operating system may stop responding when users switch both the Scan Engine (VSAPI) and the Endpoint Sensor to debug mode at the same time using the Case Diagnostic Tool (CDT).
Solution:
This hotfix resolves the issue by ensuring that CDT works normally when both VSAPI and Endpoint Sensor are enabled.
(SEG-40590)
An Apex One agent that runs on Windows 7 and automatically detects proxy settings will not be able to connect to the Apex One server.
Solution:
This hotfix resolves the issue by updating the Apex One agent program to ensure that it can retrieve the correct proxy configuration.
(SEG-53180), (SEG-56186)
When the agents call "cgiOnScan.exe" and fails, the system keeps resending the request without waiting. This issue generates lots of records in the IIS log.
Solution:
This hotfix updates the Apex One agent program to wait for few seconds before retrying.
(SEG-53304)
This hotfix enables Apex One to send "Dropped" and "Accepted" action results in firewall violation logs to Apex Central. This ensures that both action results display normally on Apex Central instead of being displayed as "unknown".
(SEG-55009)
TmListen stops unexpectedly when the Apex One agent queries Suspicious Object (SO) information that contains a null notify setting.
Solution:
This critical patch updates Apex One agent program to resolve the issue.
(SEG-53351), (SEG-55781)
On the 64-bit Microsoft (TM) Windows (TM) 10 platform, an error occurs while running a 64-bit debug script in Microsoft Visual Studio 2017.
Solution:
This critical patch updates the Behavior Monitoring Module to prevent the error.
(SEG-54736)
The Apex One server may not be able to register to the Apex Central server if the TLS 1.2 protocol is enabled on Apex One servers only.
Solution:
This critical patch updates the Apex One server program to resolve this issue.
Procedure:
To apply the solution:
- Install this critical patch (see "Installation").
- Open the "Agent.ini" file in the "\PCCSRV\CmAgent\" folder on the Apex One server installation directory using a text editor.
- Under the "Network" section, manually modify the value of the following key.
- [Network]
- SSL_Cipher_List=ECDHE-RSA-AES256-GCM-SHA384
- Save the changes and close the file.
- Unregister from the Apex Central server.
- Register the Apex Central again.
(SEG-52386)
The Apex One server tool "IpXfer.exe" cannot run properly when the Apex One Security Agent is offline.
Solution:
This critical patch updates Apex One server tools to resolve this issue.
(SEG-54240)
The Apex One server updates the timestamp of the Last Spyware Scan (Manual) according to the last connection establishment time.
Solution:
This critical patch updates the Apex One server program to ensure that the last Spyware Scan (Manual) time is updated accurately.
(SEG-54167)
When users create a "Setup" installer package for the Apex One security agent using Agent Packager, the Vulnerability Protection and Application Control agent installers are not included by default.
Solution:
This critical patch updates the Apex One server program to ensure that the Agent Packager includes both installers in the Apex One security agent "Setup" installer package.
(SEG-56087)
The digital signature of some DLP files are expired.
Solution:
This critical patch updates the DLP module to update the digital signatures.
(SEG-52955)
The DLP module does not work on the Microsoft Edge web browser.
Solution:
This critical patch updates the DLP module to resolve this issue.
Procedure:
To enable Apex One security agents to block sensitive information on the Edge web browser.
- Install this critical patch (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the Apex One server.
- Under the "Configure" section, manually add the following key and value.
- [Configure]
- ENABLE_DYNAMIC_CODE_POLICY=true
- Save the changes and close the file.
- Open the Apex One web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The Apex One server deploys the settings to Apex One agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- enable_dynamic_code_policy=true
(SEG-57250), (SEG-57429)
Users cannot expand the domains or add spyware/greyware detections into the approve list on the Apex One server web console.
Solution:
This critical patch updates the Apex One server files to resolve this issue.
(SEG-55399)
Duplicate Apex One agents appear in the Microsoft Windows Startup console.
Solution:
This critical patch updates the Apex One server programs to resolve this issue.
(SEG-56828)
When the trust permission of the Application Control Criteria is set to "Inheritable execution rights", the criteria information remains on the Apex One Security Agent database after users remove the criteria from the policy setting.
Solution:
This critical patch ensures that the criteria information can be removed normally from Apex One Security Agents.
(SEG-57659)
In rare situations, the Apex One Vulnerability Protection program uses up a huge amount of memory when processing a large number of Intrusion Prevention logs.
Solution:
This critical patch prevents the high memory usage issue when the Apex One Vulnerability Protection program processes a large number of Intrusion Prevention logs.
(SEG-57454)
The Apex One server does not send the policy information to Apex Central after deploying a policy.
Solution:
This issue updates the Apex One server program to resolve this issue.
(SEG-53295), (SEG-55029)
An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.
Solution:
This critical patch resolves the error so ATAS can start normally.
(SEG-49402), (SEG-53432)
An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
Solution:
This critical patch prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.
(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)
An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.
Solution:
This critical patch helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.
(SEG-57949), (SEG-53820)
The Trend Micro Vulnerability Protection Service cannot start while processing a specific certificate.
Solution:
This critical patch updates the Apex One Vulnerability Protection server to prevent the certificate processing error.
(SEG-56264)
This critical patch updates some Apex One files to detect inconsistent certifications from the Microsoft Management Console certificate store. If it detects an inconsistency, Apex One will automatically recover the authentication file (OfcIPCer.dat) from the Microsoft Management Console certificate store on the Apex One server.
(SEG-55353)
During license key deployment, Endpoint Sensor may not be able to receive the product key and storage key properties.
Solution:
This hotfix improves the Apex One server's key deployment mechanism to solve this issue.
(SEG-55841), (SEG-57122)
Some Security Agents may be unable to retrieve new policy settings from the Apex Central server.
Solution:
This hotfix purges old policy records from the policy tracking table to fix this issue.
(SEG-57410)
The Endpoint Sensor on Apex One agents may not be able to calculate the hash value of a specific process which can prevent the terminate process function from terminating the process.
Solution:
This hotfix updates the Endpoint Sensor hash calculation mechanism to resolve this issue.
(SEG-53875)
The Endpoint Sensor feature has been enhanced to only monitor and record memory "Read" events for the lsaas.exe process. All other "Read" events are ignored. In addition, a cache has been implemented for processes that open the memory "Write" event to avoid recording duplicated events that may cause a resource issue on the endpoint.
(VRTS-3537)
The "Active Directory Integration" page may expose the credential key when the page is opened with developer tools on a web browser.
Solution:
This hotfix updates the Apex One server program to remove the vulnerability.
(SEG-56341), (SEG-57814)
When the Trend Micro Data Loss Prevention(TM) (DLP) service is enabled on Apex One security agent computers, Google Chrome version 75 and higher versions may stop unexpectedly while accessing certain URLs.
Solution:
This hotfix updates the DLP module to resolve this issue.
(SEG-56100)
On the web console, "Advanced Search" from "Agents > Agent Management" page yields inaccurate results when the "Restart Required" is enabled and both "Update" and "Cleanup" options are selected.
Solution:
This hotfix updates the Apex One server program to resolve the problem.
(SEG-57258)
In Microsoft(TM) Windows(TM) 10, the new system process "MemCompression" may incorrectly trigger a false detection for violating the Device Access Control (DAC) policies.
Solution:
This hotfix updates the DAC policies to prevent the false alarms.
(SEG-58435)
Users are able to change to a password that contains German Umlaut characters but will not be allowed to log in to the web console after the change. The pop-up error message is not triggered that prevents from saving invalid password.
Solution:
This hotfix updates the server program to ensure that the corresponding pop-up error message that prevents users from saving invalid passwords is triggered correctly.
When users deploy an agent policy to enable or disable the Endpoint Sensor feature while registering or unregistering from the TIC at the same time, the policy deployment will fail.
Solution:
This hotfix updates the policy deployment mechanism to solve the policy conflict issue.
(SEG-58818)
After a hotfix is applied, the pattern version and last update time of "Certified Safe Software pattern" are reset to "0", and as a result, the wrong pattern information appears on the Apex Central dashboard.
Solution:
This hotfix updates the Apex One server files to resolve this issue.
This hotfix integrates an Antimalware Scan Interface (AMSI) for suspicious PowerShell detection to the Endpoint Sensor.
(SEG-54758)
The device control function does not work if the policy is deployed for a specific user and the username contains Hebrew characters.
Solution:
This hotfix updates Apex One security agent program to resolve the issue.
(SEG-57436)
The Smart Scan Service may behave abnormally on Apex One Security Agents when multiple proxy servers have been configured for each protocol (HTTP, Secure, FTP, Socks) in the Microsoft(TM) Internet Explorer(TM).
Solution:
This hotfix updates the Apex One Security Agent program to ensure that the Smart Scan Service works normally when multiple proxy servers are configured for Internet Explorer.
(SEG-56322)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the specified Microsoft Windows(TM) account that manages the existing Apex One SQL database does not have sufficient web service framework access permissions.
Solution:
This hotfix resolves the issue by updating the SQL Server Database Configuration Tool to add the Windows account to the IIS_IUSRS group to obtain the correct permissions.
Procedure:
To add the Windows account to the IIS_IUSRS group to obtain the correct permissions:
- Install this hotfix (see "Installation").
- On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click "SQLTxfr.exe" to run the tool.
- Provide the authentication credentials of the Windows account for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or Active Directory (AD) built-in administrator.
- Click "Start" to apply the configuration changes.
(SEG-55537)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because:
- The specified Windows account that manages the existing Apex One SQL database changes the logon credentials used to connect to the existing database.
- Users change the Authentication Type of the existing Apex One SQL database from "Windows Account" to "SQL Server Account".
Solution:
This hotfix updates the SQL Server Database Configuration Tool to ensure that the Apex One server uses the correct authentication credentials for the SQL Server database.
Procedure:
To ensure that the Apex One server uses the correct authentication credentials for the SQL Server database:
- Install this hotfix (see "Installation").
- On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click "SQLTxfr.exe" to run the tool.
- Provide the authentication credentials for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or AD built-in administrator.
- Click "Start" to apply the configuration changes.
(SEG-58926)
This hotfix improves the accuracy of the Apex One Application Control version reporting to Apex Central.
(SEG-58478)
The Apex One Security Agent service stops responding while starting after Apex One Hotfix 1141 is applied.
Solution:
This hotfix updates the Apex One security agent program to resolve this issue.
(SEG-57057), (SEG-59380)
An issue prevents users from successfully installing the Application Control agent on endpoints with Chinese computer names.
Solution:
This hotfix resolves the issue so the Application Control can be installed successfully on affected endpoints.
(SEG-59297)
The information in the "action" column on Data Loss Prevention(TM) (DLP) logs in Apex One server is not consistent with the corresponding information in the DLP logs on Apex Central server.
Solution:
This hotfix resolves the issue by modifying the wording in the "action" column in DLP logs on both the Apex One server and agents.
(SEG-58872), (SEG-59531)
An issue prevents the Trend Micro Advanced Threat Assessment Service from starting successfully.
Solution:
This hotfix resolves the issue.
(SEG-58404)
Garbled characters may appear in syslog if the language setting of the operating system contains Big-5 characters.
Solution:
This hotfix resolves the issue.
(SEG-53929)
The Apex One Endpoint Sensor cannot detect the dump of lsass.exe (Local Security Authority Process).
Solution:
This hotfix resolves this issue by adding hooking points for event correlation to detect the suspicious attack behavior.
(SEG-59121)
Advanced Threat Assessment has a new process that collects additional information.
(SEG-51255)
After a built-in Active Directory (AD) user group, for example "Administrators", is added in the "User Accounts" settings, and users login to Apex One using an AD account in this group, the Apex One console will not display any user or domain in "Agent Management" view.
Solution:
This hotfix updates Apex One server program to resolve the issue.
(SEG-59191)
This hotfix enables Apex One to support Microsoft Windows 8.0.
NOTE: If the security agent has been installed on Windows 8.0, it will be registered to the Apex One server after it restarts.
(SEG-59816)
This hotfix updates the Trend Micro Data Loss Prevention(TM) (DLP) module to ensure that it can block drag-and-drop file operations in Google Chrome 76 and 77.
(SEG-58126)
In certain environments, the Behavior Monitoring feature may add the "csrss.exe" file to the kernel exception later than expected which can then cause an interoperability issue that can trigger security agent computers to stop unexpectedly.
Solution:
This hotfix updates the Behavior Monitoring module and enables users to configure the Behavior Monitoring feature to add "csrss.exe" to the kernel exception earlier to prevent the interoperability issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the "AegisAsyncCsrssEvent" key and set its value to "1".
- [Global Setting]
- AegisAsyncCsrssEvent=1
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following registry entry on all security agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: AsyncCsrssEvent
- Type: DWORD
- Value: 1
- Restart the security agent
(SEG-60611)
Enhanced security policies may not be sent to Security Agents across the network successfully when users manage the Apex One server from the Apex Central web console. This happens when the Apex One SQL database is installed on a Microsoft(TM) SQL Server that users a collation method other than the default "SQL_Latin1_General_CP1_CI_AS".
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-58737)
This hotfix enables users to query the OSFWebApp web service status through the "svrsvcsetup.exe" tool using the following command on the Apex One server command prompt.
svrsvcsetup.exe -testosfwebapp
(SEG-58056)
This hotfix enables users to search for multiple agents on the "Agent Management" page by specifying multiple agent names in the "Search for endpoints" text box.
NOTES:
- Use a blank character " " delimiter to separate each agent name in the "Search for endpoints" text box.
- The field supports wildcard characters. Use a question mark "?" to represent a single character and an asterisk "*" to represent several characters.
- The field supports a maximum of 256 characters.
8. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2019, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide