Contents
1. Critical Patch Release Information 
Resolved Known Issues
This Critical Patch resolves the following issue(s):
Apex One security agents may encounter a blue screen of death (BSOD) when the Osprey kernel file (tmusa.sys) is unloaded unexpectedly.
Solution:
This critical patch updates the Trend Micro EagleEye Driver to resolve this issue.
A high CPU usage issue occurs on the Apex One server computer.
Solution:
This critical patch updates the Attack Discovery pattern to help prevent the high CPU usage issue on the Apex One server computer.
The PowerShell command line sometimes automatically converts uppercase characters to lowercase.
Solution:
This critical patch ensures that the PowerShell command line does not automatically convert uppercase characters to lowercase.
A potential process communication risk in the security agent exists in the Apex One server.
Solution:
This critical patch updates the Apex One server program to remove this vulnerability.
A potential file deletion issue with system privileges exists via a Directory Traversal vulnerability in security agents.
Solution:
This critical patch updates the Apex One server program to remove this vulnerability.
A potential issue with file uploads exists via a Directory Traversal vulnerability in security agents.
Solution:
This critical patch updates the Apex One server program to remove this vulnerability.
The "Plug-ins" page does not display normally when users Single Sign-On (SSO) to the Apex One web console from the Apex Central web console.
Solution:
This critical patch updates the Apex One server files to resolve this issue.
Enhancements
The following enhancements are included in this Critical Patch:
This critical patch integrates Windows Antimalware Scan Interface (AMSI) with Apex One to improve protection against malicious scripts.
Procedure:
To enable the new settings:
- Install this critical patch (see "Installation").
- Open the Apex One web console and go to the "Agent > agent management" page.
- Right-click to select the specific domain or agents and go to the "Settings > Behavior Monitoring Settings" screen.
- Tick the "Enable program inspection to detect and block compromised executable files" and "Terminate programs that exhibit abnormal behavior associated with exploit attacks".
- Save the changes.
- The Apex One server deploys the following registry entry on the selected security agent computers:
- Path:
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
- Key: EnableUMH / EnableUMHExploit
- Type: REG_DWORD
- Value: 1 (0x00000001)
This critical patch enhances the security of the Server Migration Tool.
This critical patch updates the program update checking logic on Apex One security agents to help ensure that only authentic program updates are applied.
This critical patch adds Endpoint Sensor features by enabling the use of on-premises Apex Central to manage on-premises Apex One servers. This enhancement requires users to upgrade on-premises Apex One servers to Build 2117 and on-premises Apex Central servers to Build 4363 or any higher build.
Files Included in this Release
A. Files for Current Issues
-------------------------------------------------------------------
Filename Build Number
------------------------------ ------------
Apex One\PCCSRV\Admin\Utility\EdgeServer\*.*
Apex One\PCCSRV\Admin\Utility\SQL\*.*
Apex One\PCCSRV\Pccnt\Disk1\*.*
Apex One\PCCSRV\
-------------------------------------------------------------------
AutoPcc.exe 14.0.0.2117
AUTOPCC.MSG *
AutoPccP.exe 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
DatFHS.dll 14.0.0.2059
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
loadhttp.dll 14.0.0.2059
ofc_loadhttp.dll 14.0.0.2059
OfcPfwCommon.dll 14.0.0.2059
OfcPIPC.dll 14.0.0.2059
OfcSvcConfig.exe 14.0.0.2117
readme.htm *
ssleay32.dll 1.0.2.20
SvrSvcSetup.exe 14.0.0.2117
Apex One\PCCSRV\Admin\
-------------------------------------------------------------------
Build.exe 2.86.0.2088
Build64.exe 2.86.0.2088
InstReg.exe 14.0.0.2059
loadhttp.dll 14.0.0.2059
ofc_loadhttp.dll 14.0.0.2059
patch.exe 2.86.0.2088
patch64.exe 2.86.0.2088
SetupMan.dll 14.0.0.2117
TmUpdate.dll 2.86.0.2088
TmUpdate64.dll 2.86.0.2088
TSC.exe 7.5.0.1137
TSC64.exe 7.5.0.1137
Wizard.exe 14.0.0.2059
Wizard_64x.exe 14.0.0.2059
Apex One\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
CLIENTMSISETUP_MSI *
ClnPack.exe 14.0.0.2117
ClnPack.ini *
OfcPfwCommon.dll 14.0.0.2059
tmCfwApi.dll 5.83.0.1064
Apex One\PCCSRV\Admin\Utility\IpXfer\
-------------------------------------------------------------------
IpXfer.exe 14.0.0.2059
IpXfer_x64.exe 14.0.0.2059
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x64\
-------------------------------------------------------------------
osfExt_iACClient_x64.dll 3.0.0.3014
osfExt_iATASClient_x64.dll 1.7.0.1035
osfExt_iESClient_x64.dll 3.0.0.1540
osfExt_iVPClient_x64.dll 3.0.0.2033
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x86\
-------------------------------------------------------------------
osfExt_iACClient.dll 3.0.0.3014
osfExt_iATASClient.dll 1.7.0.1035
osfExt_iESClient.dll 3.0.0.1540
osfExt_iVPClient.dll 3.0.0.2033
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iAC\
-------------------------------------------------------------------
osfExt_iACCMAGENT.dll 3.0.0.3014
osfExt_iACMasterService.dll 3.0.0.3014
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iES\
-------------------------------------------------------------------
osfExt_iESCMAGENT.dll 3.0.0.1540
osfExt_iESMasterService.dll 3.0.0.1540
Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iVP\
-------------------------------------------------------------------
osfExt_iVPCMAGENT.dll 3.0.0.2033
osfExt_iVPMasterService.dll 3.0.0.2033
Apex One\PCCSRV\Admin\Utility\ListDeviceInfo\
-------------------------------------------------------------------
listDeviceInfo.conf.ini *
listDeviceInfo.exe 6.2.0.1249
Apex One\PCCSRV\Admin\Utility\MessageQueue\
-------------------------------------------------------------------
libOsceMsmq.dll 14.0.0.2117
Apex One\PCCSRV\Admin\Utility\PolicyExportTool\
-------------------------------------------------------------------
ApexOneSettingsExportTool.exe 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
ServerMigrationTool.ex_ 14.0.0.2117
Apex One\PCCSRV\Admin\Utility\ServerMigrationTool\
-------------------------------------------------------------------
CGIOCommon.dll 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
OfcPfwCommon.dll 14.0.0.2059
ServerMigrationTool.exe 14.0.0.2117
Apex One\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
SqlTxfr.exe 14.0.0.2117
Apex One\PCCSRV\Admin\Utility\TCacheGen\
-------------------------------------------------------------------
TCacheGen.exe 14.0.0.2117
TCacheGen_x64.exe 14.0.0.2117
TCacheGenCli.exe 14.0.0.2117
TCacheGenCli_x64.exe 14.0.0.2117
Apex One\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
DatFHS.dll 14.0.0.2059
libeay32.dll 1.0.2.20
loadhttp.dll 14.0.0.2059
ssleay32.dll 1.0.2.20
TMVS.exe 14.0.0.2117
Apex One\PCCSRV\CmAgent\
-------------------------------------------------------------------
CGIResUTF8.dll 14.0.0.2117
DatFHS.dll 14.0.0.2059
En_I18N.dll 5.0.0.2363
En_Utility.dll 5.0.0.2363
libapr-1.dll 1.5.2.0
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
osfAgent.dll 14.0.0.2059
ProductLibrary.dll 14.0.0.2117
ProductUI.zip *
ssleay32.dll 1.0.2.20
TrendAprWrapperDll.dll 5.0.0.2363
zlibwapi.dll 1.2.11.1002
Apex One\PCCSRV\Download\
-------------------------------------------------------------------
ClnPack_files.xml *
Apex One\PCCSRV\Download\Engine\
-------------------------------------------------------------------
ATSE32.sig *
atse32.zip *
ATSE64.sig *
atse64.zip *
TMEBC32.sig *
TMEBC32.zip *
TMEBC64.sig *
TMEBC64.zip *
TSC.sig *
TSC.zip *
TSC64.sig *
TSC64.zip *
Apex One\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite.sig *
DlpLite_3rdParty.zip 6.2.1307
DlpLite_3rdParty_x64.zip 6.2.1307
DlpLite_Common.zip 6.2.1329
DlpLite_Common_x64.zip 6.2.1329
DlpLite_x64.sig *
Apex One\PCCSRV\Engine\
-------------------------------------------------------------------
atse32.dll 12.0.0.1008
ssapi32.dll 6.2.1.4035
TmAegisSysEvt.dll 2.98.0.1260
TmAMSIProvider.dll 8.50.0.2071
TMBMCLI.dll 2.98.0.1260
TMBMSRV.exe 2.98.0.1260
tmCfwApi.dll 5.83.0.1064
tmcomeng.dll 2.98.0.1260
TmEngDrv.dll 2.98.0.1260
tmHash.dll 5.83.0.1064
TMPEM.dll 2.98.0.1260
TmPfw.exe 5.83.0.1064
TmPfwApi.dll 5.83.0.1064
TmPfwRul.dll 5.83.0.1064
TmSysEvt.dll 8.50.0.2071
tmwlutil.dll 2.98.0.1260
Apex One\PCCSRV\Engine\CCSF\TrxHandler\
-------------------------------------------------------------------
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
ssleay32.dll 1.0.2.20
trxhandler.dll 1.100.0.1071
Apex One\PCCSRV\Engine\x64\
-------------------------------------------------------------------
atse64.dll 12.0.0.1008
ssapi64.dll 6.2.1.4035
TmAegisSysEvt.dll 2.98.0.1260
TmAMSIProvider64.dll 8.50.0.2071
TMBMCLI.dll 2.98.0.1260
TMBMSRV.exe 2.98.0.1260
tmCfwApi.dll 5.83.0.1064
tmcomeng.dll 2.98.0.1260
TmEngDrv.dll 2.98.0.1260
tmHash.dll 5.83.0.1064
TMPEM.dll 2.98.0.1260
TmPfw.exe 5.83.0.1064
TmPfwApi.dll 5.83.0.1064
TmPfwRul.dll 5.83.0.1064
TmSysEvt.dll 8.50.0.2071
tmwlutil.dll 2.98.0.1260
TSC64.exe 7.5.0.1137
Apex One\PCCSRV\Engine\x64\CCSF\TrxHandler\
-------------------------------------------------------------------
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
ssleay32.dll 1.0.2.20
trxhandler.dll 1.100.0.1071
Apex One\PCCSRV\OSF_Extension\iAC\
-------------------------------------------------------------------
osfExt_iACCMAGENT.dll 3.0.0.3014
osfExt_iACMasterService.dll 3.0.0.3014
Apex One\PCCSRV\OSF_Extension\iES\
-------------------------------------------------------------------
osfExt_iESCMAGENT.dll 3.0.0.1540
osfExt_iESMasterService.dll 3.0.0.1540
Apex One\PCCSRV\OSF_Extension\iVP\
-------------------------------------------------------------------
osfExt_iVPCMAGENT.dll 3.0.0.2033
osfExt_iVPMasterService.dll 3.0.0.2033
Apex One\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip *
NTRtScan.exe 14.0.0.2059
Apex One\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
CCSF_WIN32.zip *
CompRmv.exe 14.0.0.2059
DatFHS.dll 14.0.0.2059
fcWofieUI.dll 14.0.0.2059
ICRCHdler.dll 2.83.0.1021
libCNTTmPollingModule.dll 14.0.0.2059
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
loadhttp.dll 14.0.0.2059
NTRmv.exe 14.0.0.2059
ofc_loadhttp.dll 14.0.0.2059
OfcCCCAUpdate.exe 14.0.0.2059
OfcPfwCommon.dll 14.0.0.2059
OfcPfwSvc.dll 14.0.0.2059
OfcPIPC.dll 14.0.0.2059
osfAgent.dll 14.0.0.2059
osfExt_iACClient.dll 3.0.0.3014
osfExt_iATASClient.dll 1.7.0.1035
osfExt_iESClient.dll 3.0.0.1540
osfExt_iVPClient.dll 3.0.0.2033
PccNT.exe 14.0.0.2059
PccNTMon.exe 14.0.0.2059
ssleay32.dll 1.0.2.20
tmCfwApi.dll 5.83.0.1064
tmeectv.dll 3.5.0.1017
tmeesent.dll 3.5.0.1017
TmFpHcEx.exe 5.83.0.1064
tmHash.dll 5.83.0.1064
TmListen.exe 14.0.0.2059
TmListenShare.dll 14.0.0.2059
TmopCfg.dll 3.7.0.1134
Tmopcfscan.dll 3.7.0.1134
TmopCtl.dll 3.7.0.1134
TmopDbg.dll 3.7.0.1134
TmoppeCertPin.dll 3.7.0.1134
TmoppeEvts.dll 3.7.0.1134
TmoppeHosF.dll 3.7.0.1134
TmoppePDP.dll 3.7.0.1134
TmoppeSAL.dll 3.7.0.1134
TmoppeSsF.dll 3.7.0.1134
TmoppeUrlF.dll 3.7.0.1134
TmoppeVS.dll 3.7.0.1134
TmopphDns.dll 3.7.0.1134
TmopphHttp.dll 3.7.0.1134
TmopphHttp2.dll 3.7.0.1134
TmopphPop3.dll 3.7.0.1134
TmopphSmtp.dll 3.7.0.1134
TmopphSocks.dll 3.7.0.1134
TmopphSvrHello.dll 3.7.0.1134
TmopPlgAdp.dll 3.7.0.1134
Tmopsent.dll 3.7.0.1134
TmopsmHttp.dll 3.7.0.1134
TmopsmMail.dll 3.7.0.1134
TmopsmProxy.dll 3.7.0.1134
TmopsmSvrHello.dll 3.7.0.1134
TmPac.dll 14.0.0.2059
TmPfw.exe 5.83.0.1064
TmPfwApi.dll 5.83.0.1064
TmPfwCtl.dll 5.83.0.1064
TmPfwCtl_xp.dll 5.83.0.1064
TmPfwRul.dll 5.83.0.1064
TmSock.dll 14.0.0.2059
TmSSClient.exe 14.0.0.2059
tmufeng.dll 3.91.0.1021
TmWatchdog.dll 14.0.0.2059
TmWatchdog.exe 14.0.0.2059
tmwfpapi.dll 5.83.0.1064
Upgrade.exe 14.0.0.2059
WofieLauncher.exe 14.0.0.2059
Apex One\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat *
tmactmon.inf *
tmactmon.sys 2.98.0.1203
tmcomm.cat *
tmcomm.inf *
tmcomm.sys 8.20.0.1030
tmebc.cat *
TMEBC.inf *
TMEBC32.sys 1.5.0.1045
tmeevw.cat *
tmeevw.inf *
tmeevw.sys 3.5.0.1017
tmevtmgr.cat *
tmevtmgr.inf *
tmevtmgr.sys 2.98.0.1203
tmlwf.cat *
tmlwf.inf *
TMLWF.sys 5.83.0.1063
tmlwfins.exe 5.83.0.1063
tmwfp.cat *
tmwfp.inf *
TMWFP.sys 5.83.0.1063
tmwfpins.exe 5.83.0.1063
Apex One\PCCSRV\Pccnt\Drv\X64\
-------------------------------------------------------------------
tmactmon.cat *
tmactmon.inf *
tmactmon.sys 2.98.0.1203
tmcomm.cat *
tmcomm.inf *
tmcomm.sys 8.20.0.1030
tmebc.cat *
TMEBC.inf *
TMEBC64.sys 1.5.0.1045
tmeevw.cat *
tmeevw.inf *
tmeevw.sys 3.5.0.1017
tmevtmgr.cat *
tmevtmgr.inf *
tmevtmgr.sys 2.98.0.1203
tmlwf.cat *
tmlwf.inf *
TMLWF.sys 5.83.0.1063
tmlwfins.exe 5.83.0.1063
tmwfp.cat *
tmwfp.inf *
TMWFP.sys 5.83.0.1063
tmwfpins.exe 5.83.0.1063
Apex One\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
CCSF_X64.zip *
CompRmv.exe 14.0.0.2059
DatFHS.dll 14.0.0.2059
fcWofieUI.dll 14.0.0.2059
ICRCHdler.dll 2.83.0.1021
InstReg.exe 14.0.0.2059
libCNTTmPollingModule_64x.dll 14.0.0.2059
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
loadhttp_64x.dll 14.0.0.2059
NTRmv.exe 14.0.0.2059
Ntrtscan.exe 14.0.0.2059
ofc_loadhttp_64x.dll 14.0.0.2059
OfcCCCAUpdate.exe 14.0.0.2059
OfcPfwCommon_64x.dll 14.0.0.2059
OfcPfwSvc_64x.dll 14.0.0.2059
OfcPIPC_64x.dll 14.0.0.2059
osfagent_64x.dll 14.0.0.2059
osfExt_iACClient_x64.dll 3.0.0.3014
osfExt_iATASClient_x64.dll 1.7.0.1035
osfExt_iESClient_x64.dll 3.0.0.1540
osfExt_iVPClient_x64.dll 3.0.0.2033
PccNT.exe 14.0.0.2059
PccNTMon.exe 14.0.0.2059
ssleay32.dll 1.0.2.20
tmCfwApi.dll 5.83.0.1064
tmeectv.dll 3.5.0.1017
tmeesent.dll 3.5.0.1017
TmFpHcEx.exe 5.83.0.1064
tmHash.dll 5.83.0.1064
TmListen.exe 14.0.0.2059
TmListenShare_64x.dll 14.0.0.2059
TmopCfg.dll 3.7.0.1134
Tmopcfscan.dll 3.7.0.1134
TmopCtl.dll 3.7.0.1134
TmopDbg.dll 3.7.0.1134
TmoppeCertPin.dll 3.7.0.1134
TmoppeEvts.dll 3.7.0.1134
TmoppeHosF.dll 3.7.0.1134
TmoppePDP.dll 3.7.0.1134
TmoppeSAL.dll 3.7.0.1134
TmoppeSsF.dll 3.7.0.1134
TmoppeUrlF.dll 3.7.0.1134
TmoppeVS.dll 3.7.0.1134
TmopphDns.dll 3.7.0.1134
TmopphHttp.dll 3.7.0.1134
TmopphHttp2.dll 3.7.0.1134
TmopphPop3.dll 3.7.0.1134
TmopphSmtp.dll 3.7.0.1134
TmopphSocks.dll 3.7.0.1134
TmopphSvrHello.dll 3.7.0.1134
TmopPlgAdp.dll 3.7.0.1134
Tmopsent.dll 3.7.0.1134
TmopsmHttp.dll 3.7.0.1134
TmopsmMail.dll 3.7.0.1134
TmopsmProxy.dll 3.7.0.1134
TmopsmSvrHello.dll 3.7.0.1134
TmPac_64x.dll 14.0.0.2059
TmPfw.exe 5.83.0.1064
TmPfwApi.dll 5.83.0.1064
TmPfwCtl.dll 5.83.0.1064
TmPfwCtl_xp.dll 5.83.0.1064
TmPfwRul.dll 5.83.0.1064
TmSock_64x.dll 14.0.0.2059
TmSSClient.exe 14.0.0.2059
tmufeng.dll 3.91.0.1021
TmWatchdog.dll 14.0.0.2059
TmWatchdog.exe 14.0.0.2059
tmwfpapi.dll 5.83.0.1064
Upgrade.exe 14.0.0.2059
WofieLauncher.exe 14.0.0.2059
Apex One\PCCSRV\Private\
-------------------------------------------------------------------
DlpClc.xml *
Apex One\PCCSRV\Private\certificate\
-------------------------------------------------------------------
libeay32.dll 1.0.2.20
openssl.exe *
ssleay32.dll 1.0.2.20
Apex One\PCCSRV\Web\Service\
-------------------------------------------------------------------
atse32.dll 12.0.0.1008
Build.exe 2.86.0.2088
CGIOCommon.dll 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
CmdHOConsole.dll 14.0.0.2117
DatFHS.dll 14.0.0.2059
DbServer.exe 14.0.0.2117
libCmdHndlrClientV2.dll 14.0.0.2117
libCmdHndlrConsoleV2.dll 14.0.0.2117
libCmdHndlrSA.dll 14.0.0.2117
libcurl.dll 7.66.0.0
libcurl_ofc.dll 7.66.0.0
libeay32.dll 1.0.2.20
libLogHandler.dll 14.0.0.2117
libOsceMsmq.dll 14.0.0.2117
libOSFSvcClient.dll 14.0.0.2117
loadhttp.dll 14.0.0.2059
LogCache.dll 14.0.0.2117
ofc_loadhttp.dll 14.0.0.2059
OfcCCCAUpdate.exe 14.0.0.2059
OfcDBBackup.exe 14.0.0.2117
OfcDownload.dll 14.0.0.2117
OfcHotFix.exe 14.0.0.2117
OfcNotifyQueue.dll 14.0.0.2117
OfcPfwCommon.dll 14.0.0.2059
OfcPurgeLog.dll 14.0.0.2117
OfcService.exe 14.0.0.2117
osfAgent.dll 14.0.0.2059
patch.exe 2.86.0.2088
ssleay32.dll 1.0.2.20
TmUpdate.dll 2.86.0.2088
VerConn.exe 14.0.0.2117
Apex One\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
cgiLog.exe 14.0.0.2117
CGIOCommon.dll 14.0.0.2117
cgiRecvFile.exe 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
isapiClient.dll 14.0.0.2117
isapiClientx64.dll 14.0.0.2117
isapiClientX86.dll 14.0.0.2117
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
loadhttp.dll 14.0.0.2059
OfcPfwCommon.dll 14.0.0.2059
ssleay32.dll 1.0.2.20
SSO_PKIHelper.dll 5.0.0.2363
Apex One\PCCSRV\Web_OSCE\Web_Console\CGI\
-------------------------------------------------------------------
cgiAuthManagement.exe 14.0.0.2117
cgiCmdNotify.exe 5.0.0.2363
CGIOCommon.dll 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
cgiShowActiveDirectory.exe 14.0.0.2117
cgiShowAoS.exe 2.5.0.3005
cgiShowClientAdm.exe 14.0.0.2117
cgiShowComplianceReport.exe 14.0.0.2117
cgiShowLogs.exe 14.0.0.2117
fcgiOfcDDA.exe 14.0.0.2117
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
loadhttp.dll 14.0.0.2059
OfcPfwCommon.dll 14.0.0.2059
ssleay32.dll 1.0.2.20
SSO_PKIHelper.dll 5.0.0.2363
tmCfwApi.dll 5.83.0.1064
TmUpdate.dll 2.86.0.2088
TrendAprWrapperDll.dll 5.0.0.2363
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\ad_integration\
-------------------------------------------------------------------
ad_integration.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\
-------------------------------------------------------------------
bm_settings.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_list_2.htm *
client_move.htm *
client_ofsc_services.htm *
client_searchwindow.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
ln_common.js *
ln_logs.js *
trend-ui-opt_list.js *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\css\
-------------------------------------------------------------------
l10n-style.css *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.behavior_monitoring.js *
l10n.clientmag.js *
l10n.logs.js *
l10n.vdi.js *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\util\
-------------------------------------------------------------------
common.js *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\
-------------------------------------------------------------------
installing_computers.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\dlp\
-------------------------------------------------------------------
dlp_Entities_addedit.htm *
dlp_settings.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\logs\
-------------------------------------------------------------------
log_maintenance.htm *
logs_ccca.htm *
logs_pfw.htm *
logs_pfw_view.htm *
logs_spyware.htm *
logs_WebSecurity.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\root\
-------------------------------------------------------------------
turn_debug_onoff.htm *
Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\summary\
-------------------------------------------------------------------
summary_top10_osce.htm *
Apex One\PCCSRV\Web_OSCE\Web_console\HTML\tools\
-------------------------------------------------------------------
tools_admin_clients.htm *
Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\update\
-------------------------------------------------------------------
client_deployment_automatic.htm *
Apex One\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\
-------------------------------------------------------------------
CGIOCommon.dll 14.0.0.2117
cgiRemoteInstall.exe 14.0.0.2117
CGIResUTF8.dll 14.0.0.2117
libcurl.dll 7.66.0.0
libeay32.dll 1.0.2.20
loadhttp.dll 14.0.0.2059
SetupMan.dll 14.0.0.2117
Wizard.exe 14.0.0.2059
Wizard_64x.exe 14.0.0.2059
Apex One\PCCSRV\Download\Product\iService\
-------------------------------------------------------------------
hfx_iAC.zip *
hfx_iAC_x64.zip *
instupg_iAC.zip *
instupg_iAC_x64.zip *
hfx_iATAS.zip *
hfx_iATAS_x64.zip *
instupg_iATAS.zip *
instupg_iATAS_x64.zip *
instupg_iES.zip *
instupg_iES_x64.zip *
hfx_iVP.zip *
hfx_iVP_x64.zip *
instupg_iVP.zip *
instupg_iVP_x64.zip *
iServiceInst.ini *
iServiceUpd.ini *
B. Network Traffic Required in Deployment
-------------------------------------------------------------------
Estimated size (in terms of bandwidth) of deployed agent files
in this critical patch.
- 32-bit agent total = 226.3 MB
- 64-bit agent total = 287.5 MB
2. Documentation Set
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
- Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
- To access the Support Portal, go to http://esupport.trendmicro.com
3. System Requirements
4. Installation/Uninstallation
Installing
To install:
- Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
- Double-click the file. The modules are automatically copied to the correct destination.
This Critical Patch installation package automatically rolls back the Apex One server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.
Uninstalling
To manually roll back to the previous build:
- Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\Critical Patch_B2117" directory.
- Stop the Apex One Master Service.
- Stop the Apex One Apex Central Agent Service.
- Copy the backup modules to the original folders.
- Start the Apex One Apex Central Agent Service.
- Start the Apex One Master Service.
5. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
6. Known Issues
There are no known issues for this Critical Patch release.
7. Release History
Prior Hotfixes
Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.
(VRTS-3171)
A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(SEG-50319)
Changes in the Google API prevents Data Loss Prevention(TM) (DLP) from detecting sensitive information sent through Gmail in Google Chrome 73.
Solution:
This hotfix resolves the issue by enabling the DLP module to support the "Http/Https" and "Open file dialog" functionality in Google Chrome 73.
(SEG-49467)
The tmlisten service stops unexpectedly when users add an NIC description in the Personal Firewall (PFW) profile and deploy the profile to agents.
Solution:
This hotfix updates the Apex One Security Agent program to resolve the issue.
(SEG-49381)
The Smart Scan Pattern of File Reputation Services occupies a large amount of disk space on the Apex One server.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-48555)
When users install Apex One and use a domain account to connect to the database, the installation will not be able to create a database and iES will not be installed successfully.
Solution:
This hotfix updates the impersonate method to solve this issue.
(SEG-49534)
When the Apex One environment runs an sqlpackage older that 2016 or one that contains both x86 and x64 versions of version 2016, iES will not be able to create the database because of an incompatible sqlpackage version.
Solution:
This hotfix resolves the issue by enabling the installer to prioritize the x64 version of the sqlpackage during installation.
(SEG-50727)
When a user starts a Security Agent outside the corporate network, the Security Agent does not communicate on Online status to the Edge Relay Server.
Solution:
This hotfix updates Security Agent program to send an Online status to the Edge Relay Server as soon as the Security Agent program starts.
(SEG-51198)
The Apex One Application Control lockdown feature does not work after users switch to a different user account.
Solution:
This hotfix ensures that the feature works normally.
(SEG-50399)
This hotfix updates the DLP template to reduce the performance impact of Apex One.
(SEG-45353)
The Security Agent program may become corrupted when users install it from the MSI installation package (Windows Installer) using the wrong command in the command line.
Solution:
This critical patch enables the Apex One security agent installation to abort the MSI installation process if it encounters an unexpected command.
(SEG-49936), (SEG-49847)
An issue related to the Microsoft(TM) Excel(TM) files with macro content cannot be saved to a network shared folder from an endpoint, some Microsoft Excel temp files cannot be deleted after trying to save the files.
Solution:
This critical patch updates the Apex One security agent program to resolve this issue.
(SEG-50774)
This critical patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1903) May 2019 Update.
(VRTS-3389)
An unquoted service path enumeration vulnerability may allow an attacker administrator privileges to the Apex One security agent service.
Solution:
This hotfix updates the Apex One security agent program to remove the vulnerability.
(SEG-53931)
Coexisting Apex One security agents cannot set the server information of the Smart Protection Service Proxy correctly. When this happens, the coexisting agents do not send query requests through the Smart Protection Service proxy but directly to the Trend Micro Smart Protection Network instead. This may cause a connection issue if the agents cannot connect to the Internet.
Solution:
This hotfix updates the Apex One security agent program to resolve the issue.
(SEG-52575)
The installation status on the "Agent Installation Progress" page of the Apex One web console is inaccurate.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52409)
A specific keyword triggers the DLP template that does not have any criteria specified.
Solution:
This hotfix updates the DLP template to resolve this issue.
(SEG-50435)
The Connection Status (Online/Offline) of an agent on the web console changes each time a user logs on or off from the client computer.
Solution:
This hotfix updates the Apex One agent program to resolve the issue.
(SEG-52048)
Attempting to restart or stop the WMI service (winmgmt) is unsuccessful on endpoints with the Security Agent installed. The tmlisten service of the Security Agent has a dependency with the WMI service.
Solution:
This hotfix updates the Security Agent program to remove the WMI service dependency.
(SEG-52302)
When the Apex One server registers to the Apex Central server, the Apex One Master Service may stop unexpectedly because of an empty private key.
Solution:
This hotfix updates the Apex One server program to ensure that it can handle an empty public/private key.
(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)
An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.
Solution:
This hotfix helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.
(SEG-49807)
Users cannot export the Application Control criteria in Microsoft(TM) Internet Explorer(TM) or the Edge web browser.
Solution:
This hotfix updates the Apex Central files to resolve this issue.
(SEG-53729)
When the "Do not allow users to access the Security Agent console from the system tray or Windows Start menu setting" option is enabled on the Apex One web console, the Apex One Security Agent console cannot be accessed while "PccNT.exe" is running.
Solution:
This hotfix updates a parameter in "wofielauncher.exe" to resolve the issue.
(SEG-54390)
The Vulnerability Protection server service start up fails on platforms that disable Transport Layer Security (TLS) 1.0.
Solution:
This hotfix updates the Vulnerability Protection server to prevent the TLS version issue.
(SEG-51211)
Vulnerability Protection causes unusual CPU usage on some workstations and servers.
Solution:
This hotfix modifies the Vulnerability Protection service to prevent unusual CPU usage.
(VRTS-3314)
This hotfix adds a dynamic share key for Apex One security agents in the encryption and decryption algorithm.
(SEG-51005)
This hotfix adds new Regular Expressions to the Trend Micro Data Loss Prevention(TM) (DLP) Data Identifiers.
(SEG-47568)
This hotfix updates the Apex Central files to display more information about the Application Control violation log entries.
NOTE: This feature requires the installation of Apex Central hotfix 3919 or above.
(SEG-53904)
Security Agents with the Behavior Monitoring program inspection feature enabled may cause Adobe Acrobat/Reader to stop unexpectedly.
Solution:
This hotfix updates the program inspection feature to resolve this issue.
(SEG-52740)
When users attempt to configure the Device Control settings on an Apex One Security Agent by deploying a policy from the Apex Central web console, the Device Control settings cannot be applied on the agent if Data Loss Prevention(TM) (DLP) is not enabled on the agent.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52269)
If the activation (AC) key is deployed after its expiration date has been extended, the ES service will still receive the original expiration date.
Solution:
This hotfix ensures that the ES service will receive the AC key's new expiration date.
(SEG-54380)
The Endpoint Sensor may purge the Root Cause Analysis results by mistake when Apex Central is managing more than one Apex One server.
Solution:
This hotfix resolves the issue.
(SEG-52034)
In rare instances, the Endpoint Sensor may receive the investigation results from an agent at the same time that the same agent is being uninstalled. When this happens, the Endpoint Sensor may not be able to send all the results back to TIC.
Solution:
This hotfix prevents this issue.
(SEG-49402), (SEG-53432)
An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
Solution:
This hotfix prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.
(SEG-52560)
There is a typographical error in the "Type the full program path" hint on the "Behavior Monitoring Settings" page of the Apex One web console.
Solution:
This hotfix updates the Apex One server files to correct the error.
(SEG-48859)
An issue causes Apex One security agent remote installation to fail.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-52978)
An issue prevents the Data Loss Prevention(TM) (DLP) license from being deployed from Apex Central to Apex One.
Solution:
This hotfix adds support for the DLP AC key type to solve this issue.
(SEG-53295), (SEG-55029)
An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.
Solution:
This hotfix resolves the error so ATAS can start normally.
(SEG-53958)
The operating system may stop responding when users switch both the Scan Engine (VSAPI) and the Endpoint Sensor to debug mode at the same time using the Case Diagnostic Tool (CDT).
Solution:
This hotfix resolves the issue by ensuring that CDT works normally when both VSAPI and Endpoint Sensor are enabled.
(SEG-40590)
An Apex One agent that runs on Windows 7 and automatically detects proxy settings will not be able to connect to the Apex One server.
Solution:
This hotfix resolves the issue by updating the Apex One agent program to ensure that it can retrieve the correct proxy configuration.
(SEG-53180), (SEG-56186)
When the agents call "cgiOnScan.exe" and fails, the system keeps resending the request without waiting. This issue generates lots of records in the IIS log.
Solution:
This hotfix updates the Apex One agent program to wait for few seconds before retrying.
(SEG-53304)
This hotfix enables Apex One to send "Dropped" and "Accepted" action results in firewall violation logs to Apex Central. This ensures that both action results display normally on Apex Central instead of being displayed as "unknown".
(SEG-55009)
TmListen stops unexpectedly when the Apex One agent queries Suspicious Object (SO) information that contains a null notify setting.
Solution:
This critical patch updates Apex One agent program to resolve the issue.
(SEG-53351), (SEG-55781)
On the 64-bit Microsoft (TM) Windows (TM) 10 platform, an error occurs while running a 64-bit debug script in Microsoft Visual Studio 2017.
Solution:
This critical patch updates the Behavior Monitoring Module to prevent the error.
(SEG-54736)
The Apex One server may not be able to register to the Apex Central server if the TLS 1.2 protocol is enabled on Apex One servers only.
Solution:
This critical patch updates the Apex One server program to resolve this issue.
Procedure:
To apply the solution:
- Install this critical patch (see "Installation").
- Open the "Agent.ini" file in the "\PCCSRV\CmAgent\" folder on the Apex One server installation directory using a text editor.
- Under the "Network" section, manually modify the value of the following key.
- [Network]
- SSL_Cipher_List=ECDHE-RSA-AES256-GCM-SHA384
- Save the changes and close the file.
- Unregister from the Apex Central server.
- Register the Apex Central again.
(SEG-52386)
The Apex One server tool "IpXfer.exe" cannot run properly when the Apex One Security Agent is offline.
Solution:
This critical patch updates Apex One server tools to resolve this issue.
(SEG-54240)
The Apex One server updates the timestamp of the Last Spyware Scan (Manual) according to the last connection establishment time.
Solution:
This critical patch updates the Apex One server program to ensure that the last Spyware Scan (Manual) time is updated accurately.
(SEG-54167)
When users create a "Setup" installer package for the Apex One security agent using Agent Packager, the Vulnerability Protection and Application Control agent installers are not included by default.
Solution:
This critical patch updates the Apex One server program to ensure that the Agent Packager includes both installers in the Apex One security agent "Setup" installer package.
(SEG-56087)
The digital signature of some DLP files are expired.
Solution:
This critical patch updates the DLP module to update the digital signatures.
(SEG-52955)
The DLP module does not work on the Microsoft Edge web browser.
Solution:
This critical patch updates the DLP module to resolve this issue.
Procedure:
To enable Apex One security agents to block sensitive information on the Edge web browser.
- Install this critical patch (see "Installation").
- Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the Apex One server.
- Under the "Configure" section, manually add the following key and value.
- [Configure]
- ENABLE_DYNAMIC_CODE_POLICY=true
- Save the changes and close the file.
- Open the Apex One web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
- Click "Save" to deploy the settings to agents. The Apex One server deploys the settings to Apex One agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
- enable_dynamic_code_policy=true
(SEG-57250), (SEG-57429)
Users cannot expand the domains or add spyware/greyware detections into the approve list on the Apex One server web console.
Solution:
This critical patch updates the Apex One server files to resolve this issue.
(SEG-55399)
Duplicate Apex One agents appear in the Microsoft Windows Startup console.
Solution:
This critical patch updates the Apex One server programs to resolve this issue.
(SEG-56828)
When the trust permission of the Application Control Criteria is set to "Inheritable execution rights", the criteria information remains on the Apex One Security Agent database after users remove the criteria from the policy setting.
Solution:
This critical patch ensures that the criteria information can be removed normally from Apex One Security Agents.
(SEG-57659)
In rare situations, the Apex One Vulnerability Protection program uses up a huge amount of memory when processing a large number of Intrusion Prevention logs.
Solution:
This critical patch prevents the high memory usage issue when the Apex One Vulnerability Protection program processes a large number of Intrusion Prevention logs.
(SEG-57454)
The Apex One server does not send the policy information to Apex Central after deploying a policy.
Solution:
This issue updates the Apex One server program to resolve this issue.
(SEG-53295), (SEG-55029)
An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.
Solution:
This critical patch resolves the error so ATAS can start normally.
(SEG-49402), (SEG-53432)
An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
Solution:
This critical patch prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.
(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)
An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.
Solution:
This critical patch helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.
(SEG-57949), (SEG-53820)
The Trend Micro Vulnerability Protection Service cannot start while processing a specific certificate.
Solution:
This critical patch updates the Apex One Vulnerability Protection server to prevent the certificate processing error.
(SEG-56264)
This critical patch updates some Apex One files to detect inconsistent certifications from the Microsoft Management Console certificate store. If it detects an inconsistency, Apex One will automatically recover the authentication file (OfcIPCer.dat) from the Microsoft Management Console certificate store on the Apex One server.
(SEG-55353)
During license key deployment, Endpoint Sensor may not be able to receive the product key and storage key properties.
Solution:
This hotfix improves the Apex One server's key deployment mechanism to solve this issue.
(SEG-55841), (SEG-57122)
Some Security Agents may be unable to retrieve new policy settings from the Apex Central server.
Solution:
This hotfix purges old policy records from the policy tracking table to fix this issue.
(SEG-57410)
The Endpoint Sensor on Apex One agents may not be able to calculate the hash value of a specific process which can prevent the terminate process function from terminating the process.
Solution:
This hotfix updates the Endpoint Sensor hash calculation mechanism to resolve this issue.
(SEG-53875)
The Endpoint Sensor feature has been enhanced to only monitor and record memory "Read" events for the lsaas.exe process. All other "Read" events are ignored. In addition, a cache has been implemented for processes that open the memory "Write" event to avoid recording duplicated events that may cause a resource issue on the endpoint.
(VRTS-3537)
The "Active Directory Integration" page may expose the credential key when the page is opened with developer tools on a web browser.
Solution:
This hotfix updates the Apex One server program to remove the vulnerability.
(SEG-56341), (SEG-57814)
When the Trend Micro Data Loss Prevention(TM) (DLP) service is enabled on Apex One security agent computers, Google Chrome version 75 and higher versions may stop unexpectedly while accessing certain URLs.
Solution:
This hotfix updates the DLP module to resolve this issue.
(SEG-56100)
On the web console, "Advanced Search" from "Agents > Agent Management" page yields inaccurate results when the "Restart Required" is enabled and both "Update" and "Cleanup" options are selected.
Solution:
This hotfix updates the Apex One server program to resolve the problem.
(SEG-57258)
In Microsoft(TM) Windows(TM) 10, the new system process "MemCompression" may incorrectly trigger a false detection for violating the Device Access Control (DAC) policies.
Solution:
This hotfix updates the DAC policies to prevent the false alarms.
(SEG-58435)
Users are able to change to a password that contains German Umlaut characters but will not be allowed to log in to the web console after the change. The pop-up error message is not triggered that prevents from saving invalid password.
Solution:
This hotfix updates the server program to ensure that the corresponding pop-up error message that prevents users from saving invalid passwords is triggered correctly.
When users deploy an agent policy to enable or disable the Endpoint Sensor feature while registering or unregistering from the TIC at the same time, the policy deployment will fail.
Solution:
This hotfix updates the policy deployment mechanism to solve the policy conflict issue.
(SEG-58818)
After a hotfix is applied, the pattern version and last update time of "Certified Safe Software pattern" are reset to "0", and as a result, the wrong pattern information appears on the Apex Central dashboard.
Solution:
This hotfix updates the Apex One server files to resolve this issue.
This hotfix integrates an Antimalware Scan Interface (AMSI) for suspicious PowerShell detection to the Endpoint Sensor.
(SEG-54758)
The device control function does not work if the policy is deployed for a specific user and the username contains Hebrew characters.
Solution:
This hotfix updates Apex One security agent program to resolve the issue.
(SEG-57436)
The Smart Scan Service may behave abnormally on Apex One Security Agents when multiple proxy servers have been configured for each protocol (HTTP, Secure, FTP, Socks) in the Microsoft(TM) Internet Explorer(TM).
Solution:
This hotfix updates the Apex One Security Agent program to ensure that the Smart Scan Service works normally when multiple proxy servers are configured for Internet Explorer.
(SEG-56322)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the specified Microsoft Windows(TM) account that manages the existing Apex One SQL database does not have sufficient web service framework access permissions.
Solution:
This hotfix resolves the issue by updating the SQL Server Database Configuration Tool to add the Windows account to the IIS_IUSRS group to obtain the correct permissions.
Procedure:
To add the Windows account to the IIS_IUSRS group to obtain the correct permissions:
- Install this hotfix (see "Installation").
- On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click "SQLTxfr.exe" to run the tool.
- Provide the authentication credentials of the Windows account for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or Active Directory (AD) built-in administrator.
- Click "Start" to apply the configuration changes.
(SEG-55537)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because:
- The specified Windows account that manages the existing Apex One SQL database changes the logon credentials used to connect to the existing database.
- Users change the Authentication Type of the existing Apex One SQL database from "Windows Account" to "SQL Server Account".
Solution:
This hotfix updates the SQL Server Database Configuration Tool to ensure that the Apex One server uses the correct authentication credentials for the SQL Server database.
Procedure:
To ensure that the Apex One server uses the correct authentication credentials for the SQL Server database:
- Install this hotfix (see "Installation").
- On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
- Double-click "SQLTxfr.exe" to run the tool.
- Provide the authentication credentials for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or AD built-in administrator.
- Click "Start" to apply the configuration changes.
(SEG-58926)
This hotfix improves the accuracy of the Apex One Application Control version reporting to Apex Central.
(SEG-58478)
The Apex One Security Agent service stops responding while starting after Apex One Hotfix 1141 is applied.
Solution:
This hotfix updates the Apex One security agent program to resolve this issue.
(SEG-57057), (SEG-59380)
An issue prevents users from successfully installing the Application Control agent on endpoints with Chinese computer names.
Solution:
This hotfix resolves the issue so the Application Control can be installed successfully on affected endpoints.
(SEG-59297)
The information in the "action" column on Data Loss Prevention(TM) (DLP) logs in Apex One server is not consistent with the corresponding information in the DLP logs on Apex Central server.
Solution:
This hotfix resolves the issue by modifying the wording in the "action" column in DLP logs on both the Apex One server and agents.
(SEG-58872), (SEG-59531)
An issue prevents the Trend Micro Advanced Threat Assessment Service from starting successfully.
Solution:
This hotfix resolves the issue.
(SEG-58404)
Garbled characters may appear in syslog if the language setting of the operating system contains Big-5 characters.
Solution:
This hotfix resolves the issue.
(SEG-53929)
The Apex One Endpoint Sensor cannot detect the dump of lsass.exe (Local Security Authority Process).
Solution:
This hotfix resolves this issue by adding hooking points for event correlation to detect the suspicious attack behavior.
(SEG-59121)
Advanced Threat Assessment has a new process that collects additional information.
(SEG-51255)
After a built-in Active Directory (AD) user group, for example "Administrators", is added in the "User Accounts" settings, and users login to Apex One using an AD account in this group, the Apex One console will not display any user or domain in "Agent Management" view.
Solution:
This hotfix updates Apex One server program to resolve the issue.
(SEG-59191)
This hotfix enables Apex One to support Microsoft Windows 8.0.
NOTE: If the security agent has been installed on Windows 8.0, it will be registered to the Apex One server after it restarts.
(SEG-59816)
This hotfix updates the Trend Micro Data Loss Prevention(TM) (DLP) module to ensure that it can block drag-and-drop file operations in Google Chrome 76 and 77.
(SEG-58126)
In certain environments, the Behavior Monitoring feature may add the "csrss.exe" file to the kernel exception later than expected which can then cause an interoperability issue that can trigger security agent computers to stop unexpectedly.
Solution:
This hotfix updates the Behavior Monitoring module and enables users to configure the Behavior Monitoring feature to add "csrss.exe" to the kernel exception earlier to prevent the interoperability issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the "AegisAsyncCsrssEvent" key and set its value to "1".
- [Global Setting]
- AegisAsyncCsrssEvent=1
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following registry entry on all security agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
- Key: AsyncCsrssEvent
- Type: DWORD
- Value: 1
- Restart the security agent
(SEG-60611)
Enhanced security policies may not be sent to Security Agents across the network successfully when users manage the Apex One server from the Apex Central web console. This happens when the Apex One SQL database is installed on a Microsoft(TM) SQL Server that users a collation method other than the default "SQL_Latin1_General_CP1_CI_AS".
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-58737)
This hotfix enables users to query the OSFWebApp web service status through the "svrsvcsetup.exe" tool using the following command on the Apex One server command prompt.
svrsvcsetup.exe -testosfwebapp
(SEG-58056)
This hotfix enables users to search for multiple agents on the "Agent Management" page by specifying multiple agent names in the "Search for endpoints" text box.
NOTES:
- Use a blank character " " delimiter to separate each agent name in the "Search for endpoints" text box.
- The field supports wildcard characters. Use a question mark "?" to represent a single character and an asterisk "*" to represent several characters.
- The field supports a maximum of 256 characters.
(VRTS-3681)
A directory traversal vulnerability may allow an attacker to log on to the Apex One Management Console as a root user.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(VRTS-3708)
A command injection vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in Apex One server.
Solution:
This critical patch updates the Apex One server program to remove the vulnerability.
(SEG-50003)
This hotfix provides a way to delay Application Control hooking events while an endpoint computer starts up.
Procedure:
To apply this solution:
- Install this hotfix (see "Installation").
- Unload the Apex One security agent.
- Open the registry editor, add the following key, and specify the preferred time delay in minutes:
- Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\iACAgent\DelayLoadAC
- Type: DWORD
- Valid Range: 0-10 (min)
- Restart the Apex One security agent.
(SEG-61081)
The Apex One security agent does not send the "Logon User" information to the Apex One server when the Apex One server restricts the user's access to the security agent console only from the system tray or from the Microsoft(TM) Windows(TM) "Start" menu.
Solution:
This hotfix updates the Apex One security agent program to ensure that Apex One security agents send the "Logon User" information to the Apex One server under the scenario described above.
(SEG-57796)
The Apex One Endpoint Sensor receives several user mode events that can prevent Microsoft(TM) RemoteApp from updating the event source.
Solution:
The Apex One Endpoint Sensor changes the event source from User mode to kernel mode to resolve this issue.
(SEG-60179)
The Export Info Tool stops unexpectedly when querying virus logs.
Solution:
This hotfix updates the Apex One server program to resolve the issue.
(SEG-58746)
Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the Apex One server does not handle the license key string properly.
Solution:
This hotfix updates the Apex One server program to resolve this issue.
(SEG-46847)
The Apex One NT Listener service (TmListen.exe) may cause a high CPU usage issue on security agents.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV" folder of the Apex One server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "1".
- [Global Setting]
- IgnoreScanIncompleteFlagFromServer=1
- Save the changes and close the file.
- Open the Apex One Web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One agents and adds the following registry entry on all Apex One agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\URL Filtering
- Key: IgnoreScanIncompleteFlagFromServer
- Type: DWORD
- Value: 1
(SEG-58250)
The Trend Micro Vulnerability Scanner (TMVS) cannot perform remote installation when the logon account password includes special characters.
Solution:
This hotfix updates TMVS to resolve this issue.
(VRTS-3564)
On the Apex One web console, users may be able to view the user account that have just been logged out by pressing the back button of the web browser.
Solution:
This hotfix updates the Apex One server program to prevent this issue from occurring.
(VRTS-3567), (VRTS-3605)
On the Apex One web console, the "PHPSESSID" and "wf_CSRF_token" cookies are the same for every logon session.
Solution:
This hotfix ensures that the widget framework generates new "PHPSESSID" and "wf_CSRF_token" cookies for each new logon session.
(SEG-62734)
An issue prevents the Apex One server from deploying the following settings to Apex One security agents properly.
Under the "Privileges and Other Settings > Other Settings".
- Do not allow users to access the Security Agent console from the system tray or Windows Start menu
Solution:
This hotfix updates the Apex One server program to resolve the issue.
(SEG-58210)
The maximum supported character length of the following registry key on Apex One security agents may be insufficient to save the proxy exceptions list.
- [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
- WinProxySpecifiedProxyBypass
Solution:
This hotfix extends the registry key's maximum supported character length to resolve this issue.
(SEG-59016)
A performance issue occurs on Apex One agent computers because a module generates a large number of logs.
Solution:
This hotfix updates the user mode event related module to version 8.5.2065 to solve the issue.
(SEG-63106)
The Apex One Predictive Machine Learning feature may prevent users from running scripts through a third-party application normally.
Solution:
This hotfix provides a way for users to make and edit a list of approved programs to run with deferred scanning by Predictive Machine Learning to prevent these issues.
Procedure:
To create and edit the list of approved programs to run with deferred scanning by Predictive Machine Learning:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the following keys and specify each approved program separately.
- [Global Setting]
- DS_ProcessCount=the number of programs in the approved list, supports any integer from 1 to 1000
- DS_ProcessName000=process name of the approved program, where "000" notes the first item on the list
For example:
- [Global Setting]
- DS_ProcessCount=2
- DS_ProcessName000=cscript.exe
- DS_ProcessName001=wscript.exe
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following entries of TXS.ini on all security agent computers:
- [TrendX_Settings]
- DS_ProcessCount=2
- DS_ProcessName000="The encrypted string of the preferred program"
- DS_ProcessName001="The encrypted string of the preferred program"
(SEG-61011)
The Apex One Vulnerability Protection service cannot start successfully on the Turkish version of the Microsoft(TM) Windows(TM) server platform because it uses the all caps version of the database column name, "SYSTEMVERSİONID".
Solution:
This patch updates the database column name in the Apex One Vulnerability Protection server to "SystemVersionID" to resolve this issue.
(SEG-54980)
A program on an endpoint triggers the Behavior Monitoring module.
Solution:
This patch adds a command related to the program to the exception list to solve this issue.
Procedure:
To apply and deploy the solution globally:
- Install this patch (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the following keys and values.
- [Global Setting]
- AegisSPSetCMDCount=1
- AegisSPSetCMDSubImagePath0=C:\Windows\System32\cmd.exe
- AegisSPSetCMDImagePath0=certutil.exe
- AegisSPSetCMDCmdLine0=-urlcache-splithttpzip*
- AegisSPSetCMDAct0=0
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the settings to agents. The Apex One server deploys the command to security agents and adds the following registry entries on all security agent computers:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDCount
- Type: DWORD
- Value: 1
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDSubImagePath0
- Type: REG_SZ
- Value: C:\Windows\System32\cmd.exe
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDCmdLine0
- Type: REG_SZ
- Value: -urlcache-splithttpzip*
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDImagePath0
- Type: REG_SZ
- Value: certutil.exe
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
- Key: AegisSPSetCMDAct0
- Type: DWORD
- Value: 0
- Restart the security agent
(SEG-63171)
This patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1909) November 2019 Update.
(SEG-60079)
This patch adds a mechanism that can help reduce the probability of errors during Apex One server and Apex One security agent updates.
(SEG-65916)
On computers with low specifications, the Application Control agent may run into performance issues when several applications installed on the computer match the Application Control criteria.
Solution:
This hotfix helps prevent the performance issues by enabling the Application Control agent to store matched applications in the criteria cache after these applications run for the first time.
(SEG-64308), (SEG-65121)
A "Failed to get server certificate." error appears on the installation log during Advanced Threat Assessment Service installation.
Solution:
This hotfix resolves the error so the Advanced Threat Assessment Service can be installed successfully.
(SEG-63775)
The real-time scan exception settings from the Apex One security agent are restored unexpectedly after an Apex One security agent update.
Solution:
This hotfix updates the Apex One security agent program to preserve the current real-time scan exception settings after an Apex One security agent update.
(SEG-49768)
The Apex One agent keeps track of un-scanned files but does not send the information to the server, so users do not see the information on the Apex One server.
This hotfix enables Apex One agents to upload un-scanned file logs to the "C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Log\UnScanFile" folder on the server.
(SEG-66016)
When administrators set the Internet proxy settings from the browser, the Apex One Security proxy always applies the Internet proxy settings to update components from the Trend Micro Global ActiveUpdate server instead of the Apex One server.
Solution:
This hotfix enables the Security Agent console to allow administrators the option to choose and apply "Use Windows Internet Options Settings" when updating components.
By default, the system does not apply and update components from the Apex One server.
(SEG-65326)
The Application Control agent service is dependent on some Microsoft(TM) Windows(TM) services. If some Windows services are not running, the system does not start the Application Control agent service.
Solution:
This hotfix resolves the Application Control agent service dependency issue. After applying this hotfix, the Application Control agent service starts some Windows services automatically as it is starts up.
(SEG-67082)
The system cannot successfully install the Application Control server if the SQL server contains a semi-colon (";") in its password.
Solution:
This hotfix resolves this issue so that the system can install the Application Control server successfully.
(SEG-64933)
Data Loss Prevention(TM) (DLP) feature may slow down the performance of certain web applications on the Apex One Security agent.
Solution:
This hotfix updates the DLP module to resolve this issue.
(SEG-62262)
The 3rd-party ICE WebStart program cannot be launched while the Apex One Firewall service is running.
Solution:
This hotfix updates the Trend Micro Apex One Firewall components and provides a way to prevent this issue from occurring.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the Apex One server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "256".
- [Global Setting]
- PFW_KEventMaxCount=256
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One agents and adds the following registry entry on all Apex One agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmWfp\Parameters
- Key: KEventMaxCount
- Type: REG_DWORD
- Value: 256 (0x100)
- Restart the Apex One agent machines.
(SEG-57361)
The Apex One Behavior Monitoring feature may prevent users from opening Microsoft Office applications normally and may cause high CPU usage issues on protected computers.
Solution:
This hotfix updates the Apex One agent program to resolve this issue.
Procedure:
To apply and deploy the solution globally:
- Install this hotfix (see "Installation").
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
- Under the "Global Setting" section, manually add the "UnregUMHEventList" key and set its value to "140".
- [Global Setting]
- UnregUMHEventList=140
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following registry entry on all security agent computers:
- Path:
- For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
- For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
- Key: UnregUMHEventList
- Type: String
- Value: "The encrypted string with the prefix !CRYPTEX!"
- Restart the Apex One security agent.
(SEG-64723)
This hotfix enables the Apex One server to download the list of approved mobile devices and USB storage devices from the Device Control settings in the Apex Central server and to deploy the list to Apex One security agents.
Procedure:
To configure Apex One server to download and deploy the Device Control approved list of mobile devices and USB storage devices from the Apex Central server to all Apex One security agents:
- Run the Device List Tool (listDeviceInfo.exe) to retrieve the device information. The tool provides Vendor, Model, Serial ID, and Device information for each device.
- Make a Device Control approved list in CSV file format specifying the Vendor, Model, Serial ID, and Device information of mobile devices and USB storage devices.
For example:
- 05AC,12A8,35AD13C948ECD47904B2B7AD4D5E8AFBF4C70C48,Mobile Devices
- ADATA,DC1A,285252344010000C,USB Storage Devices
NOTE: The "Device" field is optional, if there is no device type listed in the CSV file, it will be treated as "USB Storage Devices".
- Copy the CSV file to the Apex Central server in the "\Trend Micro\Control Manager\WebUI\WebApp\widget\repository\widgetPool\product\OSCE\" folder and rename the CSV file as "dc_dev_exception.csv".
NOTE: Users can import the Device Control approved list from the "Policies > Policy Resources > Device Control Allowed Devices" page of the Apex Central console.
- Deploy an Apex One Security Agent policy with Device Control setting to agents from the Apex Central console. All agents will receive the approved list.
NOTE: On the Apex One server, users can check the "DC_GLOBAL_DEV_EXCEPTION" section in "dlp.ini" file under the "\PCCSRV\Private" folder.
For example:
- [DC_GLOBAL_DEV_EXCEPTION]
- DevExceptionGlobalCount=2
- DevExceptionGlobal_00000000= VendorName,Model,serialNo,1(USB Storage Devices)
- DevExceptionGlobal_00000001=VendorName,Model,serialNo,2097152(Mobile Devices)
On the Apex One security agent, users can check the "dc_in.xml" and "dc_out.xml" file under the "\Security Agent\dlplite" folder.
For example:
- <usbException exceptionDeviceType="0x00000001"(USB Storage Devices) serialNo="xxxxxxxx" model=" xxxxxxxx " vendorName="xxxxxxxx "/>
- <usbException exceptionDeviceType="0x00200000"(Mobile Devices) serialNo=" xxxxxxxx " model=" xxxxxxxx " vendorName="xxxxxxxx "/>
(SEG-64515)
This hotfix removes the "Enable debug log" check box from the "Debug Log Setting" window in the Apex One console.
8. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2020, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
10. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide