1. Critical Patch Release Information

Resolved Known Issues

This Critical Patch resolves the following issue(s):

Issue 1 (SEG-65040)

Apex One security agents may encounter a blue screen of death (BSOD) when the Osprey kernel file (tmusa.sys) is unloaded unexpectedly.

Solution:

This critical patch updates the Trend Micro EagleEye Driver to resolve this issue.

Issue 2 (SEG-66375)

A high CPU usage issue occurs on the Apex One server computer.

Solution:

This critical patch updates the Attack Discovery pattern to help prevent the high CPU usage issue on the Apex One server computer.

Issue 3 (SEG-64431), (SEG-66778), (SEG-66166)

The PowerShell command line sometimes automatically converts uppercase characters to lowercase.

Solution:

This critical patch ensures that the PowerShell command line does not automatically convert uppercase characters to lowercase.

Issue 4 (VRTS-3677)

A potential process communication risk in the security agent exists in the Apex One server.

Solution:

This critical patch updates the Apex One server program to remove this vulnerability.

Issue 5 (VRTS-3745), (VRTS-3746)

A potential file deletion issue with system privileges exists via a Directory Traversal vulnerability in security agents.

Solution:

This critical patch updates the Apex One server program to remove this vulnerability.

Issue 6 (VRTS-3790)

A potential issue with file uploads exists via a Directory Traversal vulnerability in security agents.

Solution:

This critical patch updates the Apex One server program to remove this vulnerability.

Issue 7 (SEG-68495)

The "Plug-ins" page does not display normally when users Single Sign-On (SSO) to the Apex One web console from the Apex Central web console.

Solution:

This critical patch updates the Apex One server files to resolve this issue.

Enhancements

The following enhancements are included in this Critical Patch:

Enhancement 1 (SEG-62472)

This critical patch integrates Windows Antimalware Scan Interface (AMSI) with Apex One to improve protection against malicious scripts.

Procedure:

To enable the new settings:

  1. Install this critical patch (see "Installation").
  2. Open the Apex One web console and go to the "Agent > agent management" page.
  3. Right-click to select the specific domain or agents and go to the "Settings > Behavior Monitoring Settings" screen.
  4. Tick the "Enable program inspection to detect and block compromised executable files" and "Terminate programs that exhibit abnormal behavior associated with exploit attacks".
  5. Save the changes.
  6. The Apex One server deploys the following registry entry on the selected security agent computers:
  • Path:

    • For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
    • For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
  • Key: EnableUMH / EnableUMHExploit
  • Type: REG_DWORD
  • Value: 1 (0x00000001)

Enhancement 2 (VRTS-4061)

This critical patch enhances the security of the Server Migration Tool.

Enhancement 3 (VRTS-4060)

This critical patch updates the program update checking logic on Apex One security agents to help ensure that only authentic program updates are applied.

Enhancement 4 (SEG-69438)

This critical patch adds Endpoint Sensor features by enabling the use of on-premises Apex Central to manage on-premises Apex One servers. This enhancement requires users to upgrade on-premises Apex One servers to Build 2117 and on-premises Apex Central servers to Build 4363 or any higher build.

Files Included in this Release

A. Files for Current Issues
-------------------------------------------------------------------
Filename                                               Build Number
------------------------------                         ------------
Apex One\PCCSRV\Admin\Utility\EdgeServer\*.*

Apex One\PCCSRV\Admin\Utility\SQL\*.*

Apex One\PCCSRV\Pccnt\Disk1\*.*

Apex One\PCCSRV\
-------------------------------------------------------------------
AutoPcc.exe                                            14.0.0.2117             
AUTOPCC.MSG                                                 *                  
AutoPccP.exe                                           14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
DatFHS.dll                                             14.0.0.2059             
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
loadhttp.dll                                           14.0.0.2059             
ofc_loadhttp.dll                                       14.0.0.2059             
OfcPfwCommon.dll                                       14.0.0.2059             
OfcPIPC.dll                                            14.0.0.2059             
OfcSvcConfig.exe                                       14.0.0.2117             
readme.htm                                                  *                  
ssleay32.dll                                           1.0.2.20                
SvrSvcSetup.exe                                        14.0.0.2117             

Apex One\PCCSRV\Admin\
-------------------------------------------------------------------
Build.exe                                              2.86.0.2088             
Build64.exe                                            2.86.0.2088             
InstReg.exe                                            14.0.0.2059             
loadhttp.dll                                           14.0.0.2059             
ofc_loadhttp.dll                                       14.0.0.2059             
patch.exe                                              2.86.0.2088             
patch64.exe                                            2.86.0.2088             
SetupMan.dll                                           14.0.0.2117             
TmUpdate.dll                                           2.86.0.2088             
TmUpdate64.dll                                         2.86.0.2088             
TSC.exe                                                7.5.0.1137              
TSC64.exe                                              7.5.0.1137              
Wizard.exe                                             14.0.0.2059             
Wizard_64x.exe                                         14.0.0.2059             

Apex One\PCCSRV\Admin\Utility\ClientPackager\
-------------------------------------------------------------------
CLIENTMSISETUP_MSI                                          *                  
ClnPack.exe                                            14.0.0.2117             
ClnPack.ini                                                 *                  
OfcPfwCommon.dll                                       14.0.0.2059             
tmCfwApi.dll                                           5.83.0.1064             

Apex One\PCCSRV\Admin\Utility\IpXfer\
-------------------------------------------------------------------
IpXfer.exe                                             14.0.0.2059             
IpXfer_x64.exe                                         14.0.0.2059             

Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x64\
-------------------------------------------------------------------
osfExt_iACClient_x64.dll                               3.0.0.3014              
osfExt_iATASClient_x64.dll                             1.7.0.1035              
osfExt_iESClient_x64.dll                               3.0.0.1540              
osfExt_iVPClient_x64.dll                               3.0.0.2033              

Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Client\x86\
-------------------------------------------------------------------
osfExt_iACClient.dll                                   3.0.0.3014              
osfExt_iATASClient.dll                                 1.7.0.1035              
osfExt_iESClient.dll                                   3.0.0.1540              
osfExt_iVPClient.dll                                   3.0.0.2033              

Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iAC\
-------------------------------------------------------------------
osfExt_iACCMAGENT.dll                                  3.0.0.3014              
osfExt_iACMasterService.dll                            3.0.0.3014              

Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iES\
-------------------------------------------------------------------
osfExt_iESCMAGENT.dll                                  3.0.0.1540              
osfExt_iESMasterService.dll                            3.0.0.1540              

Apex One\PCCSRV\Admin\Utility\iServicePackage\OSF_Extension\Server\iVP\
-------------------------------------------------------------------
osfExt_iVPCMAGENT.dll                                  3.0.0.2033              
osfExt_iVPMasterService.dll                            3.0.0.2033              

Apex One\PCCSRV\Admin\Utility\ListDeviceInfo\
-------------------------------------------------------------------
listDeviceInfo.conf.ini                                     *                  
listDeviceInfo.exe                                     6.2.0.1249              

Apex One\PCCSRV\Admin\Utility\MessageQueue\
-------------------------------------------------------------------
libOsceMsmq.dll                                        14.0.0.2117             

Apex One\PCCSRV\Admin\Utility\PolicyExportTool\
-------------------------------------------------------------------
ApexOneSettingsExportTool.exe                          14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
ServerMigrationTool.ex_                                14.0.0.2117             

Apex One\PCCSRV\Admin\Utility\ServerMigrationTool\
-------------------------------------------------------------------
CGIOCommon.dll                                         14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
OfcPfwCommon.dll                                       14.0.0.2059             
ServerMigrationTool.exe                                14.0.0.2117             

Apex One\PCCSRV\Admin\Utility\SQL\
-------------------------------------------------------------------
SqlTxfr.exe                                            14.0.0.2117             

Apex One\PCCSRV\Admin\Utility\TCacheGen\
-------------------------------------------------------------------
TCacheGen.exe                                          14.0.0.2117             
TCacheGen_x64.exe                                      14.0.0.2117             
TCacheGenCli.exe                                       14.0.0.2117             
TCacheGenCli_x64.exe                                   14.0.0.2117             

Apex One\PCCSRV\Admin\Utility\TMVS\
-------------------------------------------------------------------
DatFHS.dll                                             14.0.0.2059             
libeay32.dll                                           1.0.2.20                
loadhttp.dll                                           14.0.0.2059             
ssleay32.dll                                           1.0.2.20                
TMVS.exe                                               14.0.0.2117             

Apex One\PCCSRV\CmAgent\
-------------------------------------------------------------------
CGIResUTF8.dll                                         14.0.0.2117             
DatFHS.dll                                             14.0.0.2059             
En_I18N.dll                                            5.0.0.2363              
En_Utility.dll                                         5.0.0.2363              
libapr-1.dll                                           1.5.2.0                 
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
osfAgent.dll                                           14.0.0.2059             
ProductLibrary.dll                                     14.0.0.2117             
ProductUI.zip                                               *                  
ssleay32.dll                                           1.0.2.20                
TrendAprWrapperDll.dll                                 5.0.0.2363              
zlibwapi.dll                                           1.2.11.1002             

Apex One\PCCSRV\Download\
-------------------------------------------------------------------
ClnPack_files.xml                                           *                  

Apex One\PCCSRV\Download\Engine\
-------------------------------------------------------------------
ATSE32.sig                                                  *                  
atse32.zip                                                  *                  
ATSE64.sig                                                  *                  
atse64.zip                                                  *                  
TMEBC32.sig                                                 *                  
TMEBC32.zip                                                 *                  
TMEBC64.sig                                                 *                  
TMEBC64.zip                                                 *                  
TSC.sig                                                     *                  
TSC.zip                                                     *                  
TSC64.sig                                                   *                  
TSC64.zip                                                   *                  

Apex One\PCCSRV\Download\Product\
-------------------------------------------------------------------
DlpLite.sig                                                 *                  
DlpLite_3rdParty.zip                                   6.2.1307                
DlpLite_3rdParty_x64.zip                               6.2.1307                
DlpLite_Common.zip                                     6.2.1329                
DlpLite_Common_x64.zip                                 6.2.1329                
DlpLite_x64.sig                                             *                  

Apex One\PCCSRV\Engine\
-------------------------------------------------------------------
atse32.dll                                             12.0.0.1008             
ssapi32.dll                                            6.2.1.4035              
TmAegisSysEvt.dll                                      2.98.0.1260             
TmAMSIProvider.dll                                     8.50.0.2071             
TMBMCLI.dll                                            2.98.0.1260             
TMBMSRV.exe                                            2.98.0.1260             
tmCfwApi.dll                                           5.83.0.1064             
tmcomeng.dll                                           2.98.0.1260             
TmEngDrv.dll                                           2.98.0.1260             
tmHash.dll                                             5.83.0.1064             
TMPEM.dll                                              2.98.0.1260             
TmPfw.exe                                              5.83.0.1064             
TmPfwApi.dll                                           5.83.0.1064             
TmPfwRul.dll                                           5.83.0.1064             
TmSysEvt.dll                                           8.50.0.2071             
tmwlutil.dll                                           2.98.0.1260             

Apex One\PCCSRV\Engine\CCSF\TrxHandler\
-------------------------------------------------------------------
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
ssleay32.dll                                           1.0.2.20                
trxhandler.dll                                         1.100.0.1071            

Apex One\PCCSRV\Engine\x64\
-------------------------------------------------------------------
atse64.dll                                             12.0.0.1008             
ssapi64.dll                                            6.2.1.4035              
TmAegisSysEvt.dll                                      2.98.0.1260             
TmAMSIProvider64.dll                                   8.50.0.2071             
TMBMCLI.dll                                            2.98.0.1260             
TMBMSRV.exe                                            2.98.0.1260             
tmCfwApi.dll                                           5.83.0.1064             
tmcomeng.dll                                           2.98.0.1260             
TmEngDrv.dll                                           2.98.0.1260             
tmHash.dll                                             5.83.0.1064             
TMPEM.dll                                              2.98.0.1260             
TmPfw.exe                                              5.83.0.1064             
TmPfwApi.dll                                           5.83.0.1064             
TmPfwRul.dll                                           5.83.0.1064             
TmSysEvt.dll                                           8.50.0.2071             
tmwlutil.dll                                           2.98.0.1260             
TSC64.exe                                              7.5.0.1137              

Apex One\PCCSRV\Engine\x64\CCSF\TrxHandler\
-------------------------------------------------------------------
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
ssleay32.dll                                           1.0.2.20                
trxhandler.dll                                         1.100.0.1071            

Apex One\PCCSRV\OSF_Extension\iAC\
-------------------------------------------------------------------
osfExt_iACCMAGENT.dll                                  3.0.0.3014              
osfExt_iACMasterService.dll                            3.0.0.3014              

Apex One\PCCSRV\OSF_Extension\iES\
-------------------------------------------------------------------
osfExt_iESCMAGENT.dll                                  3.0.0.1540              
osfExt_iESMasterService.dll                            3.0.0.1540              

Apex One\PCCSRV\OSF_Extension\iVP\
-------------------------------------------------------------------
osfExt_iVPCMAGENT.dll                                  3.0.0.2033              
osfExt_iVPMasterService.dll                            3.0.0.2033              

Apex One\PCCSRV\Pccnt\
-------------------------------------------------------------------
ClientConsole.zip                                           *                  
NTRtScan.exe                                           14.0.0.2059             

Apex One\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
CCSF_WIN32.zip                                              *                  
CompRmv.exe                                            14.0.0.2059             
DatFHS.dll                                             14.0.0.2059             
fcWofieUI.dll                                          14.0.0.2059             
ICRCHdler.dll                                          2.83.0.1021             
libCNTTmPollingModule.dll                              14.0.0.2059             
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
loadhttp.dll                                           14.0.0.2059             
NTRmv.exe                                              14.0.0.2059             
ofc_loadhttp.dll                                       14.0.0.2059             
OfcCCCAUpdate.exe                                      14.0.0.2059             
OfcPfwCommon.dll                                       14.0.0.2059             
OfcPfwSvc.dll                                          14.0.0.2059             
OfcPIPC.dll                                            14.0.0.2059             
osfAgent.dll                                           14.0.0.2059             
osfExt_iACClient.dll                                   3.0.0.3014              
osfExt_iATASClient.dll                                 1.7.0.1035              
osfExt_iESClient.dll                                   3.0.0.1540              
osfExt_iVPClient.dll                                   3.0.0.2033              
PccNT.exe                                              14.0.0.2059             
PccNTMon.exe                                           14.0.0.2059             
ssleay32.dll                                           1.0.2.20                
tmCfwApi.dll                                           5.83.0.1064             
tmeectv.dll                                            3.5.0.1017              
tmeesent.dll                                           3.5.0.1017              
TmFpHcEx.exe                                           5.83.0.1064             
tmHash.dll                                             5.83.0.1064             
TmListen.exe                                           14.0.0.2059             
TmListenShare.dll                                      14.0.0.2059             
TmopCfg.dll                                            3.7.0.1134              
Tmopcfscan.dll                                         3.7.0.1134              
TmopCtl.dll                                            3.7.0.1134              
TmopDbg.dll                                            3.7.0.1134              
TmoppeCertPin.dll                                      3.7.0.1134              
TmoppeEvts.dll                                         3.7.0.1134              
TmoppeHosF.dll                                         3.7.0.1134              
TmoppePDP.dll                                          3.7.0.1134              
TmoppeSAL.dll                                          3.7.0.1134              
TmoppeSsF.dll                                          3.7.0.1134              
TmoppeUrlF.dll                                         3.7.0.1134              
TmoppeVS.dll                                           3.7.0.1134              
TmopphDns.dll                                          3.7.0.1134              
TmopphHttp.dll                                         3.7.0.1134              
TmopphHttp2.dll                                        3.7.0.1134              
TmopphPop3.dll                                         3.7.0.1134              
TmopphSmtp.dll                                         3.7.0.1134              
TmopphSocks.dll                                        3.7.0.1134              
TmopphSvrHello.dll                                     3.7.0.1134              
TmopPlgAdp.dll                                         3.7.0.1134              
Tmopsent.dll                                           3.7.0.1134              
TmopsmHttp.dll                                         3.7.0.1134              
TmopsmMail.dll                                         3.7.0.1134              
TmopsmProxy.dll                                        3.7.0.1134              
TmopsmSvrHello.dll                                     3.7.0.1134              
TmPac.dll                                              14.0.0.2059             
TmPfw.exe                                              5.83.0.1064             
TmPfwApi.dll                                           5.83.0.1064             
TmPfwCtl.dll                                           5.83.0.1064             
TmPfwCtl_xp.dll                                        5.83.0.1064             
TmPfwRul.dll                                           5.83.0.1064             
TmSock.dll                                             14.0.0.2059             
TmSSClient.exe                                         14.0.0.2059             
tmufeng.dll                                            3.91.0.1021             
TmWatchdog.dll                                         14.0.0.2059             
TmWatchdog.exe                                         14.0.0.2059             
tmwfpapi.dll                                           5.83.0.1064             
Upgrade.exe                                            14.0.0.2059             
WofieLauncher.exe                                      14.0.0.2059             

Apex One\PCCSRV\Pccnt\Drv\
-------------------------------------------------------------------
tmactmon.cat                                                *                  
tmactmon.inf                                                *                  
tmactmon.sys                                           2.98.0.1203             
tmcomm.cat                                                  *                  
tmcomm.inf                                                  *                  
tmcomm.sys                                             8.20.0.1030             
tmebc.cat                                                   *                  
TMEBC.inf                                                   *                  
TMEBC32.sys                                            1.5.0.1045              
tmeevw.cat                                                  *                  
tmeevw.inf                                                  *                  
tmeevw.sys                                             3.5.0.1017              
tmevtmgr.cat                                                *                  
tmevtmgr.inf                                                *                  
tmevtmgr.sys                                           2.98.0.1203             
tmlwf.cat                                                   *                  
tmlwf.inf                                                   *                  
TMLWF.sys                                              5.83.0.1063             
tmlwfins.exe                                           5.83.0.1063             
tmwfp.cat                                                   *                  
tmwfp.inf                                                   *                  
TMWFP.sys                                              5.83.0.1063             
tmwfpins.exe                                           5.83.0.1063             

Apex One\PCCSRV\Pccnt\Drv\X64\
-------------------------------------------------------------------
tmactmon.cat                                                *                  
tmactmon.inf                                                *                  
tmactmon.sys                                           2.98.0.1203             
tmcomm.cat                                                  *                  
tmcomm.inf                                                  *                  
tmcomm.sys                                             8.20.0.1030             
tmebc.cat                                                   *                  
TMEBC.inf                                                   *                  
TMEBC64.sys                                            1.5.0.1045              
tmeevw.cat                                                  *                  
tmeevw.inf                                                  *                  
tmeevw.sys                                             3.5.0.1017              
tmevtmgr.cat                                                *                  
tmevtmgr.inf                                                *                  
tmevtmgr.sys                                           2.98.0.1203             
tmlwf.cat                                                   *                  
tmlwf.inf                                                   *                  
TMLWF.sys                                              5.83.0.1063             
tmlwfins.exe                                           5.83.0.1063             
tmwfp.cat                                                   *                  
tmwfp.inf                                                   *                  
TMWFP.sys                                              5.83.0.1063             
tmwfpins.exe                                           5.83.0.1063             

Apex One\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
CCSF_X64.zip                                                *                  
CompRmv.exe                                            14.0.0.2059             
DatFHS.dll                                             14.0.0.2059             
fcWofieUI.dll                                          14.0.0.2059             
ICRCHdler.dll                                          2.83.0.1021             
InstReg.exe                                            14.0.0.2059             
libCNTTmPollingModule_64x.dll                          14.0.0.2059             
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
loadhttp_64x.dll                                       14.0.0.2059             
NTRmv.exe                                              14.0.0.2059             
Ntrtscan.exe                                           14.0.0.2059             
ofc_loadhttp_64x.dll                                   14.0.0.2059             
OfcCCCAUpdate.exe                                      14.0.0.2059             
OfcPfwCommon_64x.dll                                   14.0.0.2059             
OfcPfwSvc_64x.dll                                      14.0.0.2059             
OfcPIPC_64x.dll                                        14.0.0.2059             
osfagent_64x.dll                                       14.0.0.2059             
osfExt_iACClient_x64.dll                               3.0.0.3014              
osfExt_iATASClient_x64.dll                             1.7.0.1035              
osfExt_iESClient_x64.dll                               3.0.0.1540              
osfExt_iVPClient_x64.dll                               3.0.0.2033              
PccNT.exe                                              14.0.0.2059             
PccNTMon.exe                                           14.0.0.2059             
ssleay32.dll                                           1.0.2.20                
tmCfwApi.dll                                           5.83.0.1064             
tmeectv.dll                                            3.5.0.1017              
tmeesent.dll                                           3.5.0.1017              
TmFpHcEx.exe                                           5.83.0.1064             
tmHash.dll                                             5.83.0.1064             
TmListen.exe                                           14.0.0.2059             
TmListenShare_64x.dll                                  14.0.0.2059             
TmopCfg.dll                                            3.7.0.1134              
Tmopcfscan.dll                                         3.7.0.1134              
TmopCtl.dll                                            3.7.0.1134              
TmopDbg.dll                                            3.7.0.1134              
TmoppeCertPin.dll                                      3.7.0.1134              
TmoppeEvts.dll                                         3.7.0.1134              
TmoppeHosF.dll                                         3.7.0.1134              
TmoppePDP.dll                                          3.7.0.1134              
TmoppeSAL.dll                                          3.7.0.1134              
TmoppeSsF.dll                                          3.7.0.1134              
TmoppeUrlF.dll                                         3.7.0.1134              
TmoppeVS.dll                                           3.7.0.1134              
TmopphDns.dll                                          3.7.0.1134              
TmopphHttp.dll                                         3.7.0.1134              
TmopphHttp2.dll                                        3.7.0.1134              
TmopphPop3.dll                                         3.7.0.1134              
TmopphSmtp.dll                                         3.7.0.1134              
TmopphSocks.dll                                        3.7.0.1134              
TmopphSvrHello.dll                                     3.7.0.1134              
TmopPlgAdp.dll                                         3.7.0.1134              
Tmopsent.dll                                           3.7.0.1134              
TmopsmHttp.dll                                         3.7.0.1134              
TmopsmMail.dll                                         3.7.0.1134              
TmopsmProxy.dll                                        3.7.0.1134              
TmopsmSvrHello.dll                                     3.7.0.1134              
TmPac_64x.dll                                          14.0.0.2059             
TmPfw.exe                                              5.83.0.1064             
TmPfwApi.dll                                           5.83.0.1064             
TmPfwCtl.dll                                           5.83.0.1064             
TmPfwCtl_xp.dll                                        5.83.0.1064             
TmPfwRul.dll                                           5.83.0.1064             
TmSock_64x.dll                                         14.0.0.2059             
TmSSClient.exe                                         14.0.0.2059             
tmufeng.dll                                            3.91.0.1021             
TmWatchdog.dll                                         14.0.0.2059             
TmWatchdog.exe                                         14.0.0.2059             
tmwfpapi.dll                                           5.83.0.1064             
Upgrade.exe                                            14.0.0.2059             
WofieLauncher.exe                                      14.0.0.2059             

Apex One\PCCSRV\Private\
-------------------------------------------------------------------
DlpClc.xml                                                  *                  

Apex One\PCCSRV\Private\certificate\
-------------------------------------------------------------------
libeay32.dll                                           1.0.2.20                
openssl.exe                                                 *                  
ssleay32.dll                                           1.0.2.20                

Apex One\PCCSRV\Web\Service\
-------------------------------------------------------------------
atse32.dll                                             12.0.0.1008             
Build.exe                                              2.86.0.2088             
CGIOCommon.dll                                         14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
CmdHOConsole.dll                                       14.0.0.2117             
DatFHS.dll                                             14.0.0.2059             
DbServer.exe                                           14.0.0.2117             
libCmdHndlrClientV2.dll                                14.0.0.2117             
libCmdHndlrConsoleV2.dll                               14.0.0.2117             
libCmdHndlrSA.dll                                      14.0.0.2117             
libcurl.dll                                            7.66.0.0                
libcurl_ofc.dll                                        7.66.0.0                
libeay32.dll                                           1.0.2.20                
libLogHandler.dll                                      14.0.0.2117             
libOsceMsmq.dll                                        14.0.0.2117             
libOSFSvcClient.dll                                    14.0.0.2117             
loadhttp.dll                                           14.0.0.2059             
LogCache.dll                                           14.0.0.2117             
ofc_loadhttp.dll                                       14.0.0.2059             
OfcCCCAUpdate.exe                                      14.0.0.2059             
OfcDBBackup.exe                                        14.0.0.2117             
OfcDownload.dll                                        14.0.0.2117             
OfcHotFix.exe                                          14.0.0.2117             
OfcNotifyQueue.dll                                     14.0.0.2117             
OfcPfwCommon.dll                                       14.0.0.2059             
OfcPurgeLog.dll                                        14.0.0.2117             
OfcService.exe                                         14.0.0.2117             
osfAgent.dll                                           14.0.0.2059             
patch.exe                                              2.86.0.2088             
ssleay32.dll                                           1.0.2.20                
TmUpdate.dll                                           2.86.0.2088             
VerConn.exe                                            14.0.0.2117             

Apex One\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
cgiLog.exe                                             14.0.0.2117             
CGIOCommon.dll                                         14.0.0.2117             
cgiRecvFile.exe                                        14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
isapiClient.dll                                        14.0.0.2117             
isapiClientx64.dll                                     14.0.0.2117             
isapiClientX86.dll                                     14.0.0.2117             
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
loadhttp.dll                                           14.0.0.2059             
OfcPfwCommon.dll                                       14.0.0.2059             
ssleay32.dll                                           1.0.2.20                
SSO_PKIHelper.dll                                      5.0.0.2363              

Apex One\PCCSRV\Web_OSCE\Web_Console\CGI\
-------------------------------------------------------------------
cgiAuthManagement.exe                                  14.0.0.2117             
cgiCmdNotify.exe                                       5.0.0.2363              
CGIOCommon.dll                                         14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
cgiShowActiveDirectory.exe                             14.0.0.2117             
cgiShowAoS.exe                                         2.5.0.3005              
cgiShowClientAdm.exe                                   14.0.0.2117             
cgiShowComplianceReport.exe                            14.0.0.2117             
cgiShowLogs.exe                                        14.0.0.2117             
fcgiOfcDDA.exe                                         14.0.0.2117             
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
loadhttp.dll                                           14.0.0.2059             
OfcPfwCommon.dll                                       14.0.0.2059             
ssleay32.dll                                           1.0.2.20                
SSO_PKIHelper.dll                                      5.0.0.2363              
tmCfwApi.dll                                           5.83.0.1064             
TmUpdate.dll                                           2.86.0.2088             
TrendAprWrapperDll.dll                                 5.0.0.2363              

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\ad_integration\
-------------------------------------------------------------------
ad_integration.htm                                          *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\Auth\
-------------------------------------------------------------------
admin_account_info.htm                                      *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\behavior_monitoring\
-------------------------------------------------------------------
bm_settings.htm                                             *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\
-------------------------------------------------------------------
client_list_2.htm                                           *                  
client_move.htm                                             *                  
client_ofsc_services.htm                                    *                  
client_searchwindow.htm                                     *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\
-------------------------------------------------------------------
ln_common.js                                                *                  
ln_logs.js                                                  *                  
trend-ui-opt_list.js                                        *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\css\
-------------------------------------------------------------------
l10n-style.css                                              *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\l10n\
-------------------------------------------------------------------
l10n.behavior_monitoring.js                                 *                  
l10n.clientmag.js                                           *                  
l10n.logs.js                                                *                  
l10n.vdi.js                                                 *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\common\util\
-------------------------------------------------------------------
common.js                                                   *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\
-------------------------------------------------------------------
installing_computers.htm                                    *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\dlp\
-------------------------------------------------------------------
dlp_Entities_addedit.htm                                    *                  
dlp_settings.htm                                            *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\logs\
-------------------------------------------------------------------
log_maintenance.htm                                         *                  
logs_ccca.htm                                               *                  
logs_pfw.htm                                                *                  
logs_pfw_view.htm                                           *                  
logs_spyware.htm                                            *                  
logs_WebSecurity.htm                                        *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\root\
-------------------------------------------------------------------
turn_debug_onoff.htm                                        *                  

Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\summary\
-------------------------------------------------------------------
summary_top10_osce.htm                                      *                  

Apex One\PCCSRV\Web_OSCE\Web_console\HTML\tools\
-------------------------------------------------------------------
tools_admin_clients.htm                                     *                  

Apex One\PCCSRV\WEB_OSCE\Web_Console\HTML\update\
-------------------------------------------------------------------
client_deployment_automatic.htm                             *                  

Apex One\PCCSRV\Web_OSCE\Web_Console\RemoteInstallCGI\
-------------------------------------------------------------------
CGIOCommon.dll                                         14.0.0.2117             
cgiRemoteInstall.exe                                   14.0.0.2117             
CGIResUTF8.dll                                         14.0.0.2117             
libcurl.dll                                            7.66.0.0                
libeay32.dll                                           1.0.2.20                
loadhttp.dll                                           14.0.0.2059             
SetupMan.dll                                           14.0.0.2117             
Wizard.exe                                             14.0.0.2059             
Wizard_64x.exe                                         14.0.0.2059             

Apex One\PCCSRV\Download\Product\iService\
-------------------------------------------------------------------
hfx_iAC.zip                                                 *                  
hfx_iAC_x64.zip                                             *                  
instupg_iAC.zip                                             *                  
instupg_iAC_x64.zip                                         *                  
hfx_iATAS.zip                                               *                  
hfx_iATAS_x64.zip                                           *                  
instupg_iATAS.zip                                           *                  
instupg_iATAS_x64.zip                                       *                  
instupg_iES.zip                                             *                  
instupg_iES_x64.zip                                         *                  
hfx_iVP.zip                                                 *                  
hfx_iVP_x64.zip                                             *                  
instupg_iVP.zip                                             *                  
instupg_iVP_x64.zip                                         *                  
iServiceInst.ini                                            *                  
iServiceUpd.ini                                             *                  


B. Network Traffic Required in Deployment
-------------------------------------------------------------------
   Estimated size (in terms of bandwidth) of deployed agent files 
   in this critical patch.
   - 32-bit agent total = 226.3 MB
   - 64-bit agent total = 287.5 MB

                        

2. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

  • Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.

To access the Online Help, go to http://docs.trendmicro.com

  • Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
  • Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
  • Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
  • Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
  • To access the Support Portal, go to http://esupport.trendmicro.com

3. System Requirements

1. Trend Micro Apex One™ Build 1062 - English - Windows - x32-x64

4. Installation/Uninstallation

Installing

To install:

  1. Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
  2. Double-click the file. The modules are automatically copied to the correct destination.

This Critical Patch installation package automatically rolls back the Apex One server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.

Uninstalling

To manually roll back to the previous build:

  1. Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\Critical Patch_B2117" directory.
  2. Stop the Apex One Master Service.
  3. Stop the Apex One Apex Central Agent Service.
  4. Copy the backup modules to the original folders.
  5. Start the Apex One Apex Central Agent Service.
  6. Start the Apex One Master Service.

5. Post-installation Configuration

No post-installation steps are required.

NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.

6. Known Issues

There are no known issues for this Critical Patch release.

7. Release History

Prior Hotfixes


Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.

Issue 1 of Critical Patch 1101

(VRTS-3171)

A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.

Solution:

This critical patch updates the Apex One server program to remove the vulnerability.

Issue 1 of Hotfix 1116

(SEG-50319)

Changes in the Google API prevents Data Loss Prevention(TM) (DLP) from detecting sensitive information sent through Gmail in Google Chrome 73.

Solution:

This hotfix resolves the issue by enabling the DLP module to support the "Http/Https" and "Open file dialog" functionality in Google Chrome 73.

Issue 2 of Hotfix 1116

(SEG-49467)

The tmlisten service stops unexpectedly when users add an NIC description in the Personal Firewall (PFW) profile and deploy the profile to agents.

Solution:

This hotfix updates the Apex One Security Agent program to resolve the issue.

Issue 3 of Hotfix 1116

(SEG-49381)

The Smart Scan Pattern of File Reputation Services occupies a large amount of disk space on the Apex One server.

Solution:

This hotfix updates the Apex One server program to resolve this issue.

Issue 4 of Hotfix 1116

(SEG-48555)

When users install Apex One and use a domain account to connect to the database, the installation will not be able to create a database and iES will not be installed successfully.

Solution:

This hotfix updates the impersonate method to solve this issue.

Issue 5 of Hotfix 1116

(SEG-49534)

When the Apex One environment runs an sqlpackage older that 2016 or one that contains both x86 and x64 versions of version 2016, iES will not be able to create the database because of an incompatible sqlpackage version.

Solution:

This hotfix resolves the issue by enabling the installer to prioritize the x64 version of the sqlpackage during installation.

Issue 6 of Hotfix 1116

(SEG-50727)

When a user starts a Security Agent outside the corporate network, the Security Agent does not communicate on Online status to the Edge Relay Server.

Solution:

This hotfix updates Security Agent program to send an Online status to the Edge Relay Server as soon as the Security Agent program starts.

Issue 7 of Hotfix 1116

(SEG-51198)

The Apex One Application Control lockdown feature does not work after users switch to a different user account.

Solution:

This hotfix ensures that the feature works normally.

Enhancement 1 of Hotfix 1116

(SEG-50399)

This hotfix updates the DLP template to reduce the performance impact of Apex One.

Issue 1 of Critical Patch 1132

(SEG-45353)

The Security Agent program may become corrupted when users install it from the MSI installation package (Windows Installer) using the wrong command in the command line.

Solution:

This critical patch enables the Apex One security agent installation to abort the MSI installation process if it encounters an unexpected command.

Issue 2 of Critical Patch 1132

(SEG-49936), (SEG-49847)

An issue related to the Microsoft(TM) Excel(TM) files with macro content cannot be saved to a network shared folder from an endpoint, some Microsoft Excel temp files cannot be deleted after trying to save the files.

Solution:

This critical patch updates the Apex One security agent program to resolve this issue.

Enhancement 1 of Critical Patch 1132

(SEG-50774)

This critical patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1903) May 2019 Update.

Issue 1 of Hotfix 1141

(VRTS-3389)

An unquoted service path enumeration vulnerability may allow an attacker administrator privileges to the Apex One security agent service.

Solution:

This hotfix updates the Apex One security agent program to remove the vulnerability.

Issue 2 of Hotfix 1141

(SEG-53931)

Coexisting Apex One security agents cannot set the server information of the Smart Protection Service Proxy correctly. When this happens, the coexisting agents do not send query requests through the Smart Protection Service proxy but directly to the Trend Micro Smart Protection Network instead. This may cause a connection issue if the agents cannot connect to the Internet.

Solution:

This hotfix updates the Apex One security agent program to resolve the issue.

Issue 3 of Hotfix 1141

(SEG-52575)

The installation status on the "Agent Installation Progress" page of the Apex One web console is inaccurate.

Solution:

This hotfix updates the Apex One server program to resolve this issue.

Issue 4 of Hotfix 1141

(SEG-52409)

A specific keyword triggers the DLP template that does not have any criteria specified.

Solution:

This hotfix updates the DLP template to resolve this issue.

Issue 5 of Hotfix 1141

(SEG-50435)

The Connection Status (Online/Offline) of an agent on the web console changes each time a user logs on or off from the client computer.

Solution:

This hotfix updates the Apex One agent program to resolve the issue.

Issue 6 of Hotfix 1141

(SEG-52048)

Attempting to restart or stop the WMI service (winmgmt) is unsuccessful on endpoints with the Security Agent installed. The tmlisten service of the Security Agent has a dependency with the WMI service.

Solution:

This hotfix updates the Security Agent program to remove the WMI service dependency.

Issue 7 of Hotfix 1141

(SEG-52302)

When the Apex One server registers to the Apex Central server, the Apex One Master Service may stop unexpectedly because of an empty private key.

Solution:

This hotfix updates the Apex One server program to ensure that it can handle an empty public/private key.

Issue 8 of Hotfix 1141

(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)

An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.

Solution:

This hotfix helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.

Issue 9 of Hotfix 1141

(SEG-49807)

Users cannot export the Application Control criteria in Microsoft(TM) Internet Explorer(TM) or the Edge web browser.

Solution:

This hotfix updates the Apex Central files to resolve this issue.

Issue 10 of Hotfix 1141

(SEG-53729)

When the "Do not allow users to access the Security Agent console from the system tray or Windows Start menu setting" option is enabled on the Apex One web console, the Apex One Security Agent console cannot be accessed while "PccNT.exe" is running.

Solution:

This hotfix updates a parameter in "wofielauncher.exe" to resolve the issue.

Issue 11 of Hotfix 1141

(SEG-54390)

The Vulnerability Protection server service start up fails on platforms that disable Transport Layer Security (TLS) 1.0.

Solution:

This hotfix updates the Vulnerability Protection server to prevent the TLS version issue.

Issue 12 of Hotfix 1141

(SEG-51211)

Vulnerability Protection causes unusual CPU usage on some workstations and servers.

Solution:

This hotfix modifies the Vulnerability Protection service to prevent unusual CPU usage.

Enhancement 1 of Hotfix 1141

(VRTS-3314)

This hotfix adds a dynamic share key for Apex One security agents in the encryption and decryption algorithm.

Enhancement 2 of Hotfix 1141

(SEG-51005)

This hotfix adds new Regular Expressions to the Trend Micro Data Loss Prevention(TM) (DLP) Data Identifiers.

Enhancement 3 of Hotfix 1141

(SEG-47568)

This hotfix updates the Apex Central files to display more information about the Application Control violation log entries.

NOTE: This feature requires the installation of Apex Central hotfix 3919 or above.

Issue 1 of Hotfix 1148

(SEG-53904)

Security Agents with the Behavior Monitoring program inspection feature enabled may cause Adobe Acrobat/Reader to stop unexpectedly.

Solution:

This hotfix updates the program inspection feature to resolve this issue.

Issue 2 of Hotfix 1148

(SEG-52740)

When users attempt to configure the Device Control settings on an Apex One Security Agent by deploying a policy from the Apex Central web console, the Device Control settings cannot be applied on the agent if Data Loss Prevention(TM) (DLP) is not enabled on the agent.

Solution:

This hotfix updates the Apex One server program to resolve this issue.

Issue 3 of Hotfix 1148

(SEG-52269)

If the activation (AC) key is deployed after its expiration date has been extended, the ES service will still receive the original expiration date.

Solution:

This hotfix ensures that the ES service will receive the AC key's new expiration date.

Issue 4 of Hotfix 1148

(SEG-54380)

The Endpoint Sensor may purge the Root Cause Analysis results by mistake when Apex Central is managing more than one Apex One server.

Solution:

This hotfix resolves the issue.

Issue 5 of Hotfix 1148

(SEG-52034)

In rare instances, the Endpoint Sensor may receive the investigation results from an agent at the same time that the same agent is being uninstalled. When this happens, the Endpoint Sensor may not be able to send all the results back to TIC.

Solution:

This hotfix prevents this issue.

Issue 6 of Hotfix 1148

(SEG-49402), (SEG-53432)

An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.

Solution:

This hotfix prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.

Issue 1 of Hotfix 1151

(SEG-52560)

There is a typographical error in the "Type the full program path" hint on the "Behavior Monitoring Settings" page of the Apex One web console.

Solution:

This hotfix updates the Apex One server files to correct the error.

Issue 2 of Hotfix 1151

(SEG-48859)

An issue causes Apex One security agent remote installation to fail.

Solution:

This hotfix updates the Apex One server program to resolve this issue.

Issue 1 of Hotfix 1155

(SEG-52978)

An issue prevents the Data Loss Prevention(TM) (DLP) license from being deployed from Apex Central to Apex One.

Solution:

This hotfix adds support for the DLP AC key type to solve this issue.

Issue 2 of Hotfix 1155

(SEG-53295), (SEG-55029)

An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.

Solution:

This hotfix resolves the error so ATAS can start normally.

Issue 3 of Hotfix 1155

(SEG-53958)

The operating system may stop responding when users switch both the Scan Engine (VSAPI) and the Endpoint Sensor to debug mode at the same time using the Case Diagnostic Tool (CDT).

Solution:

This hotfix resolves the issue by ensuring that CDT works normally when both VSAPI and Endpoint Sensor are enabled.

Issue 1 of Hotfix 1161

(SEG-40590)

An Apex One agent that runs on Windows 7 and automatically detects proxy settings will not be able to connect to the Apex One server.

Solution:

This hotfix resolves the issue by updating the Apex One agent program to ensure that it can retrieve the correct proxy configuration.

Issue 2 of Hotfix 1161

(SEG-53180), (SEG-56186)

When the agents call "cgiOnScan.exe" and fails, the system keeps resending the request without waiting. This issue generates lots of records in the IIS log.

Solution:

This hotfix updates the Apex One agent program to wait for few seconds before retrying.

Enhancement 1 of Hotfix 1161

(SEG-53304)

This hotfix enables Apex One to send "Dropped" and "Accepted" action results in firewall violation logs to Apex Central. This ensures that both action results display normally on Apex Central instead of being displayed as "unknown".

Issue 1 of Critical Patch 2012

(SEG-55009)

TmListen stops unexpectedly when the Apex One agent queries Suspicious Object (SO) information that contains a null notify setting.

Solution:

This critical patch updates Apex One agent program to resolve the issue.

Issue 2 of Critical Patch 2012

(SEG-53351), (SEG-55781)

On the 64-bit Microsoft (TM) Windows (TM) 10 platform, an error occurs while running a 64-bit debug script in Microsoft Visual Studio 2017.

Solution:

This critical patch updates the Behavior Monitoring Module to prevent the error.

Issue 3 of Critical Patch 2012

(SEG-54736)

The Apex One server may not be able to register to the Apex Central server if the TLS 1.2 protocol is enabled on Apex One servers only.

Solution:

This critical patch updates the Apex One server program to resolve this issue.

Procedure:

To apply the solution:

  1. Install this critical patch (see "Installation").
  2. Open the "Agent.ini" file in the "\PCCSRV\CmAgent\" folder on the Apex One server installation directory using a text editor.
  3. Under the "Network" section, manually modify the value of the following key.
  • [Network]
  • SSL_Cipher_List=ECDHE-RSA-AES256-GCM-SHA384
  1. Save the changes and close the file.
  2. Unregister from the Apex Central server.
  3. Register the Apex Central again.

Issue 4 of Critical Patch 2012

(SEG-52386)

The Apex One server tool "IpXfer.exe" cannot run properly when the Apex One Security Agent is offline.

Solution:

This critical patch updates Apex One server tools to resolve this issue.

Issue 5 of Critical Patch 2012

(SEG-54240)

The Apex One server updates the timestamp of the Last Spyware Scan (Manual) according to the last connection establishment time.

Solution:

This critical patch updates the Apex One server program to ensure that the last Spyware Scan (Manual) time is updated accurately.

Issue 6 of Critical Patch 2012

(SEG-54167)

When users create a "Setup" installer package for the Apex One security agent using Agent Packager, the Vulnerability Protection and Application Control agent installers are not included by default.

Solution:

This critical patch updates the Apex One server program to ensure that the Agent Packager includes both installers in the Apex One security agent "Setup" installer package.

Issue 7 of Critical Patch 2012

(SEG-56087)

The digital signature of some DLP files are expired.

Solution:

This critical patch updates the DLP module to update the digital signatures.

Issue 8 of Critical Patch 2012

(SEG-52955)

The DLP module does not work on the Microsoft Edge web browser.

Solution:

This critical patch updates the DLP module to resolve this issue.

Procedure:

To enable Apex One security agents to block sensitive information on the Edge web browser.

  1. Install this critical patch (see "Installation").
  2. Open the "dlp.ini" file in the "\PCCSRV\Private\" folder on the Apex One server.
  3. Under the "Configure" section, manually add the following key and value.
  • [Configure]
  • ENABLE_DYNAMIC_CODE_POLICY=true
  1. Save the changes and close the file.
  2. Open the Apex One web console and click "Agents > Agent Management > Select domains or agents > Settings > DLP settings".
  3. Click "Save" to deploy the settings to agents. The Apex One server deploys the settings to Apex One agents and adds the following key in the "dsa.pro" file in the "\Windows\System32\dgagent\" folder:
  • enable_dynamic_code_policy=true

Issue 9 of Critical Patch 2012

(SEG-57250), (SEG-57429)

Users cannot expand the domains or add spyware/greyware detections into the approve list on the Apex One server web console.

Solution:

This critical patch updates the Apex One server files to resolve this issue.

Issue 10 of Critical Patch 2012

(SEG-55399)

Duplicate Apex One agents appear in the Microsoft Windows Startup console.

Solution:

This critical patch updates the Apex One server programs to resolve this issue.

Issue 11 of Critical Patch 2012

(SEG-56828)

When the trust permission of the Application Control Criteria is set to "Inheritable execution rights", the criteria information remains on the Apex One Security Agent database after users remove the criteria from the policy setting.

Solution:

This critical patch ensures that the criteria information can be removed normally from Apex One Security Agents.

Issue 12 of Critical Patch 2012

(SEG-57659)

In rare situations, the Apex One Vulnerability Protection program uses up a huge amount of memory when processing a large number of Intrusion Prevention logs.

Solution:

This critical patch prevents the high memory usage issue when the Apex One Vulnerability Protection program processes a large number of Intrusion Prevention logs.

Issue 13 of Critical Patch 2012

(SEG-57454)

The Apex One server does not send the policy information to Apex Central after deploying a policy.

Solution:

This issue updates the Apex One server program to resolve this issue.

Issue 14 of Critical Patch 2012

(SEG-53295), (SEG-55029)

An access denied error related to a certain component prevents the Trend Micro Advanced Threat Assessment Service (ATAS) from starting successfully.

Solution:

This critical patch resolves the error so ATAS can start normally.

Issue 15 of Critical Patch 2012

(SEG-49402), (SEG-53432)

An issue related to the Microsoft(TM) Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.

Solution:

This critical patch prevents the Apex One Endpoint Sensor Advanced Threat Assessment Service compatibility issue with the Microsoft Monitoring Agent.

Issue 16 of Critical Patch 2012

(SEG-50705), (SEG-52219), (SEG-51452), (SEG-51849)

An "Error ID: 420" occurs while the Apex One Endpoint Sensor policy is deployed and the "Unable to get the registered server list. There are no registered servers." error appears on the Apex Central "Preliminary Investigation" page.

Solution:

This critical patch helps prevent the Apex One Endpoint Sensor Advanced Threat Assessment Service from being corrupted when Endpoint Sensor is installed using Trend Micro Apex One Installer Maintenance Mode.

Issue 17 of Critical Patch 2012

(SEG-57949), (SEG-53820)

The Trend Micro Vulnerability Protection Service cannot start while processing a specific certificate.

Solution:

This critical patch updates the Apex One Vulnerability Protection server to prevent the certificate processing error.

Enhancement 1 of Critical Patch 2012

(SEG-56264)

This critical patch updates some Apex One files to detect inconsistent certifications from the Microsoft Management Console certificate store. If it detects an inconsistency, Apex One will automatically recover the authentication file (OfcIPCer.dat) from the Microsoft Management Console certificate store on the Apex One server.

Issue 1 of Hotfix 2014

(SEG-55353)

During license key deployment, Endpoint Sensor may not be able to receive the product key and storage key properties.

Solution:

This hotfix improves the Apex One server's key deployment mechanism to solve this issue.

Issue 2 of Hotfix 2014

(SEG-55841), (SEG-57122)

Some Security Agents may be unable to retrieve new policy settings from the Apex Central server.

Solution:

This hotfix purges old policy records from the policy tracking table to fix this issue.

Issue 3 of Hotfix 2014

(SEG-57410)

The Endpoint Sensor on Apex One agents may not be able to calculate the hash value of a specific process which can prevent the terminate process function from terminating the process.

Solution:

This hotfix updates the Endpoint Sensor hash calculation mechanism to resolve this issue.

Enhancement 1 of Hotfix 2014

(SEG-53875)

The Endpoint Sensor feature has been enhanced to only monitor and record memory "Read" events for the lsaas.exe process. All other "Read" events are ignored. In addition, a cache has been implemented for processes that open the memory "Write" event to avoid recording duplicated events that may cause a resource issue on the endpoint.

Issue 1 of Hotfix 2021

(VRTS-3537)

The "Active Directory Integration" page may expose the credential key when the page is opened with developer tools on a web browser.

Solution:

This hotfix updates the Apex One server program to remove the vulnerability.

Issue 2 of Hotfix 2021

(SEG-56341), (SEG-57814)

When the Trend Micro Data Loss Prevention(TM) (DLP) service is enabled on Apex One security agent computers, Google Chrome version 75 and higher versions may stop unexpectedly while accessing certain URLs.

Solution:

This hotfix updates the DLP module to resolve this issue.

Issue 3 of Hotfix 2021

(SEG-56100)

On the web console, "Advanced Search" from "Agents > Agent Management" page yields inaccurate results when the "Restart Required" is enabled and both "Update" and "Cleanup" options are selected.

Solution:

This hotfix updates the Apex One server program to resolve the problem.

Issue 4 of Hotfix 2021

(SEG-57258)

In Microsoft(TM) Windows(TM) 10, the new system process "MemCompression" may incorrectly trigger a false detection for violating the Device Access Control (DAC) policies.

Solution:

This hotfix updates the DAC policies to prevent the false alarms.

Issue 5 of Hotfix 2021

(SEG-58435)

Users are able to change to a password that contains German Umlaut characters but will not be allowed to log in to the web console after the change. The pop-up error message is not triggered that prevents from saving invalid password.

Solution:

This hotfix updates the server program to ensure that the corresponding pop-up error message that prevents users from saving invalid passwords is triggered correctly.

Issue 6 of Hotfix 2021

When users deploy an agent policy to enable or disable the Endpoint Sensor feature while registering or unregistering from the TIC at the same time, the policy deployment will fail.

Solution:

This hotfix updates the policy deployment mechanism to solve the policy conflict issue.

Issue 7 of Hotfix 2021

(SEG-58818)

After a hotfix is applied, the pattern version and last update time of "Certified Safe Software pattern" are reset to "0", and as a result, the wrong pattern information appears on the Apex Central dashboard.

Solution:

This hotfix updates the Apex One server files to resolve this issue.

Enhancement 1 of Hotfix 2021

This hotfix integrates an Antimalware Scan Interface (AMSI) for suspicious PowerShell detection to the Endpoint Sensor.

Issue 1 of Hotfix 2022

(SEG-54758)

The device control function does not work if the policy is deployed for a specific user and the username contains Hebrew characters.

Solution:

This hotfix updates Apex One security agent program to resolve the issue.

Issue 2 of Hotfix 2022

(SEG-57436)

The Smart Scan Service may behave abnormally on Apex One Security Agents when multiple proxy servers have been configured for each protocol (HTTP, Secure, FTP, Socks) in the Microsoft(TM) Internet Explorer(TM).

Solution:

This hotfix updates the Apex One Security Agent program to ensure that the Smart Scan Service works normally when multiple proxy servers are configured for Internet Explorer.

Issue 3 of Hotfix 2022

(SEG-56322)

Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the specified Microsoft Windows(TM) account that manages the existing Apex One SQL database does not have sufficient web service framework access permissions.

Solution:

This hotfix resolves the issue by updating the SQL Server Database Configuration Tool to add the Windows account to the IIS_IUSRS group to obtain the correct permissions.

Procedure:

To add the Windows account to the IIS_IUSRS group to obtain the correct permissions:

  1. Install this hotfix (see "Installation").
  2. On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
  3. Double-click "SQLTxfr.exe" to run the tool.
  4. Provide the authentication credentials of the Windows account for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or Active Directory (AD) built-in administrator.
  5. Click "Start" to apply the configuration changes.

Issue 4 of Hotfix 2022

(SEG-55537)

Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) or may not be able to send the enhanced security policies to Security Agents across the network successfully when managing the Apex One server from the Apex Central web console. This happens because:

  1. The specified Windows account that manages the existing Apex One SQL database changes the logon credentials used to connect to the existing database.
  2. Users change the Authentication Type of the existing Apex One SQL database from "Windows Account" to "SQL Server Account".

Solution:

This hotfix updates the SQL Server Database Configuration Tool to ensure that the Apex One server uses the correct authentication credentials for the SQL Server database.

Procedure:

To ensure that the Apex One server uses the correct authentication credentials for the SQL Server database:

  1. Install this hotfix (see "Installation").
  2. On the Apex One server computer, browse to "<Server installation folder>\PCCSRV\Admin\Utility\SQL".
  3. Double-click "SQLTxfr.exe" to run the tool.
  4. Provide the authentication credentials for the SQL Server database. IMPORTANT: The user account must belong to the local administrator group or AD built-in administrator.
  5. Click "Start" to apply the configuration changes.

Enhancement 1 of Hotfix 2022

(SEG-58926)

This hotfix improves the accuracy of the Apex One Application Control version reporting to Apex Central.

Issue 1 of Hotfix 2030

(SEG-58478)

The Apex One Security Agent service stops responding while starting after Apex One Hotfix 1141 is applied.

Solution:

This hotfix updates the Apex One security agent program to resolve this issue.

Issue 2 of Hotfix 2030

(SEG-57057), (SEG-59380)

An issue prevents users from successfully installing the Application Control agent on endpoints with Chinese computer names.

Solution:

This hotfix resolves the issue so the Application Control can be installed successfully on affected endpoints.

Issue 3 of Hotfix 2030

(SEG-59297)

The information in the "action" column on Data Loss Prevention(TM) (DLP) logs in Apex One server is not consistent with the corresponding information in the DLP logs on Apex Central server.

Solution:

This hotfix resolves the issue by modifying the wording in the "action" column in DLP logs on both the Apex One server and agents.

Issue 4 of Hotfix 2030

(SEG-58872), (SEG-59531)

An issue prevents the Trend Micro Advanced Threat Assessment Service from starting successfully.

Solution:

This hotfix resolves the issue.

Issue 5 of Hotfix 2030

(SEG-58404)

Garbled characters may appear in syslog if the language setting of the operating system contains Big-5 characters.

Solution:

This hotfix resolves the issue.

Issue 6 of Hotfix 2030

(SEG-53929)

The Apex One Endpoint Sensor cannot detect the dump of lsass.exe (Local Security Authority Process).

Solution:

This hotfix resolves this issue by adding hooking points for event correlation to detect the suspicious attack behavior.

Enhancement 1 of Hotfix 2030

(SEG-59121)

Advanced Threat Assessment has a new process that collects additional information.

Issue 1 of Hotfix 2040

(SEG-51255)

After a built-in Active Directory (AD) user group, for example "Administrators", is added in the "User Accounts" settings, and users login to Apex One using an AD account in this group, the Apex One console will not display any user or domain in "Agent Management" view.

Solution:

This hotfix updates Apex One server program to resolve the issue.

Enhancement 1 of Hotfix 2040

(SEG-59191)

This hotfix enables Apex One to support Microsoft Windows 8.0.

NOTE: If the security agent has been installed on Windows 8.0, it will be registered to the Apex One server after it restarts.

Enhancement 2 of Hotfix 2040

(SEG-59816)

This hotfix updates the Trend Micro Data Loss Prevention(TM) (DLP) module to ensure that it can block drag-and-drop file operations in Google Chrome 76 and 77.

Issue 1 of Hotfix 2047

(SEG-58126)

In certain environments, the Behavior Monitoring feature may add the "csrss.exe" file to the kernel exception later than expected which can then cause an interoperability issue that can trigger security agent computers to stop unexpectedly.

Solution:

This hotfix updates the Behavior Monitoring module and enables users to configure the Behavior Monitoring feature to add "csrss.exe" to the kernel exception earlier to prevent the interoperability issue.

Procedure:

To apply and deploy the solution globally:

  1. Install this hotfix (see "Installation").
  2. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
  3. Under the "Global Setting" section, manually add the "AegisAsyncCsrssEvent" key and set its value to "1".
  • [Global Setting]
  • AegisAsyncCsrssEvent=1
  1. Save the changes and close the file.
  2. Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following registry entry on all security agent computers:
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS
  • Key: AsyncCsrssEvent
  • Type: DWORD
  • Value: 1
  1. Restart the security agent

Issue 2 of Hotfix 2047

(SEG-60611)

Enhanced security policies may not be sent to Security Agents across the network successfully when users manage the Apex One server from the Apex Central web console. This happens when the Apex One SQL database is installed on a Microsoft(TM) SQL Server that users a collation method other than the default "SQL_Latin1_General_CP1_CI_AS".

Solution:

This hotfix updates the Apex One server program to resolve this issue.

Enhancement 1 of Hotfix 2047

(SEG-58737)

This hotfix enables users to query the OSFWebApp web service status through the "svrsvcsetup.exe" tool using the following command on the Apex One server command prompt.

svrsvcsetup.exe -testosfwebapp

Enhancement 2 of Hotfix 2047

(SEG-58056)

This hotfix enables users to search for multiple agents on the "Agent Management" page by specifying multiple agent names in the "Search for endpoints" text box.

NOTES:

  • Use a blank character " " delimiter to separate each agent name in the "Search for endpoints" text box.
  • The field supports wildcard characters. Use a question mark "?" to represent a single character and an asterisk "*" to represent several characters.
  • The field supports a maximum of 256 characters.

Issue 1 of Critical Patch 2049

(VRTS-3681)

A directory traversal vulnerability may allow an attacker to log on to the Apex One Management Console as a root user.

Solution:

This critical patch updates the Apex One server program to remove the vulnerability.

Issue 2 of Critical Patch 2049

(VRTS-3708)

A command injection vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in Apex One server.

Solution:

This critical patch updates the Apex One server program to remove the vulnerability.

Enhancement 1 of Critical Patch 2049

(SEG-50003)

This hotfix provides a way to delay Application Control hooking events while an endpoint computer starts up.

Procedure:

To apply this solution:

  1. Install this hotfix (see "Installation").
  2. Unload the Apex One security agent.
  3. Open the registry editor, add the following key, and specify the preferred time delay in minutes:
  • Key: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\iACAgent\DelayLoadAC
  • Type: DWORD
  • Valid Range: 0-10 (min)
  1. Restart the Apex One security agent.

Issue 1 of Hotfix 2060

(SEG-61081)

The Apex One security agent does not send the "Logon User" information to the Apex One server when the Apex One server restricts the user's access to the security agent console only from the system tray or from the Microsoft(TM) Windows(TM) "Start" menu.

Solution:

This hotfix updates the Apex One security agent program to ensure that Apex One security agents send the "Logon User" information to the Apex One server under the scenario described above.

Issue 2 of Hotfix 2060

(SEG-57796)

The Apex One Endpoint Sensor receives several user mode events that can prevent Microsoft(TM) RemoteApp from updating the event source.

Solution:

The Apex One Endpoint Sensor changes the event source from User mode to kernel mode to resolve this issue.

Issue 3 of Hotfix 2060

(SEG-60179)

The Export Info Tool stops unexpectedly when querying virus logs.

Solution:

This hotfix updates the Apex One server program to resolve the issue.

Issue 4 of Hotfix 2060

(SEG-58746)

Users may not be able to activate managed product licenses (Application Control, Endpoint Sensor, Vulnerability Protection) across the network successfully when managing the Apex One server from the Apex Central web console. This happens because the Apex One server does not handle the license key string properly.

Solution:

This hotfix updates the Apex One server program to resolve this issue.

Enhancement 1 of Hotfix 2060

(SEG-46847)

The Apex One NT Listener service (TmListen.exe) may cause a high CPU usage issue on security agents.

Procedure:

To apply and deploy the solution globally:

  1. Install this hotfix (see "Installation").
  2. Open the "Ofcscan.ini" file in the "\PCCSRV" folder of the Apex One server installation directory using a text editor.
  3. Under the "Global Setting" section, manually add the following key and set its value to "1".
  • [Global Setting]
  • IgnoreScanIncompleteFlagFromServer=1
  1. Save the changes and close the file.
  2. Open the Apex One Web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One agents and adds the following registry entry on all Apex One agent endpoints:
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\URL Filtering
  • Key: IgnoreScanIncompleteFlagFromServer
  • Type: DWORD
  • Value: 1

Issue 1 of Hotfix 2069

(SEG-58250)

The Trend Micro Vulnerability Scanner (TMVS) cannot perform remote installation when the logon account password includes special characters.

Solution:

This hotfix updates TMVS to resolve this issue.

Issue 2 of Hotfix 2069

(VRTS-3564)

On the Apex One web console, users may be able to view the user account that have just been logged out by pressing the back button of the web browser.

Solution:

This hotfix updates the Apex One server program to prevent this issue from occurring.

Issue 3 of Hotfix 2069

(VRTS-3567), (VRTS-3605)

On the Apex One web console, the "PHPSESSID" and "wf_CSRF_token" cookies are the same for every logon session.

Solution:

This hotfix ensures that the widget framework generates new "PHPSESSID" and "wf_CSRF_token" cookies for each new logon session.

Issue 4 of Hotfix 2069

(SEG-62734)

An issue prevents the Apex One server from deploying the following settings to Apex One security agents properly.

Under the "Privileges and Other Settings > Other Settings".

  • Do not allow users to access the Security Agent console from the system tray or Windows Start menu

Solution:

This hotfix updates the Apex One server program to resolve the issue.

Issue 1 of Hotfix 2073

(SEG-58210)

The maximum supported character length of the following registry key on Apex One security agents may be insufficient to save the proxy exceptions list.

  • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion]
  • WinProxySpecifiedProxyBypass

Solution:

This hotfix extends the registry key's maximum supported character length to resolve this issue.

Issue 2 of Hotfix 2073

(SEG-59016)

A performance issue occurs on Apex One agent computers because a module generates a large number of logs.

Solution:

This hotfix updates the user mode event related module to version 8.5.2065 to solve the issue.

Issue 3 of Hotfix 2073

(SEG-63106)

The Apex One Predictive Machine Learning feature may prevent users from running scripts through a third-party application normally.

Solution:

This hotfix provides a way for users to make and edit a list of approved programs to run with deferred scanning by Predictive Machine Learning to prevent these issues.

Procedure:

To create and edit the list of approved programs to run with deferred scanning by Predictive Machine Learning:

  1. Install this hotfix (see "Installation").
  2. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
  3. Under the "Global Setting" section, manually add the following keys and specify each approved program separately.
  • [Global Setting]
  • DS_ProcessCount=the number of programs in the approved list, supports any integer from 1 to 1000
  • DS_ProcessName000=process name of the approved program, where "000" notes the first item on the list

    For example:

  • [Global Setting]
  • DS_ProcessCount=2
  • DS_ProcessName000=cscript.exe
  • DS_ProcessName001=wscript.exe
  1. Save the changes and close the file.
  2. Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following entries of TXS.ini on all security agent computers:
  • [TrendX_Settings]
  • DS_ProcessCount=2
  • DS_ProcessName000="The encrypted string of the preferred program"
  • DS_ProcessName001="The encrypted string of the preferred program"

Issue 1 of Patch 2087

(SEG-61011)

The Apex One Vulnerability Protection service cannot start successfully on the Turkish version of the Microsoft(TM) Windows(TM) server platform because it uses the all caps version of the database column name, "SYSTEMVERSİONID".

Solution:

This patch updates the database column name in the Apex One Vulnerability Protection server to "SystemVersionID" to resolve this issue.

Issue 2 of Patch 2087

(SEG-54980)

A program on an endpoint triggers the Behavior Monitoring module.

Solution:

This patch adds a command related to the program to the exception list to solve this issue.

Procedure:

To apply and deploy the solution globally:

  1. Install this patch (see "Installation").
  2. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
  3. Under the "Global Setting" section, manually add the following keys and values.
  • [Global Setting]
  • AegisSPSetCMDCount=1
  • AegisSPSetCMDSubImagePath0=C:\Windows\System32\cmd.exe
  • AegisSPSetCMDImagePath0=certutil.exe
  • AegisSPSetCMDCmdLine0=-urlcache-splithttpzip*
  • AegisSPSetCMDAct0=0
  1. Save the changes and close the file.
  2. Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the settings to agents. The Apex One server deploys the command to security agents and adds the following registry entries on all security agent computers:
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
  • Key: AegisSPSetCMDCount
  • Type: DWORD
  • Value: 1
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
  • Key: AegisSPSetCMDSubImagePath0
  • Type: REG_SZ
  • Value: C:\Windows\System32\cmd.exe
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
  • Key: AegisSPSetCMDCmdLine0
  • Type: REG_SZ
  • Value: -urlcache-splithttpzip*
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
  • Key: AegisSPSetCMDImagePath0
  • Type: REG_SZ
  • Value: certutil.exe
  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS
  • Key: AegisSPSetCMDAct0
  • Type: DWORD
  • Value: 0
  1. Restart the security agent

Enhancement 1 of Patch 2087

(SEG-63171)

This patch enables the Apex One security agent program to support Microsoft Windows(TM) 10 (version 1909) November 2019 Update.

Enhancement 2 of Patch 2087

(SEG-60079)

This patch adds a mechanism that can help reduce the probability of errors during Apex One server and Apex One security agent updates.

Issue 1 of Hotfix 2097

(SEG-65916)

On computers with low specifications, the Application Control agent may run into performance issues when several applications installed on the computer match the Application Control criteria.

Solution:

This hotfix helps prevent the performance issues by enabling the Application Control agent to store matched applications in the criteria cache after these applications run for the first time.

Issue 2 of Hotfix 2097

(SEG-64308), (SEG-65121)

A "Failed to get server certificate." error appears on the installation log during Advanced Threat Assessment Service installation.

Solution:

This hotfix resolves the error so the Advanced Threat Assessment Service can be installed successfully.

Issue 3 of Hotfix 2097

(SEG-63775)

The real-time scan exception settings from the Apex One security agent are restored unexpectedly after an Apex One security agent update.

Solution:

This hotfix updates the Apex One security agent program to preserve the current real-time scan exception settings after an Apex One security agent update.

Enhancement 1 of Hotfix 2097

(SEG-49768)

The Apex One agent keeps track of un-scanned files but does not send the information to the server, so users do not see the information on the Apex One server.

This hotfix enables Apex One agents to upload un-scanned file logs to the "C:\Program Files (x86)\Trend Micro\Apex One\PCCSRV\Log\UnScanFile" folder on the server.

Issue 1 of Hotfix 2099

(SEG-66016)

When administrators set the Internet proxy settings from the browser, the Apex One Security proxy always applies the Internet proxy settings to update components from the Trend Micro Global ActiveUpdate server instead of the Apex One server.

Solution:

This hotfix enables the Security Agent console to allow administrators the option to choose and apply "Use Windows Internet Options Settings" when updating components.

By default, the system does not apply and update components from the Apex One server.

Issue 1 of Hotfix 2103

(SEG-65326)

The Application Control agent service is dependent on some Microsoft(TM) Windows(TM) services. If some Windows services are not running, the system does not start the Application Control agent service.

Solution:

This hotfix resolves the Application Control agent service dependency issue. After applying this hotfix, the Application Control agent service starts some Windows services automatically as it is starts up.

Issue 2 of Hotfix 2103

(SEG-67082)

The system cannot successfully install the Application Control server if the SQL server contains a semi-colon (";") in its password.

Solution:

This hotfix resolves this issue so that the system can install the Application Control server successfully.

Issue 3 of Hotfix 2103

(SEG-64933)

Data Loss Prevention(TM) (DLP) feature may slow down the performance of certain web applications on the Apex One Security agent.

Solution:

This hotfix updates the DLP module to resolve this issue.

Issue 4 of Hotfix 2103

(SEG-62262)

The 3rd-party ICE WebStart program cannot be launched while the Apex One Firewall service is running.

Solution:

This hotfix updates the Trend Micro Apex One Firewall components and provides a way to prevent this issue from occurring.

Procedure:

To enable the new settings:

  1. Install this hotfix (see "Installation").
  2. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the Apex One server installation directory using a text editor.
  3. Under the "Global Setting" section, manually add the following key and set its value to "256".
  • [Global Setting]
  • PFW_KEventMaxCount=256
  1. Save the changes and close the file.
  2. Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One agents and adds the following registry entry on all Apex One agent endpoints:
  • Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmWfp\Parameters
  • Key: KEventMaxCount
  • Type: REG_DWORD
  • Value: 256 (0x100)
  1. Restart the Apex One agent machines.

Issue 5 of Hotfix 2103

(SEG-57361)

The Apex One Behavior Monitoring feature may prevent users from opening Microsoft Office applications normally and may cause high CPU usage issues on protected computers.

Solution:

This hotfix updates the Apex One agent program to resolve this issue.

Procedure:

To apply and deploy the solution globally:

  1. Install this hotfix (see "Installation").
  2. Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
  3. Under the "Global Setting" section, manually add the "UnregUMHEventList" key and set its value to "140".
  • [Global Setting]
  • UnregUMHEventList=140
  1. Save the changes and close the file.
  2. Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following registry entry on all security agent computers:
  • Path:
  • For x64 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
  • For x86 platforms: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\AEGIS\
  • Key: UnregUMHEventList
  • Type: String
  • Value: "The encrypted string with the prefix !CRYPTEX!"
  1. Restart the Apex One security agent.

Enhancement 1 of Hotfix 2103

(SEG-64723)

This hotfix enables the Apex One server to download the list of approved mobile devices and USB storage devices from the Device Control settings in the Apex Central server and to deploy the list to Apex One security agents.

Procedure:

To configure Apex One server to download and deploy the Device Control approved list of mobile devices and USB storage devices from the Apex Central server to all Apex One security agents:

  1. Run the Device List Tool (listDeviceInfo.exe) to retrieve the device information. The tool provides Vendor, Model, Serial ID, and Device information for each device.
  2. Make a Device Control approved list in CSV file format specifying the Vendor, Model, Serial ID, and Device information of mobile devices and USB storage devices.

    For example:

  • 05AC,12A8,35AD13C948ECD47904B2B7AD4D5E8AFBF4C70C48,Mobile Devices
  • ADATA,DC1A,285252344010000C,USB Storage Devices

    NOTE: The "Device" field is optional, if there is no device type listed in the CSV file, it will be treated as "USB Storage Devices".

  1. Copy the CSV file to the Apex Central server in the "\Trend Micro\Control Manager\WebUI\WebApp\widget\repository\widgetPool\product\OSCE\" folder and rename the CSV file as "dc_dev_exception.csv".

    NOTE: Users can import the Device Control approved list from the "Policies > Policy Resources > Device Control Allowed Devices" page of the Apex Central console.

  2. Deploy an Apex One Security Agent policy with Device Control setting to agents from the Apex Central console. All agents will receive the approved list.

    NOTE: On the Apex One server, users can check the "DC_GLOBAL_DEV_EXCEPTION" section in "dlp.ini" file under the "\PCCSRV\Private" folder.

    For example:

  • [DC_GLOBAL_DEV_EXCEPTION]
  • DevExceptionGlobalCount=2
  • DevExceptionGlobal_00000000= VendorName,Model,serialNo,1(USB Storage Devices)
  • DevExceptionGlobal_00000001=VendorName,Model,serialNo,2097152(Mobile Devices)

    On the Apex One security agent, users can check the "dc_in.xml" and "dc_out.xml" file under the "\Security Agent\dlplite" folder.

    For example:

  • <usbException exceptionDeviceType="0x00000001"(USB Storage Devices) serialNo="xxxxxxxx" model=" xxxxxxxx " vendorName="xxxxxxxx "/>
  • <usbException exceptionDeviceType="0x00200000"(Mobile Devices) serialNo=" xxxxxxxx " model=" xxxxxxxx " vendorName="xxxxxxxx "/>

Enhancement 2 of Hotfix 2103

(SEG-64515)

This hotfix removes the "Enable debug log" check box from the "Debug Log Setting" window in the Apex One console.

8. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

http://www.trendmicro.com/us/about-us/contact/index.html

NOTE: This information is subject to change without notice.

9. About Trend Micro

Smart, simple, security that fits

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2020, Trend Micro Incorporated. All rights reserved.

Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

10. License Agreement

View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/

Third-party licensing agreements can be viewed:

  • By selecting the "About" option in the application user interface
  • By referring to the "Legal" page of the Administrator's Guide