1. Hotfix Release Information

Resolved Known Issues

Trend Micro Apex Central™ as a Service

This hotfix resolves the following issue(s):

Issue 1 (SEG-56232)

The Active Directory (AD) cannot be synched successfully because "Logprocessor.exe" runs out of memory during AD synchronization.

Solution:

This hotfix prevents the out-of-memory issue to ensure that AD can be synched successfully.

Issue 2 (SEG-59272)

The "This feature supports only IPv4" warning in the "Apex One Data Loss Prevention Settings > Apex One DLP" screen is misleading.

Solution:

This hotfix removes the "This feature supports only IPv4" warning from the "Apex One DLP" settings screen.

Issue 3 (SEG-56503)

In the Data Loss Prevention(TM) (DLP) Policy Settings page, the device serial ID field supports up to 32 characters only.

Solution:

This hotfix extends the maximum device serial ID length to 64 characters.

Issue 4 (SEG-59166)

An issue prevents the "Product Component Status" widget from displaying information normally.

Solution:

This hotfix resolves the issue so that the "Product Component Status" widget can display information normally.

Issue 5 (SEG-58967)

An SQL function usage compatibility issue causes hotfix installation to fail.

Solution:

This hotfix resolves the issue to ensure that hotfixes can be installed normally.

Issue 6 (SEG-58852)

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Solution:

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Trend Micro Apex One™ as a Service

This hotfix resolves the following issue(s):

Issue 1 (SEG-60259)

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Solution:

This hotfix updates the DLP module to resolve this issue.

Issue 2 (SEG-56678)

Apex One as a Service does not support capital letters in domain names.

Solution:

This hotfix adds the following registry key to enable Apex One as a Service to accept and save domain names that contain capital letters.

  • [Global Setting]
  • KeepDomainNaming=1

Issue 3 (SEG-59670)

An issue prevents the Apex One server from deploying the following settings to Apex One security agents properly.

  • "Privileges and Other Settings > Other Settings > Security Agent Access Restriction"
  • "Do not allow users to access the Security Agent console from the system tray or Windows Start menu"

Solution:

This hotfix updates the Apex One server program to resolve the issue.

Issue 4 (SEG-58444)

The Security Agent unload password does not successfully unload the program.

Solution:

This hotfix resolves a mismatched encrypted password string to allow the Security Agent program to successfully unload.

Issue 5 (SEG-61326)

A memory leak issue related to the Trend Micro Unauthorized Change Prevention Service occurs.

Solution:

This hotfix updates the Behavior Monitoring module to fix the memory leak issue.

Issue 6 (SEG-55211), (SEG-60062)

The Behavior Monitoring program inspection feature still blocks certain applications on Apex One security agent computers even after users have added these applications into the Trusted Programs List or the approved list of the Behavior Monitoring Exceptions on security agents.

Solution:

This hotfix updates the Apex One security agent program to resolve this issue.

Issue 7 (SEG-61770), (SEG-58355)

The Apex One Predictive Machine Learning feature may prevent users from running scripts through a third-party application normally.

Solution:

This hotfix provides a way for users to make and edit a list of approved programs to run with deferred scanning by Predictive Machine Learning to prevent these issues.

Procedure:

To create and edit the list of approved programs to run with deferred scanning by Predictive Machine Learning:

  1. Install this hotfix (see "Installation").
  2. Open the "Ofcscan.ini" file in the "\PCCSRV\" folder on the Apex One server installation directory.
  3. Under the "Global Setting" section, manually add the following keys and specify each approved program separately.
  • [Global Setting]
  • DS_ProcessCount=the number of programs in the approved list, supports any integer from 1 to 1000
  • DS_ProcessName000=process name of the approved program, where "000" notes the first item on the list

    For example:

  • [Global Setting]
  • DS_ProcessCount=2
  • DS_ProcessName000=cscript.exe
  • DS_ProcessName001=wscript.exe
  1. Save the changes and close the file.
  2. Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
  3. Click "Save" to deploy the setting to agents. The Apex One server deploys the command to security agents and adds the following entries of TXS.ini on all security agent computers:
  • [TrendX_Settings]
  • DS_ProcessCount=2
  • DS_ProcessName000="The encrypted string of the preferred program"
  • DS_ProcessName001="The encrypted string of the preferred program"

Issue 8 (SEG-60869)

An issue prevents the Apex One as a Service server from updating the Behavior Monitoring Pattern completely from the Trend Micro Active Update server.

Solution:

This hotfix updates the Apex One server program to resolve the issue.

Issue 9 (SEG-59243)

Users encounter Device Control Violation detections when opening the Hyper V Virtual Machine.

Solution:

This hotfix updates the Behavior Monitoring module to fix this issue.

Issue 10 (SEG-62741)

If the Apex One Master Service stops running unexpectedly, users cannot single sign-on (SSO) to the Apex One Server console from the Apex Central management console.

Solution:

This hotfix ensures that the Apex One Master Service is running so that users can single sign-on to the Apex One Server console from Apex Central.

Issue 11

An issue prevents from generating Attack Discovery Detection report after restarting Apex One Security Agent on the endpoint

Solution:

This hotfix updates the Apex One Security agent program to resolve the issue. The solution requires Endpoint Sensor Agent module version 3.5.1047 or above.

Issue 12

An issue prevents user from isolating the endpoint via the generated Root Cause Analysis Chains of Apex Central as a Service web console.

Solution:

This hotfix updates the Apex Central as a Service server program to resolve this issue.

Issue 13

An issue prevents user from terminating process via the generated Root Cause Analysis Chains of Apex Central as a Service web console.

Solution:

This hotfix updates the Apex Central as a Service server program to resolve this issue.

This Critical Patch resolves the following issue(s):

Issue 1 (VRTS-3681)

A directory traversal vulnerability may allow an attacker to log on to the Apex One Management Console as a root user.

Solution:

This critical patch updates the Apex One server program to remove the vulnerability.

Issue 2 (VRTS-3708)

A command injection vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in Apex One server.

Solution:

This critical patch updates the Apex One server program to remove the vulnerability.

Trend Micro Apex One™ (Mac) as a Service

This hotfix resolves the following issue(s):

Issue 1 (SEG-60967)

Multiple alerts appear for the same detection.

Solution:

This hotfix resolves the issue by updating the database schema.

Issue 2

The Apex One (Mac) agent console stops responding due to socket changes in Mac OS Catalina (10.15.1).

Solution:

This hotfix adds handles on socket changes in Mac OS Catalina (10.15.1) to resolve the issue.


Enhancements

Trend Micro Apex Central™ as a Service

The following enhancements are included in this hotfix:

Enhancement 1 (SEG-55073)

This hotfix allows Apex Central to enable the "self-integrity check" setting for the ActiveUpdate (AU) module by default.

Enhancement 2 (SEG-58041)

This hotfix ensures that Microsoft(TM) Azure Active Directory (AD) could Single Sign-On (SSO) to the Apex Central web console normally.

Enhancement 3 (SEG-43622)

This hotfix enables users to add the Apex One domain hierarchy information in applicable virus event notifications using the "%hierarchy%" token.

Enhancement 4 (SEG-43643)

This hotfix ensures that activation (AC) keys are renewed automatically when the keys are added or redeployed to products.

Enhancement 5 (SEG-41902)

This hotfix enables users to add "unmanaged endpoints" information to custom reports.

Enhancement 6

Dashboard enhancements

The former Operation Center tab is now the Security Posture tab, the former Threat Detection tab is now the Threat Statistics tab, and the widgets on the former DLP Incident Investigation tab are now on the Data Loss Prevention tab.

Enhancement 7

Enhanced platform support

Apex One as a Service extends sensor capabilities for investigations to managed servers running on a supported Linux operating system.

Enhancement 8

Impact Analysis enhancement

The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.

Enhancement 9

Threat Investigation dashboard

Tailor-made for security analysts performing EDR, the tab allows you to start Historical Investigations, view Attack Discovery detections, and identify critical threats.

Enhancement 10

Web Console Auto Refresh enhancement

You can configure the Apex Central management console to automatically refresh the screen every 600 seconds (enabled by default).

Enhancement 11 (SEG-34121), (SEG-41962), (SEG-52917), (SEG-48792)

This hotfix adds the new column "Expiration date" for User-Defined Suspicious Objects (UDSO) in Apex Central.

Enhancement 12

Automated troubleshooting

If you grant the necessary permissions, Trend Micro engineers can take proactive, preventative measures to ensure the continuity of your business operations without interrupting you with numerous email messages and notifications.

Trend Micro Apex One™ as a Service

The following enhancements are included in this hotfix:

Enhancement 1 (SEG-57310)

This hotfix updates the Data Loss Prevention(TM) (DLP) module to ensure that it can block drag-and-drop file operations in Google Chrome 76 and 77.

Enhancement 2

Integration with the Windows Antimalware Scan Interface (AMSI) enhances protection against malicious scripts.

Enhancement 3

You can configure Application Control to limit the number of logs that each Security Agent uploads each hour.

Enhancement 4

You can specify specific URLs to search for while performing a Historical Investigation.

Enhancement 5

Security Agents continuously upload activity data to Trend Micro so you can generate up-to-date RCA chains regardless of endpoint status.

There are no Apex One as a Service enhancements for this hotfix release.

Trend Micro Apex One™ (Mac) as a Service

The following enhancements are included in this hotfix:

Enhancement 1

This hotfix enhances the proxy connection mechanism of Apex One (Mac) 2019.

Enhancement 2

Root Cause Analysis enhancement

Apex One as a Service supports Root Cause Analysis in Historical Investigations on Apex One (Mac) endpoints.


Additional Information

Trend Micro Apex Central™ as a Service

No additional information available.

Trend Micro Apex One™ as a Service

Security Agent version: 14.0.5156

Security Agent restart: Required

Estimated size of network traffic (in terms of bandwidth) required for deployment:

  • 32-bit Security Agent hotfix = 178 MB
  • 64-bit Security Agent hotfix = 229 MB

No additional information available.

Trend Micro Apex One™ (Mac) as a Service

Security Agent version : 3.5.3104

Security Agent restart requirement : Not required

Estimated size of network traffic (in terms of bandwidth) required for deployment:

64-bit Security Agent hotfix = 113.4 MB

2. Documentation Set

    The document set includes:

  • Trend Micro Apex One™ as a Service documents
    • Readme: Contains a list of known issues and may also contain late-breaking product information not found in the Online Help or printed documentation.
    • Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com
  • Trend Micro Apex Central™ as a Service documents
    • Administrator's Guide: A PDF document that provides detailed instructions for how to configure and manage the Trend Micro Apex Central™ as a Service console and features.
    • Data Protection Lists (Chapter 1 only): A PDF document that lists predefined data identifiers and templates for Data Loss Prevention.
    • Widget and Policy Management Guide: Explains how to configure Dashboard widgets and Policy Management widgets on the Trend Micro Apex Central™ as a Service console.
    • Automation API Guide: A PDF document that explains how to use Trend Micro Apex Central™ Automation APIs.
    • Online Help: Provides "how to's", usage advice, and field-specific information. The Help is also accessible from the Trend Micro Apex Central™ as a Service console.
  • Trend Micro Apex One™ server documents
    • Administrator's Guide: A PDF document that discusses getting started information and Trend Micro Apex One™ server administration.
    • Online Help: Provides "how to's", usage advice, and field-specific information. The Help is accessible from the Trend Micro Apex One™ server, agent, and Policy Server consoles, and from the OfficeScan Master Setup.
  • Trend Micro Apex One™ (Mac) server documents
    • Administrator's Guide: A PDF document that discusses getting started information and Trend Micro Apex One™ (Mac) server administration.
    • Online Help: Provides "how to's", usage advice, and field-specific information for Trend Micro. The Help is also accessible from the Trend Micro Apex One™ as a Service console.
  • Security Agent documents
    • Trend Micro Apex One™ Security Agent Online Help: Discusses getting started information, Trend Micro Apex One™ Security Agent installation procedures, and Trend Micro Apex One™ Security Agent management.
    • Trend Micro Apex One™ Security Agent Readme: Contains a list of known issues and may also contain late-breaking product information not found in the Online Help or printed documentation.
    • Trend Micro Apex One™ (Mac) Security Agent Online Help: Discusses getting started information, Trend Micro Apex One™ (Mac) Security Agent installation procedures, and Trend Micro Apex One™ (Mac) Security Agent management.

    Download the latest versions of the PDF documents and readme at our online documentation.

3. Post-installation Configuration

No post-installation steps are required.

NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.

4. Known Issues

Trend Micro Apex Central™ as a Service


Known issues in this release:

Known Issue 1

The file name of the attached ZIP file for a generated report contains garbled text if the report name contains non-alphanumeric characters.

Known Issue 2

The attached ZIP file for a generated report cannot be opened of the report name contains Traditional Chinese characters.

Known Issue 3

If Apex Central as a Service is the Node Apex Central of an on-premises Hub Apex Central server, Apex Central as a Service might not be able to receive Suspicious Object Lists from the on-premises Hub Apex Central.

To resolve this issue, contact your support representative.

Trend Micro Apex One™ as a Service


Known issues in this release:

Known Issue 1

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Known Issue 2

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Known Issue 3

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

Known Issue 4

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

Known Issue 5

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

Known Issue 6

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

Trend Micro Apex One™ (Mac) as a Service


Known issues in this release:

Known Issue 1

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

Known Issue 2

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a backslash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.

5. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

http://www.trendmicro.com/us/about-us/contact/index.html

NOTE: This information is subject to change without notice.

6. About Trend Micro

Smart, simple, security that fits

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2019, Trend Micro Incorporated. All rights reserved.

Trend Micro, Trend Micro Apex Central, Trend Micro Apex One, Trend Micro Apex One (Mac) and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.

7. License Agreement

View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/

Third-party licensing agreements can be viewed:

  • By selecting the "About" option in the application user interface
  • By referring to the "Legal" page of the Administrator's Guide