Contents
1. Hotfix Release Information 
Resolved Known Issues
Trend Micro Apex Central™ as a Service
This hotfix resolves the following issue(s):
When users search for Active Directory (AD) user names or user groups while creating a policy under the Device Control Settings, the AD user names or user groups do not display on the search bar.
Solution:
This hotfix ensures that users can search for AD user names or user groups normally when creating Device Control policies.
An issue prevents users from selecting targets to deploy Apex Central policies.
Solution:
The hotfix ensures that Apex Central policies are deployed normally.
Policies are not deployed if there is a carriage return in the filter criteria.
Solution:
The hotfix ensures that policies are deployed successfully.
Users encounter "4624(S): An account was successfully logged on" events with Logon Type 8 which warns that passwords are recorded in clear text on the server memory.
Solution:
The hotfix prevents passwords from being saved in clear text on the server memory.
A specific SQL query blocks several processes on the Control Manager server.
Solution:
This hotfix ensures that the specific SQL query does not block processes on the Control Manager server.
The "Filter by criteria" function cannot match keywords when users specify multiple keywords and separate each by a comma.
Solution:
This hotfix ensures that the "Filter by criteria" function matches multiple keywords normally.
The Trend Micro Interscan(TM) Messaging Security (IMSS) policy is not fully functional on Apex Central.
Solution:
This hotfix ensures that the IMSS policy is fully functional on Apex Central.
When users create criteria using the Application Reputation List on Apex Central, some applications that were selected from the list become unselected after a TMCSS pattern update.
Solution:
This hotfix updates the Apex Central file to resolve this issue.
When receiving Web Violation logs, the corresponding Web Access Policy Violation Alerts under Event Notifications do not display the login user information.
Solution:
This hotfix ensures that Web Access Policy Violation Alerts display the login user information normally.
Apex Central is affected by PHP vulnerabilities.
Solution:
This hotfix upgrades the PHP module to build 7.1.33.
The OpenSSL and libcurl modules are affected by a Code Injection Vulnerability.
Solution:
This hotfix resolves the vulnerability.
The Root Cause Analysis task runs continuously if the target agent has been removed.
Solution:
This hotfix adds a timeout value for the Root Cause Analysis task.
Passwords are not salted individually.
Solution:
This hotfix ensures that passwords are salted individually.
An issue prevents Apex Central from generating reports successfully.
Solution:
This hotfix resolves the issue to ensure that Apex Central can generate reports successfully.
Deep Discovery Web Inspector (DDWI) does not support Single Sign-On (SSO) but the SSO link for Deep Discovery Web Inspector appears on the "Server Registration" page.
Solution:
This hotfix removes the SSO link for Deep Discovery Web Inspector (DDWI) from the "Server Registration" page.
Trend Micro Apex One™ as a Service
This hotfix resolves the following issue(s):
An issue prevents the Trend Micro Osprey Scanner Driver service from starting on Apex One agent computers and the following error message appears: "Windows requires a digitally signed driver."
Solution:
This hotfix updates the Trend Micro Osprey Scanner Driver to resolve this issue.
If the suspicious file submission to Virtual Analyzer option is enabled, users may experience high CPU usage issues on protected computers when an on-demand manual, Scan Now, or scheduled scan starts.
Solution:
This hotfix updates the Apex One security agent program to resolve the issue.
The 3rd-party ICE WebStart program cannot be launched while the Apex One Firewall service is running.
Solution:
This hotfix updates the Trend Micro Apex One Firewall components and provides a way to prevent this issue from occurring.
Procedure:
To enable the new settings:
- Install this hotfix (see "Installation").
- Open the "Ofcscan.ini" file in the "\PCCSRV\" folder of the Apex One server installation directory using a text editor.
- Under the "Global Setting" section, manually add the following key and set its value to "256".
- [Global Setting]
- PFW_KEventMaxCount=256
- Save the changes and close the file.
- Open the Apex One web console and go to the "Agents > Global Agent Settings" screen.
- Click "Save" to deploy the setting to agents. The Apex One server deploys the command to Apex One agents and adds the following registry entry on all Apex One agent endpoints:
- Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmWfp\Parameters
- Key: KEventMaxCount
- Type: REG_DWORD
- Value: 256 (0x100)
- Restart the Apex One agents.
Trend Micro Apex One™ (Mac) as a Service
There are no Apex One (Mac) as a Service issues for this hotfix release.
Enhancements
Trend Micro Apex Central™ as a Service
The following enhancements are included in this hotfix:
This hotfix allows users to select a virtual analyzer to be used for an Apex One as a Service server on the "Server Registration" page in hybrid mode.
This hotfix adds the following three new widgets in Apex Central to provide users with information on Intrusion Prevention (IPS) events.
Top Endpoints Affected by IPS Events Top IPS Attack Sources Top IPS Events
Dashboard enhancements
The widgets on the former DLP Incident Investigation tab are now on the Data Loss Prevention tab.
Impact Analysis enhancement
The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.
Web Console Auto Refresh enhancement
You can configure the Apex Central management console to automatically refresh the screen every 600 seconds (enabled by default).
This hotfix provides an iAC log purge function in the "Log Maintenance" page of the Apex Central web console.
This hotfix enables the following three widgets to display information from the past 30 days.
- Top Endpoints Affected by IPS Events
- Top IPS Attack Sources
- Top IPS Events
Procedure:
To summarize data from the last 30 days:
- Install this hotfix (see "Installation").
- Open a command prompt and log in using an administrator account.
- Go to the Apex Central installation home folder.
- Run the following command "echo sp_Presummary_IntrustionPrevention_30Days > SumIPS.sql | SQLExecutor.NET.exe -f=SumIPS.sql"
This hotfix enables Apex Central to support Trend Micro Deep Discovery Web Inspector.
This hotfix enables Apex Central as a Service to monitor Single Sign-On issues through Microsoft(TM) Windows(TM) event logs.
This hotfix renames the "InterScan Web Security as a Service" Server Type option to "Trend Micro Web Security" in the "Administrator > Server Registration" page on the Apex Central web console.
This hotfix adds Behavior Monitoring violations alert settings under the Event Notification settings.
This hotfix adds Predictive Machine Learning detections alert settings under the Event Notification settings.
LogForwarder forwards mapping string labels instead of the integer when forwarding Action column content of Behavior Monitoring.
This hotfix enables Apex Central to support the new engine component "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5600)" for Trend Micro Deep Discovery Inspector 5.6.
This hotfix enables Apex Central to support the Login Sharing Prevention feature.
This hotfix enables the Operation Center to display information in Chart View and Table View.
Enhanced syslogs
Common Event Format (CEF) syslogs indicate the type of critical threat detected.
Automated troubleshooting for Mac endpoints
Updated troubleshooting support also allows Trend Micro engineers to take proactive, preventative measures on Mac endpoints.
Trend Micro Apex One™ as a Service
The following enhancements are included in this hotfix:
On the Microsoft(TM) Edge(TM) browser, when the transfer of sensitive information triggers the Data Loss Protection(TM) (DLP) module, the corresponding logs on the Apex Central web console and Apex One Security as a Service web console may display garbled characters and truncated text.
The Advanced Logging Policy for the Apex One Vulnerability Protection Network Engine Settings uses "Stateful, Frag, and Verifier Suppression" by default.
Apex One Endpoint Sensor supports Windows Server platforms.
Apex One as a Service supports Security Agent installation on Windows 10 19H2. (requires updating the Program Inspection Monitoring Pattern)
Trend Micro Apex One™ (Mac) as a Service
The following enhancements are included in this hotfix:
This hotfix improves communication between Apex One (Mac) as a Service servers and Security Agents to help reduce network traffic.
This hotfix updates the endpoint sensor data collection mechanism to filter out some noise data.
This hotfix updates the device control USB unmount/remount mechanism to make sure all USB devices are matched to the correct permissions.
Additional Information
Trend Micro Apex Central™ as a Service
No additional information available.
Trend Micro Apex One™ as a Service
Security Agent version: 14.0.6091
Security Agent restart: Required
Estimated size of network traffic (in terms of bandwidth) required for deployment:
- 32-bit Security Agent hotfix = 95 MB
- 64-bit Security Agent hotfix = 121 MB
Trend Micro Apex One™ (Mac) as a Service
Security Agent version : 3.5.3209
Security Agent restart requirement : Not required
Estimated size of network traffic (in terms of bandwidth) required for deployment:
64-bit Security Agent hotfix = 119.4 MB
2. Documentation Set
-
The document set includes:
- Trend Micro Apex One™ as a Service documents
- Readme: Contains a list of known issues and may also contain late-breaking product information not found in the Online Help or printed documentation.
- Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com
- Trend Micro Apex Central™ as a Service documents
- Administrator's Guide: A PDF document that provides detailed instructions for how to configure and manage the Trend Micro Apex Central™ as a Service console and features.
- Data Protection Lists (Chapter 1 only): A PDF document that lists predefined data identifiers and templates for Data Loss Prevention.
- Widget and Policy Management Guide: Explains how to configure Dashboard widgets and Policy Management widgets on the Trend Micro Apex Central™ as a Service console.
- Automation API Guide: A PDF document that explains how to use Trend Micro Apex Central™ Automation APIs.
- Online Help: Provides "how to's", usage advice, and field-specific information. The Help is also accessible from the Trend Micro Apex Central™ as a Service console.
- Trend Micro Apex One™ server documents
- Administrator's Guide: A PDF document that discusses getting started information and Trend Micro Apex One™ server administration.
- Online Help: Provides "how to's", usage advice, and field-specific information. The Help is accessible from the Trend Micro Apex One™ server, agent, and Policy Server consoles, and from the OfficeScan Master Setup.
- Trend Micro Apex One™ (Mac) server documents
- Administrator's Guide: A PDF document that discusses getting started information and Trend Micro Apex One™ (Mac) server administration.
- Online Help: Provides "how to's", usage advice, and field-specific information for Trend Micro. The Help is also accessible from the Trend Micro Apex One™ as a Service console.
- Security Agent documents
- Trend Micro Apex One™ Security Agent Online Help: Discusses getting started information, Trend Micro Apex One™ Security Agent installation procedures, and Trend Micro Apex One™ Security Agent management.
- Trend Micro Apex One™ Security Agent Readme: Contains a list of known issues and may also contain late-breaking product information not found in the Online Help or printed documentation.
- Trend Micro Apex One™ (Mac) Security Agent Online Help: Discusses getting started information, Trend Micro Apex One™ (Mac) Security Agent installation procedures, and Trend Micro Apex One™ (Mac) Security Agent management.
Download the latest versions of the PDF documents and readme at our online documentation.
3. Post-installation Configuration
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
4. Known Issues
Trend Micro Apex Central™ as a Service
Known issues in this release:
The file name of the attached ZIP file for a generated report contains garbled text if the report name contains non-alphanumeric characters.
The attached ZIP file for a generated report cannot be opened of the report name contains Traditional Chinese characters.
If Apex Central as a Service is the Node Apex Central of an on-premises Hub Apex Central server, Apex Central as a Service might not be able to receive Suspicious Object Lists from the on-premises Hub Apex Central.
To resolve this issue, contact your support representative.
Trend Micro Apex One™ as a Service
Known issues in this release:
Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.
Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.
Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.
After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.
The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.
When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.
After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.
Trend Micro Apex One™ (Mac) as a Service
Known issues in this release:
After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.
When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a backslash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.
To resolve this issue, use a colon (:) to search for the files.
After minimizing the Security Agent console in Mac OS Catalina (10.15.1), you may not be able to open the Security Agent console by clicking the Apex One (Mac) icon in the task bar.
To resolve this issue, close the Security Agent console, instead of minimizing the console window, and open the console again.
5. Contact Information
A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.
Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
6. About Trend Micro
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.
Copyright 2019, Trend Micro Incorporated. All rights reserved.
Trend Micro, Trend Micro Apex Central, Trend Micro Apex One, Trend Micro Apex One (Mac) and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies.
7. License Agreement
View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide