If user click assess impact in "quick investigation" widget will not bring the parameter to Historical Investigation page.

The content in generated reports that use the "TM Managed Product Connection Component Status" custom template shows "no data to display" when "Tags and Filters" are selected as targets.

The PDF creator cannot parse <wbr> tags correctly which causes it to record inaccurate report size information.

Logforwarder cannot forward logs when the IP address field contains multiple IP addresses and one of the addresses is in IPv6 format.

A high CPU usage issue occurs on the SQL server when purging Behavior Monitoring logs.

When the Security Agent is unregistered from Apex Central, reports and log queries display a different number of Malware/Virus detection logs.

Users with Read-Only privileges may be able to export the Data Loss Prevention(TM) (DLP) pattern.

When users create a filter policy and select "Directories: Product Directory" in the "Filter by Criteria" page, the product directory does not display any product.

In event logs, the event time does not match the recorded time that an email was received.

The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.

If disable 'Display a notification on endpoints when probably virus/malware is detected' then deploy the policy, the settings will have reverted to enable on Web console.

Several large database files may remain in the "C:\Windows\System32\config\systemprofile\AppData\Roaming\Trend Micro\ESE\data\10009" folder of an endpoint which may cause the endpoint to run out of disk space.

Users may encounter a format error when uploading the YARA file before performing a live investigation.

The Apex One security agent displays a virus detection message when users download certain normal .pptx files.

When Behavior Monitoring is disabled and Browser Exploit Prevention is enabled, some web browser pages may stop responding.

The Endpoint Sensor agent cannot be enabled successfully because the old Endpoint Sensor agent has not been uninstalled completely.

An issue prevents the Application Control agent service from initializing the Digital Signature Pattern (tmwlchk.ptn) in lockdown mode. Application Control needs this pattern to determine which applications are from trusted Trend Micro vendors to be able to allow these applications to run from a protected computer.

A buffer overrun issue prevents users from uninstalling the German version of the Apex One Security Agent successfully.

The Apex One Master Service may stop unexpectedly causing the server to become unavailable.

In non-English Apex One versions, the CSV file attachments in Attack Discovery detections notifications display garbled characters in the column names when opened in Microsoft(TM) Excel(TM).

The following two issues related to the Apex One Data Protection Service may occur on protected computers:

• Users may have trouble accessing the https://fast.com website.
• Agents cannot connect to VPN through the Cisco AnyConnect Secure Mobility Client.

The Apex Central Agent Service may stop unexpectedly causing the server to become unavailable.

Simplified log maintenance

Apex Central automatically deletes logs from Trend Micro servers after 90 days for new customers.

**Note: **

If you are an existing customer and previously changed the default Maximum Log Age, Apex Central retains logs on Trend Micro servers according to the previously configured setting.

Performance Enhancement

Apex One (Mac)

This hotfix improves the performance of Apex One (Mac) as a Service.

This hotfix allows users to search for endpoint names that contains an underscore character "_" in the terminate object page of the Endpoint Sensor web console.

This hotfix resolves an error to ensure that the Endpoint Sensor can perform a scheduled investigation normally.

This hotfix allows users to Single Sign-on (SSO) to other products from the Apex Central web console using a proxy server.

New Features

Pre-assessment installer

Use the pre-assessment installer to automatically verify endpoint resources, install the Security Agent, or reattempt installation on previously incompatible endpoints.

New Features

New policy layout

Enable the newly enhanced Policy Management screen layout to streamline the configuration of Apex One policy settings.

This hotfix enhances Apex Central to share Deep Discovery Analyzer (DDAN) in the hub site to managed OfficeScan (OSCE)/Apex One in the node site.

This hotfix updates the policy deployment process to prevent a time out issue that could trigger several "Endpoint Sensor: 201504423" issues during policy deployment.

This hotfix improves the performance of Apex One (Mac) as a Service.

This hotfix changes the Apex Central Policy page WCU layout so that policy settings are displayed in groups so users do not have to go through one long list of settings.

The file name of the attached ZIP file for a generated report contains garbled text if the report name contains non-alphanumeric characters.

The attached ZIP file for a generated report cannot be opened of the report name contains Traditional Chinese characters.

If Apex Central as a Service is the Node Apex Central of an on-premises Hub Apex Central server, Apex Central as a Service might not be able to receive Suspicious Object Lists from the on-premises Hub Apex Central.

To resolve this issue, contact your support representative.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a backslash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.