The time range setting does not work in Detail Application Control View of the Report Template.

The number of policy targets that displays on the Policy Management is incorrect because the count does not include offline Security Agents.

Apex Central does not run the deploy command even if it already downloaded new components from the ActiveUpdate (AU) server.

Inaccurate information may appear in Virus Event Notifications.

Apex Central displays complete software version information in error pages.

The wrong information displays in the "Action" field on Behavior Monitoring event notifications.

The target policy count in the "Application Control Criteria" page becomes inaccurate after the Apex One Security Agent policy inherits policies.

The Trend Micro Data Loss Prevention(TM) (DLP) service does not work normally in Google Chrome 80 and may cause it to stop unexpectedly.

Security Agents become offline after applying updates from an update agent.

The Apex One Master Service may stop unexpectedly causing the server to become unavailable.

After installing the March 2020 upgrade on Apex One, users may encounter the following error message while deploying policies.

"Endpoint Sensor: No valid license"

Incomplete Live Investigation YARA scan results may appear in the "Summary" and "Details" pages, as a result, users will not be able to access and view YARA and the Root Cause Chain for certain protected computers.

Sometimes, the Application Reputation List of the Application Control Criteria in the Apex Central web console displays "No result Found" after a Certified Safe Software Pattern update.

When Apex One detects multiple viruses in a file, the detection names display merged and cannot be distinguished individually.

The Predictive Machine Learning (PML) folder exclusion settings are not applied to sub-folders.

The length of the Scan Exclusion List (File Extensions) in the Apex One web console does not match the length of the list on the Apex Central web console.

When the Apex One server is added into the Microsoft(TM) Internet Explorer(TM) (IE) proxy exception list, the Apex One Security Agent still pings the proxy. As a result, the Apex One Security Agent becomes offline if the IE proxy points to a non-existent proxy server.

When the DLP service is enabled on Apex One security agent computers, Google Chrome 80 and higher versions may stop unexpectedly while users upload file attachments in Webmail.

The Apex One Behavior Monitoring module may use up a large amount of CPU resources while handling hooked events in some heavy-loaded endpoints that experience a large number of events.

This Hotfix enables the "Device Type" field in device control logs to display "Mobile devices" instead of "Non-storage USB".

This hotfix enables the Apex Central Threat Statistics widget to detect the following violation log types:

• Firewall Violation
• Behavior Monitoring
• Network Content Inspection
• Device Control
• Suspicious Files
• Predictive Machine Learning

Syslog Forwarding Enhancement

Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server.

Vulnerability Patches

Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.

Password Complexity Enhancement

Apex One as a Service user account passwords and the Apex One Security Agent uninstallation password have the same password complexity requirements.

Security Agent Password Complexity

The Uninstall Security Agent feature includes enhanced password complexity requirements for better security.

This hotfix enables the manual hash value list and file path list of the Application Control Criteria to support up to 100 entries.

The Message DR feature may skip certain email file attachments during an email sweep in the Root Cause Analysis Chain. This hotfix applies the Endpoint Sensor May 2020 release which allows users to select more files for email sweeps.

This hotfix allows the Powershell command line to support up to 32767 characters to match the design of the ADE widget from Microsoft.

The Apex One server and Security Agents collect Windows event logs related to critical system events (move Security Agent, uninstall Security Agent, reset password) and sends the logs to Apex Central Product Auditing Event logs.

The Unload and Uninstall Security Agent feature includes enhanced password complexity requirements for better security.

Policy inheritance has been added to the Trusted Program List policy.

Security Agents can prevent ransomware attacks that leverage a vulnerability in the Encrypting File System (EFS) for Windows.

The Trend Micro Apex One server does not automatically uninstall the following antivirus software before installing the Apex One Security Agent.

• Carbon Black Cloud Sensor 3.5.0.1627 x64
• Carbon Black Cloud Sensor 3.5.0.1627 x86

The file name of the attached ZIP file for a generated report contains garbled text if the report name contains non-alphanumeric characters.

The attached ZIP file for a generated report cannot be opened of the report name contains Traditional Chinese characters.

If Apex Central as a Service is the Node Apex Central of an on-premises Hub Apex Central server, Apex Central as a Service might not be able to receive Suspicious Object Lists from the on-premises Hub Apex Central.

To resolve this issue, contact your support representative.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a backslash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.