"CmdProcessor.exe" stops unexpectedly.

An improper cookie configuration issue has been found.

An issue prevents report-generating jobs from running normally.

Active Directory (AD) synchronization fails if the current user does not have the required permissions to access the AD.

An issue prevents users from deploying the Trend Micro Data Loss Prevention(TM)(DLP) policy from Apex Central when there are identical entries in the exclusion list.

The value of the field "File/Data Size" in DLP logs always appears as "2147483647" on the Apex Central server web console when the triggering file on the endpoint is larger than 2 GB.

A case-sensitivity issue causes AD synchronization to fail.

Custom Data Loss Prevention(TM) (DLP) expressions that contain a question mark and colon in sequence "?:" are invalid.

The "Matched Content" information is missing from the event named scheduled incident summary notification.

The "C&C List Source" column will show "103" rather than the "Relevance rule".

During Daylight Saving Time (DST), inaccurate "Detection Time" information appear in Predicted Machine Learning logs.

An issue prevents Apex Central from synchronizing agent and domain information from managed products.

The following DLL files stop unexpectedly in debug mode.

• cmdHandlerDeployNow.dll
• cmdHandlerProductManager.dll
• cmdHandlerScheduleDownload.dll

Users cannot save the "Allowed USB Devices" list on the Apex Central console if the device information contains an "@" character.

Sometimes, an issue related to the "tmescore.sys" and "tmesutil.sys" drivers of the Apex One Endpoint sensor may trigger blue screen of death (BSOD) on Dell laptops.

The domain users and groups used in User-Defined Rules for Application Control criteria does not update new domain information from Windows Active Directory regularly.

Trend Micro Apex Central receives false positive C&C callback alerts from Apex One as a Service for IP addresses that have been added into the Network Content Inspection Engine (NCIE) approved list.

On the "Agents > Agent Management > Status" page of the Apex One web console, the platform information of agents installed on the Microsoft(TM) Windows(TM) Server 2019 platform appear as Windows Server 2016.

Apex One is affected by an Improper Access Control Information Disclosure vulnerability.

The "Settings" button on the Scan Now Deployment Settings page on the Apex One SaaS Server console is no longer required since these settings are now deployed through policies from Trend Micro Apex Central(TM).

A JSON parsing error prevents Apex One from deploying policies.

An issue prevents the Trend Micro Apex One Data Protection Service from starting is applied on a computer running on the Microsoft(TM) Windows(TM) 7 platform.

This Hotfix improves the performance of the "Automated Analyses" page in handling queries.

This Hotfix adds the "Domain Hierarchy" column in policy target search results.

This Hotfix enables Apex Central to support the following token variables in Behavioral Monitoring event notifications.

• %domain%
• %hierarchy%
• %BM_policy%
• %risklevel%
• %target%

This hotfix upgrades the PHP module to build 7.4.6.

This hotfix enhances the readability and consistency of default user role names by renaming default plural role names to the singular name for all roles (for example, the "Administrators" role is now "Administrator"). If the renamed user role already exists, Apex Central adds "_(1)" after the renamed user role name.

Policy widget enhancement for Apex One (Mac): The "Pass" action is renamed to "Deny access" for Real-time Scan to align with the action name in Apex One. This name change does not affect the functionality.

This Hotfix disables the "Initiate Update" option under the "Outdated Agents" group on the Endpoint Status Widget. This option is no longer relevant after the October 2020 update because Apex One Security Agents now automatically polls the server for updated settings and components and sends status updates at a specific interval.

When Apex One Security Agents are installed in Virtual Desktop Infrastructure (VDI) environment, virtual desktops are created and abandoned quickly which leaves a large number of duplicate machine name entries on the Apex One server web console. The entries will not have the same IP Address and MAC Address. This makes the total security agent count inaccurate. This Hotfix enables Apex One to delete duplicate machine name entries.

This Hotfix enables Apex One to support Security Agent installation on the Microsoft(TM) Windows(TM) 10 October 2020 Update (20H2).

This Hotfix improves the performance of the Security Agent.

This hotfix enables Apex One (Mac) as a Service to support MacOS 11 Big Sur.

The "Pass" action is renamed to "Deny access" for Real-time Scan to align with the action name in Apex One. This name change does not affect the functionality.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a backslash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.