An issue prevents a node Apex Central from registering successfully to a hub Apex Central.

C&C callback event notifications display inaccurate callback address information.

Long URL strings do not display normally in the "Top Threats" widget.

An error occurs when automation APIs are used to retrieve web security syslog data.

If a user account or contact group has been chosen to be included onto a scheduled Report Recipients, and the Report Creator does not include these Recipients or Contact Group, the Report Creator's My Report List does not list the Scheduled Report instance.

An error prevents popup windows from appearing after users click the deviation link on the Policy page.

Users encounter an error message while editing an existing user account.

The "%time%" variable in email notifications for both Behavior Monitoring violations and predictive Machine Learning detections display the wrong time information.

When the policy owner changes, user accounts with administrator roles do not receive the corresponding notification email.

Apex Central sends out an SNMP test notification when it should send out an email policy violation event SNMP notification.

The "Domain Login" option disappears from the web console after the Apex Central service restarts.

The DLP Scheduled incident summary attached in Event Notification email messages may contain inaccurate information when the DLP log count field is empty.

An Active Directory (AD) sync job fails when the AD user does not have enough permission to sync up whole trusted domains.

An issue prevents Apex One SaaS from registering to XDR.

The Deep Security Agent blocks Apex Central Update and Hotfix installation.

Product registration to Apex Central fails because the soft server entity count has reached the maximum value. This may happen when Apex Central does not detect Deep Security Agents as Server Entities.

A report generation issue causes "cmdProcessor.exe" to stop unexpectedly.

An issue prevents Apex Central from sending out Machine Learning Notifications.

Users cannot log on to Apex One as a Service with credentials that do not match the case sensitive requirements specified for the Trend Micro Account.

An issue prevents Apex One as a Service users from deleting existing firewall profiles.

Apex One Security Agents still use the proxy server to poll the Apex One server even when the server has been added into the proxy exceptions list under the Windows Internet Options. Security Agents that have been configured to use a non-existent proxy server will appear as "Offline" on the Apex One web console.

Avid third-party applications may not work properly when the Apex One Data Protection Service is enabled on the Security Agent.

When the Apex One Data Protection Service is enabled on the Apex One Security Agent, users may experience a decrease in performance while using the Google Chrome or Microsoft Internet Explorer browsers.

The Security Agent may become unresponsive when a memory leak issue from the wildcard checking function in the file hook module causes persistent "Keychain requests" and "Keychain crashed" errors.

From the Users/Endpoints directories, users can create "Labels", which include specified endpoint or auto-labeled rules.

Policy target selection, log queries, and custom reports added a new method to select Labels as policy deployment targets and data retrieval.

Added a new external API to get Apex One DLP Policy information.

This new API allows users to get all existing DLP policy names and deployed agent lists.

Apex One as a Service has permanently switched to the new policy UI layout.

This Hotfix adds the log name in the header of CEF Intrusion Prevention Log notifications and renames the following CEF keys.

• from "SLF_RuleID" to "cn1Label Rule"
• from "SLF_RuleContent" to "cs1Label Reason/Rule"
• from "SLF_IsDetectionOnly" to "cn2Label Mode"
• from "SLF_ConnectionType" to "cs2Label Application_Type"
• from "SLF_Rank" to "cn3Label Priority"
• from "SLF_SeverityCode" to "cn4Label Severity"

This Hotfix adds the "File Name", "File Path", and "Scan Type" columns in Spyware/Grayware detections log query results and the "Scan Type" column in Virus/Malware detections log query results.

This Hotfix adds the "User Name" column to the Product Status log query results.

This Hotfix adds the following two Windows Events:

• Windows Event 9001 : Apex One Server is unreachable from Apex Central while user click the Single Sign On ( Apex One as a Service Only )
• Windows Event 9002: Apex Central Trend Micro Infrastructure Service is unreachable while user click the Single Sign On.

Refined the time range options for Apex Central dashboard widgets to specify the number of days instead of weeks.

The Server Registration screen is now called Product Servers and allows users to SSO from an easier to find location (Directories > Product Servers).

This Hotfix updates the executable path of the Apex One NT WSC Service to prevent a potential Unquoted Service Path vulnerability.

The Contextual Intelligence Engine has implemented a filter pattern to reduce network traffic usage.

This Hotfix enhances the maximum capacity of the Internet Explorer Proxy Exception List from 1024 to 4096.

This Hotfix allows the Apex One Security Agent to bypass the Windows Proxy Server settings when connecting to the Internet directly.

This Hotfix updates the local Behavior Monitoring (BM) pattern to the latest version to reduce Anti-Exploit false alerts.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

The EC module may stop responding while handling NULL data which may cause the ESEService and ADE functionality to behave abnormally.

In rare conditions, ESEService stops responding while unloading.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a slash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.