The "cn3Lable" CEF key displays the wrong value in Virus/Malware syslogs.

Garbled characters appear in the subject field of event notification email messages.

Each user account can run more than one session simultaneously even when the "Enforce one session per account" feature is enabled.

The "%BM_policy%" token variable displays the wrong information in Behavior Monitoring notification email messages.

An issue prevents users from performing Single Sign-on (SSO) to Apex One from the "Product Servers" page.

Inaccurate Spyware/Grayware log query results may appear on the Apex Central web console and the "Action result" field in Spyware/Grayware Found notification email messages may also display inaccurate information.

Static Template Apex One client information reports may indicate that some up-to-date agent components are outdated.

Single Sign-On (SSO) from Apex Central may not work when a large number of users are active simultaneously.

Insufficient system memory causes IIS to work abnormally.

A Cross-Site Scripting (XSS) vulnerability has been detected in HTTP headers.

The login pages of the Apex Central web console are affected by stored XSS vulnerabilities.

A privilege escalation issue has been found in the Reports module.

Apex Central cannot generate reports because the report generating module cannot read the database configuration correctly.

An issue causes "CmdProcessor.NET.exe" to stop unexpectedly on the "Users/Endpoints" page.

Users encounter an "Access Deny" message while attempting to copy Apex One Agent policies.

An issue prevents users from accessing the Device Control policy setting page on the Apex One SaaS web console.

An issue prevents Apex One Security agents from applying hotfixes to the Apex One server.

An issue may trigger the agent process to stop unexpectedly.

An issue related to the Data Loss Prevention(TM) (DLP) module can trigger a high CPU usage issue.

When the Apex One Data Protection service is enabled on Security Agents installed on Microsoft(TM) Windows(TM) 10 October 2018 Update (Redstone 5) endpoints, web browsers may stop unexpectedly when users attempt to upload file attachments in webmail.

When the Apex One Data Protection Service is enabled on Security Agents, users may not be able to open Microsoft Office applications normally on protected computers with low specifications.

Apex One Security Agents still appear "Online" even when endpoint computers have lost Internet connection.

Security Agents configured to allow users to modify local settings may overwrite the user's settings during the next server synchronization.

After migrating the agent from OfficeScan XG to Apex One SaaS, the security agent encountered an update loop problem.

The spyware scan feature of Manual Scan in Apex One Security Agents is affected by an Improper Access Control Privilege Escalation vulnerability.

After configuring Data Protection keys that monitor file uploads to websites, Security Agents may still randomly block file uploads to approved sites.

An issue related to the VSAPI decompress function may cause a vulnerability in the Apex One as a Service program.

The DLP module may trigger a false alarm while the Dropbox installer is running.

A large number of Web Reputation Service detection logs are generated after agents receive the January 20, Batch 1 updates.

High system memory usage might result when the Virus Scan Engine is scanning a file.

The Security Agent is unable to update the server certificate if the registration status is unsuccessful.

Using the netfilter system extension may cause a memory leak.

Added the configuration settings for DLP policy Rules and Exceptions applied to Internal and External agents to the external API -"Data Loss Prevention".

Added a new single sign-on entry to Trend Micro Vision One in the menu bar. Customers who purchase an Endpoint Sensor license and have previously logged on to the Trend Micro Vision One console can single sign-on using the registered Trend Micro Account.

This Hotfix adds a retry mechanism to help minimize SQL exceptions during Apex Central installation.

This Hotfix updates the Apex One Vulnerability Protection module to remove unnecessary information in the description of Intrusion Prevention Rules.

This Hotfix updates the VSAPI/ATSE engine to version 12.5 to resolve CHM (Compiled HTML) vulnerabilities.

This Hotfix enables Apex Central to re-deploy filter type child polices after a parent policy is edited.

This Hotfix adds USB storage device information (Vendor, Model, Serial ID) to Device Control violation logs with Block permission on the Apex Central console.

To ensure maximum protection across all desktop and server platforms, Security Agent Self-Protection features are enabled by default and are no longer configurable using the product console.

The Unauthorized Change Prevention Service provides a light-weight "Performance mode" that allows you to protect Server platforms against ransomware threats without adversely affecting server performance.

This Hotfix enables Apex One to support the application filter hash matching feature for the Firewall Policy Exception so that users are able to specify applications to use the file hash value on.

You can now direct Security Agents to utilize local Smart Protection Servers using the Trend Micro Apex One cloud console.

This Hotfix fixes the exposure of sensitive information to an unauthorized actor security issue.

This Hotfix updates the Behavior Monitoring driver and services to improve the security in Apex One Security Agent computers.

This Hotfix improves the procedure for setting folder permissions.

This Hotfix resolves a Server-Side Request Forgery Information Disclosure security issue in Apex One.

This Hotfix resolves an Out-Of-Bounds Write security issue in Apex One.

This Hotfix resolves an Out-Of-Bounds Read security issue in Apex One as a Service.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

The EC module may stop responding while handling NULL data which may cause the ESEService and ADE functionality to behave abnormally.

In rare conditions, ESEService stops responding while unloading.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a slash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.