When extended SMTP (ESMTP) is enabled, users are unable to receive two-factor authentication (2FA) email messages.

Users are unable to register the Apex One server to Apex Central.

An issue related to the LogQuery module may make the system prone to potential CSV Excel Macro Injection (CEMI) attacks.

The policy target information is not available when the user account used to create the policy is deleted.

User-defined URL suspicious objects that contain invisible characters may result in unsuccessful user-defined suspicious object list synchronization with Apex One and Deep Security.

An information exposure vulnerability is found in the web console module.

A Cross-Site Scripting (XSS) vulnerability is found in the product tree module.

The web console may display an enlarged icon after isolating an offline agent.

The system automatically overwrites the logon user information in Users/Endpoints on a regular basis.

A CSRF token is not set to secure mode.

A Cross-Site Scripting (XSS) vulnerability is found in the policy list module.

An error handling issue in the Endpoint Sensor module may cause a blue screen of death (BSOD) error on Apex One Security Agent endpoints.

An issue related to the Application Control agent may result in a slow application startup.

The Apex One NT RealTime Scan ("Ntrtscan.exe") service may stop operating on Security Agent endpoints running Microsoft™ Windows™ 7 (32-bit) due to an error related to the full program path in the Trusted Programs List.

When Data Loss Prevention (DLP) is configured to detect adult content for Email Channel Monitoring on Security Agent endpoints, the system may generate false-positive detection alerts.

On the Security Agent console, users are unable to configure the monthly schedule settings on a week day or on the first Sunday for Scheduled Scan.

Blue screen of death (BSOD) may occur on Apex One Security Agent endpoints when the Apex One Firewall Service is enabled.

The digital signature integrity checking process provided in the Apex One as a Service 2022-08 release for the Apex One Security Agent program may cause the system to generate excessive number of security alert notifications for Behavior Monitoring detections.

In the Japanese version of the Apex One as a Service web console, the "Behavior Monitoring Settings" section under "Global Agent Settings" on the Policies screen contains a typographical error.

The Apex One Security Agent does not perform the specified scan action ("Rename") on detected files with potential malware threats.

An issue related to the Behavior Monitoring detection log handling may cause the Apex One Master Service ("ofcservice") to stop unexpectedly. When this happens, the Apex One server may not be able to synchronize the Apex One Security Agent status and domain information with the Apex Central server properly.

This Hotfix fixes the Cross-Site Scripting (XSS) security issue.

This Hotfix allows accounts with special characters in the user name to log into the web console.

For Apex One as a Service, this Hotfix updates the connection availability test to include single sign-on (SSO) sessions to Apex One.

This Hotfix removes the Trend Micro NDIS 6.0 Filter Driver (TmLwf.sys) service from Apex One Security Agent since the associated Intrusion Detection System (IDS) feature of the Apex One Firewall service has been retired after the Apex One as a Service 2022-01 release.

This Hotfix enhances the Security Agent Self-protection capabilities of Apex One Security Agent to protect the associated registry keys and Trend Micro services.

This Hotfix updates the Apex One Security Agent program to enhance the digital signature integrity checking process of the Apex One Client Plug-in Service Manager to resolve a potential Local Privilege Escalation security issue.

This Hotfix adds the "Customized Update Source" information for the "Agent Update Source" in Windows Application Event Logs in Apex One server.

This Hotfix updates the Apex One utilities to enhance product security.

This Hotfix enhances the update flow for the Suspicious Object lists to protect against a potential security issue.

This Hotfix updates the Apex One (Mac) Security Agent installation package to improve the installation process.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

The EC module may stop responding while handling NULL data which may cause the ESEService and ADE functionality to behave abnormally.

In rare conditions, ESEService stops responding while unloading.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a slash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.