An internal issue prevents the system from forwarding syslogs.

The system is unable to output custom reports in PDF format.

After creating a new group using Endpoint Group Manager, the system may not synchronize the changes to the Standard Endpoint Protection app in Trend Vision One.

A known vulnerability is found in the PHP component in Apex Central.

A potential Server-Side Request Forgery vulnerability is found in Apex Central.

An error may occur during suspicious object synchronization in Apex Central.

A potential vulnerability is found in the compression module in Apex Central.

The system may not display the correct information in the Product Component Status Widget in the web console.

A potential vulnerability is found in an outdated widget.

Some third-party components used in Apex Central are outdated and vulnerable.

A potential Cross-Side Script vulnerability is found in the Users/Endpoints component.

An issue prevents users from moving selected Security Agents using the Move Agent API.

An issue may cause the system to disable the iES feature.

An issue related to special character processing may cause the system to generate an error when editing account passwords on the My Account screen in the web console.

When a user logs out of a Security Agent endpoint, a date/time mismatch in generated detection logs may occur between the Trend Micro Apex One/Apex Central console and managed Security Agent console.

When Data Protection is enabled, Security Agents may not block the "Print screen" key action from a non-storage device specified in the Blocked Devices list.

Web Reputation settings may still be configurable even when configuration is disabled for the selected Windows platforms in Web Reputation policy in Trend Micro Apex Central.

A default firewall policy rule in Trend Micro Apex One may not restrict some specified incoming and outgoing TCP/UDP traffic.

When Data Loss Prevention (DLP) is enabled, a blue screen of death (BSOD) error may occur on Trend Micro Apex One Security Agent endpoints running Microsoft Windows 11 24H2 with Microsoft Update KB5050094 applied.

This Hotfix updates the related components in Apex Central to protect against the Azul Zulu Java Multiple Vulnerabilities (2024-11-12).

This Hotfix adds bank account template support in Data Loss Prevention for Shang Hai Commercial Bank.

Add auditing log for policy import and export.

This Hotfix adds support in Apex Central for SHA-256 suspicious object type from Suspicious Object Management in Trend Vision One.

This Hotfix enables Security Agents associated with user accounts that have lost access privilege due to account scope change to retain applied policies and be managed by privileged account users.

This Hotfix updates the Advanced Threat Scan Engine (ATSE) to version 24.620.1004 to enhance data scanning for Smart Feedback.

This Hotfix updates the Virus Scan Engine (VSAPI) to version 24.620.1005 to protect against a Link Following Local Privilege Escalation security issue.

This Hotfix updates the 7-Zip module in Trend Micro Apex One to version 24.9 to enhance product security.

This Hotfix updates the Trend Micro Apex One Security Agent program to prevent a potential Improper Upgrade Service security issue.

This Hotfix updates the Security Agent move process for Standard Endpoint Protection in Endpoint Inventory in Trend Vision One to enhance product integration.

This Hotfix updates the Apex One (Mac) Server to prevent potential Cross-Site Scripting (XSS) vulnerability attacks.

This Hotfix enhances the log collection capability of Trend Micro Debug Manager by updating the Trend Micro Apex One (Mac) Security Agent.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

The EC module may stop responding while handling NULL data which may cause the ESEService and ADE functionality to behave abnormally.

In rare conditions, ESEService stops responding while unloading.

A time zone issue may cause the system to display different log generation time information in the web console. In the web console, the system displays the log generation time in the time zone of the Apex One server.

• The Apex One server stores the log generation time information in GMT+0.
• The Security Agent sends the log generation time information (GMT+0 or local time) to the Apex One server.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a slash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.