Potential vulnerabilities were found in the PHP module used in Trend Micro Apex Central.

Potential vulnerabilities were found in the SQLite module used in Trend Micro Apex Central.

A database deadlock issue causes the policy deployment to fail.

Using multiple keywords in the filter criteria for hostname does not work correctly when deploying Apex Central policies.

Unexpected data was displayed when reports were obtained through SSO to Apex One.

Issues related to data conversion and field order mismatch in Data Loss Prevention configuration may result in unsuccessful configuration import in Trend Micro Apex One.

When Data Loss Prevention (DLP) is enabled and component updates are required, potential vulnerabilities (CVE-2025-14178, CVE-2026-22184) found in Trend Micro Apex One may affect product functions and uninstallation process.

Issues related to potential security vulnerabilities, agent update logging, platform detection for Windows Enterprise Multi-Session, proxy settings, and data synchronization between the Trend Micro Apex One Security Agent and Trend Micro Apex Central are found.

On the Smart Protection Network screen in the web console, the "Learn More" link directs users to a deprecated URL.

When processing a large number of Other Update Source (OUS) items, duplicate entries may be created or deleted if multiple requests are sent before the initial CGI process completes.

An issue related to XML loading may result in Out of Memory (OOM) conditions and cause the tmlisten.exe process to become unresponsive.

A potential zlib vulnerability (CVE-2026-22184) is found in Trend Micro Apex One.

An issue related to MSI file processing may cause high CPU usage on Trend Micro Apex One Server.

When Data Loss Prevention is enabled, an issue may prevent users from uninstalling Trend Micro Apex One Server.

When installing Trend Micro Apex One Security Agent via MSI on endpoints running 64-bit Windows, the installer may not detect and uninstall competitor products whose registry keys reside in the native 64-bit registry hive.

A stack memory issue may cause the Tmlisten.exe process to become unresponsive.

A potential local privilege escalation vulnerability is found in Trend Micro Apex One Security Agent.

An issue related to spyware action result reporting may cause Trend Micro Apex One to send incorrect detection logs to Trend Vision One.

When a Barco ClickShare USB Type-A device is connected to a machine with Trend Micro Apex One installed, Windows Explorer or the system may become unresponsive.

This Hotfix updates the OpenSSL module to version 3.6.1 and the cURL module to improve product security and performance.

This Hotfix adds ARM64 architecture support for the web browser extension in TmListen, including updates to the NetFilter package, platform detection logic, and decompression handling for Windows ARM64 platforms.

This Hotfix updates Trend Micro Apex One Security Agent to enhance log processing.

This Hotfix extends the DCE backup with SPN feedback support and adds a configurable limit on the artifact info number for DCE.

This Hotfix adds the vom-feature-setting policy feature to enable or disable CCSF AMPPL mode and updates the Trend Micro Apex One Security Agent to process these VOM feature policy updates.

This Hotfix updates the DLP module to enhance Data Loss Prevention capabilities in Trend Micro Apex One Security Agent.

This Hotfix updates the Trend Micro Apex One Security Agent to include SHA256 and MD5 hash fields in Virus and Spyware detection logs to enhance threat identification and reporting capabilities.

This Hotfix adds the User-Mode Self-Protection (UMSP) feature to the Trend Micro Apex One Security Agent and updates the AMSP module to prevent process manipulation and unauthorized process injection.

This Hotfix updates the AEGIS submodule.

This Hotfix updates the iCore module in Trend Micro Apex One (Mac) Security Agent to enhance product security.

This Hotfix enables Trend Micro Apex One (Mac) to collect high-risk system events.

Security Agent consoles running build 13.95 display an incorrect policy name. To resolve this issue, upgrade the Security Agent to 14.0. After the Security Agent contacts the server, the policy name displays correctly.

Off-premises and Security Agents in Independent mode cannot update the Certified Safe Software Pattern from external update sources.

Coexist mode Security Agents on endpoints with Windows Defender may experience installation issues or be unable to upload data to the Apex One server due to a file locking issue. To resolve this issue, add Endpoint Sensor (ESEServiceShell.exe and ESClient.exe) in the exclusions list of Windows Defender to prevent the locking issue.

After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory.

The quality of RCA analysis chain image files is reduced when viewing the files using Windows 10 Photo Viewer.

When attempting to start a Historical Investigation from the Attack Discovery Detections widget that includes Registry value name or Registry value data criteria, the Historical Investigation displays an error message if the length of the Registry value name exceeds 260 characters or the Registry value data exceeds 64 characters.

After updating the Attack Discovery Pattern file (tmesadp.ptn) on Security Agents, a database schema error may occur that causes the Endpoint Sensor feature to continuously report the same detections to the server during each synchronization. This causes duplicate records to display on the Apex Central server.

Root Cause Analysis email attachment results may also include temporary files created when the user saved the file.

The number of matched endpoints that display on a Root Cause Analysis chain may appear to be greater than the total if the Security Agent on an endpoint was uninstalled or no longer reports to the same managing server.

The Endpoint Sensor service may have high memory usage.

The Endpoint Sensor may have high peak CPU usage occasionally.

Endpoint Sensor has CPU peak during Windows Update phase.

The user or account name in ADE detection may be empty.

The EC module may stop responding while handling NULL data which may cause the ESEService and ADE functionality to behave abnormally.

In rare conditions, ESEService stops responding while unloading.

A time zone issue may cause the system to display different log generation time information in the web console. In the web console, the system displays the log generation time in the time zone of the Apex One server.

• The Apex One server stores the log generation time information in GMT+0.
• The Security Agent sends the log generation time information (GMT+0 or local time) to the Apex One server.

After enabling the Scan Time Machine option for Manual Scan and Scheduled Scan, Apex One (Mac) cannot perform any actions (clean, quarantine, or delete) on detected malware threats due to a permission limitation in Mac OS. Configured scan actions are displayed as unsuccessful in the product logs.

When performing a historical investigation on Apex One (Mac) endpoints, the system replaces a slash (/) with a colon (:) in file names, preventing users from searching for file names that contain backslashes in investigation results.

To resolve this issue, use a colon (:) to search for the files.