This Patch resolves the following issue(s):
Certain specific paths cannot be added into the exception list of the Apex One Server from the policy setting page of the Apex Central console.
Solution
This Patch updates the Apex Central policy component to resolve the issue.
The device control list disappears from the policy deployment page of the Apex Central console after migration.
Solution
This Patch updates the Apex Central policy deployment module to resolve the issue.
A case-sensitivity issue prevents Apex Central from generating reports successfully.
Solution
This Patch resolves the issue so Apex Central can generate reports normally.
Chinese characters appear garbled in report email notifications.
Solution
This Patch ensures that Chinese characters display normally in report email notifications.
The information in SNMP notifications does not match the information in the MIB file.
Solution
This Patch ensures that the information in SNMP notifications is consistent with the corresponding information in the MIB file.
The Windows Event Log is not triggered by a "Pattern file/Cleanup template update successful" event when the "Available Users and Groups list" is empty.
Solution
This Patch resolves this issue.
An error occurs when users add a user defined Suspicious Object (UDSO) through the AddUserDefinedSO API.
Solution
This Patch resolves the error.
Apex Central sends outdated detection notifications.
Solution
This Patch ensures that only new detection logs trigger notifications.
The following enhancements are included in this Patch:
This Patch enables the Apex One Vulnerability Protection module to support up to 100 entries in the approved IP list.
This Patch extends the timeout value from 30 seconds to 180 seconds to help minimize SQL exceptions during Apex Central installation.
This Patch enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.1.
This Patch adds the following information in syslog:
This Patch enables Apex Central to support Device Control Logs from Trend Micro Security for Mac™. On-premise Trend Micro Security for Mac installations require Trend Micro Security for Mac 2021 Patch 3 to support this enhancement.
This Patch enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 6000)" engine component for Trend Micro Deep Discovery Inspector 6.0.
Currently, when a user sends an isolation/restore isolation task through Apex Central, the page will display a message indicating that the command has been sent and is now wait for the agent to be notified. To refresh the status, users need to navigate away from the page and go back again.
There are no files included in this Patch release.
To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com
To access the Online Help, go to http://docs.trendmicro.com
No special installation instructions are provided.
No special uninstallation instructions are provided.
Control Manager service packs, patches, and hotfixes can be found on the Trend Micro website or obtained from a technical support engineer.
http://downloadcenter.trendmicro.com/index.php?clk=latest&clkval=5180
No post-installation steps required.
NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.
Known issues in this release:
Users cannot configure proxy or authentication settings for Deep Discovery Inspector or Deep Discovery Email Inspector on the Edit Server screen.
The user or account name in Attack Discovery logs may be empty.
The signer info in the Attack Discovery logs may be empty.
This release of Apex Central does not currently link to the latest documentation. For the latest Online Help content, refer to the following link: https://docs.trendmicro.com/en-us/enterprise/apex-central-patch-2-online-help/Home
Users encounter an internal server error while searching for specific users or endpoints in the "User/Endpoint Directory" page.
Solution
This Hotfix ensures that users can search for specific name or endpoints in the "User/Endpoint Directory" page normally.
When configuring policies, users were unable to sort Active Directory as a criteria option.
Solution
The issue has been resolved.
The search results on the "DLP Incident By User" widget do not accurately apply the selected time range.
Solution
The issue has been resolved.
The Server Registration/Product Server screen may display the server IP address instead of the server URL.
Solution
The default display of the Server URL has been updated to the server name (FQDN / Hostname) first and then the IP address.
Summarizing the Data Loss Prevention Log may consume an unexpected volume of SQL Server CPU resources.
Solution
The summarizing process has been updated to reduce the CPU resource consumption.
The "Product Events" logs on Log Maintenance are not purged daily.
Solution
This Hotfix resolves this issue.
"CmdProcessor.exe" may not release some memory blocks or handles promptly after completing certain actions such as component updates.
Solution
This Hotfix improves resource management and memory/handle cleanup for "CmdProcessor.exe" to prevent this issue.
This release supports the following new components: -- Damage Cleanup Engine (Universal) -- Virus Scan Engine (Universal) -- Advanced Threat Scan Engine (Universal)
This Hotfix reduces detailed step logs when "LogProcessor.exe" is on debug mode.
The general information about certain security threats do not display normally on the Control Manager web console.
Solution
This Hotfix resolves this issue.
The Data Loss Prevention™ (DLP) module does not accept some valid regular expressions on the Control Manager web console.
Solution
This Hotfix resolves this issue.
The "cs5" CEF key displays a numerical value instead of a meaningful string in Content Security Logs.
Solution
This Hotfix ensures that the correct information appears in Content Security Logs.
An issue prevents Apex Central from forwarding Web Violation Logs to the SIEM server.
Solution
This Hotfix resolves the issue so Apex Central can forward Web Violation Logs to the SIEM server normally.
One-time reports generated with custom templates do not follow the specified time period.
Solution
This Hotfix ensures that custom one-time reports display events that occur in the specified time period.
When users search for endpoints on the "User/Endpoint Directory" page, the search results display only up to 15 endpoints.
Solution
This Hotfix ensures that all endpoint search results display normally on the "User/Endpoint Directory" page.
This Hotfix extends the supported range of Discover and Maestro Credit Card Numbers in Control Manager.
This Hotfix adds the following two custom CEF keys for all detection logs except for Content Violations and Application Control logs.
The "Retain tree structure" option for the Agent Migration Tool does not work.
Solution
This Hotfix resolves this issue.
Users can modify Apex One settings after accessing the Apex One console through Single Sign-On (SSO) using an account with "Read-Only" privileges.
Solution
This Hotfix ensures that only accounts with the required privileges can be used to modify the Apex One settings.
An issue prevents users from successfully exporting advanced search results on the "User/Endpoint Directory" page.
Solution
This Hotfix resolves the issue.
The open and close parenthesis characters, "(" and ")", cannot be used in regular expressions.
Solution
This Hotfix resolves this issue.
An issue prevents Apex Central from generating weekly spyware reports.
Solution
This Hotfix resolves the issue to ensure that weekly spyware reports are generated successfully.
After the Active Directory (AD) sync process has been updated to make it deterministic, it may not be able to run normally in some AD environments.
Solution
This Hotfix ensures that AD sync runs normally.
When the inheritance option is set to "Extend from Parent", the scan exclusion list becomes read only and the "Deviations" field in the policy list displays "N/A". When this happens, users cannot add exclusions to child policies.
Solution
The Hotfix ensures that users can edit child policies.
NOTE: Policies will need to be deployed again after applying this Hotfix.
Procedure
To deploy the policies again:
NOTES: If the Deviations becomes "0", follow the steps below to recover the exclusion list.
To recover the exclusion list:
"policyName":"YOUR_ORIGIONAL_POLICY_NAME"
An issue prevents Apex Central from deploying patterns to Trend Micro InterScan™ for Microsoft™ Exchange™ (ISME).
Solution
This Hotfix resolves this issue so Apex Central can deploy patterns to InterScan for Microsoft Exchange.
An issue prevents Apex Central from downloading forensic files when it is connected to the Apex One Server through an HTTP Proxy.
Solution
This Hotfix ensures that Apex Central can download forensic files normally while connected to the Apex One Server through an HTTP Proxy.
A full program path that contains an ampersand character "&" cannot be deleted from the approved programs list of the Behavior Monitoring policy.
Solution
This Hotfix resolves this issue.
All agents are incorrectly sorted into "without policy" if the owner of an existing policy has been removed from Apex Central.
Solution
This Hotfix resolves this issue.
An out-of-memory exception prevents the Active Directory (AD) sync job from completing normally.
Solution
This Hotfix resolves the issue.
The "Log On with Domain Credentials" button on the login page is disabled.
Solution
This Hotfix resolves this issue.
SSO fails because it uses up a large amount of port resources.
Solution
This Hotfix resolves this issue.
An issue causes "CmdProcessor.exe" to stop unexpectedly.
Solution
This Hotfix resolves this issue.
An issue triggers Apex Central to stop sending event logs to Threat Intelligence Center.
Solution
This Hotfix resolves the issue so Apex Central sends event logs to Threat Intelligence Center normally.
An issue prevents users from importing the User-Defined Suspicious Object (UDSO) list manually using "ImportSOFromCSV.exe".
Solution
This Hotfix resolves this issue so the USDO list can be imported manually using "ImportSOFromCSV.exe".
An issue prevents Apex Central from updating the product information for InterScan for Microsoft Exchange.
Solution
This Hotfix resolves this issue.
Apex Central cannot update the status of endpoints while running MDR tasks when the IP address list contains a semicolon ";".
Solution
This Hotfix resolves the issue by enabling the parsing process to recognize the semicolon as a delimiter when sending information to the TIC server.
This Hotfix enables Apex Central to match both Account Display Name and sAMAccountName when users search for User Accounts in the Device Control Rule and Application Control Rule of the Apex One Security Agent policy. Apex Central will return both the matching Account Display Name and sAMAccountName in the "Display Name \ sAMAccountName" format.
This Hotfix replaces "Unactivated Licenses" to "Inactive Licenses" on the Apex Central web console.
This Hotfix enables the Apex One Vulnerability Protection module to support user-defined mode changes for each Intrusion Prevention rule.
NOTE: This feature requires the installation of Apex One Patch 9565 or above.
Procedure
To configure the user-defined mode:
An unexpected "Database Busy" warning message displays in the "User/Endpoint Directory" page when users attempt to update the Apex Central web console.
Solution
This Hotfix resolves this issue.
Duplicate email addresses appear in customized reports generated by Apex Central.
Solution
This Hotfix resolves this issue.
Inaccurate information displays when users drill down the "Agent Connection Status" widget.
Solution
This Hotfix resolves this issue.
An issue prevents Apex Central from sending logs to the syslog server.
Solution
This Hotfix resolves this issue.
Users cannot specify a time range while creating a new custom template.
Solution
This Hotfix resolves this issue.
Inaccurate information displays when users drill down the "Product Component Status" widget.
Solution
This Hotfix resolves this issue.
A memory leak issue causes high CPU usage on protected computers.
Solution
This Hotfix resolves the issue.
An issue prevents users from accessing the application control console and deploying the log maintenance module.
Solution
This Hotfix resolves the issue.
Report contents do not display properly because of an improper template setting.
Solution
This Hotfix resolves the issue.
Users can modify Apex One settings after accessing the Apex One console through Single Sign-On (SSO) using an account with "Read-Only" privileges.
Solution
This Hotfix ensures that only accounts with the required privileges can be used to modify the Apex One settings.
Duplicate organizational unit (OU) entries cause the Active Directory (AD) sync to fail.
Solution
This Hotfix resolves the issue.
Inaccurate Product Status information appear in Log Query results.
Solution
This Hotfix ensures that the correct Product Status information appears in Log Query results.
"Suspicious object detections by channel/infection layer" reports cannot be generated successfully because the number of detection logs exceeds the limit.
Solution
This Hotfix extends the limit to ensure that the reports can be generated successfully.
A policy cannot be deployed when a large number of AD OUs are selected as filter criteria.
Solution
This Hotfix helps ensure successful policy deployment.
Users can select the "SSO_User" role when creating accounts.
Solution
This Hotfix ensures that the "SSO_User" role does not appear on the list when users create accounts.
The SMTP server settings do not accept Fully Qualified Domain Names (FQDN) with last domain names longer than three characters.
Solution
This Hotfix resolves this issue.
"CasProcessor.exe" stops unexpectedly.
Solution
This Hotfix resolves this issue.
The Data Loss Prevention™ (DLP) module does not support CJK Compatibility Ideographs.
Solution
This Hotfix enables the DLP module to support CJK Compatibility Ideographs.
An issue false to remove schedule task which prevents Apex Central to pull logs from Product.
Solution
The hotfix resolves this issue.
OU names that contain diacritics cause AD sync to fail.
Solution
This Hotfix resolves the issue.
An issue prevents users from retrieving the "Last Manual Scan" time information from the log query after running a manual scan on an agent computer.
Solution
This Hotfix resolves the issue so users can retrieve the "Last Manual Scan" time information correctly.
Users are redirected to a different web page after clicking the "Learn More" link under "Ransomware Prevention" on the dashboard.
Solution
This Hotfix ensures that users are redirected to the correct page after clicking the link.
The customized email notification templates for Attack Discovery detections revert to the default setting after upgrading.
Solution
This hotfix resolves this issue.
The number of logs in the "Endpoint Spyware/Grayware" custom reports does not match the information in "Detailed Spyware/Grayware Information" custom reports.
Solution
This Hotfix changes the query criteria for "Detailed Spyware/Grayware Information" custom reports to use the detection time to ensure that the number of logs match the information in "Endpoint Spyware/Grayware" custom reports.
The Application Control criteria in the Apex One Security Agent policy disappears from the Apex Central policy.
Solution
This Hotfix updates the Application Control files to resolve this issue.
This Hotfix enables Apex Central to support the new engine component "Virtual Analyzer Sensors (Linux)" for Trend Micro Deep Discovery Analyzer 7.0.
This Hotfix ensures that users can configure email messages using the "mail" or "proxyAddresses" attribute of Active Directory (AD) users.
This Hotfix improves the Isolate, Restore, Relocate, or Uninstall Security Agent API by adding the "host_name_filter" to the following blur search criteria for the "host_name" variable.
For more information, refer to "https://automation.trendmicro.com/apex-central/home".
This Hotfix enables the Security Posture Widget to display Mac Agents under managed endpoints.
This Hotfix updates the Application Control files to extend the maximum number of Application Control Criteria to 350 in the Apex Central console.
This Hotfix adds the "Assessment" option in the Application Control rule assignment page.
This Hotfix ensures that Apex Central can deploy policies and API_key to Trend Micro InterScan™ Messaging Security Suite (IMSS) successfully.
This Hotfix enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5800)" engine component for Trend Micro Deep Discovery Inspector 5.8.
This Hotfix improves the stability of deploying Active Keys from Apex Central.
The "cn3Lable" CEF key displays the wrong value in Virus/Malware syslogs.
Solution
This Hotfix resolves this issue.
Garbled characters appear in the subject field of event notification email messages.
Solution
This Hotfix resolves the issue only on fresh installations of Apex Central.
Each user account can run more than one session simultaneously even when the "Enforce one session per account" feature is enabled.
Solution
This Hotfix ensures that each user account can run only one session at a time when the "Enforce one session per account" feature is enabled.
The "%BM_policy%" token variable displays the wrong information in Behavior Monitoring notification email messages.
Solution
This Hotfix ensures that the "%BM_policy%" token variable works normally.
An issue prevents users from performing Single Sign-on (SSO) to Apex One from the "Product Servers" page.
Solution
This Critical Patch resolves the issue so users can SSO to Apex One from the "Product Servers" page normally.
Inaccurate Spyware/Grayware log query results may appear on the Apex Central web console and the "Action result" field in Spyware/Grayware Found notification email messages may also display inaccurate information.
Solution
This Hotfix ensures that the correct information appears in both instances.
Static Template Apex One client information reports may indicate that some up-to-date agent components are outdated.
Solution
This Critical Patch ensures that the reports display the correct agent component status.
Single Sign-On (SSO) from Apex Central may not work when a large number of users are active simultaneously.
Solution
This Hotfix resolves this issue so users can SSO from Apex Central normally.
Insufficient system memory causes IIS to work abnormally.
Solution
This Hotfix resolves the memory issue.
A Cross-Site Scripting (XSS) vulnerability has been detected in HTTP headers.
Solution
This Hotfix adds an X-XSS-Protection Header to prevent the XSS vulnerability.
The logon pages of the Apex Central web console are affected by stored XSS vulnerabilities.
Solution
This Hotfix resolves the vulnerabilities.
A privilege escalation issue has been found in the Reports module.
Solution
This Critical Patch resolves the issue.
Apex Central cannot generate reports because the report generating module cannot read the database configuration correctly.
Solution
This Critical Patch resolves the issue.
An issue causes "CmdProcessor.NET.exe" to stop unexpectedly on the "Users/Endpoints" page.
Solution
This Critical Patch resolves this issue.
Users encounter an "Access Deny" message while attempting to copy Apex One Agent policies.
Solution
This Critical Patch ensures that users can copy Apex One policies successfully.
This Critical Patch adds a retry mechanism to help minimize SQL exceptions during Apex Central installation.
This Hotfix updates the Apex One Vulnerability Protection module to remove unnecessary information in the description of Intrusion Prevention Rules.
This Hotfix updates the VSAPI/ATSE engine to version 12.5 to resolve CHM (Compiled HTML) vulnerabilities.
This Critical Patch enables Apex Central to re-deploy filter type child polices after a parent policy is edited.
This Critical Patch adds the configuration settings for DLP policy Rules and Exceptions applied to Internal and External agents to the external API "Data Loss Prevention".
This Hotfix improves the command tracking description for the results of sending suspicious objects to managed products.
An issue prevents a node Apex Central from registering successfully to a hub Apex Central.
Solution
This Hotfix resolves the issue so a node Apex Central can register to the hub Apex Central normally.
C&C callback event notifications display inaccurate callback address information.
Solution
This Hotfix resolves this issue.
Long URL strings do not display normally in the "Top Threats" widget.
Solution
This Hotfix resolves the issue.
An error occurs when automation APIs are used to retrieve web security syslog data.
Solution
This Hotfix resolves this issue.
If a user account or contact group has been chosen to be included onto a scheduled Report Recipients, and the Report Creator does not include these Recipients or Contact Group, the Report Creator's My Report List does not list the Scheduled Report instance.
Solution
This Hotfix resolves this issue by ensuring that the Creator's My Report List always lists the Scheduled Report instances correctly.
An error prevents popup windows from appearing after users click the deviation link on the Policy page.
Solution
This Hotfix resolves this issue.
Users encounter an error message while editing an existing user account.
Solution
This Hotfix ensures that users can edit existing user accounts successfully.
The "%time%" variable in email notifications for both Behavior Monitoring violations and predictive Machine Learning detections display the wrong time information.
Solution
This Hotfix resolves this issue.
When the policy owner changes, user accounts with administrator roles do not receive the corresponding notification email.
Solution
This Hotfix ensures that administrator user accounts receive policy owner change notification email messages.
Apex Central sends out an SNMP test notification when it should send out an email policy violation event SNMP notification.
Solution
This Hotfix ensures that Apex Central sends out the correct SNMP notifications.
The "Domain Login" option disappears from the web console after the Apex Central service restarts.
Solution
This Hotfix resolves this issue.
The DLP Scheduled incident summary attached in Event Notification email messages may contain inaccurate information when the DLP log count field is empty.
Solution
This Hotfix resolves this issue.
An Active Directory (AD) sync job fails when the AD user does not have enough permission to sync up whole trusted domains.
Solution
This Hotfix resolves this issue.
An issue prevents Apex One SaaS from registering to XDR.
Solution
This Hotfix resolves this issue.
The Deep Security Agent blocks Apex Central Update and Hotfix installation.
Solution
This Hotfix resolves this issue.
Product registration to Apex Central fails because the soft server entity count has reached the maximum value. This may happen when Apex Central does not detect Deep Security Agents as Server Entities.
Solution
This Hotfix resolves this issue.
A report generation issue causes "cmdProcessor.exe" to stop unexpectedly.
Solution
This Hotfix resolves this issue.
An issue prevents Apex Central from sending out Predictive Machine Learning detections Notifications.
Solution
This Hotfix resolves this issue.
This Hotfix renames the "Malware Pattern for Android (Advanced)" pattern to "MARS Pattern for Android".
This Hotfix adds the log name in the header of CEF Intrusion Prevention Log notifications and renames the following CEF keys.
This Hotfix adds the "File Name", "File Path", and "Scan Type" columns in Spyware/Grayware detections log query results and the "Scan Type" column in Virus/Malware detections log query results.
This Hotfix adds the "User Name" column to the Product Status log query results.
This Hotfix adds the following two Windows Events:
Added a new external API to get Apex One DLP Policy information.
This new API allows users to get all existing DLP policy names and deployed agent lists.
Refined the time range options for Apex Central dashboard widgets to specify the number of days instead of weeks.
This Hotfix updates the Apex One Vulnerability Protection feature to add the following settings under the Network Engine Settings.
An issue prevents Apex Central from running manual downloads and scheduled downloads normally.
Solution
This Hotfix resolves the issue so Apex Central can run manual downloads and scheduled downloads normally.
"CmdProcessor.exe" stops unexpectedly.
Solution
This Hotfix resolves the issue.
An improper cookie configuration issue has been found.
Solution
This Hotfix resolves the issue.
A DM server queueing issue prevents report-generating jobs from running normally.
Solution
This Hotfix resolves the issue so reports are generated successfully.
Active Directory (AD) synchronization fails if the current user does not have the required permissions to access the AD.
Solution
This Hotfix ensures that AD synchronization proceeds normally under the scenario above.
An issue prevents users from deploying the Trend Micro Data Loss Prevention™(DLP) policy from Apex Central when there are identical entries in the exclusion list.
Solution
This Hotfix resolves this issue.
The value of the field "File/Data Size" in DLP logs always appears as "2147483647" on the Apex Central server web console when the triggering file on the endpoint is larger than 2 GB.
Solution
This Hotfix resolves this issue.
A case-sensitivity issue causes AD synchronization to fail.
Solution
This Hotfix resolves the issue.
Custom Data Loss Prevention™ (DLP) expressions that contain a question mark and colon in sequence "?:" are invalid.
Solution
This Hotfix resolves the issue.
Single Sign-On (SSO) fails when the proxy server requires NTLM authentication.
Solution
This Hotfix resolves the issue so users can still perform SSO under the scenario above.
The "Matched Content" information is missing from the event named scheduled incident summary notification.
Solution
This Hotfix resolves this issue.
The "C&C List Source" column will show "103" rather than the "Relevance rule".
Solution
This Hotfix resolves this issue.
During Daylight Saving Time (DST), inaccurate "Detection Time" information appear in Predicted Machine Learning logs.
Solution
This Hotfix resolves the issue.
An issue prevents Apex Central from synchronizing agent and domain information from managed products.
Solution
This Hotfix resolves the issue to ensure that Apex Central can synchronize agent and domain information from managed products successfully.
The following DLL files stop unexpectedly in debug mode.
Solution
This Hotfix ensures that the libraries work normally in debug mode.
Users cannot save the "Allowed USB Devices" list on the Apex Central console if the device information contains an "@" character.
Solution
This hotfix resolves the issue so users can save the "Allowed USB Devices" list.
This Hotfix improves the performance of the "Automated Analyses" page in handling queries.
This Hotfix adds the "Domain Hierarchy" column in policy target search results.
This Hotfix enables Apex Central to support the following token variables in Behavioral Monitoring event notifications.
This Hotfix adds the new "Malware Pattern for Android (Advanced)" component.
This hotfix enhances the readability and consistency of default user role names by renaming default plural role names to the singular name for all roles (for example, the "Administrators" role is now "Administrator"). If the renamed user role already exists, Apex Central adds "_(1)" after the renamed user role name.
This Hotfix upgrades the PHP module to build 7.4.6.
Policy widget enhancement for Apex One (Mac): The "Pass" action is renamed to "Deny access" for Real-time Scan to align with the action name in Apex One. This name change does not affect the functionality.
When administrators add Active Directory (AD) domains to the "ADSyncOUList.config" approved list without specifying the Organizational Unit (OU), Apex Central is unable to synchronize the Active Directory domains.
Solution
This hotfix resolves the issue so that users can add AD domains to the "ADSyncOUList.config" approved list without specifying the OU.
When the Active Directory (AD) manager has only one reporting staff and the staff account on the AD server is disabled between synchronization tasks, Apex Central is unable to synchronize the Active Directory.
Solution
This hotfix resolves the issue so that Apex Central can synchronize the Active Directory even if a reporting staff account is disabled between synchronization tasks.
Apex Central may not be able to send scheduled reports by email when there is a large number of reports.
Solution
This hotfix resolves the issue.
In C&C callback event notifications, the callback address field may contain complete URLs of malicious websites which users can click.
Solution
This hotfix resolves this issue.
Users encounter an error message while editing an existing user account.
Solution
This hotfix ensures that users can edit existing user accounts successfully.
The SIEM server displays inaccurate information when Apex Central sends Attack Discovery logs containing JSON content.
Solution
This hotfix ensures that SIEM servers display complete and accurate information for Attack Discovery logs containing JSON content.
The Trend Micro Infrastructure (TMI) service stops unexpectedly.
Solution
This hotfix resolves this issue.
Apex Central is unable to deploy new components downloaded from the ActiveUpdate (AU) server.
Solution
This hotfix ensures that Apex Central can deploy newly downloaded components from the AU server.
There is a typographical error in the syslog content for the following log types:
Solution
This hotfix corrects the typographical error.
The "%vloginuser%" token does not display any information in C&C callback notifications.
Solution
This hotfix ensures that the "%vloginuser%" token displays the required information in C&C callback notifications.
An issue may corrupt the "Systemconfiguration.xml" file and prevent services from starting properly.
Solution
This hotfix adds a mechanism to help protect the "Systemconfiguration.xml" file from corruption.
Some components on the Dashboard are out-of-date.
Solution
This hotfix updates the components.
A database timeout issue prevents policy deployment.
Solution
This hotfix resolves this issue.
An issue prevents programs in the Plug-in Program List from appearing on Manual Update and Scheduled Update program lists.
Solution
This hotfix ensures that these plug-in programs appear in the Manual Update and Scheduled Update lists.
If a Root Cause Analysis does not return any matching targets, "N/A" appears in the corresponding "Users/Endpoints" field.
Solution
After applying this hotfix, "No Match" displays in the "Users/Endpoints" field for Root Cause Analysis results that do not return any matching targets.
Users cannot click the "Deploy" button when creating a new policy.
Solution
This hotfix resolves the issue.
User name information does not appear in Virus/Malware syslog messages.
Solution
This hotfix resolves the issue.
The Deep Security Agent connection status does not display on the Apex Central Agent Connection Status dashboard widget.
Solution
This Hotfix ensures that the Agent Connection Status widget displays the status of the Deep Security Agent.
In environments where a proxy server is required to establish the connection between Apex One and Apex Central, a communication error occurs and prevents Apex Central from deploying policies successfully.
Solution
This hotfix resolves the communication error and ensures that Apex Central successfully deploys policies when connecting to Apex One through a proxy server.
This hotfix improves IIS stability.
This hotfix adds the "UK: RD&E Hospital Number" field to the DLP module rule template.
This hotfix adds the "User Name" column to the Product Status log query results.
If an Active Directory domain only has one child domain, Apex Central does not automatically a parent domain when filtering policy targets by Active Directory structure.
This hotfix enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5700)" engine component for Trend Micro Deep Discovery Inspector 5.7.
This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.0.
The "System" and "SSO_User" user accounts and user roles are hidden by default.
The banner on the "User-Defined Suspicious Objects" tab contains inaccurate information.
Solution
This hotfix ensures that the banner displays accurate information.
C&C Callback event notifications display an "unknown action" error when users attempt to use the "%act%" token variable.
Solution
This hotfix resolves the issue.
Filtered policies cannot be deployed successfully to agents in subdomains that contain an apostrophe "'".
Solution
This hotfix resolves the issue.
When Data Loss Prevention™ (DLP) logs are sent in syslog form, policy names appear as "N/A".
Solution
This hotfix ensures that the correct policy names appear in the DLP logs.
Device Control logs cannot be queried from the "Logs Query" page.
Solution
This hotfix resolves the issue.
CSS style errors cause columns to overlap when printing pages.
Solution
This hotfix resolves the issue.
It may take a long time to generate a report using a template that contains the "Endpoint Pattern/Engine Status Summary". When this happens, the report generation task remains in "In progress" status.
Solution
This hotfix resolves the issue.
Users do not receive scheduled report notification email messages.
Solution
This hotfix ensures that users receive a notification email each time a scheduled report is generated.
The wrong scan method information appears in the "Product View" page.
Solution
This hotfix ensures that the correct scan method information displays in the "Product View" page.
No results display when users run a Log Query and select the same date in the two date fields of the "Custom Range" date filter.
Solution
This hotfix resolves the issue.
An issue prevents Apex Central from generating Active Directory user group reports successfully.
Solution
This hotfix resolves the issue.
An issue prevents Apex Central from forwarding Intrusion Prevention logs to the syslog server.
Solution
This hotfix resolves the issue so Apex Central can forward Intrusion Prevention logs to the syslog server normally.
An exception occurs when users click the "View" in the Security Threat Details table of the Threats tab.
Solution
This hotfix resolves the issue.
Apex Central is unable to save SSO service URLs that contain special characters.
Solution
This hotfix resolves the issue.
The Active Directory (AD) cannot be synched successfully if running in a database with "Estonian_CI_AS" collation.
Solution
This hotfix resolves the issue.
A Deploy Pattern Update command may be cancelled by the next Deploy Pattern update command even if the commands contain different components. As a result, some components are not deployed to the product server.
Solution
This hotfix ensures that a new Deploy Pattern Update command will cancel the previous Deploy Pattern Update command only if they have exactly the same component types.
Users cannot import policies normally.
Solution
This hotfix ensures that users can import policies successfully.
There are some Cross-Site Scripting (XSS) vulnerabilities in Custom Intelligence
Solution
The hotfix fixes Cross-Site Scripting (XSS) vulnerabilities in Custom Intelligence
This hotfix improves the product profile merge operation to reduce job failures.
This hotfix increases the maximum supported DLP file size from 2 GB to 1024 GB.
This hotfix applies the following changes to the Firewall Violations log:
This hotfix updates the following error messages that display when iVP policy deployment fails.
Error Code 130 From: Vulnerability Protection Service: Policy deployment unsuccessful: Unable to uninstall incompatible agent program To: Vulnerability Protection Service: Unable to deploy. Deep Security installed
Error Code 112 From: Vulnerability Protection Service: Policy deployment unsuccessful: Incompatible agent program on endpoint To: Vulnerability Protection Service: Policy deployment unsuccessful: Unable to deploy. Deep Security installed
CEF syslogs include "Active Directory domain" and "Apex One domain hierarchy" information for each log type.
Accounts in User Roles without a Policy Resource or Response permissions are logged-out of the web console after any of the following widgets are added into the first page of the Dashboard.
Top Violated Application Control Criteria Top Blocked Applications Attack Discovery Detections Top Endpoints Affected by IPS Events Top IPS Events Top IPS Attack Sources Vulnerability Protection
Solution
The hotfix resolves this issue.
SQL Server support
Apex Central supports Microsoft SQL Server 2019 Cumulative Update 4 (CU4) and SQL Server Express CU4.
Web browser support
Apex Central supports Microsoft Edge (Chromium).
Syslog enhancements
• Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server. • Common Event Format (CEF) syslogs indicate the type of critical threat detected.
Policy inheritance
Enhancements to Behavior Monitoring, Predictive Machine Learning, and the Trusted Program List policies allow for policy inheritance support.
Additional Advanced Threat Activity notifications
Apex Central supports Advanced Threat Activity event notifications for Behavior Monitoring violations and Predictive Machine Learning detections.
Vulnerability patches
Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.
Enhanced API integration
Apex Central provides APIs for forwarding detection logs in CEF format, Product Auditing Events, Security Agent pattern update statuses, or Security Agent engine update statuses to SIEM servers.
For more information, see https://automation.trendmicro.com/apex-central/home.
Advanced Logging Policy optimization
The Advanced Logging Policy for Apex One Vulnerability Protection (Policies > Policy Management > Apex One Security Agent > Vulnerability Protection Settings > Network Engine Settings) uses "Stateful, Frag, and Verifier Suppression" by default to exclude fragmentation and verifier related events.
Concurrent session limitation
Apex Central allows administrators to prevent multiple web console sessions per user account.
Critical event auditing
The Apex One server and Security Agents collect Windows event logs related to critical system events (move Security Agent, uninstall Security Agent, reset password) and sends the logs to Apex Central Product Auditing Event logs.
Dashboard enhancements
Impact Analysis enhancement
The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.
New dashboard widgets
Attack Discovery logs include MITRE™ Tactics and Techniques information and Windows Antimalware Scan Interface (AMSI) data.
Password complexity enhancement
The "Policy Management" page loads repeatedly after users click the "Endpoints/Products without policies" count on the page.
Solution
The hotfix ensures that the relevant information displays under the scenario described above.
Active Directory (AD) synchronization may fail because the mail column in the database is too small.
Solution
This hotfix makes the necessary adjustments so AD synchronization runs normally.
Active Directory synchronization is unsuccessful if the root domain of domain is unrecognition
Solution
This hotfix resolves the issue.
The "%Hierarchy%" token does not display any information in email notifications.
Solution
This hotfix ensures that the "%Hierarchy%" token displays the required information in email notifications.
After Trend Micro Apex One™ (Mac™) registers to Apex Central, the "Product Component Status" field displays "No data to display".
Solution
This hotfix resolves this issue so the correct product component status appears on the Apex Central web console.
An issue prevents the Policy Management screen from displaying properly.
Solution
This hotfix resolves the issue to ensure that the Policy Management screen displays properly.
File paths appear in the wrong format in syslogs.
Solution
This hotfix ensures that file paths appear in the proper syslog format.
Apex Central services stops unexpectedly.
Solution
This hotfix resolves this issue.
The "Local Folder" node on the product tree can be expanded when users create an Active Directory (AD) account with the "DLP_Compliance_Officer" or "DLP_Incident_Reviewer" role.
Solution
This hotfix ensures that the "Local Folder" node is greyed-out under this scenario.
Users do not receive C&C callback outbreak alert notifications.
Solution
This hotfix ensures that users receive C&C callback outbreak alert notifications.
The "Host Name" field in Behavior Monitoring Violations notifications displays the product server host name instead of the endpoint host name.
Solution
This hotfix ensures that the "Host Name" field in Behavior Monitoring Violations notifications displays the endpoint host name.
The action field in log query results may display "Reboot system required" instead of "Reboot system successfully" even when the endpoint has restarted successfully.
Solution
This hotfix ensures that the action field in log query results displays "Reboot system successfully" when the endpoint has restarted successfully.
A high CPU usage issue occurs on the SQL server when purging Web Violations logs.
Solution
This hotfix prevents the high CPU usage issue from occurring in this scenario.
A performance issue causes an "Unable to execute SQL command. The database is busy. Try again after a few minutes." error in the "Historical Investigation" page of the Apex Central web console.
Solution
This hotfix prevents the error by improving the performance of the "Historical Investigation" page.
Users cannot search for targets to deploy policies by "Filter by Criteria" or "Specify Target(s)" in the "Policy Management" page.
Solution
This hotfix ensures that users can search for targets for policy deployment correctly.
The Product Directory page is affected by Cross-Site Scripting (XSS) issues.
Solution
This hotfix resolves the issue.
This hotfix renames the "Host Name" field to "Endpoint" in unmanaged endpoints dataview.
This hotfix expands the IP address columns used in the Data Loss Prevention™ (DLP) violation log so that it can support the IPv6 address format.
This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 6.9.
This hotfix adds the new "Endpoint Sensor Activity Filtering Pattern" pattern.
Users cannot search for targets to deploy policies by "Filter by Criteria" or "Specify Target(s)" in the "Policy Management" page.
Solution
This hotfix ensures that users can search for targets for policy deployment correctly.
Users do not receive event notifications if the log generation time field is empty.
Solution
This Hotfix ensures that Apex Central can send event notifications successfully when the log generation time field is empty.
Apex Central does not allow the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.
Solution
This Hotfix enables Apex Central to support the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.
Syslog Forwarding Enhancement
Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server.
Vulnerability Patches
Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.
Password Complexity Enhancement
Apex One as a Service user account passwords and the Apex One Security Agent uninstallation password have the same password complexity requirements.
Security Agent Password Complexity
The Uninstall Security Agent feature includes enhanced password complexity requirements for better security.
This Hotfix adds new informational metadata in the Intrusion Prevention rules and disables the Informational rules by default in security mode.
When the "m_iDuplicateAll" setting in the "SystemConfiguration.xml" file is enabled, Apex Central downloads only the engine and program files and skips the pattern files.
Solution
This Hotfix ensures that Apex Central downloads pattern, program, and engine files normally when the "m_iDuplicateAll" setting is enabled in "SystemConfiguration.xml".
Apex Central does not run the deploy command even if it already downloaded new components from the ActiveUpdate (AU) server.
Solution
This Hotfix ensures that Apex Central can run the deploy command after downloading new components from the AU server.
Inaccurate information may appear in Virus Event Notifications.
Solution
This Hotfix ensures that Virus Event Notifications display complete and accurate information.
Apex Central displays complete software version information in error pages.
Solution
This Hotfix prevents Apex Central from displaying the complete software version information in error pages.
The wrong information displays in the "Action" field on Behavior Monitoring event notifications.
Solution
This Hotfix ensures that Behavior Monitoring event notifications displays complete and accurate information.
Apex Central does not allow the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.
Solution
This Hotfix enables Apex Central to support the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.
This Hotfix enables the "Device Type" field in device control logs to display "Mobile devices" instead of "Non-storage USB".
This hotfix enables the Apex Central Threat Statistics widget to detect the following violation log types:
The time range setting does not work in Detail Application Control View of the Report Template.
Solution
This hotfix ensures that the time range setting works normally on the Report Template.
The number of policy targets that displays on the Policy Management is incorrect because the count does not include offline Security Agents.
Solution
This hotfix updates the policy target number to display the correct value, including offline Security Agents.
Users do not receive event notifications if the log generation time field is empty.
Solution
This Hotfix ensures that Apex Central can send event notifications successfully when the log generation time field is empty.
Users cannot Single Sign-on (SSO) to Apex One from the Apex Central web console in debug mode.
Solution
This Hotfix ensures that users can SSO to Apex One from the Apex Central web console in debug mode.
Apex Central Service may stop unexpectedly while recording output database connection errors to debug logs.
Solution
This Hotfix resolves this issue.
This hotfix enables Apex Central Policy Management to support Trend Micro Mobile Security for Enterprise (Security Mode).
This hotfix enables Apex Central to support suspicious object upload and synching in Trend Micro Web Security.
Users cannot open the Apex Central web console on macOS Catalina because the Apex Central self-signed certificate does not comply with the new security requirements in iOS 13 and macOS 10.15.
Solution
To resolve this issue:
If user click assess impact in "quick investigation" widget will not bring the parameter to Historical Investigation page.
Solution
This hotfix fixes this issue.
The content in generated reports that use the "TM Managed Product Connection Component Status" custom template shows "no data to display" when "Tags and Filters" are selected as targets.
Solution
This hotfix ensures that Apex Central can generate "TM Managed Product Connection Component Status" reports correctly.
The PDF creator cannot parse <wbr> tags correctly which causes it to record inaccurate report size information.
Solution
This hotfix replaces the <wbr> tag with another word-break tag to ensure that reports are formatted correctly.
Logforwarder cannot forward logs when the IP address field contains multiple IP addresses and one of the addresses is in IPv6 format.
Solution
This hotfix ensures that the Logforwarder can forward logs normally under the scenario described above.
A high CPU usage issue occurs on the SQL server when purging Behavior Monitoring logs.
Solution
This hotfix prevents the high CPU usage issue from occurring in this scenario.
When the Security Agent is unregistered from Apex Central, reports and log queries display a different number of Malware/Virus detection logs.
Solution
This hotfix ensures that reports and log queries display the same number of Malware/Virus detection logs.
Users with Read-Only privileges may be able to export the Data Loss Prevention™ (DLP) pattern.
Solution
This hotfix ensures that only users with the required permissions can export the DLP pattern.
When users create a filter policy and select "Directories: Product Directory" in the "Filter by Criteria" page, the product directory does not display any product.
Solution
This hotfix ensures that the product directory displays normally in the "Filter by Criteria" page.
In event logs, the event time does not match the recorded time that an email was received.
Solution
This hotfix ensures that the event time in event logs matches the time of receipt of the email message.
The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.
Solution
This hotfix ensures that the policy settings display properly.
If disable 'Display a notification on endpoints when probably virus/malware is detected' then deploy the policy, the settings will have reverted to enable on Web console.
Solution
This hotfix is to update User Interface dependency on web console to solve this issue.
Simplified log maintenance
Apex Central automatically deletes logs from Trend Micro servers after 90 days for new customers.
**Note: **
If you are an existing customer and previously changed the default Maximum Log Age, Apex Central retains logs on Trend Micro servers according to the previously configured setting.
Performance Enhancement
Apex One (Mac)
This hotfix improves the performance of Apex One (Mac) as a Service.
This hotfix allows users to search for endpoint names that contains an underscore character "_" in the terminate object page of the Endpoint Sensor web console.
This hotfix resolves an error to ensure that the Endpoint Sensor can perform a scheduled investigation normally.
This hotfix allows users to Single Sign-on (SSO) to other products from the Apex Central web console using a proxy server.
This hotfix enhances Apex Central to share Deep Discovery Analyzer (DDAN) in the hub site to managed OfficeScan (OSCE)/Apex One in the node site.
When users create a filter policy and select "Directories: Product Directory" in the "Filter by Criteria" page, the product directory does not display any product.
Solution
This hotfix ensures that the product directory displays normally in the "Filter by Criteria" page.
In event logs, the event time does not match the recorded time that an email was received.
Solution
This hotfix ensures that the event time in event logs matches the time of receipt of the email message.
If user click assess impact in "quick investigation" widget will not bring the parameter to Historical Investigation page.
Solution
This hotfix fixes this issue.
Issue: The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.
Solution
Solution: This hotfix ensures that the policy settings display properly.
Note: To ensure that child policies deploy correctly, expand the Trusted Program List or Predictive Machine Learning Settings for the parent policy and click Deploy.
This hotfix allows users to Single Sign-on (SSO) to other products from the Apex Central web console using a proxy server.
This hotfix allows users to search for endpoint names that contains an underscore character "_" in the terminate object page of the Endpoint Sensor web console.
This hotfix resolves an error to ensure that the Endpoint Sensor can perform a scheduled investigation normally.
Users cannot Single Sign-On (SSO) to the Apex One web console from the Apex Central web console.
Solution
This hotfix resolves the issue.
Issue: The Apex One Security Agent policy settings for the Trusted Program List and the Predictive Machine Learning Exceptions list do not display properly.
Solution
Solution: This hotfix ensures that the policy settings display properly.
Note: To ensure that child policies deploy correctly, expand the Trusted Program List or Predictive Machine Learning Settings for the parent policy and click Deploy.
Users with Read-Only privileges may be able to export the Data Loss Prevention™ (DLP) pattern.
Solution
This hotfix ensures that only users with the required permissions can export the DLP pattern.
An issue prevents Apex Central to acquire logs.
Solution
This hotfix fixes this issue.
Domain users are unable to install Apex Central hotfixes.
Solution
This hotfix ensures that domain user accounts can successfully install Apex Central hotfixes.
This hotfix enhances Apex Central to share Deep Discovery Analyzer (DDAN) in the hub site to managed OfficeScan (OSCE)/Apex One in the node site.
Vulnerability Patches
Apex Central has patched Cross Site Scripting (XSS) vulnerabilities.
Performance Enhancement
Apex One (Mac)
This hotfix enhances the performance of Apex One (Mac) as a Service.
Performance Enhancement
Apex One (Mac)
This hotfix improves the startup speed and startup flow of the Apex One Security Agent to help reduce unexpected errors during Security Agent startup.
New Features
Security Agent Uninstallation
Apex One (Mac) provides enhanced password security for Security Agent uninstallation on endpoints when an uninstallation password is required.
New Features
Policy Management Enhancement
Apex One Security Agent policies support inheritance for Predictive Machine Learning settings.
New Features
Enhanced API Integration
Apex Central supports a new API that forwards detection logs in CEF format to SIEM servers.
The Apex Central server times out when the SQL server queries large data sets.
Solution
This hotfix resolves the server timeout issue.
The Trend Micro Deep Discovery Web Inspector product profile cannot be merged successfully because it contains unnecessary ASCII characters.
Solution
This hotfix removes unnecessary ASCII characters from the Deep Discovery Web Inspector product profile to ensure that the profile can be merged successfully.
The number of queried Attach Discovery Detection logs on Log Query differ from the number of forwarded Syslog entries forwarded.
Solution
This hotfix ensures that there is no discrepancy between the number of queried Attach Discovery Detection logs on Log Query and the number of forwarded Syslog entries.
An issue prevents the Syslog Forward function from working under the UDP protocol.
Solution
This hotfix resolves the issue.
A path traversal vulnerability has been found in Apex Central 2019.
Solution
The hotfix resolves the path traversal vulnerability.
The system does not save non-monitored targets in the Data Loss Prevention™ (DLP) policy setting if the target contains uppercase characters.
Solution
This hotfix resolves this issue by ensuring that the system saves non-monitored targets in the DLP policy setting even if the target contains uppercase characters.
The intrusion prevention rules are missing on the Apex Central version running on Norway platforms.
Solution
This hotfix resolves this issue by enabling the rule update function to properly support Norway platforms.
An issue prevents the Operation Center from merging custom reporting line circles so it displays random custom reporting line names instead. This issue occurs if the custom reporting lines include an Active Directory user that does not have a manager.
Solution
The hotfix ensures that the custom reporting line displays correctly in this situation.
An issue prevents Apex Central from deploying policies after it is upgraded from Control Manager 6.0.
Solution
The hotfix resolves this issue.
An issue prevents Apex Central from purging Behavior Monitoring Logs.
Solution
The hotfix resolves the issue so that Behavior Monitoring Logs are purged correctly.
An issue triggers false rebuild attack discovery detections every hour, which affects Apex Central performance.
Solution
This hotfix resolves the issue.
The "Database is busy. Please..." error message appears on the "User/Endpoint Directory" page when the SQL server and database use different collation settings.
Solution
This hotfix resolves the error by updating the SQL script to enable it to use the database collation settings instead of the SQL server collation settings.
This hotfix enables Apex Central to sort policy changing domain agents every 10 minutes instead of at 15:15 everyday.
This hotfix adds a new error message containing the workaround for when Single-Sign On (SSO) fails because the browser cookie length limit has been exceeded.
This hotfix enables Apex One as a Service Hybrid mode to support Data Lake integration for Root Cause Analyses.
The Deep Discovery Web Inspector product profile cannot be merged successfully because it contains unnecessary ASCII characters.
Solution
This hotfix removes unnecessary ASCII characters from the Deep Discovery Web Inspector product profile to ensure that the profile can be merged successfully.
The web console of Apex Central as a Service displays a warning message and a disabled "Start Retro Scan" button in the Security Threat information for a URL.
Solution
This hotfix removes the warning message and the disabled "Start Retro Scan" button from the Security Threat page for URLs.
An issue prevents Apex Central from generating reports successfully.
Solution
This hotfix resolves the issue to ensure that Apex Central can generate reports successfully.
Deep Discovery Web Inspector (DDWI) does not support Single Sign-On (SSO) but the SSO link for Deep Discovery Web Inspector appears on the "Server Registration" page.
Solution
This hotfix removes the SSO link for Deep Discovery Web Inspector (DDWI) from the "Server Registration" page.
The Root Cause Analysis task runs continuously if the target agent has been removed.
Solution
This hotfix adds a timeout value for the Root Cause Analysis task.
Passwords are not salted individually.
Solution
This hotfix ensures that passwords are salted individually.
This hotfix enables Apex Central to support the Login Sharing Prevention feature.
This hotfix enables the Operation Center to display information in Chart View and Table View.
When receiving Web Violation logs, the corresponding Web Access Policy Violation Alerts under Event Notifications do not display the login user information.
Solution
This hotfix ensures that Web Access Policy Violation Alerts display the login user information normally.
Apex Central is affected by PHP vulnerabilities.
Solution
This hotfix upgrades the PHP module to build 7.1.33.
The OpenSSL and libcurl modules are affected by a Code Injection Vulnerability.
Solution
This hotfix resolves the vulnerability.
This hotfix adds Behavior Monitoring violations alert settings under the Event Notification settings.
This hotfix adds Predictive Machine Learning detections alert settings under the Event Notification settings.
LogForwarder forwards mapping string labels instead of the integer when forwarding Action column content of Behavior Monitoring.
This hotfix enables Apex Central to support the new engine component "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5600)" for Trend Micro Deep Discovery Inspector 5.6.
When users create criteria using the Application Reputation List on Apex Central, some applications that were selected from the list become unselected after a TMCSS pattern update.
Solution
This hotfix updates the Apex Central file to resolve this issue.
The Trend Micro Interscan™ Messaging Security (IMSS) policy is not fully functional on Apex Central.
Solution
This hotfix ensures that the IMSS policy is fully functional on Apex Central.
The "Filter by criteria" function cannot match keywords when users specify multiple keywords and separate each by a comma.
Solution
This hotfix ensures that the "Filter by criteria" function matches multiple keywords normally.
This hotfix enables Apex Central as a Service to monitor Single Sign-On issues through Microsoft™ Windows™ event logs.
This hotfix renames the "InterScan Web Security as a Service" Server Type option to "Trend Micro Web Security" in the "Administrator > Server Registration" page on the Apex Central web console.
A specific SQL query blocks several processes on the Control Manager server.
Solution
This hotfix ensures that the specific SQL query does not block processes on the Control Manager server.
This hotfix enables Apex Central to support Trend Micro Deep Discovery Web Inspector.
This hotfix enables the following three widgets to display information from the past 30 days.
Procedure
To summarize data from the last 30 days:
Policies are not deployed if there is a carriage return in the filter criteria.
Solution
The hotfix ensures that policies are deployed successfully.
Users encounter "4624(S): An account was successfully logged on" events with Logon Type 8 which warns that passwords are recorded in clear text on the server memory.
Solution
The hotfix prevents passwords from being saved in clear text on the server memory.
This hotfix allows users to select a virtual analyzer to be used for an Apex One as a Service server on the "Server Registration" page in hybrid mode.
This hotfix adds the following three new widgets in Apex Central to provide users with information on Intrusion Prevention (IPS) events.
Top Endpoints Affected by IPS Events Top IPS Attack Sources Top IPS Events
Dashboard enhancements
The widgets on the former DLP Incident Investigation tab are now on the Data Loss Prevention tab.
Impact Analysis enhancement
The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.
Web Console Auto Refresh enhancement
You can configure the Apex Central management console to automatically refresh the screen every 600 seconds (enabled by default).
This hotfix provides an iAC log purge function in the "Log Maintenance" page of the Apex Central web console.
An issue prevents users from selecting targets to deploy Apex Central policies.
Solution
The hotfix ensures that Apex Central policies are deployed normally.
When users search for Active Directory (AD) user names or user groups while creating a policy under the Device Control Settings, the AD user names or user groups do not display on the search bar.
Solution
This hotfix ensures that users can search for AD user names or user groups normally when creating Device Control policies.
This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.
Solution
This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.
This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 6.8.
This hotfix adds the new column "Expiration date" for User-Defined Suspicious Objects (UDSO) in Apex Central.
An SQL function usage compatibility issue causes hotfix installation to fail.
Solution
This hotfix resolves the issue to ensure that hotfixes can be installed normally.
This hotfix ensures that activation (AC) keys are renewed automatically when the keys are added or redeployed to products.
This hotfix enables users to add "unmanaged endpoints" information to custom reports.
An issue prevents the "Product Component Status" widget from displaying information normally.
Solution
This hotfix resolves the issue so that the "Product Component Status" widget can display information normally.
This hotfix enables Apex Central to support Trend Micro Safe Lock™ 3.0.
In the Data Loss Prevention™ (DLP) Policy Settings page, the device serial ID field supports up to 32 characters only.
Solution
This hotfix extends the maximum device serial ID length to 64 characters.
The "This feature supports only IPv4" warning in the "Apex One Data Loss Prevention Settings > Apex One DLP" screen is misleading.
Solution
This hotfix removes the "This feature supports only IPv4" warning from the "Apex One DLP" settings screen.
This hotfix ensures that Microsoft™ Azure Active Directory (AD) could Single Sign-On (SSO) to the Apex Central web console normally.
This hotfix enables users to add the Apex One domain hierarchy information in applicable virus event notifications using the "%hierarchy%" token.
The Active Directory (AD) cannot be synched successfully because "Logprocessor.exe" runs out of memory during AD synchronization.
Solution
This hotfix prevents the out-of-memory issue to ensure that AD can be synched successfully.
This hotfix allows Apex Central to enable the "self-integrity check" setting for the ActiveUpdate (AU) module by default.
This hotfix helps prevent a misconfiguration issue that may trigger the generation of a large number of violation logs, by blocking the use of an asterisk "*" wildcard character in the root file path properties and each certificate properties on the "Application Control Criteria" setting page.
This hotfix enables Apex Central to support the new component "Advanced Threat Scan Engine (Mac, 64-bit)" for Apex One (Mac™).
The UI layout does not display when users click on "Show working panel" while editing the Custom Report template.
Solution
This hotfix ensures that the UI layout displays normally when users click the "Show working panel" button while editing the Custom Report template.
This hotfix ensures that the LogForwarder tool sends pattern update status logs and engine update status logs normally.
This hotfix enables Apex Central to send File Hash detection logs and Network Content Inspection logs to the Threat Investigation Center (TIC).
Users cannot log on to the Apex Central web console using a password that contains a space character.
Solution
This hotfix enables users to use passwords that contain a space character to log on to the Apex Central web console.
The UI debug log displays the wrong message when the OpenIOC file has been uploaded successfully.
Solution
This hotfix ensures that UI debug log displays the correct message after the OpenIOC file has been uploaded successfully.
When users add email addresses to the "Event Notification > Watchlisted Recipients At Risk" list, only the first 64 characters of the string will be saved.
Solution
This hotfix ensures that users can add email messages normally into the "Watchlisted At Risk" list.
An issue prevents Apex Central from generating manual or scheduled reports when the scan date data is empty.
Solution
This hotfix resolves the issue to ensure that Apex Central can generate reports normally.
This hotfix updates the Active Directory (AD) sync tool to enable it to limit or approve which Organizational Units (OUs) are synced to Apex Central. Users can configure this feature by setting-up the approved and exception lists in the "ADSyncOUList.config" file.
This hotfix prevents Cross-site Scripting (XSS) issues in the filter by criteria mechanism when creating policies.
An issue prevents automation APIs from relocating or uninstalling agents.
Solution
The hotfix helps ensure that agents can be relocated or uninstalled using automation APIs.
The Web Console Timeout setting does not work normally.
Solution
This hotfix ensures that the Web Console Timeout setting works normally.
Apex Central cannot overwrite policy settings when the Apex One agent changes a policy locally.
Solution
This hotfix ensures that policies are deployed normally.
An I18N issue is found in Users/Endpoints.
Solution
This hotfix resolves the I18N issue.
The pie chart in "DLP template Matches" widget displays the "Others" category even when the option is not selected.
Solution
This hotfix adds an additional filter logic to ensure that information categorized under "Others" does not appear in the pie chart when the option is not selected.
Apex Central deploys the wrong action setting for IP-type User-Defined Suspicious Objects (UDSO) that have been added to the SO list using Custom Intelligence Automation APIs.
Solution
This hotfix ensures that the correct action for IP-type USDOs are deployed to managed products.
The "Trusted Program List" of the Apex One Security Agent policy setting is case-sensitive.
Solution
This hotfix makes the "Trusted Program List" policy setting case-insensitive.
Uses cannot download and save reports when there are non-English alphanumeric characters in the report name.
Solution
This hotfix resolves the issue so users can save and download reports using file names with non-English alphanumeric characters.
Apex Central SaaS displays unrelated categories in static report template on Microsoft™ Internet Explorer™ 11.
Solution
The hotfix ensures that only the following four categories are displayed in static reports in Apex Central SaaS.
The "Virus Scan Engine (Windows XP/Server 2003, x64)" component name is no longer accurate since Control Manager stopped support for Microsoft™ Windows™ Server 2003.
Solution
This hotfix renames the "Virus Scan Engine (Windows XP/Server 2003, x64)" component to "Virus Scan Engine (Windows)".
Apex Central stops synchronizing the suspicious object (SO) list from Trend Deep Discovery Analyzer once multiple Deep Discovery Analyzers have registered to Apex Central.
Solution
This hotfix ensures that Apex Central synchronizes the SO list successfully when multiple Deep Discovery Analyzers are registered to Apex Central.
The "Pass/Log" action in "Intrusion Prevention" logs on log query results may confuse users.
Solution
This hotfix replaces the "Pass/Log" action on the log query results page to "Log" when in "detect only" mode.
This hotfix enables Apex Central to add user name information in Device Control syslog messages.
This hotfix ensures that sub services can restart normally after stopping unexpectedly.
This hotfix enables Apex Central to apply policies promptly to an agent that originally does not have a policy once it triggers a filter policy because of changes to its properties, such as an IP change resulting in matching the filter policy's criteria, instead of waiting until the daily policy re-enforcement to apply policies on the agent.
The original default values of "Maximum TCP Connections" and "Maximum UDP Connections" in the "Apex One Security Agent > Vulnerability Protection > Network Engine Setting" tab are too small and cause the generation of a large number of Intrusion Prevention logs.
This hotfix applies the following changes to limit the number of Intrusion prevention logs:
Apex Central Log Queries take a very long time to complete when there are more than 200000 agents.
Solution
This hotfix improves the Log Query performance when there are more than 200000 agents.
User may fail to upload the IOC file for investigation if the Apex Central did not installed in C disk.
Solution
This hotfix has fixed this issue.
The hotfix ensures that the policy status displays correctly after deployment.
Apex Central deploys the wrong action setting for IP-type User-Defined Suspicious Objects (UDSO) that have been added to the SO list using Custom Intelligence Automation APIs.
Solution
This hotfix ensures that the correct action for IP-type USDOs are deployed to managed products.
The pie chart in "DLP template Matches" widget displays the "Others" category even when the option is not selected.
Solution
This hotfix adds an additional filter logic to ensure that information categorized under "Others" does not appear in the pie chart when the option is not selected.
An I18N issue is found in Users/Endpoints.
Solution
This hotfix resolves the I18N issue.
Apex Central cannot overwrite policy settings when the Apex One agent changes a policy locally.
Solution
This hotfix ensures that policies are deployed normally.
This hotfix ensures that sub services can restart normally after stopping unexpectedly.
The Web Console Timeout setting does not work normally.
Solution
This hotfix ensures that the Web Console Timeout setting works normally.
The Antivirus Pattern Compliance dashboard of Control Manager incorrectly shows "-1%".
Solution
This hotfix ensures that Antivirus Pattern Compliance dashboard correctly shows the true value.
Apex Central could not deploy the policy to agents with an IP address in the IPv6 ISATAP format.
Solution
This hotfix ensures that Apex Central translates the IPv6 ISATAP address to binary so it can deploy policies to affected agents correctly.
The "Product Connection Status" widget does not display any information.
Solution
This hotfix ensures that the "Product Connection Status" widget displays information normally.
The Dashboard is affected by Cross-Site Scripting (XSS) issues.
Solution
This hotfix resolves the issue.
The scan exclusion settings for Apex One Security Agent child policies are lost if the parent policy is edited.
Solution
This hotfix resolves the issue.
The Apex Central policy cannot overwrite an Apex One agent configuration that has been edited locally.
Solution
This hotfix ensures that policies deployed to Apex One work normally.
The license information of Trend Micro ServerProtect™ for Linux™ does not display in the product directory.
Solution
This hotfix ensures that the ServerProtect for Linux license information does displays normally in the product directory.
The MDR server receives incomplete log from Control Manager when network is slow.
Solution
This hotfix would ensure that Control Manager send complete log to MDR server.
In the "Log Maintenance" page, the number of product event logs always shows "0" even when there are logs in tb_AVEventLog.
Solution
This hotfix ensures that the correct product event log count displays on the "Log Maintenance" page.
When users add a User-Defined Suspicious Object with Scan Action set to "Block", the action will be saved as "Log" instead of "Block".
Solution
This hotfix resolves the issue to ensure that users can save User-Defined Suspicious Objects with "Block" scan action normally.
The endpoint count on Compliance Reports generated by Control Manager does not match the actual Trend Micro OfficeScan™ agent count.
Solution
This hotfix ensures that the correct endpoint count appears in Control Manager Compliance Reports.
An information leakage issue was found in the Dashboard.
Solution
This hotfix resolves the issue.
The Dashboard, LogQuery, Active Directory, and Compliance Settings pages of the Control Manager web console are affected by Reflected Cross-Site Scripting (XSS) issues.
Solution
This hotfix removes these issues.
An issue prevents Control Manager from applying Device Control Setting rules to the Trend Micro OfficeScan™ Agent Policy.
Solution
This hotfix resolves the issue so Control Manager can apply Device Control Setting rules to the OfficeScan Agent Policy.
A performance issue prevents the Control Manager web console from displaying Log Query results.
Solution
This hotfix resolves the performance issue so Log Query results can be displayed normally.
The AD sync function cannot work normally when there is a large number of AD Organizational Units (OU).
Solution
This hotfix ensures that the AD sync function can handle a large number of AD OUs.
The information in exported CSV and XML files may not match the corresponding information in the Control Manager web console.
Solution
This hotfix ensures that the information in exported CSV and XML files match the information on the Control Manager web console.
Administrators cannot deploy policy settings from Control Manager to Apex One.
Solution
This hotfix resolves the issue to ensure that Control Manager successfully deploys policy settings to Apex One.
The following Network Content Inspection Engine (NCIE) log headers are confusing users:
Solution
This hotfix renames the following Network Content Inspection Engine (NCIE) log headers to minimize confusion: CONFUSING HEADING -> FIXED HEADING
This hotfix updates the Deep Discovery Advanced Filter search mechanism to prevent a UI script injection error.
This hotfix adds a new filter type "Security risk scan filter" in the log query page.
This hotfix enables Apex Central to support Trend Micro Deep Discovery Director 5.0.
This hotfix adds the option to configure Apex Central to use a proxy server for hub/node registration and synchronization.
This hotfix enables Control Manager to support TMES 1.6 Update 6.
Duplicate GUID Agents now are recorded.
The update extends PHP execution time.
Trend Micro Security for Mac policy deployment on reliability and optimizing for huge amount of agent counts environment.
This hotfix ensures that when users trigger the duplicate policy tasks, redundant tasks are not sent.
This hotfix ensures that LogForwarder enables the ping function only when the connection protocol is UDP.
The following Network Content Inspection Engine (NCIE) log headers are confusing users:
This hotfix integrates Control Manager with version 9.1 of Trend Micro InterScan™ Messaging Security Suite (IMSS) for Linux™.
This hotfix adds the new "Predictive Machine Learning Local File Model" pattern.
This hotfix adds the new "Predictive Machine Learning Local File Model" pattern.
This hotfix redefines the following variables in Trend Micro Data Loss Prevention™ (DLP) syslog content.
This hotfix adds the following two fields in the "Incident Details" page.
This hotfix improves the performance of the policy detail pages of the Apex Central web console.
Cloud service integration with Cloud App Security allows you to sweep protected mailboxes, correlate Active Directory user information, and generate Analysis Chains in Apex Central to better understand threat vectors and distribution across the entire network.
The Antivirus Pattern Compliance dashboard of Control Manager incorrectly shows "-1%".
Solution
This hotfix ensures that Antivirus Pattern Compliance dashboard correctly shows the true value.
This hotfix improves the performance of the policy detail pages of the Apex Central web console.
This hotfix ensures that when users trigger the duplicate policy tasks, redundant tasks are not sent.
The Dashboard is affected by Cross-Site Scripting (XSS) issues.
Solution
This hotfix resolves the issue.
Users encounter an "Out of memory" error when synching the Active Directory (AD) if there is a large number of AD groups.
Solution
This hotfix ensures that the AD sync function can handle a large number of AD groups.
The sample php files used to test for "log4php" show the internal path of applications.
Solution
This hotfix removes this potential vulnerability.
The AD sync function cannot work normally when there is a large number of AD Organizational Units (OU).
Solution
This hotfix ensures that the AD sync function can handle a large number of AD OUs.
The Dashboard, LogQuery, Active Directory, and Compliance Settings pages of the Apex Central web console are affected by Reflected Cross-Site Scripting (XSS) vulnerabilities.
Solution
This hotfix removes these vulnerabilities.
It takes long time to display the contents of Active Directory (AD) domains in the "User/Endpoint Directory" page.
Solution
This hotfix improves the performance of some related queries so that the "User/Endpoint Directory" page can display the contents of AD domains faster.
In Control Manager 7.0 GM Build Patch 1, the scheduled hourly download job does not run on time.
Solution
This hotfix ensures that the scheduled hourly download job runs on time.
An issue prevents Node Apex Central from syncing the Suspicious Objects list with the Hub Apex Central.
Solution
This hotfix resolves the issue so that Node Apex Central can sync the Suspicious Objects list with the Hub Apex Central successfully.
Sometimes, Apex Central is unable to SSO to Apex One server.
Solution
This hotfix ensures that Apex Central is able to SSO to Apex One server successfully.
A high CPU usage issue occurs when the value of the "bigwatermark" field is NULL.
Solution
This hotfix prevents the high CPU usage issue under this scenario.
Data Discovery ad hoc query results cannot be generated.
Solution
This hotfix ensures that the Data Discovery ad hoc query results contain complete and accurate information.
An issue prevents Apex Central from pushing the Data Loss Prevention™ (DLP) template to Trend Micro InterScan™ Web Security Virtual Appliance (IWSVA).
Solution
This hotfix resolves the issue so that Apex Central can push the DLP template to IWSVA successfully
The "AD connection disabled" warning icon appears in the "User/Endpoint Directory" page of the Apex Central console when the Active Directory (AD) server name is too long.
Solution
This hotfix ensures that long AD server names no longer trigger the warning icon on the "User/Endpoint Directory" page.
When the Active Directory (AD) filter is re-set, all child under a parent with a "half-checked" checkbox are not counted and re-selected.
Solution
This hotfix ensures that when counting the total number of ADs, each parent with a half-checked checkbox counts and reselects all child under it.
Users cannot Single Sign-On (SSO) to the Apex one web console from the Apex Central web console.
Solution
This hotfix ensures that users can SSO to the Apex One web console from the Apex Central web console.
A performance issue prevents users from downloading the "Unmanaged Endpoints" list from the Dashboard Operation Center widget.
Solution
This hotfix resolves the performance issue so users can download the "Unmanaged Endpoints" list from the Dashboard Operation Center widget successfully.
The "DLP Incidents by Channel" widget does not display any information when users click on the "Incidents by Action" pie chart.
Solution
The hotfix ensures that the corresponding information displays after users click on the "Incidents by Action" chart on the "DLP Incidents by Channel" widget.
Widgets in the "DLP Incident Investigation" page do not display any information.
Solution
This hotfix ensures that widgets in the "DLP Incident Investigation" page display information normally.
The C&C Callback Events widget does not display correct results.
Solution
This hotfix ensures that the C&C Callback Events widget displays complete and accurate query results.
In the "Scheduled/Manual update" pages, if a user saves changes to the settings a second time without refreshing the page and without changing the UNC password, the original UNC password will be cleared, resulting in update failures.
Solution
This hotfix allows the user to save the changes in the "Scheduled/Manual update" pages multiple times without refreshing the pages.
The scheduled hourly download job does not run on time.
Solution
This hotfix ensures that the scheduled hourly download job runs on time.
Users may not be able to see some Active Directory (AD) users under specific domains while adding users to the "Active Directory user or group" list.
Solution
This hotfix ensures that users can view all users under each domain.
In Microsoft™ Edge, the Top Email Recipients of Advanced Threats widget and Email Messages with Advanced Threats widget display a blank page when users drill down on any information on the widgets.
Solution
This hotfix ensures that the widgets display complete and accurate information in Microsoft Edge.
When Apex Central deploys commands directly to the Trend Micro ServerProtect for Microsoft™ Windows™ NT Normal Server, the deployment may fail.
Solution
This hotfix ensures that Apex Central can deploy commands to the ServerProtect Normal Server normally.
On the Apex Central web console, "N/A" appears on the "Scan Method" column for Apex One agents that use "Conventional Scan".
Solution
This hotfix ensures that the correct Apex One agent scan method information is displayed on the Apex Central web console.
The scheduled hourly download job does not run on time.
Solution
This hotfix ensures that the scheduled hourly download job runs on time.
An issue prevents Apex Central from applying "Run cleanup when probable virus/malware is detected" to the apex One Security Agent Policy.
Solution
This hotfix resolves the issue.
If a child policy is set to inherit the settings from a parent policy that does not have a scan exclusion list, the child policy will not display the scan exclusion list after it is added to the parent policy.
Solution
This hotfix ensures a child policy that is set to inherit the settings from a parent policy displays the scan exclusion list once it is added to the parent policy.
There are some Cross-Site Scripting (XSS) vulnerabilities in the "Policy Management" page.
Solution
This hotfix removes these XSS vulnerabilities from the "Policy Management" page.
Some user accounts that have just been assigned read only access roles receive "Scheduled incident summary" and "Scheduled incident increase" notifications.
Solution
This hotfix ensures that user accounts that have read only access roles do not receive "Scheduled incident summary" and "Scheduled incident increase" notifications.
NOTE: This solution does not cover existing roles. You need to save each existing role again to apply the solution.
The Application Control Criteria could not be exported in Microsoft™ Internet Explorer™ or Edge web browser.
Solution
This hotfix updates the Apex Central files to fix this issue.
Users cannot see the users and endpoints in the "User/Endpoint Directory" page in Internet Explorer 11.
Solution
This hotfix ensures that the "User/Endpoint Directory" page displays normally in Internet Explorer 11.
This hotfix adds the following four hidden default fields in the Log Query page for iAC detection logs.
This hotfix adds the "Application" hidden default field in the Log Query page for iAC application control logs.
This hotfix adds the "Risk Level" field in the Log Query page for Attack Discovery detections.
This hotfix adds the following eight fields in the Log Query page for Attack Discovery detections.
This hotfix adds the following five fields in the Log Query page for Attack Discovery detections.
This hotfix enables Apex Central to support Trend Micro SafeLock.
This hotfix enables Apex Central to support Deep Discovery Director 3.5
This hotfix enables Apex Central to support the new engine component "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5500)" for Trend Micro Deep Discovery Inspector 5.5.
This hotfix enables the AD to sync with the Global Catalog and to support SSL connections.
This hotfix allows users to import the Device Control approved list from the "Policies > Policy Resource > Device Control Approved Device List" page and apply the list to all Apex One Security Agent Policies.
This hotfix updates the Apex One (Mac) 2019 policy setting in Apex Central to support the latest build of the Apex One (Mac) 2019 agent.
The hotfix enables Apex Central to use the report title to name the corresponding report notification email attachment.
This hotfix updates the expression for the Data Loss Prevention™ (DLP) data identifier "Japan: Date" to the new era "令和".
This hotfix introduces the following enhancements for Endpoint Sensor.
Policy widget enhancements for Apex One (Mac):