Trend Micro Apex Central™ Readme

Critical Patch Release Information

Resolved Known Issues
Enhancements
Files Included in This Release

Documentation Set
System Requirements
Installation

Installing
Uninstalling

Post-installation Configuration
Known Issues
Release History
Contact Information
About Trend Micro
License Agreement

1. Critical Patch Release Information

Resolved Known Issues

This Critical Patch resolves the following issue(s):

Issue 1 (SEG-94001)

The "cn3Lable" CEF key displays the wrong value in Virus/Malware syslogs.

Solution

This Hotfix resolves this issue.

Issue 2 (SEG-93629)

Garbled characters appear in the subject field of event notification email messages.

Solution

This Hotfix resolves the issue only on fresh installations of Apex Central.

Issue 3 (VRTS-5342)

Each user account can run more than one session simultaneously even when the "Enforce one session per account" feature is enabled.

Solution

This Hotfix ensures that each user account can run only one session at a time when the "Enforce one session per account" feature is enabled.

Issue 4 (SEG-96376)

The "%BM_policy%" token variable displays the wrong information in Behavior Monitoring notification email messages.

Solution

This Hotfix ensures that the "%BM_policy%" token variable works normally.

Issue 5 (SEG-96075)

An issue prevents users from performing Single Sign-on (SSO) to Apex One from the "Product Servers" page.

Solution

This Critical Patch resolves the issue so users can SSO to Apex One from the "Product Servers" page normally.

Issue 6 (SEG-83960)

Inaccurate Spyware/Grayware log query results may appear on the Apex Central web console and the "Action result" field in Spyware/Grayware Found notification email messages may also display inaccurate information.

Solution

This Hotfix ensures that the correct information appears in both instances.

Issue 7 (SEG-82535)

Static Template Apex One client information reports may indicate that some up-to-date agent components are outdated.

Solution

This Critical Patch ensures that the reports display the correct agent component status.

Issue 8 (SEG-92408)

Single Sign-On (SSO) from Apex Central may not work when a large number of users are active simultaneously.

Solution

This Hotfix resolves this issue so users can SSO from Apex Central normally.

Issue 9 (SEG-92560)

Insufficient system memory causes IIS to work abnormally.

Solution

This Hotfix resolves the memory issue.

Issue 10 (VRTS-5412)

A Cross-Site Scripting (XSS) vulnerability has been detected in HTTP headers.

Solution

This Hotfix adds an X-XSS-Protection Header to prevent the XSS vulnerability.

Issue 11 (VRTS-5448)

The logon pages of the Apex Central web console are affected by stored XSS vulnerabilities.

Solution

This Hotfix resolves the vulnerabilities.

Issue 12 (VRTS-5341)

A privilege escalation issue has been found in the Reports module.

Solution

This Critical Patch resolves the issue.

Issue 13 (SEG-95880)

Apex Central cannot generate reports because the report generating module cannot read the database configuration correctly.

Solution

This Critical Patch resolves the issue.

Issue 14 (SEG-90588)

An issue causes "CmdProcessor.NET.exe" to stop unexpectedly on the "Users/Endpoints" page.

Solution

This Critical Patch resolves this issue.

Issue 15 (SEG-95247)

Users encounter an "Access Deny" message while attempting to copy Apex One Agent policies.

Solution

This Critical Patch ensures that users can copy Apex One policies successfully.

Enhancements

The following enhancements are included in this Critical Patch:

Enhancement 1 (SEG-92035)

This Critical Patch adds a retry mechanism to help minimize SQL exceptions during Apex Central installation.

Enhancement 2 (SEG-91537)

This Hotfix updates the Apex One Vulnerability Protection module to remove unnecessary information in the description of Intrusion Prevention Rules.

Enhancement 3 (SEG-97048)

This Hotfix updates the VSAPI/ATSE engine to version 12.5 to resolve CHM (Compiled HTML) vulnerabilities.

Enhancement 4 (SEG-78060)

This Critical Patch enables Apex Central to re-deploy filter type child polices after a parent policy is edited.

Enhancement 5

This Critical Patch adds the configuration settings for DLP policy Rules and Exceptions applied to Internal and External agents to the external API "Data Loss Prevention".

Enhancement 6 (SEG-91885)

This Hotfix improves the command tracking description for the results of sending suspicious objects to managed products.

Files Included in This Release

There are no files included in this Critical Patch release.

2. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.

To access the Online Help, go to http://docs.trendmicro.com

Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
To access the Support Portal, go to http://success.trendmicro.com

3. System Requirements

1. Trend Micro Apex Central Build 3906 - Traditional Chinese - Windows - x32-x64

4. Installation

Installing

No special instructions are provided.

Uninstalling

No special instructions are provided.

5. Post-installation Configuration

No post-installation steps are required.

6. Known Issues

There are no known issues for this Critical Patch release.

7. Release History

Prior Hotfixes

Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release.

Issue Hotfix 3951 (SEG-56742)

An issue prevents automation APIs from relocating or uninstalling agents.

Solution

The hotfix helps ensure that agents can be relocated or uninstalled using automation APIs.

Issue Hotfix 3951 (SEG-48480), (SEG-48481)

The Web Console Timeout setting does not work normally.

Solution

This hotfix ensures that the Web Console Timeout setting works normally.

Issue Hotfix 3951 (SEG-52169)

Apex Central cannot overwrite policy settings when the Apex One agent changes a policy locally.

Solution

This hotfix ensures that policies are deployed normally.

Issue Hotfix 3951 (SEG-56525)

An I18N issue is found in Users/Endpoints.

Solution

This hotfix resolves the I18N issue.

Issue Hotfix 3951 (SEG-54122)

The pie chart in "DLP template Matches" widget displays the "Others" category even when the option is not selected.

Solution

This hotfix adds an additional filter logic to ensure that information categorized under "Others" does not appear in the pie chart when the option is not selected.

Issue Hotfix 3951 (SEG-54401)

Apex Central deploys the wrong action setting for IP-type User-Defined Suspicious Objects (UDSO) that have been added to the SO list using Custom Intelligence Automation APIs.

Solution

This hotfix ensures that the correct action for IP-type USDOs are deployed to managed products.

Issue Hotfix 3951 (SEG-56480)

The "Trusted Program List" of the Apex One Security Agent policy setting is case-sensitive.

Solution

This hotfix makes the "Trusted Program List" policy setting case-insensitive.

Issue Hotfix 3951 (SEG-55731)

Uses cannot download and save reports when there are non-English alphanumeric characters in the report name.

Solution

This hotfix resolves the issue so users can save and download reports using file names with non-English alphanumeric characters.

Issue Hotfix 3951 (SEG-56044)

Apex Central SaaS displays unrelated categories in static report template on Microsoft™ Internet Explorer™ 11.

Solution

The hotfix ensures that only the following four categories are displayed in static reports in Apex Central SaaS.

Executive summary
Desktop products
Data Loss Prevention
Data Discovery

Issue Hotfix 3951 (SEG-47407)

The "Virus Scan Engine (Windows XP/Server 2003, x64)" component name is no longer accurate since Control Manager stopped support for Microsoft™ Windows™ Server 2003.

Solution

This hotfix renames the "Virus Scan Engine (Windows XP/Server 2003, x64)" component to "Virus Scan Engine (Windows)".

Issue Hotfix 3951 (SEG-56611)

Apex Central stops synchronizing the suspicious object (SO) list from Trend Deep Discovery Analyzer once multiple Deep Discovery Analyzers have registered to Apex Central.

Solution

This hotfix ensures that Apex Central synchronizes the SO list successfully when multiple Deep Discovery Analyzers are registered to Apex Central.

Issue Hotfix 3951 (SEG-56555)

The "Pass/Log" action in "Intrusion Prevention" logs on log query results may confuse users.

Solution

This hotfix replaces the "Pass/Log" action on the log query results page to "Log" when in "detect only" mode.

Enhancement Hotfix 3951 (SEG-56425)

This hotfix enables Apex Central to add user name information in Device Control syslog messages.

Enhancement Hotfix 3951 (SEG-52539)

This hotfix ensures that sub services can restart normally after stopping unexpectedly.

Enhancement Hotfix 3951 (SEG-57251)

This hotfix enables Apex Central to apply policies promptly to an agent that originally does not have a policy once it triggers a filter policy because of changes to its properties, such as an IP change resulting in matching the filter policy's criteria, instead of waiting until the daily policy re-enforcement to apply policies on the agent.

Enhancement Hotfix 3951 (SEG-56849)

The original default values of "Maximum TCP Connections" and "Maximum UDP Connections" in the "Apex One Security Agent > Vulnerability Protection > Network Engine Setting" tab are too small and cause the generation of a large number of Intrusion Prevention logs.

This hotfix applies the following changes to limit the number of Intrusion prevention logs:

Increasing the minimum value of "Maximum TCP/UDP Connection" for the Network Engine Setting to "2000"
Changing the default value to "1000000"
Applying the new default value to policies created with original default values

Issue Hotfix 4363 (SEG-66418)

The Trend Micro Deep Discovery Web Inspector product profile cannot be merged successfully because it contains unnecessary ASCII characters.

Solution

This hotfix removes unnecessary ASCII characters from the Deep Discovery Web Inspector product profile to ensure that the profile can be merged successfully.

Issue Hotfix 4363 (SEG-62090)

The number of queried Attach Discovery Detection logs on Log Query differ from the number of forwarded Syslog entries forwarded.

Solution

This hotfix ensures that there is no discrepancy between the number of queried Attach Discovery Detection logs on Log Query and the number of forwarded Syslog entries.

Issue Hotfix 4363 (SEG-67181)

An issue prevents the Syslog Forward function from working under the UDP protocol.

Solution

This hotfix resolves the issue.

Issue Hotfix 4363 (SEG-3590)

A path traversal vulnerability has been found in Apex Central 2019.

Solution

The hotfix resolves the path traversal vulnerability.

Issue Hotfix 4363 (SEG-64901)

The system does not save non-monitored targets in the Data Loss Prevention™ (DLP) policy setting if the target contains uppercase characters.

Solution

This hotfix resolves this issue by ensuring that the system saves non-monitored targets in the DLP policy setting even if the target contains uppercase characters.

Issue Hotfix 4363 (SEG-67195)

The intrusion prevention rules are missing on the Apex Central version running on Norway platforms.

Solution

This hotfix resolves this issue by enabling the rule update function to properly support Norway platforms.

Issue Hotfix 4363 (SEG-64392)

An issue prevents the Operation Center from merging custom reporting line circles so it displays random custom reporting line names instead. This issue occurs if the custom reporting lines include an Active Directory user that does not have a manager.

Solution

The hotfix ensures that the custom reporting line displays correctly in this situation.

Issue Hotfix 4363 (SEG-66466)

An issue prevents Apex Central from deploying policies after it is upgraded from Control Manager 6.0.

Solution

The hotfix resolves this issue.

Issue Hotfix 4363 (SEG-67182)

An issue prevents Apex Central from purging Behavior Monitoring Logs.

Solution

The hotfix resolves the issue so that Behavior Monitoring Logs are purged correctly.

Issue Hotfix 4363 (SEG-66885)

An issue triggers false rebuild attack discovery detections every hour, which affects Apex Central performance.

Solution

This hotfix resolves the issue.

Issue Hotfix 4363 (SEG-66418)

The Deep Discovery Web Inspector product profile cannot be merged successfully because it contains unnecessary ASCII characters.

Solution

This hotfix removes unnecessary ASCII characters from the Deep Discovery Web Inspector product profile to ensure that the profile can be merged successfully.

Issue Hotfix 4363 (SEG-65270)

The web console of Apex Central as a Service displays a warning message and a disabled "Start Retro Scan" button in the Security Threat information for a URL.

Solution

This hotfix removes the warning message and the disabled "Start Retro Scan" button from the Security Threat page for URLs.

Issue Hotfix 4363 (SEG-61428)

An issue prevents Apex Central from generating reports successfully.

Solution

This hotfix resolves the issue to ensure that Apex Central can generate reports successfully.

Issue Hotfix 4363 (SEG-64336)

Deep Discovery Web Inspector (DDWI) does not support Single Sign-On (SSO) but the SSO link for Deep Discovery Web Inspector appears on the "Server Registration" page.

Solution

This hotfix removes the SSO link for Deep Discovery Web Inspector (DDWI) from the "Server Registration" page.

Issue Hotfix 4363 (SEG-58419)

The Root Cause Analysis task runs continuously if the target agent has been removed.

Solution

This hotfix adds a timeout value for the Root Cause Analysis task.

Issue Hotfix 4363 (VRTS-3589)

Passwords are not salted individually.

Solution

This hotfix ensures that passwords are salted individually.

Issue Hotfix 4363 (SEG-56595)

When receiving Web Violation logs, the corresponding Web Access Policy Violation Alerts under Event Notifications do not display the login user information.

Solution

This hotfix ensures that Web Access Policy Violation Alerts display the login user information normally.

Issue Hotfix 4363 (SEG-64156)

Apex Central is affected by PHP vulnerabilities.

Solution

This hotfix upgrades the PHP module to build 7.1.33.

Issue Hotfix 4363 (VRTS-3849)

The OpenSSL and libcurl modules are affected by a Code Injection Vulnerability.

Solution

This hotfix resolves the vulnerability.

Issue Hotfix 4363 (SEG-60067)

When users create criteria using the Application Reputation List on Apex Central, some applications that were selected from the list become unselected after a TMCSS pattern update.

Solution

This hotfix updates the Apex Central file to resolve this issue.

Issue Hotfix 4363 (SEG-61089)

The Trend Micro Interscan™ Messaging Security (IMSS) policy is not fully functional on Apex Central.

Solution

This hotfix ensures that the IMSS policy is fully functional on Apex Central.

Issue Hotfix 4363 (SEG-61629), (SEG-61784)

The "Filter by criteria" function cannot match keywords when users specify multiple keywords and separate each by a comma.

Solution

This hotfix ensures that the "Filter by criteria" function matches multiple keywords normally.

Issue Hotfix 4363 (SEG-62153)

A specific SQL query blocks several processes on the Control Manager server.

Solution

This hotfix ensures that the specific SQL query does not block processes on the Control Manager server.

Issue Hotfix 4363 (SEG-61339)

Policies are not deployed if there is a carriage return in the filter criteria.

Solution

The hotfix ensures that policies are deployed successfully.

Issue Hotfix 4363 (VRTS-3668)

Users encounter "4624(S): An account was successfully logged on" events with Logon Type 8 which warns that passwords are recorded in clear text on the server memory.

Solution

The hotfix prevents passwords from being saved in clear text on the server memory.

Issue Hotfix 4363 (SEG-61440)

An issue prevents users from selecting targets to deploy Apex Central policies.

Solution

The hotfix ensures that Apex Central policies are deployed normally.

Issue Hotfix 4363 (SEG-56557)

When users search for Active Directory (AD) user names or user groups while creating a policy under the Device Control Settings, the AD user names or user groups do not display on the search bar.

Solution

This hotfix ensures that users can search for AD user names or user groups normally when creating Device Control policies.

Issue Hotfix 4363 (SEG-58852)

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Solution

This hotfix ensures that the "India: Mobile Number" Data Identifier Expression works normally.

Issue Hotfix 4363 (SEG-58967)

An SQL function usage compatibility issue causes hotfix installation to fail.

Solution

This hotfix resolves the issue to ensure that hotfixes can be installed normally.

Issue Hotfix 4363 (SEG-59166)

An issue prevents the "Product Component Status" widget from displaying information normally.

Solution

This hotfix resolves the issue so that the "Product Component Status" widget can display information normally.

Issue Hotfix 4363 (SEG-56503)

In the Data Loss Prevention™ (DLP) Policy Settings page, the device serial ID field supports up to 32 characters only.

Solution

This hotfix extends the maximum device serial ID length to 64 characters.

Issue Hotfix 4363 (SEG-59272)

The "This feature supports only IPv4" warning in the "Apex One Data Loss Prevention Settings > Apex One DLP" screen is misleading.

Solution

This hotfix removes the "This feature supports only IPv4" warning from the "Apex One DLP" settings screen.

Issue Hotfix 4363 (SEG-56232)

The Active Directory (AD) cannot be synched successfully because "Logprocessor.exe" runs out of memory during AD synchronization.

Solution

This hotfix prevents the out-of-memory issue to ensure that AD can be synched successfully.

Issue Hotfix 4363 (SEG-58234)

The UI layout does not display when users click on "Show working panel" while editing the Custom Report template.

Solution

This hotfix ensures that the UI layout displays normally when users click the "Show working panel" button while editing the Custom Report template.

Issue Hotfix 4363 (SEG-56869)

Users cannot log on to the Apex Central web console using a password that contains a space character.

Solution

This hotfix enables users to use passwords that contain a space character to log on to the Apex Central web console.

Issue Hotfix 4363 (SEG-58224)

The UI debug log displays the wrong message when the OpenIOC file has been uploaded successfully.

Solution

This hotfix ensures that UI debug log displays the correct message after the OpenIOC file has been uploaded successfully.

Issue Hotfix 4363 (SEG-51336)

When users add email addresses to the "Event Notification > Watchlisted Recipients At Risk" list, only the first 64 characters of the string will be saved.

Solution

This hotfix ensures that users can add email messages normally into the "Watchlisted At Risk" list.

Issue Hotfix 4363 (SEG-57402)

An issue prevents Apex Central from generating manual or scheduled reports when the scan date data is empty.

Solution

This hotfix resolves the issue to ensure that Apex Central can generate reports normally.

Issue Hotfix 4363 (SEG-64841)

The "Database is busy. Please..." error message appears on the "User/Endpoint Directory" page when the SQL server and database use different collation settings.

Solution

This hotfix resolves the error by updating the SQL script to enable it to use the database collation settings instead of the SQL server collation settings.

Enhancement Hotfix 4363 (SEG-60909)

This hotfix enables Apex Central to sort policy changing domain agents every 10 minutes instead of at 15:15 everyday.

Enhancement Hotfix 4363 (SEG-67527)

This hotfix adds a new error message containing the workaround for when Single-Sign On (SSO) fails because the browser cookie length limit has been exceeded.

Enhancement Hotfix 4363 (SEG-41899)

This hotfix enables Apex Central to support the Login Sharing Prevention feature.

Enhancement Hotfix 4363 (SEG-56603)

This hotfix enables the Operation Center to display information in Chart View and Table View.

Enhancement Hotfix 4363 (SEG-32094)

This hotfix adds Behavior Monitoring violations alert settings under the Event Notification settings.

Enhancement Hotfix 4363 (SEG-32096)

This hotfix adds Predictive Machine Learning detections alert settings under the Event Notification settings.

Enhancement Hotfix 4363 (SEG-43637)

LogForwarder forwards mapping string labels instead of the integer when forwarding Action column content of Behavior Monitoring.

Enhancement Hotfix 4363 (SEG-61455)

This hotfix enables Apex Central to support the new engine component "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5600)" for Trend Micro Deep Discovery Inspector 5.6.

Enhancement Hotfix 4363 (SEG-61185)

This hotfix enables Apex Central as a Service to monitor Single Sign-On issues through Microsoft™ Windows™ event logs.

Enhancement Hotfix 4363 (SEG-63480)

This hotfix renames the "InterScan Web Security as a Service" Server Type option to "Trend Micro Web Security" in the "Administrator > Server Registration" page on the Apex Central web console.

Enhancement Hotfix 4363 (SEG-53909)

This hotfix enables Apex Central to support Trend Micro Deep Discovery Web Inspector.

Enhancement Hotfix 4363 (SEG-63797)

This hotfix enables the following three widgets to display information from the past 30 days.

Top Endpoints Affected by IPS Events
Top IPS Attack Sources
Top IPS Events

Procedure

To summarize data from the last 30 days:

Install this hotfix (see "Installation").
Open a command prompt and log in using an administrator account.
Go to the Apex Central installation home folder.
Run the following command "echo sp_Presummary_IntrustionPrevention_30Days > SumIPS.sql | SQLExecutor.NET.exe -f=SumIPS.sql"

Enhancement Hotfix 4363 (SEG-59130)

This hotfix allows users to select a virtual analyzer to be used for an Apex One as a Service server on the "Server Registration" page in hybrid mode.

Enhancement Hotfix 4363 (SEG-61384), (SEG-62946)

This hotfix adds the following three new widgets in Apex Central to provide users with information on Intrusion Prevention (IPS) events.

Top Endpoints Affected by IPS Events Top IPS Attack Sources Top IPS Events

Enhancement Hotfix 4363 (SEG-63674)

Dashboard enhancements

The widgets on the former DLP Incident Investigation tab are now on the Data Loss Prevention tab.

Enhancement Hotfix 4363 (SEG-63674)

Impact Analysis enhancement

The Affected Users screen automatically refreshes every 60 seconds when running an Impact Analysis.

Enhancement Hotfix 4363 (SEG-63674)

Web Console Auto Refresh enhancement

You can configure the Apex Central management console to automatically refresh the screen every 600 seconds (enabled by default).

Enhancement Hotfix 4363 (SEG-49778)

This hotfix provides an iAC log purge function in the "Log Maintenance" page of the Apex Central web console.

Enhancement Hotfix 4363 (SEG-52242)

This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 6.8.

Enhancement Hotfix 4363 (SEG-34121), (SEG-41962), (SEG-52917), (SEG-48792)

This hotfix adds the new column "Expiration date" for User-Defined Suspicious Objects (UDSO) in Apex Central.

Enhancement Hotfix 4363 (SEG-43643)

This hotfix ensures that activation (AC) keys are renewed automatically when the keys are added or redeployed to products.

Enhancement Hotfix 4363 (SEG-41902)

This hotfix enables users to add "unmanaged endpoints" information to custom reports.

Enhancement Hotfix 4363 (SEG-56940)

This hotfix enables Apex Central to support Trend Micro Safe Lock™ 3.0.

Enhancement Hotfix 4363 (SEG-58041)

This hotfix ensures that Microsoft™ Azure Active Directory (AD) could Single Sign-On (SSO) to the Apex Central web console normally.

Enhancement Hotfix 4363 (SEG-43622)

This hotfix enables users to add the Apex One domain hierarchy information in applicable virus event notifications using the "%hierarchy%" token.

Enhancement Hotfix 4363 (SEG-55073)

This hotfix allows Apex Central to enable the "self-integrity check" setting for the ActiveUpdate (AU) module by default.

Enhancement Hotfix 4363 (SEG-58238)

This hotfix helps prevent a misconfiguration issue that may trigger the generation of a large number of violation logs, by blocking the use of an asterisk "*" wildcard character in the root file path properties and each certificate properties on the "Application Control Criteria" setting page.

Enhancement Hotfix 4363 (SEG-55846)

This hotfix enables Apex Central to support the new component "Advanced Threat Scan Engine (Mac, 64-bit)" for Apex One (Mac™).

Enhancement Hotfix 4363 (SEG-56048)

This hotfix ensures that the LogForwarder tool sends pattern update status logs and engine update status logs normally.

Enhancement Hotfix 4363 (SEG-54994)

This hotfix enables Apex Central to send File Hash detection logs and Network Content Inspection logs to the Threat Investigation Center (TIC).

Enhancement Hotfix 4363 (SEG-44904)

This hotfix updates the Active Directory (AD) sync tool to enable it to limit or approve which Organizational Units (OUs) are synced to Apex Central. Users can configure this feature by setting-up the approved and exception lists in the "ADSyncOUList.config" file.

Enhancement Hotfix 4363 (SEG-53604)

This hotfix prevents Cross-site Scripting (XSS) issues in the filter by criteria mechanism when creating policies.

Issue Hotfix 4473 (VRTS-4126)

Users with Read-Only privileges may be able to export the Data Loss Prevention™ (DLP) pattern.

Solution

This hotfix ensures that only users with the required permissions can export the DLP pattern.

Issue Hotfix 4473 (SEG-54954)

An issue prevents Apex Central to acquire logs.

Solution

This hotfix fixes this issue.

Issue Hotfix 4473 (SEG-54954)

An issue prevents Apex Central to acquire logs.

Solution

This hotfix fixes this issue.

Issue Hotfix 4473 (SEG-69895)

Domain users are unable to install Apex Central hotfixes.

Solution

This hotfix ensures that domain user accounts can successfully install Apex Central hotfixes.

Enhancement Hotfix 4473 (SEG-60191)

This hotfix enhances Apex Central to share Deep Discovery Analyzer (DDAN) in the hub site to managed OfficeScan (OSCE)/Apex One in the node site.

Enhancement Hotfix 4473

Vulnerability Patches

Apex Central has patched Cross Site Scripting (XSS) vulnerabilities.

Enhancement Hotfix 4473

Performance Enhancement

Apex One (Mac)

This hotfix enhances the performance of Apex One (Mac) as a Service.

Enhancement Hotfix 4473

Performance Enhancement

Apex One (Mac)

This hotfix improves the startup speed and startup flow of the Apex One Security Agent to help reduce unexpected errors during Security Agent startup.

Enhancement Hotfix 4473

New Features

Security Agent Uninstallation

Apex One (Mac) provides enhanced password security for Security Agent uninstallation on endpoints when an uninstallation password is required.

Enhancement Hotfix 4473

New Features

Policy Management Enhancement

Apex One Security Agent policies support inheritance for Predictive Machine Learning settings.

Enhancement Hotfix 4473

New Features

Enhanced API Integration

Apex Central supports a new API that forwards detection logs in CEF format to SIEM servers.

Issue Hotfix 4474 (SEG-66877)

Users cannot Single Sign-On (SSO) to the Apex One web console from the Apex Central web console.

Solution

This hotfix resolves the issue.

Issue Hotfix 5104 (SEG-73934)

Users do not receive event notifications if the log generation time field is empty.

Solution

This Hotfix ensures that Apex Central can send event notifications successfully when the log generation time field is empty.

Issue Hotfix 5104 (SEG-77415)

Apex Central 2005 urgent patch.

Solution

Issue Hotfix 5104 (SEG-74460)

Apex Central does not allow the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.

Solution

This Hotfix enables Apex Central to support the number higher than 255 in the Fully-Qualified Domain Name (FQDN) of the SIEM server.

Enhancement Hotfix 5104

Syslog Forwarding Enhancement

Apex Central allows you to forward Intrusion Prevention and Product Auditing Event logs to a syslog server.

Enhancement Hotfix 5104

Vulnerability Patches

Apex Central has patched Cross Site Scripting (XSS) and SQL injection vulnerabilities.

Enhancement Hotfix 5104

Password Complexity Enhancement

Apex One as a Service user account passwords and the Apex One Security Agent uninstallation password have the same password complexity requirements.

Enhancement Hotfix 5104

Security Agent Password Complexity

The Uninstall Security Agent feature includes enhanced password complexity requirements for better security.

Issue Hotfix 5243 (SEG-76601)

The banner on the "User-Defined Suspicious Objects" tab contains inaccurate information.

Solution

This hotfix ensures that the banner displays accurate information.

Issue Hotfix 5243 (SEG-71991)

C&C Callback event notifications display an "unknown action" error when users attempt to use the "%act%" token variable.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-70172)

Filtered policies cannot be deployed successfully to agents in subdomains that contain an apostrophe "'".

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-80627)

When Data Loss Prevention™ (DLP) logs are sent in syslog form, policy names appear as "N/A".

Solution

This hotfix ensures that the correct policy names appear in the DLP logs.

Issue Hotfix 5243 (SEG-81320)

Device Control logs cannot be queried from the "Logs Query" page.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-81379)

CSS style errors cause columns to overlap when printing pages.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-78345)

It may take a long time to generate a report using a template that contains the "Endpoint Pattern/Engine Status Summary". When this happens, the report generation task remains in "In progress" status.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-79000)

Users do not receive scheduled report notification email messages.

Solution

This hotfix ensures that users receive a notification email each time a scheduled report is generated.

Issue Hotfix 5243 (SEG-81846)

The wrong scan method information appears in the "Product View" page.

Solution

This hotfix ensures that the correct scan method information displays in the "Product View" page.

Issue Hotfix 5243 (SEG-80613)

No results display when users run a Log Query and select the same date in the two date fields of the "Custom Range" date filter.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-76127)

An issue prevents Apex Central from generating Active Directory user group reports successfully.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-82738)

An issue prevents Apex Central from forwarding Intrusion Prevention logs to the syslog server.

Solution

This hotfix resolves the issue so Apex Central can forward Intrusion Prevention logs to the syslog server normally.

Issue Hotfix 5243 (SEG-80624)

An exception occurs when users click the "View" in the Security Threat Details table of the Threats tab.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-65309)

Apex Central is unable to save SSO service URLs that contain special characters.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-81742)

The Active Directory (AD) cannot be synched successfully if running in a database with "Estonian_CI_AS" collation.

Solution

This hotfix resolves the issue.

Issue Hotfix 5243 (SEG-79612)

A Deploy Pattern Update command may be cancelled by the next Deploy Pattern update command even if the commands contain different components. As a result, some components are not deployed to the product server.

Solution

This hotfix ensures that a new Deploy Pattern Update command will cancel the previous Deploy Pattern Update command only if they have exactly the same component types.

Issue Hotfix 5243 (SEG-83614)

Users cannot import policies normally.

Solution

This hotfix ensures that users can import policies successfully.

Issue Hotfix 5243

There are some Cross-Site Scripting (XSS) vulnerabilities in Custom Intelligence

Solution

The hotfix fixes Cross-Site Scripting (XSS) vulnerabilities in Custom Intelligence

Enhancement Hotfix 5243 (SEG-74478)

This hotfix improves the product profile merge operation to reduce job failures.

Enhancement Hotfix 5243 (SEG-70114)

This hotfix increases the maximum supported DLP file size from 2 GB to 1024 GB.

Enhancement Hotfix 5243 (SEG-81523), (SEG-82991)

This hotfix applies the following changes to the Firewall Violations log:

Renames the following columns:
- "Endpoint IP" to "Destination IP"
- "Endpoint Port" to "Destination Port"
- "Target Application" to "Target Process"
Adds the "Source Port" column

Enhancement Hotfix 5243 (SEG-75186)

This hotfix updates the following error messages that display when iVP policy deployment fails.

Error Code 130 From: Vulnerability Protection Service: Policy deployment unsuccessful: Unable to uninstall incompatible agent program To: Vulnerability Protection Service: Unable to deploy. Deep Security installed

Error Code 112 From: Vulnerability Protection Service: Policy deployment unsuccessful: Incompatible agent program on endpoint To: Vulnerability Protection Service: Policy deployment unsuccessful: Unable to deploy. Deep Security installed

Enhancement Hotfix 5243 (SEG-76997)

CEF syslogs include "Active Directory domain" and "Apex One domain hierarchy" information for each log type.

Issue Hotfix 5449 (SEG-83297)

An issue prevents a node Apex Central from registering successfully to a hub Apex Central.

Solution

This Hotfix resolves the issue so a node Apex Central can register to the hub Apex Central normally.

Issue Hotfix 5449 (SEG-91264)

C&C callback event notifications display inaccurate callback address information.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-89339)

Long URL strings do not display normally in the "Top Threats" widget.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (SEG-88353)

An error occurs when automation APIs are used to retrieve web security syslog data.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-91976)

If a user account or contact group has been chosen to be included onto a scheduled Report Recipients, and the Report Creator does not include these Recipients or Contact Group, the Report Creator's My Report List does not list the Scheduled Report instance.

Solution

This Hotfix resolves this issue by ensuring that the Creator's My Report List always lists the Scheduled Report instances correctly.

Issue Hotfix 5449 (SEG-83319)

An error prevents popup windows from appearing after users click the deviation link on the Policy page.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92672)

Users encounter an error message while editing an existing user account.

Solution

This Hotfix ensures that users can edit existing user accounts successfully.

Issue Hotfix 5449 (SEG-90645)

The "%time%" variable in email notifications for both Behavior Monitoring violations and predictive Machine Learning detections display the wrong time information.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92121)

When the policy owner changes, user accounts with administrator roles do not receive the corresponding notification email.

Solution

This Hotfix ensures that administrator user accounts receive policy owner change notification email messages.

Issue Hotfix 5449 (SEG-92671)

Apex Central sends out an SNMP test notification when it should send out an email policy violation event SNMP notification.

Solution

This Hotfix ensures that Apex Central sends out the correct SNMP notifications.

Issue Hotfix 5449 (SEG-85933)

The "Domain Login" option disappears from the web console after the Apex Central service restarts.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-87216)

The DLP Scheduled incident summary attached in Event Notification email messages may contain inaccurate information when the DLP log count field is empty.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-88134)

An Active Directory (AD) sync job fails when the AD user does not have enough permission to sync up whole trusted domains.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92823)

An issue prevents Apex One SaaS from registering to XDR.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-87217), (SEG-91532)

The Deep Security Agent blocks Apex Central Update and Hotfix installation.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-90191)

Product registration to Apex Central fails because the soft server entity count has reached the maximum value. This may happen when Apex Central does not detect Deep Security Agents as Server Entities.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-92082)

A report generation issue causes "cmdProcessor.exe" to stop unexpectedly.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-87618)

An issue prevents Apex Central from sending out Predictive Machine Learning detections Notifications.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-82010)

When administrators add Active Directory (AD) domains to the "ADSyncOUList.config" approved list without specifying the Organizational Unit (OU), Apex Central is unable to synchronize the Active Directory domains.

Solution

This hotfix resolves the issue so that users can add AD domains to the "ADSyncOUList.config" approved list without specifying the OU.

Issue Hotfix 5449 (SEG-82724)

When the Active Directory (AD) manager has only one reporting staff and the staff account on the AD server is disabled between synchronization tasks, Apex Central is unable to synchronize the Active Directory.

Solution

This hotfix resolves the issue so that Apex Central can synchronize the Active Directory even if a reporting staff account is disabled between synchronization tasks.

Issue Hotfix 5449 (SEG-79468)

Apex Central may not be able to send scheduled reports by email when there is a large number of reports.

Solution

This hotfix resolves the issue.

Issue Hotfix 5449 (SEG-44878)

In C&C callback event notifications, the callback address field may contain complete URLs of malicious websites which users can click.

Solution

This hotfix resolves this issue.

Issue Hotfix 5449 (SEG-84122)

Users encounter an error message while editing an existing user account.

Solution

This hotfix ensures that users can edit existing user accounts successfully.

Issue Hotfix 5449 (SEG-84979)

The SIEM server displays inaccurate information when Apex Central sends Attack Discovery logs containing JSON content.

Solution

This hotfix ensures that SIEM servers display complete and accurate information for Attack Discovery logs containing JSON content.

Issue Hotfix 5449 (SEG-83710)

The Trend Micro Infrastructure (TMI) service stops unexpectedly.

Solution

This hotfix resolves this issue.

Issue Hotfix 5449 (SEG-85722)

Apex Central is unable to deploy new components downloaded from the ActiveUpdate (AU) server.

Solution

This hotfix ensures that Apex Central can deploy newly downloaded components from the AU server.

Issue Hotfix 5449 (SEG-75516)

There is a typographical error in the syslog content for the following log types:

Virus/Malware
Web Violations
Content Violations

Solution

This hotfix corrects the typographical error.

Issue Hotfix 5449 (SEG-76147)

The "%vloginuser%" token does not display any information in C&C callback notifications.

Solution

This hotfix ensures that the "%vloginuser%" token displays the required information in C&C callback notifications.

Issue Hotfix 5449 (SEG-39822), (SEG-82550)

An issue may corrupt the "Systemconfiguration.xml" file and prevent services from starting properly.

Solution

This hotfix adds a mechanism to help protect the "Systemconfiguration.xml" file from corruption.

Issue Hotfix 5449 (VRTS-4428)

Some components on the Dashboard are out-of-date.

Solution

This hotfix updates the components.

Issue Hotfix 5449 (SEG-83240)

A database timeout issue prevents policy deployment.

Solution

This hotfix resolves this issue.

Issue Hotfix 5449 (SEG-82054)

An issue prevents programs in the Plug-in Program List from appearing on Manual Update and Scheduled Update program lists.

Solution

This hotfix ensures that these plug-in programs appear in the Manual Update and Scheduled Update lists.

Issue Hotfix 5449 (SEG-73320)

If a Root Cause Analysis does not return any matching targets, "N/A" appears in the corresponding "Users/Endpoints" field.

Solution

After applying this hotfix, "No Match" displays in the "Users/Endpoints" field for Root Cause Analysis results that do not return any matching targets.

Issue Hotfix 5449 (SEG-73373)

Users cannot click the "Deploy" button when creating a new policy.

Solution

This hotfix resolves the issue.

Issue Hotfix 5449 (SEG-83354)

User name information does not appear in Virus/Malware syslog messages.

Solution

This hotfix resolves the issue.

Issue Hotfix 5449 (PDGJIRA-7599)

The Deep Security Agent connection status does not display on the Apex Central Agent Connection Status dashboard widget.

Solution

This Hotfix ensures that the Agent Connection Status widget displays the status of the Deep Security Agent.

Issue Hotfix 5449 (SEG-77893)

In environments where a proxy server is required to establish the connection between Apex One and Apex Central, a communication error occurs and prevents Apex Central from deploying policies successfully.

Solution

This hotfix resolves the communication error and ensures that Apex Central successfully deploys policies when connecting to Apex One through a proxy server.

Issue Hotfix 5449 (SEG-84419)

"CmdProcessor.exe" stops unexpectedly.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (VRTS-4775)

An improper cookie configuration issue has been found.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (SEG-86056)

An issue prevents report-generating jobs from running normally.

Solution

This Hotfix resolves the issue so reports are generated successfully.

Issue Hotfix 5449 (SEG-82615)

Active Directory (AD) synchronization fails if the current user does not have the required permissions to access the AD.

Solution

This Hotfix ensures that AD synchronization proceeds normally under the scenario above.

Issue Hotfix 5449 (SEG-87203)

An issue prevents users from deploying the Trend Micro Data Loss Prevention™(DLP) policy from Apex Central when there are identical entries in the exclusion list.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-82139)

The value of the field "File/Data Size" in DLP logs always appears as "2147483647" on the Apex Central server web console when the triggering file on the endpoint is larger than 2 GB.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-82045)

A case-sensitivity issue causes AD synchronization to fail.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (SEG-87322)

Custom Data Loss Prevention™ (DLP) expressions that contain a question mark and colon in sequence "?:" are invalid.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (SEG-83675)

Single Sign-On (SSO) fails when the proxy server requires NTLM authentication.

Solution

This Hotfix resolves the issue so users can still perform SSO under the scenario above.

Issue Hotfix 5449 (SEG-76144)

The "Matched Content" information is missing from the event named scheduled incident summary notification.

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-86854)

The "C&C List Source" column will show "103" rather than the "Relevance rule".

Solution

This Hotfix resolves this issue.

Issue Hotfix 5449 (SEG-83570)

During Daylight Saving Time (DST), inaccurate "Detection Time" information appear in Predicted Machine Learning logs.

Solution

This Hotfix resolves the issue.

Issue Hotfix 5449 (SEG-88731)

An issue prevents Apex Central from synchronizing agent and domain information from managed products.

Solution

This Hotfix resolves the issue to ensure that Apex Central can synchronize agent and domain information from managed products successfully.

Issue Hotfix 5449 (SEG-73839)

The following DLL files stop unexpectedly in debug mode.

cmdHandlerDeployNow.dll
cmdHandlerProductManager.dll
cmdHandlerScheduleDownload.dll

Solution

This Hotfix ensures that the libraries work normally in debug mode.

Issue Hotfix 5449 (SEG-86689)

Users cannot save the "Allowed USB Devices" list on the Apex Central console if the device information contains an "@" character.

Solution

This hotfix resolves the issue so users can save the "Allowed USB Devices" list.

Enhancement Hotfix 5449 (SEG-89809)

This Hotfix renames the "Malware Pattern for Android (Advanced)" pattern to "MARS Pattern for Android".

Enhancement Hotfix 5449 (SEG-78622)

This Hotfix adds the log name in the header of CEF Intrusion Prevention Log notifications and renames the following CEF keys.

from "SLF_RuleID" to "cn1Label Rule"
from "SLF_RuleContent" to "cs1Label Reason/Rule"
from "SLF_IsDetectionOnly" to "cn2Label Mode"
from "SLF_ConnectionType" to "cs2Label Application_Type"
from "SLF_Rank" to "cn3Label Priority"
from "SLF_SeverityCode" to "cn4Label Severity"

Enhancement Hotfix 5449 (SEG-89829)

This Hotfix adds the "File Name", "File Path", and "Scan Type" columns in Spyware/Grayware detections log query results and the "Scan Type" column in Virus/Malware detections log query results.

Enhancement Hotfix 5449 (SEG-76695)

This Hotfix adds the "User Name" column to the Product Status log query results.

Enhancement Hotfix 5449 (SEG-90862)

This Hotfix adds the following two Windows Events:

Windows Event 9001 : Apex One Server is unreachable from Apex Central while user click the Single Sign On ( Apex One as a Service Only )
Windows Event 9002: Apex Central Trend Micro Infrastructure Service is unreachable while user click the Single Sign On.

Enhancement Hotfix 5449

Added a new external API to get Apex One DLP Policy information.

This new API allows users to get all existing DLP policy names and deployed agent lists.

Enhancement Hotfix 5449

Refined the time range options for Apex Central dashboard widgets to specify the number of days instead of weeks.

Enhancement Hotfix 5449 (SEG-84232)

This hotfix improves IIS stability.

Enhancement Hotfix 5449 (SEG-79053)

This hotfix adds the "UK: RD&E Hospital Number" field to the DLP module rule template.

Enhancement Hotfix 5449 (SEG-76695)

This hotfix adds the "User Name" column to the Product Status log query results.

Enhancement Hotfix 5449 (SEG-76413)

If an Active Directory domain only has one child domain, Apex Central does not automatically a parent domain when filtering policy targets by Active Directory structure.

Enhancement Hotfix 5449 (SEG-78710)

This hotfix enables Apex Central to support the "Network Content Inspection Engine (3.10, Kernel mode, 64-bit, Conf: 5700)" engine component for Trend Micro Deep Discovery Inspector 5.7.

Enhancement Hotfix 5449 (SEG-84614)

This hotfix enables Apex Central to support Trend Micro Deep Discovery Analyzer 7.0.

Enhancement Hotfix 5449

The "System" and "SSO_User" user accounts and user roles are hidden by default.

Enhancement Hotfix 5449 (SEG-86857)

This Hotfix improves the performance of the "Automated Analyses" page in handling queries.

Enhancement Hotfix 5449 (SEG-57640)

This Hotfix adds the "Domain Hierarchy" column in policy target search results.

Enhancement Hotfix 5449 (SEG-82919)

This Hotfix enables Apex Central to support the following token variables in Behavioral Monitoring event notifications.

%domain%
%hierarchy%
%BM_policy%
%risklevel%
%target%

Enhancement Hotfix 5449 (SEG-89809)

This Hotfix adds the new "Malware Pattern for Android (Advanced)" component.

Enhancement Hotfix 5449 (PDGJIRA-7668)

This hotfix enhances the readability and consistency of default user role names by renaming default plural role names to the singular name for all roles (for example, the "Administrators" role is now "Administrator"). If the renamed user role already exists, Apex Central adds "_(1)" after the renamed user role name.

Enhancement Hotfix 5449 (PDGJIRA-7684)

This Hotfix upgrades the PHP module to build 7.4.6.

Enhancement Hotfix 5449

Policy widget enhancement for Apex One (Mac): The "Pass" action is renamed to "Deny access" for Real-time Scan to align with the action name in Apex One. This name change does not affect the functionality.

8. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

https://www.trendmicro.com/en_us/contact.html

NOTE: This information is subject to change without notice.

9. About Trend Micro

Smart, simple, security that fits.

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2021, Trend Micro Incorporated. All rights reserved.

Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

10. License Agreement

View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html

Third-party licensing agreements can be viewed:

By selecting the "About" option in the application user interface
By referring to the "Legal" page of the Administrator's Guide