<> Trend Micro, Inc. October 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Apex One(TM) Security Agent SaaS Version 2019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://docs.trendmicro.com/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at: http://olr.trendmicro.com Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp Contents ===================================================================== 1. About Apex One 2. What's New 3. Document Set 4. System Requirements 5. Installation 6. Post-Installation Configuration 7. Known Issues 8. Contact Information 9. About Trend Micro 10. License Agreement ===================================================================== 1. About Apex One ======================================================================== Trend Micro(TM) Apex One(TM) protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, Apex One consists of an agent program that resides at the endpoint and a server program that manages all agents. The agent guards the endpoint and reports its security status to the server. The server, through the web-based management console, makes it easy to set coordinated security policies and deploy updates to every agent. Apex One is powered by the Trend Micro Smart Protection Network, a next generation cloud-client infrastructure that delivers security that is smarter than conventional approaches. Unique in-the-cloud technology and a lighter-weight agent reduce reliance on conventional pattern downloads and eliminate the delays commonly associated with desktop updates. Businesses benefit from increased network bandwidth, reduced processing power, and associated cost savings. Users get immediate access to the latest protection wherever they connect-within the company network, from home, or on the go. 2. What's New ======================================================================== Apex One includes the following new features and enhancements: 2.1 What's New in Apex One 2019 ===================================================================== Endpoint Sensor Integration --------------------------- Integration with Endpoint Sensor allows you to monitor, record, and perform both current and historical security investigations on your Apex One endpoints. Use the Apex Central console and perform preliminary investigations to locate at-risk endpoints before executing an in-depth Root Cause Analysis to identify the attack vectors. Application Control Integration ------------------------------- Integration with Application Control provides Apex One users with advanced application blocking and endpoint lockdown capabilities. You can run application inventories and create policy rules that only allow specific applications to execute on your endpoints. You can also create application control rules based on application category, vendor, or version. Vulnerability Protection Integration ------------------------------------ Integration with Vulnerability Protection protects Apex One users by automating the application of virtual patches before official patches become available. Trend Micro provides protected endpoints with recommended Intrusion Prevention rules based on your network performance and security priorities. Offline Predictive Machine Learning ----------------------------------- Predictive Machine Learning has been upgraded to provide offline protection against portable executable files. The lightweight, offline model helps protect all endpoints against unknown threats when a functional Internet connection is unavailable. Fileless Attack Protection -------------------------- Security Agent policies provide increased real-time protection against the latest fileless attack methods through enhanced memory scanning for suspicious process behaviors. Security Agents can terminate suspicious processes before any damage can be done. 3. Document Set ======================================================================== The document set for the Security Agent includes: * Readme file - Contains a list of known issues and basic installation steps. It may also contain late-breaking product information not found in the Help or printed documentation. * Help - HTML files compiled in WebHelp format that provide "how to's", usage advice, and field-specific information. The Help is accessible from the Security Agent console. * Knowledge Base - An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following website: http://esupport.trendmicro.com 4. System Requirements ======================================================================== The Security Agent can be installed on endpoints running Microsoft Windows platforms. The Security Agent is also compatible with various third-party products. Visit the following website for a complete list of system requirements and compatible third-party products: http://docs.trendmicro.com/en-us/enterprise/apex-one-as-a- service.aspx 5. Installation ======================================================================== The Apex One administrator in your organization is responsible for installing and upgrading Apex One. Contact the administrator if you have questions or concerns about the installation or upgrade. 6. Post-Installation Configuration ======================================================================== If your Apex One administrator grants you the privileges to modify scan settings, you can specify how Apex One handles security risks on your endpoint. To determine if you have the privileges to modify scan settings, open the Security Agent console and check if the "Settings" menu is active. You can open the console from the Start menu or from the icon in the system tray. * To open the console from the Start menu, select "Programs > Trend Micro Apex One > Security Agent". * To open the console from the system tray, right-click the Apex One icon and then select "Open Security Agent Console". 7. Known Issues ======================================================================== The following are the known issues in this release: Agent Installation, Upgrade, and Uninstallation ==================================================================== 1. When an application that locks the Windows Service Control Manager (SCM) is launched, the Security Agent cannot be installed or upgraded. Before upgrading or installing Apex One, ensure that no SCM-locking application is running. 2. Installing Security Agents to Windows 7 or Windows Server 2008 R2 using a GUEST OS running on VMware Workstation 6.x and below may cause the system to stop responding. This is because of compatibility issues with the Intel(TM) Network Adapter Driver. 3. The Security Agent program name does not display in all languages. 4. The Common Client Solution Framework service may not start if ¡§Microsoft Visual C++ 2017 Redistributable¡¨ was not installed successfully. To resolve this issue, ensure that you install the following Windows update to properly install Microsoft Visual C++ 2017 Redistributable: https://support.microsoft.com/en-us/help/2999226/update-for- universal-c-runtime-in-windows Scanning ==================================================================== 1. A Microsoft Hyper-V virtual machine might not be able to start if the host computer has Security Agent installed. This is because the Security Agent and Hyper-V virtual machine accesses the same Hyper-V xml file and causes file access violation. As a workaround: * Set exclusion folder for the virtual machine xml file located in C:\ProgramData\Microsoft\Virtual Machine Manager\. * Turn off file mapping scan by modifying the TmFilter/TmxpFilter registry value. 2. When specifying the scan target for Scheduled Scan, Scan Now and Real-time Scan, spyware/grayware scan can be disabled. However, for Manual Scan, there is no option for disabling spyware/ grayware scan, which means that during Manual Scan, Apex One will always scan for spyware/grayware. 3. When Apex One is configured to scan mapped drives during Manual Scan, the mapped drive may not get scanned when scanning is initiated through Terminal Service agent. 4. When an email containing an attachment with spyware/grayware is retrieved through Eudora email agent and POP3 Mail Scan is disabled, Apex One's Real-time Scan denies access to the email even if the scan action is "clean". The email does not appear on the inbox and the Eudora agent displays a message informing the user that access to the email is denied. 5. In a Citrix environment, when the Security Agent detects a security risk during a particular user session, the notification message for the security risk displays on all active user sessions. Security risk can be any of the following: * Virus/Malware * Spyware/Grayware * Firewall policy violation * Web Reputation policy violation * Unauthorized access to external devices 6. After updating the agent program, the "Prompt users before executing newly encountered programs downloaded through web or email application channels (Server platforms excluded)" setting does not take effect until the agent program or endpoint is restarted. 7. After pausing a manual scan with only a few files remaining, when you click the "Resume" button, the scan status does not change to "Scanning" because the scan already completed before the "Pause" action was executed. 8. After the Damage Cleanup Engine cleans a malicious file, the infection channel always displays as "Local or network drive" regardless of the actual source of the infection Agent Update ==================================================================== 1. Security Agents with agent-level settings can only download settings from the Apex One server, not Update Agents. 2. An Update Agent running a 64-bit platform is unable to generate incremental patterns. Therefore, the Update Agent always downloads all incremental patterns available in the ActiveUpdate server, regardless of how many of these patterns it has previously downloaded. Agent Management ==================================================================== 1. If the agent security level configured on the web console is set to "High", connection through Nortel VPN agent cannot be established. Data Loss Prevention ==================================================================== 1. Data transmitted through Instant Messaging applications are not detected if the applications use a non-transparent proxy server. 2. Security Agents with Data Loss Prevention enabled may encounter a high CPU usage issue when uploading large files through Box Sync. Web Reputation ==================================================================== 1. Agents can browse blocked sites if using Juniper Networks VPN and proxy servers to connect to the Internet. To resolve this issue: a. Connect to the network using Juniper Networks VPN. b. Open Internet Option > Connection > LAN Settings. c. Disable Automatic configuration settings. d. Enable Proxy server and specify the IP address and port of your proxy server. e. Click Ok. 2. If users access the Internet using Firefox and a proxy server, be sure that proxy settings in Internet Explorer have been configured. If proxy settings have not been configured in Internet Explorer, Web Reputation will not work, even if proxy settings have been configured in Firefox. 3. Due to the blocking of add-ons in Internet Explorer 10, HTTPS scanning only supports Windows 8, 10, or Windows 2012, 2016 platforms operating in desktop mode. Cloud Synchronization Channel Support ==================================================================== 1. Apex One does not provide support of the Windows 8.1 pre- installed OneDrive (SkyDrive) synchronization folder. Apex One logs malware infections for OneDrive (SkyDrive) as being in the "Local or network drive" channel. 2. If you disable the Unauthorized Change Prevention Service, the Security Agent may lock files during the sychronization process and prevent the files from synchronizing to the sync folder. To resolve this issue, enable the Unauthorized Change Prevention Service. 3. Apex One logs malicious files that do not include a portable executable extension as being in the "Local or network drive" channel. 4. Apex One logs malicious files synchronized to mounted drives as being in the "Local or network drive" channel. Application Control ==================================================================== 1. Security Agents do not update the Certified Safe Software Pattern if no other components have updates available. To resolve this issue, perform a manual update by clicking Update Now from the Security Agent console. 2. When matching applications using a certificate rule, Application Control can only perform property and attribute matching on the first digital signature listed on the certificate. Endpoint Sensor ==================================================================== 1. After copying a file to a remote server using a relative path as the source, Apex One is unable to translate the relative path into the full system directory. 8. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro(TM) Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2019, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and Apex One are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing information can be viewed from the Apex One web console.