Trend Micro, Inc.
Trend Micro™ Endpoint Application Control Agent
Version 2.0 Service Pack 1 Patch 1
This readme file is current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation, or online at http://olr.trendmicro.com
Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey. aspx
- About Trend Micro Endpoint Application Control
- Document Set
- System Requirements
- Post-installation Configuration
- Known Issues
- Release History
- Contact Information
- About Trend Micro
- License Agreement
1. About Endpoint Application Control 2.0 SP 1 Patch 1
Trend Micro™ Endpoint Application Control 2.0 SP 1 Patch 1 allows you to enhance your defenses against malware and targeted attacks by preventing unwanted and unknown applications from executing on your corporate endpoints. Using a web-based management console, administrators can set application control policies and monitor agents. The agent on the endpoints can be deployed using Trend Micro OfficeScan™. In addition, Endpoint Application Control server has been integrated into Trend Micro™ Control Manager™.
Back to top
2. What's New
Endpoint Application Control 2.0 SP 1 Patch 1 includes the following new feature and enhancements:
There are no new features for this release.
Back to top
Resolved Known Issues
Trend Micro Endpoint Application Control 2.0 SP 1 Patch 1 resolves the following product issues:
For information regarding hotfix solutions and the enhancements available in Endpoint Application Control, go to: https://success.trendmicro.com/solution/1115495#collapse1
3. Document Set
The document set for the Endpoint Application Control agent includes:
- Online help : Discusses getting started information, server and agent installation procedures, and server and agent management.
- Readme file: Contains a list of known issues and references for installation requirements and procedures. It may also contain late-breaking product information not found in the Help or printed documentation.
- Knowledge Base: An online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following web site: http://esupport.trendmicro.com
Download the latest version of the online help and the readme at http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
Back to top
4. Agent Requirements
For information on requirements for agent operating systems, see Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
Back to top
For information on agent deployment, see Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
Back to top
6. Post-installation Configuration
For information on post-installation configuration, see Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
Back to top
7. Known Issues
The following are the known issues with Endpoint Application agents in this release:
After successfully deploying Endpoint Application Control agents using the System Center Control Manager (SCCM) framework, the agents do not send return codes to SCCM, and SCCM returns a timeout error. To verify if the deployment is successful, make sure your agents appear in the Users and Endpoints screen ( Management > Users and Endpoints) of the Endpoint Application Control web console.
- Rules that match files and applications using SHA-1 Hash Values allow files and applications to execute if these files and applications are added to the system during or after an inventory scan. To monitor newly added files and applications, perform another inventory scan and then establish rules that match using Certified Safe Software Selection List, File Paths, or Certificates.
- Policies that use the Trusted Source feature add hash values of allowed applications to the Endpoint Application Control agent database, but Endpoint Application Control agents do not remove these hash values when the policies are deleted. To resolve this issue, disable the Trusted Source policy that added the hash values you want to delete, and reinstall the agent to create a new agent database.
- Self-protection on Windows XP is limited due to Microsoft's end of support. As a result, Trend Micro only provides limited support for this feature on Window XP platforms.
- Endpoint Application Control does not terminate already-running applications using Kernel-level blocking. This is a normal behavior because the feature only blocks applications from starting up, but ignores already running applications. For more details about kernel-level blocking, see About Blocking Methods in the Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
- When Kernel-level blocking is enabled, Endpoint Application Control considers folder opening as files (in the folder) being started. This is a normal behavior because the Endpoint Application Control agent receives a load event from the kernel-level driver when Windows Explorer loads a file. In some instances, Windows Explorer opens files to load information displayed to the user. The Endpoint Application Control agent is notified of such events because they are indistinguishable from instances of the file "starting".
- Process protection does not work if OfficeScan 11 is installed on the endpoint.
- In lockdown mode, files that match SHA-1 hash values specified in Allow rules are prevented from running if the matched files did not exist in the system when the lockdown mode was enabled. This is a normal behavior because locked-down Endpoint Application Control automatically allows any applications that existed in the environment before lockdown was enabled and ignores Allow rules that match using SHA-1 hash values, Known application dynamic search, or Certified Safe Software list to avoid redundant processing. To resolve the issue, do any of the following:
- Edit the policy. On the Add or Edit Policy screen, expand Deployment. Then, under Deploy the full policy in the following conditions, select Endpoint starts applying lockdown rules.
- Edit the allow rule. On the Add or Edit Rule screen, under Allowed applications, add applications using only File Paths or Certificates methods. For more information, see the topic on Add or Edit Rule Screen in the Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
- Add a lockdown rule to the policy. On the Add or Edit Lockdown Rule screen, expand Applications excluded from lockdown, and then add the file using any method. For more information, see the topic on Rules Screen in the Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
- The Windows 2003 platform does not display the Endpoint Application Control system tray icon.
- Critical system files may be blocked during lockdown if policies are misconfigured to block these files. To prevent this from happening, make sure to enable Always allow all applications in the Windows directory for lockdown rules.
- The AcAgentService service may stop during the deployment of HTTP proxy settings to 32-bit agents installed on Windows Vista or Windows 7 platforms. To resolve the issue, restart the AcAgentService service.
- Endpoint Application Control agents of version 2.0 SP 1 Patch 1 do not support Endpoint Application Control server of versions prior to 2.0 SP 1 Patch 1. To resolve the issue, upgrade the server to version 2.0 SP 1 Patch 1 or later.
- OfficeScan Plug-in Manager does not support deployment of Endpoint Application Control agents of version 2.0 SP 1 Patch 1 using the standard active update procedure. To resolve the issue, follow the steps in the Upgrading section, Endpoint Application Online Help to deploy Endpoint Application Control agents using Plug-in Manager: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
- Endpoint Application Control may experience a certificate chain error on a computer with which the server console is accessed remotely and that the server is installed on Internet Information Services. To resolve this issue, follow the steps below to import the root CA certificate from the server installation folder to the remote endpoint experiencing the issue:
- Deploy the root CA certificate.
- Go to the Endpoint Application Control server installation folder.
- Copy the CA certificate TMEAC_CA_Cer.pem and save it to the desktop.
- Rename the certificate file to a .CER file, for example, TM-CA.cer
- Configure the MMC Snap-in.
- On the server platform, go to the Start menu, run "mmc" and press Enter.
- Go to File > Add/Remove Snap-Ins.
- From the list of Available snap-ins, choose Certificates and click Add >.
- In the pop-up window, select Computer account and click Next.
- Select Another computer and browse for the remote computer experiencing the issue.
- Click Next to finish the configuration.
- Import the CA certificate.
- In the MMC, go to Console Root > Trusted Root Certificate Authorities/Certificates > Certificates.
- Right-click Trusted Root Certificate Authorities/Certificates.
- On the Context menu, click All Tasks > Import.
- Select the previously exported public key file that contains the TM-CA.cer file and import it.
- Verify that the CA is imported to the trust store.
Back to top
8. Release History
For information on about updates to this product, go to: http://www.trendmicro.com/download
Back to top
9. Contact Information
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com
Evaluation copies of Trend Micro products can be downloaded from our web site.
Global Mailing Address/Telephone numbers
For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm
The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
Back to top
10. About Trend Micro
Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtual, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com
Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.
Back to top
11. License Agreement
Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/
License Attributions can be viewed from the Endpoint Application Control web console.
Back to top