Trend Micro, Inc.

May 2017

 

Trend Micro™ Endpoint Application Control

Version 2.0 Service Pack 1 Patch 1

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation, or online at http://olr.trendmicro.com

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: http://docsstg.trendmicro.com/en-us/survey.aspx

 

Contents


  1. About Trend Micro Endpoint Application Control
  2. What's New

  3. Document Set
  4. System Requirements
  5. Installation

  6. Post-installation Configuration
  7. Known Issues
  8. Release History
  9. Contact Information
  10. About Trend Micro
  11. License Agreement

 

1. About Endpoint Application Control 2.0 SP 1 Patch 1


Trend Micro™ Endpoint Application Control 2.0 SP 1 Patch 1 allows you to enhance your defenses against malware and targeted attacks by preventing unwanted and unknown applications from executing on your corporate endpoints. Using a web-based management console, administrators can set application control policies and monitor agents. The agent on the endpoints can be deployed using Trend Micro OfficeScan™. In addition, Endpoint Application Control server has been integrated into Trend Micro™ Control Manager™.

 

Back to top

 

 

2. What's New


Endpoint Application Control 2.0 SP 1 Patch 1 includes the following new feature and enhancements:

New Feature

Connected Threat Defense

Endpoint Application Control 2.0 SP 1 Patch 1 supports customized actions for suspicious objects identified by the Suspicious Object lists configured on a Trend Micro Control Manager to which your server is registered.

 

Back to top

Enhancement

Endpoint Application Control 2.0 SP 1 Patch 1 is enhanced for data processing, data transfer, and security.

 

Back to top

Resolved Known Issues

Trend Micro Endpoint Application Control 2.0 SP 1 Patch 1 resolves the following product issues:

For information regarding hotfix solutions and the enhancements available in Endpoint Application Control, go to: https://success.trendmicro.com/solution/1115495#collapse1

 

 

3. Document Set


The document set for the Endpoint Application Control server includes:

Download the latest version of the online help and readme at http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx

 

Back to top

 

 

4. Server Requirements


For information on server requirements and scaling recommendations, see Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx

 

Back to top

 

 

5. Installation


For information on server installation and upgrade, see Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx

 

Back to top

 

 

6. Post-installation Configuration


For information on post-installation configuration, see Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx

 

Back to top

 

 

7. Known Issues


The following are the known issues in this release:

Server

  1. The server web console renders unexpectedly due to incorrect resource file loading. To resolve this issue, clear the browser cache and refresh the web page.

  2. Endpoint Application Control is unable to properly detect system proxy settings that use SOCKS protocol. To resolve this issue, manually configure proxy settings on the Proxy Settings screen (Administration > Proxy Settings ).
  3. After Endpoint Application Control agents are installed using the Endpoint Application Control OfficeScan Plug-in, system accounts such as IUSR display in [Target Management]. This is normal behavior. Activity from these accounts should be tracked to allow administrators to monitor system account activity for non-standard behavior.
  4. Endpoint Application Control is unable to display correct processor and memory use information in the Server Summary widget (Dashboard > Summary). The information is calculated based on application scope where virtual memory and memory used by runtime platforms are ignored and data are collected by polling on a five-minute interval and by averaging the results. To determine the total current processor and memory use, including virtual and runtime platform memory, use Windows Task Manager.

  5. Unknown applications or files may appear under the Configure conflict resolutions (Management > Rules, Add/Edit Rule) screen. This issue may be caused by the following:

    To resolve this issue, you may need to do one or all of the following:

  6. The Key Performance Indicators widget displays "--" for periods that contain incomplete data because the Endpoint Application Control server is unable to distinguish between inactivity and absence of data . To resolve this issue, verify your log purging schedules (Logs > Maintenance screen) and make sure not to purge data at a schedule that cuts into any indicator schedules.
  7. A simple search can perform the search based on all data columns instead of the displayed columns due to processing resource and time considerations. To search within specific columns, use dynamic search. For more information about dynamic search, see the Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
  8. The Add or Edit Rule screen is unable to display correct path information where drive letters other than C or D will be missing if matching is based on File paths and Location: Any local storage is allowed. To resolve this issue, select Location: <empty> to display all matched paths.
  9. The Endpoint Application Control server web console is unable to resolve SHA-1 hash value shortcuts to their actual paths. In Windows, shortcuts are special link files. Unless otherwise implemented inside the web browser, shortcuts are not resolved to their target files. The Endpoint Application Control web console can only use the actual file, not the shortcut. To resolve this issue, follow the steps below:
    1. Click Select Files. The file window browser appears.
    2. Right-click the shortcut and select follow the shortcut.
    3. Select Open file location. The shortcut target appears.
    4. Click OK.
  10. Data entries in the Query screen (Logs > Query) may not be display in order when it is accessed for the first time. To resolve this issue, manually click a column name to sort.
  11. Widget data on Dashboard may not be updated immediately after changes are applied. To resolve the issue, do one of the following:
  12. While accessing the server web console, browser memory consumption can increase sharply depending on the browser type, browser version, and usage time. Some browsers may not call destruction events. To resolve the issue, do one or more of the following:
  13. Percentage information in the User and Endpoint Summary table and the chart may not always match. Charts display percentage among the top values, but the table shows the percentage relative to all values.
  14. On the Application, Rule, and Policy Events widget, the top and bottom values may disappear after deleting conditions and then reopening the settings page.
  15. The Period setting may not be saved for the Applications, Rule, and Policy Events widgets if they are also saved as templates. To resolve this issue, manually set Period for each of the Application, Rule, and Policy Events widget on your Dashboard. For more information, see the topic on Application, Rule, and Policy Events Widget in Endpoint Application Control online help: http://docs.trendmicro.com/en-us/enterprise/endpoint-application-control.aspx
  16. Endpoint Application Control agents of version 2.0 SP 1 Patch 1 do not support Endpoint Application Control server of versions prior to 2.0 SP 1 Patch 1. To resolve the issue, upgrade the server to version 2.0 SP 1 Patch 1 or later.
  17. Endpoint Application Control may experience a certificate chain error on a computer with which the server console is accessed remotely and that the server is installed on Internet Information Services. To resolve this issue, follow the steps below to import the root CA certificate from the server installation folder to the remote endpoint experiencing the issue:
    1. Deploy the root CA certificate.
      1. Go to the Endpoint Application Control server installation folder.
      2. Copy the CA certificate TMEAC_CA_Cer.pem and save it to the desktop.
      3. Rename the certificate file to a .CER file, for example, TM-CA.cer
    2. Configure the MMC Snap-in.
      1. On the server platform, go to the Start menu, run "mmc" and press Enter.
      2. Go to File > Add/Remove Snap-Ins.
      3. From the list of Available snap-ins, choose Certificates and click Add >.
      4. In the pop-up window, select Computer account and click Next.
      5. Select Another computer and browse for the remote computer experiencing the issue.
      6. Click Next to finish the configuration.
    3. Import the CA certificate.
      1. In the MMC, go to Console Root > Trusted Root Certificate Authorities/Certificates > Certificates.
      2. Right-click Trusted Root Certificate Authorities/Certificates.
      3. On the Context menu, click All Tasks > Import.
      4. Select the previously exported public key file that contains the TM-CA.cer file and import it.
      5. Verify that the CA is imported to the trust store.

Control Manager

  1. Endpoint Application Control server widgets only display data for the connected server, and are unable to display integrated data from multiple Endpoint Application Control servers. Endpoint Application Control only shares data across servers via Control Manager. To integrate data from several servers, the Control Manager version of widgets would need to implement their own logic and processing. To resolve the issue [cluster separate Endpoint Application Control servers to create a single source of data. Any server belonging to the cluster returns the same information to widgets.
  2. Control Manager is unable to display Server Summary (Dashboard > Summary) for servers of version 1.0 if servers of 2.0 or later versions are registered in your Control Manager server. To resolve this issue, do the following:
    1. Register any version 1.0 server in your Control Manager Server Visibility.
    2. Add the corresponding widget to the Dashboard.
    3. Register servers of 2.0 or later versions in Server Visibility.
  3. The Control Manager KPI widget will continue to display last known indicator values even when all Endpoint Application Control servers are removed. The widget only updates when new data is available. Consider deleting the widget if it is no longer needed.
  4. After removing all Endpoint Application Control servers from Server Visibility in Control Center, rules continue to display in the Rule Management widget. The widget only updates when new data is available. Consider deleting the widget if it no longer needed. The Rule Management widget caches rules in order to provide rule synchronization among connected Endpoint Application Control servers.
  5. Internet Explorer 10 sometimes displays a JavaScript error after clicking a Dashboard tab. To resolve this issue, do one of the following:
    1. Use an up-to-date browser version.
    2. Use a different supported browser.
  6. After updating from version 1.0 to 2.0 or later, Endpoint Application Control servers will not be able to send violation logs to Control Manager. To resolve this issue, register your updated Endpoint Application Control [servers] to Control Manager again.
  7. Endpoint Application Control servers are unable to register to Control Manager that has not been set up with proxy authentication. To resolve this issue, ensure the Control Manager is configured for  proxy authentication before registering Endpoint Application Control servers.

Back to top

 

 

8. Release History


For information on about updates to this product, go to: http://www.trendmicro.com/download

 

Back to top

 

 

9. Contact Information


A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com

Evaluation copies of Trend Micro products can be downloaded from our web site.

 

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

 

Back to top

 

 

10. About Trend Micro


Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtual, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com

Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

 

Back to top

 

 

11. License Agreement


Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/

License Attributions can be viewed from the Endpoint Application Control web console.

 

Back to top