Trend Micro, Inc.

May 2017


Trend Micro™ Endpoint Application Control Agent

Version 2.0 Service Pack 1 Patch 1

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation, or online at

Trend Micro always seeks to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site: aspx



  1. About Trend Micro Endpoint Application Control
  2. What's New

  3. Document Set
  4. System Requirements
  5. Installation

  6. Post-installation Configuration
  7. Known Issues
  8. Release History
  9. Contact Information
  10. About Trend Micro
  11. License Agreement


1. About Endpoint Application Control 2.0 SP 1 Patch 1

Trend Micro™ Endpoint Application Control 2.0 SP 1 Patch 1 allows you to enhance your defenses against malware and targeted attacks by preventing unwanted and unknown applications from executing on your corporate endpoints. Using a web-based management console, administrators can set application control policies and monitor agents. The agent on the endpoints can be deployed using Trend Micro OfficeScan™. In addition, Endpoint Application Control server has been integrated into Trend Micro™ Control Manager™.


Back to top



2. What's New

Endpoint Application Control 2.0 SP 1 Patch 1 includes the following new feature and enhancements:

New Feature

There are no new features for this release.


Back to top

Resolved Known Issues

Trend Micro Endpoint Application Control 2.0 SP 1 Patch 1 resolves the following product issues:

For information regarding hotfix solutions and the enhancements available in Endpoint Application Control, go to:



3. Document Set

The document set for the Endpoint Application Control agent includes:

Download the latest version of the online help and the readme at


Back to top



4. Agent Requirements

For information on requirements for agent operating systems, see Endpoint Application Control online help:


Back to top



5. Installation

For information on agent deployment, see Endpoint Application Control online help:


Back to top



6. Post-installation Configuration

For information on post-installation configuration, see Endpoint Application Control online help:


Back to top



7. Known Issues

The following are the known issues with Endpoint Application agents in this release:

  1. After successfully deploying Endpoint Application Control agents using the System Center Control Manager (SCCM) framework, the agents do not send return codes to SCCM, and SCCM returns a timeout error. To verify if the deployment is successful, make sure your agents appear in the Users and Endpoints screen ( Management > Users and Endpoints) of the Endpoint Application Control web console.

  2. Rules that match files and applications using SHA-1 Hash Values allow files and applications to execute if these files and applications are added to the system during or after an inventory scan. To monitor newly added files and applications, perform another inventory scan and then establish rules that match using Certified Safe Software Selection List, File Paths, or Certificates.
  3. Policies that use the Trusted Source feature add hash values of allowed applications to the Endpoint Application Control agent database, but Endpoint Application Control agents do not remove these hash values when the policies are deleted. To resolve this issue, disable the Trusted Source policy that added the hash values you want to delete, and reinstall the agent to create a new agent database.
  4. Self-protection on Windows XP is limited due to Microsoft's end of support. As a result, Trend Micro only provides limited support for this feature on Window XP platforms.
  5. Endpoint Application Control does not terminate already-running applications using Kernel-level blocking. This is a normal behavior because the feature only blocks applications from starting up, but ignores already running applications. For more details about kernel-level blocking, see About Blocking Methods in the Endpoint Application Control online help:
  6. When Kernel-level blocking is enabled, Endpoint Application Control considers folder opening as files (in the folder) being started. This is a normal behavior because the Endpoint Application Control agent receives a load event from the kernel-level driver when Windows Explorer loads a file. In some instances, Windows Explorer opens files to load information displayed to the user. The Endpoint Application Control agent is notified of such events because they are indistinguishable from instances of the file "starting".
  7. Process protection does not work if OfficeScan 11 is installed on the endpoint.
  8. In lockdown mode, files that match SHA-1 hash values specified in Allow rules are prevented from running if the matched files did not exist in the system when the lockdown mode was enabled. This is a normal behavior because locked-down Endpoint Application Control automatically allows any applications that existed in the environment before lockdown was enabled and ignores Allow rules that match using SHA-1 hash values, Known application dynamic search, or Certified Safe Software list to avoid redundant processing. To resolve the issue, do any of the following:
  9. The Windows 2003 platform does not display the Endpoint Application Control system tray icon.
  10. Critical system files may be blocked during lockdown if policies are misconfigured to block these files. To prevent this from happening, make sure to enable Always allow all applications in the Windows directory for lockdown rules.
  11. The AcAgentService service may stop during the deployment of HTTP proxy settings to 32-bit agents installed on Windows Vista or Windows 7 platforms. To resolve the issue, restart the AcAgentService service.
  12. Endpoint Application Control agents of version 2.0 SP 1 Patch 1 do not support Endpoint Application Control server of versions prior to 2.0 SP 1 Patch 1. To resolve the issue, upgrade the server to version 2.0 SP 1 Patch 1 or later.
  13. OfficeScan Plug-in Manager does not support deployment of Endpoint Application Control agents of version 2.0 SP 1 Patch 1 using the standard active update procedure. To resolve the issue, follow the steps in the Upgrading section, Endpoint Application Online Help to deploy Endpoint Application Control agents using Plug-in Manager:
  14. Endpoint Application Control may experience a certificate chain error on a computer with which the server console is accessed remotely and that the server is installed on Internet Information Services. To resolve this issue, follow the steps below to import the root CA certificate from the server installation folder to the remote endpoint experiencing the issue:
    1. Deploy the root CA certificate.
      1. Go to the Endpoint Application Control server installation folder.
      2. Copy the CA certificate TMEAC_CA_Cer.pem and save it to the desktop.
      3. Rename the certificate file to a .CER file, for example, TM-CA.cer
    2. Configure the MMC Snap-in.
      1. On the server platform, go to the Start menu, run "mmc" and press Enter.
      2. Go to File > Add/Remove Snap-Ins.
      3. From the list of Available snap-ins, choose Certificates and click Add >.
      4. In the pop-up window, select Computer account and click Next.
      5. Select Another computer and browse for the remote computer experiencing the issue.
      6. Click Next to finish the configuration.
    3. Import the CA certificate.
      1. In the MMC, go to Console Root > Trusted Root Certificate Authorities/Certificates > Certificates.
      2. Right-click Trusted Root Certificate Authorities/Certificates.
      3. On the Context menu, click All Tasks > Import.
      4. Select the previously exported public key file that contains the TM-CA.cer file and import it.
      5. Verify that the CA is imported to the trust store.

Back to top



8. Release History

For information on about updates to this product, go to:


Back to top



9. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at

Evaluation copies of Trend Micro products can be downloaded from our web site.


Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.


Back to top



10. About Trend Micro

Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtual, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit

Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.


Back to top



11. License Agreement

Information about your license agreement with Trend Micro can be viewed at

License Attributions can be viewed from the Endpoint Application Control web console.


Back to top