To prevent other programs and even the user from modifying or deleting Security Agent files, Apex One provides several enhanced protection capabilities.
After enabling Protect files in the Security Agent installation folder, Apex One locks the following files in the root <Agent installation folder>:
-
All digitally-signed files with .exe, .dll, and .sys extensions
-
Some files without digital signatures, including:
-
bspatch.exe
-
bzip2.exe
-
INETWH32.dll
-
libcurl.dll
-
libeay32.dll
-
libMsgUtilExt.mt.dll
-
msvcm80.dll
-
MSVCP60.DLL
-
msvcp80.dll
-
msvcr80.dll
-
OfceSCV.dll
-
OFCESCVPack.exe
-
patchbld.dll
-
patchw32.dll
-
patchw64.dll
-
PiReg.exe
-
ssleay32.dll
-
Tmeng.dll
-
TMNotify.dll
-
zlibwapi.dll
-
After enabling Protect files in the Security Agent installation folder and Real-time Scan for virus/malware threats, Apex One performs the following actions:
-
File integrity checking before launching .exe files in the installation folder
During ActiveUpdate updates, Apex One verifies that the issuer of the file triggering the update is Trend Micro. If the issuer is not recognized as Trend Micro and ActiveUpdate cannot replace the incorrect file, Apex One logs the incident in the Windows event logs and blocks the update.
-
Prevents DLL hijacking
Some malware writers copy dynamic link library files to the Security Agent installation folder or the Behavior Monitoring folder with the purpose of loading these files before the agent loads. These files attempt to disrupt the protection offered by Apex One. To prevent the copying of hijacked files to the Security Agent folders, Apex One prevents the copying of files to the installation folder and Behavior Monitoring folder.
-
Prevents the locking of files using the "SHARE:NONE" setting in Windows