March 2024

March 28, 2024—Your security on the go. Receive notifications and alerts, check your organization's Risk Index, and get a summary of the most recent Workbench alerts, all from your mobile device. Learn more

The Trend Vision One mobile app is available in the Google Play Store and the App Store (iPhone & iPad).

March 28, 2024 — You can now perform Collect File and Submit for Sandbox Analysis response actions on Virtual Network Sensor agents. You can initiate response actions from the context or response menu and monitor task status in the Response Management app.

For more information, see Response actions.

March 27, 2024— Now Container Security can support Google GCP GKE. Just add Cluster in the Container Security app and install the Helm script into GKE according to our installation steps. You can see GKE's Cluster, Node, and Pod appear in the Tree view on the left. inside. If the user uses the Map to Cloud Account function, relevant information will also appear in the Attack Surface Risk Management app.

March 25, 2024 — As a pre-release preview feature, Cloud Accounts now supports connecting Google Cloud (GCP) projects to Trend Vision One. Connecting your Google Cloud project allows Trend Vision One to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Once connected, cloud accounts and assets from your Google Cloud projects are visible in the Cloud Posture and Attack Surface Discovery apps under Attack Surface Risk Management. For more information, see Google Cloud projects.

March 25, 2024—Managed XDR customers can use Case Management to receive direct communication from the Trend Micro managed services team to get incident alerts and recommended remediation actions.

March 25, 2024—Container Security now supports Microsoft Azure AKS. Just add the cluster in the Container Security app and install the Helm script into AKS according to our installation steps. You can see AKS's Cluster, Node, and Pod appear in the Tree view on the left. inside. If the user uses the Map to Cloud Account function, relevant information will also appear in the Attack Surface Risk Management app.

March 25, 2024 — Trend Vision One now supports mapping of user roles directly to groups defined in customers' identity providers, removing the need to add individual user and group accounts for all users to sign in to Trend Vision One.

For more information, see Adding an IdP-Only SAML Group Account.

March 25, 2024 — After March 25, 2024, endpoints removed from Endpoint Inventory, whether by a user or by the inactive agent removal settings, automatically reconnect when powered on and reappear in the Endpoint Inventory. Endpoints removed before March 25, 2024, do not automatically reconnect.

For more information, see:

March 25, 2024 — With a new data center located in the UAE, Trend Vision One now delivers services and solutions to customers in the Middle East and Africa regions, marking a milestone in the commitment of Trend Micro to providing worldwide support.

For more information, see Getting started with Trend Vision One.

March 25, 2024 — Users may now change the default ports for services such as data proxy, authentication proxy, and ICAP/ICAPS services configured on the Internet Access On-Premises Gateway. Configure custom ports from Service Gateway Management. For more information, see Service Gateway services.

March 25, 2024 — Zero Trust Secure Access Internet Access now offers support for the AWS Middle East and Africa Region. Users in the region may configure their service FQDNs to reflect the new location.

For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

March 25, 2024 — You may now add computers in Server & Workload Protection from Active Directory servers connected through Third-Party Integration. Configure your Active Directory server information just once without the need for adding a data center gateway. When adding computers, choose the new method or continue to add servers directly in Server & Workload Protection.

March 25, 2024 — You can now customize the columns displayed in asset lists for all asset types in Attack Surface Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.

March 25, 2024 — The Attack Surface Discovery accounts page now has a "Discovered by" column for both domain and service accounts to show the data source that has discovered the account. Use the "Discovered by" filter to search for accounts from the selected data source.

March 25, 2024 — Agentless Vulnerability & Threat Detection now supports vulnerability scanning on container images of your Amazon ECR container images when you enable the feature for your AWS accounts in Container Inventory. You can also enable Runtime Scanning for your Kubernetes clusters in Trend Vision One — Container Security and enable to scan for vulnerabilities in related Kubernetes container images.

March 22, 2024 — In addition to specifying blocked email senders, Cloud Email and Collaboration Protection allows you to define a list of blocked email header fields and specify the action to take on matching emails in Advanced Spam Protection.

March 22, 2024 — Cloud Email and Collaboration Protection supports dynamic URL scanning for Teams Chat to further analyzes URLs posted in chats in real-time to detect phishing URLs.

March 22, 2024 — Cloud Email and Collaboration Protection allows you to define a list of SHA-1 hash values of files to exclude from scanning by Trend Micro Predictive Machine Learning.

March 22, 2024 — Cloud Email and Collaboration Protection provides you the option to allow your end users to report emails through its add-in to mailboxes you have specified. Administrators can easily access the reported emails to analyze, investigate, and take necessary actions.

March 20, 2024 — Cloud Email Gateway Protection supports analyzing the DMARC reports for your managed domains. With the report analysis results, you can easily monitor trends and identify anomalies in emails sent on behalf of your managed domains.

March 11, 2024 — The Attack Surface Discovery device list now includes an endpoint group column to show the endpoint group name for each managed device. Use the “Endpoint group” filter to search for managed devices from specified endpoint groups.

March 11, 2024 — You may now allow endpoints to bypass user authentication on configured cloud and on-premises gateways. To bypass user authentication, endpoints must connect using a private IP address specified by the administrator. When connecting to the internet through an Internet Access gateway, endpoints using the specified private IP addresses are included as a user in the Internet Access user count for credit calculation. This feature is not available on the default cloud gateway when connecting outside of defined locations.

March 11, 2024 — Zero Trust Secure Access has added support for the Wintun TUN adapter in the available service modes for traffic forwarding on Windows Secure Access Modules. Select the TUN (Wintun) service mode in the Secure Access Module global settings if your users' devices require greater traffic throughput.

March 5, 2024 — The Runtime Security scout component has been updated to allow for the download of larger Runtime Security rule files. Customers should upgrade clusters that are running scout versions older than 2.3.26 (template version 1.0.8 for ECS) to the latest available version to ensure that they have access to new Runtime Security rules as they become available. Older versions of scout continue to receive rules and your existing installations retain their protection, but they cannot be updated as frequently with new rules due to file size limitations.

Instructions on upgrading Runtime Security:

March 5, 2024 — The Azure Well-Architected Framework compliance standard report and associated rule mappings in Cloud Posture have been updated to conform with the latest version of the Azure Well-Architected Framework released in October 2023. In turn, the July 2022 version of the Azure Well-Architected Framework will no longer be available in Cloud Posture from June 1, 2024. The removed version will no longer be accessible in filters, preventing the creation of new reports or report configurations with the outdated standard. This means that you will no longer be able to generate new PDF or CSV reports using report configurations that include the outdated compliance standard. However, any PDF or CSV reports already created remain available for download. Trend Micro recommends that you update your report configurations to use the latest version of the framework by June 1, 2024.

March 4, 2024 — The Available Actions quick filters have been updated with two new behaviors:

Additionally, a new category of filters has been added for Sensor Maintenance Recommended. You can follow the recommended actions to resolve any issue the endpoints might have.

March 4, 2024—Case Management can now close cases that have not received updates for over 60 days.

Three days before closing, Case Management sends a notification to remind the case owner to update the case.