Table of contents
Topics on this page

workload-security_whats-new 1

Trend Cloud One - Endpoint & Workload Security and Trend Vision One - Endpoint Security Server & Workload Protection can now install Trend Vision One Endpoint Security agent via Deep Security Agent. For more information, see Install Trend Vision One Endpoint Security agent via Deep Security Agent.

workload-security_whats-new 2

The agent process wildcard exclusion is now supported. On Linux, this requires Deep Security Agent version 20.0.1-21510 or later. On Windows, this requires Deep Security Agent version 20.0.1-25770 or later.

workload-security_whats-new 3

The enhanced recommendation scan improves upon the classic recommendation scan by optimizing efficiency, reliability, and accuracy when identifying security rules for Intrusion Prevention, Integrity Monitoring, and Log Inspection. Based on your system's required security rules, the scan delivers recommendations with optimized performance and fewer limitations. Whether run manually or scheduled for automated scanning, enhanced recommendation scan can apply recommended rules for regular protection with minimal disruption and reduced strain on system resources. For more information, see Enhanced recommendation scan.

workload-security_whats-new 4

In Trend Cloud One - Endpoint & Workload Security, the process image file list is now part of the inheritance exclusion list and is applied to real-time exclusions. The setting is available through Anti-Malware > Exclusions > Real-time > Process Image File List.

workload-security_whats-new 5

Deep Security Agent version 20.0.2-1390 (20 LTS Update 2025-01-15) and later supports Windows Server 2025.

workload-security_whats-new 6

Any configurationType other than REAL_TIME(0) ignores the excludedScanProcessFileListID column provided in a payload. This affects REST requests that add or update malware scan configurations for MANUAL(1) or SCHEDULED(2):

  • POST {{c1ws_rest}}/policies/antimalware/scanConfigs
  • PUT {{c1ws_rest}}/policies/antimalware/scanConfigs/{scanConfigId}

workload-security_whats-new 7

Deep Security Agent self-protection is now supported on Linux. This requires Deep Security Agent version 20.0.0-5953 (20 LTS Update 2022-11-22) or later.

workload-security_whats-new 8

On Linux, Deep Security Agents with Anti-Malware and Activity Monitoring enabled can now control the CPU usage in Trend Cloud One - Endpoint & Workload Security. This requires Deep Security Agent version 20.0.1-4540 (20 LTS Update 2024-03-20) or later.

workload-security_whats-new 9

Deep Security Agent version 20.0.1-23340 (20 LTS Update 2024-11-13) and later supports Windows 11, version 24H2.

workload-security_whats-new 10

Deep Security Agent version 20.0.1-21510 (20 LTS Update 2024-10-31) and later supports Anti-Malware, Activity Monitoring, and SAP Scanner for Red Hat Enterprise Linux 9 (PowerPC little-endian). This requires Deep Security Manager version 20.0.979 or later.

workload-security_whats-new 11

Deep Security Agent version 20.0.1-19250 (20 LTS Update 2024-09-18) and later supports Ubuntu 24.04, including Secure Boot. This requires Deep Security Manager version 20.0.954 or later.

workload-security_whats-new 12

Deep Security Agent version 20.0.1-14610 (20 LTS Update 2024-07-20) and later supports SUSE Linux Enterprise Server 15 for Arm v8. This requires Deep Security Manager version 20.0.935 or later.

workload-security_whats-new 13

Deep Security can show customized malware detection messages. Set up custom messages in the management console (Administration > System Settings > Agents > Agent Notification).

workload-security_whats-new 14

Deep Security Agent can test the connection to the management server.

workload-security_whats-new 15

Deep Security Agent shows the date for the most recent component update.

workload-security_whats-new 16

Deep Security Agent version 20.0.1-12510 (20 LTS Update 2024-06-26) and later supports Red Hat Enterprise Linux 8.6 (PowerPC little-endian).

workload-security_whats-new 17

Deep Security Agent version 20.0.1-7380 and later supports the majority of features for SUSE Linux Enterprise Server 12 SP5 (PowerPC little-endian), with the exception of Integrity Monitoring, Application Control, and Trend Vision One (XDR).

workload-security_whats-new 18

Deep Security Agent version 20.0.1-7380 and later now supports the majority of features for SUSE Linux Enterprise Server 15 SP2, SP3, SP4 (PowerPC little-endian), with the exception of Integrity Monitoring, Application Control, and Trend Vision One (XDR).

workload-security_whats-new 19

Uninstalling Deep Security Agent did not remove all folders associated with the agent.

workload-security_whats-new 20

Using the new release of Deep Security Agent requires upgrading agents with the new version 20.0.1-690. For details, see Platform support updates for Deep Security Agent (DSA) version revision in January 2024 Update Release

workload-security_whats-new 21

Trend Vision One Endpoint Security and Trend Cloud One integrated with Trend Vision One can now use Virtual Desktop Infrastructure (VDI) operations on endpoints without needing the image setup tool. Enable this feature in System Settings by selecting Allow Vision One Virtual Desktop Infrastructure (VDI) support and cloned virtual machines. Before enabling this feature, be aware of the following:

  • Enabling VDI support locks three system settings:
    • If a computer already exists: Reactivate the existing computer
    • Reactivate cloned agents: True
    • Reactivate unknown agents: True
  • The number of hosts in the computer list may vary.

This enhancement also resolves these issues:

  • Trend Cloud One - Endpoint & Workload Security and Trend Vision One Endpoint Security Server & Workload Protection would mistake multiple endpoints as the same endpoint.
  • The detection log for Trend Vision One and the endpoint inventory for Trend Vision One Endpoint Security would mistake agents installed on one device as a different endpoint.

workload-security_whats-new 22

Deep Security Agent 20.0.0-8438 and later supports Windows 11 23H2.

workload-security_whats-new 23

Deep Security Agent 20.0.0-8438 and later supports Debian Linux 12.

workload-security_whats-new 24

Using the new release of Deep Security Agent (DSA) requires upgrading agents with the new DSA revision in January 2024. For details, see Platform support updates for Deep Security Agent (DSA) version revision in January 2024 Update Release.

workload-security_whats-new 25

Azure AD is now referred to as Microsoft Entra ID in Trend Cloud One - Endpoint & Workload Security UI, online help, and API documentation following the product name change by Microsoft in July 2023. For details, see Microsoft's Glossary of Updated Terminology

workload-security_whats-new 26

As part of the SNS update, time zones in the description of the system events in Trend Cloud One - Endpoint & Workload Security are no longer converted to the local time zone to match security events.

workload-security_whats-new 27

Deep Security Agent version 20.0.0-8138 and later supports Miracle Linux 9, including FIPS mode and Secure Boot. This requires Deep Security Manager version 20.0.844 or later.

workload-security_whats-new 28

Deep Security Agent version 20.0.0-7719 and later supports Miracle Linux 8, including FIPS mode. This requires Deep Security Manager version 20.0.817 or later.

workload-security_whats-new 29

Deep Security Agent now allows users to trigger a manual scan by right-clicking on a file or folder and selecting Scan with Deep Security Agent.

workload-security_whats-new 30

Deep Security Agent 20.0.0-7303 (20 LTS Update 2023-06-28) supports Amazon Linux 2023 (AWS ARM-based Graviton 2). This requires Deep Security Manager 20.0.789 or later.

workload-security_whats-new 31

Deep Security Agent 20.0.0-7303 (20 LTS Update 2023-06-28) now supports Amazon Linux 2023. This requires Deep Security Manager 20.0.789 or later.

workload-security_whats-new 32

The integration of Trend Cloud One - Endpoint & Workload Security with Trend Vision One has been deprecated. In the past, users integrated Trend Vision One with Trend Cloud One - Endpoint & Workload Security (C1WS > Administration > Vision One (XDR)). Now, to check the Trend Vision One integration status, users must use the Trend Cloud One console (Integrations > Vision One).

workload-security_whats-new 33

Trend Cloud One - Endpoint & Workload Security enables adding multiple scan directory lists, scan file lists, and scan file extension lists (Computer or Policy > Details > Anti-Malware > Inclusions or Policy > Details > Anti-Malware > Exclusions).

workload-security_whats-new 34

Deep Security Agent 20.0.0-6912 (20 LTS Update 2023-05-02) is available for Red Hat Enterprise Linux Workstation 7.

workload-security_whats-new 35

Deep Security Agent 20.0.0-6912 (20 LTS Update 2023-05-02) is available for AlmaLinux 9.

workload-security_whats-new 36

Trend Cloud One - Endpoint & Workload Security now supports adding Proxy Auto-Configuration (PAC) for the proxy server. This requires Deep Security Agent 20.0.0.6860 or later. To add a PAC proxy, see Connect to Trend Cloud One - Endpoint & Workload Security and Relays via Proxy Auto-Configuration (PAC) proxy. This feature only supports Windows.

workload-security_whats-new 37

Improvements have been made to more accurately count security events that are used in dashboard widgets and reports. Duplicate events are no longer being counted and may result in event count total disparity after the upgrade. This is a staged release and may not be immediately available in your region.

workload-security_whats-new 38

Deep Security Agent 20.0.0-6658 for Linux and Unix has been released.

This release includes:

  • Oracle Linux 9 support, including FIPS mode and Secure Boot support.
  • Logging system improvements to help debug customer issues.
  • OS platform metadata for Web Reputation Service.
  • Several resolved issues.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 39

A change has been made to the way core Trend Cloud One - Endpoint & Workload rules are updated. Core Trend Cloud One - Endpoint & Workload rules that were unassigned by users now remain unassigned after rule updates.

workload-security_whats-new 40

There is no longer a deadline to switch from Static Ips to FQDNs to access Trend Cloud One - Endpoint & Workload Security. This means that Trend Cloud One - Endpoint & Workload Security accounts created prior to November 23, 2020 can continue to use their Deep Security Agents to access Trend Cloud One - Endpoint & Workload Security by using the static IP addresses provided in Port numbers, URLs, and IP addresses.

workload-security_whats-new 41

Trend Cloud One - Endpoint & Workload Security now supports the Windows Server platform for Device Control. This requires Deep Security Agent 20.0.0-6313 or later. See (Supported features by platform)[https://cloudone.trendmicro.com/docs/workload-security/supported-features-by-platform/#microsoft-windows] for the supported list.

workload-security_whats-new 42

Trend Cloud One - Endpoint & Workload Security now allows agents for Windows platforms to trigger a manual scan from the Trend Micro notifier application for specified folders only. This requires Deep Security Agent version 20.0.0-5995 or later.

workload-security_whats-new 43

Deep Security Agent for macOS version 20.0.0-183 and later now supports macOS Ventura (13.0.1 and later). This is currently only available for Trend Cloud One - Endpoint & Workload Security customers.

workload-security_whats-new 44

Trend Cloud One - Endpoint & Workload Security now supports the Mobile (MTP/PTP) Read Only protocol of Device Control for Windows 11. This requires Deep Security Agent version 20.0.0-5810 or later.

workload-security_whats-new 45

Trend Cloud One - Endpoint & Workload Security can now be set to automatically assign all core Trend Cloud One - Endpoint & Workload Rules to your policy when a Rule Update occurs. For details, see Configure Trend Cloud One - Endpoint Security.

workload-security_whats-new 46

Trend Cloud One - Endpoint & Workload Security now allows administrators to control which anti-malware related common objects each role can access. For details, see Manage role-based access control for common objects.

workload-security_whats-new 47

After upgrading the Deep Security Agent package for Windows from version 20.0.0-5761 to 20.0.0-5810, a reboot is required to solve an issue causing systems to crash. This issue affects agents for all Windows platforms.

For more information, including steps detailing an upgrade and reboot, please see BSOD Encountered During Uninstall of Deep Security Agent 20.0.0-5761.

workload-security_whats-new 48

Deep Security Agent version 20.0.0-5761 has been released.

This release includes:

  • Improved installed software reporting on agents for Windows.
  • SAP Scanner support for Oracle Linux 7.
  • Several enhancements and resolved issues.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 49

When registered with Trend Vision One, Trend Cloud One - Endpoint & Workload Security now supports additional Remote Shell commands on Deep Security Agent version 20.0.0-182 and later for macOS. For details, see Trend Vision One (XDR) Remote Shell - Supported Commands.

workload-security_whats-new 50

You can now register for Trend Cloud One and sign up for Single Sign One from Trend Vision One. For details, see Integrate Trend Cloud One - Endpoint & Workload Security with Trend Vision One.

workload-security_whats-new 51

Trend Cloud One - Endpoint & Workload Security now supports Windows OS proxy exclusion when OS proxy is applied. For details, see Enable OS proxy. This feature is currently only supported on Windows platforms and is available for Trend Cloud One - Endpoint & Workload Security customers in all regions.

workload-security_whats-new 52

The Active Directory Connector allows Trend Cloud One - Endpoint & Workload Security to use your Active Directory structure. This feature synchronizes AD computer objects, creates grouping structure, and relocates systems to use their AD Organizational Unit structure. Please note that this connector requires a Cloud One Data Center Gateway. For more details see AD connector documentation.

workload-security_whats-new 53

Trend Cloud One - Endpoint & Workload Security accounts that sign in to Trend Cloud One are now redirected to the Identity Providers page. This page allows users to connect to an identity provider from Trend Cloud One rather than connecting through Trend Cloud One - Endpoint & Workload Security. For accounts already using the workload-only SAML, the login page will be unchanged.

workload-security_whats-new 54

Trend Cloud One - Endpoint & Workload Security now supports forwarding Device Control events to Trend Vision One. Customers must be registered with Trend Vision One to support this feature. For details, see Integrate Trend Cloud One - Endpoint & Workload Security with Trend Vision One.

workload-security_whats-new 55

Agent version 20.0.0-5512 has been released.

This release includes:

  • Multi-thread support for On-demand and Scheduled Scans on agents for Linux and Unix.
  • Additional host metadata and installed software details reported by agents for Linux.
  • Several resolved issues and security updates.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 56

When registered with Trend Vision One, Workload Security now supports the process memory dump Remote Shell command on Deep Security Agent version 20.0.0-5512 or later for Windows. For details, see Trend Vision One (XDR) Remote Shell.

workload-security_whats-new 57

Trend Cloud One - Endpoint & Workload Security now supports having agents trigger or cancel a manual scan from the Trend Micro notifier application (Computer or Policy editor > Anti-Malware > General) Once the checkbox Allow agent to trigger or cancel a manual scan from Trend Micro's notifier application has been selected, the notifier application will display the Scan section. Available for Windows and macOS agents.

workload-security_whats-new 58

Agent version 20.0.0-5394 has been released.

This release includes:

  • Support for Ubuntu 22.04 (AWS ARM-based Graviton 2) and AIX 7.3. These platforms require Deep Security Manager version 20.0.677 or later.
  • Several enhancements and resolved issues

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 59

Trend Cloud One - Endpoint & Workload Security customers running Deep Security Agent for macOS (version 20.0.0-173 or later) can now use Remote Shell through the Trend Vision One Portal. For details, see Trend Vision One (XDR) Remote Shell.

workload-security_whats-new 60

Trend Cloud One - Endpoint & Workload Security now includes port 443 by default in the values for the setting "Ports to monitor for potentially harmful web pages" (Computer or Policy editor > Web Reputation > Advanced). Port 443 is included by default in addition to the existing default ports 80 and 8080. When using Trend Cloud One - Endpoint & Workload Security with Deep Security Agent version 20.0.0.5137 or later, the Web Reputation feature can now protect all default ports, including 443, on both Linux and Windows when native TLS libraries or communication channels are being used.

workload-security_whats-new 61

Trend Cloud One - Endpoint & Workload Security now allows agents to apply OS proxy or direct connect when the configured proxy is unavailable. To enable this option, open the Administration tab and go to System Settings > Proxies. Ensure that Yes is selected for Allow agents to apply OS proxy or direct connect when the configured proxy is inaccessible. This feature supports Windows and macOS.

workload-security_whats-new 62

When registered with Trend Vision One, Trend Cloud One - Endpoint & Workload Security can now run remote custom script tasks for customers using Deep Security Agent version 20.0.0-5137 or later for Linux or Windows.

workload-security_whats-new 63

Trend Cloud One - Endpoint & Workload Security now allows agents to trigger all scheduled scans for malware. To enable this feature, select Anti-Malware > General, then ensure that Enable agent to trigger scheduled scans for malware is selected. This feature is available for Trend Cloud One - Endpoint & Workload Security customers in all regions.

workload-security_whats-new 64

Trend Cloud One - Endpoint & Workload Security accounts created prior to November 23, 2020 may still be allowing their Deep Security Agents access to Trend Cloud One - Endpoint & Workload Security by using static IP addresses provided on the Port numbers, URLs, and IP addresses documentation page. Starting on December 31, 2022, the Agent will connect only by using the fully-qualified domain names (FQDNs) and not by using IP addresses. To avoid service interruptions, customers filtering outbound traffic from their protected workloads to the outside internet must ensure they configured their firewall to add allowlist entries for the URLs listed at Port numbers, URLs, and IP addresses prior to December 31, 2022. If you do not filter outbound traffic or you are already using FQDNs, there is no action required.

How do I know whether I need to change something in my environment?

If your network is filtering outbound traffic to the internet using any static IP addresses listed on this page, you must update your firewall's allowlist to use the domain-name URLs instead of the IPs.

workload-security_whats-new 65

Deep Security Agent version 20.0.0-158 (20 LTS Update 2022-07-11) is now available for macOS.

This is currently available only for Trend Cloud One - Endpoint & Workload Security customers. For details, see What's new in the agent.

workload-security_whats-new 66

Device Control enables Trend Cloud One users to manage access to both USB mass storage and mobile devices on server and desktop machines. Administrators can use Device Control to set user permission levels (Full Access, Read-Only, or Blocked) to comply with their organization's security policy and avoid data loss, leakage, and security risk. Device Control is available for Deep Security Agent for Windows (version 20.0.0.4959+) and for macOS (version 20.0.0-158+).

workload-security_whats-new 67

When starting Trend Cloud One - Endpoint & Workload Security, Trend Cloud One users will now have their username imported and displayed alongside the URN under System Events (Events & Reports > Events > System Events). All system events generated after these changes were made will reflect this update.

workload-security_whats-new 68

As of June 15th 2022, the Log4j Assessment has been retired.

Please refer to Trend Micro's Log4j security alert for more information on Trend Micro's coverage of Log4j and resources to protect your environment.

workload-security_whats-new 69

Agent version 20.0.0-4726 has been released.

This release includes:

  • Enhancements to Deep Security Relay that enable it to record its status and other metrics for potential troubleshooting.
  • Several resolved issues and security updates.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 70

Agent version 20.0.0-4416 has been released.

Some highlights include:

  • Enhanced Intrusion Prevention performance with the "Bypass Network Scanner" rule applied.
  • Improved compatibility for Deep Security Agent on systems running Windows Defender in passive mode.
  • Several resolved issues and security updates.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 71

Trend Cloud One - Endpoint & Workload Security now provides an option to allow agents to trigger all scheduled scans for malware. To enable the option, from the computer editor, select Anti-Malware > General, then ensure that Enable agent to trigger scheduled scans for malware is selected. This feature is still in preview and is currently available only for Trend Cloud One - Endpoint & Workload Security customers in the jp-1 region.

workload-security_whats-new 72

Trend Cloud One - Endpoint & Workload Security now provides an option to create a task to upgrade agents that supports setting a time zone for the task. Previously, agents were upgraded based on the UTC time zone. You can see the new option by going to Administration > Scheduled Tasks and selecting Scheduled Agent Upgrade Task as the task type. This feature is available only for Deep Security Agent version 20 on Windows and Linux platforms.

workload-security_whats-new 73

Major improvements to relays were introduced with agent version 20.0.0-3445+. These changes are in still in preview and are only available for certain Trend Cloud One - Endpoint & Workload Security customers at this time.

Earlier versions of the relay downloaded every agent software package supported by Trend Cloud One - Endpoint & Workload Security (all versions, all platforms). This took approximately 400 GB of disk space and the download could take several hours to complete.

Relays that use agent version 20.0.0-3445+ are a reverse proxy and only download the agent packages that are deployed in your environment. These new relays use a maximum of 50 GB of disk space and can use as little as 2 GB, depending on your environment. After deployment, the relay is ready to serve packages within 1 minute. For details, see Improvements to the relay.

workload-security_whats-new 74

With real-time Integrity Monitoring enabled, Integrity Monitoring delete events were not being generated for files that were edited before being deleted.

workload-security_whats-new 75

Updated Deep Security Agent to correctly display the host's IP address in the "LastIpUsed" field. Previously, the field displayed the load balancer or proxy IP in environments using one of those.

workload-security_whats-new 76

Updated Trend Cloud One - Endpoint & Workload Security to display the correct user IP address during authentication. The console previously recorded the CloudFront IP address in authentication-related logs, such as the user sign in event. This issue only affected new accounts created on or after August 4, 2021.

workload-security_whats-new 77

New agents now use a domain from your Trend Cloud One region to connect to XDR activity monitoring rather than an AWS provided domain. Agents that have already connected to XDR Activity Monitoring will be transitioned to use the new URL on April 4, 2022. Agents that have been unable to connect to XDR Activity Monitoring will be updated with the new URL earlier in the transition period to fix connectivity issues.

Why is Trend making this change?

Trend Micro is transitioning the URLs used for XDR Activity Monitoring from AWS-provided FQDNs to FQDNs for your Trend Cloud One region. This means you do not have to keep an entry in your firewall allowlist for the AWS-provided URL, and can simply rely on your existing entry if you have one.

How do I know whether I need to change something in my environment? What should I change?

If you do not filter outbound traffic, there is no action required. If you filter outbound traffic in your environment:

  • If you are already allowlisting the wildcard domain for your region (for example, *.workload.us-1.cloudone.trendmicro.com), there is no action required. After the transition period, your agents that connect to Activity Monitoring will automatically update to use the new URL during their next communication with Trend Cloud One - Endpoint & Workload Security.
  • If you cannot allowlist wildcard domains, you must add the FQDN starting with agent-comm for your Trend Cloud One region to your firewall's allowlist. This FQDN is listed on the Port numbers, URLs, and IP addresses page.

workload-security_whats-new 78

Trend Micro will soon be discontinuing the "Free - Maximum 5 Protected Computers" license offering for Trend Cloud One - Endpoint & Workload Security and Deep Security as a Service. Customers currently using this license option will need to transition to a supported payment option before March 15th, 2022 to avoid any potential interruption of service. Please see Free - 5 Computers End of Support for Trend Micro Cloud One - Workload Security and Deep Security as a Service for more information.

workload-security_whats-new 79

Trend Cloud One - Endpoint & Workload Security's trust entities New Ruleset window (Application Control Rulesets > Trust Entities > Trust Ruleset > New) had its "OK" and "Close" buttons blocked on some screen resolutions.

workload-security_whats-new 80

Trend Micro will soon remove the app.deepsecurity.trendmicro.com login page for Trend Cloud One - Endpoint & Workload Security and will redirect all visitors to cloudone.trendmicro.com. Please use your existing credentials to sign in to Trend Cloud One at cloudone.trendmicro.com. Note: This change does not affect accounts using SAML single sign-on.

workload-security_whats-new 81

Agent support for some legacy platforms had been extended annually. Those platforms now have a defined EOL date. For detailed EOL dates, see Support extensions in Deep Security LTS lifecycle dates.

workload-security_whats-new 82

You can now exclude files from Anti-Malware scanning based on their digital certificate. This feature is currently supported for agent version 20.0.0-3445+ on Windows platforms only. For details, see Exclude files signed by a trusted certificate.

workload-security_whats-new 83

Trend Cloud One - Endpoint & Workload Security now provides an option that enables agents to run scheduled scans when the agent is offline and can't access Trend Cloud One - Endpoint & Workload Security. This feature is supported with agent version 20.0.3445+ on Windows platforms. See Run scheduled scans when Trend Cloud One - Endpoint & Workload Security is not accessible.

workload-security_whats-new 84

Fixed an issue where some customers in Trend Cloud One regions outside of the US were not able to add a GCP account to Trend Cloud One - Endpoint & Workload Security.

workload-security_whats-new 85

Addressed an issue where Trend Cloud One - Endpoint & Workload Security did not keep email addresses for Trend Cloud One users when trying to set the primary contact.

workload-security_whats-new 86

The agent (version 20.0.0-3445+) now supports Windows Server 2022. For details, see Supported features by platform.

workload-security_whats-new 87

The azureARMVirtualMachineSummary object in computers API response now includes the azureresourceid, allowing you to get the azureresourceid of your Azure VMs by calling Computers API (List Computers).

workload-security_whats-new 88

Trend Cloud One - Endpoint & Workload Security was sending suspicious objects to the agent even after the objects' expire time had ended.

workload-security_whats-new 89

Agent version 20.0.0.3445 has been released.

Some highlights include:

  • Anti-Malware offline scheduled scan: The agent (version 20.0.0-3445+ for Windows) adds the offline scheduled scan feature, enabling Anti-Malware scheduled scans to run while an agent is not connected to Trend Cloud One - Endpoint & Workload Security. This feature is only available to certain Trend Cloud One - Endpoint & Workload Security customers at this time.
  • Enhancements to database size management, TLS security, and the Application Control trust entities feature.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 90

To further improve integration between Trend Cloud One and Trend Cloud One - Endpoint & Workload Security, user email addresses from Trend Cloud One are now imported directly into Trend Cloud One - Endpoint & Workload Security user properties. This means that the same user cannot have a different email in Trend Cloud One and Trend Cloud One - Endpoint & Workload Security. Users can still send reports to a custom contact and send alerts to a custom email. This change only affects new accounts created on or after August 4, 2021.

workload-security_whats-new 91

The new Application Control Trust Entities feature for Trend Cloud One - Endpoint & Workload Security is now being rolled out in some regions. Trust entities lets you configure trust rules to auto-authorize software changes in your environments, reducing the number of software changes and security events you need to manage manually. Note that when Trust Entities becomes available in your region, you will also see Application Control "Software Rulesets" (previously known as "Application Control Rulesets") under Policies > Common Objects > Rules > Application Control.

workload-security_whats-new 92

To further improve integration between Trend Cloud One and Trend Cloud One - Endpoint & Workload Security, user email addresses from Trend Cloud One will soon be imported directly into Trend Cloud One - Endpoint & Workload Security's user properties. This change will mean that the same user cannot have a different email in Trend Cloud One and Trend Cloud One - Endpoint & Workload Security. Users will still be able to send reports to a custom contact and send alerts to a custom email. This change only affects new accounts created on or after August 4, 2021.

workload-security_whats-new 93

You can now choose when to perform kernel support package updates, using the new Automatically update kernel package when agent restarts option in the computer or policy editor. For details, see Manage kernel support package updates

workload-security_whats-new 94

The azureARMVirtualMachineSummary object in the computers API response now includes the instanceID, allowing you to get the Instance IDs of your Azure VMs by calling Computers API (List Computers).

workload-security_whats-new 95

Resolved an issue where the Anti-Malware Protection Status widget on the Trend Cloud One - Endpoint & Workload Security dashboard displayed "Unable to load widget".

workload-security_whats-new 96

The default timeout for Trend Vision One (XDR) registration has changed from 60 seconds to 70 seconds.

workload-security_whats-new 97

Agent version 20.0.0.3288 has been released.

Some highlights include:

  • Evolution of the agent installer: The agent installer now installs most agent content.
  • Enhanced platform support: Added AlmaLinux 8, Rocky Linux 8, Ubuntu 20.04 (AWS ARM-Based Graviton 2), and Ubuntu 18.04 (AWS ARM-Based Graviton 2).
  • Secure boot support: Added Oracle Linux 7 and Oracle Linux 8.

For detailed information on what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 98

To limit redundancy, users with a Trend Cloud One account created on or after August 4, 2021 will no longer see legacy UI items in the Trend Cloud One - Endpoint & Workload Security console for elements that are controlled at the Trend Cloud One account level, such as API keys and user role assignments.

workload-security_whats-new 99

Resolved an issue where when creating custom Log Inspection, Integrity Monitoring, or Intrusion Prevention rules, the date wasn't displayed in the Issued and Last Updated fields.

workload-security_whats-new 100

Agent version 20.0.0.3165 has been released to Trend Cloud One - Endpoint & Workload Security customers. However, it will not be made available on the Deep Security Agent software download page or released to customers using Deep Security Manager. For information about what's included in this version, see What's New in Deep Security Agent.

workload-security_whats-new 101

The Trend Cloud One - Endpoint & Workload Security console now displays messages when a GCP account synchronization is in progress.

workload-security_whats-new 102

Trend Cloud One - Endpoint & Workload Security now has two scan action options for Windows Anti-Malware Scan Interface (AMSI). You can select either "Pass" or "Terminate" (under Anti-Malware > General > Real-Time Scan > Malware Scan Configuration > Edit > General > Windows Antimalware Scan Interface (AMSI)).

workload-security_whats-new 103

Resolved an issue that caused some system event descriptions to display "No description".

workload-security_whats-new 104

Trend Cloud One - Endpoint & Workload Security now supports the use of Azure tags to assign policies automatically using event-based tasks and to group computers together using smart folders.

workload-security_whats-new 105

Trend Cloud One - Endpoint & Workload Security now supports cost allocation tagging for customers buying through AWS Marketplace, allowing you to track usage and cost with your AWS account using Trend Cloud One. For more information, see Use cost allocation tags to check usage by cloud account.

workload-security_whats-new 106

Updated the agent to improve TLS traffic inspection. This feature is being rolled out gradually, beginning with Trend Cloud One - Endpoint & Workload Security customers.

workload-security_whats-new 107

Trend Cloud One - Endpoint & Workload Security sometimes took much longer than expected to turn on Maintenance Mode for Application Control (Computers > Application Control > General > Maintenance Mode).

workload-security_whats-new 108

The scheduled maintenance period for Trend Cloud One accounts created before 2018-10-31 is being extended. Accounts that have already undergone scheduled maintenance will not be impacted by this extension. Any accounts that still require maintenance will have a maintenance window assigned to them before 2021-12-30.

For more information see Trend Cloud One Maintenance.

workload-security_whats-new 109

Trend Cloud One will soon be phasing in a new account and user management system, with an updated Sign In page.

Users who sign up for Trend Cloud One after the release of this new system will only require their Email and Password to log in through the Email Address Sign In.

Existing Trend Cloud One users must continue to use their current credentials (Account, Username, and Password) to log in through the Account & Username Sign In. No action is required for current customers. Existing accounts will be transitioned to the new email-based sign in at a later date.

workload-security_whats-new 110

As baselines have grown larger and workloads have become more dynamic, the ability to support the Integrity Monitoring baseline in the Trend Cloud One - Endpoint & Workload Security console has become increasingly challenging. Trend Micro is committed to evolving the design of Integrity Monitoring to meet the performance and operational needs of customers. Through discussions with customers, it was determined that in its current form, this feature was not delivering the value to offset the performance and operational overhead required to maintain this data. The first step in this process is to remove the Integrity Monitoring baseline capability from the Trend Cloud One - Endpoint & Workload Security console. This means that the View Baseline, Trusted Source Tagging, and Integrity Monitoring Baseline Report will no longer be available. For customers who subscribed after July 12, 2021 and are using agent version 20.0.0-2593 or later, the baseline is already removed. For customers who subscribed before that date, Trend Micro will not remove the baseline until January 1, 2022.

To view the Integrity Monitoring baseline, generate an agent diagnostic package.

For more information, see the following: Removal of the Integrity Monitoring "view baseline" option from Trend Cloud One - Endpoint & Workload Security and Removal of the Integrity Monitoring Baseline Report from Trend Cloud One - Endpoint & Workload Security

workload-security_whats-new 111

This release adds XDR Network Isolation support to Deep Security Agent version 20.0.0-2593 and later. Following Trend Vision One onboarding, you can now isolate potentially compromised endpoints from the rest of your network. For more information see Trend Vision One (XDR) Network Isolation.

workload-security_whats-new 112

Smart Feedback is enabled by default for new accounts. Smart Feedback shares protected threat information with the Smart Protection Network (SPN), allowing Trend Micro to rapidly identify and address new threats. For more information, please see Smart Protection in Trend Cloud One - Endpoint & Workload Security.

workload-security_whats-new 113

Anti-Malware Real-Time Scan Configuration policies sometimes did not reset to their inherited value properly.

workload-security_whats-new 114

After disabling microservices using console commands, Trend Cloud One - Endpoint & Workload Security sometimes failed to restart.

workload-security_whats-new 115

An account permissions issue sometimes caused Trend Vision One registration to fail or display the wrong status (under Administration > System Settings > Trend Micro One).

workload-security_whats-new 116

You can now protect your SAP deployments using Trend Cloud One - Endpoint & Workload Security, helping to secure critical information from attack, including a wide variety of threats such as malware, cross-site scripting and SQL injection. Trend Cloud One - Endpoint & Workload Security scans content uploaded to the SAP NetWeaver technology platform to determine its true type and reports this to SAP systems via the NetWeaver-VSI interface. Content scanning protects against possible malicious script content that might be embedded or disguised inside documents. SAP administrators can then set policy according to which document types should be allowed. For more information, see Integrate with SAP NetWeaver.

workload-security_whats-new 117

The "What's New in Workload Security" RSS feed will no longer receive notifications. For details on updates and new features for Trend Cloud One - Endpoint & Workload Security, or any other Trend Cloud One services, please subscribe to the What's New in Trend Cloud One RSS feed.

workload-security_whats-new 118

Trend Cloud One - Endpoint & Workload Security maintenance notifications have been moved to the Trend Cloud One maintenance page to consolidate all maintenance info in one place. The Trend Cloud One maintenance page has an RSS feed that you can use to get notifications about any upcoming maintenance.

workload-security_whats-new 119

Trend Cloud One - Endpoint & Workload Security sometimes created "Software Changes Detected" warnings (in the Alerts tab) for software that was already allowed, and sometimes encountered alerts which would reappear after a user had already resolved them.

workload-security_whats-new 120

Updated Endpoint & Workload Security's Default Real-Time Scan Configuration (Computers > Details > Anti-Malware > General > Real-Time Scan > Malware Scan Configuration) to enable Behavior Monitoring and Predictive Machine Learning by default.

Newer agents (20.0.0.1559 and higher on Windows, and 20.0.0-1822 and higher on Linux) will have "Use custom actions" set to "Pass" by default, and will log Anti-Malware Events. Older agents will have Behavior Monitoring turned off if their Possible Malware "action to take" is set to "Pass."

workload-security_whats-new 121

Behavior Monitoring is now supported on Linux for agent version 20.0.0-1822+.

workload-security_whats-new 122

Added a predefined "Deep Security Migration" role containing all rights required to migrate Deep Security software over to Trend Cloud One - Endpoint & Workload Security.

workload-security_whats-new 123

When you imported and then deleted an agent package from Trend Cloud One - Endpoint & Workload Security, direct downloads sometimes failed afterwards.

workload-security_whats-new 124

For new tenants, the following Trend Cloud One - Endpoint & Workload Security settings will no longer appear in the Administration tab:

  • Heartbeat Interval
  • Number of Heartbeats that can be missed before an alert is raised

For existing tenants, the settings above will be gradually removed starting May 26, 2021.

These changes are due to a new agent-manager communication design, and should have minimal impact on users. Policy changes will still be applied immediately, and the Trend Cloud One - Endpoint & Workload Security console can still trigger requests for agents to get any accumulated events on demand as required.

workload-security_whats-new 125

As of 2021-04-21, Trend Micro will no longer offer Trend Cloud One - Endpoint & Workload Security through the Azure Marketplace for new customers. Existing subscribers are not affected by this change and can continue to use and pay for the service through the Azure Marketplace. If you are a new customer looking to leverage pay-as-you-go hourly billing, please see Trend Cloud One on the AWS Marketplace.

workload-security_whats-new 126

Anti-Malware Scan scheduled tasks that had timed out were sometimes starting again instead of triggering a "Scheduled Task Skipped" event as expected.

workload-security_whats-new 127

Updated Trend Cloud One - Endpoint & Workload Security to provide more information during AWS account synchronization, with banner notifications after starting synchronization (Computers > Right- or- double-click an AWS account > Synchronize Now) and events created when synchronization is requested or completed (Events & Reports > System Events).

workload-security_whats-new 128

Updated Trend Cloud One - Endpoint & Workload Security to support additional Remote Shell commands for agent version 20.0.0-2204+ for Windows and Linux. For more information, see the Supported commands section of the Remote Shell article.

workload-security_whats-new 129

Duplicate instances were sometimes created for AWS connectors in Trend Cloud One - Endpoint & Workload Security.

workload-security_whats-new 130

Updated Trend Cloud One - Endpoint & Workload Security to provide a clearer description for Upgrade Agent Software (Administration > Updates > Software > Upgrade Agent/Appliance Software).

workload-security_whats-new 131

Trend Cloud One - Endpoint & Workload Security sometimes became unable to synchronize with an AWS connector after it had been renamed.

workload-security_whats-new 132

Updated Trend Cloud One - Endpoint & Workload Security to improve "Search Computer API" and "List Computer API" performance.

workload-security_whats-new 133

Aligned agent package naming with the Download Center.

workload-security_whats-new 134

The Trend Cloud One - Endpoint & Workload Security RSS feed did not notify subscribers of the Scheduled Maintenance announcement made on March 1. To recap that announcement: "Scheduled Maintenance will be required for all Trend Cloud One accounts that were created before 2018-10-31. For more information see Trend Cloud One Maintenance."

workload-security_whats-new 135

Updated Trend Cloud One - Endpoint & Workload Security to make the "Computer Description" field for Smart Folders usable as a search criteria (Computers & Smart Folders).

workload-security_whats-new 136

Trend Cloud One - Endpoint & Workload Security "System Event Reports" (Events & Reports > Generate Reports) sometimes showed no firewall event data even if there were Firewall Events (Events & Reports > Events > Firewall Events) during the report period.

workload-security_whats-new 137

This release adds XDR Remote Shell support to agent version 20.0.0-2009. Following Trend Vision One onboarding, you can now run commands directly through the XDR-integrated Remote Shell. For more information see Trend Vision One (XDR) Remote Shell.

workload-security_whats-new 138

The Service Level Agreement (SLA) has been updated. This SLA now includes all Trend Cloud One services and replaces the prior Trend Cloud One - Endpoint & Workload Security/Deep Security as a Service SLA.

workload-security_whats-new 139

Links were sometimes not clickable from the "Computer status" widget of the Dashboard tab, and from "Agent/Appliance Upgrade Recommended (New Version Available)" alerts opened from the List View of the Alerts tab.

workload-security_whats-new 140

Scheduled maintenance will be required for all Trend Cloud One accounts that were created before 2018-10-31. For more information see Trend Cloud One Maintenance.

workload-security_whats-new 141

Trend Cloud One - Endpoint & Workload Security "System Event Reports" (Events & Reports > Generate Reports) sometimes had no data in the section for "Most Active Computers Ranked by Number of System Events."

workload-security_whats-new 142

Updated Trend Cloud One - Endpoint & Workload Security to improve wildcard functionality for file and directory exclusions (Policies > Common Objects > Other > Malware Scan Configurations). Details on wildcard use are provided in the Exclusions tab of any File List or Directory List.

workload-security_whats-new 143

Trend Cloud One - Endpoint & Workload Security sometimes timed out when attempting to generate a report (Events & Reports > Generate Reports).

workload-security_whats-new 144

Applying certain filters to Integrity Monitoring events (Events & Reports > Events > Integrity Monitoring) caused an extended delay before the events were displayed.

workload-security_whats-new 145

Beginning 2021-03-31, Trend Micro will no longer accept credit card payments for Trend Cloud One - Endpoint & Workload Security or Deep Security as a Service. Customers currently subscribed using the credit card billing option through Trend Micro's billing partner, Cleverbridge, will need to transition to a supported payment option before March 31st to avoid any potential interruption in service.

workload-security_whats-new 146

Beginning 2021-03-01, Trend Micro will no longer offer Deep Security as a Service | Annual + Pay as You Go subscription options to new subscribers on the AWS Marketplace. If you are currently subscribed you can continue to use the service until the end of your term, and there will be no impact to usage of the service. For more details on AWS subscription changes, please see https://cloudone.trendmicro.com/docs/billing-and-subscription-management/billing-aws-change/. This service is now available as part of Trend Cloud One on AWS Marketplace.

workload-security_whats-new 147

On 2021-03-01, Trend Micro is adding additional static IP addresses for the relays hosted by Trend Cloud One - Endpoint & Workload Security. If you are using an Trend Cloud One - Endpoint & Workload Security account created on or before 2020-11-23 and apply egress traffic policy based on the static IP addresses defined in Port numbers, URLs, and IP addresses, read Addition of new static relay IP's for Cloud One accounts created before 2020-11-23 for details on this change and the action required to ensure your service continues without interruption.

workload-security_whats-new 148

Trend Cloud One - Endpoint & Workload Security has added compliance for ISO27014, ISO27017 and now has a SOC 2 and SOC 3 report available. For details, please see the Trend Cloud One Trust Center.

workload-security_whats-new 149

In the Computers tab of Trend Cloud One - Endpoint & Workload Security, when the Create Group(s) button was clicked, it sometimes failed to display the Add Group(s) pop-up menu properly.

workload-security_whats-new 150

Trend Cloud One - Endpoint & Workload Security was unable to install the correct relay version under some Linux configurations.

workload-security_whats-new 151

After completing Trend Vision One onboarding, some roles (Administration > User Management > Roles) did not have the correct rights assigned to them.

workload-security_whats-new 152

The agent now supports Amazon Linux 2 on AWS ARM-based Graviton 2. The agent currently supports the Firewall, Intrusion Prevention, and Web Reputation protection modules. Other protection modules are coming soon.

workload-security_whats-new 153

This release adds support for Behavior Monitoring on the Linux platform.

workload-security_whats-new 154

This release adds support for Anti-Malware on the AIX platform.

workload-security_whats-new 155

For subscribers to the Trend Cloud One listing on AWS, the hourly price of Extra Large and Not Cloud instances has been reduced from $0.06 USD to $0.045 USD per instance. Note: This change applies only to the Trend Cloud One listing, the pricing for the Trend Micro Deep Security listing is unchanged.

workload-security_whats-new 156

Updated vCenter to make changing an NSX Manager simpler by using the Remove NSX Manager button (Properties > NSX Manager) rather than editing the Manager Address: field.

workload-security_whats-new 157

Trend Cloud One - Endpoint & Workload Security XDR Activity Monitoring is now out of preview and generally available to all customers. When Activity Monitoring is enabled, additional information is collected by Trend Cloud One - Endpoint & Workload Security and forwarded to Trend Micro XDR to provide correlated detection and root cause analysis capabilities.

workload-security_whats-new 158

When Trend Cloud One - Endpoint & Workload Security generated a new certificate for an agent that already had one, there were sometimes connection issues.

workload-security_whats-new 159

You were unable to do an advanced search on Events & Reports > Firewall Events > Advanced Search with the Search criteria set to "Action" and "Fail Open" entered as the search value.