Table of contents
Topics on this page

Archived Workload Security release notes

You can find Workload Security release notes from previous years. For current Workload Security release notes, see the new Trend Cloud One Updates page.

2020 release notes


Date Type Release notes
Dec. 18 Enhancement Updated the License Agreement link on the Trend Micro Cloud One Sign Up page to display the appropriate agreement for the user's selected country.
Dec. 18 Resolved issue In some cases, Workload Security was unable to find the correct database info to identify AWS instances.
Dec. 18 Resolved issue The "AWS Contract License Exceeded" alert sometimes occurred even though the number of protected computers did not exceed the limit.
Dec. 18 Resolved issue Due to a connectivity issue, the Trend Micro Cloud One signup form reCAPTCHA was sometimes failing, and some customers were not receiving the intended automated email following account signup.
Dec. 11 Action Required The SNS "EventID" field will be deprecated and replaced with a new "UniqueID" field. To minimize the impact, we will continue to send the "EventID" field, but after January 18th, 2021 the value will always be set to 0. Please use the "UniqueID" field as the unique identifier for SNS events.
Dec. 10 Information

Starting December 10 2020, customers subscribed to the Trend Micro Cloud One listing on AWS will see usage for Workload Security consolidated to 4 billing dimensions, instead of the previous 8. There is no change in price to your services and no change to how your usage is calculated and charged.

Usage prior to this change will still be charged on the previous dimensions, so you may see a combination of the previous and updated dimensions in this month's bill.

Dec. 10 Resolved Issue vCenter performance issues were sometimes caused by an unstable connection to the database, resulting in unexpected "VMware vCenter Synchronization Requested Finished" events in Events & Reports > System Events.
Dec. 08 New feature

You can now add your VMWare vCenter accounts to Workload Security. Adding a vCenter account to Workload Security allows Workload Security to retrieve your virtual machine inventory from the vCenter server. This provides visibility to all workloads from vCenter as well as automated management of the lifecycle of these workloads (which is consistent with adding accounts from AWS, Azure, or Google Cloud Accounts to Workload Security).

For customers that are familiar with Workload Security, the addition of this support provides a consistent experience with the features and functionality that you are already familiar with.

Adding a vCenter account to Workload Security requires a new component called the data center gateway. For more information, see setup a data center gateway.

Dec. 04 Information The newsfeed feature has been removed from the Workload Security console. For the latest news on product changes, see "What's new in Workload Security?". You can also subscribe to the RSS feed (linked at the top of the page) for updates.
Dec. 04 Enhancement Added a "URLs and IP Addresses" section under Support which links to additional information regarding Workload Security connectivity.
Dec. 04 Resolved issues When you created a new user, the language of the console switched to whatever language the user was set to.


Date Type Release notes
Nov. 25 Resolved issue When the agent was using agent-initiated communication, the agent went offline when the agent certificate was updated.
Nov. 02 Information Starting on 2020-11-23, all new Workload Security accounts that require a traffic policy to be applied to egress traffic originating from agent connections to Workload Security must use DNS names, rather than IP addresses. This change is driven by the continued evolution of our service to meet the needs of our customers. For all existing customers, we recognize reasonable lead time is required to coordinate this type of change with your internal teams. To minimize the impact to existing customers we will continue to honour static IP addresses for two years (end of life on 2022-12-31) for any Deep Security as a Service or Workload Security account created prior to 2020-11-23.

For more information about which DNS names to allow, see Port numbers, URLs, and IP addresses


Date Type Release notes
Oct. 23 Resolved issue The settings on Policies > Settings > Advanced could not be changed because the Inherited option could not be deselected.
Oct. 14 Information Starting October 14th, 2020, customers subscribed to the Trend Micro Cloud One listing on AWS Marketplace will see usage displayed and metered in "units" instead of "host / hour". There is no change in price to your services and no change to how your usage is calculated and charged.

Usage prior to this change will still appear as "host / hour" so you may see a combination of "host / hour" and "units" in this month's line items.

Oct. 14 Scheduled maintenance System maintenance for Workload Security is scheduled for Saturday October 24th, 2020 between 11:00 and 19:00 GMT. For details, see Trend Micro Cloud One Maintenance.
Oct. 13 Resolved issue There were detection issues with real-time Anti-Malware scans.


Date Type Release notes
Sep. 30 Enhancement Enhanced the description of the "Activation Failed" event to specify why the event occurred.
Sep. 29 New Feature Updated the alert email for Workload Security to point to the Workload Security documentation site.
Sep. 25 New feature The "UniqueID" field has been added to all events that are forwarded to Amazon SNS. The "UniqueID" field will replace the "EventID" field, which is now deprecated.
Sep. 25 Enhancement Workload Security help links, both for context sensitive links and search bar links, point to the Trend Micro Cloud One Docs site instead of the Deep Security Help Center.
Sep. 10 Resolved issue The "Ransomware Event History" widget on the console displayed incorrect information.
Sep. 09 Enhancement The pager numbers, phone numbers or mobile numbers listed on the User Properties window (click your email at the top and select User Properties) of Workload Security can be configured to exceed more than 30 digits.
Sep. 09 Enhancement The an incorrect number of overrides were displayed on Computer/Policy Editor > Overrides.


Date Type Release notes
Aug. 24 Enhancement Improved the "Scheduled report sending failed" error message by adding a more thorough description. For more information, see Troubleshoot: Scheduled report sending failed.
Aug. 24 Enhancement Updated the New Malware Scan Configuration Properties (Policies > Common Objects > Malware Scans > New) default settings to match the default settings for the Default Malware Scan Configuration Properties.
Aug. 24 Resolved issue In the Workload Security console, the agent occasionally appeared to have an error despite the error already being resolved.
Aug. 24 Resolved issue The Workload Security console sometimes showed the incorrect Log Inspection status.
Aug. 10 New feature The Agent Version Report has been created in order for you to view a summary of how many agents are using a specific agent version, the percentage of total agents each version is using, and an overview of how many agents are online and how many are offline, all of which are broken down based on the agent's platform (OS). To generate the report, go to Events & Reports > Generate Reports > Single Report > New > Agent Version Report.
Aug. 06 Enhancement Updated the "My User Summary" widget on the console and the "User and Contact Report" (Events & Reports > Generate Reports > Single Report) to reflect the logins that have occurred in the last 30 days.
Aug. 05 Resolved issue The Workload Security session cookie is no longer passed from AWS to Workload Security when you sign up, which meant that if you were already signed in to Workload Security, you were unable to upgrade to a paid account through the AWS Marketplace. If you have already signed in to Workload Security, you're once again able to upgrade your account from "Free-Trial" to "Paid through AWS Marketplace".


Date Type Release notes
Jul. 31 Information The Deep Security 20 Long-Term Support Agent has been released for use with Workload Security. For a list of new features, see What's new in Deep Security Agent?.

The new Deep Security 20 Agent has been released to the download center and will be available in all Workload Security accounts by August 4th.

Jul. 29 Resolved issue The "AWS Contract License Exceeded" alert sometimes occurred even though the number of protected computers did not exceed the limit.
Jul. 24 Enhancement Reduced the time it takes to validate GCP service accounts when you change your GCP Account Properties configuration. Previously, this took a long time when there were a large number of auto-generated GCP projects.
Jul. 22 Resolved issue The Computer Status widget on the console did not display the correct number of managed computers.
Jul. 16 Enhancement Added file hash values to Anti-Malware events that have been exported to CSV (Events & Reports > Anti-Malware Events > Export > Export to CSV).
Jul. 07 New feature Integrate Workload Security with AWS Control Tower to ensure that every account added through Control Tower Account Factory is automatically provisioned in Workload Security. For more information, see Integrate with AWS Control Tower.
Jul. 07 Information By default, the "My User Summary" widget on the Dashboard only displays information about sign-ins that have occurred within the last 24 hours.


Date Type Release notes
Jun. 30 Information New static IP addresses have been added for the Workload Security GUI and fast heartbeat. See Port numbers, URLs, and IP addresses for more details.

If you have a firewall or AWS security group that restricts which IP addresses are allowed outbound from your network, you must add the new IP addresses.

Jun. 25 Resolved issue Due to a timing issue with Workload Security, agents occasionally failed to download software components from the relays if multiple components were available at the same time.
Jun. 15 Information The "Whois" feature (Administrator > System Setting > Advanced), will be removed before the end of June. The removal includes "Whois Source IP" and "Whois Destination IP" on the Events page and the "Whois" query for Reports.
Jun. 15 Resolved issue Azure accounts could not be added in Azure Government regions because the login endpoint was changed. This only applies to Azure Marketplace deployments.
Jun. 12 Enhancement Empty AWS groups can now be hidden in all areas of the console that display a list of computer groups. Previously, this was only available on the Computers page.
Jun. 05 Enhancement Extended the scope of the If a computer already exists setting on Administration > System Settings > Agents to apply to existing unactivated computers. Previously, it only applied to existing activated computers.
Jun. 05 Resolved issue An error occurred when properties were changed on the Log Inspection rule "1002729 - Default Rules Configuration" in Policy > Common Objects > Log Inspection Rules.
Jun. 03 Resolved issue A Forensic Computer Report could not be generated if an Integrity Monitoring rule was applied.
Jun. 01 New feature The smart folders auto-creation capability has been extended to allow you to create sub-folders automatically based on GCP Labels. You might use this feature to create different management folders automatically for different cost centers, deployment environments, security requirements, and so on.
Jun. 01 Information We're continuing to update our UI to reflect the transition from Deep Security as a Service to Trend Micro Cloud One - Workload Security. For more information please see Transitioning from Deep Security as a Service


Date Type Release notes
May 28 Enhancement Updated the Events & Reports > Scheduled Reports page so that you're unable to create a report that might result in a failure. An alert appears that specifies the settings you must set before creating the scheduled report.
May 25 Enhancement Increased the timeout used when synchronizing AWS Workspace directories in an AWS account, to reduce failures for large directories.
May 21 Resolved issues When you did an advanced search on the Computers page for Status Light > Equals > Managed [Green], then selected Export to CSV, the CSV file did not contain the listed computers.
May 15 Enhancement

Re-ordered the protection modules into the following categories:

Malware Prevention:

  • Anti-Malware
  • Web Reputation

System Security:

  • Application Control
  • Integrity Monitoring
  • Log Inspection

Network Security:

  • Firewall
  • Intrusion Prevention
May 15 Information For new accounts, we will no longer automatically be adding instances with the demo application. The Deep Security demo application can still be deployed easily and accessed through the demo app project on GitHub. See Try the Deep Security demo for more information.
May 12 New feature Smart Folders can be configured to use GCP Labels and Network Tags, which you can use to organize and find computers in your cloud environment.
May 12 Resolved issues If you deleted a Workload Security account that was previously subscribed to AWS Metered Billing, you could not create a new Workload Security account subscribed to the same AWS account.
May 12 Resolved issues When an agent activated with no AWS metadata but then provided it on a later heartbeat, the cloud provider was not updated which caused the computer to never be rehomed properly.
May 12 Resolved issues Anti-Malware events that were marked as "Pass" were not properly counted on the dashboard or under Anti-Malware events.
May 12 Resolved issues When the Alert on any Computer action was selected for Intrusion Prevention, Firewall, Integrity Monitoring or Log Inspection rules, the computers were not automatically updated with the new policy.


Date Type Release notes
Apr. 20 New feature Added the CentOS platform as an option to select on Updates > Software > Agent Version Control. This means when you deploy an agent using the deployment scripts, you can specify that only CentOS agents should be deployed.
Apr. 20 Resolved issues When you clicked the + button on the Dashboard, you couldn't type a new entry in the New Dashboard Name field.
Apr. 15 New feature You can now subscribe to an RSS feed on the English and Japanese Help Center Software pages to get notified right away when there is a new software release.
Apr. 14 Enhancement Added a GCP Network Tag column to the Computers tab.
Apr. 09 Enhancement Added a page to the Trend Micro Cloud One documentation on Google Cloud Platform (GCP) auto-scaling using managed instance groups (MIGs). See GCP auto scaling and Workload Security.
Apr. 02 Resolved issues An issue with timing occurred when an AWS Workspace was deployed from an image. This potentially created a duplicate standalone computer that never moved into an AWS account.
Apr. 02 Resolved issues Sometimes GCP accounts did not sync correctly.
Apr. 01 Resolved issues The Scan for Integrity and Rebuild Baseline buttons were disabled on Computers > Computer Details > Integrity Monitoring > General even after the corresponding operation was completed.


Date Type Release notes
Mar. 31 Information On May 1st, 2020, the sender address from Deep Security as a Service emails will be updated from <> to <> to reflect the coming transition to Trend Micro Cloud One - Workload Security. Customers using email routing rules should ensure their rules are updated to include this new email address.
Mar. 31 New feature Added the ability to do a simple search or advanced search for Cloud Instance Metadata on the Computers page. This allows you to easily find workloads with specific labels, network tags, and more.
Mar. 31 Enhancement Improved the description of Behavior Monitoring events by including the reason the event occurred.
Mar. 26 Resolved issue Some computers reported the following error: Send Policy Failed - An error occurred in the Workload Security Manager to Deep Security Agent/Appliance protocol: TimeoutException: Write timed out.
Mar. 24 Resolved issue The sign-up page did not render properly in Internet Explorer.
Mar. 24 Resolved issue When alerts were viewed in list view and the details for "Agent/Appliance Upgrade Recommended (New Version Available)" was selected, the hyperlink "View all out-of-date computers" did not work.
Mar. 24 Resolved issue Azure accounts did not sync correctly because of duplicate worker threads.
Mar. 17 Resolved issue When Intrusion Prevention rules were assigned or unassigned based on the scan recommendations, sometimes the policy editor's performance was poor and the recommendations were not applied.
Mar. 12 Enhancement Improved the capability of event-based tasks by adding support for GCP security automation.
Mar. 12 Enhancement Introduced "Cloud Vendor" as an event-based task condition in order to limit a task's scope to AWS or GCP.
Mar. 12 Resolved issue You could not reset your password because of an issue with the Google Recaptcha key.
Mar. 05 Enhancement In the past, if your credentials were entered incorrectly for AWS accounts in Workload Security, the agent failed to activate. This might have occurred because the credentials were entered incorrectly or because, over time, the credentials changed without a corresponding update in Workload Security. To help ensure protection remains in place in this situation, which in many cases is a simple configuration error, we will now create the computer outside of the account and allow the agent to activate.
Mar. 05 Enhancement When Anti-Malware actions fail, the results will be displayed in the Syslog result field.
Mar. 03 Enhancement Optimized the time it takes to discover and map new GCP instances for known Google Projects inside existing GCP accounts. When an agent-initiated activation occurs, the time it takes to complete the activation and for the GCP data to be available to Workload Security has been reduced to make the product more responsive.


Date Type Release notes
Feb. 27 Enhancement To better align with AWS best practices and improve AWS account security, we have made a change to the process of adding a new AWS account into Workload Security using cross-account roles. Previously when using a cross-account role for authentication, Workload Security required two pieces of information: a role ARN, and an external ID trusted by the role. This has now changed to a new process where Workload Security provides the external ID, and requires that the role provided has included this external ID in its IAM trust policy. This change provides stronger security in shared Workload Security environments, and ensures that strong external IDs are always used. For details on switching your external ID to a manager-generated one, see Update the external ID. For details on the new process of adding cross-account roles using manager-generated external ID, see Add an AWS account using a cross-account role.
Feb. 27 Information Action required for customers using cross-account roles with the API /rest/cloudaccounts/aws. For details, see
Feb. 25 Resolved issue Unacceptable delays occurred when events were sent to a syslog server and the option to send extended event descriptions was enabled.
Feb. 21 Enhancement Improved the heartbeat handling for AWS Workspace deployments when the workspace sync feature is not turned on for the matching AWS account.
Feb. 21 Enhancement Added GCP information such as Instance ID, Labels, Network tags, and more, to Computer Editor > Overview > General.
Feb. 21 Resolved issue Sometimes when you attempted to add a GCP account, you were not redirected to the results page.
Feb. 21 Resolved issue The advanced search on the Computers page did not work properly when the criteria included "Version field" and the value was "N/A".
Feb. 21 Resolved issue The Workload Security console sometimes failed to generate a summary report on Events & Reports > Single Report.
Feb. 21 Resolved issue When adding a relay, the wrong icon for GCP computer groups appeared in the navigation pane on the left.
Feb. 11 Resolved issue When the "Untagged" filter was selected on the dashboard, some widgets continued to display tagged items.
Feb. 06 New feature

If you are using metered billing and looking for a way to break out costs by individual cloud accounts, we have made the Security Module Usage Report (Event & Reports > Generate Reports) available. This report contains a detailed breakout of consumption hours by cloud account. This data can be used to breakout the single Workload Security line item on your marketplace bill supporting chargeback to your teams.

Feb. 06 New feature

In a heartbeat, if the number of agent events is very high, they will be split under more than one "Events Retrieved" system event.

This feature is being gradually rolled out. For more information, see What does preview mean?

Feb. 06 Enhancement Added a progress bar to Administration > User Management > Roles > New > Computer Rights > Selected Computers to indicate the status of the computers list that's loading.
Feb. 06 Resolved issue GCP projects temporarily disappeared during syncs.


Date Type Release notes
Jan. 28 Resolved issue When Integrity Monitoring was enabled but Anti-Malware was turned off, a warning message would appear indicating "Security Update: Pattern Update on Agents/Appliance Failed".
Jan. 23 Enhancement Improved performance when image files are repeatedly downloaded to the browser.
Jan. 21 Resolved issue When adding new dashboards in the Workload Security console, if you clicked "+" on the Dashboard and then pressed Enter several times in quick succession, multiple dashboards were created and the first dashboard lost widgets.
Jan. 21 Resolved issue Some agents on the AWS platform did not report valid BIOS-UUID, which caused a NullPointerException.
Jan. 14 Enhancement Enhanced the Relay management experience by providing possible solutions for the "Empty Relay Group Assigned" alert in the alert's description and removing the relay count for tenants that are using the Primary Tenant Relay Group.
Jan. 14 Resolved issue Agent-initiated activation failed for hosts with the same Virtual UUID when the "Activate a new Computer with the same name" setting was was selected on Administration > System Settings > Agents > If a computer already exists .
Jan. 14 Resolved issue When you did a search on the Application Control ruleset page, block rules were not returned.
Jan. 07 Enhancement Added the "sproc" field to Syslog events, which displays the name of the event's source process. For more information, see Syslog message formats.
Jan. 07 Resolved issue If the agent was up-to-date, the Workload Security console did not generate an "Upgrade on Activation Skipped" event.
Jan. 07 Resolved issue The column names in the CSV output of the "Security Module Usage Report" were partially misaligned with the data columns.
Jan. 07 Resolved issue In the Malware Scan Configuration window (Computers or Policies Editor> Anti-Malware > General > Manual Scan > Edit > Advanced and select Scan Compressed File) the Maximum number of files to extract setting could not be set to 0, meaning unlimited.

2019 release notes

In 2019, Workload Security was referred to as Deep Security as a Service.


Date Type Release notes
Dec. 19 Enhancement Added the "sproc" field to Syslog events, which displays the name of the event's source process.
Dec. 17 Enhancement Added a Scheduled maintenance page that allows us to better communicate upcoming scheduled maintenance. Subscribe to the RSS feed above to ensure that you are not caught off guard by any upcoming maintenance by our team.
Dec. 17 Enhancement Any new attempt to add the same AWS integration (also known as "AWS connectors") to more than one Deep Security as a Service account using the same Cross-Account role will now be blocked. If you would like to add the same AWS integration to more than one Deep Security as a Service account you must use different Cross-Account roles or IAM keys in each case.
Dec. 17 Resolved issue The Save to File and Copy to Clipboard buttons were missing from Support > Deployment Scripts when Safari was used as the browser.
Dec. 17 Resolved issue If you added an AWS account to Deep Security Manager through Computers > Add Account, the computers sometimes failed to synchronize.
Dec. 10 Resolved issue In the Malware Scan Configurations window, the content of the Advanced tab was displayed in the General tab.
Dec. 10 Resolved issue Deep Security Manager had issues loading the computers trees on some pages when there were a lot of computers and folders.

November 2019

Date Type Release notes
Nov. 26 Enhancement Added the Validate the signature on the agent installer checkbox on Support > Deployment Scripts. For more information, see Check digital signatures on software packages.
Nov. 21 Enhancement Renamed the Service Token setting to Data Source GUID on Administration > System Settings > Managed Detection and Response.
Nov. 21 Enhancement Reduced the maximum number of computers displayed on the Computers page from 2000 to 500 to improve performance.
Nov. 21 Resolved issue When sorting the Alert Configuration window (Alerts > Configure Alerts) by the "ON" column, the number of alerts was sometimes incorrect.
Nov. 19 Resolved issue When a custom anti-evasion posture was selected in a parent policy (in the policy editor, go to Settings > Advanced > Network Engine Settings > Anti-Evasion Posture then select Custom), that setting did not appear in the child policies.
Nov. 14 New feature Deep Security Manager now has the option (Administration > System Settings > Agents > Automatically upgrade Linux/Windows agents on activation) to automatically upgrade the Deep Security Agent on Linux and Windows computers to the version specified in Administration > System Settings > Updates > Software > Agent Version Control when the agent is activated or reactivated.
Nov. 14 Enhancement If you add an AWS account to Deep Security Manager through Computers > Add Account, and then in AWS you launch a new AWS WorkSpace instance with an agent that has agent-initiated activation (AIA) enabled, the AWS Workspace is now added to the manager under the AWS account on activation. Previously, the Workspace was added under the root 'Computers' tree.
Nov. 14 Resolved issue Active Directory synchronization sometimes would not finish.
Nov. 12 Enhancement

Aggregated identical agent events in a single heartbeat under a single event.

This feature is being gradually rolled out.
Nov. 12 Enhancement Improved the "License Changed" event description by specifying if the plan ID is for Azure Marketplace billing.
Nov. 12 Resolved issue When Deep Security Manager was deployed in an environment with a large number of hosts and protection rules, the manager would sometimes load data for all hosts, even if the user only requested data from some of the hosts.
Nov. 7 Enhancement You can subscribe to the RSS feed for this page to get notifications when Deep Security as a Service is updated.
Nov. 5 Enhancement Improved the agent package import experience by making the warning message clearer.
Nov. 5 Enhancement Added the "TrendMicroDsPacketData" field to Firewall events that are syslog forwarded via the Deep Security Manager.
Nov. 5 Resolved issue If you added an amperstand symbol as the Folder Display Name for Smart Folders, the preview window crashed.

October 2019

Date Type Release notes
Oct. 31 Enhancement

Scheduled tasks have been enhanced:

  • On the last screen of the New Scheduled Task Wizard, 'Task enabled' has been renamed to 'Enable task'.
  • The 'Synchronize cloud account' task now indicates that it only supports vCloud and Azure accounts.
  • The Scheduled Tasks page now includes details for any 'Scan Computers for Malware' or 'Scan Computers for Integrity Changes' tasks that you have configured.
Oct. 31 Enhancement Deep Security Manager now includes a search bar under Administration > Updates > Software > Local.
Oct. 31 Enhancement You can now hide all empty AWS regions, VPCs, subnets, and directories on the Computers page to reduce clutter and increase page loading speed. To hide or display empty items on the Computers page, right-click an item in the tree structure and select the option you want to apply.
Oct. 31 Enhancement The Computers page now includes an Agent GUID column so you can search computers by Agent GUID.
Oct. 31 Enhancement In rare cases, the AWS Marketplace appliance fails to upgrade due to an error in an upgrade task responsible for removing any existing duplicate AWS connector groups. The upgrade task has been enhanced to make it more robust and decrease the possibility of failure.
Oct. 31 Resolved issue When certain Smart Folder search criteria were used, it threw the error: IllegalStateException.
Oct. 24 Enhancement Added the "Kernel Unsupported" system event to indicate if your computer has been upgraded to an unsupported kernel.
Oct. 24 Enhancement Added a reason ID for the "Manual Malware Scan Cancellation complete" system event. The reason ID is displayed in REST API calls, SNS information and SIEM information.
Oct. 24 Enhancement Renamed the scheduled task "AWS Billing Usage Task" to "Metered Billing Usage Task" because the task now applies to both AWS and Azure billing.
Oct. 8 New feature

Agent version control gives you and your security operations team control over the specific versions of the Deep Security Agent that can be used by features like deployment scripts and upgrade on activation. This provides increased control over the Deep Security Agent used in your environment. For more information, see Configure agent version control.

September 2019

Date Type Release notes
Sep. 26 Enhancement Added more information to the Malware Scan Cancellation system events about why the cancellation occurred. For more information, see System events.
Sep. 26 Resolved issue An incorrect log source identifier was sometimes sent for syslog events. 
Sep. 26 Resolved issue The events exported via AWS SNS did not contain the HostOwnerID, which corresponds to the AWS Account ID.  
Sep. 26 Resolved issue The system event "7024: Application Control Software Changes Detected" sometimes occurred when Application Control was not enabled. 
Sep. 24 Enhancement Added a new column to the system events table for storing the reason ID for scan failures. The reason ID will be displayed in REST API calls, SNS information and SIEM information.
Sep. 24 Enhancement Included the reason why an Anti-Malware scan exception failed in the system event.
Sep. 24 Enhancement Enhanced Deep Security Manager so it prevents you from importing duplicate Trusted Certificates.
Sep. 24 Resolved issue In the computer or policy editor in Deep Security Manager, under Anti-Malware > General > Real-Time Scan > Schedule > Edit, the Assigned To tab was sometimes empty, even when the schedule was assigned correctly to computers and policies.
Sep. 19 Enhancement Added a "Host GUID" column to the Computers page so you can search computers by the Host GUID.
Sep. 19 Resolved issue When an event-based task was created, two system events were generated.
Sep. 17 Enhancement Added AWS tags information to the "Computer Created" and "Computer Updated" system events.
Sep. 10 Enhancement When configuring auto-tagging for Application Control, the type of file hash in consideration (SHA-256) is now specified.
Sep. 10 Resolved issue Forwarding events "via Deep Security Manager" with SIEM event forwarding would not work if the Deep Security Manager hostname was not obtained through DNS resolution.
Sep. 3 Resolved issue Deep Security Manager did not prevent the creation of incompatible Intrusion Prevention configurations.

August 2019

Date Type Release notes
Aug. 29 Issue When an invalid or unresolvable SNMP server name was configured in Administration > System Settings > Event Forwarding > SNMP, it caused SIEM & SNS to also fail.
Aug. 27 New feature Extended support to Google Cloud Platform (GCP). We now provide the option to add a GCP account and managed GCP instances. Note that this feature is being released gradually and may not be available in your environment yet.
Aug. 27 Enhancement Added the Azure Metered Billing Report for Azure Marketplace Pay as you Go billing. You can generate the report in Events & Reports > Generate Reports > Single Reports.
Aug. 27 Resolved issue Inline synchronization for Amazon WorkSpaces sometimes did not work because Deep Security Manager used the availability zone as the region name.
Aug. 27 Resolved issue System events were not working properly for Azure Billing tenant account changes.
Aug. 27 Resolved issue

Using a local key secret containing the "$" symbol stopped the upgrade or fresh install of Deep Security Manager.

Aug. 27 Resolved issue Resetting Integrity Monitoring overrides showed the overrides as reset in Deep Security Manager but retained the overridden configuration in the policy.
Aug. 22 Resolved issue Security events were not able to be sent to Managed Detection and Response.
Aug. 20 Enhancement Deep Security as a Service accounts using Azure Metered Billing are now moved to Freemium when canceling their subscriptions.
Aug. 20 Enhancement When a computer is rebooted because of a reboot required alert, the Deep Security Manager system event and alert will have a corresponding "Alert Ended" event instead of "Error Dismissed" events.
Aug. 20 Resolved issue Reconnaissance alerts could not be disabled because the option was not available.
Aug. 20 Resolved issue Deep Security Manager showed many “Internal Software Error” system events when "Events Retrieved" and "Agent/Appliance Error" were not recorded in Administration > System Settings > System Events
Aug. 15 Enhancement Added a link to Your Account > Account Details > Upgrade to Paid for free trial users that redirects to the Deep Security as a Service offer on Azure Marketplace for Pay as You Go billing.
Aug. 15 Enhancement Added Bahrain as a new region in AWS.
Aug. 15 Resolved issue In Deep Security Manager, under Policies > Intrusion Prevention Rules > Application Types > (select DNS client) > Properties > General, the Port setting would change to "Any" after any updates to the port list.
Aug. 15 Resolved issue In Malware Scan Configurations, when the scan type was Manual/Scheduled, the "Spyware/Grayware Scan Enabled" column always displayed "N/A".
Aug. 15 Resolved issue When scheduling a monthly scheduled task, the "Next Run" time was a day later than expected.
Aug. 15 Resolved issue Scheduled task scans could be initiated by a user for computer groups that they do not have access to in their roles, which caused an error to occur.
Aug. 15 Resolved issue Deep Security Agent sometimes went offline when duplicate virtual UUIDs were stored in the database.
Aug. 08 New feature Added Managed Detection and Response to Deep Security as a Service. You can configure this feature on Administration > System Settings > Managed Detection and Response.
Aug. 08 Resolved issue Selecting "Security updates only" as the update content for a relay group on Administration > Updates > Relay Management > Relay Group Properties did not work as expected.
Aug. 06 Enhancement Updated AWS account addition error messages to be more specific and include Help Center link.
Aug. 06 Resolved issue The latest kernel update for some Linux operating systems, including Red Hat Enterprise Linux 7 and Amazon Linux, made a change that caused failures during agent-initiated communication heartbeats
Aug. 01 Resolved issue The "Recommended for Unassignment" filter on the Intrusion Prevention Rules page sometimes did not correctly filter rules.
Aug. 01 Resolved issue

Deep Security as a Service stopped displaying the alert "Agent/Appliance Upgrade Recommended (New Version Available)", even though the agent had not been upgraded.

July 2019

Date Type Release notes
Jul. 30 Enhancement Enhanced the "Malware Scan Failure" event description to indicate the possible reason for failure.
Jul. 30 Enhancement Added support for migration from the legacy Azure Marketplace offer to the new Azure Marketplace Consumption offer.
Jul. 30 Resolved issue In the Computer report, changed wording from "Latest Scan" to "Latest Port Scan".
Jul. 25 Enhancement Deep Security as a Service displays a warning banner when a relay is older than version 12.0.
Jul. 25 Resolved issue The Actions page would fail to load for some browsers in certain timezones.
Jul. 23 Resolved issue Deleting quarantined files from Deep Security as a Service resulted in a failure event.
Jul. 16 New feature Added Azure Marketplace Metered Billing to Deep Security as a Service.
Jul. 16 Resolved issue Deep Security Manager was slow showing the details of a system event.
Jul. 16 Resolved issue A NullPointerException resulted in an agent communication failure.
Jul. 11 Resolved issue Application Control events did not include a "Size" column
Jul. 11 Resolved issue The Alert Status widget sometimes showed the wrong total numbers.
Jul. 11 Resolved issue When the Computers page was grouped by status, it sometimes didn't display the correct total number of computers for each group.
Jul. 09 Enhancement Refined the malware scan cancellation event description to indicate that it may be caused by the computer rebooting or shutting down.
Jul. 09 Enhancement Updated Deep Security Manager so it allows a security update to proceed when the Deep Security Agent software upgrade has been scheduled for a later time. This ensures Deep Security Agents always have the latest security rules and patterns.
Jul. 09 Resolved issue New groups added to an AWS connector were not inheriting the existing permissions assigned to that connector.
Jul. 09 Resolved issue Two tagging-related counters under the Additional Information section on Administration > System Information were not being incremented.
Jul. 09 Resolved issue Viewing a run once scheduled task where the next run time was N/A would result in an Internal Server Error.

June 2019

Date Type Release notes
Jun. 25 Enhancement Event Based Tasks property description now updates immediately in properties the window.
Jun. 25 Resolved issue On the Deep Security Manager dashboard, the Software Updates widget always displayed results for all computers, even when the dashboard was filtered to display a subset of computers.
Jun. 25 Resolved issue The scheduled scan "Scan Computers for Integrity Changes" failed when the target host was set to "Group".
Jun. 25 Resolved issue When the Deep Security Manager refreshed, the information provided by "Last IP Used" and "Last communication time" on the Computers details page disappeared.
Jun. 25 Resolved issue Non-activated computers under an Azure account had the incorrect platform name.
Jun. 20 Resolved issue When a policy was assigned to a large number of computers, it sometimes took a long time to load the "Intrusion Prevention" tab in the policy editor.
Jun. 13 Enhancement Improved the description of the Malware scan failure event by adding more details.
Jun. 13 Enhancement Added three new statuses in the Azure registration status list.
Jun. 13 Resolved issue Deep Security Manager referred to Amazon Simple Notification Service instead of AWS Simple Notification Service.
Jun. 13 Resolved issue On the day that Daylight Saving Time occurs, a weekly scheduled task was possibly triggered twice in Deep Security Manager.
Jun. 06 Enhancement Updated Deep Security Manager to clean up homeless EC2 hosts if they fail at rehoming and are not able to talk to Deep Security Manager for three days.
Jun. 06 Resolved issue Failures were caused by the AWS connector synchronizations running longer than one hour and using cross account role authentication.
Jun. 06 Resolved issue SUSE Enterprise Server 15 was displayed as SUSE Enterprise Server when computers were added by AWS connector.
Jun. 06 Resolved issue Users with select computer permissions could not create certain scheduled tasks.
Jun. 06 Resolved issue The Solaris Deep Security Agent deployment script did not support Solaris 10 Update 4 and Solaris 11.4.

May 2019

Date Type Release notes
May 30 Enhancement Failures occurred during AWS connector synchronizations that ran longer than 15 minutes and used cross-account role authentication.
May 30 Resolved issue Several issues occurred for the Auto-Tag Rules page of any protection module on Events & Reports > Events, depending on how the columns were sorted.
May 30 Resolved issue System events took too long to appear on Deep Security Manager.
May 30 Resolved issue Unnecessary scheduled task information was sent to agents.
May 16 Enhancement Added the FileSize attribute to the Application Control event description sent to SNS.
May 16 Enhancement Improved Amazon WorkSpaces state mapping.
May 16 Resolved issue Viewing certain alerts resulted in an "Internal Server Error" page.
May 16 Resolved issue The Deep Security Manager contains links for more information about the Trend Micro Smart Protection Network. Those links pointed to an outdated URL.
May 09 Enhancement Added the Azure and AWS Cloud IDs for each host to the Security Module Usage Report.
May 09 Enhancement Enabled the "Product Usage Data Collection" setting by default. This can be disabled on Administration > System Settings > Advanced of the Deep Security Manager
May 09 Enhancement Renamed "Recurring Reports" (located under Events & Reports > Generate Reports) to "Scheduled Reports" to make its purpose clearer.
May 09 Resolved issue Intrusion Prevention events with no rule ID incorrectly showed the default severity as an empty string instead of "N/A".
May 09 Resolved issue When generating multiple reports simultaneously, the report data was sometimes incorrect.
May 09 Resolved issue When a Deep Security tenant name contained double-byte characters, the TrendMicroDSTenant syslog field would contain the tenant ID instead of the tenant name
May 09 Resolved issue The error message for an incorrect application password in Azure connector was imprecise.
May 09 Resolved issue Some Azure Virtual Machine types were categorized incorrectly which caused the billing of Azure Virtual Machines through Deep Security as a Service to be inaccurate.

April 2019

Date Type Release notes
Apr. 18 Enhancement When creating a smart folder, you can now select "Version" as the filter criteria to filter computers based on their Agent version.
Apr. 18 Enhancement Scheduled Tasks to "Check for Security Updates" now have an optional timeout field, which is used to select the window of time after the scheduled start time in which security updates may be started.
Apr. 11 Enhancement Enhanced the AWS connector to improve robustness and availability when used with highly dynamic, large scale environments.
Apr. 11 Resolved issue False alerts regarding the license expiration were occasionally raised.
Apr. 11 Resolved issue The total number displayed on the Recurring Reports page was incorrect.
Apr. 11 Resolved issue The event-based task that assigned a policy to AWS Workspaces did not function when "Cloud Account Name" was used as a condition.
Apr. 04 Enhancement When creating a smart folder, you can now select "Task(s)" as the filter criteria, which filters for values displayed in the "Task(s)" column on the Computers page. For example, you could create a smart folder that lists all computers that contain "Scheduled Malware Scan Pending (Offline)" as the task. Additionally, if you are using the Deep Security API to search for computers, you can now search on the value of the tasks/agentTasks and tasks/applianceTasks fields.
Apr. 04 Enhancement Removed the wizard that allowed a precheck for computers that required a reboot and generated a list of results in CSV format.

March 2019

Date Type Release notes
Mar. 21 Enhancement Added platform version information in the Software page to distinguish between SuSE 11 and SuSE 12.
Mar. 21 Resolved issue Alerts associated with hosts did not show the host information in the Target field of the Alerts page. Additionally, an Internal Server Error is displayed on the Alert detail page if the linked host was deleted.
Mar. 21 Resolved issue The Deep Security Manager showed "Internal server error" when browsing the hosts in the Computers page.
Mar. 21 Resolved issue When a policy was created based on a relay-enabled agent, the policy contained the relay state. All agents that were assigned with the policy automatically became relays.
Mar. 21 Resolved issue When scrolling through Events & Reports > Generate Reports > Single Report, the bottom section floated which obscured the controls behind it.
Mar. 21 Resolved issue Amazon SNS settings were not saved when reverting to the basic SNS configuration from the JSON SNS configuration.
Mar. 14 Enhancement Removed Azure 'Quick' mode. Previously, the Add Azure Account wizard in Deep Security as a Service included the ability to select a Quick mode and an Advanced mode. In this release, Quick mode has been removed because it required giving excessive permissions to Deep Security as a Service. If you used Quick mode in prior releases, there is no impact to your deployment.
Mar. 14 Enhancement Updated event based tasks so that patterns that match negative regular expressions yield more accurate matches.
Mar. 14 Resolved issue The generated Windows deployment script had a syntax error when a proxy server was selected to contact Deep Security Manager.
Mar. 14 Resolved issue The total number displayed on the Recurring Reports page was incorrect.
Mar. 14 Resolved issue On the Deep Security Manager Dashboard, the Software Updates widget always displayed all computers and could not be filtered.
Mar. 14 Resolved issue System events in the Computer details page did not load properly.
Mar. 14 Resolved issue Parent group permissions were not inherited in sub-groups for the Azure Connector.
Mar. 07 Enhancement Updated the Deep Security Manager so it can distinguish whether or not a reboot is required after a Deep Security Agent upgrade. When the agent software requires an upgrade, you can view the number of computers that must be rebooted to complete the upgrade, and the number that do not. You can choose to proceed immediately with the respective upgrades, or schedule the upgrades for a more appropriate time. A list of computers and their precheck results can be saved in CSV format.
Mar. 07 Resolved issue If you have a large number of computer groups and policies and clicked Events & Reports > Generate Reports and then quickly switched to the "Recurring Reports" tab before the initial page was fully loaded, Deep Security Manager would display a spinner but the "Recurring Reports" tab was not populated unless the customer returned to the "Single Report" tab and allowed enough time for it to fully load. In this release, the Deep Security Manager console has been improved. Instead of presenting "Single Report" and "Recurring Reports" as tabs on the "Generate Reports" page, they are now separate items under "Generate Reports" in the navigation pane, which allows you to access them independently. The solution also makes the initial response of the "Single Report" page visible to the user much earlier and loads the necessary content on demand, significantly reducing latency.
Mar. 07 Resolved issue Deployment of the Deep Security Agent on Amazon Linux 2 WorkSpaces sometimes failed.
Mar. 07 Resolved issue The "Deep Security Protection Module Failure" error was not automatically dismissed after a successful upgrade.

February 2019

Date Type Release notes
Feb. 14 Enhancement Changed the file format of the database export in the Deep Security Manager diagnostic package from XML to CSV. CSV files help to reduce memory and CPU demand when generating diagnostic packages and result in much smaller file sizes.
Feb. 14 Enhancement Added a system event for when a computer needs to be rebooted to complete the Deep Security Agent software upgrade.
Feb. 14 Enhancement Updated the "Task(s)" column on Computers to indicate if a computer requires a reboot to complete an agent upgrade.
Feb. 14 Resolved issue UNC paths could not be added to Anti-Malware > Advanced > Behavior Monitoring Protection Exceptions.
Feb. 07 Enhancement Added field trimming to some Log Inspection and Anti-Malware event fields.
Feb. 07 Enhancement Updated the system event for policy changes. Anti-Malware configurations in a system event will now show the correct state of each configuration.
Feb. 07 Resolved issue In Deep Security Manager, when you went to Events & Reports > Events > Anti-Malware Events > Identified Files and did an advanced search by Computer IP address, computers with the incorrect IP address were displayed.
Feb. 07 Resolved issue When an Integrity Monitoring event was forwarded to a syslog server, source user information was not included.
Feb. 07 Resolved issue When AWS connector synchronization occurred with a large amount of instances to be deleted, the deletion occasionally failed and resulted in some terminated instances remaining on Computers in the Deep Security Manager.

January 2019

Date Type Release notes
Jan. 31 Enhancement Added an error message to the "Generate an API Key for the Tenant" endpoint that displays if a tenant is not in an active state.
Jan. 31 Resolved issue System events reported an incorrect module status when changes to the inherited policies were made.
Jan. 24 Resolved issue Performing an advanced search on an empty string value would not return all results when using an Oracle database.
Jan. 24 Resolved issue AWS classic instances were being added to the root group instead of the connector.