What's new in Workload Security?

Subscribe via RSS

Workload Security is automatically updated with new features, enhancements and fixes. For new features, enhancements and fixes related to Deep Security Agent, go to the Deep Security Software page, select your agent version and platform, click the green plus sign and click Release Notes.

If you'd like to know what has been updated in the API, see the API changelog.

If you'd like to review release notes from previous years, see Archived Workload Security release notes.

The Deep Security as a Service release notes have been moved to this page.


Date Type Release notes
Oct. 23 Resolved issue The settings on Policies > Settings > Advanced could not be changed because the Inherited option could not be deselected.
Oct. 14 Information Starting October 14th, 2020, customers subscribed to the Trend Micro Cloud One listing on AWS Marketplace will see usage displayed and metered in "units" instead of "host / hour". There is no change in price to your services and no change to how your usage is calculated and charged.

Usage prior to this change will still appear as "host / hour" so you may see a combination of "host / hour" and "units" in this month's line items.

Oct. 14 Scheduled maintenance System maintenance for Workload Security is scheduled for Saturday October 24th, 2020 between 11:00 and 19:00 GMT. For details, see Trend Micro Cloud One Maintenance.
Oct. 13 Resolved issue There were detection issues with real-time Anti-Malware scans.


Date Type Release notes
Sep. 30 Enhancement Enhanced the description of the "Activation Failed" event to specify why the event occurred.
Sep. 29 New Feature Updated the alert email for Workload Security to point to the Workload Security documentation site.
Sep. 25 New feature The "UniqueID" field has been added to all events that are forwarded to Amazon SNS. The "UniqueID" field will replace the "EventID" field, which is now deprecated.
Sep. 25 Enhancement Workload Security help links, both for context sensitive links and search bar links, point to the Cloud One Docs site instead of the Deep Security Help Center.
Sep. 10 Resolved issue The "Ransomware Event History" widget on the console displayed incorrect information.
Sep. 09 Enhancement The pager numbers, phone numbers or mobile numbers listed on the User Properties window (click your email at the top and select User Properties) of Deep Security Manager can be configured to exceed more than 30 digits.
Sep. 09 Enhancement The an incorrect number of overrides were displayed on Computer/Policy Editor > Overrides.


Date Type Release notes
Aug. 24 Enhancement Improved the "Scheduled report sending failed" error message by adding a more thorough description. For more information, see Troubleshoot: Scheduled report sending failed.
Aug. 24 Enhancement Updated the New Malware Scan Configuration Properties (Policies > Common Objects > Malware Scans > New) default settings to match the default settings for the Default Malware Scan Configuration Properties.
Aug. 24 Resolved issue In the Workload Security console, Deep Security Agent occasionally appeared to have an error despite the error already being resolved.
Aug. 24 Resolved issue The Workload Security console sometimes showed the incorrect Log Inspection status.
Aug. 10 New feature The Agent Version Report has been created in order for you to view a summary of how many agents are using a specific agent version, the percentage of total agents each version is using, and an overview of how many agents are online and how many are offline, all of which are broken down based on the Deep Security Agent's platform (OS). To generate the report, go to Events & Reports > Generate Reports > Single Report > New > Agent Version Report.
Aug. 06 Enhancement Updated the "My User Summary" widget on the console and the "User and Contact Report" (Events & Reports > Generate Reports > Single Report) to reflect the logins that have occurred in the last 30 days.
Aug. 05 Resolved issue The Workload Security session cookie is no longer passed from AWS to Workload Security when you sign up, which meant that if you were already signed in to Workload Security, you were unable to upgrade to a paid account through the AWS Marketplace. If you have already signed in to Workload Security, you're once again able to upgrade your account from "Free-Trial" to "Paid through AWS Marketplace".


Date Type Release notes
Jul. 31 Information The Deep Security 20 Long-Term Support Agent has been released for use with Workload Security. For a list of new features, see What's new in Deep Security Agent?.

The new Deep Security 20 Agent has been released to the download center and will be available in all Workload Security accounts by August 4th.

Jul. 29 Resolved issue The "AWS Contract License Exceeded" alert sometimes occurred even though the number of protected computers did not exceed the limit.
Jul. 24 Enhancement Reduced the time it takes to validate GCP service accounts when you change your GCP Account Properties configuration. Previously, this took a long time when there were a large number of auto-generated GCP projects.
Jul. 22 Resolved issue The Computer Status widget on the console did not display the correct number of managed computers.
Jul. 16 Enhancement Added file hash values to Anti-Malware events that have been exported to CSV (Events & Reports > Anti-Malware Events > Export > Export to CSV).
Jul. 07 New feature Integrate Workload Security with AWS Control Tower to ensure that every account added through Control Tower Account Factory is automatically provisioned in Workload Security. For more information, see Integrate with AWS Control Tower.
Jul. 07 Information By default, the "My User Summary" widget on the Dashboard only displays information about sign-ins that have occurred within the last 24 hours.


Date Type Release notes
Jun. 30 Information New static IP addresses have been added for the Workload Security GUI and fast heartbeat. See Port numbers, URLs, and IP addresses for more details.

If you have a firewall or AWS security group that restricts which IP addresses are allowed outbound from your network, you must add the new IP addresses.

Jun. 25 Resolved issue Due to a timing issue with Workload Security, Deep Security Agents occasionally failed to download software components from the relays if multiple components were available at the same time.
Jun. 15 Information The "Whois" feature (Administrator > System Setting > Advanced), will be removed before the end of June. The removal includes "Whois Source IP" and "Whois Destination IP" on the Events page and the "Whois" query for Reports.
Jun. 15 Resolved issue Azure accounts could not be added in Azure Government regions because the login endpoint was changed. This only applies to Azure Marketplace deployments.
Jun. 12 Enhancement Empty AWS groups can now be hidden in all areas of the console that display a list of computer groups. Previously, this was only available on the Computers page.
Jun. 05 Enhancement Extended the scope of the If a computer with the same name already exists setting on Administration > System Settings > Agents to apply to existing unactivated computers. Previously, it only applied to existing activated computers.
Jun. 05 Resolved issue An error occurred when properties were changed on the Log Inspection rule "1002729 - Default Rules Configuration" in Policy > Common Objects > Log Inspection Rules.
Jun. 03 Resolved issue A Forensic Computer Report could not be generated if an Integrity Monitoring rule was applied.
Jun. 01 New feature The smart folders auto-creation capability has been extended to allow you to create sub-folders automatically based on GCP Labels. You might use this feature to create different management folders automatically for different cost centers, deployment environments, security requirements, and so on.
Jun. 01 Information We're continuing to update our UI to reflect the transition from Deep Security as a Service to Trend Micro Cloud One - Workload Security. For more information please see https://cloudone.trendmicro.com/docs/about/


Date Type Release notes
May 28 Enhancement Updated the Events & Reports > Scheduled Reports page so that you're unable to create a report that might result in a failure. An alert appears that specifies the settings you must set before creating the scheduled report.
May 25 Enhancement Increased the timeout used when synchronizing AWS Workspace directories in an AWS account, to reduce failures for large directories.
May 21 Resolved issues When you did an advanced search on the Computers page for Status Light > Equals > Managed \[Green\], then selected Export to CSV, the CSV file did not contain the listed computers.
May 15 Enhancement

Re-ordered the protection modules into the following categories:

Malware Prevention:

  • Anti-Malware
  • Web Reputation

System Security:

  • Application Control
  • Integrity Monitoring
  • Log Inspection

Network Security:

  • Firewall
  • Intrusion Prevention
May 15 Information For new accounts, we will no longer automatically be adding instances with the demo application. The Deep Security demo application can still be deployed easily and accessed through the demo app project on GitHub. See Try the Deep Security demo for more information.
May 12 New feature Smart Folders can be configured to use GCP Labels and Network Tags, which you can use to organize and find computers in your cloud environment.
May 12 Resolved issues If you deleted a Workload Security account that was previously subscribed to AWS Metered Billing, you could not create a new Workload Security account subscribed to the same AWS account.
May 12 Resolved issues When an agent activated with no AWS metadata but then provided it on a later heartbeat, the cloud provider was not updated which caused the computer to never be rehomed properly.
May 12 Resolved issues Anti-Malware events that were marked as "Pass" were not properly counted on the dashboard or under Anti-Malware events.
May 12 Resolved issues When the Alert on any Computer action was selected for Intrusion Prevention, Firewall, Integrity Monitoring or Log Inspection rules, the computers were not automatically updated with the new policy.


Date Type Release notes
Apr. 20 New feature Added the CentOS platform as an option to select on Updates > Software > Agent Version Control. This means when you deploy an agent using the deployment scripts, you can specify that only CentOS agents should be deployed.
Apr. 20 Resolved issues When you clicked the + button on the Dashboard, you couldn't type a new entry in the New Dashboard Name field.
Apr. 15 New feature You can now subscribe to an RSS feed on the English and Japanese Help Center Software pages to get notified right away when there is a new software release.
Apr. 14 Enhancement Added a GCP Network Tag column to the Computers tab.
Apr. 09 Enhancement Added a page to the Trend Micro Cloud One documentation on Google Cloud Platform (GCP) auto-scaling using managed instance groups (MIGs). See GCP auto scaling and Workload Security.
Apr. 02 Resolved issues An issue with timing occurred when an AWS Workspace was deployed from an image. This potentially created a duplicate standalone computer that never moved into an AWS account.
Apr. 02 Resolved issues Sometimes GCP accounts did not sync correctly.
Apr. 01 Resolved issues The Scan for Integrity and Rebuild Baseline buttons were disabled on Computers > Computer Details > Integrity Monitoring > General even after the corresponding operation was completed.


Date Type Release notes
Mar. 31 Information On May 1st, 2020, the sender address from Deep Security as a Service emails will be updated from <deepsecurityasaservice@trendmicro.com> to <no-reply-cloudone@trendmicro.com> to reflect the coming transition to Cloud One - Workload Security. Customers using email routing rules should ensure their rules are updated to include this new email address.
Mar. 31 New feature Added the ability to do a simple search or advanced search for Cloud Instance Metadata on the Computers page. This allows you to easily find workloads with specific labels, network tags, and more.
Mar. 31 Enhancement Improved the description of Behavior Monitoring events by including the reason the event occurred.
Mar. 26 Resolved issue Some computers reported the following error: Send Policy Failed - An error occurred in the Workload Security Manager to Deep Security Agent/Appliance protocol: TimeoutException: Write timed out.
Mar. 24 Resolved issue The sign-up page did not render properly in Internet Explorer.
Mar. 24 Resolved issue When alerts were viewed in list view and the details for "Agent/Appliance Upgrade Recommended (New Version Available)" was selected, the hyperlink "View all out-of-date computers" did not work.
Mar. 24 Resolved issue Azure accounts did not sync correctly because of duplicate worker threads.
Mar. 17 Resolved issue When Intrusion Prevention rules were assigned or unassigned based on the scan recommendations, sometimes the policy editor's performance was poor and the recommendations were not applied.
Mar. 12 Enhancement Improved the capability of event-based tasks by adding support for GCP security automation.
Mar. 12 Enhancement Introduced "Cloud Vendor" as an event-based task condition in order to limit a task's scope to AWS or GCP.
Mar. 12 Resolved issue You could not reset your password because of an issue with the Google Recaptcha key.
Mar. 05 Enhancement In the past, if your credentials were entered incorrectly for AWS accounts in Workload Security, the agent failed to activate. This might have occurred because the credentials were entered incorrectly or because, over time, the credentials changed without a corresponding update on Workload Security. To help ensure protection remains in place in this situation, which in many cases is a simple configuration error, we will now create the computer outside of the account and allow the agent to activate.
Mar. 05 Enhancement When Anti-Malware actions fail, the results will be displayed in the Syslog result field.
Mar. 03 Enhancement Optimized the time it takes to discover and map new GCP instances for known Google Projects inside existing GCP accounts. When an agent-initiated activation occurs, the time it takes to complete the activation and for the GCP data to be available to Workload Security has been reduced to make the product more responsive.


Date Type Release notes
Feb. 27 Enhancement To better align with AWS best practices and improve AWS account security, we have made a change to the process of adding a new AWS account into Workload Security using cross-account roles. Previously when using a cross-account role for authentication, Workload Security required two pieces of information: a role ARN, and an external ID trusted by the role. This has now changed to a new process where Workload Security provides the external ID, and requires that the role provided has included this external ID in its IAM trust policy. This change provides stronger security in shared Workload Security environments, and ensures that strong external IDs are always used. For details on switching your external ID to a manager-generated one, see Update the external ID. For details on the new process of adding cross-account roles using manager-generated external ID, see Add an AWS account using a cross-account role.
Feb. 27 Information Action required for customers using cross-account roles with the API /rest/cloudaccounts/aws. For details, see https://success.trendmicro.com/solution/000241973.
Feb. 25 Resolved issue Unacceptable delays occurred when events were sent to a syslog server and the option to send extended event descriptions was enabled.
Feb. 21 Enhancement Improved the heartbeat handling for AWS Workspace deployments when the workspace sync feature is not turned on for the matching AWS account.
Feb. 21 Enhancement Added GCP information such as Instance ID, Labels, Network tags, and more, to Computer Editor > Overview > General.
Feb. 21 Resolved issue Sometimes when you attempted to add a GCP account, you were not redirected to the results page.
Feb. 21 Resolved issue The advanced search on the Computers page did not work properly when the criteria included "Version field" and the value was "N/A".
Feb. 21 Resolved issue The Workload Security console sometimes failed to generate a summary report on Events & Reports > Single Report.
Feb. 21 Resolved issue When adding a relay, the wrong icon for GCP computer groups appeared in the navigation pane on the left.
Feb. 11 Resolved issue When the "Untagged" filter was selected on the dashboard, some widgets continued to display tagged items.
Feb. 06 New feature

If you are using metered billing and looking for a way to break out costs by individual cloud accounts, we have made the Security Module Usage Report (Event & Reports > Generate Reports) available. This report contains a detailed breakout of consumption hours by cloud account. This data can be used to breakout the single Workload Security line item on your marketplace bill supporting chargeback to your teams.

Feb. 06 New feature

In a heartbeat, if the number of agent events is very high, they will be split under more than one "Events Retrieved" system event.

This feature is being gradually rolled out. For more information, see How are features released in Workload Security as a Service?

Feb. 06 Enhancement Added a progress bar to Administration > User Management > Roles > New > Computer Rights > Selected Computers to indicate the status of the computers list that's loading.
Feb. 06 Resolved issue GCP projects temporarily disappeared during syncs.


Date Type Release notes
Jan. 28 Resolved issue When Integrity Monitoring was enabled but Anti-Malware was turned off, a warning message would appear indicating "Security Update: Pattern Update on Agents/Appliance Failed".
Jan. 23 Enhancement Improved performance when image files are repeatedly downloaded to the browser.
Jan. 21 Resolved issue When adding new dashboards in the Workload Security console, if you clicked "+" on the Dashboard and then pressed Enter several times in quick succession, multiple dashboards were created and the first dashboard lost widgets.
Jan. 21 Resolved issue Some agents on the AWS platform did not report valid BIOS-UUID, which caused a NullPointerException.
Jan. 14 Enhancement Enhanced the Relay management experience by providing possible solutions for the "Empty Relay Group Assigned" alert in the alert's description and removing the relay count for tenants that are using the Primary Tenant Relay Group.
Jan. 14 Resolved issue Agent-initiated activation failed for hosts with the same Virtual UUID when the "Activate a new Computer with the same name" setting was was selected on Administration > System Settings > Agents > If a computer with the same name already exists .
Jan. 14 Resolved issue When you did a search on the Application Control ruleset page, block rules were not returned.
Jan. 07 Enhancement Added the "sproc" field to Syslog events, which displays the name of the event's source process. For more information, see Syslog message formats.
Jan. 07 Resolved issue If Deep Security Agent was up-to-date, the Workload Security console did not generate an "Upgrade on Activation Skipped" event.
Jan. 07 Resolved issue The column names in the CSV output of the "Security Module Usage Report" were partially misaligned with the data columns.
Jan. 07 Resolved issue In the Malware Scan Configuration window (Computers or Policies Editor> Anti-Malware > General > Manual Scan > Edit > Advanced and select Scan Compressed File) the Maximum number of files to extract setting could not be set to 0, meaning unlimited.