TrendAI Vision One

Unhealthy cluster notification for Container Security

Fri, 10 Sep 2021 00:00:00 GMT

September 10, 2025—Enabling this alert sends email or webhook notifications when your Container Security clusters become unhealthy. You can configure different clusters to send alerts to different recipients using cluster groups or tags, making it easier to manage a large number of clusters across different areas.

For more information, see Alerts.

Administration → Notifications

Service Gateway: Local ActiveUpdate Service Version 2.0.4

Sun, 01 Jan 2023 00:00:00 GMT

January 9, 2023—Service Gateway: Local ActiveUpdate Service Version 2.0.4 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update fixes a path issue for Japan region users.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.7

Sun, 01 Jan 2023 00:00:00 GMT

January 9, 2023—Service Gateway Firmware Version 2.0.7 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds support for AWS private links per customer request.
This update adds support for upgrading Azure Virtual Image appliances.
This update fixes some CLISH command issues.

Some features may not be available in all regions or on all Service Gateway appliances.

Forensics supports YARA, osquery, and Collect Evidence tasks on Linux endpoints

Wed, 11 Jan 2023 00:00:00 GMT

January 11, 2023—The Forensics app now allows you to run YARA, osquery, and Collect Evidence tasks on Linux endpoints, enabling you to better monitor and analyze both Windows and Linux endpoints in your environment.

For more information on these tasks, see Response actions.

Agentic SIEM and XDR → Forensics

Service Gateway: Forward Proxy Service Version 1.0.3

Wed, 01 Feb 2023 00:00:00 GMT

February 13, 2023—Service Gateway Forward Proxy Service Version 1.0.3 provides enhanced security and connectivity features.

This update includes the following changes:

This update adds support for using Service Platform certificates as API keys to access container services hosted on Service Gateway.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Syslog Connector (On-Premises) Version 1.0.4

Wed, 01 Feb 2023 00:00:00 GMT

February 21, 2023—Service Gateway Syslog Connector Version 1.0.4 includes enhancements, bug fixes, and security updates for the syslog connector (on-premises) service hosted on Service Gateway appliances.

This update includes the following changes:

This update fixes an issue that occurs when sending logs from Observed Attack Techniques to an on-premises SIEM server.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Syslog Connector (On-Premises) Version 1.0.3

Wed, 01 Feb 2023 00:00:00 GMT

February 21, 2023—Service Gateway Syslog Connector Version 1.0.3 provides enhanced logging and connectivity features.

This update includes the following changes:

Service Gateway: Suspicious Object Synchronization Service Version 1.0.1

Wed, 01 Feb 2023 00:00:00 GMT

February 13, 2023—Service Gateway Suspicious Object Synchronization Service Version 1.0.1 includes enhancements, bug fixes, and security updates for the suspicious object synchronization service hosted on Service Gateway appliances.

This update includes the following changes:

This update adds support for using Service Platform certificates as API keys to access container services hosted on Service Gateway.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.8

Wed, 01 Feb 2023 00:00:00 GMT

February 13, 2023—Service Gateway Firmware Version 2.0.8 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds support for using Service Platform certificates as API keys to access container services hosted on Service Gateway.
This update fixes routing issues.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Smart Protection Services Version 1.0.2

Wed, 01 Mar 2023 00:00:00 GMT

March 23, 2023—Service Gateway Smart Protection Services Version 1.0.2 provides enhanced security and threat detection capabilities.

This update includes the following changes:

This update adds support for TLS 1.3.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.9

Wed, 01 Mar 2023 00:00:00 GMT

March 8, 2023—Service Gateway Firmware Version 2.0.9 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds the function to check accessibility to TrendAI Vision One™ FQDNs when registering a new Service Gateway appliance.

Some features may not be available in all regions or on all Service Gateway appliances.

TrendAI Vision One is now TrendAI Vision One

Wed, 01 Mar 2023 00:00:00 GMT

To align with our company strategy and image, the following product names have been changed:

TrendAI™ Vision One™ is now TrendAI Vision One™™
TrendAI™ Cloud One™ is now Cloud One™

Service Gateway: Local ActiveUpdate Service Version 2.0.5

Wed, 01 Mar 2023 00:00:00 GMT

March 8, 2023—Service Gateway Local ActiveUpdate Service Version 2.0.5 provides enhanced update management and connectivity features.

This update includes the following changes:

This update enhances ActiveUpdate service compliance with third-party security tools.

Some features may not be available in all regions or on all Service Gateway appliances.

User-defined Automated Response Playbooks are available in the Security Playbooks app

Wed, 01 Mar 2023 00:00:00 GMT

Security Playbooks now enables you to create Automatic Response Playbooks from scratch with a flexible workflow, while still allowing you to create the playbooks from a fully customizable template.

In addition to "highly suspicious" and "suspicious" highlighted objects, you can use Automatic Response Playbooks to take response actions on other "unrated" highlighted objects in Workbench alerts.

Additionally, Security Playbooks provides one more response action "Submit URL to sandbox" to help you quickly respond to Workbench alerts.

Workflow and Automation → Security Playbooks

Service Gateway: Forward Proxy Service Version 1.0.4

Sat, 01 Apr 2023 00:00:00 GMT

April 4, 2023—Service Gateway: Forward Proxy Service Version 1.0.4 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update includes wording changes and enhancements for the Command Line Interface (CLI).

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Smart Protection Services Version 1.0.3

Sat, 01 Apr 2023 00:00:00 GMT

April 18, 2023—Service Gateway Smart Protection Services Version 1.0.3 provides enhanced security and threat detection capabilities.

This update includes the following changes:

This update adds the Smart Protection Services Proxy function to reduce FQDN requirements for the service.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Suspicious Object Synchronization Service Version 1.0.2

Sat, 01 Apr 2023 00:00:00 GMT

April 27, 2023—Service Gateway: Suspicious Object Synchronization Service Version 1.0.2 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Network Inspector version 1.0.1065

Sat, 01 Apr 2023 00:00:00 GMT

April 10, 2023—Virtual Network Sensor Version 1.0.65 provides enhanced network monitoring and threat detection capabilities.

This update includes the following changes:

Network Inspector OVA is available for download from Network Inventory in limited regions.
Network Inspector automatically connects and registers to TrendAI Vision One™ and provides telemetry data for Network Analytics.
Configurable Network Assets for Network Inspector accessible from Network Inventory.

Service Gateway Firmware Version 2.0.11

Sat, 01 Apr 2023 00:00:00 GMT

April 27, 2023—Service Gateway Firmware Version 2.0.11 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds the function to enable or disable open ports using CLISH commands to help enhance security of the appliance.
This update reduces unnecessary IoT communications between the Service Gateway appliance and TrendAI™ hosted services.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.10

Sat, 01 Apr 2023 00:00:00 GMT

April 4, 2023—Service Gateway Firmware Version 2.0.10 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds the function to clean up storage by deleting inactive service images.
This update adds host platform detection capabilities, allowing the Service Gateway appliance to determine feature availability.

Some features may not be available in all regions or on all Service Gateway appliances.

Enhancements to Automated Response Playbooks

Sat, 01 Apr 2023 00:00:00 GMT

You can now specify detection models when configuring trigger settings for Automated Response playbooks. The subsequent nodes in the playbook are only triggered for Workbench alerts related to the specified detection models.

Playbooks also adds support for additional webhook types in user-defined Automated Response playbooks.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Security Playbooks official release

Sat, 01 Apr 2023 00:00:00 GMT

Security Playbooks is now officially released and can be utilized alongside your Risk Insights and XDR entitlements as part of the TrendAI Vision One™ platform.

For details on what types of entitlements are required for each playbook type, see Security playbooks requirements.

Workflow and Automation → Security Playbooks

New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available

Sat, 01 Apr 2023 00:00:00 GMT

Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Bahrain in the AWS Middle East region.

For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Enhancement to Internet Access On-Premises Gateway

Sat, 01 Apr 2023 00:00:00 GMT

If your organization uses a third-party proxy server to access the internet, you can now configure the proxy server as the upstream proxy to connect your deployed Internet Access On-Premises Gateway to the internet.

For details on configuring upstream proxy for an Internet Access On-Premises Gateway, see Deploy an Internet Access On-Premises Gateway.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Report Management official release

Sat, 01 Apr 2023 00:00:00 GMT

Report Management is now officially released and can be utilized alongside your Risk Insights and XDR entitlements as part of the TrendAI Vision One™ platform.

For details on what types of entitlements are required for each report type, see Reports license requirements.

Dashboards and Reports → Reports

Risk Insights supports multiple Azure AD tenants

Sat, 01 Apr 2023 00:00:00 GMT

Customers with multiple Azure AD tenants can now have full visibility of accounts on all tenants and perform risk assessment on multiple Azure AD tenants in Risk Insights apps.

Cyber Risk Exposure Management

Risk Insights official release

Sat, 01 Apr 2023 00:00:00 GMT

All Risk Insights capabilities are now officially released and can be purchased alongside XDR as part of the TrendAI Vision One™ platform. Contact your sales representative to discuss your license transition period options.

For more details on the licensing and product experience for Risk Insights, see Credit requirements for TrendAI Vision One™ solutions.

Cyber Risk Exposure Management

Service Gateway: Forward Proxy Service Version 1.0.5

Thu, 27 Apr 2023 00:00:00 GMT

April 27, 2023—Service Gateway Forward Proxy Service Version 1.0.5 provides enhanced security and network connectivity features.

This update includes the following changes:

This update adds the CLISH command function to manually limit traffic allowed by the forward proxy service to only traffic with the destination of a TrendAI™ hosted service.
This update adds the function to customize the cloud proxy configuration using CLISH commands.

Some features may not be available in all regions or on all Service Gateway appliances.

Network Inspector version 1.0.1089

Mon, 01 May 2023 00:00:00 GMT

May 22, 2023—Virtual Network Sensor Version 1.0.89 provides enhanced network monitoring and threat detection capabilities.

This update includes the following changes:

This update adds support for response actions for endpoints, email, and IAM based on network detections.

Network Inspector version 1.0.1077

Mon, 01 May 2023 00:00:00 GMT

May 9, 2023—Virtual Network Sensor Version 1.0.77 provides enhanced network monitoring and threat detection capabilities.

This update includes the following changes:

This update adds the ability to automatically update to the latest version when connected.

Service Gateway Firmware Version 2.0.12

Mon, 01 May 2023 00:00:00 GMT

May 22, 2023—Service Gateway Firmware Version 2.0.12 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds the function to enable or disable Service Gateway appliance network ports.
This update fixes an issue which might cause the firmware to randomly disable ports.
Zero Trust Secure Access On-premises Gateway: This update adds support for the NTLM v2 protocol.

Some features may not be available in all regions or on all Service Gateway appliances.

Zero Trust Secure Access adds service mode configuration for internet access

Mon, 01 May 2023 00:00:00 GMT

The Secure Access Module can now configure the service mode for the internet access service of TrendAI Vision One™, facilitating the selection of the proper configuration for your endpoints. Adaptive mode is selected by default to assist you in automatically configuring the proper mode for endpoint internet access.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Log collection available in Zero Trust Secure Access agent console

Mon, 01 May 2023 00:00:00 GMT

The Zero Trust Secure Access agent can now collect debug logs to make troubleshooting more convenient for users. The agent console features a new button for users to initiate log collection. When debug logging is enabled, the log will include diagnostic information to assist with troubleshooting end users' issues.

Zero Trust Secure Access → Secure Access Overview

Zero Trust Secure Access Internet Access On-Premises Gateway supports syslog forwarding

Mon, 01 May 2023 00:00:00 GMT

Zero Trust Secure Access Internet Access On-Premises Gateway now supports forwarding activity logs in the Common Event Format (CEF) to a designated syslog server.

For more information, see Deploying an Internet Access On-Premises Gateway.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access Internet Access supports sandboxing integration

Mon, 01 May 2023 00:00:00 GMT

Zero Trust Secure Access Internet Access now supports sandbox integration as part of a public preview, allowing you to automatically submit suspicious files to the Sandbox Analysis app.

You must set a daily reserve of more than zero to enable the automatic submission of suspicious files to the Sandbox Analysis app.

For more information, see Adding a threat protection rule.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Deep Discovery Inspector appliance plans available for Network Inventory

Mon, 01 May 2023 00:00:00 GMT

Manage connected Deep Discovery Inspector appliances in Network Inventory with appliance plans. Plans allow you to deploy important upgrades such as firmware, patches, or hotfixes; as well as replicate settings from one appliance to another. You can also deploy prepared images to appliances configured to use Virtual Analyzer.

Network Security → Network Inventory

Threat and Exposure Management monitors new risk factors

Mon, 01 May 2023 00:00:00 GMT

Threat and Exposure Management now monitors two new risk factors: System Configuration and Security Configuration. You can view the related risk metrics and events in the Risk Factors tab.

Risk Insights identifies potential misconfigurations of your environment, including exposed ports, insecure host connections, insecure IAM and cloud infrastructure configurations, and unsafe software and endpoint configurations.

Risk Insights monitors your TrendAI™ security settings, including endpoint agent and sensor deployments, update status, and key feature adoption rates. The Security Configuration risk factor helps you ensure that TrendAI™ solution settings are following best practices.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cyber Risk Overview widgets reorganized

Mon, 01 May 2023 00:00:00 GMT

In the Exposure Overview tab of Cyber Risk Overview, clicking View Details in widgets now redirects you to Threat and Exposure Management for more detailed information.

In the Activity and Behaviors section, the Legacy Authentication Protocol with Log On Activity widget has moved to the System Configuration section and the Account Compromise Indicators widget has moved into Threat and Exposure Management.

In the Attack Overview tab of Cyber Risk Overview, the General Detection Summary widgets have moved to the Dashboards for easier access and to improve the customizability of dashboards. The following widgets are now found in the Widget Catalog of the Security Dashboard:

Detections by Attack Type
Mitigated Events by Attack Type
Detections by Protection Layer
Workbench Alert Tracking

Note

You must enable Risk Insights capabilities to access Threat and Exposure Management and Security Dashboard. For more information, see Credit requirements for TrendAI Vision One™ solutions.

Cyber Risk Exposure Management → Cyber Risk Overview

Attack Surface Discovery presents data sources for discovered devices

Mon, 01 May 2023 00:00:00 GMT

Attack Surface Discovery lists all assets discovered in your organization to facilitate risk assessments. TrendAI™ leverages several data sources for asset discovery, which are now presented in the Discovered by column of the Device List for further investigation. You can also configure Device Overview to show only specific sources by adding the Discovered by filter.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Service Gateway: Local ActiveUpdate Service Version 2.0.7

Thu, 01 Jun 2023 00:00:00 GMT

June 28, 2023—Service Gateway Local ActiveUpdate Service Version 2.0.7 provides enhanced update management and connectivity features.

This update includes the following changes:

Service Gateway: Local ActiveUpdate Service Version 2.0.6

Thu, 01 Jun 2023 00:00:00 GMT

June 1, 2023—Service Gateway Local ActiveUpdate Service Version 2.0.6 provides enhanced update management and connectivity features.

This update includes the following changes:

Service Gateway: Forward Proxy Service Version 1.0.7

Thu, 01 Jun 2023 00:00:00 GMT

June 19, 2023—Service Gateway Forward Proxy Service Version 1.0.7 provides enhanced security and network connectivity features.

This update includes the following changes:

This update adds an enhancement to limit traffic allowed by the forward proxy service to only traffic with a TrendAI™ hosted service as a destination.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Forward Proxy Service Version 1.0.6

Thu, 01 Jun 2023 00:00:00 GMT

June 1, 2023—Service Gateway Forward Proxy Service Version 1.0.6 provides enhanced security and network connectivity features.

This update includes the following changes:

This update adds support for IPv6 when the host Service Gateway is configured to use IPv6.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Smart Protection Services Version 1.0.4

Thu, 01 Jun 2023 00:00:00 GMT

June 28, 2023—Service Gateway: Smart Protection Services Version 1.0.4 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update fixes an issue which may block Smart Protection Services queries to TrendAI™ services for some products.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.15

Thu, 01 Jun 2023 00:00:00 GMT

June 28, 2023—Service Gateway Firmware Version 2.0.15 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds TrendAI Vision One™ Endpoint Security required FQDNs to the Service Gateway forward proxy service allow list.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.14

Thu, 01 Jun 2023 00:00:00 GMT

June 7, 2023—Service Gateway Firmware Version 2.0.14 provides enhanced security and management capabilities.

This update includes the following changes:

This update fixes an issue which might cause Service Gateway to block some appliances configured with a public IP address.
This update fixes certificate recognition issues when importing a custom certificate.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 2.0.13

Thu, 01 Jun 2023 00:00:00 GMT

June 1, 2023—Service Gateway Firmware Version 2.0.13 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds support for the Cloud Extension Service to help consolidate FQDN requirements.
This update adds support for changing the Service Gateway appliance hostname/FQDN in the Service Gateway Management app.
This update changes the default hostname to fix an issue which might cause Linux endpoints to not recognize or fail to connect to the Service Gateway appliance.

Some features may not be available in all regions or on all Service Gateway appliances.

Virtual Network Sensor, a network sensor for network detection and response, now available in Network Inventory

Mon, 05 Jun 2023 00:00:00 GMT

June 5, 2023—Virtual Network Sensor is the new network sensor solution available for TrendAI Vision One™. Virtual Network Sensor is a virtual appliance that provides TrendAI Vision One™ with network activity data, enabling you to review detailed network activity. The network data can also help discover unmanaged and unknown network assets, allowing for a more holistic view of your attack surface for network detection, response, analysis, and visibility.

Start your TrendAI Vision One™ journey by providing needed network detection and response capabilities such as network telemetry collection and investigation responses. Get an overview of your connected Virtual Network Sensor virtual appliances in Network Inventory.

For more details, see Virtual Network Sensor Virtual Appliance.

Network Security → Network Inventory

Significant update to the Risk Index algorithm

Mon, 05 Jun 2023 00:00:00 GMT

June 5, 2023—Risk Insights has applied a significant update to the Risk Index algorithm for all customers. The algorithm now places a greater importance on Attack Detection. Periodic algorithm updates are part of our continuous effort to optimize the risk algorithm to provide you with an accurate, timely, and actionable Risk Index.

Important

Algorithm updates can result in a sudden and significant increase to asset risk scores and the Risk Index. A sharp increase in the Risk Index that directly coincides with an algorithm update can be considered the result of the algorithm change.

For more details, see Cyber Risk Index algorithm updates.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Zero Trust Secure Access adds customized DLP templates for Internet Access

Mon, 19 Jun 2023 00:00:00 GMT

June 19, 2023—To strengthen the data loss prevention capability of Internet Access, Zero Trust Secure Access supports customized Data Loss Prevention (DLP) templates and customized DLP data identifiers including expressions, file attributes, and keywords. Administrators can add customized DLP templates using either predefined or customized DLP data identifiers, create DLP rules to include customized DLP templates, and then apply them to Internet Access rules to scan outbound web traffic against accidental data disclosure and intentional theft.

For more information, see Data loss prevention rules.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access supports SMB protocol for Private Access

Mon, 19 Jun 2023 00:00:00 GMT

June 19, 2023—Administrators can add the organization's private applications that use the Server Message Block (SMB) protocol to the internal apps list. This allows Private Access to control users' access to these applications through the Secure Access Module.

For more information, see Add an internal application to Private Access.

Zero Trust Secure Access → Secure Access Configuration → Private Access Configuration

Asset graph for service accounts

Wed, 21 Jun 2023 00:00:00 GMT

June 21, 2023—Attack Surface Discovery now provides asset graph support for service accounts. The asset graph provides detailed information about the service account and its relationships and interactions with other assets in your organization. The service account might also appear in the asset graph of other assets.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Risk Insights support for TrendAI Vision One credits

Wed, 21 Jun 2023 00:00:00 GMT

June 21, 2023—As Risk Insights capabilities become a paid feature on July 4, 2023, credit usage data is now displayed in Risk Insights apps. You can view your current credit balance and estimate future credit usage. To ensure uninterrupted access to Threat and Exposure Management and Attack Surface Discovery, activate the "auto-allocate credits" toggle to enable TrendAI Vision One™ to automatically allocate credits to Risk Insights capabilities when the complimentary period ends.

Cyber Risk Exposure Management

Service Gateway: Local ActiveUpdate Service Version 2.0.9

Sat, 01 Jul 2023 00:00:00 GMT

July 12, 2023—Service Gateway Local ActiveUpdate Service Version 2.0.9 provides enhanced update management and connectivity features.

This update includes the following changes:

This update adds a bug fix for product auto-detection when connecting to a Service Gateway appliance.

Service Gateway: Smart Protection Services Version 1.0.5

Sat, 01 Jul 2023 00:00:00 GMT

July 12, 2023—Service Gateway Smart Protection Services Version 1.0.5 includes enhancements, bug fixes, and security updates for Smart Protection Services hosted on Service Gateway appliances.

This update includes the following changes:

This update adds a bug fix for TrendAI™ Predictive Machine Learning detection queries.

Network Inspector version 1.0.1121

Sat, 01 Jul 2023 00:00:00 GMT

July 31, 2023—Virtual Network Sensor version 1.0.1121 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds the enhancement to provide SSH protocol telemetry data to TrendAI Vision One™.
This update adds support for encapsulated remote mirroring.
This update adds support for monitoring traffic from the VMware vSphere Distributed Switch (VDS).
This update adds the ability to toggle SSH in Network Inventory.

Network Inspector version 1.0.1109

Sat, 01 Jul 2023 00:00:00 GMT

July 10, 2023—Virtual Network Sensor version 1.0.1109 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds the ability to send protocol traffic logs to the Scanned Traffic Summary widget in Security Dashboard.
This update adds support for collecting debug logs from TrendAI™ Solution Center when remote support is enabled.
This update adds the CLI command connect to monitor connection and onboarding status with TrendAI Vision One™.

Permissions for Risk Insights updated

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—To streamline the management of Risk Insights access in the User Roles app, the Configure settings and Export data permissions are no longer listed under Cyber Risk Overview, Attack Surface Discovery, and Threat and Exposure Management. Configure settings and Export data are now found in the new General category, which affects the three Risk Insights apps.

The new Manage assets permission now affects Attack Surface Discovery. Threat and Exposure Management now uses two new permissions, Manage risk events and Manage vulnerabilities.

Administration → User Roles

Native TrendAI Vision One Endpoint Security

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—TrendAI Vision One™ provides a centralized and comprehensive solution for your endpoint security, offering a streamlined, single-console experience. The new interface allows for the deployment of protection and policies, risk management, and the handling of detection and response for your endpoints, servers, and workloads.

To learn more, see Getting started with TrendAI Vision One™ Endpoint Security.

Security Playbooks supports management scope

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—For customers that signed up for or expressly updated TrendAI Vision One™ on or after July 3, 2023, Security Playbooks now supports management scope.

Permissions to view or manage playbooks can be assigned based on management scope for custom roles. Users can only approve the execution of playbooks and view execution results for endpoints in their management scope. Newly created playbooks are executed based on the playbook creator's management scope.

All roles retain full permissions for playbooks created before the implementation of management scope.

Workflow and Automation → Security Playbooks

System log enhancements and unusual status alerts for Zero Trust Secure Access Internet Access

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—Zero Trust Secure Access Internet Access now maintains system logs to provide summaries about Internet Access On-Premises Gateway events that occurred, including gateway connection status change, service version update, and SSO authentication proxy status change.

You can also configure alerts to send notifications when the status of an on-premises gateway changes to "Unhealthy", or when the on-premises gateway that serves as the authentication proxy for SSO is disconnected from your on-premises Active Directory server. For more information, see Internet Access gateways and corporate network locations.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access Internet Access supports Artificial Intelligence category for cloud app filtering

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—Zero Trust Secure Access Internet Access now supports a new cloud app category "Artificial Intelligence" evaluated by Cloud Reputation Services. This allows you to easily filter out generative AI-based cloud apps when adding custom cloud app categories and create Risk rules and Internet Access rules to control users' access to these cloud apps.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Secure Access Module can be deployed on the endpoints managed by TrendAI Vision One Endpoint Security

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—Customers that have updated to TrendAI Vision One™ Endpoint Security can now install the Secure Access Module on the following endpoints with supported operating systems: Standard Endpoint Protection endpoints, Server & Workload Protection endpoints, and Sensor only endpoints.

Other features available for the Secure Access Module can also be applied to the endpoints, such as removing the module or replacing the PAC file.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

Report Management and Security Dashboard merged under new Dashboards and Reports app group

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—Security Dashboard and Reports (formerly Report Management) have moved from Risk Insights to the new Dashboards and Reports app group. Access detailed reports and custom dashboard views from a single location to more easily make informed security decisions.

Dashboards and Reports → Dashboards

Dashboards and Reports → Reports

Advanced filtering and ability to assign secure access rules added to Cloud Apps

Mon, 03 Jul 2023 00:00:00 GMT

July 3, 2023—The Cloud Apps tab of the Attack Surface Discovery app now features a new Artificial Intelligence category for cloud apps based on artificial intelligence technology. The Cloud Apps tab now also features advanced filtering by category, risk level, sanctioned state, breach warnings, and last detected. In addition, you can now assign Internet Access rules by selecting cloud apps and clicking Assign Secure Access Rule.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Risk Insights-related security playbooks require entitlement

Tue, 04 Jul 2023 00:00:00 GMT

July 4, 2023—Customers must now enable the Risk Insights license entitlement to create, edit, or execute the following playbooks.

Account Configuration Risk
CVEs with High or Medium Global Exploit Activity - Internet-Facing Assets
CVEs with High or Medium Global Exploit Activity

For more information, see Security playbooks requirements

Workflow and Automation → Security Playbooks

Automated Response Playbooks gain support for custom detection models

Tue, 04 Jul 2023 00:00:00 GMT

July 4, 2023—You can now specify custom detection models when configuring Target nodes for Automated Response Playbooks. Subsequent nodes in the playbook are only triggered for Workbench alerts related to the specified detection models.

Enhancements to the Security Playbooks user interface facilitate selecting and enabling detection models.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Risk Insights capabilities require a license or credits

Tue, 04 Jul 2023 00:00:00 GMT

July 4, 2023—Risk Insights capabilities are now a paid feature. You must purchase a license or allocate sufficient credits for Risk Insights to access Threat and Exposure Management and Attack Surface Discovery.

If you have not purchased a license or allocated credits to Risk Insights, you can start a 30-day free trial when you attempt to access Threat and Exposure Management or Attack Surface Discovery. To ensure uninterrupted access to Threat and Exposure Management and Attack Surface Discovery after your trial ends, contact your sales representative in advance to prepare a license or credits for Risk Insights. You can configure TrendAI Vision One™ to automatically allocate credits to Risk Insights capabilities at the end of your free trial period.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Custom detection model public preview

Tue, 04 Jul 2023 00:00:00 GMT

July 4, 2023—The Detection Model Management app now offers the ability to create custom filters using search query syntax. Create custom detection models that use the new custom filters to trigger the generation of custom Observed Attack Techniques events and Workbench alerts.

The custom Observed Attack Techniques events and Workbench alerts are accessible by several downstream features and services, including the Observed Attack Techniques app, the Workbench public API, widgets, and third-party SIEM integrations. In addition, the new custom detection models can be leveraged by the Security Playbooks app to create automated response actions.

Agentic SIEM and XDR → Detection Model Management

Scanned Traffic Summary widget for Security Dashboard

Mon, 10 Jul 2023 00:00:00 GMT

July 10, 2023—The Scanned Traffic Summary widget provides an overview of scanned traffic, protocols, and discovered devices in your network environment. The widget supports both Network Inspector and Deep Discovery Inspector version 6.6 or later.

Dashboards and Reports → Dashboards

Zero Trust Secure Access Internet Access supports ICAP integration for On-premises Gateways

Mon, 17 Jul 2023 00:00:00 GMT

July 17, 2023—The Zero Trust Secure Access - Internet Access On-Premises Gateway now supports enabling ICAP integration in addition to the default proxy mode. ICAP integration can be configured from the Internet Access Configuration → Gateway page.

For more information, see Deploying an Internet Access On-Premises Gateway.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Vulnerability Assessment for Linux users

Mon, 24 Jul 2023 00:00:00 GMT

July 24, 2023—Vulnerability Assessment is now available for the following Linux operating systems: Amazon Linux, CentOS, Red Hat Enterprise Linux, and Ubuntu.

For details, see Vulnerability Assessment supported operating systems.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Zero Trust Secure Access Internet Access supports bandwidth control for On-premises Gateways

Mon, 31 Jul 2023 00:00:00 GMT

July 31, 2023—The Zero Trust Secure Access - Internet Access On-premises Gateway now supports bandwidth control for specified URLs on both downstream and upstream traffic.

For more information, see Configure bandwidth control

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Virtual Network Sensor version 1.0.1146

Tue, 01 Aug 2023 00:00:00 GMT

August 28, 2023—Virtual Network Sensor version 1.0.1146 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

Network Inspector is renamed Virtual Network Sensor.
This update adds support for deploying on Red Hat Enterprise Linux 9.2 with KVM.
This update adds enhancements to debug log collection.

Notifications implemented for disabled custom filters

Tue, 01 Aug 2023 00:00:00 GMT

August 1, 2023—Notifications are now displayed for disabled custom filters. The notifications include the notification message that pops up in the Notification Center and the tooltip message displayed next to the filter name on the Custom Filter tab and the associated model name on the Custom Model tab.

Agentic SIEM and XDR → Detection Model Management

Connected endpoint protection

Mon, 07 Aug 2023 00:00:00 GMT

August 7, 2023—TrendAI Vision One™ Endpoint Security provides better visibility by displaying all your connected endpoint protection products (both on-premises and SaaS) directly to the Endpoint Inventory screen and allows you direct linking to the related product consoles. You can also evaluate the new Endpoint Security protection by moving a subset of your agents from Trend Micro Apex One as a Service or Cloud One Endpoint & Workload Security. After experiencing the single console benefits, you can update your SaaS offerings to TrendAI Vision One™ Endpoint Security.

You can also view endpoint policies for the following on-premises versions of Apex One and Deep Security.

Apex Central Patch 6 (B6511 or later)
Apex One SP1 Patch 1 (12380 or later)
Apex One (Mac) Patch 10 (3.5.7163 or later)

Deep Security (20.0.804 or later)

Note

The current version of Deep Security policies on TrendAI Vision One™ Endpoint Security does not display the enabled/disabled status for Device Control.

Tip

TrendAI™ highly recommends you update your applications to the latest versions to ensure a seamless transition to TrendAI Vision One™ Endpoint Security.

Risk Insights apps gain Tanium Comply as data source

Mon, 14 Aug 2023 00:00:00 GMT

August 14, 2023—Risk Insights apps now support Tanium Comply as a third-party data source. Tanium Comply contributes device information and CVE detections. To grant data upload permissions for Tanium Comply, enter the Tanium console URL and API token in the data sources settings drawer.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Security Dashboard adds five new widgets

Mon, 14 Aug 2023 00:00:00 GMT

August 14, 2023—Five new widgets have been added to the Security Dashboard widget catalog:

Activity Data Statistics
Detection Statistics
Endpoint Statistics
Email Threat Detection Overview
Email Spam Detection Overview

The new widgets provide an overview of all activity data and detections, allowing users to spot issues involving endpoints and email security and then go deeper to pinpoint product connector or configuration errors. Find the new widgets in the XDR Threat Investigation and Email categories of the Dashboards widget catalog.

Dashboards and Reports → Dashboards

Cloud Accounts app now available for pre-release preview

Tue, 15 Aug 2023 00:00:00 GMT

August 15, 2023—Cloud Accounts consolidates the management and deployment of cloud security features in your environment across TrendAI Vision One™ apps. Cloud Accounts currently provides the following features for AWS accounts:

Core Features: Allows TrendAI Vision One™ to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Once connected, assets in the account are visible in the Attack Surface Discovery app.
Container Protection for Amazon ECS: Deploys TrendAI Vision One™ - Container Security in your AWS account to protect your containers and container images in Elastic Container Service (ECS) environments. Container Security uncovers threats and vulnerabilities, protects your runtime environment, and enforces deployment policies. Once connected, managed clusters are visible in the Container Inventory page.

Additional features and expanded support for additional public cloud providers are planned for Cloud Accounts in the future. For more information, see Cloud Accounts.

Cloud Security → Cloud Accounts

TrendAI Vision One Container Security

Tue, 15 Aug 2023 00:00:00 GMT

August 15, 2023—Container Security helps safeguard your containers throughout their entire life cycle. Container Security is accessible directly in the TrendAI Vision One™ console, offering an intuitive and seamless experience for our customers.

Feature

Description

End-to-End Container Protection

Container Security ensures the security of your containers from build to termination and provides you peace of mind as your containers remain shielded against evolving threats at every step.

Multi-Platform Support

With the ability to deploy and protect both Kubernetes clusters (multi-cloud and on-premises) and Amazon ECS, Container Security ensures consistent security across diverse environments.

Amazon EKS Integration

Link your Amazon EKS Kubernetes clusters with your AWS cloud account to enhance risk discovery, assessment, and mitigation with Cyber Risk Exposure Management (CREM).

Vulnerability Scanning extended to support Amazon ECS

Vulnerability scans have been extended to support Amazon ECS in addition to Kubernetes, allowing you to take proactive measures to secure your environment.

Cluster Inventory View

Gain a clear and organized overview of your clusters' inventory, making it easier to manage and track resources effectively, including clusters, nodes, and pods.

Policy Management and Event Viewing

Effortlessly manage policies and rules, and monitor events all from the TrendAI Vision One™ console, streamlining security operations and workflows.

XDR Detections and Investigation

Detect, track, and investigate cross-layer threats and activities with Container Security's Extended Detection and Response (XDR) capabilities.

Note

XDR Detection and Investigation is available at no added cost during the pre-release preview but will become a separately licensed feature in the future.

Prioritized Vulnerability View

Prioritize the remediation of the most important risks with Cyber Risk Exposure Management, strengthening security posture by focusing on what matters most.

Cloud Security → Container Security

Observed Attack Techniques offers visibility into container attack information

Tue, 15 Aug 2023 00:00:00 GMT

August 15, 2023—To facilitate the visibility of container attacks, the Observed Attack Techniques app has been updated to show all detected events with filter hits originating from container security point products. The app now lists the container name or ID under Associated Entity, providing customers with immediate insight into which entity was targeted. Customers are able to search events by container name, in addition to the existing search criteria.

Agentic SIEM and XDR → Observed Attack Techniques

Windows agent features improved OS update detection

Fri, 18 Aug 2023 00:00:00 GMT

August 18, 2023—The TrendAI Vision One™ Windows agent now checks for update build revision changes every 10 minutes. If an operating system update is detected, the agent triggers an automatic scan of the endpoint. The new process ensures that your endpoints always remain up to date and secure, minimizing potential risk from vulnerabilities and enhancing overall security.

Endpoint Security → Endpoint Inventory

User-defined security playbooks for CVEs with Global Exploit Activity are available

Mon, 21 Aug 2023 00:00:00 GMT

August 21, 2023—The Security Playbooks app made updates to the two CVEs with Global Exploit Activity playbook templates. It allows you to create the playbooks from scratch with a flexible workflow, while still allowing you to create the playbooks from a fully customizable template.

The updated playbook templates provide the following new filtering options to help mitigate risks posed by highly-exploitable CVEs on your managed assets for more fine-grained control:

Filter targets by more operating systems, vulnerability process status, and Trend solutions for prevention rules
Retrieve the number of assets targeted for the playbook right after the target configuration
Notify recipients of playbook results by individual CVE or all CVEs

For more information, see Manually create CVEs with Global Exploit Activity playbooks.

Workflow and Automation → Security Playbooks

New point-of-presence (PoP) site for Zero Trust Secure Access Internet Access available

Mon, 28 Aug 2023 00:00:00 GMT

August 28, 2023—Zero Trust Secure Access Internet Access has launched a new PoP site for the Internet Access Cloud Gateway in Israel in the AWS Middle East region.

For details on the available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Virtual Network Sensor

Mon, 28 Aug 2023 00:00:00 GMT

August 28, 2023—Virtual Network Sensor (formerly called Network Inspector virtual appliance) is now officially launched. Users can download the Virtual Network Sensor image from Network Inventory to deploy the sensor in their environment. Currently, Virtual Network Sensor supports VMware ESXi version 6.5 and above, VMware vCenter, and Red Hat Enterprise Linux 9.2 with KVM.

Network Security → Network Inventory

Virtual Network Sensor version 1.0.1169

Fri, 01 Sep 2023 00:00:00 GMT

September 25, 2023—Virtual Network Sensor version 1.0.1169 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds support for deploying on Microsoft Hyper-V version 2016 or later.
This update adds support for hypersensitive mode.

View Deep Security Device Control status from TrendAI Vision One Endpoint Security

Mon, 04 Sep 2023 00:00:00 GMT

September 4, 2023—Deep Security policies in TrendAI Vision One™ Endpoint Security now display the Device Control enabled/disabled status. To take advantage of this feature, ensure that your Deep Security Manager is updated to version 20.0.817 or later.

Endpoint Security → Endpoint Inventory

Microsoft Purview Information Protection integration with Zero Trust Secure Access Internet Access

Mon, 11 Sep 2023 00:00:00 GMT

September 11, 2023—Zero Trust Secure Access Internet Access has extended its Data Loss Prevention capability by integrating with Microsoft Purview Information Protection. You can now synchronize your published sensitivity labels and add them into Data Loss Prevention rules to let Internet Access block protected files with sensitivity labels from being sent outside your organization.

For details, see Adding a data loss prevention rule.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access now supports Deep Discovery Analyzer integration

Mon, 11 Sep 2023 00:00:00 GMT

September 11, 2023—Internet Access on-premises gateways in Zero Trust Secure Access now offer integration with your existing Deep Discovery Analyzer appliances. In addition to cloud sandboxing, on-premises gateways can submit suspicious files to Deep Discovery Analyzer appliances for analysis after integration. See the settings of your Internet Access on-premises gateways to start using the feature.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access adds update module feature to endpoint list

Mon, 11 Sep 2023 00:00:00 GMT

September 11, 2023—Zero Trust Secure Access users can now update the Secure Access Modules deployed to endpoints directly from the endpoint list. Selecting Update module from the Manage module menu allows you to update modules on specified endpoints to the versions configured in Module Version Management. See the Endpoints tab in Secure Access Module to use the feature.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

Asset graph improvements enhance effectiveness

Mon, 11 Sep 2023 00:00:00 GMT

September 11, 2023—Enhancements to the asset graph in Attack Surface Discovery provide you with greater context for improving your security posture.

The asset graph now includes a symbol for the internet, helping you easily identify which assets are exposed to the internet.

The asset detail screen for domains and IP addresses now also features an asset graph illustrating the relationships between internet-facing assets and other types of assets. The asset graph helps you better understand how domains and IP addresses are associated with internet-exposed devices.

In addition, the asset graph now shows relationships associated with privileges, including user and group memberships, as well as how roles are assigned, to whom a role is assigned, and administrative devices and users. The visualization makes it easier to understand how an identity has administrative permissions to other identities or devices.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Virtual Network Sensor supports hypersensitive mode

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—The Virtual Network Sensor now supports hypersensitive mode. The detection mode is available after enabling it in Support Settings. For more information, see Sensor Details.

Network Security → Network Inventory

Enhancements to Run Custom Script security playbooks

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—You can now specify the operating systems to upload and run custom scripts for when configuring Action nodes for Run Custom Script Security Playbooks. The enhancements also facilitate selecting custom scripts that are added in the Response Management app.

Workflow and Automation → Security Playbooks

Enhancements to Automated Response Playbooks

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—In addition to Workbench alerts automatically triggering playbook execution, users now have the option to manually trigger the execution of Automated Response Playbook from Workbench.

For more information, see Investigate an alert and Alerts correlated in Workbench insights in the Workbench documentation.

Furthermore, the Automated Response Playbook now includes an additional automated response action: "Terminate processes". This enhancement enables users to automatically terminate any "unrated" target processes running on an endpoint.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Customizable home page available in Platform Directory

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—Besides the default Cyber Risk Overview home page, you can now set which app you want to land on after signing in to the TrendAI Vision One™ console.

For more information, see Platform Directory.

Platform Directory

Manually modify asset criticality in Risk Insights

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—Risk Insights apps calculate and display the criticality for each asset based on asset tags. If you think that the system-defined criticality is inaccurate or does not match the actual situation, you can manually assign a custom criticality to assets. In Attack Surface Discovery asset profiles and asset cards, you can now click Modify Criticality to select a custom criticality. You can also revert to using the system-defined criticality at any time.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Monitored Network Throughput widget now available

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—The Monitored Network Throughput widget, which provides an overview of the network traffic monitored by Virtual Network Sensor, is now available in Security Dashboard.  You can now view the 30-day average traffic volume, assess total bandwidth capacity, and track network traffic levels down to the minute both for individual appliances and across the network environment.

Dashboards and Reports → Dashboards

Security Dashboard gets new widget summarizing observed attack techniques

Mon, 25 Sep 2023 00:00:00 GMT

September 25, 2023—To facilitate SOC analysts in quickly identifying the riskiest events within their company, the Security Dashboard has a new widget called Observed Attack Techniques Summary.

This widget, summarizes the riskiest events within a given time range, assisting analysts in navigating towards the appropriate direction for further troubleshooting.

Dashboards and Reports → Dashboards

Endpoint Sensor now supports additional Linux platforms

Wed, 27 Sep 2023 00:00:00 GMT

September 27, 2023—Endpoint Sensor now supports a wider range of Linux platforms including Debian and SUSE, as well as several AArch64-based Linux systems such as Ubuntu 22. You can now view these additional platforms when deploying a new TrendAI Vision One™ agent in the Endpoint Inventory app.

For details on supported Linux platforms, see Endpoint Sensor-only system requirements and Server & Workload Protection system requirements.

Endpoint Security → Endpoint Inventory

Cloud Accounts provides Japanese language support

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—Cloud Accounts now supports Japanese language settings.

Cloud Security → Cloud Accounts

Cloud Accounts public API now available

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—Public API for Cloud Accounts now available on the TrendAI Vision One™ Automation Center. An API to download the Cloud Accounts AWS CloudFormation Template is planned for a future release.

Cloud Security → Cloud Accounts

Cloud Detections for AWS CloudTrail now available

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—Cloud Detections for AWS CloudTrail is now available as a pre-release feature which can be enabled in the Cloud Accounts app. This feature set deploys Cloud Audit Log Monitoring in your AWS account to get actionable insight into user, service, and resource activity with detection models identifying activity such as privilege escalation, password modification, attempted data exfiltration, and potentially unsanctioned MFA changes.

For more information, see AWS features and permissions.

Cloud Security → Cloud Accounts → AWS

Cloud Accounts official release

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—The Cloud Accounts app is no longer a pre-release feature and is now generally available. Cloud Accounts does not require any credit allocation and is always included as part of TrendAI Vision One™. However, some features managed by the Cloud Accounts app may require credits for use.

Included with this release is integration with Server & Workload Protection for AWS accounts.

Adding new AWS accounts in the TrendAI Vision One™ console are now exclusively handled by the Cloud Accounts app.
Existing AWS accounts connected to Cloud Accounts are automatically associated with a Server & Workload Protection instance.
Existing AWS accounts within Server & Workload Protection are automatically added to and can be managed from Cloud Accounts. Update existing AWS accounts from Server & Workload Protection to get enhanced visibility and protection features within their cloud environments.

For more information, see Cloud Accounts.

Cloud Security → Cloud Accounts

Virtual Network Sensor supports Hyper-V deployment

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—The Virtual Network Sensor now supports deployment on Hyper-V host systems.

For more information, see Deploy a Virtual Network Sensor with Hyper-V.

Network Security → Network Inventory

Network Inventory and Network Analytics provide Japanese language support

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—Network Inventory and Network Analytics reports now offer Japanese language support.

Network Security → Network Inventory

Virtual Network Sensor general release

Thu, 28 Sep 2023 00:00:00 GMT

September 28, 2023—The Virtual Network Sensor is no longer a pre-release feature and now enters official release. Virtual Network Sensor comes with a 30-day free trial to allow users to evaluate the functionality and benefits. Once the trial period end, credits are automatically allocated based on usage.

For more information, see Virtual Network Sensor.

Network Security → Network Inventory

TrendAI Vision One Container Security

Fri, 29 Sep 2023 00:00:00 GMT

September 29, 2023—Container Security helps safeguard your containers throughout their entire life cycle. Container Security is accessible directly in the TrendAI Vision One™ console, offering an intuitive and seamless experience for our customers.

Feature	Description
Artifact Scanning	Extended to support anti-malware scanning and used for admission control
Runtime Protection support	Extended support provides you the visibility into any activity on your running containers that violates your customizable set of rules, and the ability to mitigate issues Extended to support Amazon ECS, on both EC2 and Fargate, Extended to support Amazon EKS on Fargate

Cloud Security → Container Security

The Observed Attack Techniques API adds support for container data

Sat, 30 Sep 2023 00:00:00 GMT

September 30, 2023—The Observed Attack Techniques API has been updated to support container-related information such as threats or activities. SIEM apps and customers can now utilize the Observed Attack Techniques Pipeline endpoints to export events that trigger filters or container events. This enables threat and activity investigation related to container security within the exported events.

For more information about the Observed Attack Techniques API, see https://automation.trendmicro.com/xdr/api-v3#tag/Observed-Attack-Techniques-Pipeline

Agentic SIEM & XDR → Observed Attack Techniques

Service Gateway: Forward Proxy Service Version 1.0.9

Sun, 01 Oct 2023 00:00:00 GMT

October 19, 2023—Service Gateway: Forward Proxy Service Version 1.0.9 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds support for customizing the Service Gateway forward proxy service allow list.

Virtual Network Sensor version 1.0.1189

Sun, 01 Oct 2023 00:00:00 GMT

October 30, 2023—Virtual Network Sensor version 1.0.1189 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds a new feature: Detection Exceptions.
This update enhances the appliance information screen in Network Inventory to include the host platform (KVM, Hyper-V, etc.).

Service Gateway Firmware Version 2.0.22

Sun, 01 Oct 2023 00:00:00 GMT

October 19, 2023—Service Gateway Firmware Version 2.0.22 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update enhances the auto-update process to better prevent service interruptions.
This update supports resetting the Service Gateway certificate through the settings screen.
This update adds the CLISH command function to reduce redundant data.
This update adds the function to view all Service Gateway appliances in one list rather than grouped by duration of connection.
This update enhances status notifications to improve the stability of Service Gateway appliances.
This update supports notifications on storage and data usage.
This update adds the function to check available storage when installing services.

Email Account Inventory provides central visibility and management of email accounts

Mon, 09 Oct 2023 00:00:00 GMT

October 9, 2023—Email Account Inventory now provides an overview of how well your organization’s email accounts are protected by Email Sensor and Cloud App Security and allows you to manage protection over the accounts.

Email Account Inventory provides the following central features:

Email Account Inventory provides an overview of your organization’s email account inventory and available actions to protect email accounts in your organization. If you have not yet enabled any email solutions, you can set up Email Sensor and Cloud App Security from the inventory.
You can enable key features of Cloud App Security and configure policies for unprotected accounts.
You can conduct necessary investigations into suspicious account activity.

In addition, the sensor management functionality has moved from Email Account Inventory into a separate menu item.

Email and Collaboration Security → Email Asset Inventory

TrendAI Vision One console now supports daylight saving time

Mon, 09 Oct 2023 00:00:00 GMT

October 9, 2023—The TrendAI Vision One™ console now adjusts the displayed time according to daylight saving time, depending on your selected time zone.

Administration → Console Settings

Zero Trust Secure Access Internet Access supports Kerberos authentication with on-premises Active Directory servers

Mon, 09 Oct 2023 00:00:00 GMT

October 9, 2023—In addition to NTLM v2 authentication, Zero Trust Secure Access Internet access now supports Kerberos as an authentication service for single sign-on with on-premises Active Directory servers. Find and configure the new method in the Global Settings of Internet Access Configuration.

For more information, see Configuring NTLM or Kerberos single sign-on with Active Directory (on-premises)

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Sensor only endpoints now removable in Endpoint Inventory

Fri, 13 Oct 2023 00:00:00 GMT

October 13, 2023—You can now remove sensor only endpoints from Endpoint Inventory by selecting applicable endpoints and clicking the Remove Endpoint button. Removing a sensor only endpoint does not uninstall the TrendAI Vision One™ agent from the endpoint or stop the agent program sending information to TrendAI Vision One™. Support for removing Standard Endpoint Protection and Server & Workload Protection agents from the Endpoint Inventory screen is under development.

Endpoint Security → Endpoint Inventory

Incident Response Evidence Collection playbooks now require credits

Mon, 16 Oct 2023 00:00:00 GMT

October 16, 2023—With the official release of the Forensics app, the Incident Response Evidence Collection playbook now requires credits for evidence collection and uploading to the Forensics app. Users must first configure the data allowance in the Forensics app before setting up the playbook to collect and upload evidence to the TrendAI Vision One™ console.

For more information, see Create Incident Response Evidence Collection playbooks.

Workflow and Automation → Security Playbooks

Agent uninstall tool now available for download from Endpoint Inventory

Mon, 16 Oct 2023 00:00:00 GMT

October 16, 2023—The TrendAI™ uninstall tool is now available for download in Endpoint Inventory for both Windows and macOS endpoints. The tool allows for the uninstallation of the TrendAI Vision One™ Endpoint Security agent and related features:

Standard Endpoint Protection Agent
Server & Workload Protection Agent
Endpoint Sensor

The tool is capable of uninstalling a single agent or multiple agents at once from the endpoint. Download the tool by going toEndpoint Inventory → Agent Installer → Installer Package and clicking the link to download the uninstall tool at the bottom of the page. Downloaded tools are valid for seven days.

Note

If you do not see the link, you might not have permission to perform this action. Contact your system administrator.

To uninstall Windows agents, see Uninstall Windows agents with the tool.
To uninstall macOS agents, see Uninstall macOS Agents with the Tool

Endpoint Security → Endpoint Inventory

Forensics has been officially launched

Mon, 16 Oct 2023 00:00:00 GMT

October 16, 2023—A new application, Forensics, has been officially launched. With Forensics, you can respond to security incidents, conduct compromise assessments, threat hunting, and monitoring.

Forensics allows you to create workspaces. Within the workspace, you can isolate the scope of an incident and execute osqeury and YARA for quick triage and investigation. If you require more details about an incident, you can collect evidence. Evidence Collection gathers the digital evidence and uploads it to the TrendAI Vision One™ console.

Forensics offers an evidence viewing and searching function, facilitating advanced investigations. As you progress through the investigation, you can add notes with important timestamps or create customized records in timelines. In other words, the Forensics timeline is your tool for creating a comprehensive attack chain report using the collected evidence records.

Furthermore, you can use the Evidence Archive section of Forensics to manage all the evidence collected by Incident Response playbooks. Evidence packages can be added to the workspaces, used for generating evidence reports, and utilized for investigation at any time.

For more information, see Forensics.

Agentic SIEM & XDR → Forensics

Support for multiple custom filters in a custom model

Mon, 16 Oct 2023 00:00:00 GMT

October 16, 2023—The Detection Model Management app has been updated to support multiple custom filters in a custom model, with a maximum limit of five custom filters per model. Users can configure the Workbench to trigger an alert based on two more criteria: when events defined by the custom filters occur, or when events defined by the custom filters occur in the specified order.

Fore more information, see Configure a custom model.

Agentic SIEM and XDR → Detection Model Management

New risk events highlight potential attack paths for cloud assets

Mon, 23 Oct 2023 00:00:00 GMT

October 23, 2023—New risk events demonstrate potential attack paths that originate from the internet or potentially compromised cloud assets. These potential attack paths are visualized to help you identify and prioritize risks.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Asset graph visualizes cloud asset relationships

Mon, 23 Oct 2023 00:00:00 GMT

October 23, 2023—Cloud asset profiles now feature an asset graph illustrating the relationships of cloud assets. The visualization showcases how identities access cloud resources, as well as traffic routing and other relationships, helping you to prioritize risks associated with your cloud assets.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Attack Surface Discovery asset profiles available free for XDR customers

Mon, 23 Oct 2023 00:00:00 GMT

October 23, 2023—Customers that have enabled XDR sensors can now access a free version of asset profiles in Attack Surface Discovery, even if credits have not been allocated to Risk Insights capabilities. When viewing the profile of an endpoint, account or cloud asset in a Workbench alert, click View asset risk assessment in Attack Surface Discovery to see the asset's risk assessment and asset profile in Attack Surface Discovery.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

AWS Italy region has new PoP site for Internet Access Cloud Gateway in Zero Trust Secure Access

Tue, 24 Oct 2023 00:00:00 GMT

October 24, 2023—Zero Trust Secure Access has launched a new PoP site for Internet Access Cloud Gateway in the AWS Italy region. For details on available PoP sites for Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Network Inventory enhancements allow for detection exceptions and greater Virtual Network Sensor visibility

Mon, 30 Oct 2023 00:00:00 GMT

October 30, 2023—Users may now create and configure lists of detection exceptions, preventing network traffic detections that match specified criteria from appearing in detection logs. To use the feature, go to Network Inventory → Monitoring/Scanning → Detection Exceptions.

Additionally, users can now view detailed information about each connected Virtual Network Sensor appliance, including system information and system settings, from the list of Virtual Network Sensors in Network Inventory.

Network Security → Network Inventory

Case Management integration with Forensics

Mon, 30 Oct 2023 00:00:00 GMT

October 30, 2023—Case Management now offers integration with Forensics. This allows you to create a Forensics workspace specifically for endpoints included in a Workbench insight or alert. From there, you can perform quick responses such as isolation, Osquery, and YARA process scanning within the Forensics app.

Additionally, you can gather advanced digital evidence from the endpoints in Forensics to conduct a more thorough analysis, identifying root causes and constructing an attack chain using the Forensics timeline.

Once you establish the attack chain, you can add the timeline to a case to record the location of the results.

Agentic SIEM & XDR → Forensics

Custom filter import and export

Mon, 30 Oct 2023 00:00:00 GMT

October 30, 2023—The Detection Model Management app now supports the import and export of custom filters via YAML files. Users can now easily import custom filters from YAML files or export custom filters into YAML files as a ZIP file.

Fore more information, see Custom filters.

Agentic SIEM and XDR → Detection Model Management

Virtual Network Sensor version 1.0.1207

Wed, 01 Nov 2023 00:00:00 GMT

November 28, 2023—Virtual Network Sensor version 1.0.1207 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

Observed Attack Techniques supports filtering by data source

Mon, 06 Nov 2023 00:00:00 GMT

November 6, 2023—You can now filter security event information by data source in the Observed Attack Techniques app. Filtering by data source allows you to evaluate the individual data contribution of different TrendAI Vision One™ products.

Agentic SIEM and XDR → Observed Attack Techniques

Threat and Exposure Management supports remediating and dismissing risk events

Mon, 06 Nov 2023 00:00:00 GMT

November 6, 2023—To better align TrendAI Vision One™ with common risk terminology and enhance your ability to reduce the Risk Index, you can now change the status of risk events in Threat and Exposure Management. In addition, you can now manually trigger a recalculation of the Risk Index and check for new risk events.

Risk events for six of the eight risk factors can now be marked as one of the four following statuses:

New
In progress
Remediated
Dismissed

Remediated and dismissed risk events no longer contribute to your Risk Index.

When changing the status of risk events, you can select from three levels of scope: the selected risk event, all instances of the risk event for the selected assets, or all instances of the risk event for all assets. If you dismiss all instances of a risk event, future instances of the risk event will not be generated.

XDR detection-related risk events that have an associated workbench alert must still be managed via the Workbench app. Development is ongoing to support the new risk event management framework for vulnerability-related risk events. In addition, a subsequent release will allow you to accept risk events, meaning they will still contribute to your Risk Index, but will not be displayed in Risk Reduction Measures. To learn more, see Risk Reduction Measures.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

The Search app supports threat hunting queries from Cyborg Security

Fri, 10 Nov 2023 00:00:00 GMT

November 10, 2023—The Search app now supports threat hunting queries from Cyborg Security to facilitate identification of elusive IOAs in the environment. Moreover, users may view related intelligence reports to aid the understanding and resolution of cyber attacks.

Agentic SIEM and XDR → XDR Data Explorer

Three security playbook templates merged and enhanced

Mon, 13 Nov 2023 00:00:00 GMT

November 13, 2023—The “Run Custom Script,” “Samba vulnerability assessment,” and “Microsoft exchange vulnerability assessment” playbook templates have been consolidated into the new Endpoint Response Actions template, and their functionality has also been integrated into user-defined playbooks.

To learn how to create a user-defined playbook, see Manually create Endpoint Response playbooks.

Workflow and Automation → Security Playbooks

Cloud Accounts - AWS accounts automatically connect after stack deployment

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—When adding a new AWS cloud account, the account automatically connects and registers to TrendAI Vision One™ after stack deployment in AWS completes. Connecting a new AWS account no longer requires copying the role ARN to complete the process. The new process requires using the latest version of the stack template.

Cloud Accounts supports deployment to AWS Organizations

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—Add your AWS Organization to easily connect all the AWS accounts in your organization or organizational unit (OU) to Cloud Accounts. For more information, see Connect and update AWS accounts.

New pricing model for Attack Surface Risk Management now available

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—TrendAI Vision One™ now supports a new pricing model for Attack Surface Risk Management (previously Risk Insights) decoupled from XDR entitlements. Credit usage for Attack Surface Risk Management apps is calculated based on the number of assessable desktops, servers, and connected cloud accounts. Each assessed desktop or server requires 20 credits, while each connected cloud account requires 8,000 credits. If you feel the number of assets discovered by TrendAI Vision One™ is inaccurate, you can manually override the number of assessed assets and your credit usage will be recalculated.

If you previously purchased a Risk Insights license, you will retain your current pricing model until the license expires. If you previously allocated credits to use Attack Surface Discovery and Threat and Exposure Management, you retain your current pricing model; however, if you disable and re-enable Attack Surface Risk Management, you will be migrated to the Attack Surface Risk Management pricing model. Regardless of the pricing model, you will retain access to Attack Surface Discovery, Threat and Exposure Management, and Cloud Security Posture.

A 30-day free trial remains available for customers who have not previously started a trial of Risk Insights capabilities.

For more details on licensing or credit usage for Attack Surface Risk Management, contact your sales representative.

Risk Insights renamed to Attack Surface Risk Management

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—The Risk Insights app group has been renamed to Attack Surface Risk Management to align with the expanding scope of capabilities provided by the included apps. The renamed app group currently contains the Cyber Risk Overview, Attack Surface Discovery, Threat and Exposure Management, and Cloud Security Posture apps.

Graph View gives you contextual visibility over AWS-based assets

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—Attack Surface Discovery now provides new contextual visibility into your cloud assets and prioritized security risks — continuously and frictionlessly. The new Graph View shows more details about the resources deployed in your AWS environment, relationships between cloud assets, and risk scores for each asset.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Gain new visibility over your AWS APIs

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—API Security provides new visibility over your attack surface by identifying challenges to securing your APIs. API Security displays an inventory of your REST and HTTP-based API collections from your AWS API gateways and any misconfigurations detected in your AWS environment.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Enable Agentless Vulnerability & Threat Detection for Amazon EC2 instances

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—Deploy Agentless Vulnerability & Threat Detection in your AWS accounts to discover vulnerabilities in your Amazon EC2 instances with zero impact to your applications.

For more information, see Agentless Vulnerability & Threat Detection.

Cyber Risk Exposure Management → Cyber Risk Overview

Discover and assess internet-facing assets with Rescana

Mon, 20 Nov 2023 00:00:00 GMT

November 20, 2023—TrendAI Vision One™ has traditionally discovered and assessed internet-facing assets via internal TrendAI™ solutions. TrendAI Vision One™ now supports a new data source for internet-facing assets—Rescana. If you are a Rescana customer, you can easily enable the data source by specifying the correct URL and API token for your Rescana account. If you disable the Rescana integration, TrendAI Vision One™ resumes using TrendAI™ internal solutions for collecting data on internet-facing assets.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Container Security – ARM64 CPUs now supported

Thu, 30 Nov 2023 00:00:00 GMT

November 30, 2023—Container Security now protects containers running on ARM CPUs with runtime security and runtime vulnerability scanning.

Container Security – Proxy support for Kubernetes clusters

Thu, 30 Nov 2023 00:00:00 GMT

November 30, 2023—Container Security now supports proxy for Kubernetes clusters, providing a secure way to connect to the TrendAI Vision One™ backend. For more information, see Proxy support for Kubernetes clusters

Case Management now available

Thu, 30 Nov 2023 00:00:00 GMT

November 30, 2023—Case Management is now available for public preview in the TrendAI Vision One™ platform. Case Management enables you to assign priority and ownership to cases containing both individual and correlated alerts from Workbench, and streamlines the start of your threat investigation and incident response workflows.

You can open cases directly from Workbench alerts or with any XDR playbook in Security Playbooks. In Forensics, you can use an existing case to automatically pull impacted endpoints into the related workspace. In addition, Case Viewer allows you to manage your cases while working in other apps.

For more information, see Case Management.

Workflow and Automation → Case Management

Playbook execution results retained for 180 days

Thu, 30 Nov 2023 00:00:00 GMT

November 30, 2023—Starting now, execution results and any pending actions will be available on the Execution Results tab for a period of 180 days. This change allows us to ensure the most relevant and recent data is always at your fingertips.

Workflow and Automation → Security Playbooks

Service Gateway: Smart Protection Services Version 2.0.0

Fri, 01 Dec 2023 00:00:00 GMT

December 20, 2023—Service Gateway Smart Protection Services Version 2.0.0 includes enhancements, bug fixes, and security updates for Smart Protection Services hosted on Service Gateway appliances.

This update includes the following changes:

This update migrates the operating system of Smart Protection Services containers from CentOS 7.9 to Rocky Linux 9.2 to avoid vulnerability patching issues related to the deprecation of CentOS.

Service Gateway: Local ActiveUpdate Service Version 3.0.2

Fri, 01 Dec 2023 00:00:00 GMT

December 20, 2023—Service Gateway Local ActiveUpdate Service Version 3.0.2 provides enhanced update management and connectivity features.

This update includes the following changes:

This update migrates the operating system of ActiveUpdate containers from CentOS 7.9 to Alpine to avoid vulnerability patching issues related to the deprecation of CentOS.
This update adds support for ring deployment of updates to connected products.

Service Gateway Firmware Version 3.0.3

Fri, 01 Dec 2023 00:00:00 GMT

December 20, 2023—Service Gateway Firmware Version 3.0.3 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update migrates the Virtual Appliance operating system from CentOS 7.9 to Rocky Linux 9.2 to avoid vulnerability patching issues related to the deprecation of CentOS.
This update provides visibility into the number of active connections linked to each Service Gateway appliance.
This update adds internal bug fixes for Service Gateway firmware.

Targeted Attack Detection officially released

Fri, 01 Dec 2023 00:00:00 GMT

December 1, 2023—Targeted Attack Detection is out of preview, and now an officially released app. Targeted Attack Detection is free to use, so any TrendAI Vision One™ user can leverage the app to analyze Smart Feedback data to determine if your environment is under attack.

Agentic SIEM & XDR → Targeted Attack Detection

Vulnerability Assessment on Windows Server 2012/Windows Server 2012 R2 endpoints

Mon, 04 Dec 2023 00:00:00 GMT

December 4, 2023—Vulnerability Assessment now expands coverage for vulnerabilities affecting Windows Server 2012 and Windows Server 2012 R2 endpoints to help you identify more highly exploitable CVEs in your environment.

Cyber Risk Exposure Management → Cyber Risk Overview

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Manually add IP addresses to discover internet-facing assets

Mon, 04 Dec 2023 00:00:00 GMT

December 4, 2023—TrendAI Vision One™ now supports manually adding seed IP addresses for discovering internet-facing assets in your organization. In the Internet-Facing Assets section of Attack Surface Discovery, click the Public IPs tab and then click Add to manually add up to 1,000 seed IP addresses. To view a list of added seed IP addresses, click View Manually Added IP Addresses.

The ability to add seed IP addresses is only available for customers using a TrendAI™ solution as the data source for internet-facing assets and that do not have an active trial for Cyber Risk Exposure Management.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Agentless Vulnerability & Threat Detection Resources Gain Tagging

Fri, 08 Dec 2023 00:00:00 GMT

December 8, 2023—Agentless Vulnerability & Threat Detection resources now have tags.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Container Security supports management scope

Mon, 11 Dec 2023 00:00:00 GMT

December 11, 2023—For customers that have updated to the Foundation Services release, Container Security now supports management scope.

Permissions to view and manage Kubernetes clusters and Amazon ECS clusters can be assigned based on management scope for user roles. You can configure the management scope for each custom role in User Roles.

Administration → User Roles

Enhance investigations with VirusTotal threat intelligence in Evidence Report view

Mon, 11 Dec 2023 00:00:00 GMT

December 11, 2023—You can now right-click URLs, domains, IPs, or file SHA-1 and select “VirusTotal” to facilitate thorough investigation of possible threats in your environment.

Agentic SIEM and XDR → Forensics

Customize YARA and osquery task names

Mon, 11 Dec 2023 00:00:00 GMT

December 11, 2023—During an investigation, users can run multiple rounds of osquery or YARA tasks to narrow down the affected endpoint scope. Task names can now be customized to easily distinguish between multiple rounds of task results.

Agentic SIEM and XDR → Forensics

Forensics workspaces provide quick link to related tasks

Mon, 11 Dec 2023 00:00:00 GMT

December 11, 2023—Workspaces in Forensics now offer a quick link to all tasks related to the workspace. Click the Related Tasks button to go to a pre-filtered list in the Task List tab where you can view the status and results of workspace-related tasks.

Agentic SIEM and XDR → Forensics

Forensics app now enriches evidence with TrendAI Smart Protection Network data

Mon, 11 Dec 2023 00:00:00 GMT

December 11, 2023—Powered by TrendAI™ Smart Protection Network services such as Web Reputation Services, the Forensics app can now enrich network-related data collected as evidence. You can now view the score and corresponding risk level of certain URLs, IP addresses, and domain names that you collect and add to Forensics workspaces.

Agentic SIEM and XDR → Forensics

Azure AD renamed to Microsoft Entra ID

Fri, 15 Dec 2023 00:00:00 GMT

December 15, 2023—Azure AD has been renamed to Microsoft Entra ID across all TrendAI Vision One™ apps and features to align with Microsoft’s naming change. No app or feature functionality has been affected by the renaming.

Isolate and terminate Kubernetes containers

Fri, 15 Dec 2023 00:00:00 GMT

Dec 15, 2023—Customers can now isolate or terminate potentially compromised Kubernetes pods when investigating threat incidents in Workbench, Observed Attack Techniques, and Search.

Cloud Security → Container Security

Cloud Accounts now previewing Azure subscription support

Mon, 18 Dec 2023 00:00:00 GMT

December 18, 2023—As a preview feature, Cloud Accounts now supports connecting Azure Subscriptions to TrendAI Vision One™. Connecting your Azure Subscription allows TrendAI Vision One™ to discover your Azure cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Once connected, cloud accounts and assets from your Azure subscriptions are visible in the Cloud Risk Management and Attack Surface Discovery apps under Cyber Risk Exposure Management. For more information, see Connect a single Azure subscription.

Cloud Security → Cloud Accounts

Automated Response Playbook enhancements

Mon, 18 Dec 2023 00:00:00 GMT

December 18, 2023—The Automated Response Playbook has been enhanced to support a wider range of response actions, including user account actions such as disabling the user account, forcing sign out, and forcing password reset, and the ability to run custom scripts on endpoints.

Workflow and Automation → Security Playbooks

Network Inventory supports Deep Discovery Inspector 6.7 with new central management features

Mon, 18 Dec 2023 00:00:00 GMT

December 18, 2023—Network Inventory now supports the following central management features for Deep Discovery Inspector version 6.7 and later.

Configure detection exceptions and packet capture settings.
Connect Deep Discover Inspector to TrendAI Vision One™ using a Service Gateway.
Toggle SSH and hypersensitive settings.

Network Security → Network Inventory

Local user account support added to Zero Trust Secure Access

Mon, 18 Dec 2023 00:00:00 GMT

December 18, 2023—In addition to integration with third-party identity and access management providers, Zero Trust Secure access now supports the addition and maintenance of local user accounts. Administrators may import lists of local user emails to serve as the basis for local user accounts, or the accounts may be added manually.

Zero Trust Secure Access → Secure Access Configuration → Identity and Access Management

Manage all event rules in one place

Mon, 18 Dec 2023 00:00:00 GMT

December 18, 2023—Threat and Exposure Management now features Event Rule Management: a centralized location for you to manage risk event rules.

When you mark a risk event as Dismissed, an event rule is created to prevent Attack Surface Risk Management from reporting future instances of the risk event in Risk Reduction Measures and All Risk Events. The event rule also prevents the dismissed risk event from impacting your organization's Risk Index.

Event Rule Management allows you to review and manage all dismissed event rules. If you remove a dismissed event rule, all new instances of the risk event are reported and contribute to your organization's Risk Index.

Visualize your Azure asset relationships

Mon, 18 Dec 2023 00:00:00 GMT

December 18, 2023—The relationships of your Azure cloud assets can now be graphically illustrated in the Asset Graph tab of cloud asset profiles in Attack Surface Discovery.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Virtual Network Sensor version 1.0.1225

Mon, 01 Jan 2024 00:00:00 GMT

January 8, 2024—Virtual Network Sensor version 1.0.1225 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds support for deploying on the AWS platform.
This update adds the CLI command network-traffic to capture and collect network traffic for investigation.

Service Gateway Firmware Version 3.0.4

Mon, 01 Jan 2024 00:00:00 GMT

January 18, 2024—Service Gateway Firmware Version 3.0.4 provides enhanced security and management capabilities.

This update includes the following changes:

This update removes some SSHOperator objects to enhance the security of Service Gateway appliance SSH connections.
This update enhances the performance of the API that collects service information on Service Gateway appliances, reducing CPU and memory usage.
This update adds a bug fix for configuring the Network Time Protocol using CLISH commands.
This update adds a bug fix for registering Service Gateway appliances with configured custom proxy servers to TrendAI Vision One™.

Region deployment selection available for Cloud Accounts

Mon, 08 Jan 2024 00:00:00 GMT

January 8, 2024—Customers can now select which AWS regions to deploy the Agentless Vulnerability & Threat Detection and Container Protection for Amazon ECS features under Cloud Accounts. By default, these features will deploy to all available regions. This feature requires updating to the latest version of the Cloud Accounts stack.

For more information, see Cloud Accounts.

Cloud Security → Cloud Accounts

Virtual Network Sensor supports new deployment features

Mon, 08 Jan 2024 00:00:00 GMT

January 8, 2024—Virtual Network Sensor supports deploying to AWS cloud environments. Additionally, you can now specify a default password for KVM deployments within Network Inventory.

Network Security → Network Inventory

Master Administrators can opt in to all pre-release apps/services

Mon, 08 Jan 2024 00:00:00 GMT

January 8, 2024—TrendAI Vision One™ has added an opt-in and opt-out mechanism in Platform Directory for Master Administrators to choose whether they want to view and try TrendAI Vision One™ pre-release apps/services available for the organization.

After opting in, you can use all current and future pre-release apps/services at no added cost during the pre-release preview and will be notified at least 30 days before official release or any upcoming charge.

For customers that were already using TrendAI Vision One™ prior to January 8, 2024, opting in is automatically enabled to ensure service continuity of previously opted-in apps/services. You must manually opt out if you do not want to use pre-release apps/services.

Platform Directory

Support for terminating Amazon ECS containers

Mon, 08 Jan 2024 00:00:00 GMT

January 8, 2024—Customers can now terminate potentially compromised Amazon Elastic Container Service tasks while investigating threat incidents in Workbench, Observed Attack Techniques, or XDR Data Explorer.

Agentic SIEM & XDR → Workbench

Filter query results of YARA and osquery tasks by status

Tue, 09 Jan 2024 00:00:00 GMT

January 9, 2024—Query results for YARA and osquery tasks can now be filtered by status to provide a brief overview. Quickly find the reason for failed tasks by hovering over the status icon next to endpoint names.

Agentic SIEM and XDR → Forensics

TrendAI Vision One Email and Collaboration Security official launch

Mon, 15 Jan 2024 00:00:00 GMT

January 15, 2024—TrendAI Vision One™ provides a centralized and comprehensive solution for your email and collaboration security, offering a streamlined, single-console experience.

Email Asset Inventory provides centralized visibility combining your protection managers with dedicated inventory views.
- Email account inventory, managed by Cloud Email and Collaboration Protection and Email Sensor, highlights noteworthy accounts which require further investigation. You can also quickly review your Exchange Online and Gmail protection status.
- Email domain inventory, managed by Cloud Email Gateway Protection, provides domain information and your email gateway protection status.
- Email server inventory provides information about your email servers managed by on-premises protection solutions including ScanMail for Microsoft Exchange and InterScan Messaging Security Virtual Appliance.
Email Sensor provides centralized management for your email accounts allowing you to enable or disable XDR detection and response. Enabling email sensor detection and response provides XDR capabilities for email accounts as well as providing cross-layered capabilities covering identity, endpoint, network, and more.
Cloud Email and Collaboration Protection provides real-time protection to enhance security with powerful enterprise-class threat and data protection control, including protection against ransomware, phishing, Business Email Compromise (BEC), zero-day and hidden malware, unauthorized transmission of sensitive data, targeted attack user, and account takeover. Cloud Email and Collaboration Protection integrates cloud-to-cloud with the protected applications and services, and leverage both inline and API integration to maintain high availability and administrative functionality, as well as auto-remediation based on the latest pattern updates on incoming, outgoing and internal messages. Cloud Email and Collaboration Protection provides protection for the following cloud email and collaboration applications:
- Microsoft Office 365 services (Exchange Online, SharePoint Online, OneDrive, Microsoft Teams)
- Google Workspace (Google Drive, Gmail)
- Box
- Dropbox
For customers with an existing Cloud App Security solution, update to Cloud Email and Collaboration Protection through the Product Instance app to seamlessly integrate with TrendAI Vision One™ to manage email and collaboration security within one console, one platform. To learn more, see Update from Cloud App Security.
Cloud Email Gateway Protection provides email security at the gateway level through MX record rerouting of inbound messages to block dangerous and unwanted emails before they reach your email servers. In addition to malware scanning, spam detection, and content filtering, Cloud Email Gateway Protection also supports domain-based authentication such as SPF/DKIM/DMARC, directory-based recipient verification, outbound DLP, and email encryption - all configurable through robust policy settings.

For customers with an existing Trend Email Security solution, update to Cloud Email Gateway Protection to seamlessly integrate with TrendAI Vision One™ to manage email gateway security within one console, one platform. To learn more, see Update from TrendAI™ Email Security.

Zero Trust Secure Access Supports Mobile Agent Deployment on Devices With Custom MDM

Mon, 15 Jan 2024 00:00:00 GMT

January 15, 2024—The Zero Trust Secure Access Secure Access Module can now be deployed to mobile devices that are unmanaged or managed by an MDM solution using managed configuration. Users may now take advantage of Internet Access and Private Access features when enabled. For more information, see Enable Zero Trust Secure Access on mobile devices.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

Mobile Security → Mobile Inventory

Security Configuration features enhanced email security

Mon, 15 Jan 2024 00:00:00 GMT

January 15, 2024—Cyber Risk Overview now better reflects the health of your connected email security products. The Email Security section of the Security Configuration tab now supports Email Security and shows the protection status and key feature adoption rates for your email domains.

When examining email domain configuration status or Key Feature Adoption Rates, clicking the number of domains that are not configured correctly takes you to Email Asset Inventory for more detailed information.

Cyber Risk Exposure Management → Cyber Risk Overview

Security Configuration supports network security

Mon, 15 Jan 2024 00:00:00 GMT

January 15, 2024—Cyber Risk Overview now provides you with an overview of your network layer configuration. The Network Security section of the Security Configuration tab now displays the deployment status and key feature adoption rates for your connected Deep Discovery Inspector appliances.

When examining Appliance Health, Software Version, or Key Feature Adoption and Configuration, clicking the number of appliances that are not configured correctly leads you to the Reports app to generate a detailed report.

Cyber Risk Exposure Management → Cyber Risk Overview

Create Security Awareness Training training campaigns targeting at-risk users

Mon, 15 Jan 2024 00:00:00 GMT

Important

This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.

January 15, 2024—In addition to manually creating training campaigns for your users in the Security Awareness Training app, you can now also initiate campaigns from the Attack Surface Discovery, Threat and Exposure Management, and Identity Posture apps. Campaigns initiated from these three apps enable you to provide Security Awareness Training training focused specifically on at-risk users.

When viewing domain accounts in Attack Surface Discovery, the context menu now includes the Create Training Campaign option.

In Threat and Exposure Management, the remediation steps for some types of risk events—such as phishing simulations indicating user accounts might be vulnerable to attack — now include links to create Security Awareness Training training.

The Identity Posture app's Identity Summary screen for highly privileged identities and the highlighted exposure risk events in the Exposure tab now also feature a Create Security Awareness Training Training Campaign button.

Cyber Risk Exposure Management → Security Awareness

Security Dashboard adds five container-related widgets

Mon, 15 Jan 2024 00:00:00 GMT

January 15, 2024—To facilitate SOC analysts in quickly identifying container security risks within their environment, Security Dashboard has added the following five new widgets:

Top Clusters with Runtime Vulnerabilities/Events
Top Namespaces with Runtime Rule Violations
Top Runtime Policy Violations by Action
Top Trigger Runtime Rules by Violations
Top Unique CVEs by CVSS Rating

Find the new widgets in the Cloud category of the Security Dashboard widget catalog. Be aware that these widgets are only available for customers that have updated to the Foundation Services release.

Dashboards and Reports → Dashboards

New Scan for Malware endpoint response action available

Mon, 22 Jan 2024 00:00:00 GMT

January 22, 2024—Users may now perform a one-time on-demand malware scan on one or more endpoints from context menus in Workbench, Endpoint Inventory, Search, and Observed Attack Techniques, allowing for a direct response to attacks while conducting further investigation. For more information, see Scan for Malware task.

Workflow and Automation → Response Management

Security Playbooks feature enhancements and user experience improvement

Wed, 24 Jan 2024 00:00:00 GMT

January 24, 2024—The Endpoint Response Actions playbooks and Incident Response Evidence Collection playbooks have been enhanced to support a broader range of IP formats for the playbook target. In addition to using a wildcard, you have the flexibility to use CIDR notation or specify an IP range from a starting IP address to an ending IP address.

Additionally, the email notification content for user-defined Automated Response Playbooks has been improved to enhance the user experience.

Workflow and Automation → Security Playbooks

Zero Trust Secure Access Private Access and Internet Access now supports custom service status on individual endpoints

Mon, 29 Jan 2024 00:00:00 GMT

January 29, 2024—Zero Trust Secure Access now allows users to set the service status for Internet Access and Private Access on single endpoints. Users may choose to align the service status for the endpoint with the current global configuration or choose to never enable either service on selected endpoints. Configure endpoints from the endpoint list on the Secure Access Module screen.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

Zero Trust Secure Access now supports devices managed by custom MDM solutions or no MDM solution

Mon, 29 Jan 2024 00:00:00 GMT

January 29, 2024—In addition to Microsoft Intune-managed devices the Zero Trust Secure Access mobile module can now be deployed to all managed or unmanaged mobile devices, allowing you to secure more mobile endpoints. If you do not currently have an MDM solution, the mobile module supports deployment through Mobile Device Director. For more information, see Deploying the Secure Access Module to Mobile Devices.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

Zero Trust Secure Access now supports local user groups

Mon, 29 Jan 2024 00:00:00 GMT

January 29, 2024—Zero Trust Secure Access now supports local user account management both individually and by assigned groups. You may assign local users to one or more local user groups, allowing you to apply access rules by group. For more information, see Local user account management.

Zero Trust Secure Access → Secure Access Configuration → Identity and Access Management

Forensics highlights now available

Mon, 29 Jan 2024 00:00:00 GMT

January 29, 2024—The new Highlights section of the evidence report in Forensics displays all the high-risk pieces of evidence found in the collected evidence. Use the Highlights section as a starting point for your investigations.

Agentic SIEM and XDR → Forensics

Forensics workspace enhancements

Mon, 29 Jan 2024 00:00:00 GMT

January 29, 2024—Forensics now displays the following information about your endpoints in the Workspace view:

Latest risk score
Whether the endpoint is connected or not
whether the endpoint is managed or not

Agentic SIEM and XDR → Forensics

Support to exclude specified endpoints from response actions

Wed, 31 Jan 2024 00:00:00 GMT

January 31, 2024—Users may now prevent critical endpoints from being affected by selected response actions triggered across TrendAI Vision One™. Add up to six exclusions to apply to lists of up to 100 endpoints by enabling the feature in Settings within Response management. To learn more, see Exclude Specified Endpoints from Response Actions.

Workflow and Automation → Response Management

Virtual Network Sensor version 1.0.1235

Thu, 01 Feb 2024 00:00:00 GMT

February 5, 2024—Virtual Network Sensor version 1.0.1235 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds a new feature: Send to sandbox is available for preview in limited regions.

Agentless Vulnerability & Threat Detection supports cost tracking

Wed, 07 Feb 2024 00:00:00 GMT

February 7, 2024—You can now track the costs of Agentless Vulnerability & Threat Detection by enabling AWS Cost Explorer. Update the Agentless Vulnerability & Threat Detection stack to enable this capability. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS.

Cyber Risk Exposure Management → Cyber Risk Overview

Cloud Risk Management removes support for outdated standards

Wed, 14 Feb 2024 00:00:00 GMT

February 14, 2024—Cloud Risk Management no longer supports the following compliance standards:

CIS Amazon Web Services Foundations Benchmark v1.2.0
CIS Amazon Web Services Foundations Benchmark v1.3.0
CIS Amazon Web Services Foundations Benchmark v1.4.0
CIS Microsoft Azure Foundations Benchmark v1.1.0
CIS Google Cloud Platform Foundation Benchmark v1.2.0

These five standards are no longer accessible in filters, which prevents the creation of new reports and report configurations. You can no longer generate new PDF or CSV reports using existing report configurations that include any of the five standards. However, any PDF or CSV reports generated before support was ended remain available.

Please update your report configurations to use the latest versions of CIS Benchmarks.

Cloud Security → Cloud Risk Management → Misconfiguration and Compliance

Enhanced multi-layered asset management and new Asset Visibility Management app available

Mon, 19 Feb 2024 00:00:00 GMT

February 19, 2024—Besides the management scope for endpoints and containers that were introduced in 2023, TrendAI Vision One™ enhances the asset management capability to support more data assets, including mobile devices, accounts, cloud assets, network assets, and secure access assets. Large-sized customers that run multiple businesses or have the need to segregate asset data visibility for different teams can leverage this enhanced capability to achieve multi-tenancy management purposes within a single TrendAI Vision One™ console.

For customers to better organize assets of multiple layers in a centralized location, TrendAI Vision One™ launches a new app Asset Visibility Management for administrators to group data and TrendAI Vision One™ app assets into asset visibility scopes based on the corporate structure. The asset visibility scopes can then be assigned to user roles to determine which assets are visible or manageable to these roles in all applicable TrendAI Vision One™ apps that display the data of the selected assets.

Only customers that have updated to the Foundation Services release have access to the app. If customers have configured scopes for endpoints and containers in User Roles, to achieve seamless migration, asset visibility scopes that include newly supported assets are automatically created and associated to the corresponding roles. TrendAI Vision One™ continues enhancing the asset visibility management capability with more asset coverage or granularity.

Service Management → Asset Visibility Management

Virtual Network Sensor supports deployment to Microsoft Azure cloud environments

Mon, 19 Feb 2024 00:00:00 GMT

February 19, 2024—Virtual Network Sensor supports deploying to Microsoft Azure cloud environments.

Network Security → Network Inventory

Network Inventory now supports Asset Visibility Management

Mon, 19 Feb 2024 00:00:00 GMT

February 19, 2024—Network Inventory now supports managing user role visibilty of connected Deep Discovery Inspector and Virtual Network Sensor devices with the Asset Visibility Management app. You can now manage the visibility of users within your organization to view your connected network security devices based on individual devices or groups created in Network Inventory.

Service Management → Asset Visibility Management

Network Inventory now supports creating groups for Deep Discovery Inspector and Virtual Network Sensor

Mon, 19 Feb 2024 00:00:00 GMT

February 19, 2024— Network Inventory now supports the ability to create groups for your connected Deep Discovery Inspector appliances and Virtual Network Sensors, as well as filter devices displayed using a tree view quick filter.

Network Security → Network Inventory

Manage risk events by risk factor in Threat and Exposure Management

Mon, 19 Feb 2024 00:00:00 GMT

February 19, 2024—You can now change the status of risk events when viewing them by risk factor in Threat and Exposure Management. This applies to all risk factor types except XDR Detections and Vulnerabilities. Development is ongoing to support these two risk factor types.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Gain better visibility into the security configuration of cloud apps

Mon, 19 Feb 2024 00:00:00 GMT

February 19, 2024—The cloud app profile screen in Attack Surface Discovery now displays the following additional information:

The encryption ciphers used by the cloud app
The latest version of the communications protocol used by the app
Whether the cloud app uses a trusted certificate
Whether the cloud app allows for IP address access control

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Cloud Email and Collaboration Protection supports turning off computer vision

Fri, 23 Feb 2024 00:00:00 GMT

February 23, 2024—In the Web Reputation filter, Cloud Email and Collaboration Protection allows you to control whether to use the computer vision techniques for phishing detection. Computer vision clicks suspicious URLs in emails to access web pages and apply AI-based image analysis to detect threats. Previously, computer vision was enabled as long as you turned on Web Reputation.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access enables additional authentication to Private Access

Mon, 26 Feb 2024 00:00:00 GMT

February 26, 2024—Users may now require additional authentication to Private Access after authenticating on endpoints with the Secure Access Module. Enabling the new feature overrides the default behavior of authenticating users to Internet Access and Private access at the same time, allowing for the use of Private Access only on demand. For more Information, see Secure Access Module.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

Asset relationship visualizations emphasize risk management

Mon, 26 Feb 2024 00:00:00 GMT

February 26, 2024—In line with enhancements to the visualization of asset relationships in Attack Surface Discovery, the asset graph feature in profile screens for devices, accounts, domains, and IP addresses has been renamed to Asset Risk Graph, while the graph view for cloud assets is now the Cloud Risk Graph. Both of these features continue to provide valuable risk findings, helping you assess your organization's security posture.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Service Gateway: Smart Protection Services Version 2.0.2

Fri, 01 Mar 2024 00:00:00 GMT

March 4, 2024—Service Gateway Smart Protection Services Version 2.0.2 includes enhancements, bug fixes, and security updates for Smart Protection Services hosted on Service Gateway appliances.

This update includes the following changes:

This update adds an enhancement to provide the most recent time that the File Reputation Services pattern was checked for updates.
This update enhances log processing frequency to reduce storage buffering.

Virtual Network Sensor version 1.0.1262

Fri, 01 Mar 2024 00:00:00 GMT

March 25, 2024—Virtual Network Sensor version 1.0.1262 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds new CLI commands for troubleshooting.
This update adds support for disk size extension.
This update adds support for file response action.

Service Gateway: Local ActiveUpdate Service Version 3.0.4

Fri, 01 Mar 2024 00:00:00 GMT

March 7, 2024—Service Gateway Local ActiveUpdate Service Version 3.0.4 provides enhanced update management and connectivity features.

This update includes the following changes:

This update adds a bug fix for duplicate requests when downloading updates for connected products.
This update adds an enhancement to reduce overall CPU usage.

Service Gateway Firmware Version 3.0.5

Fri, 01 Mar 2024 00:00:00 GMT

March 4, 2024—Service Gateway Firmware Version 3.0.5 provides enhanced security and management capabilities.

This update includes the following changes:

This update adds support for restarting the appliance via the Service Gateway Management app on the TrendAI Vision One™ console.
This update adds a bug fix for configuring the Network Time Protocol after upgrading the Service Gateway appliance.

Endpoint Inventory updates Available Actions and adds new filters

Mon, 04 Mar 2024 00:00:00 GMT

March 4, 2024—The Available Actions quick filters have been updated with two new behaviors:

If there are a total of zero (0) endpoints for an available action, Endpoint Inventory now hides the action, providing a cleaner interface.
The "Sensor disabled" Available Action now only includes endpoints which have the Trend Vision One sensor installed but disabled by settings or policy.

Additionally, a new category of filters has been added for Sensor Maintenance Recommended. You can follow the recommended actions to resolve any issue the endpoints might have.

Endpoint Security Operations → Endpoint Inventory

Case Management can now close inactive cases automatically

Mon, 04 Mar 2024 00:00:00 GMT

March 4, 2024—Case Management can now close cases that have not received updates for over 60 days.

Three days before closing, Case Management sends a notification to remind the case owner to update the case.

Case Management

Container Security updates Runtime Security to ensure access to future, larger rule updates

Tue, 05 Mar 2024 00:00:00 GMT

March 5, 2024—The Runtime Security scout component has been updated to allow for the download of larger Runtime Security rule files. Customers should upgrade clusters that are running scout versions older than 2.3.26 (template version 1.0.8 for ECS) to the latest available version to ensure that they have access to new Runtime Security rules as they become available. Older versions of scout continue to receive rules and your existing installations retain their protection, but they cannot be updated as frequently with new rules due to file size limitations.

Instructions on upgrading Runtime Security:

For Kubernetes clusters: Upgrade your Container Security deployment
For ECS clusters: Upgrade your Cloud Account Management stack

Cloud Risk Management to support latest Azure framework standard

Tue, 05 Mar 2024 00:00:00 GMT

March 5, 2024—The Azure Well-Architected Framework compliance standard report and associated rule mappings in Cloud Security Posture have been updated to conform with the latest version of the Azure Well-Architected Framework released in October 2023. In turn, the July 2022 version of the Azure Well-Architected Framework will no longer be available in Cloud Security Posture from June 1, 2024. The removed version will no longer be accessible in filters, preventing the creation of new reports or report configurations with the outdated standard. This means that you will no longer be able to generate new PDF or CSV reports using report configurations that include the outdated compliance standard. However, any PDF or CSV reports already created remain available for download. TrendAI™ recommends that you update your report configurations to use the latest version of the framework by June 1, 2024.

Cloud Security → Cloud Risk Management → Cloud Security Posture

Zero Trust Secure Access On-premises Gateway Version 1.0.38

Mon, 11 Mar 2024 00:00:00 GMT

March 11, 2024—ZTSA On-Premises Gateway Version 1.0.38 provides enhanced security and connectivity features.

This update includes the following changes:

New Feature

Supports bypass authentication by endpoint IPs in On-premises Gateways

Zero Trust Secure Access enables selected private IP addresses to bypass authentication on cloud and on-premises gateways

Mon, 11 Mar 2024 00:00:00 GMT

March 11, 2024—You may now allow endpoints to bypass user authentication on configured cloud and on-premises gateways. To bypass user authentication, endpoints must connect using a private IP address specified by the administrator. When connecting to the internet through an Internet Access gateway, endpoints using the specified private IP addresses are included as a user in the Internet Access user count for credit calculation. This feature is not available on the default cloud gateway when connecting outside of defined locations.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access now supports Wintun as a service mode for traffic forwarding on Windows Secure Access Modules

Mon, 11 Mar 2024 00:00:00 GMT

March 11, 2024—Zero Trust Secure Access has added support for the Wintun TUN adapter in the available service modes for traffic forwarding on Windows Secure Access Modules. Select the TUN (Wintun) service mode in the Secure Access Module global settings if your users' devices require greater traffic throughput.

Zero Trust Secure Access → Secure Access Configuration → Secure Access Module

View endpoint group names on the device list in Attack Surface Discovery

Mon, 11 Mar 2024 00:00:00 GMT

March 11, 2024—The Attack Surface Discovery device list now includes an endpoint group column to show the endpoint group name for each managed device. Use the “Endpoint group” filter to search for managed devices from specified endpoint groups.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

DMARC Report Analysis available in Cloud Email Gateway Protection

Wed, 20 Mar 2024 00:00:00 GMT

March 20, 2024—Cloud Email Gateway Protection supports analyzing the DMARC reports for your managed domains. With the report analysis results, you can easily monitor trends and identify anomalies in emails sent on behalf of your managed domains.

Email and Collaboration Security → Cloud Email Gateway Protection

Cloud Email and Collaboration Protection supports taking action based on email header fields

Fri, 22 Mar 2024 00:00:00 GMT

March 22, 2024—In addition to specifying blocked email senders, Cloud Email and Collaboration Protection allows you to define a list of blocked email header fields and specify the action to take on matching emails in Advanced Spam Protection.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Email and Collaboration Protection supports Dynamic URL scanning for Teams Chat

Fri, 22 Mar 2024 00:00:00 GMT

March 22, 2024—Cloud Email and Collaboration Protection supports dynamic URL scanning for Teams Chat to further analyzes URLs posted in chats in real-time to detect phishing URLs.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Email and Collaboration Protection supports Predictive Machine Learning Exception List

Fri, 22 Mar 2024 00:00:00 GMT

March 22, 2024—Cloud Email and Collaboration Protection allows you to define a list of SHA-1 hash values of files to exclude from scanning by TrendAI™ Predictive Machine Learning.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Email and Collaboration Protection supports reporting emails to administrator-specified mailboxes

Fri, 22 Mar 2024 00:00:00 GMT

March 22, 2024—Cloud Email and Collaboration Protection provides you the option to allow your end users to report emails through its add-in to mailboxes you have specified. Administrators can easily access the reported emails to analyze, investigate, and take necessary actions.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Service Gateway: Forward Proxy Service Version 1.0.13

Sat, 23 Mar 2024 00:00:00 GMT

March 26, 2024—Service Gateway Forward Proxy Service Version 1.0.13 provides enhanced security and network connectivity features.

This update includes the following changes:

Add request information and error code to Squid access log
Fix vulnerabilities: Disable gopher/URN/FTP protocol

Service Gateway Firmware Version 3.0.6

Sat, 23 Mar 2024 00:00:00 GMT

March 26, 2024—Service Gateway Firmware Version 3.0.6 provides enhanced security and management capabilities.

This update includes the following changes:

Add support for safe boot
Add support for port customization
Fix the error that caused the Clish Command "Configure route ipv4/ipv6.default" to fail
Fix the error that caused the appliance audit log send failed issue when appliance token changed

Zero Trust Secure Access On-premises Gateway Version 1.0.39

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—ZTSA On-Premises Gateway Version 1.0.39 provides enhanced security and connectivity features.

This update includes the following changes:

New Feature

Supports customizable ports for individual services in On-premises Gateway

Cloud Accounts support for Google Cloud projects now available in pre-release preview

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—As a pre-release preview feature, Cloud Accounts now supports connecting Google Cloud (GCP) projects to TrendAI Vision One™. Connecting your Google Cloud project allows TrendAI Vision One™ to discover your cloud assets and rapidly identify risks such as compliance and security best practice violations on your cloud infrastructure. Once connected, cloud accounts and assets from your Google Cloud projects are visible in the Cloud Risk Management and Attack Surface Discovery apps under Cyber Risk Exposure Management. For more information, see Connect Google Cloud projects.

Cloud Security → Cloud Accounts

One more user account type available to support IdP-initiated only SSO

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—TrendAI Vision One™ now supports mapping of user roles directly to groups defined in customers' identity providers, removing the need to add individual user and group accounts for all users to sign in to TrendAI Vision One™.

For more information, see Add an IdP-Only SAML Group Account.

Administration → User Accounts

Updated behavior for removed agents reconnecting to TrendAI Vision One

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—After March 25, 2024, endpoints removed from Endpoint Inventory, whether by a user or by the inactive agent removal settings, automatically reconnect when powered on and reappear in the Endpoint Inventory. Endpoints removed before March 25, 2024, do not automatically reconnect.

For more information, see What happens when a removed endpoint reconnects to TrendAI Vision One™ Endpoint Security?

Configure custom ports for Internet Access On-Premises Gateway services

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—Users may now change the default ports for services such as data proxy, authentication proxy, and ICAP/ICAPS services configured on the Internet Access On-Premises Gateway. Configure custom ports from Service Gateway Management. For more information, see Service Gateway services.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

New PoP site serving the AWS Middle East and Africa region

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—Zero Trust Secure Access Internet Access now offers support for the AWS Middle East and Africa Region. Users in the region may configure their service FQDNs to reflect the new location.

For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Connect Active Directory servers in Third-Party Integrations to add computers in Server & Workload Protection

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—You may now add computers in Server & Workload Protection from Active Directory servers connected through Third-Party Integrations. Configure your Active Directory server information just once without the need for adding a data center gateway. When adding computers, choose the new method or continue to add servers directly in Server & Workload Protection.

Workflow and Automation → Third-Party Integrations

Microsoft AKS now supported in Container Security and ASRM

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—Container Security now supports Microsoft Azure AKS. Just add the cluster in the Container Security app and install the Helm script into AKS according to our installation steps. You can see AKS's Cluster, Node, and Pod appear in the Tree view on the left. inside. If the user uses the Map to Cloud Account function, relevant information will also appear in the Cyber Risk Exposure Management app.

Customize columns in Attack Surface Discovery asset lists

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—You can now customize the columns displayed in asset lists for all asset types in Attack Surface Discovery. Show or hide specific columns, and rearrange column order by dragging and dropping.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

View data sources for discovered accounts in Attack Surface Discovery

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—The Attack Surface Discovery accounts page now has a "Discovered by" column for both domain and service accounts to show the data source that has discovered the account. Use the "Discovered by" filter to search for accounts from the selected data source.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Scan for vulnerabilities in your Amazon ECR and self-managed Kubernetes container images

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—Agentless Vulnerability & Threat Detection now supports vulnerability scanning on container images of your Amazon ECR container images when you enable the feature for your AWS accounts in Container Inventory. You can also enable Runtime Scanning for your Kubernetes clusters in TrendAI Vision One™—Container Security and enable to scan for vulnerabilities in related Kubernetes container images.

Cyber Risk Exposure Management → Cyber Risk Overview

Use case management to communicate with the TrendAI managed services team

Mon, 25 Mar 2024 00:00:00 GMT

March 25, 2024—Managed XDR customers can use Case Management to receive direct communication from the TrendAI™ managed services team to get incident alerts and recommended remediation actions.

Case Management

Google GCP GKE now supported in Container Security and ASRM

Wed, 27 Mar 2024 00:00:00 GMT

March 27, 2024— Now Container Security can support Google GCP GKE. Just add Cluster in the Container Security app and install the Helm script into GKE according to our installation steps. You can see GKE's Cluster, Node, and Pod appear in the Tree view on the left. inside. If the user uses the Map to Cloud Account function, relevant information will also appear in the Attack Surface Risk Management app.

The TrendAI Vision One mobile app is now available

Thu, 28 Mar 2024 00:00:00 GMT

March 28, 2024—Your security on the go. Receive notifications and alerts, check your organization's Risk Index, and get a summary of the most recent Workbench alerts, all from your mobile device. Learn more

The TrendAI Vision One™ mobile app is available in the Google Play Store and the App Store (iPhone & iPad).

Collect File and Submit for Sandbox Analysis response actions now support Virtual Network Sensor

Thu, 28 Mar 2024 00:00:00 GMT

March 28, 2024—You can now perform Collect File and Submit for Sandbox Analysis response actions on Virtual Network Sensor agents. You can initiate response actions from the context or response menu and monitor task status in the Response Management app.

For more information, see Response actions.

Workflow and Automation → Response Management

Virtual Network Sensor version 1.0.1278

Mon, 01 Apr 2024 00:00:00 GMT

April 29, 2024—Virtual Network Sensor version 1.0.1278 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds support for deploying the Virtual Network Sensor on TippingPoint TXE-series devices (software version 6.3 or later).
This update adds support for including device IP and hostname in network telemetry
This update adds integration with Cyber Risk Overview Security Configuration Overview to monitor Virtual Network Sensor status and health.

Service Gateway Firmware Version 3.0.7

Mon, 01 Apr 2024 00:00:00 GMT

April 22, 2024—Service Gateway Firmware Version 3.0.7 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update supports the following virtual appliance specifications:
- 12 cores CPU, 16 GB memory, 500 GB storage
- 8 cores CPU, 12 GB memory, 200 GB storage
This update adds an enhancement to support an upcoming new service.
This update adds a bug fix for network issues caused by dual network cards.

Cloud Risk Management to Support New Public APIs

Tue, 02 Apr 2024 00:00:00 GMT

March 28, 2024—Accounts and Template Scanner Public APIs for Cloud Risk Management now available on TrendAI Vision One™ Automation Center. See the Automation Center for more information.

TrendAI Vision One supports multi-factor authentication for console sign in and critical actions

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—For customers that have updated to the Foundation Services release, TrendAI Vision One™ now offers the option to enable multi-factor authentication (MFA) for enhanced security. With MFA, users are required to provide multiple forms of verification before they can sign in to the console or perform response or IAM actions.

For more information, see Enable and configure multi-factor authentication.

Administration → User Accounts

TrendAI Vision One File Security now available

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—TrendAI Vision One™ File Security is a scanning service that can detect all types of malicious software (malware) including trojans, ransomware, spyware, and more.

File Security offers the following features and enhancements:

Feature	Description
File Security Storage	File Security Storage provides anti-malware scanning on files in cloud storage services such as Amazon Web Services (AWS). This means you can integrate automated scanning into your continuous integration and continuous delivery and deployment (CI/CD) pipeline. Then effortlessly detect all types of malware including viruses, trojans, spyware, and more. For more information, see File Security Storage.
Enable Predictive Machine Learning (PML)	TrendAI™ Predictive Machine Learning (PML) uses advanced machine learning technology to correlate threat information and perform in-depth file analysis. You can enable PML in File Security SDK using command line parameters. For more information, see Predictive Machine Learning in File Security.
Unlimited file size	You can now scan any size file. Previously, the file size limit was 1 GB.
Credit usage	File Security now requires credits to perform file scans. For more information, see Credit requirements for TrendAI Vision One™ solutions.
Enhanced region support	File Security now supports `ap-south-1`.

Cloud Security → File Security

Network Security supported in Executive Dashboard Security Configuration

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—The Security Configuration index now supports Virtual Network Sensor visibility in the Network Security tab. You can view sensor deployment status and key feature adoption rate. For sensors not configured as expected, click the displayed number of sensors to drill down to the Reports app and generate reports with detailed information.

Cyber Risk Exposure Management → Cyber Risk Overview

Claroty xDome supported as a new data source for Cyber Risk Exposure Management

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—You may now integrate Claroty xDome as a data source in Cyber Risk Exposure Management to gain access to device information and vulnerabilities detected by Medigate. Connect your Claroty xDome account in Data Sources.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Accept reported risk events

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—In addition to the Dismissed and Remediated statuses, an Accepted status is now available for reported risk events in Threat and Exposure Management. Marking a risk event as Accepted indicates that you acknowledge the risk but are unable to remediate or mitigate it at this time. Risk events marked as Accepted still contribute to your Risk Index. Create accepted risk event rules when marking a risk event as Accepted to mark all current and future instances of the risk event as Accepted within a specified time period.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Forensics now supports multi-factor authentication

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—You can now request multi-factor authentication for evidence collection, osquery, and YARA rule scans in the Forensics app.

Agentic SIEM & XDR → Forensics

Forensics risk score for endpoints

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—The Forensics app now includes risk scores from Cyber Risk Exposure Management. Forensic investigators can prioritize endpoints with high risk scores when adding endpoints in a workspace. Once added, each endpoint risk score has a Detailed Profile for further investigation.

Agentic SIEM & XDR → Forensics

Multi-factor authentication now available for certain critical actions in Security Playbooks

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—In order to increase the security of critical action use, you can now enable multi-factor authentication (MFA) for security playbooks operations. With MFA, users are required to provide multiple forms of verification before they can create, edit, or delete playbooks, approve pending actions, manually execute playbooks from either Security Playbooks or Workbench, or upload a new custom script from Security Playbooks. You can configure MFA settings in the User Accounts app.

For more information, see Enable and configure multi-factor authentication.

Workflow and Automation → Security Playbooks

Multi-factor authentication now available for certain response actions

Mon, 08 Apr 2024 00:00:00 GMT

April 8, 2024—In order to increase the security of critical action use, you can now enable multi-factor authentication (MFA) as a requirement to run certain response actions, including Collect File, Run Remote Custom Script, Start Remote Shell Session, and Submit for Sandbox Analysis, as well as to add a new custom script in Response Management. You can configure MFA settings in the User Accounts app.

For more information, see Enable and configure multi-factor authentication.

Workflow and Automation → Response Management

Data for internet-facing assets now updated more frequently

Mon, 15 Apr 2024 00:00:00 GMT

April 15, 2022—Thanks to several backend improvements, data for your internet-facing assets are now updated more often. The increased update frequency allows you to better assess your attack surface in Attack Surface Discovery, particularly after removing domains and IP addresses and renewing certificates, and improves the accuracy of risk events created in Threat and Exposure Management. For more information, see Internet-Facing Assets.

Cyber Risk Exposure Management → Attack Surface Discovery

Configure response action time-out settings

Tue, 16 Apr 2024 00:00:00 GMT

April 16, 2024—You can now specify the time-out setting for endpoint response actions. If left unspecified, the default setting is used. For more information, see Response Management settings.

Workflow and Automation → Response Management

Cloud Email and Collaboration Protection launches Correlated Intelligence for email threat detection

Fri, 19 Apr 2024 00:00:00 GMT

April 19, 2024—Cloud Email and Collaboration Protection launches the Correlated Intelligence feature that can correlate the suspicious signals found across different engines (such as Advanced Spam Protection, Web Reputation) to enrich threat detection for email services. With Correlated Intelligence capabilities, Cloud Email and Collaboration Protection also provide the reasons why an email is detected as a threat.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Email and Collaboration Protection supports quishing detection for PDF attachments

Fri, 19 Apr 2024 00:00:00 GMT

April 19, 2024—Cloud Email and Collaboration Protection supports scanning QR codes in PDF files attached to emails to detect suspicious URLs. QR code scanning already supports attachments in the format of WEBP, JPG, PNG, BMP, TIFF, or GIF.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Quishing detection widgets available in Cloud Email and Collaboration Protection

Fri, 19 Apr 2024 00:00:00 GMT

April 19, 2024—Cloud Email and Collaboration Protection displays quishing detection data in the Threat Detection dashboard for you to understand the QR code-based phishing email detections in your environment, including the quishing detections by email service, top 5 quishing email senders, top 5 quishing email recipients, and quishing detections by content type.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Email Gateway Protection provides granular log search for IP block list matching

Fri, 19 Apr 2024 00:00:00 GMT

April 19, 2024—When searching the mail tracking logs for mail traffic blocked due to IP block list matching, Cloud Email Gateway Protection allows you to conduct more granular search by separately filtering for sender IPs found in the Blocked IP Address list and the Blocked Country/Region list.

Email and Collaboration Security → Cloud Email Gateway Protection

Cloud Email Gateway Protection supports X-Header insertion for messages matching scan exceptions

Fri, 19 Apr 2024 00:00:00 GMT

April 19, 2024—Cloud Email Gateway Protection allows you to leverage the action "Insert X-Header" for messages matching scan exceptions in virus scan to meet your specific needs, for example, identify the specific scan exception for subsequent processing.

Email and Collaboration Security → Cloud Email Gateway Protection

Zero Trust Secure Access On-premises Gateway Version 1.0.40

Mon, 22 Apr 2024 00:00:00 GMT

April 22, 2024—ZTSA On-Premises Gateway Version 1.0.40 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancement

Adopted Rocky Linux (v9) based container image for On-premises Gateway

Assess language packages in ECR images for vulnerabilities

Mon, 22 Apr 2024 00:00:00 GMT

April 22, 2024—the Vulnerability Assessment service available in Cyber Risk Exposure Management now supports scanning language packages used in your ECR container images. For information on supported languages, see Vulnerability Assessment supported language packages.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Threat and Exposure Management Weekly Digest terminated

Mon, 22 Apr 2024 00:00:00 GMT

April 22, 2024—Threat and Exposure Management Weekly Digest has been terminated for subscribers, and the subscription entry for the weekly digest has been removed from Notifications. Former subscribers can now receive n automatically generated weekly report based on the Risk Factors template, providing a detailed picture of current organization risks. Settings for the weekly report can be managed in the Reports app.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Custom filter query strings can now include regex for higher detection precision

Mon, 22 Apr 2024 00:00:00 GMT

April 22, 2024—You can now create and import custom filter queries including regex in Detection Model Management. For more information, see Using regex in custom filters.

Agentic SIEM and XDR → Detection Model Management

Trend Threat Intelligence Feed is now available

Mon, 29 Apr 2024 00:00:00 GMT

April 29, 2024— Trend Threat Intelligence Feed continuously provides up-to-date information about emerging threats and threat actors. Leveraging the feed via API into your existing security infrastructure allows your organization to stay one step ahead of cyber threats and maintain a robust and adaptive security environment.

For more information, see Threat Intelligence Feed.

Service Gateway: Forward Proxy Service Version 2.0.1

Wed, 01 May 2024 00:00:00 GMT

May 6, 2024—Service Gateway Forward Proxy Service Version 2.0.1 includes enhancements, bug fixes, and security updates for the forward proxy service hosted on Service Gateway appliances.

This update includes the following changes:

This update migrates the operating system of Forward Proxy Service containers from CentOS 7.9 to Rocky Linux 9.3 to avoid vulnerability patching issues related to the deprecation of CentOS.

Service Gateway: Generic Caching Service 1.0.1

Wed, 01 May 2024 00:00:00 GMT

May 6, 2024—Service Gateway Generic Caching Service Version 1.0.1 includes enhancements, bug fixes, and security updates for the Generic Caching Service hosted on Service Gateway appliances.

This update includes the following changes:

This update adds an internal enhancement for connections.

Virtual Network Sensor version 1.0.1286

Wed, 01 May 2024 00:00:00 GMT

May 27, 2024—Virtual Network Sensor version 1.0.1286 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update enhances telemetry collection.

Service Gateway: Local ActiveUpdate Service Version 3.0.5

Wed, 01 May 2024 00:00:00 GMT

May 13, 2024—Service Gateway Local ActiveUpdate Service Version 3.0.5 includes enhancements, bug fixes, and security updates for the ActiveUpdate service hosted on Service Gateway appliances.

This update includes the following changes:

This update introduces the capability for XES to update patterns directly through the ActiveUpdate service.

Service Gateway Firmware Version 3.0.8

Wed, 01 May 2024 00:00:00 GMT

May 13, 2024—Service Gateway Firmware Version 3.0.8 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update introduces enhancements to the audit logs of Service Gateway virtual appliances.
This update adds a new CLISH command to roll back the Service Gateway to the last version.
This update addresses the security vulnerability CVE-2023-22652, which is a critical buffer overflow vulnerability in the libeconf library.

Zero Trust Secure Access On-premises Gateway Version 1.0.41

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—ZTSA On-Premises Gateway Version 1.0.41 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancement

Enhanced health check mechanism for the On-premises Gateway

CloudTrail log monitoring now supports deployment in AWS Control Tower environments

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024 - The "Cloud Detections for AWS CloudTrail” feature under Vision One - XDR for Cloud has released a new template which supports deployment in multi-account AWS Control Tower environments.

To enable CloudTrail log monitoring for Control Tower, see Enable Cloud Detections for Control Tower (Log Archive account).

Cloud Security → Cloud Accounts

Network Security has been reorganized

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—The Monitoring/Scanning and Network Resources screen are now accessible from the navigation pane. Go to Network Security → Network Analysis Configuration and choose Monitoring / Scanning or Network Resources.

Network Security → Network Analysis Configuration → Monitoring / Scanning

Network Security → Network Analysis Configuration → Network Resources

Cloud Risk Management Assessment officially released

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—Cloud Risk Management Assessment is out of preview and now officially available. This feature is free for all TrendAI Vision One™ users, allowing you to scan your cloud assets and accounts—including AWS accounts, Azure subscriptions, and Google Cloud projects—against widely recognized standards and frameworks.

For more information, see Cloud Risk Management Assessment.

Assessment → Cyber Risk Assessment

Container Security proxy support for ECS instances

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—Container Security now supports proxy for Amazon ECS instances, providing a secure way to connect to TrendAI Vision One™.

Cloud Security → Container Security

Network Sensor for TippingPoint available for pre-release preview

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—Network Sensor for TippingPoint is now available for pre-release preview. The feature can be enabled on supported TippingPoint TXE-series appliances in Network Inventory.

Network Sensor for TippingPoint TXE-series appliances combines network intrusion detection prevention capabilities with in-depth visibility for unknown and targeted attacks even into encrypted network traffic. Combined with TrendAI Vision One™ detection and response capabilities, Network Sensor for TippingPoint helps create a complete network intrusion prevention solution.

Network Security → Network Inventory → TippingPoint.

Get increased visibility into Risk Index fluctuations

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—View daily point increases and decreases of the Risk Index along with contributing risk factors now by hovering on the Risk Index graph in Cyber Risk Overview. Coming in June, clicking through to Threat and Exposure Management will take you to in-depth details on daily contributing risk events. Details now available for the Risk Index in Cyber Risk Overview include a breakdown of the points each risk factor has added or subtracted from the Risk Index since the previous day. In June, you may view all daily contributing risk events, including those that were resolved or mitigated, organized by risk factor. Use the detailed information provided to better understand your security posture and help prioritize risks in your environment.

Cyber Risk Exposure Management → Cyber Risk Overview

Assess vulnerabilities in Red Hat Enterprise Linux modules and containers

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—Vulnerability Assessment enhancements now allow the service to collect information on Red Hat Enterprise Linux 8 modules and Red Hat Enterprise Linux 9 containers. The expanded capabilities enable more comprehensive visibility and granular analysis, strengthening your container security and allowing you to more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Custom models now support Identity and Access Activity Data

Mon, 06 May 2024 00:00:00 GMT

May 6, 2024—You can now create custom models that include filters for Identity and Access Activity Data in Detection Model Management.

For more information, see Configure a custom model.

Agentic SIEM and XDR → Detection Model Management

Cloud Risk Management to support Real-Time Posture Monitoring for AWS Accounts

Wed, 08 May 2024 00:00:00 GMT

May 8, 2024—Cloud Risk Management now supports Real-Time Posture Monitoring previously titled Real-Time Threat Monitoring (RTM) for AWS accounts connected through the Cloud Accounts app. You can enable Real-Time Posture Monitoring while connecting a new AWS account and organization or turn the feature on for existing AWS accounts or organizations.

Cloud Security → Cloud Accounts → AWS

TrendAI Vision One - Companion now supported in Observed Attack Techniques

Wed, 08 May 2024 00:00:00 GMT

May 8, 2024—Gain a better understanding of the events and executed commands detected in Observed Attack Techniques with the help of TrendAI Vision One™ - Companion.

For more information, see Observed Attack Techniques.

Agentic SIEM and XDR → Observed Attack Techniques

Network Security now supports direct synchronization of Suspicious Objects with Deep Discovery Inspector

Mon, 13 May 2024 00:00:00 GMT

May 13, 2024—Connecting to Network Security allows Deep Discovery Inspector version 6.7 SP1 and later to synchronization the Suspicious Object List directly with TrendAI Vision One™. The Suspicious Object List Synchronization service is no longer required to be enabled on your Service Gateway when connecting as a proxy or using the Service Gateway as a service source.

Network Security → Network Inventory

Campaign Intelligence has been updated to Threat Insights

Mon, 13 May 2024 00:00:00 GMT

May 13, 2024—Threat Intelligence Hub offers the following new features:

CVE threat intelligence: Search all trending curated CVEs that are enriched with comprehensive content.
Threat categorization: Enhance the relevance of threat intelligence to your security environment by viewing emerging threats and threat actors in separate tabs.
XDR & Cyber Risk Exposure Management synergy: Leverage threat intelligence gathered from various TrendAI Vision One™ apps for a more comprehensive look at how emerging threats and threat actors may affect your own environment.

For more information, see Threat Intelligence Hub.

Threat Intelligence → Threat Intelligence Hub

Zero Trust Secure Access adds PoP site in AWS Spain region

Mon, 20 May 2024 00:00:00 GMT

May 20, 2024—Zero Trust Secure Access Internet Access now offers support for the AWS Europe (Spain) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Risk Event Response playbooks available

Mon, 20 May 2024 00:00:00 GMT

May 20, 2024—Security Playbooks now includes Risk Event Response playbooks, a new feature designed to help you respond to new and ongoing risk events detected in your environment. You can set up the playbooks to respond to or send notifications about the risk events associated with all risk factors identified in Threat and Exposure Management, with the exception of XDR detection. For XDR detection related risk events, configure Automated Response Playbooks to enable automatic actions in response to high-priority alerts in Workbench.

For more information, see Manually create Risk Event Response playbooks.

Workflow and Automation → Security Playbooks

Asset Visibility Management expanded to include more asset types

Tue, 21 May 2024 00:00:00 GMT

May 21, 2024—TrendAI Vision One™ now extends its robust asset visibility capabilities to include more comprehensive data asset support. This update introduces more data asset types, including more network and cloud assets, as well as message data. Building on the existing management scope for endpoints, containers, mobile devices, accounts, unmanaged devices, Private Access Connectors and Internet Access Gateways, and web gateways, the latest update ensures that all critical data points are covered, providing a holistic view of the organization's asset landscape. This enhancement is particularly beneficial for large enterprises that require detailed, segmented visibility to manage multiple regions or teams effectively.

For more information, see Add an asset visibility scope.

Service Management → Asset Visibility Management

Simplified risk overviews in Cyber Risk Overview

Mon, 27 May 2024 00:00:00 GMT

May 27, 2024—To facilitate a higher-level overview, the Exposure, Attack, and Security Configuration Overview tabs in Cyber Risk Overview have been simplified to display current risk levels and risk scores for each category. In Risk Overview, view each category's contribution to the Risk Index at a glance, and get additional information about contributing risk factors and events from Risk Event Overview. Go to the tab for each risk category to quickly view the category's current risk level, and see contributing risk factors to more quickly prioritize risk reduction actions.

Cyber Risk Exposure Management → Cyber Risk Overview

Two-way sync supported between Case Management and ServiceNow

Mon, 27 May 2024 00:00:00 GMT

May 27, 2024—Case Management now supports two-way sync of case status and priority changes with ServiceNow.

For more information, see Configure ServiceNow ITSM to enable TrendAI Vision One™ for ServiceNow ticketing system.

Workflow and Automation → Case Management

Identity Posture now available in public preview

Tue, 28 May 2024 00:00:00 GMT

May 28, 2024—Identity Posture, part of the Identity Security app group, is now in public preview. Discover enhanced identity management plus monitoring, reporting, and security controls. Protect your organization's identity infrastructure with the help of detailed information on identity attack surface, identity behaviors, attack detections, and more. For more information, see Identity Security Posture.

Identity Security → Identity Security Posture

Intrusion Prevention Configuration enhanced support for multiple SMS devices

Fri, 31 May 2024 00:00:00 GMT

May 31, 2024—Customers can select which connected TippingPoint SMS to display for policy recommendations and configuration. Intrusion Prevention Configuration is supported on all connected SMS appliances. Information and policy tuning options for the SMS you select is displayed on the Policy Recommendations page.

For more information, see Intrusion Prevention Configuration.

Network Security → Intrusion Prevention Configuration

Runtime Proxy Settings for Endpoint Security enables customizable proxy policies for endpoints

Fri, 31 May 2024 00:00:00 GMT

May 31, 2024—Endpoint Security now includes Runtime Proxy Settings, enabling the ability to create and manage proxy policies with detailed settings which can be applied to different endpoint groups.

Runtime Proxy Policies allow you to assign endpoint groups to connect to specific Service Gateways or different third-party proxies based on the needs of your environment. Additionally, you can now separately configure proxies for use during agent deployment and installation.

Endpoint Security → Endpoint Inventory

Service Gateway: Forward Proxy Service Version 2.0.2

Sat, 01 Jun 2024 00:00:00 GMT

June 4, 2024—Service Gateway Forward Proxy Service Version 2.0.2 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds a bug fix for the failure to show all connected products.

Service Gateway: Smart Protection Services Version 2.0.3

Sat, 01 Jun 2024 00:00:00 GMT

June 17, 2024—Service Gateway Smart Protection Services Version 2.0.3 includes enhancements, bug fixes, and security updates for Smart Protection Services hosted on Service Gateway appliances.

This update includes the following changes:

This update adds a bug fix for the failure to show all connected products.
This update adds an internal enhancement to support updated ActiveUpdate pattern versions.

Service Gateway Firmware Version 3.0.9

Sat, 01 Jun 2024 00:00:00 GMT

June 17, 2024—Service Gateway Firmware Version 3.0.9 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update includes support for server load balancing on Service Gateway appliances by leveraging Direct Server Return (DSR).
This update provides a CLI command to check FQDN accessibility from the Service Gateway appliance.
This update allows up to 5 NTP servers to be configured in the Service Gateway appliance.

Zero Trust Secure Access On-premises Gateway Version 1.0.43

Mon, 03 Jun 2024 00:00:00 GMT

June 3, 2024—ZTSA On-Premises Gateway Version 1.0.43 provides enhanced security and connectivity features.

This update includes the following changes:

New feature

IP Address groups can now be used in on-premise gateways. This allows the bypassing of authentication and bandwidth controls.

Integrate multiple MDM solutions with Mobile Security

Mon, 03 Jun 2024 00:00:00 GMT

June 3, 2024—Mobile Security now supports integration with up to five separate third-party mobile device management (MDM) solutions. To increase visibility over your managed mobile devices, integrate additional MDM solutions by going to the MDM integration settings in Mobile Inventory and clicking Add MDM Solution.

Mobile Security → Mobile Inventory

CIS Amazon EKS benchmark scanning now available

Mon, 03 Jun 2024 00:00:00 GMT

June 12, 2024—With TrendAI Vision One™ – Container Security, compliance scanning with CIS benchmarks in your EKS clusters is seamless. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your Kubernetes security posture.

To learn more, see Compliance.

Cloud Security → Container Security

Send to sandbox feature now available for Virtual Network Sensor

Mon, 03 Jun 2024 00:00:00 GMT

June 3, 2024—The Virtual Network Sensor now supports automatically submitting file objects to a virtual sandbox for analysis as a pre-release feature.

The "send to sandbox" feature can be enabled from the Network Inventory screen, with the analysis report available to view in the Sandbox Analysis app. File objects submitted by the Virtual Network Sensor to the sandbox using this feature do not require credits to use during the pre-release period.

Network Security → Network Inventory

Connect your Google Cloud Identity tenants as data sources in Cyber Risk Exposure Management

Mon, 03 Jun 2024 00:00:00 GMT

June 3, 2024—You can now connect your Google Cloud Identity tenants as data sources in Attack Surface Risk Management. Use the new source to gain better visibility into user and group data, user activity data, and potential account misconfigurations. For more information, see Configure Cyber Risk Exposure Management data sources.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Mean Time to Patch (MTTP) and Average Unpatched Time (AUT) widgets available in Security Dashboard

Mon, 03 Jun 2024 00:00:00 GMT

June 3, 2024—The Mean Time to Patch (MTTP) and Average Unpatched Time (AUT) widgets in Cyber Risk Overview are now also available in Security Dashboard. Add the widgets to your custom dashboard to get a better picture of your overall vulnerability management status. More detailed information from Threat and Exposure Management can be found by clicking Go to app in each widget.

Dashboards and Reports → Dashboards

Service Gateway: Syslog Connector (On-Premises) Version 1.0.5

Tue, 04 Jun 2024 00:00:00 GMT

March 13, 2023—Service Gateway: Syslog Connector (On-Premises) Version 1.0.5 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds the function to send alerts to the syslog server after a successful connection test.
This update supports using base64 encoding within fields of the Observed Attack Techniques log.

Some features may not be available in all regions or on all Service Gateway appliances.

Automated Response Playbooks support IP address conditions

Tue, 04 Jun 2024 00:00:00 GMT

June 4, 2024—Automated Response Playbooks are enhanced to include IP address as a condition in playbook settings in addition to Highlighted object risk. With this enhancement, the playbooks can filter highlighted objects with their source IP address, destination IP address, peer IP address, and interested IP address, enabling more targeted response actions.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Agentless Vulnerability and Threat Detection stack enhancements

Mon, 10 Jun 2024 00:00:00 GMT

June 10, 2024—Agentless Vulnerability & Threat Detection now includes the following enhancements:

The Agentless Vulnerability stack has been split into common and agentless components, which reduces the quantity of IAM roles and policies required.
The deployed stack now has two version values, which are tracked separately.
To reduce costs, CloudWatch lambda log groups now have ERROR level logging, and scan failures are optimized to reduce unnecessary retry count.
Resolved an issue in which CloudWatch log groups could not be deleted after uninstalling.

When you upgrade to the new release, the contents of the agentless S3 buckets, including intermediate results, and s3 access logs, will be deleted. This has no impact on any scan results already send to Vision One. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Configure response action approval settings

Wed, 12 Jun 2024 00:00:00 GMT

June 12, 2024—You can now configure approval settings for specified response actions in the Response Management app.

The approval settings you configure in the Response Management app do not affect those configured in the Managed Services or Security Playbooks app.

For more information, see Response Management settings.

Workflow and Automation → Response Management

Agentless Vulnerability and Threat Detection available in AWS UAE region

Thu, 13 Jun 2024 00:00:00 GMT

June 13, 2024—Users of cloud services may now enable Agentless Vulnerability and Threat Detection (AVTD) from the AWS UAE region (me-central-1). Use the feature to conduct vulnerability scans on EBS volumes attached to EC2 instances as well as ECR images, and get greater visibility into your cloud asset-related security posture.

Cloud Security → Cloud Accounts → AWS

Zero Trust Secure Access On-premises Gateway Version 1.0.44

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—ZTSA On-Premises Gateway Version 1.0.44 provides enhanced security and connectivity features.

This update includes the following changes:

New feature

Suppports AI Service Access for public GenAI/LLM services protection

Scanner Configuration for Agentless Vulnerability & Threat Detection

Mon, 17 Jun 2024 00:00:00 GMT

June 18, 2024—The scanner configuration feature for Agentless Vulnerability & Threat Detection settings in Cloud Accounts lets you select the resource types to include in your scans. Three resource types are available for AWS accounts: Elastic Block Store (EBS), Elastic Container Registry (ECR), and AWS Lambda.

For more information, see AWS features and permissions.

Cloud Accounts now supports ingestion of AWS Virtual Private Cloud (VPC) flow logs

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—Enable this feature to gather VPC flow logs from your AWS account for XDR analysis in the Search app. Flow logs are enhanced with asset meta data and noise is removed, delivering broader visibility into asset connectivity with suspicious IP addresses and anomalous behaviors.

For more information, see AWS features and permissions.

Cloud Security → Cloud Accounts

Agentic SIEM and XDR → XDR Data Explorer

Introducing AI Service Access from Zero Trust Secure Access

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—Secure user access to public generative AI services through AI Service Access. Prevent sensitive data leakage, prompt injection, and more while allowing your users to take advantage of AI capabilities. Enable AI Service Access and get centralized management of public AI service usage in your organization, advanced content filtering to ensure you meet compliance requirements, and keep malicious responses from affecting your environment. Go to Zero Trust Secure Access → Secure Access Overview to deploy the feature.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

View device hardware information in device asset profiles

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—Device asset profiles in Attack Surface Discovery are now able to display discovered basic hardware specifications such as manufacturer, model, CPU, RAM, and disk size. Find discovered details under the basic category within the device asset profile.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Mark vulnerability risk events as dismissed, accepted, or remediated

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—As with risk events in other risk factors, you may now mark events in the vulnerabilities risk factor as remediated, dismissed, or accepted. The new workflow helps streamline the process of managing risk events and CVEs. To learn more about the statuses, see Risk assessment.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

More details on daily Risk Index fluctuation now available in Threat and Exposure Management

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—Detailed data on daily Risk Index fluctuations, including contributing risk factors, risk events, and assets, is now available in Threat and Exposure Management. Hover over the Risk Index graph and click View daily risk events to see the point change from the previous day and a breakdown of how many points each risk factor contributed to the change. Drill down to see individual risk events and a detailed daily timeline showing expired, new, remediated, and dismissed event instances.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Support for SUSE Linux added to Vulnerability Assessment

Mon, 17 Jun 2024 00:00:00 GMT

June 17, 2024—Vulnerability assessment has been enhanced to support SUSE Linux Enterprise Server 12 and SUSE Linux Enterprise Server 15. The newly supported systems enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks. For more information, see Vulnerability Assessment supported operating systems.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

More granular analysis results for DMARC reports available in Cloud Email Gateway Protection

Wed, 19 Jun 2024 00:00:00 GMT

June 19, 2024—Cloud Email Gateway Protection allows you to view your DMARC report data by sending source, including email service, hostname, and IP address. Besides, the solution now presents more details from raw DMARC reports in a readable format, enabling you to quickly drill down and identify the threats.

Email and Collaboration Security → Cloud Email Gateway Protection

Notification enhancement in Cloud Email Gateway Protection

Wed, 19 Jun 2024 00:00:00 GMT

June 19, 2024—Cloud Email Gateway Protection now supports HTML format for system notifications. You can select either predefined or custom style for HTML notifications.

Email and Collaboration Security → Cloud Email Gateway Protection

Cloud Email Gateway Protection supports quishing detection for PDF attachments

Wed, 19 Jun 2024 00:00:00 GMT

April 19, 2024—In addition to detect quishing by scanning the QR code images attached or in the email body, Cloud Email Gateway Protection now supports quishing detection for PDF attachments after you have enabled submission of suspicious files with QR codes to Virtual Analyzer.

Email and Collaboration Security → Cloud Email Gateway Protection

Transfer ownership of the Primary User Account

Wed, 19 Jun 2024 00:00:00 GMT

June 19, 2024—TrendAI Vision One™ now supports the transfer of the Primary User Account to a local account within the same business.

This feature is accessible to all customers, whether or not they have updated to the Foundation Services release.

For more information, see Transferring ownership of the Primary User Account.

Administration → User Accounts

TrendAI Vision One - Companion now explains Observed Attack Techniques events

Wed, 19 Jun 2024 00:00:00 GMT

June 19, 2024—Gain a better understanding of the Observed Attack Techniques events detected in your environment with the help of TrendAI Vision One™ - Companion.

For more information, see TrendAI™ Companion.

Agentic SIEM and XDR → Observed Attack Techniques

Support for moving user-reported emails to Junk Email folder in Cloud Email and Collaboration Protection

Fri, 21 Jun 2024 00:00:00 GMT

June 21, 2024—To help automatically removing emails from end users' inboxes that they have reported as spam or phishing through the Cloud Email and Collaboration Protection add-in for Outlook, Cloud Email and Collaboration Protection now provides the option to move these emails to the end users' Junk Email folder.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Anomaly detection by Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 21 Jun 2024 00:00:00 GMT

June 21, 2024—In addition to detecting security risks, Correlated Intelligence in Cloud Email and Collaboration Protection now supports detecting anomalies that deviate from normal behaviors and may require your attention. Cloud Email and Collaboration Protection also provides visibility of anomaly detections, which allows you to have a more comprehensive view of your security landscape.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Official release of Gmail (Inline Mode) in Cloud Email and Collaboration Protection

Fri, 21 Jun 2024 00:00:00 GMT

June 21, 2024—Cloud Email and Collaboration Protection officially launches Inline Protection for Gmail to scan inbound and outbound emails before they are delivered to their destinations, with no MX record change required. This protection mode blocks threats before they can reach your users' mailboxes and prevents data leakage before it actually takes place.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Classic scheduled reports accessible in Cloud Email and Collaboration Protection

Fri, 21 Jun 2024 00:00:00 GMT

June 21, 2024—For customers who have updated to Cloud Email and Collaboration Protection, instead of going to the classic console to view your scheduled reports created there, Cloud Email and Collaboration Protection now enables you to access these reports directly from the TrendAI Vision One™ console.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Approved URL list for Time-of-Click Protection in Cloud Email and Collaboration Protection

Fri, 21 Jun 2024 00:00:00 GMT

June 21, 2024—To prevent URLs from being rewritten by Time-of-Click Protection in Web Reputation, Cloud Email and Collaboration Protection now supports defining a list of URLs that can bypass Time-of-Click Protection.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Risk Management Terraform Template Scanner Now Supports the Cloud Formation Template Scanner Resources

Mon, 24 Jun 2024 00:00:00 GMT

June 24, 2024—Cloud Risk Management Terraform Template Scanner (TS) is now Generally Available with parity of coverage of the following resource types with Cloud Formation Template Scanner:

Autoscaling Group
CF Stack
CloudTrail
Kinesis Stream
Lambda Function
SNS Topic
SQS Queue
API Gateway RestAPI
ELBv2
ES Domain
Workspaces
ELB Classic
Redshift Cluster
EMR Cluster
ElacticCache
EFS File System

Secret scanning is now available in Container Security

Tue, 25 Jun 2024 00:00:00 GMT

June 25, 2024—Container Security now supports secret scanning for container images. Secret scanning identifies sensitive and confidential data, such as passwords and API keys, that have inadvertently been publicly exposed. You can define whether to allow images to be deployed based on their scan results and configure the validity period of scan results.

Cloud Security → Container Security

New detailed view in Case Management

Wed, 26 Jun 2024 00:00:00 GMT

June 26, 2024—Case Management now offers a detailed view of each case, allowing you to retrieve your case information and track progress easily.

The new detailed view includes:

Case activity.
Notes and comments.
Attachments.
Execution results from Security Playbooks.

For more information, see Case Management.

Workflow and Automation → Case Management

Scan for malware and secrets in Artifact Scanner

Thu, 27 Jun 2024 00:00:00 GMT

June 27, 2024—TrendAI™ Artifact Scanner (TMAS) now supports artifact scanning for malware and secrets. This helps to identify and manage sensitive and confidential data that might have been inadvertently exposed, like passwords and API keys. You can also integrate TMAS secret scan results with TrendAI Vision One™ - Container Security runtime policies to prevent secrets from reaching production environments.

For more information, see Artifact Scanner CLI.

Cloud Security → Container Security

Expanded search & filtering for Container Protection vulnerabilities

Thu, 27 Jun 2024 00:00:00 GMT

June 25, 2024 – Container Protection's Vulnerabilities tab now features advanced search capabilities and enhanced data presentation, including the addition of 'Image Name' and 'CVSS Score' in the Detail View. Streamline your security analysis with expanded filters like fuzzy matching, multi-select dropdowns, and time range selections, all sortable by severity and time metrics.

Cloud Security → Container Security

Advanced search and filtering for Container Protection events

Thu, 27 Jun 2024 00:00:00 GMT

June 25, 2024 – Container Protection’s Events tab now features comprehensive search and filtering enhancements, allowing you to filter by action, operation, kind, and mitigation, and includes fuzzy matching for policies and namespaces. Experience new controls with multi-select options for cluster names and a custom time range feature to optimize your workflow across Deployment/Continuous, Kubernetes Runtime, and ECS Runtime environments.

Cloud Security → Container Security

Virtual Network Sensor version 1.0.1316

Mon, 01 Jul 2024 00:00:00 GMT

July 15, 2024—Virtual Network Sensor version 1.0.1316 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

This update adds support for deploying on the Nutanix AHV platform.
This update adds support for deploying on the Google Cloud platform.
This update upgrades the firmware platform to address vulnerabilities.

Service Gateway Firmware Version 3.0.10

Mon, 01 Jul 2024 00:00:00 GMT

July 15, 2024—Service Gateway Firmware Version 3.0.10 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update fixes the OpenSSH vulnerability CVE-2024-6387.
This update adds support for exclamation marks when setting passwords for the custom proxy using CLISH commands.
This update automatically disables Cloud Service Extension if Forward Proxy Service is detected to be running improperly after enabling Cloud Service Extension.

Google Cloud Identity integration official release

Mon, 01 Jul 2024 00:00:00 GMT

July 1, 2024—Google Cloud Identity integration with TrendAI Vision One™ is now officially available. Seamlessly integrate with Google Cloud Identity to enhance your security visibility and response with streamlined access, management, and risk. Go to Workflow and Automation → Third-Party Integrations to set up the integration.

For more information, see Google Cloud Identity integration.

Workflow and Automation → Third-Party Integrations

Service Gateway: Forward Proxy Service Version 2.0.3

Mon, 01 Jul 2024 00:00:00 GMT

July 1, 2024—Service Gateway Forward Proxy Service Version 2.0.3 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds a bug fix for the null pointer exception and uses the default DNS server configured in the Service Gateway appliance during DNS resolution.

Identity Inventory available in private preview

Mon, 01 Jul 2024 00:00:00 GMT

July 1, 2024—As part of the Identity Security app group, Identity Inventory offers comprehensive identity tracking and management features for both human and non-human identities as well as assigned entitlements and privileges. View summaries of groups, roles, and devices registered with your identity provider, and see the current status of passwords and conditional access certificates to ensure your security practices are up to date. To get started, grant read and write permissions to your Microsoft Entra ID tenant in Third-Party Integrations.

Identity Security → Identity Inventory

Enable runtime security and runtime scanning on multiple ECS clusters

Mon, 01 Jul 2024 00:00:00 GMT

July 1, 2024 – To improve the ECS cluster management in your AWS environment, TrendAI Vision One™ Container Inventory now allows you to enable or disable runtime security and runtime scanning on multiple Amazon ECS clusters.

For more information, see Inventory/Overview.

Cloud Security → Container Security

Custom filters now support AWS Virtual Private Cloud flow logs

Mon, 01 Jul 2024 00:00:00 GMT

July 1, 2024—Custom detection filters now support AWS VPC flow log activity under the CLOUD_ACTIVITY event type and the VPC_ACTIVITY_LOG event ID.

For more information, see Network activity data sources and Cloud activity data sources.

Agentic SIEM and XDR → Detection Model Management

Container Security now provides Terraform support

Thu, 04 Jul 2024 00:00:00 GMT

July 4, 2024 – Container Security now supports asset configuration and management with Terraform. For details, see the Vision One provider in the Terraform registry.

Cloud Security → Container Security

Container Inventory now features Filter, Search, and page view

Thu, 04 Jul 2024 00:00:00 GMT

July 4, 2024—The Container Inventory app now features filter and search functions to streamline the process to locate container services within the table view. Additionally, Container Inventory has implemented a page view, making it easier to navigate the list. These features encompass K8S elements such as Clusters, Nodes, Pods, and Containers, as well as ECS components including Clusters, Services, Tasks, and Containers.

For more information, see Inventory/Overview.

Cloud Security → Container Security

Get visibility into malicious traffic with XDR for Cloud VPC Flow Log Monitoring

Mon, 08 Jul 2024 00:00:00 GMT

July 8, 2024–Threat detection for AWS VPC Flow Logs is now available as a feature of XDR for Cloud. Once VPC flow log monitoring is enabled, TrendAI Vision One™ automatically analyzes the logs for any traffic activity related to suspicious or malicious IP addresses, and also monitors for malicious activity such as brute force attacks, access to sensitive database ports, data exfiltration, and more. Additionally, you can also use VPC flow logs to seep for indicators of compromise (IOCs) via the Threat Intelligence app, leveraging TrendAI™'s threat intelligence feed or imported 3rd-party IOC sources.

To enable VPC flow log monitoring, go to Cloud Security → Cloud Accounts → AWS
To view VPC flow logs, go to Agentic SIEM and XDR → XDR Data Explorer
To view threat detections from VPC flow logs, go to Agentic SIEM and XDR → Workbench

Endpoint Inventory Enhancements

Thu, 11 Jul 2024 00:00:00 GMT

July 11, 2024—You can now customize the table in Endpoint Inventory by adjusting column width and the number of items displayed per page. Your settings are saved automatically for the next time you access Endpoint Inventory.

Endpoint Security → Endpoint Inventory

Add phishing simulations as a data source

Fri, 12 Jul 2024 00:00:00 GMT

July 12, 2024 – You can now add TrendAI Vision One™ Phishing Simulations as a data source in the Threat and Exposure Management, which allows access to breach events from phishing simulations. For more information, see Configurating data sources.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Zero Trust Secure Access On-premises Gateway Version 1.0.46

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—ZTSA On-Premises Gateway Version 1.0.46 provides enhanced security and connectivity features.

This update includes the following changes:

New feature

Authentication proxy service for NTLM/Kerberos authentication supports High Availability with load balancer.
Authentication proxy service for NTLM/Kerberos authentication supports multiple on-premises Active Directory servers as round-robin or failover High Availability.

Enhancement

Enhanced handling of changes in on-premises gateway status: healthy, unhealthy

Virtual Network Sensor supports deployment to Google Cloud

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—The Virtual Network Sensor can now be deployed to your Google Cloud environment.

For more information, see Virtual Network Sensor deployment guides.

Network Security → Network Inventory

Disable Zero Trust Secure Access pop-up notifications in Mac and Windows

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—Users can now turn off Private Access system alerts for blocked access attempts from Secure Access Module settings. While pop-ups are disabled, a complete log of blocked events remains accessible within the module.

Zero Trust Secure Access → Secure access configuration

For more Information, see Secure Access Module deployment.

Zero Trust Secure Access enhanced support for on-premises AD servers

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—The Zero Trust Internet Access On-Premises Gateway service now supports multiple on-premises AD server integrations for NTLMv2 or Kerberos authentication.

Zero Trust Secure Access → Secure Access Configuration → Internet Access Configuration

Nutanix AHV platform now supported for Virtual Network Sensor

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—TrendAI™ Virtual Network Sensor now extends its platform support to include Nutanix AHV.

For more information, see Virtual Network Sensor deployment guides.

Network Security → Network Inventory

Custom Tagging in Attack Surface Discovery

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—Create and use custom tags for your organization’s assets in Attack Surface Discovery for better asset management.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

View and manage IPv6 addresses in Internet-Facing Assets

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—IPv6 addresses are now supported for Public IPs in the Internet-Facing Assets section of Attack Surface Discovery. View discovered IPv6 addresses and add IPv6 addresses belonging to your organization. IPv6 addresses must be added individually—IPv6 ranges are not supported.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Agentless Vulnerability and Threat Detection Lambda support

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—Agentless Vulnerability and Threat Detection supports vulnerability scanning on AWS Lambda functions.

For more information, see Agentless Vulnerability & Threat Detection.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Attack Surface Risk Management extend Vulnerability Assessment support to Oracle Linux

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—Vulnerability Assessment has been enhanced to support Oracle Linux Server 6, Oracle Linux Server 7, Oracle Linux Server 8, and Oracle Linux Server 9. The newly supported distributions enable more granular analysis and improved CVE prioritization. Use the enhancement to strengthen your endpoint security and more effectively prioritize risks.

For more information, see Vulnerability Assessment supported operating systems.

Introducing Security Awareness Training

Mon, 15 Jul 2024 00:00:00 GMT

July 15, 2024—Security Awareness Training is now in public preview as part of the TrendAI Vision One™ platform. Designed to help you create a more resilient and security-conscious workforce while proactively strengthening your organization’s security posture, the app offers two powerful features:

Training Campaigns: Educate your employees on how to best protect their privacy and your valuable assets. Engaging training modules cover essential topics such as password management, suspicious activity identification, and safe internet usage.
Phishing Simulations: Test and enhance your employees' ability to recognize phishing attempts by simulating real-world phishing emails. Evaluate and improve awareness and response to potential threats.

Security Awareness Training training and simulation results impact the Cyber Risk Exposure Management risk score of your assessed users to help you get a better picture of your security posture. Gain insights into the Security Awareness Training levels of your employees, and use the data to identify areas for improvement, tailor your training programs, and define effective plans to enhance security practices within your organization. Empower your workforce with the knowledge necessary to stand as the first line of defense against security breaches.

Cyber Risk Exposure Management → Security Awareness

Server & Workload Protection Agent deployment script now available

Tue, 16 Jul 2024 00:00:00 GMT

July 16, 2024—Endpoint Security now supports deploying the Server & Workload Protection Agent to your endpoints using a deployment script. You can download the script from Endpoint Inventory. For more information, see Deploy agents using the deployment script.

Endpoint Security → Endpoint Inventory

Updated recommendations for Container Security policies and rulesets

Tue, 16 Jul 2024 00:00:00 GMT

July 16, 2024—The recommendations for creating policies and rulesets for Container Security have been updated, including instructions for testing rules that are set to terminate or isolate, and an updated list of rulesets. For more information, see the Business Success portal.

Cloud Security → Container Security

Announcing TMAS v2.0+

Wed, 17 Jul 2024 00:00:00 GMT

July 17, 2024 – Announcing TrendAI™ Artifact Scanner (TMAS) v2.0+ with enhanced support for custom scanner combinations including the newly released secrets scanner. Users can run scanners independently or together, ensuring comprehensive security coverage tailored to their specific needs. This version also provides a more intuitive and standardized result output. For all changes, read WHATS-NEW.md included with the binary.

Cloud Security → Container Security → Container Protection → Artifact Scanner

Endpoint Security Introduces Agent Installer Proxy Settings

Wed, 17 Jul 2024 00:00:00 GMT

July 17, 2024—Endpoint Security introduces Agent Installer Proxy settings, replacing previous proxy settings, to configure proxies for initial agent deployment, installation, and registration to TrendAI Vision One™.

Endpoint Security → Endpoint Inventory

Enable AI App Guard to protect your AI apps and files

Wed, 17 Jul 2024 00:00:00 GMT

July 17, 2024—Standard Endpoint Protection offers AI App Guard, which helps identify suspicious or untrusted programs attempting to modify AI apps and associated files.

For more information, see Event Monitoring.

Endpoint Security → Standard Endpoint Protection → Policies → Policy Management

Custom correlation rules for anomaly detection available in Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 19 Jul 2024 00:00:00 GMT

July 19, 2024 – Besides the TrendAI™ predefined correlation rules, administrators can add custom correlation rules based on predefined detection signals to accommodate anomaly detection requirements in their environment. Administrators can apply custom correlation rules into the Correlated Intelligence security filter of ATP policies for Exchange Online and view details about detected anomalies in the Operations screen.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Access grant enhancement to OneDrive, SharePoint Online, and Microsoft Teams in Cloud Email and Collaboration Protection

Fri, 19 Jul 2024 00:00:00 GMT

July 19, 2024 – For OneDrive, SharePoint Online, and Microsoft Teams, Cloud Email and Collaboration Protection enhances the access grant process to remove dependency on Azure Communication Services, which is scheduled to retire in the future. When granting access to the above-mentioned services, administrators do not need to manually grant Cloud Email and Collaboration Protection permissions to receive notifications from Microsoft upon any change to the files on these services.

This enhancement is not available for the US and EU sites in this release.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Create Security Awareness Training training campaigns targeting at-risk users in Cloud Email and Collaboration Protection

Fri, 19 Jul 2024 00:00:00 GMT

July 19, 2024 – Administrators can now initiate Security Awareness Training campaigns from the following Dashboard widgets to provide training focused specifically on at-risk users: Top 5 Users with Account Takeover Risks, Top 5 High-Risk Email Recipients, and Top 5 Spam and Graymail Recipients. When viewing these users on the widgets, the available operations now include the Create Training Campaign option.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Add to Block List response action available in Cloud Email and Collaboration Protection

Fri, 19 Jul 2024 00:00:00 GMT

July 19, 2024 – Cloud Email and Collaboration Protection offers the Add to Block List response action to the Operations → User-Reported Emails screen. It allows administrators to add senders in the end user-reported emails to the Suspicious Object List of TrendAI Vision One™.

Cloud Email and Collaboration Protection also supports the following account-based response actions on the Top 5 Users with Account Takeover Risks Dashboard widget: Disable User Account, Force Sign Out, Force Password Reset, Add to Block List

Email and Collaboration Security → Cloud Email and Collaboration Protection

Search by action available for URL click tracking logs in Cloud Email and Collaboration Protection

Fri, 19 Jul 2024 00:00:00 GMT

July 19, 2024 – Cloud Email and Collaboration Protection adds a new search criterion (Action: Restricted) in URL click tracking logs. Using this criterion, administrators are able to filter out URLs with actions "Blocked", "Warned and accessed", and "Warned and stopped”.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Restrict API access with authorized IP addresses

Mon, 22 Jul 2024 00:00:00 GMT

July 22, 2024—The API Keys app now enables you to define and manage a list of authorized IP addresses for accessing TrendAI Vision One™ APIs. This enhancement adds an extra layer of security, ensuring that only traffic from trusted sources can access the APIs.

For more information, see API Keys (available to both customers that have updated to the Foundation Services release and those that have not).

Administration → API Keys

Zero Trust Secure Access On-premises Gateway Version 1.0.48

Mon, 29 Jul 2024 00:00:00 GMT

July 29, 2024—ZTSA On-Premises Gateway Version 1.0.48 provides enhanced security and connectivity features.

This update includes the following changes:

New feature

Supports reverse proxy mode in On-Premises Gateway for either private AI Service Access or general internet access.
Supports rate limit in On-Premises Gateway in reverse proxy mode for private AI Service Access

Enhancement

Refines healthy checking logic for On-Premises Gateway

Service Gateway: Local ActiveUpdate Service Version 3.0.7

Thu, 01 Aug 2024 00:00:00 GMT

August 27, 2024—Service Gateway Local ActiveUpdate Service Version 3.0.7 includes enhancements, bug fixes, and security updates for the ActiveUpdate service hosted on Service Gateway appliances.

This update includes the following changes:

This update adds an internal enhancement to reduce replication of SIG files for ActiveUpdate servers.

Service Gateway: Local ActiveUpdate Service Version 3.0.6

Thu, 01 Aug 2024 00:00:00 GMT

August 6, 2024—Service Gateway Local ActiveUpdate Service Version 3.0.6 includes enhancements, bug fixes, and security updates for the ActiveUpdate service hosted on Service Gateway appliances.

This update includes the following changes:

This update adds the function to automatically discover and purge automatically inspected update sources that have been unused for over 14 days.

Service Gateway: Forward Proxy Service Version 2.0.5

Thu, 01 Aug 2024 00:00:00 GMT

October 21, 2024—Service Gateway Forward Proxy Service Version 2.0.5 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update enhances the DNS policy to fix network instability.
This update reduces unnecessary PTR requests to improve network performance and reduce latency.

Service Gateway: Forward Proxy Service Version 2.0.4

Thu, 01 Aug 2024 00:00:00 GMT

August 6, 2024—Service Gateway Forward Proxy Service Version 2.0.4 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds a fix for a 502 error when both the custom proxy and cloud proxy are configured.

Service Gateway Firmware Version 3.0.12

Thu, 01 Aug 2024 00:00:00 GMT

August 27, 2024—Service Gateway Firmware Version 3.0.12 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update adds a bug fix for updating the DNS server using a CLISH command.
This update adds an audit log for the CLISH commands exit and logout.

Service Gateway Firmware Version 3.0.11

Thu, 01 Aug 2024 00:00:00 GMT

August 6, 2024—Service Gateway Firmware Version 3.0.11 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds support for using TrendAI Vision One™ certificates and bearer tokens for authentication when accessing service gateway appliance information.
This update adds an internal enhancement to block traffic.
This update updates the libssh library to fix the security vulnerability CVE-2023-48795.
This update adds a fix for a 502 error when both the custom proxy and cloud proxy are configured.
This update fixes network issues when the gateway router address of an appliance changes.

Protect private general and generative AI service applications using on-premises gateways in reverse proxy mode for Zero Trust Secure Access Internet and AI Service Access

Thu, 01 Aug 2024 00:00:00 GMT

August 1, 2024—Connected on-premises gateways in Zero Trust Secure Access Internet Access and AI Service Access can now operate in reverse proxy mode. With Internet Access, use reverse proxy mode to protect your general private applications using access control, threat protection, and data loss protection (DLP). With AI Service Access, use reverse proxy mode to protect your private generative AI services using AI Service Access and rate limiting rules, enabling content inspection, preventing prompt injection, and stopping potential denial-of-service attacks. Enable the new service mode in Internet Access and AI Service Access Configuration.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Zero Trust Secure Access On-premises Gateway Version 1.0.49

Fri, 02 Aug 2024 00:00:00 GMT

August 2, 2024—ZTSA On-Premises Gateway Version 1.0.49 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancement

Fixed the performance issue when downloading files via HTTP/2

Add objects to Network Resources from the Workbench, Search, and Observed Attack Techniques apps

Fri, 02 Aug 2024 00:00:00 GMT

August 2, 2024—You can now use the context menu to add IP addresses and domains to the Trusted Domain List, Trusted Service Source List, or Network Group List, enhancing future detections from connected Deep Discovery Inspector appliances and Virtual Network Sensors.

Network Security → Network Analysis Configuration → Network Resources

Add objects to Network Resources from the Workbench, Search, and Observed Attack Techniques apps

Fri, 02 Aug 2024 00:00:00 GMT

Network Security → Network Analysis Configuration → Network Resources

Trend Companion explains Observed Attack Techniques events in the Search app

Mon, 05 Aug 2024 00:00:00 GMT

August 5, 2024—When using the Observed Attack Techniques search method in the Search app, you can learn more about the events detected in your environment with the help of Trend Companion.

For more information, see TrendAI™ Companion.

Agentic SIEM and XDR → XDR Data Explorer

Container Inventory features Kubernetes group management

Wed, 07 Aug 2024 00:00:00 GMT

August 7, 2024—Container Inventory allows users to organize their Kubernetes clusters into groups for enhanced control and streamlined management. Asset Visibility Scope supports this feature by allowing specific permissions to be assigned by groups, facilitating more efficient management of clusters.

For more information, see Inventory/Overview.

Cloud Security → Container Security → Container Inventory

More granular security checks for approved senders in Cloud Email Gateway Protection

Mon, 12 Aug 2024 00:00:00 GMT

August 12, 2024—Cloud Email Gateway Protection adds Bypass Checks for approved senders in Sender Filter Settings. This allows you to determine which scanning criteria in Connection Filtering and Spam Filtering policies you want to apply on emails from approved senders.

Email and Collaboration Security → Cloud Email Gateway Protection

Improved inline action process in quarantine digest notifications in Cloud Email Gateway Protection

Mon, 12 Aug 2024 00:00:00 GMT

August 12, 2024—When end users click an inline action link in the quarantine digest notification, they're prompted to confirm on a dedicated page. This extra step ensures that actions are only taken with end users’ explicit consent, preventing unexpected access during notification transmission.

Email and Collaboration Security → Cloud Email Gateway Protection

Zero Trust Secure Access adds PoP site in AWS US West (Oregon)

Mon, 12 Aug 2024 00:00:00 GMT

August 12, 2024—Zero Trust Secure Access Internet Access now offers support for the AWS US West (Oregon) region. Users in the region may configure their service FQDNs to reflect the new location. For more information on available PoP sites for the Internet Access Cloud Gateway, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Enhanced cloud risk management with new Cloud Security Posture dashboard

Mon, 12 Aug 2024 00:00:00 GMT

August 12, 2024—You can now access the new Cloud Security Posture dashboard, which provides a comprehensive summary of cloud assets. Additionally, the page previously known as "Cloud Posture Overview" has been renamed to "Compliance and Misconfiguration."

The Cloud Security Posture dashboard offers detailed insights into related risk findings, including misconfiguration, compliance, vulnerability, threats, identity risk, and data posture.

These updates ensure a more streamlined and informative experience, enabling you to quickly identify and address potential risks in your cloud environment.

For more information, see About Cloud Risk Management.

Cyber Risk Exposure Management > Cloud Risk Management > Cloud Risk Management

Server & Workload Protection and Endpoint Sensor now support Debian 12 Linux OS

Thu, 15 Aug 2024 00:00:00 GMT

August 15, 2024—The TrendAI Vision One™ Endpoint Security agent now supports deploying Server & Workload Protection and Endpoint Sensor to Debian 12 endpoints.

For details on supported Linux platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Network Security introduces Network Overview dashboard

Thu, 15 Aug 2024 00:00:00 GMT

August 15, 2024—TrendAI Vision One™ Network Security introduces a new page called Network Overview. This dashboard provides an at-a-glance perspective into your organization's network security posture, including an overview of the vulnerabilities reported by the different network products that TrendAI Vision One™ offers.

For more information, see Network Security.

Network Security → Network Overview

Automated anomaly detection with pre-defined correlation rules in Correlated Intelligence in Cloud Email and Collaboration Protection

Sun, 18 Aug 2024 00:00:00 GMT

August 18, 2024 – When administrators enable Correlated Intelligence while creating a new ATP policy, Cloud Email and Collaboration Protection automatically applies all pre-defined correlation rules for anomaly detection. These rules are categorized into three levels of aggressiveness, allowing administrators to tailor the enforcement of these rules according to their organization's security needs and email service requirements.

For existing ATP policies, administrators need to manually configure whether to apply all or partial pre-defined rules.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Exchange Online protection enhancement with Microsoft 365 activity data in Cloud Email and Collaboration Protection

Sun, 18 Aug 2024 00:00:00 GMT

August 18, 2024 – Cloud Email and Collaboration Protection enhances its protection capabilities for Exchange Online by integrating user behavior analysis. Organizations that permit access to their Exchange Online data can further enable Cloud Email and Collaboration Protection to read activity data through the Microsoft Graph API and Office 365 Management API.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Custom data period for one-time reports in Cloud Email and Collaboration Protection

Sun, 18 Aug 2024 00:00:00 GMT

August 18, 2024 – Cloud Email and Collaboration Protection provides administrators with the flexibility to select custom time frames, ranging from days to months, for generating data in one-time reports, in addition to the fixed data periods.

Email and Collaboration Security → Cloud Email and Collaboration Protection

XDR for Cloud - AWS VPC Flow Logs and Cloud Response for AWS now support AWS Organization connections

Mon, 19 Aug 2024 00:00:00 GMT

August 19, 2024—The "XDR for Cloud - AWS VPC Flow Logs" and "Cloud Response for AWS" features can now be enabled and deployed to AWS Organization accounts in the Cloud Accounts app.

Cloud Security → Cloud Accounts

Endpoint Inventory table enhancements

Mon, 19 Aug 2024 00:00:00 GMT

August 19, 2024—Endpoint Inventory introduces further enhancements to improve user experience. In addition to previous enhancements including adjustable column width, you can now click-and-drag columns to rearrange the table, and more columns support sorting. Your settings are automatically saved for the next time you access Endpoint Inventory.

Endpoint Security → Endpoint Inventory

Correlated Intelligence for inbound email threat detection in Cloud Email Gateway Protection

Wed, 21 Aug 2024 00:00:00 GMT

August 21, 2024—Cloud Email Gateway Protection launches the Correlated Intelligence policy rules for Inbound Protection that can correlate the suspicious signals found across different scanning criteria (such as Virus Scan and Spam Filtering) to enrich threat detection for email services. With Correlated Intelligence capabilities, Cloud Email Gateway Protection also provides the reasons why an email is detected as a threat.

Email and Collaboration Security → Cloud Email Gateway Protection

XDR detections for Gen-AI applications in Amazon Bedrock

Wed, 21 Aug 2024 00:00:00 GMT

August 21, 2024—XDR for Cloud now provides monitoring capabilities for detecting possible attacks on Gen-AI applications in Amazon Bedrock. XDR for Cloud monitors for attempted and unauthorized deletion of guardrails and knowledge bases, and tampering with logging. These detections require the XDR for Cloud - AWS CloudTrail feature to be enabled on your connected AWS accounts. If you have already enabled the feature, the new detection capabilities are enabled by default.

To enable XDR for Cloud - AWS CloudTrail, go to Cloud Security → Cloud Accounts → AWS and update the deployment stack.

To view the new detection models, go to Agentic SIEM and XDR → Detection Model Management.

Zero Trust Secure Access On-premises Gateway Version 1.0.50

Mon, 26 Aug 2024 00:00:00 GMT

August 26, 2024—ZTSA On-Premises Gateway Version 1.0.50 provides enhanced security and connectivity features.

This update includes the following changes:

New Feature

Supports user-based private generative AI service protection.

Enhancement

Fixed the diagnostic page incorrectly displaying a long latency between an endpoint and gateway.
Enhanced on-premises gateways to reuse their configurations after being restarted.

XDR for Cloud usage graph now available

Mon, 26 Aug 2024 00:00:00 GMT

August 26, 2024—Cloud Accounts now features a detailed graph displaying your current and historical data ingestion for XDR for Cloud, enabling you to track the volume of data analyzed. To view the usage graph, go to Cloud Security → Cloud Accounts and click Credit Usage.

Cloud Security → Cloud Accounts

Endpoint-based attack prevention/detection rule application impact now displayed

Mon, 26 Aug 2024 00:00:00 GMT

August 26, 2024—Applying host-based attack prevention/detection rules now impacts asset risk scores in Cyber Risk Exposure Management. When host, or endpoint-based, attack prevention/detection rules are successfully applied to vulnerable assets, the risk score of the assets will be reduced. CVEs that have available attack prevention/detection rules will display an indicator in the corresponding entry on an asset's profile screen, allowing you to more easily see which vulnerabilities can be mitigated. To learn more, seeAttack prevention/detection rules.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Vulnerability assessment coverage extended to Rocky Linux

Mon, 26 Aug 2024 00:00:00 GMT

August 26, 2024—Attack Surface Risk Management vulnerability assessment coverage now extends to Rocky Linux. Use the new capability to strengthen your endpoint security and more effectively prioritize risk. For more information, see Vulnerability Assessment supported operating systems.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Automated High-Risk Account Response playbooks now available in public preview

Mon, 26 Aug 2024 00:00:00 GMT

August 26, 2024—Security Playbooks has introduced a new playbook template: Automated High-Risk Account Response. This playbook enables users to manage accounts with high risk scores by taking specified response actions. In addition to the standard user account actions, the playbook has expanded its functionality to add these accounts to a dedicate restricted user group within Zscaler. This integration allows for specific Zscaler policies to be applied directly to the group.

To utilize this feature, users must configure one or both Zscaler integrations within the Third-Party Integration app.

For more information, see Manually create Automated High-Risk Account Response playbooks.

Workflow and Automation → Security Playbooks

SCORM courses available for Security Awareness Training Training Campaigns

Wed, 28 Aug 2024 00:00:00 GMT

August 28 2024—In addition to the video-based courses offered in Security Awareness Training Training Campaigns, you can now also select Sharable Content Object Reference Model, or SCORM courses. SCORM allows for more interactivity and the potential to track progress. Choose between the two types of training content for your recipients to gain more flexibility in how you deliver training, helping to better engage and educate your users. Whether you prefer the structured format of SCORM or the visual appeal of videos, you can now tailor the training experience to best suit your needs. Start exploring the SCORM courses in your phishing training campaigns and enhance your organization's cyberSecurity Awareness Training.

Cyber Risk Exposure Management → Security Awareness

New exceptions available for XDR for Cloud - AWS CloudTrail detections

Fri, 30 Aug 2024 00:00:00 GMT

August 30, 2024—Detection Model Management now supports creating detection exceptions for your Amazon S3 buckets using the bucket name. Set the Match Criteria field type to cloud_identifier, select requestParameters.bucketName for the field, and provide the bucket name.

Agentic SIEM and XDR → Detection Model Management

Virtual Network Sensor version 1.0.1363

Sun, 01 Sep 2024 00:00:00 GMT

September 23, 2024—Virtual Network Sensor version 1.0.1363 includes enhancements, bug fixes, and security updates.

Virtual Network Sensor version 1.0.1341

Sun, 01 Sep 2024 00:00:00 GMT

August 26, 2024—Virtual Network Sensor version 1.0.1341 provides enhanced network monitoring and threat detection capabilities.

This update includes the following changes:

This update adds the ability for Virtual Network Sensor to collect and send TCP telemetry to TrendAI Vision One™.

Service Gateway Firmware Version 3.0.13

Sun, 01 Sep 2024 00:00:00 GMT

September 24, 2024—Service Gateway Firmware Version 3.0.13 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update adds a bug fix for increasing storage for Service Gateway appliances deployed with AWS.
This update corrects the invalid K8S certificate time caused by wrong RTC time on the Service Gateway appliance.
This update enhances the iptables to accommodate a large number of ports.

New alert types: Case update summary and Case update for owners

Mon, 02 Sep 2024 00:00:00 GMT

September 2, 2024—The Notifications app now includes two new alert types: Case update summary and Case update for owners. The Case update summary alert periodically sends notifications to specified recipients with a summary of case updates, while the Case update for owners alert notifies owners every time a case update occurs. For Case update summary, you can specify which case updates you want the summary to include.

For more information, see Configure notifications for case update summary and Configure notifications for case update for owners.

Administration → Notifications

Network Sensor for TippingPoint general release

Mon, 02 Sep 2024 00:00:00 GMT

September 2, 2024—Network Sensor for TippingPoint now enters official release and comes with a 30-day free trial to evaluate the functionality and benefits. After the trial period end, credits are automatically allocated based on usage.

For more information, see Enabling Network Sensor for TippingPoint.

Network Security → Network Inventory → TippingPoint

Zero Trust Secure Access On-premises Gateway Version 1.0.51

Mon, 09 Sep 2024 00:00:00 GMT

September 9, 2024—ZTSA On-Premises Gateway Version 1.0.51 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancement

Updated the IP geolocation database to the latest version.
Fixed the issue where the HTTPS connection with the TLS handshake could fail in some situations.

Standard Endpoint Protection supports Windows 11 ARM64

Mon, 09 Sep 2024 00:00:00 GMT

September 9, 2024—You can now deploy the TrendAI Vision One™ Endpoint Security agent with Standard Endpoint Protection on endpoints with the Windows 11 ARM64 operating system.

Endpoint Security → Endpoint Inventory

Set parameters for risk event rules

Mon, 09 Sep 2024 00:00:00 GMT

September 9, 2024—You may now set specific parameters for the risk event rules for certain risk event types in Threat and Exposure Management. Add IP addresses, apps, rules, or days of the week as conditions that must be met for the risk event rule to apply. Setting parameters allows for more granular control over when a risk event rule is triggered.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Anomaly detection with predefined correlation rules in Correlated Intelligence in Cloud Email Gateway Protection

Wed, 18 Sep 2024 00:00:00 GMT

September 18, 2024—In addition to detecting security risks, Correlated Intelligence in Cloud Email Gateway Protection now supports detecting anomalies that deviate from normal behaviors and may require your attention. Based on the organization’s security needs, administrators can enable all or partial predefined correlation rules at three levels of aggressiveness and apply the rules to detect anomalies in Correlated Intelligence policy.

Email and Collaboration Security → Cloud Email Gateway Protection

Email recovery for deleted emails in Cloud Email Gateway Protection

Wed, 18 Sep 2024 00:00:00 GMT

September 18, 2024—Cloud Email Gateway Protection provides Email Recovery to retain emails marked for deletion for 14 days. This allows for restoration of emails that were mistakenly deleted before they are permanently purged, which helps ensure your business continuity and reduce the risk of data loss.

Email and Collaboration Security → Cloud Email Gateway Protection

Detection signal customization for Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 20 Sep 2024 00:00:00 GMT

September 20, 2024 – In addition to predefined detection signals for Correlated Intelligence, Cloud Email and Collaboration Protection allows administrators to define custom signals by using predefined conditions to meet specific security needs. These custom signals can then be incorporated into correlation rules, enhancing the detection capabilities of Cloud Email and Collaboration Protection within their unique environment.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Dashboard configuration checks for Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 20 Sep 2024 00:00:00 GMT

September 20, 2024 – The Configuration Health tab on the Cloud Email and Collaboration Protection Dashboard is updated to include checks related to Correlated Intelligence, providing administrators with a streamlined overview of their security configurations.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Automatic recovery of false positive emails for Exchange Online and Gmail in Cloud Email and Collaboration Protection

Fri, 20 Sep 2024 00:00:00 GMT

September 20, 2024 – Cloud Email and Collaboration Protection utilizes detection and quarantine logs to identify false positive emails detected by Advanced Spam Protection, Web Reputation, and Correlated Intelligence. It then automatically reverses the Quarantine, Move to Junk Email folder, Move to Spam actions, delivering the emails directly to end users' inboxes. This feature functions without user intervention and is independent of whether Retro Scan & Auto Remediate is activated by administrators in Advanced Spam Protection and Web Reputation settings.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access On-premises Gateway Version 1.0.52

Mon, 23 Sep 2024 00:00:00 GMT

September 23, 2024—ZTSA On-Premises Gateway Version 1.0.52 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancement

AI service access for Gemini has been enhanced due to protocol changes.
Fixed the "no log" issue in ICAP mode when the URL is empty.
Fixed the high CPU usage issue when the configured syslog server is unavailable.

New alert type in the Notifications app: Newly discovered assets

Mon, 23 Sep 2024 00:00:00 GMT

September 23, 2024—The Notifications app has been enhanced with a new alert feature that notifies customers of new assets detected in their environment, which could pose significant risks.

For more information, see Configuring notifications for newly discovered assets.

Administration → Notifications

Run osquery and YARA rules tasks from the Search app

Mon, 23 Sep 2024 00:00:00 GMT

September 23, 2024—You can now trigger osquery and YARA rules response tasks from the context menu in the Search app, providing you flexibility when investigating potential incidents. You can also upload response scripts, osquery queries, and YARA rules on the Response Scripts tab in Response Management.

For more information, see Response actions.

Workflow and Automation → Response Management

Manage opt-in and opt-out settings for individual pre-release features from Platform Directory

Mon, 23 Sep 2024 00:00:00 GMT

September 23, 2024—You can now opt in to and out of individual pre-release features from Platform Directory, allowing you more granular control over which features you want to experience before official release. You can manage which users have permission to opt in to and out of pre-release features from User Roles.

For more information, see Platform Directory.

Platform Directory

Scan select AWS resources for malware

Mon, 23 Sep 2024 00:00:00 GMT

September 23, 2024—Agentless Vulnerability & Threat Detection now supports malware scanning of AWS EBS, ECR, and Lambda resources. After enabling the feature for your connected AWS accounts in Cloud Accounts, Agentless Vulnerability & Threat Detection begins scanning daily for threats like viruses, Trojans, spyware, and more. Get remediation options and metadata for performing threat hunting queries by examining associated risk events in Threat and Exposure Management.

Anti-malware scanning is disabled by default. Enabling anti-malware scanning increases your AWS operational costs. To learn more, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

See time-critical alerts for vulnerabilities in Linux

Mon, 23 Sep 2024 00:00:00 GMT

September 23, 2024—Time-critical vulnerability alerts now support Linux to give you more visibility into your organization’s security posture. Check alerts In Cyber Risk Overview to see which operating systems are affected by the vulnerability. View mitigation options for all supported operating systems, and if supported, mitigation actions are automatically detected after you apply them.

Cyber Risk Exposure Management → Cyber Risk Overview

CIS Kubernetes benchmark scanning now available

Tue, 24 Sep 2024 00:00:00 GMT

September 24, 2024—TrendAI Vision One™ – Container Security now supports compliance scanning with CIS benchmarks in your Kubernetes clusters. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your Kubernetes security posture.

For more information, see Compliance.

Cloud Security → Container Security → Container Protection

Endpoint security policies now available for preview

Mon, 30 Sep 2024 00:00:00 GMT

September 30, 2024—Endpoint security policies allow you to implement policy-based management of agent settings from a centralized location. Currently, you can use endpoint security policies to manage Endpoint Sensor settings, with more features coming soon; such as the state-of-the-art Deepfake Detector Technology and adjustable monitoring levels designed to optimize your security posture with advanced inspection tools such as the Network Content Inspection Engine.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

Server & Workload Protection and Endpoint Sensor now support SUSE Linux Enterprise Server 15 (AWS ARM-based Graviton 2)

Mon, 30 Sep 2024 00:00:00 GMT

September 30, 2024—The TrendAI Vision One™ Endpoint Security agent now supports deploying Server & Workload Protection and Endpoint Sensor to SUSE Linux Enterprise Server 15 (AWS ARM-based Graviton 2) endpoints.

For details on supported Linux platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Server & Workload Protection and Endpoint Sensor now support Ubuntu 24.04 64-bit (x86-64) Linux OS

Mon, 30 Sep 2024 00:00:00 GMT

September 30, 2024—The TrendAI Vision One™ Endpoint Security agent now supports deploying Server & Workload Protection and Endpoint Sensor to Ubuntu 24.04 64-bit (x86-64) endpoints.

For details on supported Linux platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

New APIs available for Cloud Risk Management

Mon, 30 Sep 2024 00:00:00 GMT

September 30, 2024—The “Checks and Profiles” public APIs for Cloud Risk Management is now available on the TrendAI Vision One™ Automation Center. For more information, visit the Automation Center.

Role-based targets in security playbooks

Mon, 30 Sep 2024 00:00:00 GMT

September 30, 2024—Security playbooks now reflect the asset visibility scope of the user role that created them, targeting only the assets within that scope. This helps the organization with different asset visibility scopes to manage their security playbooks effectively.

If the creator's user role is deleted, the playbook becomes deactivated until another user reactivates it by editing or enabling the playbook. Upon reactivation, the playbook applies to targets within the asset visibility scope of the user who reactivated it.

Workflow and Automation → Security Playbooks

Enhanced endpoint filtering for Automated Response Playbooks

Mon, 30 Sep 2024 00:00:00 GMT

September 30, 2024—Automated Response Playbooks now provide additional endpoint conditions, including endpoint name, endpoint type, and operating system, to filter targeted endpoints for the playbook.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Send to sandbox for Virtual Network Sensor officially released

Tue, 01 Oct 2024 00:00:00 GMT

October 1, 2024—The send to sandbox feature for Virtual Network Sensor is now officially released. Send to sandbox is a paid feature and requires 2000 credits for every 500 Mbps of traffic scanned.

Network Security → Network Inventory

Enhanced Owner Assignment in Workbench and Case Management

Fri, 04 Oct 2024 00:00:00 GMT

October 4, 2024—Case Management and Workbench now support assigning SAML groups and IdP-only SAML groups as alert and case owners respectively.

For detailed information and limitations, see the online help for Case Management and Workbench.

Workflow and Automation → Case Management

Agentic SIEM and XDR → Workbench

Enhanced Owner Assignment in Workbench and Case Management

Fri, 04 Oct 2024 00:00:00 GMT

October 4, 2024—Case Management and Workbench now support assigning SAML groups and IdP-only SAML groups as alert and case owners respectively.

For detailed information and limitations, see the online help for Case Management and Workbench.

Workflow and Automation → Case Management

Agentic SIEM and XDR → Workbench

Define the structure of your organization with Asset Group Management

Tue, 08 Oct 2024 00:00:00 GMT

October 8, 2024—The new Asset Group Management app is now available in public preview. In Asset Group Management, you can create groups of assets, designate tag values for the new Asset group tag, and assign a tag value to each asset group. By enabling you to analyze and manage specific subsets of assets, asset groups streamline your asset management and provide a foundation for powerful new features on the TrendAI Vision One™ platform.

For more information, see Asset Group Management.

Service Management → Asset Group Management

Endpoint Inventory page view enhancements

Tue, 08 Oct 2024 00:00:00 GMT

October 8, 2024—Endpoint Inventory now features two new features to enhance navigating the inventory list.

You can now navigate between pages by typing the exact page you want to view with the page navigation input box.
If your organization has more than 200 endpoints in your inventory, you can increase the per page view to 500 and 1000 endpoints per page.

Endpoint Security → Endpoint Inventory

View Risk Subindex per asset group in Cyber Risk Exposure Management

Tue, 08 Oct 2024 00:00:00 GMT

October 8, 2024—Cyber Risk Overview now supports the ability to view and compare the Risk Index for specific subsets of assets. For example, you can monitor risk per business unit, region, information system, and more to determine which subset requires attention. To see the Risk Subindex, you must first build an asset grouping structure in Asset Group Management and allocate tag values to assets groups of either "Attack Surface Discovery" or "Tag Inventory App". For more information, see Risk Overview.

Cyber Risk Exposure Management → Cyber Risk Overview

Container Image Scanning now viewable from the TrendAI Vision One console

Wed, 09 Oct 2024 00:00:00 GMT

October 9, 2024—Container Security now supports access to detailed results and statistics for scanned artifacts on the Container Image Scanning page from the TrendAI Vision One™ console. View the scan results of registry image artifacts for vulnerabilities, malware, and secrets within your continuous integration (CI) or continuous delivery (CD) pipeline.

For information, see Container Image Scanning.

Cloud Security → Container Security → Container Protection

Zero Trust Secure Access On-premises Gateway Version 1.0.53

Thu, 10 Oct 2024 00:00:00 GMT

October 10, 2024—ZTSA On-Premises Gateway Version 1.0.53 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancement

Enhanced the message incomplete issue in some scenarios of ICAP REQMOD requests.

Create cluster-managed policies in Container Security

Thu, 10 Oct 2024 00:00:00 GMT

October 9, 2024—You can now interact directly with the Kubernetes API to create and manage Container Security cluster-managed policies and rulesets within your Kubernetes clusters. This integration facilitates seamless deployment of Container Security policies and rulesets with your GitOps workflows.

For more information, see Cluster-managed policies.

Cloud Security → Container Security → Container Inventory

Cloud Accounts now supports excluding accounts when connecting AWS organizations

Mon, 14 Oct 2024 00:00:00 GMT

October 14, 2024—You can now specify accounts to exclude when connecting or updating AWS Organizations in the Cloud Accounts app. This feature can be used to exclude certain accounts from being monitored by TrendAI Vision One™, or to allow connecting excluded accounts individually to set up feature and account configurations different from the organization.

Cloud Security → Cloud Accounts

Proxy support for TippingPoint Network Sensor

Wed, 16 Oct 2024 00:00:00 GMT

October 16, 2024—Network Inventory now supports the option to connect your TippingPoint Network Sensor to TrendAI Vision One™ through a proxy. This configuration option is available only when you enable TippingPoint Network Sensor.

For more information, see Enabling Network Sensor for TippingPoint.

Network Security → Network Inventory → TippingPoint

Zero Trust Secure Access On-premises Gateway Version 1.0.54

Mon, 21 Oct 2024 00:00:00 GMT

October 21, 2024—ZTSA On-Premises Gateway Version 1.0.54 provides enhanced security and connectivity features.

This update includes the following changes:

New Features

Support to configure components update for the on-premises gateway.
Support for the Amazon Bedrock public AI service on advanced content inspection.

Enhancement

Increased the timeout value of the WRS query for the on-premises gateway.
Enhanced the gateway on the HTTPS handshake procedure with client certificate.
Enhanced AI Service Access content inspection due to protocol change in public AI services.

Quarantined email preview enhancement in Cloud Email Gateway Protection

Mon, 21 Oct 2024 00:00:00 GMT

October 21, 2024—Cloud Email Gateway Protection now supports enabling quarantined email preview in quarantine digest templates. This feature allows administrators to decide whether end users can preview quarantined emails in quarantine digests. The quarantine digest preview supports inline actions for improved user interaction, including options to deliver emails or approve senders.

Additionally, enhancements are also made to allow end users and administrators to view HTML-rendered email content in the End User Console or the Quarantine Query Details screen.

Email and Collaboration Security → Cloud Email Gateway Protection

Service Gateway Firmware Version 3.0.14

Mon, 21 Oct 2024 00:00:00 GMT

October 21, 2024—Service Gateway Firmware Version 3.0.14 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update adds support for deploying the Service Gateway virtual appliance on the Nutanix AHV (QCOW2) platform.
This update ensures additional route configurations remain persistent after a Service Gateway reboot or upgrade.
This update provides a workaround for the SG-APL log rotation failure issue.
This update increases the password complexity requirements.

Cloud Risk Management includes Cloud Infrastructure Entitlement Management (CIEM)

Mon, 21 Oct 2024 00:00:00 GMT

October 21, 2024—Get central visibility of your cloud entitlements and related risks in Cloud Risk Management. With over 200 different types of cloud resources currently available, cloud operations and security teams are increasingly challenges by the complexity of cloud infrastructure entitlement management.

A dedicated entitlements tab in Cloud Security Posture now gives users centralized visibility into cloud identities and related risks. Take action and focus remediation efforts based on prioritized risks, including risky identity types, identity misconfigurations, and potential attack paths. To learn more, see Entitlements.

Cyber Risk Exposure Management → Cloud Risk Management → Cloud Security Posture

Assess for and view all CVEs in Cyber Risk Exposure Management

Mon, 21 Oct 2024 00:00:00 GMT

October 21, 2024—The Detected Vulnerabilities widget in Exposure Overview now displays CVEs by impact level, including detected low-impact CVEs. New widgets in Threat and Exposure Management allow you to filter CVEs by high, medium, and low impact. To learn more about how CVE impact scores are calculated, see Vulnerability impact score.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cyber Risk Exposure Management → Cyber Risk Overview

View All CVEs for Containers, Cloud VMs, and Serverless Functions

Mon, 21 Oct 2024 00:00:00 GMT

October 21, 2024—Cyber Risk Exposure Management prioritizes the most critical vulnerabilities across your entire attack surface, allowing you to focus your remediation efforts. However, visibility into lower impact CVEs is now available for containers, cloud VMs, and serverless functions, providing you the vulnerability information you needs for compliance or internal audits. View lower impact CVEs in the Vulnerabilities section of Threat and Exposure Management or Exposure Overview in Cyber Risk Overview.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cyber Risk Exposure Management → Cyber Risk Overview

Four more predefined conditions available in Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 25 Oct 2024 00:00:00 GMT

October 25, 2024—Cloud Email and Collaboration Protection supports four more predefined conditions for defining custom detection signals in Correlated Intelligence. The conditions check the Reply-To domain activity, the Reply-To address activity, the URL domain registration age in email, and the sender address for anomaly detection in the customer’s environment.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced Correlated Intelligence monitoring for existing ATP policies in Cloud Email and Collaboration Protection

Fri, 25 Oct 2024 00:00:00 GMT

October 25, 2024—Cloud Email and Collaboration Protection enhances the monitoring of Correlated Intelligence detections without disrupting your email flow. This update automatically enables the Correlated Intelligence filter for policies where this filter is currently disabled, allowing you to keep track of Correlated Intelligence detections seamlessly while maintaining smooth email operations. Specifically,

For existing policies without Correlated Intelligence enabled, the action for Security Risks is set to Pass, and “All pre-defined rules” is selected for anomalies with the action set to Pass.
For existing policies with Correlated Intelligence enabled, no changes are made to the action for Security Risks. However, if “Specified pre-defined rules” was selected for anomalies with no rules specified, it is changed to “All pre-defined rules” with the action set to Pass.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Automatic recovery of false positive emails marked for deletion in Exchange Online and Gmail in Cloud Email and Collaboration Protection

Fri, 25 Oct 2024 00:00:00 GMT

October 25, 2024—Cloud Email and Collaboration Protection extends its capabilities to identify false positive emails detected by Advanced Spam Protection, Web Reputation, and Correlated Intelligence, and then automatically restore false positive emails marked for deletion in end users’ “Recoverable Items > Deletions” folder in Exchange Online and the “Trash” folder in Gmail.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Access token re-creation for Dropbox and Google Drive service accounts in Cloud Email and Collaboration Protection

Fri, 25 Oct 2024 00:00:00 GMT

October 25, 2024—Cloud Email and Collaboration Protection provides an option for administrators to re-create access tokens for the Dropbox and Google Drive service accounts when the current tokens become invalid or you want to refresh the existing token.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Identity Posture Assessment now available

Mon, 28 Oct 2024 00:00:00 GMT

October 28, 2024—Cyber Risk Assessment is introducing Identity Posture Assessment, a new complimentary feature for all users. This feature allows you to scan your organization's identity-related assets to detect the assets that might be exposed to attack and identify risk events that most put your assets at risk.

For more information, see Identity Posture Assessment.

Assessment → Cyber Risk Assessment

Find recommended trusted domains and service sources in Network Analysis Configuration

Mon, 28 Oct 2024 00:00:00 GMT

October 28, 2024—Attack Surface Discovery, part of Cyber Risk Exposure Management, is able to analyze your network and recommend domains and IP addresses to add as assets. You many now use this process to discover recommended domains and service sources to add to the Trusted Domains and Trusted Service Sources lists in Network Resources. Click Add Recommendations in the corresponding tab to discover the assets and choose whether to add them to a trusted list.

Network Security → Network Analysis Configuration → Network Resources

Cloud Risk Management moving to Cloud Security app group

Mon, 28 Oct 2024 00:00:00 GMT

October 28, 2024—On December 2nd, 2024, Cloud Risk Management will be fully relocated to the new Cloud Security app group, where you can get a unified view of your cloud resources and security. Until that date, you may access Cloud Risk Management from within the Cyber Risk Exposure Management app group or in the new Cloud Security app group.

Cloud Security → Cloud Risk Management

New security dashboard template: Cyber Insurance

Mon, 28 Oct 2024 00:00:00 GMT

October 28, 2024—Streamline your insurance application process with our new Cyber Insurance security dashboard template. This template summarizes critical cybersecurity data required by insurance carriers, aggregating essential security control metrics to help businesses effectively demonstrate their cybersecurity posture.

Dashboards and Reports → Dashboards

Version control policies now available for preview

Thu, 31 Oct 2024 00:00:00 GMT

October 31, 2024—Version control policies for Trend Endpoint Security provides policy-based management of agent and component updates in a centralized location. Additionally, TrendAI™ delivers enhanced stability of the Trend Endpoint Agent through selective testing and staged rollouts, reducing risks and ensuring compatibility with your security environment.

Endpoint Security → Endpoint Security Configuration → Version Control Policies

CIS OpenShift benchmark scanning now available

Thu, 31 Oct 2024 00:00:00 GMT

October 31, 2024—TrendAI Vision One™ – Container Security now supports compliance scanning with CIS benchmarks in your Red Hat OpenShift clusters. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your OpenShift security posture.

For more information, see Compliance.

Cloud Security → Container Security → Container Protection

Cloud Risk Management Events and Groups Public APIs now available on TrendAI Vision One Automation Center

Thu, 31 Oct 2024 00:00:00 GMT

October 31, 2024—You can now access the new Cloud Risk Management public APIs for Events and Groups through the TrendAI Vision One™ Automation Center.

Cloud Security Posture → Cloud Risk Management

Service Gateway: Generic Caching Service 1.0.2

Fri, 01 Nov 2024 00:00:00 GMT

November 18, 2024—Service Gateway Generic Caching Service 1.0.2 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds an enhancement to the Service Gateway's ability to collect metrics on the Generic Caching Service.

Virtual Network Sensor version 1.0.1393

Fri, 01 Nov 2024 00:00:00 GMT

November 6, 2024—Virtual Network Sensor version 1.0.1393 includes enhancements, bug fixes, and security updates for the Virtual Network Sensor.

This update includes the following changes:

Virtual Network Sensor supports connecting to TrendAI Vision One™ using a Service Gateway as a proxy. The connection option can be selected from Network Inventory during deployment or from the connection settings menu.
Custom proxies for Virtual Network Sensor can now be configured from Network Inventory during deployment or from the connection settings menu.

Extended Audit Log Query Period in Cloud Email Gateway Protection

Wed, 06 Nov 2024 00:00:00 GMT

November 6, 2024—Cloud Email Gateway Protection now allows administrators to query audit logs retained for up to 180 days, instead of the previous 30 days.

Email and Collaboration Security → Cloud Email Gateway Protection

Zero Trust Secure Access On-premises Gateway Version 1.0.55

Mon, 11 Nov 2024 00:00:00 GMT

November 11, 2024—ZTSA On-Premises Gateway Version 1.0.55 provides enhanced security and connectivity features.

This update includes the following changes:

Enhancements

Improved performance for HTTP/2 traffic.
Enhanced the authentication redirection handling for special requests like css/font/js.
Fixed the service abnormality if there is an IPv6 address in the X-Forwarded-For header.

You can now move Kubernetes clusters between groups in Container Inventory

Wed, 13 Nov 2024 00:00:00 GMT

November 13, 2024—TrendAI Vision One™ Container Security now enables you to move Kubernetes clusters between groups in Container Inventory. This facilitates more efficient management of your clusters.

For more information, see Inventory/Overview.

Cloud Security → Container Security → Container Inventory

Runtime Malware Scanning now available in Container Security

Wed, 13 Nov 2024 00:00:00 GMT

November 13, 2024—TrendAI Vision One™ Container Security now offers Runtime Malware Scanning to help you detect malicious software in your production containers. This new feature provides scheduled malware scans of running containers and threat detection to identify malware in your production environment. With this release, Container Security ensures comprehensive security coverage throughout your container lifecycle by actively monitoring for both vulnerabilities and malware threats in production workloads.

For more information, see Enable Runtime Security and scanning features.

Cloud Security → Container Security

Cloud Risk Management Embedded Rules Knowledge Base Now Available

Thu, 14 Nov 2024 00:00:00 GMT

November 14, 2024—You can now access the resolution information for failing misconfiguration rules within the TrendAI Vision One™ Cloud Risk Management console. For more information, see: Automation Center.

Cloud Security Posture → Cloud Risk Management

Enhanced reports with anomaly detection information in Cloud Email and Collaboration Protection

Fri, 15 Nov 2024 00:00:00 GMT

November 15, 2024—Administrators can now choose to include anomaly detections in both one-time and scheduled reports. The report will show the total number of anomalies detected by Correlated Intelligence, provide a summary of these anomalies for each supported service, and highlight the top 5 senders and recipients of emails containing anomalies.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Access token re-creation with a different admin for collaboration services in Cloud Email and Collaboration Protection

Fri, 15 Nov 2024 00:00:00 GMT

November 15, 2024—Cloud Email and Collaboration Protection enhances the access token re-creation process for Box, Dropbox, and Google Drive. Previously, access tokens can only be re-created using the same administrator of the current service account. Customers now are able to re-create access tokens with a different administrator, which is particularly useful when there are changes in team members.

To ensure that quarantined files can be managed by the new administrator, Cloud Email and Collaboration Protection also provides a guide to help customers transfer all existing quarantined files from the original administrator’s quarantine folder to the new administrator’s folder.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Automatic recovery of false positive emails in Exchange Online (inline mode) and Gmail (inline mode) in Cloud Email and Collaboration Protection

Fri, 15 Nov 2024 00:00:00 GMT

November 15, 2024—Cloud Email and Collaboration Protection enhances its automatic recovery capabilities to identify false positive emails in Exchange Online (inline mode) and Gmail (inline mode). It then automatically reverses the Quarantine action, delivering these emails directly to end users’ inboxes.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access On-premises Gateway Version 1.0.56

Mon, 18 Nov 2024 00:00:00 GMT

November 18, 2024—ZTSA Gateway Version 1.0.56 provides enhanced security and connectivity features.

This update includes the following changes:

New Features

Supports on-premises gateway integration with SPN Proxy to reduce the number of FQDNs for firewall exceptions.
Support Anthropic/Claude public AI Service on advanced content inspection.

Enhancements

Fixed the file scanning issue in ICAP mode with media/stream content.
Fixed the discovered faulty server certificate not being uploaded in certain conditions.
Enhanced the cache reloading mechanism after the AU update is completed.

Custom tagging available for TrendAI Vision One resources deployed to AWS Cloud Accounts

Mon, 18 Nov 2024 00:00:00 GMT

November 18, 2024—You can now add custom tags to TrendAI Vision One™ resources deployed to your AWS accounts using the Cloud Accounts app. Use custom tags help support cost tracking, automation, and other downstream workflows that rely on AWS tags. The feature supports tagging resources deployed using CloudFormation.

Cloud Security → Cloud Accounts

Pay-as-you-go billing now available for TrendAI Vision One cloud security solutions via AWS Marketplace

Mon, 18 Nov 2024 00:00:00 GMT

November 18, 2024—Pay only for what you use with consumption-based billing, available for customers who purchase a TrendAI Vision One™ pay-as-you-go contract from AWS Marketplace. The following offerings currently support pay-as-you-go, in addition to credits:

Cloud Risk Management
Container Security
File Security Storage

For more information, see Pay-as-you-go.

TrendAI™ Flex Licensing → Platform Usage and Credits

Zero Trust Secure Access on-premises gateway supports consolidated FQDN for Smart Protection Network services

Mon, 18 Nov 2024 00:00:00 GMT

November 18, 2024—The Zero Trust Secure Access - Internet Access On-premises Gateway now integrates the Smart Protection Network Proxy for SPN-related service connections. This reduces the number of FQDN items required for firewall exceptions. For more details refer to Firewall exception requirements for TrendAI Vision One™ .

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Custom filters now support Email and Collaboration Activity logs

Mon, 18 Nov 2024 00:00:00 GMT

November 18, 2024—Create custom detection filters with the MESSAGE_ACTIVITY event type and COLLABORATION_ACTIVITY event ID to enhance email and collaboration activity detections.

For more information, see Email and collaboration activity data sources.

Agentic SIEM and XDR → Detection Model Management

TrendAI Vision One - XDR for Cloud extends detection and response capabilities to Amazon Security Lake

Mon, 25 Nov 2024 00:00:00 GMT

November 25, 2024—XDR for Cloud now integrates with Amazon Security Lake, allowing customers to send their Security Lake data to TrendAI Vision One™. Connect TrendAI Vision One™ to your Amazon Security Lake to forward your CloudTrail Logs, VPC Flow Logs, WAF Logs, EKS Audit Logs, Route53 Resolver Query Logs, and SecurityHub Findings. Get actionable insight into your environment with XDR detection models that alert you about malicious and suspicious activity happening in your cloud resources, services, and network.

Cloud Security → Cloud Accounts → AWS

Alibaba Cloud is now a supported cloud provider in Cyber Risk Exposure Management

Mon, 25 Nov 2024 00:00:00 GMT

November 25, 2024—Alibaba Cloud is now a supported service provider for cloud assets in Cyber Risk Exposure Management and Cloud Security, enhancing your Cloud Risk Management monitoring capabilities. To monitor Alibaba Cloud accounts, add your Alibaba Cloud account in Cloud Accounts.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Close related Workbench alerts

Mon, 25 Nov 2024 00:00:00 GMT

November 25, 2024—When closing a case associated with an insight, users can close all Workbench alerts for the insight. These related alerts can inherit the case findings if they do not already have findings. Alerts with existing findings keep those findings.

Agentic SIEM & XDR → Workbench → All Alerts

Endpoint Sensor Agent firewall exceptions added

Fri, 29 Nov 2024 00:00:00 GMT

November 29, 2024—Firewall exceptions were added for Endpoint Sensor Agents in all regions.

New firewall exceptions:

files.trendmicro.com
ipv6-iaus.trendmicro.com
ipv6-iaus.activeupdate.trendmicro.com
iaus.activeupdate.trendmicro.com
iaus.trendmicro.com

For more information see the firewall exceptions for your region:

Server & Workload Protection now supports CPU usage control for Linux agents

Fri, 29 Nov 2024 00:00:00 GMT

November 29, 2024—CPU usage control is now available for Server & Workload Protection agents version 20.0.1-4540 and later. Use the feature to limit the impact of Anti-Malware Scans and Activity Monitoring on your endpoint or server processing resources.

For more information, see Configure CPU usage control.

Endpoint Security → Server & Workload Protection → Computers

Cloud Risk Management Configurations & Reports Public API Now Available

Fri, 29 Nov 2024 00:00:00 GMT

November 29, 2024—You can now access the new Cloud Risk Management public APIs for Configurations & Reports through the TrendAI Vision One™ Automation Center.

Cloud Risk Management → Cloud Security Posture

Standard Endpoint Protection, Server & Workload Protection, and Endpoint Sensor now support Windows 11 (24H2)

Fri, 29 Nov 2024 00:00:00 GMT

November 29, 2024—The TrendAI Vision One™ Endpoint Security agent now supports Windows 11 (24H2) for Standard Endpoint Protection, Server & Workload Protection, and Endpoint Sensor-only deployments.

For details on supported Windows platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Service Gateway: Local ActiveUpdate Service Version 3.0.8

Sun, 01 Dec 2024 00:00:00 GMT

December 3, 2024—Service Gateway Local ActiveUpdate Service Version 3.0.8 includes enhancements, bug fixes, and security updates for the ActiveUpdate service hosted on Service Gateway appliances.

This update includes the following changes:

This update enhances stability to prevent the download process from hanging.
This update upgrades aiohttp to the latest version to address vulnerabilities CVE-2023-49081, CVE-2023-49082, and BDSA-2024-5281.
This update improves the stability of product update downloads in Local ActiveUpdate.

Service Gateway Firmware Version 3.0.16

Sun, 01 Dec 2024 00:00:00 GMT

December 16, 2024—Service Gateway Firmware Version 3.0.16 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update introduces enhancements to the audit logs of Service Gateway virtual appliances.
This update includes new CLI commands to support enhanced Internet Access configuration.

Service Gateway Firmware Version 3.0.15

Sun, 01 Dec 2024 00:00:00 GMT

December 3, 2024—Service Gateway Firmware Version 3.0.15 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update enables the Service Gateway to support Simple Network Management Protocol (SNMP).
This update allows Nutanix to support two images of different sizes.

Server & Workload Protection firewall exceptions added

Sun, 01 Dec 2024 00:00:00 GMT

December 2, 2024—Firewall exceptions were added for Server & Workload Protection in the Middle East and Africa region.

New firewall exceptions:

workload.ae-1.cloudone.trendmicro.com
agents.workload.ae-1.cloudone.trendmicro.com
.workload.ae-1.cloudone.trendmicro.com
agent-comm.workload.ae-1.cloudone.trendmicro.com
dsmim.workload.ae-1.cloudone.trendmicro.com
relay.workload.ae-1.cloudone.trendmicro.com
xdr-resp-ioc.workload.ae-1.cloudone.trendmicro.com
gateway.workload.ae-1.cloudone.trendmicro.com
gateway-control.workload.ae-1.cloudone.trendmicro.com

For more information, see the firewall exceptions for your region:

Middle East and Africa

Standard Endpoint Protection firewall exceptions added

Sun, 01 Dec 2024 00:00:00 GMT

December 2, 2024—Firewall exceptions were added for Standard Endpoint Protection in all regions.

New firewall exceptions:

aurd-test2.activeupdate.trendmicro.com
support-connector-api.manage.trendmicro.com
support-connector-service.manage.trendmicro.com
supportconnectorpacks.manage.trendmicro.com
rpcollectedthings.blob.core.windows.net

For more information see the firewall exceptions for your region:

Zero Trust Secure Access On-premises Gateway Version 1.0.57

Mon, 02 Dec 2024 00:00:00 GMT

December 2, 2024—Zero Trust Secure Access On-premises Gateway Version 1.0.57 includes optimization for local cache mechanisms.

This update includes the following changes:

Optimized the local cache mechanism in peak hours for better user/group information handling.

XDR for Cloud - VPC Flow Log Monitoring now supports AWS region me-south-1

Mon, 02 Dec 2024 00:00:00 GMT

December 2, 2024—XDR for Cloud - VPC Flow Log Monitoring extends AWS VPC Flow Log monitoring support to the me-south-1 region. Deploy VPC Flow Log Monitoring in this region to leverage advanced capabilities to analyze network traffic and enhance threat detection.

Cloud Security → Cloud Accounts → AWS

Server & Workload Security SAP Scanner feature now uses TrendAI Vision One credits

Mon, 02 Dec 2024 00:00:00 GMT

December 2, 2024—You can now allocate credits to enable SAP Scanner for TrendAI Vision One™ - Endpoint Security (Pro). You can view your current credit balance in the Platform Usage and Credits app to help estimate future credit usage. Additionally, all existing SAP Scanner licenses are automatically converted to TrendAI Vision One™ credits upon updating from Cloud One Endpoint & Workload Security to TrendAI Vision One™ Server & Workload Security.

Endpoint Security → Server & Workload Protection

Automated tagging for security resources deployed to your AWS environment

Mon, 02 Dec 2024 00:00:00 GMT

December 2, 2024—Automated tagging is now available for resources deployed to your AWS account by the Cloud Accounts app. Resources deployed by the Cloud Accounts app have the "TrendMicroProduct" tag added. You can use these tags to track resources and costs from the Cloud Accounts features. To add the tags to an existing connection, update your AWS account resource stack.

For more information, see .Resources deployed in AWS environments

Cloud Security → Cloud Accounts → AWS

Standard Endpoint Protection Exception Lists now features Rule Exceptions

Tue, 03 Dec 2024 00:00:00 GMT

December 3, 2024—Standard Endpoint Protection now supports adding detection exceptions based on Rule IDs to exclude specified rules from Anti-Malware Scans, Behavior Monitoring, and Suspicious Connection.

Endpoint Security → Standard Endpoint Protection

New Widgets added to Security Posture Dashboard under Cloud Risk Management

Wed, 04 Dec 2024 00:00:00 GMT

December 4, 2024—We've added four new widgets in the Security Dashboard for Cloud Risk Management app under Cloud Security Posture, for a quick view of your overall Cloud Risk Management. The new widgets are: Protection, Potential Attack Path, Security Posture, and Compliance.

Cloud SecurityCloud Risk Management

Context menu for highlighted objects

Wed, 04 Dec 2024 00:00:00 GMT

December 4, 2024—Workbench users can access response actions and detailed profiles from the context menu on the Highlighted Objects tab.

Agentic SIEM and XDR → Workbench

Email warning banner available for Anomaly Detection by Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 06 Dec 2024 00:00:00 GMT

December 6, 2024—Besides the Add-in for Outlook for end user feedback, Cloud Email and Collaboration Protection provides an option in ATP policy configuration for administrators to add a warning banner at the top of incoming anomalous emails detected by Correlated Intelligence predefined correlation rules. This serves as another approach for end users to report emails to TrendAI™ as false positives or false negatives to help improve threat detection. The banner also provides a rationale for the warning to advise end users on exercising caution when interacting with the message.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Two more predefined detection signals available for Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 06 Dec 2024 00:00:00 GMT

December 6, 2024—Cloud Email and Collaboration Protection supports two predefined detection signals that incorporates social graph data between senders and recipients for anomaly detection in Correlated Intelligence. The signals check for the newly observed sender addresses and domains based on recipients within the last 30 days to help anomaly detection in the customer’s environment.

These detection signals are not available in all regions.

Email and Collaboration Security → Cloud Email and Collaboration Protection

DLP expression performance check in Cloud Email and Collaboration Protection

Fri, 06 Dec 2024 00:00:00 GMT

December 6, 2024—Cloud Email and Collaboration Protection conducts a performance check on custom expressions for Data Loss Prevention (DLP) to ensure that they have suitable matching performance. When administrators create and save an expression, the back-end conducts a performance check. Based on the results, the system either confirms that the expression can be saved successfully or displays a warning advising the administrator to review and update the expression before saving again.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced third-party ticketing and notification options in Case Management

Fri, 06 Dec 2024 00:00:00 GMT

December 6, 2024—Case Management now offers granular control over third-party ticketing system integration and notification settings at the individual case level.

You can configure case-specific ServiceNow ticket destinations and customize notification channels through webhooks and email, enabling bi-directional synchronization between TrendAI Vision One™ cases and external ticketing systems.

Workflow and Automation → Case Management

Boost brand visibility with BIMI in Cloud Email Gateway Protection

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—Cloud Email Gateway Protection enhances your DMARC enforcement with Brand Indicators for Message Identification (BIMI), allowing you to display your brand’s logo in recipient inboxes. Administrators can verify if their published BIMI records are correctly set up and active, or they can create a BIMI record and preview it in the administrator console before publishing it in DNS. This feature helps increase your brand visibility and builds customer trust.

Email and Collaboration Security → Cloud Email Gateway Protection

AI-generated incident investigation reports

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—Generate comprehensive PDF reports for true-positive Workbench cases that originate from Workbench Insights.

Companion can now generate PDF reports that include Workbench Insights summaries, threat activity timelines, actions taken, and recommendations to help security teams quickly understand and communicate investigation findings.

Workflow and Automation → Case Management

Sync Cyber Risk Exposure Management case information with ServiceNow

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—You can now use Case Management to synchronize Cyber Risk Exposure Management case information into ServiceNow. When creating a ticket profile for the TrendAI Vision One™ for ServiceNow Ticketing System, select "Cyber Risk Exposure Management case" from the Case type list. Then, when users open a case in Threat and Exposure Management, they can select the ticket profile to synchronize the case with ServiceNow.

For more information, see Configure ServiceNow ITSM to enable TrendAI Vision One™ for ServiceNow ticketing system.

Note

To use this feature, you must install or upgrade to TrendAI Vision One™ Connector 2.2 or later in ServiceNow.

Workflow and Automation → Case Management

New taskstatus command available for remote shell

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—The Start Remote Shell Session response action now supports the taskstatus command, which allows you to view the status of the response tasks created in the current remote shell session.

For more information, see Start remote access (formerly shell) session task.

Workflow and Automation → Response Management

Case Management now supports Cyber Risk Exposure Management cases

Mon, 09 Dec 2024 00:00:00 GMT

November 29—To streamline your risk reduction workflows, in Case Management you can now assign priority and ownership to cases containing risk events from Threat and Exposure Management. When you open a case in Threat and Exposure Management, you can choose which third-party ticketing system, webhook channel, or email address to notify.

Cyber Risk Exposure Management → Threat and Exposure Management

Workflow and Automation → Case Management

Create new cases or assign risk events to existing cases directly in Cyber Risk Exposure Management apps

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—Resolving risk events is an important task for security operations team members and IT operations. In large organizations, many individuals are involved in risk mitigation tasks, Requiting team members to leverage Case Management for more efficient collaboration. Now in Threat and Exposure Management, users can create new cases or assign risk events to existing cases. Cases can be closed after marking risk event statuses as risk mitigated, dismissed or accepted. All tasks related to the case can be viewed and managed from Case Management.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Case Management now supports Cyber Risk Exposure Management cases

Mon, 09 Dec 2024 00:00:00 GMT

Cyber Risk Exposure Management → Threat and Exposure Management

Workflow and Automation → Case Management

Related Observed Attack Techniques event suggestions for Workbench Insights

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—Companion now suggests related Observed Attack Techniques events when you are working with Workbench Insights. This feature helps SOC analysts conduct more thorough investigations by identifying and incorporating relevant events.

Agentic SIEM and XDR → Observed Attack Techniques

MITRE TTP notifications in Workbench

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—Workbench alerts now include MITRE tactics, techniques, and procedures (TTP) notifications.

Agentic SIEM and XDR → Workbench

Workbench Companion suggests noteworthy insights

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—Companion uses machine learning to identify noteworthy or false-positive Workbench insights and proactively recommend a guided workflow for investigation and remediation.

Agentic SIEM and XDR → Workbench

AI-powered case summaries

Mon, 09 Dec 2024 00:00:00 GMT

December 9, 2024—You can now use Companion to generate summaries of open cases that include case activities, updates, and findings.

This feature streamlines case handoffs between analysts by consolidating information into concise summaries, helping SOC teams keep consistent case documentation and improve collaboration efficiency.

Container Security firewall exceptions added

Tue, 10 Dec 2024 00:00:00 GMT

December 10, 2024—Firewall exceptions were added for Container Security in all regions. Some outdated exceptions were also removed to maintain optimal firewall configurations.

New firewall exceptions:

vcs-storage-.xdr.trendmicro.com
upload.artifactscan..cloudone.trendmicro.com
report.artifactscan..cloudone.trendmicro.com

The following firewall exceptions are no longer needed and should be removed:

URLs ending in amazonaws.com
raw.githubusercontent.com

For more information and specific URLs, see the firewall exceptions for your region:

Zero Trust Secure Access On-premises Gateway Version 1.0.58

Wed, 11 Dec 2024 00:00:00 GMT

December 11, 2024—Zero Trust Secure Access On-premises Gateway Version 1.0.58 includes enhanced AI service access, improved domain matching logic, and various bug fixes.

This update includes the following changes:

Enhanced AI Service Access on content inspection for Bedrock GenAI service.
Enhanced the domain/URL matching logic in certain features.
Fixed the scan process crash issue in high-end spec with more vCPU allocated.
Fixed the WRS query failure issue for specific long URLs.
Trimmed the UPN from authentication token before retrieving the user group info by the UPN.
Fixed the OOM issue when carrying out Predictive Machine Learning scanning of archive files with lots of child files.

TrendAI Vision One public APIs available to retrieve email assets

Fri, 13 Dec 2024 00:00:00 GMT

December 13, 2024—You can now use the TrendAI Vision One™ RESTful APIs to get managed email accounts, email domains, and email servers from Email Asset Inventory.

For more information, see TrendAI Vision One™ Automation Center.

Email and Collaboration Security → Email Asset Inventory

Zero Trust Secure Access -Internet Access new PoP site in Oracle Colombia region

Fri, 13 Dec 2024 00:00:00 GMT

December 13, 2024 - Zero Trust Secure Access Internet Access now supports the Oracle Colombia Central (Bogota) region. Users in the region may configure their service FQDNs to reflect the new location.

For more information, see Port and FQDN/IP address requirements

Public APIs for Container Security now available on TrendAI Vision One Automation Center

Sun, 15 Dec 2024 00:00:00 GMT

December 15, 2024—Public APIs for TrendAI Vision One™ Container Security are now available on the TrendAI Vision One™ Automation Center. See the Automation Center for more information.

Send to Sandbox support for TippingPoint Network Sensor files

Mon, 16 Dec 2024 00:00:00 GMT

December 16, 2024—TippingPoint Network Sensor now supports the sending of files to the Sandbox Analysis app. When TippingPoint Network Sensor is enabled in conjunction with Send to Sandbox, the sandbox analysis will result in additional charged credits.

Network Security → Network Inventory

View all response actions taken on playbook targets

Tue, 17 Dec 2024 00:00:00 GMT

December 17, 2024—If the action taken on a playbook target is In progress, Successful, or Unsuccessful, you can click View All Actions on the Target in Action Details to view a comprehensive list of all response actions on the target within the Response Management app. This enhancement enables more accurate and timely decision-making, such as revoking an action (if applicable).

For more information, see Action details.

Workflow and Automation → Security Playbooks

Automated Response Playbooks: time-bound execution, enhanced filtering, and improved email notifications

Tue, 17 Dec 2024 00:00:00 GMT

December 17, 2024—Automated Response Playbooks have been enhanced with several new features. You can now set playbooks to execute automatically only during specified periods, providing greater control over when actions are taken. Additionally, the playbooks offer new options in the IP address condition, allowing for more precise filtering of targeted endpoints by including both Server IP and Client IP options.

Email notifications for manual approval and execution results have also been improved. These notifications now include associated Workbench alert information, giving you more context and details about the actions being taken. This enhancement ensures that you are better informed and can make more timely and accurate decisions.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Virtual Network Sensor Firewall Exception added

Thu, 19 Dec 2024 00:00:00 GMT

December 19, 2024—Virtual Network Sensor firewall exception added for customers with "Send to Sandbox" feature enabled.

This update includes the following changes:

grid-global.trendmicro.com

The following pre-existing firewall exceptions are only required for customers with "Send to Sandbox" enabled:

api.ddcloud.trendmicro.com
api.en.ddcloud.trendmicro.com
api.me-central-1.uae.ddcloud.trendmicro.com

The following firewall for Japan region was updated:

"api-ni.xdr.trendmicro.com.jp" has been changed to "api-ni.xdr.trendmicro.co.jp"

For more information and specific URLs, see the firewall exceptions for your region:

Virtual Network Sensor version 1.0.1419

Wed, 01 Jan 2025 00:00:00 GMT

January 8, 2025—Virtual Network Sensor version 1.0.1419 includes enhancements, bug fixes, and security updates.

Updated Syslog CEF log header values for Workbench and Observed Attack Techniques

Mon, 06 Jan 2025 00:00:00 GMT

January 6, 2025—To align with trademarking requirements, Vision One will update to TrendAI Vision One™ in the header values for CEF keys Header (Device Product) and Header (Name) in Syslog connector (on-premises/SaaS) Workbench logs and Observed Attack Techniques logs on January 20, 2025.

For more information, see Modification of CEF header values - TrendAI Vision One™.

Workflow and Automation → Third-Party Integrations

Identity Inventory supports Active Directory (on-premises)

Mon, 06 Jan 2025 00:00:00 GMT

January 6, 2025—Identity Inventory, part of the Identity Security app group, now supports Active Directory (on-premises) as an IdP. Connect your Active Directory server to TrendAI Vision One™ and enable read and write permissions to begin syncing your Active Directory identity data and getting more visibility into the identities in your environment.

Identity Security → Identity Inventory

TrendAI Vision One Endpoint Security agent January 2025 update - Windows

Wed, 08 Jan 2025 00:00:00 GMT

January 8, 2025—TrendAI Vision One™ Endpoint Security agent version 202501 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Web Service Communicator (WSC) plug-in version 1.1.05066
Service communication manager (VOM) plug-in version 1.2.0.640
Endpoint sensor version 1.2.0.5827
Vulnerability assessment version 1.0.0.3743
Standard Endpoint Protection version 14.0.14260
Server & Workload Protection version 20.2.1390

Detailed release notes:

New features

The following features and support enhancements
- Standard Endpoint Protection now supports Windows Server 2025
- Server & Workload Protection now supports Windows Server 2025
Enhancements
- Enhanced data collection for Vulnerability Assessment
- Server & Workload Protection now queues packets to process packets in sequence, improving performance
- Server & Workload Protection includes updates to improve spyware prevention features
- Server & Workload Protection firewall events now include the username information when possible. This feature is in pre-release preview and is not available in all regions.
Bug fixes and resolved issues
- Fixed an issue with Standard Endpoint Protection where GUID synchronization fails to trigger
- Fixed an issue with Server & Workload Protection where enabling Advanced TLS Traffic Inspection sometimes caused agent connectivity issues
- The update package includes several bug fixes for included component and module updates
Security updates
- The update package includes updates to third-partly libraries for Server & Workload Protection
- The update package includes several security enhancements for included component and module updates

Release schedule:

Batch 1: January 8, 2025
Batch 2: January 15, 2025
Batch 3: January 22, 2025

TrendAI Vision One Endpoint Security agent January 2025 - Linux

Wed, 08 Jan 2025 00:00:00 GMT

This update includes the following component and module updates:

Agent program services package 1.1.0.6462
Endpoint sensor version 3.0.0.5375
Server & Workload Protection version 20.2.1390

Detailed release notes:

New features

The following features and support enhancements
- Server & Workload Protection Activity Monitoring now supports hypersensitive mode on Linux platforms to provide improved MITRE coverage
Enhancements
- Updates CACert
- Enhances data collection feature of Cyber Risk Exposure Management module
- Server & Workload Protection now queues packets to process packets in sequence, improving performance
- Server & Workload Protection firewall events now include the username information when possible. This feature is in pre-release preview and is not available in all regions.
Bug fixes and resolved issues
- Fixed an issue with Server & Workload Protection where enabling Advanced TLS Traffic Inspection sometimes caused agent connectivity issues
- The update package includes several bug fixes for included component and module updates
Security updates
- The update package includes updates to third-partly libraries for Server & Workload Protection
- The update package includes several security enhancements for included component and module updates

Release schedule:

Batch 1: January 8, 2025
Batch 2: January 15, 2025
Batch 3: January 22, 2025

TrendAI Vision One Endpoint Security agent January 2025 update - macOS

Wed, 08 Jan 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.503
- ws_communicator.app
- XBCAgent.app
- PreCheck.app
- SilentInstaller.app
Endpoint sensor version 1.2.503
Standard Endpoint Protection version 3.5.7952

Detailed release notes:

New features

The following features and support enhancements
- Version control policies now supports macOS endpoint agents
Bug fixes and resolved issues
- The update package includes several bug fixes for included component and module updates

Release schedule:

Batch 1: January 8, 2025
Batch 2: January 15, 2025
Batch 3: January 22, 2025

Runtime Malware Scanning now supports more mitigations

Thu, 09 Jan 2025 00:00:00 GMT

January 9, 2025—TrendAI Vision One™ now provides mitigation for malware scanning, including isolate and terminate options in Container Security. You can configure these options in Container Protection → Policies → Runtime.

For more information, see Managing Kubernetes protection policies.

Cloud Security → Container Security → Container Protection

DLP policy enhancement for Exchange Online in Cloud Email and Collaboration Protection

Fri, 10 Jan 2025 00:00:00 GMT

January 10, 2025—Data Loss Prevention policy now supports scanning email header fields in addition to email subject, body, and attachment as scan targets for Exchange Online. You can also apply DLP policies to incoming messages in addition to "Sent messages only" and "All messages."

Email and Collaboration Security → Cloud Email and Collaboration Protection

Two more predefined detection signals available for Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 10 Jan 2025 00:00:00 GMT

January 10, 2025—Besides the existing recipient-based social graph related detection signals, Cloud Email and Collaboration Protection adds two more predefined detection signals of this type. The signals check for the newly observed sender addresses and domains based on companies within the last 30 days to help anomaly detection in the customer’s environment.

These detection signals are not available in all regions.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access module for macOS version 2.16.816

Mon, 13 Jan 2025 00:00:00 GMT

January 13, 2025—Zero Trust Secure Access module for macOS version 2.16.816 provides enhanced security and management capabilities.

This update includes the following changes:

Enhancements
- Enhances the onboarding process for macOS 15

Zero Trust Secure Access module for Windows version 2.18.1037

Mon, 13 Jan 2025 00:00:00 GMT

January 13, 2025—Zero Trust Secure Access module for Windows version 2.18.1037 provides enhanced security and management capabilities.

This update includes the following changes:

Enhancements
- Adds www.recaptcha.net to whitelist when authentication method is browser-based
- Cleans WebView2 user data folder when Zero Trust Secure Access module starts
- Eliminates use of tasklist.exe in Private Access
Bug fixes and resolved issues
- Fixed issue creating repeating requests for multi-factor authentication (MFA)
- The update package includes several fixes for known or reported bugs

Zero Trust Secure Access On-premises Gateway Version 1.0.59

Mon, 13 Jan 2025 00:00:00 GMT

January 13, 2025—Zero Trust Secure Access On-premises Gateway Version 1.0.59 includes enhanced machine learning integration, AI service updates, and performance improvements.

This update includes the following changes:

Enhanced Predictive Machine Learning integration to support Office with Macro files.
Updated content inspection for Copilot AI service due to protocol change.
Show a blocking page to an endpoint for traffic forwarded by the SA module either with an invalid authentication token or without an authentication token.
Improved performance for downloading large files in a slow network environment.
Fixed the core dump issue caused by non-RFC compliant HTTP/2 traffic.
Fixed the potential memory leak in ICAP mode.

Custom correlation rules for anomaly detection available in Correlated Intelligence in Cloud Email Gateway Protection

Mon, 13 Jan 2025 00:00:00 GMT

January 13, 2025—Besides the TrendAI™ predefined correlation rules, administrators can add custom correlation rules based on predefined detection signals to accommodate anomaly detection requirements in their environment. Administrators can apply custom correlation rules into the Correlated Intelligence policy and view details about detected anomalies in policy events logs. Furthermore, Cloud Email Gateway Protection offers flexibility by enabling administrators to select all or specific predefined correlation rules to detect suspicious emails and possibly unwanted emails.

Email and Collaboration Security → Cloud Email Gateway Protection

Trigger additional response actions from the context menu

Mon, 13 Jan 2025 00:00:00 GMT

January 13, 2025—You can now trigger the following restorative response actions on the corresponding targets from Attack Surface Discovery, Endpoint Inventory, Workbench, Observed Attack Techniques, and the Search app via the context menu:

Resume Container on isolated containers
Restore Connection on isolated endpoints
Enable User Account on disabled user accounts
Remove from Zscaler Restricted User Group on added user accounts

For more information, see Response actions.

Workflow and Automation → Response Management

Enhanced risk assessment for SaaS applications

Mon, 13 Jan 2025 00:00:00 GMT

January 13, 2025—The Applications tab in Attack Surface Discovery now displays apps organized into three separate categories: public cloud apps, connected SaaS apps, and local apps. The new categories apply across all ASRM apps. Public cloud apps include all apps your users visit, ranked by reputation. Local apps detected on endpoints and analyzed according to sanctioned status and risk level. Connecting the SaaS apps managed by your organization allows for further risk assessment and analysis to enhance your SaaS security posture management.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Zero Trust Secure Access module for Windows server version 2.30.1037

Tue, 14 Jan 2025 00:00:00 GMT

January 14, 2026—The latest version of the Zero Trust Secure Access Module for Windows has been released. It contains new features, enhancements and resolved issues.

New features

Added a Private Notification toggles in Zero Trust Secure Access → Customization Setting → Secure Access Module Notification

Enhancements

Prevents the creation of duplicate network adapters when Private Access is disabled
Ensures Internet Access does not enter bypass mode when a network adapter is disabled.
Added "Broadcom" into the list of supported antivirus vendors in the Device Posture Profile.
Update the copyright year to 2026.

Resolved issues

Fixed an issue where the browser displayed sign-in page if a proxy variable was assigned to a different proxy twice in a PAC file.
Fixed an issue where the sign-in pop-up appeared in the incorrect user's session in multi-user environments.
Fixed an issue where the Internet Access diagnostic page displayed "not connected" and the subsequent connections bypassed the proxy after the PAC file was modified.

Fixed issues found in versions 2.29.1043 and 2,29.1047.

Alibaba Cloud support in Container Security

Thu, 16 Jan 2025 00:00:00 GMT

January 16, 2025—TrendAI Vision One™ now supports Alibaba Cloud ACK in Container Security. Add an Alibaba cluster in Container Inventory → Kubernetes → Alibaba Cloud ACK to see the ACK cluster, node, and pod information. Use the Map to Cloud Account function to enable Cyber Risk Exposure Management.

For more information, see Connecting Alibaba Cloud ACK clusters.

Cloud Security → Container Security → Container Inventory

TrendAI Vision One achieves ISO 20243 compliance

Fri, 17 Jan 2025 00:00:00 GMT

January 17, 2025—We are pleased to announce that TrendAI Vision One™ has achieved ISO 20243 compliance.

ISO 20243 is an internationally recognized standard aimed at mitigating risks associated with maliciously tainted and counterfeit products. By meeting these stringent requirements, TrendAI Vision One™ ensures the delivery of reliable and secure solutions to our customers.

Use Global Search to search detections, assets, and vulnerabilities across the TrendAI Vision One platform

Mon, 20 Jan 2025 00:00:00 GMT

January 20, 2025—Click the search bar at the top of the screen in the TrendAI Vision One™ console and type a keyword to search detections, assets, and vulnerabilities across the platform. This enhancement gives an overview of the information you need from apps across TrendAI Vision One™ all in one convenient place.

Sync MDR case information with ServiceNow

Mon, 20 Jan 2025 00:00:00 GMT

January 20, 2025—Managed Services users can now synchronize MDR case information with ServiceNow. To create a ticket profile, go to Third-Party Integration → TrendAI Vision One™ for ServiceNow Ticketing System and select "MDR case" as the case type. Then go to XDR Threat Investigation → Managed Services → Settings → Cross-App Management, enable automatic creation of ServiceNow tickets when MDR cases are created, and select the ticket profile to synchronize the case with ServiceNow.

Workflow and Automation → Third-Party Integrations

Hotfix for Linux agents - Jan 21, 2025

Tue, 21 Jan 2025 00:00:00 GMT

January 21, 2025—TrendAI Vision One™ Endpoint Security agent version 202501 hotfix addresses the following component and module updates.

This update includes the following changes:

Agent program services package 1.1.0.6583

Bug fixes and resolved issues

Fixes an issue where updating the agent program services package failed when updating from versions 1.1.0.5803 and earlier.

TrendAI Vision One Endpoint Security agents now support Windows Server 2025.

Tue, 21 Jan 2025 00:00:00 GMT

January 21, 2025—The TrendAI Vision One™ Endpoint Security agent now supports deploying to Windows Server 2025 endpoints.

For more details about supported platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Improved support for custom rules

Thu, 23 Jan 2025 00:00:00 GMT

January 23, 2026—An improvement to custom rule support for Container Security runtime protection allows you to import custom rules through the TrendAI Vision One™ console to apply them to the Container Security policy.

For more information, see Import custom rules in the console.

Cloud Security → Container Security

File Security Storage for AWS auto-cleans out-of-date Lambda versions

Tue, 28 Jan 2025 00:00:00 GMT

January 28, 2026—File Security Storage now includes an auto-cleanup feature that removes older Lambda versions. You must redeploy your Client Stack to enable this feature as it requires additional IAM permissions.

For more information, see Enable auto-cleanup of older Lambda versions.

Cloud Security → File Security → File Security Storage

CIS Benchmark scanning for Amazon EKS version 1.5.0 now available

Wed, 29 Jan 2025 00:00:00 GMT

January 29, 2025—TrendAI Vision One™ now supports compliance scanning for both CIS benchmarks for Amazon EKS versions 1.4.0 and 1.5.0 for your EKS clusters. You can now select which supported benchmark version will be used for each cluster type.

For more information, see Compliance.

Cloud Security → Container Security → Container Protection

Multiple process image file exclusion lists

Fri, 31 Jan 2025 00:00:00 GMT

January 31, 2025—In Server & Workload Protection, the process image file list is now part of the inheritance exclusion list, and applies to real-time exclusions. The setting is available through Server & Workload Protection > Policies > Anti-Malware > Exclusions.

For more information, see Overview section of the policy editor.

Endpoint Security → Server & Workload Protection

New APIs available for Cloud Risk Management

Fri, 31 Jan 2025 00:00:00 GMT

January 31, 2025—The Cloud Risk Management “Communication Settings" and "Checks” public APIs are now available on the TrendAI Vision One™ Automation Center. For more information, visit the TrendAI Vision One™ Automation Center.

Automated cluster registration in Container Security

Fri, 31 Jan 2025 00:00:00 GMT

January 31, 2025—TrendAI Vision One™ now offers automated cluster registration so that you can add many Kubernetes clusters without a repetitive installation flow. Automated cluster registration allows you to use a single TrendAI Vision One™ API Key to register all your Container Security clusters, which helps automate the deployment of Container Security protection.

For more information, see Obtain an API key for automated cluster registration.

Cloud Security → Container Security → Container Inventory

Service Gateway Firmware Version 3.0.17

Sat, 01 Feb 2025 00:00:00 GMT

February 19, 2024—Service Gateway Firmware Version 3.0.17 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update introduces bug fixes for predefined iptables rules that were incorrectly configured.

XDR for Cloud - AWS VPC Flow Logs officially released

Sat, 01 Feb 2025 00:00:00 GMT

February 1, 2025—The Cloud Detections for AWS VPC Flow Logs feature, part of TrendAI Vision One™ - XDR for Cloud, is officially released as a paid feature to all users. Additionally, the daily log ingestion limit is removed. XDR for Cloud - AWS VPC Flow Logs requires allocating credits to use.

Cloud Security → Cloud Accounts

Reduced credit requirement for TrendAI Vision One - XDR for Cloud

Sat, 01 Feb 2025 00:00:00 GMT

February 1, 2025—The credit usage requirement for TrendAI Vision One™ - XDR for Cloud has been reduced from 62 credits to 3 credits per GB of data ingested. For existing customers who have already allocated credits to the solution, the additional credits are automatically returned to your credit balance.

Cloud Security → Cloud Accounts

Cloud Risk Management releases CIS Azure Foundations Benchmark 6.0

Mon, 03 Feb 2025 00:00:00 GMT

February 03, 2026—TrendAI Vision One™ - Cloud Risk Management has released the following new compliance standard:

CIS Foundations Benchmarks. - CIS Azure Foundations Benchmark v6.0.0: Cloud Risk Management has updated the CIS Azure compliance standard to the latest version to meet the Center of Internet Security (CIS) Foundations Benchmarks for Microsoft Azure. You can now filter Checks and download Compliance Reports to ensure your cloud environment complies with the latest CIS Foundations Benchmarks. - CIS Azure Foundations Benchmark v6.0.0.

Deprecation Notice: We've also deprecated CIS Azure Foundations Benchmark v4.1.0 for removal on April 27 2026. It will no longer be accessible in the filters, preventing the creation of new reports or report-configurations with this outdated benchmark. If any existing report configurations include deprecated compliance standards, it will not be possible to generate new PDF/CSV reports. However, the list of previously generated PDF/CSV reports remains available. TrendAI Vision One™ Cloud Risk Management recommends updating your report configurations to use the latest versions of CIS Azure Foundations Benchmark before April 27 2026.

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Mobile Security for Business app version 2.0.1100

Wed, 05 Feb 2025 00:00:00 GMT

February 5, 2025—Mobile Security for Business app version 2.0.1100 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes an issue where Web Reputation does not work properly.
Fixes incorrect notification wording for scheduled and manual scans.

Attack Surface Risk Management is now Cyber Risk Exposure Management

Fri, 07 Feb 2025 00:00:00 GMT

February 7, 2025— TrendAI Vision One™ is expanding capabilities to deliver more value. Attack Surface Risk Management is now Cyber Risk Exposure Management (CREM), emphasizing proactive risk identification, assessment, and mitigation. With current cutting-edge capabilities, CREM allows you to continuously monitor entry points, prioritize mitigation actions based on impact, and predict future threats to neutralize risks before they materialize.

Cyber Risk Exposure Management → Cyber Risk Overview

Zero Trust Secure Access module for macOS version 2.27.381

Sun, 09 Feb 2025 00:00:00 GMT

February 9, 2026—The latest version of the Zero Trust Secure Access Module for macOS has been released. It contains new features, enhancements, and resolved issues.

New Features

Added Private Access Notification toggle in Zero Trust Secure Access → Customization Settings → Secure Access Module Notification.
Added a "Do not show this message again" checkbox to the sign-in pop up.

Enhancements

Updated the copyright year to 2026.
Enhanced stability of ZTSA Mac.
Enhanced debug logging information.

Resolved issues

Fixed an issue where Internet Access page UI incorrectly displayed disconnected status in proxy mode.
Fixed an issue where switching the Internet Access traffic mode from Tunnel (VPN) to Proxy in the TrendAI Vision One™ console would fail.

Email Sensor test drive for targeted attack testing

Mon, 10 Feb 2025 00:00:00 GMT

February 10, 2025—Email and Collaboration Security now offers a test drive function for Email Sensor. This feature allows customers to target specific mailboxes and simulate attacks on them. It helps customers understand the value of TrendAI Vision One™ related functions, including XDR and Cyber Risk Exposure Management capabilities.

Email and Collaboration Security → Email and Collaboration Sensor → Email Test Drive

Network Resources now features configurable profiles

Mon, 10 Feb 2025 00:00:00 GMT

February 10, 2025—You can now create Network Resource Profiles to manage and assign different sets of Network Resource Lists to your connected network security devices. The feature enables designating lists for devices across different regions, groups, or segments in your organization.

Network Security → Network Analysis Configuration → Network Resources

Power BI integration with TrendAI Vision One

Mon, 10 Feb 2025 00:00:00 GMT

February 10, 2025—Microsoft Power BI can now be integrated with TrendAI Vision One™ to access and analyze data directly from the TrendAI Vision One™ platform via APIs.

For more information, see Microsoft Power BI integration.

Workflow and Automation → Third-Party Integrations

TrendAI Vision One Compliance Management now available in public preview

Wed, 12 Feb 2025 00:00:00 GMT

February 12, 2025—Compliance Management is now in public preview as part of the TrendAI Vision One™ platform. With Compliance Management, you can monitor and track your organization's pass rate for selected frameworks and standards, as well as view the recommended remediation actions to reduce security risks from misconfigurations.

The app offers the following effective features:

Enhanced user experience: The left navigation panel allows you to quickly switch between compliance frameworks and standards
Compliance Summary and Analysis widget: A detailed analysis of your organization's compliance posture, along with a quick and effective overview of your pass and fail rates to facilitate audits and remediation
Compliance monitoring by asset group: Filters allow you to drill down on each asset group and view pass rates across different security layers and over time
Compliance Management Overview Report: A quick summary of all monitored frameworks and standards with AI-generated recommendations for remediation actions

Cyber Risk Exposure Management → Cyber Governance & Risk Compliance → Compliance Management

Credit allocation status now viewable in Endpoint Inventory

Fri, 14 Feb 2025 00:00:00 GMT

February 14, 2025—You can now view the credit allocation status of your endpoints in Endpoint Inventory. You can use the filter function to quickly find which endpoints have enable advanced features requiring credit allocation. Clicking Manage Allocation in Credits & Billing opens Endpoint Inventory with the filter applied.

Endpoint Security → Endpoint Inventory

Enhanced domain management for reports in Cloud Email Gateway Protection

Tue, 18 Feb 2025 00:00:00 GMT

February 18, 2025—Cloud Email Gateway Protection now allows administrators to configure report settings and view generated reports only for the domains they have permission to manage. This enhancement ensures that email traffic and threat detection data in reports are accessible only to authorized administrators, providing better control and security.

Email and Collaboration Security → Cloud Email Gateway Protection

Company logo customization available for time-of-click protection in Cloud Email Gateway Protection

Tue, 18 Feb 2025 00:00:00 GMT

February 18, 2025—You can now upload your company logo to replace the default TrendAI™ logo when configuring the blocking and warning redirect pages for time-of-click protection. End users will see the customized logo when they encounter a blocked or warning page after clicking a potentially malicious URL. This enhancement strengthens your brand presence and provides a seamless and familiar experience for your users in security alerts.

Email and Collaboration Security → Cloud Email Gateway Protection

New tokens in notifications and stamps for detections by Correlated Intelligence in Cloud Email Gateway Protection

Tue, 18 Feb 2025 00:00:00 GMT

February 18, 2025—Cloud Email Gateway Protection now includes two new tokens - %CI_RULE_NAME% and %CI_RULE_DESC%, that administrators can use in email notifications for policy matches and in stamps inserted into the message body. These tokens help identify which security risks or anomalies have been detected by Correlated Intelligence, providing clearer and more detailed information in your email security alerts.

Email and Collaboration Security → Cloud Email Gateway Protection

"Add disclaimer" available for BEC detection in Advanced Spam Protection for Exchange Online in Cloud Email and Collaboration Protection

Fri, 21 Feb 2025 00:00:00 GMT

February 21, 2025—Cloud Email and Collaboration Protection adds the "Add disclaimer" action for BEC detections to the Advanced Spam Protection security filter of ATP policies for Exchange Online and Exchange Online (Inline Mode).

Email and Collaboration Security → Cloud Email and Collaboration Protection

Log Retrieval API to support Gmail (Inline Mode) in Cloud Email and Collaboration Protection

Fri, 21 Feb 2025 00:00:00 GMT

February 21, 2025—Beside Gmail, Cloud Email and Collaboration Protection extends the Log Retrieval API to allow administrators to get security event logs of the Gmail (Inline Mode) service.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Scam detection widgets available in Cloud Email and Collaboration Protection

Fri, 21 Feb 2025 00:00:00 GMT

February 21, 2025—Cloud Email and Collaboration Protection displays scam detection data in the Threat Detection dashboard to help you understand scam email detections in your environment. Scams often involve deceptive emails designed to trick recipients into providing sensitive information or transferring money. The dashboard includes detailed insights such as scam detections by email service, the top 5 scam email senders, and the top 5 scam email recipients. This information helps you identify and mitigate potential threats more effectively.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Two more conditions available for detection signal customization in Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 21 Feb 2025 00:00:00 GMT

February 21, 2025—Cloud Email and Collaboration Protection adds two more conditions for defining custom detection signals for anomalies in Correlated Intelligence. These conditions define the number of days within a 30-day period that communication from a sender or sender's domain is considered abnormal on a company-wide basis.

These conditions are not available in all regions.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced user management for Exchange Online access granting in Cloud Email and Collaboration Protection

Fri, 21 Feb 2025 00:00:00 GMT

February 21, 2025—Cloud Email and Collaboration Protection allows adding or removing users after being granted access to Exchange Online with the "Synchronize selected users" option. Previously, this option did not support user synchronization, making user updates impossible after access was granted. The enhanced user management feature lets administrators review synchronized users and make necessary adjustments, providing greater control and flexibility. This ensures that new users receive Cloud Email and Collaboration Protection protection and allows easier removal of unavailable users.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Introducing Data Posture

Fri, 21 Feb 2025 00:00:00 GMT

February 21, 2025—Data Posture is a comprehensive system designed to help you understand your organization’s overall data risk and identify cloud assets with the riskiest sensitive data. Data Posture employs continuous monitoring and risk assessment protocols to identify potential vulnerabilities and unauthorized access attempts. By integrating both native and third-party scanning technologies, Data Posture provides a comprehensive security solution for cloud-based data.

For more information, see Data Security Posture.

Zero Trust Secure Access On-premises Gateway Version 1.0.60

Mon, 24 Feb 2025 00:00:00 GMT

February 24, 2025—Zero Trust Secure Access On-premises Gateway Version 1.0.60 includes enhancements for FTP over HTTP protocol support and bug fixes.

This update includes the following changes:

Added FTP over HTTP protocol support for tools like PowerShell and Curl.
Added OCSP stapling support for server certificate verification.
Fixed a crash that occurred during large file downloads.

Mobile Security for Business app version 2.0.1102

Mon, 24 Feb 2025 00:00:00 GMT

February 24, 2025—Mobile Security for Business app version 2.0.1102 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Renames the feature "Internet Access" to "Internet Access and AI Service Access"

Mobile Security for Business app version 2.0.1432

Mon, 24 Feb 2025 00:00:00 GMT

February 24, 2025—Mobile Security for Business app version 2.0.1432 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Renames the feature "Internet Access" to "Internet Access and AI Service Access"
Fixes an issue where Web Reputation does not work on Chromebooks.

Logical operators available for custom detection models

Mon, 24 Feb 2025 00:00:00 GMT

February 24, 2025—Detection Model Management now supports logical operators (AND, OR) when creating custom detection models with multiple filters.

The new logical operators let you specify whether alerts trigger when all filters meet their thresholds (AND) or when any filter meets its threshold (OR).

For more information, see Configure a custom model.

Agentic SIEM and XDR → Detection Model Management → Custom models

Enhanced Recommendation Scan for Server & Workload Security

Mon, 24 Feb 2025 00:00:00 GMT

February 24, 2025—The enhanced recommendation scan improves upon the classic recommendation scan by optimizing efficiency, reliability, and accuracy when identifying security rules for Intrusion Prevention, Integrity Monitoring, and Log Inspection. Based on your system's required security rules, the scan delivers recommendations with optimized performance and fewer limitations. Whether run manually or scheduled for automated scanning, enhanced recommendation scan can apply recommended rules for regular protection with minimal disruption and reduced strain on system resources.

For more information, see Enhanced recommendation scan.

Endpoint Security → Server & Workload Protection

Service Gateway: Smart Protection Services Version 2.0.4

Sat, 01 Mar 2025 00:00:00 GMT

March 24, 2025—Service Gateway Smart Protection Services Version 2.0.4 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update upgrades components to address identified vulnerabilities, enhancing overall security.
This update adds accumulated bug fixes for Smart Protection Services.

Service Gateway Firmware Version 3.0.18

Sat, 01 Mar 2025 00:00:00 GMT

March 24, 2025—Service Gateway Firmware Version 3.0.18 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update upgrades components to address identified vulnerabilities, enhancing overall security.
This update adds accumulated bug fixes for Service Gateway firmware.

Endpoint Inventory agent removal features now support all TrendAI Vision One Endpoint Security agents

Mon, 03 Mar 2025 00:00:00 GMT

March 3, 2025—Endpoint removal is now handled by Endpoint Inventory and applies to all TrendAI Vision One™ Endpoint Security agent deployments, including Standard Endpoint Protection and Server & Workload Protection. You can automate the removal of disconnected agents using the inactive agent removal settings in Endpoint Settings.

Endpoint Security → Endpoint Inventory

AI Security Posture Management Now Available in Preview

Wed, 05 Mar 2025 00:00:00 GMT

March 5, 2025—Introducing AI Security Posture Management (AI-SPM) in preview. You can now proactively protect your AI system from threats, minimize your data exposure, and reduce the overall risks of your AI infrastructure with comprehensive monitoring using AI SPM.

Cloud Security → Cloud Risk Management

Zero Trust Secure Access module for macOS version 2.17.920

Mon, 10 Mar 2025 00:00:00 GMT

March 10, 2025—Zero Trust Secure Access module for macOS version 2.17.920 provides enhanced security and management capabilities.

This update includes the following changes:

Enhancements
- Supports ZTNP connector resilience
- Supports displaying endpoint connector information in TrendAI Vision One™
- Improved debug log collecting

Zero Trust Secure Access module for Windows version 2.20.1043

Mon, 10 Mar 2025 00:00:00 GMT

March 10, 2025—Zero Trust Secure Access module for Windows version 2.20.1043 provides enhanced security and management capabilities.

This update includes the following changes:

Enhancements
- Supports ZTNP connector resilience
- Supports displaying endpoint connector information in TrendAI Vision One™
- Supports common proxy in the PAC file (using neither cloud gateway proxy or on-premises gateway proxy)
  
  For more information, see PAC file configuration
- ZTSA no longer modifies the system manual proxy setting when Internet Access is enabled
Bug fixes and resolved issues
- Fixed issue where after disabling Internet Access in TrendAI Vision One™, the feature might re-enable and redirect traffic to Internet Access Gateway
- Fixed issue of multiple firewall allow rules after updating
- Fixed an issue where sign-in popup fails to appear when additional users attempt to sign in to Windows Server
- Fixed issue where after Private Access connects, connection status displays disconnected in details page
- Update includes various other bug and performance issue fixes

Zero Trust Secure Access On-premises Gateway Version 1.0.61

Mon, 10 Mar 2025 00:00:00 GMT

March 10, 2025—Zero Trust Secure Access On-premises Gateway Version 1.0.61 includes enhancements for AI service support and bug fixes.

This update includes the following changes:

Supports Github Copilot public AI Service on advanced content inspection.
Supports DeepSeek public AI Service on advanced content inspection.
Fixed the access problem for the request url with long length of cookies.

Zero Trust Secure Access Private Access Connector Version 2.35.0.3338

Mon, 10 Mar 2025 00:00:00 GMT

March 10, 2024—ZTSA PA Connector provides enhanced security connectivity and management capabilities.

This update includes the following changes:

New Features

Added new CLI commands to optimize memory and disk usage on the connector.

Enhancements

Enhanced the resource optimization mechanism to ensure connector stability.

Create custom filters using pre-built templates

Mon, 10 Mar 2025 00:00:00 GMT

March 10, 2025—Detection Model Management now provides pre-built templates to help you create custom filters more efficiently.

Filter templates serve as starting points that you can customize to detect specific events in your environment. Each template comes with predefined settings and queries that you can modify according to your security needs, making easier to implement detection rules without starting from scratch.

For more information, see Use a template to create a custom filter.

Agentic SIEM and XDR → Detection Model Management → Custom filters

Mobile Security for Business app version 2.0.1113

Tue, 11 Mar 2025 00:00:00 GMT

March 11, 2025—Mobile Security for Business app version 2.0.1113 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Labels scans as scheduled or on-demand on the scan history screen.
Fixes an issue where WhatsApp does not work properly when both VPN and Web Reputation are enabled.

Virtual Network Sensor version 1.0.1438

Fri, 14 Mar 2025 00:00:00 GMT

March 3, 2025—Virtual Network Sensor version 1.0.1438 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update provides visibility of client and server hostnames in network telemetry.

Mobile Security for Business app version 2.0.1434

Fri, 14 Mar 2025 00:00:00 GMT

March 14, 2025—Mobile Security for Business app version 2.0.1434 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Labels scans as scheduled or on-demand on the scan history screen.

Office 365 renamed to Microsoft 365 with new support for SaaS Security Posture Management

Sun, 16 Mar 2025 00:00:00 GMT

March 16, 2025—The Office 365 Cyber Risk Exposure Management data source has been renamed to Microsoft 365 to reflect Microsoft's official renaming. Additionally, new data types are being collected to support SaaS Security Posture Management features, including misconfigurations and compliance violation detections. The new data helps reduce your organization's risk exposure and provides mitigation guidance through related risk events to help secure your SaaS environment.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Zero Trust Secure Access module for Windows version 2.20.1045

Tue, 18 Mar 2025 00:00:00 GMT

March 18, 2025—Zero Trust Secure Access module for Windows version 2.20.1045 provides enhanced security and management capabilities.

Important

This update is for the Australia region only.

This update includes the following changes:

Bug fixes and resolved issues
- Fixed issue where after updating, the module fails to launch the default browser to sign-in when using browser-based authentication

Cloud Email Gateway Protection integration with Domain Verification under Administration

Wed, 19 Mar 2025 00:00:00 GMT

March 19, 2025—Cloud Email Gateway Protection now integrates with the domain verification feature in TrendAI Vision One™. Domains added in Cloud Email Gateway Protection will automatically appear in the Domain Verification screen under Administration. This integration also allows administrators to verify domains in either Cloud Email Gateway Protection or Domain Verification, with the verification results applying to both locations.

Email and Collaboration Security → Cloud Email Gateway Protection

Cloud Email Gateway Protection audit logs available in Audit Logs under Administration

Wed, 19 Mar 2025 00:00:00 GMT

March 19, 2025—Cloud Email Gateway Protection now sends its audit logs to TrendAI Vision One™. Administrators can filter and view these logs alongside other TrendAI Vision One™ audit logs in a centralized location - the Audit Logs screen under Administration.

Please note that the Audit Log screen in Cloud Email Gateway Protection will be available for six months before it is permanently deleted.

Email and Collaboration Security → Cloud Email Gateway Protection

TrendAI Vision One Endpoint Security agent March 2025 update - Windows

Fri, 21 Mar 2025 00:00:00 GMT

March 21, 2025—TrendAI Vision One™ Endpoint Security agent version 202503 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Service communication manager (VOM) plug-in version 1.2.0.715
Agent installer (Endpoint Basecamp) version 1.1.0.513
Endpoint sensor version 1.2.0.5987
Vulnerability assessment version 1.0.0.3799
Attack Surface Discovery version 1.0.0.3794
Standard Endpoint Protection version 14.0.14320
Server & Workload Protection version 20.0.2.4960

Detailed release notes:

Enhancements
- Agent installer package now supports local updates for Endpoint Sensor
- Enhancements made to Vulnerability Assessment data collection and performance
- Attack Surface Discovery now includes the following configurations when collecting information: joined domain, screen lock, installed and activated Endpoint detection & response
- Standard Endpoint Protection Application Control feature supports SHA-256 suspicious object type from Suspicious Object Management
- Server & Workload Protection improves SAP scan performance on Window platforms by implementing a caching mechanism and reducing unnecessary operations to achieve faster scan completion times
- Server & Workload Protection includes new dsa_scan argument scanLargeFile to support scanning files larger than 2GB, allowing efficient management of large files
- Server & Workload Protection adds device control syslog for sending events to syslog server directly by request
Bug fixes and resolved issues
- Fixed an issue with the VDI idle mode not detecting system proxy changes
- Fixed an issue with VDI refresh device ID not reloading the service communication manager (VOM)
- Server & Workload Protection - fixed AMSP service stop or crash issue
- Server & Workload Protection - fixed issue where the network driver might crash when stopping if the Windows base filtering engine service is not running
- Server & Workload Protection - fixed issue where CSV files larger than 4KB might be incorrectly classified by SAP Scanner
- Server & Workload Protection - fixed performance issues in TLS 1.3 caused by unsupported protocols
- Server & Workload Protection - fixed article link issues when certificate-related error events are generated

Release schedule:

Batch 1: March 5, 2025
Batch 2: March 12, 2025
Batch 3: March 19, 2025

TrendAI Vision One Endpoint Security agent March 2025 - Linux

Fri, 21 Mar 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.323
Endpoint sensor version 3.0.0.5732
Server & Workload Protection version 20.0.2.4961

Detailed release notes:

New features

The following features and support enhancements
- Version Control Policies adds support for managing Server & Workload Protection kernel support updates as a pre-release feature
Bug fixes and resolved issues
- Server & Workload Protection - fixed issue where CSV files larger than 4KB might be incorrectly classified by SAP Scanner
- Server & Workload Protection - fixed performance issues in TLS 1.3 caused by unsupported protocols
- The update package includes several bug fixes for included component and module updates
Security updates
- Update CACert
- The update package includes several security enhancements for included component and module updates

Release schedule:

Batch 1: January 8, 2025
Batch 2: January 15, 2025
Batch 3: January 22, 2025

TrendAI Vision One Endpoint Security agent March 2025 update - macOS

Fri, 21 Mar 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.509
- ws_communicator.app
- XBCAgent.app
- PreCheck.app
- SilentInstaller.app
Endpoint sensor version 1.2.509
Standard Endpoint Protection version 3.5.7976

Detailed release notes:

Enhancements
- Update Data Detection and Response status
- Update copyright to 2025
- Support List all mounted drives command
- Integrate with iCore 3.3.1022
Bug fixes and resolved issues
- The update package includes several bug fixes for included component and module updates

Release schedule:

Batch 1: March 5, 2025
Batch 2: March 12, 2025
Batch 3: March 19, 2025

User import for synchronized user list for Exchange Online in Cloud Email and Collaboration Protection

Fri, 21 Mar 2025 00:00:00 GMT

March 21, 2025—Cloud Email and Collaboration Protection includes the import function in the Synchronized User List for Exchange Online global settings. This enhancement further simplifies user management by allowing administrators to synchronize multiple users to Cloud Email and Collaboration Protection at once.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Correlated Intelligence available for Gmail in Cloud Email and Collaboration Protection

Fri, 21 Mar 2025 00:00:00 GMT

March 21, 2025—Cloud Email and Collaboration Protection extends Correlated Intelligence to Gmail service protection. Administrators can configure Correlated Intelligence settings in ATP policies for Gmail. This helps find security risks and anomalies in their Gmail emails using predefined and custom correlation rules and detection signals.

The warning banner feature is not available for Gmail.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Increased scam detection visibility in Dashboard in Cloud Email and Collaboration Protection

Fri, 21 Mar 2025 00:00:00 GMT

March 21, 2025—Cloud Email and Collaboration Protection adds the scam detection statistics into the Overall Threat Detections section in Dashboard, and also introduces a new widget regarding scam detections to display the number of scam email messages detected by different security filters during a selected time period.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Confirmation email for end user email reporting in Cloud Email and Collaboration Protection

Fri, 21 Mar 2025 00:00:00 GMT

March 21, 2025—Cloud Email and Collaboration Protection provides a sending acknowledgement email option in Email Reporting settings. This option lets administrators choose if they want to send a confirmation email to end users when they report emails through either the add-in for Outlook or the warning banner inserted in their emails.

Email and Collaboration Security → Cloud Email and Collaboration Protection

New --distro flag for Artifact Scanner

Fri, 21 Mar 2025 00:00:00 GMT

March 21, 2025—TrendAI™ Artifact Scanner (TMAS) now supports the new --distro flag, which allows you to specify OS distribution details for file and directory artifacts. This ensures accurate vulnerability matching for open-source RPM (Red Hat Package Manager) files that sometimes do not include OS information.

For more information, see the WHATS-NEW.md file included with the binary and the --distro flag information in Artifact Scanner CLI.

Cloud Security → Container Security

Zero Trust Secure Access On-premises Gateway Version 1.0.62

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—Zero Trust Secure Access On-premises Gateway Version 1.0.62 includes enhancements for FTP protocol support.

This update includes the following changes:

Support access control & content inspection for FTP protocol as FTP forward proxy.

Zero Trust Secure Access Private Access Connector Version 2.35.0.3343

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—Zero Trust Secure Access Private Access Connector Version 2.35.0.3343 provides enhanced security and management capabilities.

This update includes the following changes:

Optimized the mechanism to ensure the stability of the connector.

Service Gateway: Local ActiveUpdate Service Version 3.0.9

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.9 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update introduces the ability to export pattern information. This function is not available in all regions.
This update upgrades components to address identified vulnerabilities, enhancing overall security.

Zero Trust Secure Access on-premises gateway supports FTP protocol for internet access control

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—Zero Trust Secure Access Internet Access Service on-premises gateway now supports FTP proxy to inspect FTP traffic with access control and content scanning.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Guided Exclusions now available for CREM users

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—Cloud Risk Exposure Management (CREM) users will now be able to exclude resources in use by all TrendAI Vision One™ products to avoid conflicts during rule scanning.

The Guided Exclusions option under Cloud Risk Management is enabled by default for all CREM customers with Agentless Vulnerability and Threat Detection for AWS resources and will no longer affect the compliance scores. You can include them by deselecting the default option.

For more information, see Managing preferences.

Cloud Security → Cloud Risk Management

New names for Cyber Risk Exposure Management capabilities coming starting March 30

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—The Cyber Risk Exposure Management navigation menu will be updated beginning March 30, 2025, with new categories and capability names. The new names better highlight the current features available and give you a preview of more features coming soon to TrendAI Vision One™. Here's what you can expect on April 1:

New feature names and categories for Cyber Risk Exposure Management capabilities

Previous names	Names starting March 30, 2025
Cyber Risk Overview	Cyber Risk Overview
Continuous Risk Management
Atack Surface Discovery	Attack Surface Discovery
Threat and Exposure Management	Threat and Exposure Management
	Vulnerability Management (preview)
Cyber Attack Prediction
Attack Path Prediction	Attack Path Prediction
	Targeted Attack Prediction (coming soon)
Security Posture Management
Cloud Security Posture	Cloud Security Posture
Identity Posture	Identity Security Posture
Data Security	Data Security Posture
Cyber Governance, Risk, & Compliance
Compliance Management	Compliance Management
	Cyber Risk Quantification (coming soon)
Security Awareness Training Training
Phishing Simulations	Phishing Simulations
Training Campaigns	Training Campaigns

For information on how you can purchase a Cyber Risk Exposure Management entitlement and take advantage of these expanded capabilities, contact your sales representative.

Cyber Risk Exposure Management

Create custom filters based on Search queries

Mon, 24 Mar 2025 00:00:00 GMT

March 24, 2025—You can now create custom filters based on Search queries for monitoring of suspicious events. Combine multiple custom filters into custom detection models to facilitate the threat hunting process for your organization.

For more information, see Filter query format.

Agentic SIEM and XDR → XDR Data Explorer

Agentic SIEM and XDR → Detection Model Management

New pricing packages for Cyber Risk Exposure Management coming April 1

Tue, 25 Mar 2025 00:00:00 GMT

March 25, 2025—Starting April 1, 2025, new pricing packages will be introduced for Cyber Risk Exposure Management capabilities. Users who have not preselected a pricing package will automatically switch to the Cyber Risk Exposure Management - Core package (20 credits per assessed desktop or server), which allows you to use the following capabilities without limitations:

Cyber Risk Overview (formerly Cyber Risk Overview)
Attack Surface Discovery
Threat and Exposure Management (formerly Threat and Exposure Management)
Identity Security Posture (formerly Identity Posture)

Upgrade to the Cyber Risk Exposure Management - Essentials package (50 credits per assessed desktop or server) to use the following capabilities without limitations:

Cyber Risk Overview (formerly Cyber Risk Overview)
Attack Surface Discovery
Threat and Exposure Management (formerly Threat and Exposure Management)
Identity Security Posture (formerly Identity Posture)
Attack Path Prediction
Security Awareness Training Training
Compliance Management

Enable cloud account assessment (1,000 credits per 500 cloud resources up top a maximum of 8,000 credits) to include your cloud assets in your available Cyber Risk Exposure Management capabilities.

Cyber Risk Exposure Management

Changes to desktop, server, and cloud account assessment override coming to Cyber Risk Exposure Management April 1

Tue, 25 Mar 2025 00:00:00 GMT

March 25, 2025—The current feature allowing users to override the number of assessed desktops, servers, and cloud accounts will be disabled on April 1. If you are are currently using the override feature, your credits will continue to be calculated according to the asset override total until May 1. During that time, add the desktops or servers you don't wish to assess to the Exception List in Attack Surface Discovery. For cloud accounts you don't wish to assess, disable Cyber Risk Exposure Management for the account in Cloud Accounts. After May 1, your credit requirements will be based on the actual number of discovered assets that have not been added to the Exception List or for which Cyber Risk Exposure Management is enabled. Contact your sales representative if you have any questions.

Cyber Risk Exposure Management

Export case list

Tue, 25 Mar 2025 00:00:00 GMT

March 25, 2025—In Case Management, you can now export case log data as a comma-separated value (CSV) file. After export, access and download the file from Reports Exported from TrendAI Vision One™ Apps under Generated Reports in Reports.

Workflow and Automation → Case Management

Server & Workload Protection firewall exceptions added

Mon, 31 Mar 2025 00:00:00 GMT

March 31, 2025—Server & Workload Protection firewall exceptions have been added to all regions. Ensure your firewall is up to date with the latest Firewall EIP Blocks, as older Deep Security and Cloud One EIP Block addresses might no longer be valid.

For more information see the firewall exceptions for your region:

Template Scanner API now supports Terraform HCLtemplates for CREM users

Mon, 31 Mar 2025 00:00:00 GMT

March 31, 2025—Cloud Risk Exposure Management (CREM) users will now be able to scan Terraform HCL (.tf) templates with the latest API directly by scanning a .zip file of HCL templates. as opposed to converting the Terraform HCL (.tf) templates into HCL plan (.json) files before scanning. Additionally, you can now use the cloudPosture/scanTemplateArchive endpoint to POST a ZIP file containing your Terraform templates to be scanned. For more information, see the Template Scanner API documentation.

Cloud Security → Cloud Risk Management

Virtual Network Sensor version 1.0.1449

Tue, 01 Apr 2025 00:00:00 GMT

March 31, 2025—Virtual Network Sensor version 1.0.1449 includes enhancements, bug fixes, and security updates.

Virtual Network Sensor version 1.0.1448

Tue, 01 Apr 2025 00:00:00 GMT

March 24, 2025—Virtual Network Sensor version 1.0.1448 provides enhanced network monitoring and threat detection capabilities.

Service Gateway Firmware Version 3.0.19

Tue, 01 Apr 2025 00:00:00 GMT

April 21, 2025—Service Gateway Firmware Version 3.0.19 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update integrates Mobile Security with the Service Gateway, allowing traffic from Mobile Agents to be routed through the Forward Proxy Service to authorized FQDNs.
This update enhances the protection of sensitive data in Service Gateway service settings, preventing exposure and unauthorized access.
This update adds accumulated bug fixes for Service Gateway firmware.

New frameworks and features added

Tue, 01 Apr 2025 00:00:00 GMT

April 1, 2025—This release introduces new compliance frameworks including CMMC Levels 1, 2, and 3 Version 2.13, ISO/IEC 27001:2022, and PCI DSS v4.0.1, along with enhanced features such as asset group pass rates, tagged and untagged asset pass rates, PDF compliance reports, and support for custom frameworks to improve compliance management and audit readiness.

Frameworks added:

CMMC Level 1 Version 2.13
CMMC Level 2 Version 2.13
CMMC Level 3 Version 2.13
ISO/IEC 27001:2022
PCI DSS v4.0.1

Additional features included:

Asset group pass rates by framework or standard: Gain visibility on each asset group pass rate based on your selected frameworks to target improvements for better overall compliance performance.
Tagged and untagged asset pass rates: View the pass rate for tagged and untagged assets to ensure that all assets meet compliance standards.
PDF reports of your organization's pass rate for each selected framework: View actionable and comprehensive recommendations and analysis generated by AI, and simplify the audit preparation process with easy-to-share reports.
Custom frameworks: Tailor frameworks to specific industry requirements and ensure more relevant and effective compliance checks, greatly reducing the need for manual compliance audits.

Compliance Management official release

Tue, 01 Apr 2025 00:00:00 GMT

April 1, 2025—Compliance Management is now officially released and includes the following exciting features:

New supported frameworks: CMMC Level 1 Version 2.13, CMMC Level 2 Version 2.13, CMMC Level 3 Version 2.13, ISO/IEC 27001:2022, and PCI DSS v4.0.1.
Asset group pass rates by framework or standard: Gain visibility on each asset group pass rate based on your selected frameworks to target improvements for better overall compliance performance.
Tagged and untagged asset pass rates: View the pass rate for tagged and untagged assets to ensure that all assets meet compliance standards.
PDF reports of your organization’s pass rate for each selected framework: View actionable and comprehensive recommendations and analysis generated by AI, and simplify the audit preparation process with easy-to-share reports.
Custom frameworks: Tailor frameworks to specific industry requirements and ensure more relevant and effective compliance checks, greatly reducing the need for manual compliance audits.

Cyber Risk Exposure Management → Cyber Governance & Risk Compliance → Compliance Management

Security Awareness Training Campaign playbooks now available

Tue, 01 Apr 2025 00:00:00 GMT

April 1, 2025—Security Playbooks is introducing a new playbook template: Security Awareness Training Campaign. This type of playbook is designed to enhance your organization's security posture by creating targeted security awareness training campaigns for user accounts identified in account compromise and XDR detection risk events.

For more information, see Manually create Security Awareness Training Campaign playbooks.

Workflow and Automation → Security Playbooks

Zero Trust Secure Access module for Windows version 2.21.1023

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—Zero Trust Secure Access module for Windows version 2.21.1023 provides enhanced security and management capabilities.

This update includes the following changes:

Bug fixes and resolved issues
- Fixed issue where in Private Access diagnostics page the round-trip time (RTT) test always fails
- Fixed issue where after Private Access connect the NRPT rules are not set up
- Fixed issue where TrendAI Vision One™ shows ZTSA uninstall failed although uninstall process was successful
- (JP region only) Fixed issue so some management traffic uses the proxy configured by "Primary Custom Proxy Settings" in both Agent Installer Proxy Settings and Runtime Proxy Policy Settings

Zero Trust Secure Access module for macOS version 2.18.26

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—Zero Trust Secure Access module for macOS version 2.18.26 provides enhanced security and management capabilities.

This update includes the following changes:

Enhancements
- Improved debug log collecting
Bug fixes and resolved issues
- Fixed issue where in Private Access diagnostics page the round-trip time (RTT) test always fails
- Fixed issue where Internet Access is enabled for a short time while bypass key is activated

Zero Trust Secure Access On-premises Gateway Version 1.0.63

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—Zero Trust Secure Access On-premises Gateway Version 1.0.63 delivers enhancements and optimizations.

This update includes the following changes:

Support local prompt injection service for an on-premise gateway.
Optimized disk usage when scanning large files that are being transferred.

Zero Trust Secure Access Private Access Connector Version 2.35.0.3345

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—Zero Trust Secure Access Private Access Connector Version 2.35.0.3345 provides enhanced security and management capabilities.

This update includes the following changes:

Added a fix for SSH vulnerability.
Fixed a bug in the dpid restart CLI command that caused the process to restart as the root user .

AWS Organizations deployment now supports multiple Organizational Units

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—We are pleased to announce that the AWS Organizations deployment in Cloud Accounts now supports deployment to multiple Organizational Units (OUs) simultaneously. This enhancement streamlines the process, allowing for more efficient and scalable management of your AWS resources. For more information, see Connect an AWS Organization.

Cloud Security → Cloud Accounts

Microsoft Defender for Endpoint logs now supported in custom filters

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—You can now include Microsoft Defender for Endpoint logs in custom filters and models to enhance your organization’s event detection capabilities and Workbench alert generation, providing you with even more comprehensive security insights.

For more information, see Configure a custom model.

Agentic SIEM and XDR → Detection Model Management

Asset tagging for endpoints and container clusters now supported

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—Asset tagging for endpoints and container clusters is now supported. TrendAI Vision One™ can now enrich your custom tags with asset activity and detection data, allowing you to leverage Search and Detection Model Management.

Agentic SIEM and XDR → XDR Data Explorer

Agentic SIEM and XDR → Detection Model Management

Integration of TrendAI Vision One with Google Security Operations SIEM

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—TrendAI Vision One™ now integrates with Google Security Operations (Google SecOps) SIEM. This integration facilitates efficient data sharing, enabling TrendAI Vision One™ to send alerts, event data, container vulnerabilities, activity data, and audit logs to Google SecOps. Configure data feeds in Google SecOps to ingest this data and enhance your security telemetry analysis.

For more information, see Google Security Operations SIEM integration.

Workflow and Automation → Third-Party Integrations

Enhanced data transfer configuration for Splunk HEC connector

Mon, 07 Apr 2025 00:00:00 GMT

April 7, 2025—The Splunk HEC connector introduces granular data selection based on asset tags. You can now specify which data gets transferred by choosing relevant tags, providing greater control and flexibility over the data shared with Splunk Cloud.

For more information, see Splunk HEC connector configuration.

Workflow and Automation → Third-Party Integrations

Project Centric View now available for CREM Cloud Risk Management users

Tue, 08 Apr 2025 00:00:00 GMT

April 8, 2025—You can now view your resources and risk events grouped by Project defined automatically in your Cloud Projects and adjusted manually through cloud platform accounts, cloud platform tags, and TrendAI Vision One™ tags. You can also define new Projects based on conditions based on Asset name, Asset type, Provider, Region, Location, Account Name, and Cloud Provider Asset Tags. For more information, see Projects View.

Cloud Security → Cloud Risk Management → Cloud Security Posture

TrendAI Vision One Endpoint Security agent April 2025 update - Windows

Wed, 09 Apr 2025 00:00:00 GMT

April 9, 2025—TrendAI Vision One™ Endpoint Security agent version 202504 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.1.0.5274
Service communication manager (VOM) plug-in version 1.2.0.824
Endpoint sensor version 1.2.0.6152
Vulnerability assessment version 1.0.0.3824
Standard Endpoint Protection version 14.0.14492
Server & Workload Protection version 20.0.2.7600

Detailed release notes:

New features

The following features and support enhancements
- New TrendAI Vision One™ Endpoint Security agent console configurable with Endpoint Security Policies
- Server & Workload Protection Web Reputation Service supports integration with the TrendAI™ Toolbar for Enterprise browser extension. Integration with the browser extension is planned to be configurable using Endpoint Security Policies by the end of May 2025.
- Dynamic Intelligence Mode added to Server & Workload Protection allows the agent to automatically adjust monitoring levels based on analyzing detected threats, user behavior, and system context.
- The TrendAI Vision One™ Endpoint Security agent can now be installed through connected Deep Security Agents.
- Server & Workload Protection now supports HTTP2 for inbound traffic scanning
Enhancements
- Web Service Communicator now merged with Service communication manager (VOM)
- Add new telemetry processes for Service communication manager (VOM)
- Enhanced data collection for Vulnerability Assessment
- Standard Endpoint Protection: Updates feature descriptions in Endpoint Sensor policy settings screen to improve user experience
- Standard Endpoint Protection: Adds application version information in Application Control detection logs for methods matched in the Application Reputation List
- Standard Endpoint Protection: Enhances self-protection capability for Standard Endpoint Protection Windows Security Agent program folder
- Standard Endpoint Protection: Enhances Predictive Machine Learning module for suspicious Anti-malware Scan Intervace (AMSI) even detections
- Standard Endpoint Protection: Enhances "blue screen of death" (BSOD) loop prevention monitoring mechanism
- Standard Endpoint Protection: Updates Behavior Monitoring Core Service module to version 2.98.2101
- Standard Endpoint Protection: Updates Behavior Monitoring Core Drive module to version 2.98.2100
- Standard Endpoint Protection: Enhancements to program update process to prevent excessive network bandwidth usage
Bug fixes and resolved issues
- Fixed an issue where user was unable to remove TrendAI™ Cloud Endpoint Telemetry Service
- Fixed MQTT huge log size issue
- Standard Endpoint Protection: Fixed an issue where adding SHA-256 suspicious objects in TrendAI Vision One™ might prevent TrendAI™ Apex One as a Service from upgrading to Standard Endpoint Protection.
- Standard Endpoint Protection: Fixed an issue where emails were not sent to policy owner for policy owner updates
- Standard Endpoint Protection: Fixed an issue where the updated TrendAI™ Apex One group name might now appear in Standard Endpoint Protection Product Status view
- Standard Endpoint Protection: Fixed an issue that might prevent Standard Endpoint Protection from deploying components to integrated TrendAI™ products
- Standard Endpoint Protection: Fixed an issue where Application Control criteria processing might cause high CPU usage and impact endpoint performance
- Standard Endpoint Protection: Fixed an issue where Data Loss Prevention might not function properly for 7-Zip compressed files
- Standard Endpoint Protection: Fixed an issue where after updating the agent, the endpoint might display the Security Agent console unexpectedly
- Standard Endpoint Protection: Fixed an issue where updating the Suspicious Object lists might cause the Apex One NT Listener service (TmListen.exe) to consume a large amount of CPU resources and impact endpoint performance
- Standard Endpoint Protection: Fixed an issue where virus and malware file path processing might cause the system to display spaces in the detection file path as ASCII codes for the associated detection logs on the Log Query screen
- Standard Endpoint Protection: Fixed an issue where the TrendAI™ Apex One web console might prevent users from viewing the predefined port lists in Firewall Policy Rules
- Standard Endpoint Protection: Fixed an issue where a "blue screen of death" (BSOD) error might occur on endpoints when the TrendAI™ Unauthorized Change Prevention Service is enabled and users attempt to save Microsoft Office files through network drives
- Server & Workload Protection: Fixed an issue that could cause the service process to crash under specific timing conditions
- Server & Workload Protection: Fixed a performance issue impacting the PureStorage solution environment
- Server & Workload Protection: Fixed an issue where PowerPoint might cause a crash when the endpoint wakes up from Hibernate mode
- Server & Workload Protection: Fixed an issue to avoid a corrupted registry causing a "blue screen of death" (BSOD) issue
- The update package includes several bug fixes for included component and module updates
Security updates
- The update package includes several security enhancements for included component and module updates

Release schedule:

Batch 1: April 9, 2025
Batch 2: April 16, 2025
Batch 3: April 23, 2025

TrendAI Vision One Endpoint Security agent April 2025 update - Linux

Wed, 09 Apr 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.408
Endpoint Sensor version 3.0.0.5996
Server & Workload Protection version 20.0.2.7600

Detailed release notes:

New features

The following features and support enhancements
- Dynamic Intelligence Mode added to Server & Workload Protection allows the agent to automatically adjust monitoring levels based on analyzing detected threats, user behavior, and system context.
- The TrendAI Vision One™ Endpoint Security agent can now be installed through connected Deep Security Agents.
- Endpoint response supports listing mounted devices
- Server & Workload Protection now supports HTTP2 for inbound traffic scanning
Bug fixes and resolved issues
- Fixed an issue with Server & Workload Protection where Linux Anti-malware engine might crash when certain patterns are not loaded into the system
- Fixed an issue with Server & Workload Protection where scheduled scan is triggered at the wrong time when "Enable agent to trigger scheduled scans for malware" is enabled
- Other bug fixes are included for the agent program services package

Release schedule:

Batch 1: April 9, 2025
Batch 2: April 16, 2025
Batch 3: April 23, 2025

TrendAI Vision One Endpoint Security agent April 2025 update - macOS

Wed, 09 Apr 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.509
- ws_communicator.app
- XBCAgent.app
- PreCheck.app
- SilentInstaller.app
Endpoint sensor version 1.2.509
Standard Endpoint Protection version 3.5.7996

Detailed release notes:

Enhancements
- Update Data Detection and Response status
- Copyright update to 2025
- Standard Endpoint Protection: Updates feature descriptions in Endpoint Sensor policy settings screen to improve user experience
- Standard Endpoint Protection: Adds application version information in Application Control detection logs for methods matched in the Application Reputation List
- Standard Endpoint Protection: Updates Behavior Monitoring Core Service module to version 2.98.2101
- Standard Endpoint Protection: Updates Behavior Monitoring Core Drive module to version 2.98.2100
- Standard Endpoint Protection: Enhancements to program update process to prevent excessive network bandwidth usage
- Enables agent to send real-time scan status to Standard Endpoint Protection
- Updates the iCore module to support the millisecond format in detection logs
Bug fixes and resolved issues
- Standard Endpoint Protection: Fixed an issue where adding SHA-256 suspicious objects in TrendAI Vision One™ might prevent TrendAI™ Apex One as a Service from upgrading to Standard Endpoint Protection.
- Standard Endpoint Protection: Fixed an issue where emails were not sent to policy owner for policy owner updates
- Standard Endpoint Protection: Fixed an issue where the updated TrendAI™ Apex One group name might now appear in Standard Endpoint Protection Product Status view
- Standard Endpoint Protection: Fixed an issue that might prevent Standard Endpoint Protection from deploying components to integrated TrendAI™ products
- Standard Endpoint Protection: Fixed an issue where virus and malware file path processing might cause the system to display spaces in the detection file path as ASCII codes for the associated detection logs on the Log Query screen
- Standard Endpoint Protection: Fixed an issue where the TrendAI™ Apex One web console might prevent users from viewing the predefined port lists in Firewall Policy Rules
- The update package includes several bug fixes for included component and module updates
Security updates
- The update package includes several security enhancements for included component and module updates

Release schedule:

Batch 1: April 9, 2025
Batch 2: April 16, 2025
Batch 3: April 23, 2025

Tag Management in Container Security

Wed, 09 Apr 2025 00:00:00 GMT

April 9, 2025—TrendAI Vision One™ now supports adding custom tags to your clusters in Container Security using Tag Management. You can assign tags to specific assets to gain visibility across all TrendAI Vision One™ applications and keep your assets organized.

For more information, see Tag Management.

Cloud Security → Container Security

Remote shell command drivelist

Wed, 09 Apr 2025 00:00:00 GMT

April 9, 2025—TrendAI Vision One™ Endpoint Sensor introduces a new command in the remote shell, drivelist. This command lists detailed drive information across Windows, Linux, and macOS platforms.

Workflow and Automation → Response Management

NSA/CISA Kubernetes Hardening Guidance now available

Fri, 11 Apr 2025 00:00:00 GMT

April 11, 2025—TrendAI Vision One™ now supports compliance scanning for NSA/CISA Kubernetes Hardening Guidance for Kubernetes clusters in Container Security. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your Kubernetes security posture.

For more information, see Compliance.

Cloud Security → Container Security → Container Protection

SHA-256 Support Added to Suspicious Object Actions for Endpoint Security

Fri, 11 Apr 2025 00:00:00 GMT

April 11, 2025—TrendAI Vision One™ Endpoint Security agents now support "Log" and "Block" actions for File SHA-256 objects within the Suspicious Object List. This enhances threat response capabilities by allowing direct action on SHA-256 hashes identified as suspicious across Windows, Mac, and Linux platforms.

For more information, see Suspicious Object Management.

Threat Intelligence → Suspicious Object Management

TrendAI Vision One Business Resilience report available

Fri, 11 Apr 2025 00:00:00 GMT

April 11, 2025—The quarterly TrendAI Vision One™ Business Resilience report is now available for organizations that have had TrendAI Vision One™ entitlements for at least 90 days. The current report offers detailed insights on how TrendAI Vision One™ solutions have contributed to your cybersecurity goals from January 1 to March 31 of this year. The report includes information on your business's attack surface, security operations efficiency, detections by security later, and more. To view your report and access a PDF version you can send to stakeholders, go to Dashboards and Reports → Reports → Generated Reports → TrendAI Vision One™ Security Value Reports.

Dashboards and Reports → Reports

AWS Well-Architected Framework compliance standards update for CREM Cloud Risk Management Users

Mon, 14 Apr 2025 00:00:00 GMT

April 14, 2025—We've updated the AWS Well-Architected Framework compliance standard report and the associated rule mappings by adding the latest version of the Framework, released in March 2025.

Important

Effective from June 1, 2025, the AWS Well-Architected Framework (updated October 2023) compliance standard will no longer be available. You will not be able to access the standard in the filters and create new reports or generate reports with existing configurations with the old standard. But you will have access to old PDF/CSV reports.
We recommend updating your report configurations to use the latest versions of the AWS Well-Architected Framework by June 1, 2025 to avoid any disruptions in your reports generation and compliance scores.

Cloud Security → Cloud Risk Management

Real-Time Posture Monitoring now available for Google Cloud projects

Mon, 14 Apr 2025 00:00:00 GMT

April 14, 2025—CREM Cloud Risk Management now supports Real-Time Posture Monitoring previously titled Real-Time Monitoring (RTM) for Google Cloud projects connected through the Cloud Accounts app. You can enable Real-Time Posture Monitoring while creating a new Google Cloud project or turn the feature on for existing projects or organizations. For details, see RTPM for Google Cloud.

Cloud Security → Cloud Risk Management

Network analytics report in Workbench insights

Mon, 14 Apr 2025 00:00:00 GMT

April 14, 2025—Workbench insights now have a insight-level network analytics report.

The network analytics report shows network correlations between the objects included in a Workbench insight. The report provides comprehensive analytics to help you monitor, manage, and identify the abnormal network traffic in your environment. Learn more.

Agentic SIEM and XDR → Workbench → Workbench Insights

Install TrendAI Vision One Endpoint Security agent via Deep Security Agent

Tue, 15 Apr 2025 00:00:00 GMT

April 15, 2025—TrendAI Vision One™ - Server & Workload Protection can now install TrendAI Vision One™ Endpoint Security agent via Deep Security Agent. For more information, see https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-install-agent-via-deep-security.

Endpoint Security → Server & Workload Protection

Upcoming AWS account scanning enhancements for CREM Cloud Risk Management users

Tue, 15 Apr 2025 00:00:00 GMT

April 15, 2025—As a part of our commitment to improving customer experience, we will release significant system enhancements for AWS cloud account scanning. These enhancements will be rolled out gradually over the next several months.

Some upcoming enhancements allow for more thorough and accurate scanning of account resources and verification, which may change the display of particular data with existing inconsistencies.

Cloud Security → Cloud Risk Management

Mobile Security for Business app version 2.0.1121

Wed, 16 Apr 2025 00:00:00 GMT

April 16, 2025—Mobile Security for Business app version 2.0.1121 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes an issue where the app cannot load the login page when Private Access is enabled.
Fixes an issue where websites cannot be accessed occasionally when Internet Access is enabled.

Cyber Risk Index algorithm version 3.0 to be released May 5

Thu, 17 Apr 2025 00:00:00 GMT

April 17, 2025—Version 3.0 of the Cyber Risk Index algorithm will be released on May 5, 2025. The updated algorithm expands your organization's ability to clearly visualize cyber risk and efficiently prioritize mitigation and remediation efforts using refined risk score calculations, more precise risk identification, and a broader risk scope. Enhancements include a new risk factor and new risk events, weight and impact adjustments, incorporation of new data sources, and refinements that give you more visibility into significant sources of risk.

Updates to the Cyber Risk Index algorithm may cause your Cyber Risk Index to rise or drop. Any fluctuations that coincide with the algorithm update are likely due to the update rather than an ongoing attack or system issue.

To prevent unnecessary index fluctuations and ensure consistent standards, TrendAI™ avoids updating the Cyber Risk Index algorithm unless absolutely necessary to accommodate product enhancements and the changing cyber threat landscape. The last Cyber Risk Index algorithm update, version 2.0, occurred January 24, 2024.

To learn more about version 3.0 of the Cyber Risk Index algorithm, see May 5, 2025 - Cyber Risk Index algorithm version 3.0

Cyber Risk Exposure Management → Cyber Risk Overview

Approved sender list for Correlated Intelligence in email service protection in Cloud Email and Collaboration Protection

Fri, 18 Apr 2025 00:00:00 GMT

April 18, 2025—Cloud Email and Collaboration Protection allows configuring the approved sender list to exclude specific senders from Correlated Intelligence scanning in ATP policy configuration for Exchange Online, Exchange Online (Inline Mode), and Gmail.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Correlated Intelligence available for Exchange Online (Inline Mode) in Cloud Email and Collaboration Protection

Fri, 18 Apr 2025 00:00:00 GMT

April 18, 2025—Cloud Email and Collaboration Protection extends Correlated Intelligence to Exchange Online (Inline Mode) service protection. Administrators can configure Correlated Intelligence settings in ATP policies for Exchange Online (Inline Mode). This helps find security risks and anomalies in employees' emails using predefined and custom correlation rules and detection signals.

The warning banner feature is not available for Exchange Online (Inline Mode).

Email and Collaboration Security → Cloud Email and Collaboration Protection

Customizable email reporting acknowledgments in Cloud Email and Collaboration Protection

Fri, 18 Apr 2025 00:00:00 GMT

April 18, 2025—Administrators can customize the acknowledgment emails sent to end users when they report emails. This allows for personalized messages, enhancing communication and user experience when reporting false positive and false negative emails.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced reporting with scam and DLP detections in Cloud Email and Collaboration Protection

Fri, 18 Apr 2025 00:00:00 GMT

April 18, 2025—Cloud Email and Collaboration Protection allows administrators to create reports that include detections related to Data Loss Prevention (DLP) and scams. This enhancement provides administrators with comprehensive insights into potential data breaches and scam activities, improving overall security monitoring and response.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access On-premises Gateway Version 1.0.64

Mon, 21 Apr 2025 00:00:00 GMT

April 21, 2025—Zero Trust Secure Access On-premises Gateway Version 1.0.64 delivers new features and enhancements.

This update includes the following changes:

Support the public IP address as a rule target in Internet Access and AI Service Access rules.
Support custom URL category-based traffic exceptions in Internet Access and AI Service Access rules.
Support tenancy restriction for GitHub Enterprise.
Enhanced the HTTP/2 protocol handling to support some non-RFC compliant traffic.
Fixed the timeout issue in proxy mode for large file uploading.

Detection signal customization for Correlated Intelligence in Cloud Email Gateway Protection

Mon, 21 Apr 2025 00:00:00 GMT

April 21, 2025—In addition to predefined detection signals for Correlated Intelligence, Cloud Email Gateway Protection allows administrators to define custom signals by using predefined conditions to meet specific security needs. These custom signals can then be incorporated into correlation rules, enhancing the detection capabilities of Cloud Email Gateway Protection within the customer’s unique environment.

Email and Collaboration Security → Cloud Email Gateway Protection

Enhanced Management and Regional Support for Phishing Simulation Integration in Cloud Email Gateway Protection

Mon, 21 Apr 2025 00:00:00 GMT

April 21, 2025—Cloud Email Gateway Protection now offers enhanced management capabilities for third-party phishing simulation integrations. Administrators can manage approved service providers and their corresponding sending IP addresses directly through the administrator console, allowing Cloud Email Gateway Protection to bypass scans for phishing simulation emails from approved third-party service providers.

Additionally, this feature now supports phishing simulation integration for the Japan site.

Email and Collaboration Security → Cloud Email Gateway Protection

Mobile Security for Business app version 2.0.1126

Mon, 21 Apr 2025 00:00:00 GMT

April 21, 2025—Mobile Security for Business app version 2.0.1126 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes an issue where the app shows that a website is blocked but does not actually block it.

Support for Microsoft Defender logs in custom detection filters

Fri, 25 Apr 2025 00:00:00 GMT

April 25, 2025—TrendAI Vision One™ now supports Microsoft Defender logs in custom detection models.

This update includes the following changes:

Active Directory (AD) Reconnaissance Activities
Bloodhound Post-Exploitation Tool
Command Line Used for Possible Overpass-The-Hash
DLL Search Order Hijack
Event Log Cleared
Executable Loaded an Unexpected DLL
File Backups Were Deleted
File Dropped and Launched from Remote Location
Hacktool in a PowerShell Script was Prevented from Executing via AMSI
Malicious File Uploaded to Storage Account
Malware Prevented
Malware in a Command Line was Prevented from Executing
Microsoft Defender Antivirus Tampering
Microsoft Defender has Detected a Malware
Possible Sideload Stealer Activity
Process Memory Dump
Process Related to Possible AD Reconnaissance
Security Software was Disabled
Sticky Keys Binary Hijack Detected
Successful Logon Using Overpass-the-Hash with Potentially Stolen Credentials
Suspected Delivery of Gootkit Malware
Suspected Overpass-the-Hash Attack
Suspicious Azure Role Assignment Detected
Suspicious Key Vault Recovery Detected
Suspicious Lsass Process Access
Suspicious PowerShell Command Line
Suspicious Script Launched
Suspicious Sequence of Exploration Activities
Windows Defender AV Detected

To help you test the new feature, we added custom detection filters to the tm-v1-detection-models GitHub repository. You can import these detection models to your TrendAI Vision One™ environment to test the new integration.

For more information about custom detection filters, see Custom filters

Support for Fortinet logs in custom detection filters

Fri, 25 Apr 2025 00:00:00 GMT

April 25, 2025—TrendAI Vision One™ now supports Fortinet logs in custom detection models.

This update includes the following changes:

DHCP Client Blocked Log
File Reported Infected by Inline Block (Warning)
IP Pool PBA Block Exhausted
MIME Data Reported Infected by Inline Block (Warning)
Scan Error - Traffic Blocked
SSH Channel Is Blocked
SSH Connection Is Blocked Because Host-key Is Not Trust
SSH Shell Command Is Detected
SSL Connection Is Blocked Due To Its SSL Negotiation
SSL Connection Is Blocked Due To Server Certificate And SNI Mismatched
SSL Connection Is Blocked Due To Unable To Retrieve Server's Certificate
Traffic Blocked As ICAP Server Found Infection
VoIP SCCP Call Blocked
VoIP SIP Blocked
Web Content Banned Activity Found

For more information about custom detection filters, see Custom filters

Enhanced Threat Intelligence Feed

Mon, 28 Apr 2025 00:00:00 GMT

April 28, 2025—Proactively gain a more comprehensive, sophisticated understanding of the evolving threat landscape through the enhanced Threat Intelligence Feed. The feed contains additional contextual information including threat report names, campaigns, intrusion sets, malware, tools, targeted industries, targeted countries, and common vulnerability and exposures (CVEs).

For more information, see Trend Threat Intelligence Feed.

Threat Intelligence

Mobile Security for Business app version 2.0.1128

Wed, 30 Apr 2025 00:00:00 GMT

April 30, 2025—Mobile Security for Business app version 2.0.1128 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Optimizes the network access mechanism to accelerate internet access.

Mobile Security for Business app version 2.0.1444

Wed, 30 Apr 2025 00:00:00 GMT

April 30, 2025—Mobile Security for Business app version 2.0.1444 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Optimizes the network access mechanism to accelerate internet access.
Updates the End-User License Agreement to the latest version.
Fixes an issue where the agent status on the console does not update when the app is uninstalled from the personal profile when Microsoft Intune or Other MDM serves as the MDM.
Fixes app crashes that occur when users tap the scan button.

Introducing Azure management group deployment

Thu, 01 May 2025 00:00:00 GMT

May 1, 2025—You can now connect your Azure Management Group to TrendAI Vision One™, which allows you to connect all the subscriptions in your Management Group simultaneously. The Management Group deployment feature is now available in public preview.

For more information, see Connect an Azure management group.

Cloud Security → Cloud Accounts → Azure

New agent console experience

Thu, 01 May 2025 00:00:00 GMT

May 1, 2025—The TrendAI Vision One™ Endpoint Security agent now features a new agent console with a more modern and consistent user experience. Additionally, you can use Endpoint Security Policies to manage agent console features such as customizable notifications and alerts for your endpoint users.

CIS Google Kubernetes Engine (GKE) Benchmark scanning now available

Thu, 01 May 2025 00:00:00 GMT

May 1, 2025—TrendAI Vision One™ now supports compliance scanning with CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0 in your GKE clusters. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your Kubernetes security posture.

For more information, see Compliance.

Cloud Security → Container Security → Container Protection

New custom detection filters for Citrix logs

Thu, 01 May 2025 00:00:00 GMT

May 20, 2025—TrendAI Vision One™ now supports custom detection filters for Citrix. Try these detection filters to enhance Citrix log analysis:

Blocked Critical Severity Firewall Rules
Blocked High Severity Firewall Rules
Blocked Medium Severity Firewall Rules
Blocked Low Severity Firewall Rules
Not Blocked Critical Severity Firewall Rules
Not Blocked High Severity Firewall Rules
Not Blocked Medium Severity Firewall Rules
Not Blocked Low Severity Firewall Rules
Transformed Critical Severity Firewall Rules
Transformed High Severity Firewall Rules
Transformed Medium Severity Firewall Rules
Transformed Low Severity Firewall Rules

Download these custom detection filters from GitHub.

Agentic SIEM & XDR → Detection Model Management

Zero Trust Secure Access Internet Access supports NTLM v2 authentication

Fri, 02 May 2025 00:00:00 GMT

Zero Trust Secure Access Internet Access now supports transparently authenticating end users on your on-premises Active Directory server using the NTLM v2 protocol, with an Internet Access On-Premises Gateway acting as the authentication proxy server.

For more information, see Global settings.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Filter cases by who created or closed them

Fri, 02 May 2025 00:00:00 GMT

May 2, 2025—New Created by and Closed by fields and filters in Case Management allow you to view cases based on whether they were opened or closed by a security playbook, TrendAI Vision One™ user, or third-party ticketing system. With these fields, you can easily assess the effectiveness of automation and analyst performance for reporting accuracy and informed operational decisions.

Workflow and Automation → Case Management

Zero Trust Secure Access module for Windows version 2.22.1036

Sun, 04 May 2025 00:00:00 GMT

May 5, 2025—This update includes security enhancements, bug fixes, and feature releases as detailed in the following notes.

Version 2.22.1036

New features
- Supports installation in restricted environments where direct internet access is blocked and only proxy connections are allowed. For more information, see Deploy Zero Trust Secure Access Module in restricted environment.
Enhancements
- Upgrade .NET SDK to version 8.0.
Bug fixes and resolved issues
- Fixed issue where ZTSA retries the login page indefinitely when authentication server is down.
- Fixed issue where Private Access gets stuck in "connecting" state when netsh.exe crashes.
Known bugs or issues
- Sign-in fails when enabling single sign-on using NTLM authentication. For more information, see https://success.trendmicro.com/en-US/solution/KA-0019741

Zero Trust Secure Access module for macOS version 2.20.68

Mon, 05 May 2025 00:00:00 GMT

June 2, 2025—The latest version of the Zero Trust Secure Access Module for macOS has been released.

Enhancements
- Displays a system notification when Private Access is disconnected.
Resolved issues
- After updates, Zero Trust Secure Access would still show the sign-in popup window.
- When Mac device was shut down and rebooted a few times, the Zero Trust Secure Access would display a blank UI.

Zero Trust Secure Access module for macOS version 2.19.44

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—This update includes security enhancements, bug fixes, and feature releases as detailed in the following notes.

Version 2.19.44

Enhancements
- Improved debug log collecting
Bug fixes and resolved issues
- Fixed issue where users cannot access an internal app using Private Access if there are more than 100 internal apps.
- Fixed issue where disabling Internet Access in certain steps caused UI issues and crashes.
- Fixed issue where auto proxy discovery is turned on after uninstalling.
- Fixed issue where some logs were not complete.

Zero Trust Secure Access Private Access Connector Version 2.36.0.3401

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—Zero Trust Secure Access Private Access Connector Version 2.36.0.3401 delivers new features and resolved issues.

This update includes the following changes:

Allow users to select a keyboard layout when accessing Web-RDP internal applications through the User Portal.
Fixed the issue of an incorrect connected module count on the TrendAI Vision One™ console caused by ZTNP resilience.
Fixed the DNS issue when querying FQDNs.

Cloud Risk Management firewall exceptions added

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—Cloud Risk Management firewall exceptions have been added to all regions for Real-Time Posture Monitoring.

For more information see the firewall exceptions for your region:

Introducing XDR for Cloud - Azure Activity Logs

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—XDR for Cloud is now available for Azure environments, with support for Azure Activity Logs in public preview. Enable cloud detections for Azure Activity Logs in your Azure subscription to gain actionable insights into user, service, and resource activity. Detection models identify suspicious and malicious activities such as privilege escalation, attempted data exfiltration, critical resource and service disruption, and more.

For more information, see Azure features and permissions.

Cloud Security → Cloud Accounts

Hide sensitive data in Runtime Security

Mon, 05 May 2025 00:00:00 GMT

May 6, 2025—You can now hide sensitive data in the Runtime Security feature in Container Security. This enhancement stops sensitive data leaks within your Runtime Security events, safeguarding your critical information. Concealing sensitive data within these events bolsters your data security and reduces the chances of unauthorized access to confidential information.

For more information, see Enable Runtime Security and scanning features.

Cloud Security → Container Security → Container Inventory

Custom parameters supported for all risk events

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—When creating new rules for risk events or managing risk events in Event Rule Management, you can now set up to five custom parameters for a rule. Available parameters include IP address matches, users, devices, time and date, and more. When all parameters for a rule are met, the rule automatically marks the associated risk event as Remediated, Accepted, or Dismissed. You can add, edit, or remove parameters for your event rules at any time in Event Rule Management.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Schema changes for container vulnerability logs in HEC and S3 connectors

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—We are announcing minor schema changes for container vulnerability logs in Third-Party Integration Splunk HEC and AWS S3 connectors. These changes are designed to facilitate Splunk in capturing event time from container vulnerability logs by placing the event time fields at the beginning of the logs. Users who have enabled container vulnerability logs in their AWS S3 Bucket connector may also be impacted by these changes.

For more information, see Schema changes for Container Vulnerability logs in AWS S3 and Splunk HEC Connectors in TrendAI Vision One™.

Workflow and Automation → Third-Party Integrations

Bi-directionally sync cases with Jira Cloud tickets

Mon, 05 May 2025 00:00:00 GMT

May 5, 2025—Install the TrendAI Vision One™ Connector app and configure the Jira Cloud ticket profile to enable Jira integration with Case Management. See Jira Cloud integration (for Case Management) for details.

Workflow and Automation → Third-Party Integrations

Agentless Vulnerability & Threat Detection supports Windows vulnerability scanning

Fri, 09 May 2025 00:00:00 GMT

May 7, 2025—Agentless Vulnerability & Threat Detection now supports the scanning of resources running Windows instances. For a list of specific supported Windows versions, see Agentless Vulnerability & Threat Detection supported operating systems and language packages.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cloud Security → Cloud Accounts

Agentless Vulnerability & Threat Detection supports Windows vulnerability scanning

Fri, 09 May 2025 00:00:00 GMT

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cloud Security → Cloud Accounts

Application discovery is available for Zero Trust Secure Access Private Access

Wed, 14 May 2025 00:00:00 GMT

Application discovery identifies domains and IP addresses accessed over the past 14 days, helping you determine which internal applications are being used in your organization's network. To facilitate the configuration of access rules, this feature also identifies users who have accessed the internal applications and recommends the most likely user groups.

Zero Trust Secure Access → Secure Access Configuration → Private Access Configuration

Support for Microsoft Defender for Endpoint logs in custom detection filters

Thu, 15 May 2025 00:00:00 GMT

May 15, 2025—TrendAI Vision One™ now supports Microsoft Defender for Endpoint logs in custom detection filters.

This update includes the following changes:

Backup Deletion
Base64 Encoded PE File in Command Line
Clearing of System Logs
Detect Torrent Usage
Hiding a Java Class File
HTA Startup Persistence
Suspicious Bitlocker Encryption
Suspicious Image Load Related to IcedId
Turning Off System Restore

The related custom detection filters have been added to the tm-v1-detection-models GitHub repository. You can import these detection filters to your TrendAI Vision One™ environment to test the new integration.

For more information about custom detection filters, see Create a custom filter.

Azure activity log custom filters

Thu, 15 May 2025 00:00:00 GMT

May 15, 2025—Create and manage custom filters using the Azure activity log when the event type is cloud activity. This option empowers security teams to focus detection on specific activities and behaviors in the Azure cloud infrastructure.

For more information, see Custom filters.

Agentic SIEM & XDR → Detection Model Management → Custom Filters

Filter insights by event time

Fri, 16 May 2025 00:00:00 GMT

May 16, 2025—Workbench now supports filtering insights by event time. This addition allows you to quickly isolate relevant events and correlate events within a defined period.

For more information, see Workbench insights.

XDR Threat Investigation → Workbench

Virtual Network Sensor version 1.0.1479

Mon, 19 May 2025 00:00:00 GMT

May 19, 2025

This update includes enhancements, bug fixes, and security updates for the Virtual Network Sensor including:

This update adds support for QUIC protocol with Virtual Network Sensor.
This update adds support for new Virtual Network Sensor FQDNs.

Customize inactivity and max session timeout

Mon, 19 May 2025 00:00:00 GMT

May 19, 2025—Inactivity timeout and max session timeout can now be customized in TrendAI Vision One™. This gives organizations the flexibility to comply with regulatory standards and meet internal security policy requirements.

The default timeouts for these settings are based on industry best practices:

Inactivity timeout: 15 minutes
Max session timeout: 8 hours

For more details, see Console Settings.

Administration → Console Settings

Least privileges automatically assigned to the StackSets permission execution role

Mon, 19 May 2025 00:00:00 GMT

May 19, 2025—The CloudFormation template for File Security Storage automatically reduces the required StackSets execution role permissions to the minimum necessary for the role.

Cloud Security → File Security

Workbench Insight Progression Update playbooks now available

Mon, 19 May 2025 00:00:00 GMT

May 19, 2025—TrendAI Vision One™ now offers Workbench Insight Progression Update playbooks to automatically notify stakeholders when insights are generated or updated—ensuring timely visibility into threat developments. These playbooks can open or update cases and send email notifications with key insight details. Each notification and case can include a Generative AI-generated summary of the Workbench insight, providing clear and contextual information to support faster, more informed responses.

For more information, see Manually create Workbench Insight Progression Update playbooks.

Workflow and Automation → Security Playbooks

Enhanced risk event filtering for Risk Event Response playbooks

Mon, 19 May 2025 00:00:00 GMT

May 19, 2025—Risk Event Response playbooks now support filtering by asset type to better target relevant risk events—except for the risk events associated with account compromise. Users can specify the asset type when configuring the playbook target and condition settings.

For more information, see Manually create Risk Event Response playbooks.

Workflow and Automation → Security Playbooks

Enhanced security check management for approved senders in Cloud Email Gateway Protection

Tue, 20 May 2025 00:00:00 GMT

May 20, 2025—Cloud Email Gateway Protection extends its Bypass Checks for approved senders in Sender Filter Settings. In addition to the existing Connection Filtering and Spam Filtering criteria, this enhancement allows administrators to determine whether to apply security risks and anomalies scanning on emails from approved senders. This provides a more comprehensive and robust security framework, ensuring that even approved senders are subject to advanced threat detection and mitigation.

Email and Collaboration Security → Cloud Email Gateway Protection

Endpoint Security Policies can now manage deployment of the TrendAI Toolbar for Enterprise browser extension to Windows endpoints

Tue, 20 May 2025 00:00:00 GMT

May 20, 2025—Endpoint Security Policies now include the option to deploy the TrendAI™ Toolbar for Enterprise browser extension to Windows endpoints with the TrendAI Vision One™ Endpoint Security agent installed. The TrendAI™ Toolbar for Enterprise browser extension provides enhanced security capabilities including blocking URLs and domains added to your Suspicious Object List. The browser extension supports Chrome and Microsoft Edge browsers on Windows.

To deploy the toolbar, enable the feature in Endpoint Security Policies. For more information, see Browser Extension.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

Enhanced file scanning with Virtual Analyzer nominated by Correlated Intelligence in Cloud Email Gateway Protection

Tue, 20 May 2025 00:00:00 GMT

May 20, 2025—Cloud Email Gateway Protection allows administrators to decide whether to send files that are identified as suspicious by Correlated Intelligence to Virtual Analyzer for further analysis. Administrator can also specify the security level for configured actions based on Virtual Analyzer’s scan results. This feature enhances file scanning robustness, ensuring more thorough threat detection and improved security.

Email and Collaboration Security → Cloud Email Gateway Protection

Minimum password length updated to 12 characters for enhanced security

Wed, 21 May 2025 00:00:00 GMT

May 21, 2025—The minimum password length for TrendAI Vision One™ user accounts increases from 8 characters to 12 characters to align with Payment Card Industry Data Security Standard (PCI DSS) requirements and industry best practices. This change helps strengthen access control and protect against brute-force attacks.

Existing passwords with less than 12 characters are still allowed for login, but newly created user accounts and updated passwords are required to meet the new minimum password length of 12 characters.

TrendAI Vision One™ → Account Settings

Replacement with text or file available for password-protected files in Malware Scanning detection in Cloud Email and Collaboration Protection

Fri, 23 May 2025 00:00:00 GMT

May 23, 2025—Cloud Email and Collaboration Protection includes the “Replace with text/file” action for detecting password-protected files in Malware Scanning for Exchange Online and Exchange Online (Inline Mode). This enhancement allows administrators to replace password-protected files in emails with the preconfigured text or file.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Correlated Intelligence available for Gmail (Inline Mode) in Cloud Email and Collaboration Protection

Fri, 23 May 2025 00:00:00 GMT

May 23, 2025—Cloud Email and Collaboration Protection extends Correlated Intelligence to Gmail (Inline Mode) service protection. Administrators can configure Correlated Intelligence settings in ATP policies for Gmail (Inline Mode). This helps find security risks and anomalies in employees' emails using predefined and custom correlation rules and detection signals.

The warning banner feature is not available for Gmail (Inline Mode).

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced attachment password guessing with AI capabilities in Cloud Email and Collaboration Protection

Fri, 23 May 2025 00:00:00 GMT

May 23, 2025—Cloud Email and Collaboration Protection improves the attachment password guessing feature by integrating AI. This enhancement uses contextual inference from email content to attempt to find passwords, facilitating the detection of malicious payloads in attached files.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Email and Collaboration Protection audit logs available in TrendAI Vision One

Fri, 23 May 2025 00:00:00 GMT

May 23, 2025—Cloud Email and Collaboration Protection sends its audit logs to TrendAI Vision One™. Administrators can filter and view these logs alongside other TrendAI Vision One™ audit logs in a centralized location - the Audit Logs screen under Administration.

Administration → Audit Logs

Helm Chart 3.0.0

Mon, 26 May 2025 00:00:00 GMT

May 26, 2025—The 3.0.0 Helm Chart introduces changes that are essential for accessing new functionalities and improving performance. Only TrendAI Vision One™ users are supported for this version and future releases.

This release also includes a minor update to your Helm value overrides and firewall settings required when upgrading from cloudone-container-security-helm. See Upgrade Helm chart from Trend Cloud One to TrendAI Vision One™ for more information.

References

https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.0.0

Introducing Data Policy and Data Inventory

Mon, 26 May 2025 00:00:00 GMT

May 26, 2025—Data Policy and Data Inventory are now in public preview as part of the TrendAI Vision One™ platform. These additions to the Data Security group expand visibility of your sensitive and business-critical data to on-prem and hybrid environments, and provide a quick way for you to identify devices and files that are at risk.

With Data Policy, you can create data policies that define the network locations where sensitive data resides, including the ability to specify which file types to monitor.
TrendAI Vision One™ uses data policies to create a catalog of files and assets with sensitive data in the network locations, which you can then view in Data Inventory. From there, you can identify and action risks to prevent data leakage before it happens.

These new features provide a comprehensive approach to identifying and securing sensitive data, helping your organization maintain robust data protection and compliance across your network infrastructure. For more information, see Data Policy and Data Inventory.

Data Security → Data Policy

Data Security → Data Inventory

Data Detection and Response now available in Workbench

Mon, 26 May 2025 00:00:00 GMT

May 26, 2025—Data Detection and Response capabilities have been extended to Workbench. This update includes new features to help you safeguard your sensitive data:

Workbench alerts: Track and investigate potential sensitive data leakage with timely notifications.
Data lineage graph: Visualize how sensitive data is shared or transmitted within your environment.

To leverage these features, enable Data Security and create data policies to specify which network locations to monitor. Enhance your data protection strategy with these advanced tools, now available in Workbench.

For more information, see Data Lineage.

Agentic SIEM & XDR → Workbench

Data Detection and Response now available in Observed Attack Techniques

Mon, 26 May 2025 00:00:00 GMT

May 26, 2025—Data Detection and Response capabilities have been extended to Observed Attack Techniques. This enhancement brings powerful new features to improve your data security:

Data lineage: Visualize the flow and transformation of data within your organization.
Data risk: Use Data Detection and Response detection filters to identify potential risks for data collection and exfiltration.

To take advantage of these new features, enable Data Security and create at least one data policy in your organization.

For more information, see View sensitive data events in Observed Attack Techniques.

Agentic SIEM & XDR → Observed Attack Techniques

Mobile Security for Business app version 2.0.1448

Tue, 27 May 2025 00:00:00 GMT

May 27, 2025—Mobile Security for Business app version 2.0.1448 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Supports web reputation checks on websites accessed in Microsoft Edge.

Manual scanning available for Agentless Vulnerability & Threat Detection

Thu, 29 May 2025 00:00:00 GMT

May 29, 2025—You can now conduct manual scans for vulnerabilities and malware on connected cloud accounts that have Agentless Vulnerability & Threat Detection enabled. To trigger a manual scan, go to Cloud Security Posture and click Scan next to the Agentless Vulnerability & Threat Detection entry in the Available features widget. To learn more, see Scan manually for vulnerabilities and malware.

Cloud Security → Cloud Risk Management → Cloud Security Posture

Support for Forcepoint logs in custom detection filters

Fri, 30 May 2025 00:00:00 GMT

May 30, 2025—TrendAI Vision One™ now supports Forcepoint logs in custom detection filters.

This update includes the following changes:

Alert Server Active Alert Queue Full
Connection Allowed
Connection Closed Abnormally
Connection Closed
Connection Discarded
Firewall Authentication New Configuration Successfully Installed
Firewall DHCP Reply Received
Firewall DHCP Request Received
Firewall IPsec Information
Firewall New IPsec VPN Connection
Firewall New Route Based VPN Connection
Firewall Protocol Agent Transport Protocol Violation
Firewall Related Connection
Firewall Synchronization Receiving Sync Messages
Firewall Synchronization State Sync Failed to Receive
Firewall System Security Policy Reload
Free Disk Space on Server Reached Alert Threshold
IKE Invalid Exchange Type
IKE Invalid KE Payload
IKE Invalid Next Payload
IKE Invalid Protocol ID
IKE Invalid Syntax
IKE No Proposal Chosen
IKE Rejected Message
IKE Retry Limit Reached
IKE SA Deleted
IKE SA Initiator Done
IKE SA Responder Done
IKE SA Responder Failed
IKE Starting Initiator Negotiation
IKE Starting Responder Negotiation
IKE Timeout
IKE Traffic Selector Unacceptable
IPSEC ESP SA Look-up Failure
IPsec SA Deleted
IPsec SA Initiator Done
IPsec SA Responder Done
Management Server Sign-in Failed
System Cluster-Protocol Event
System Policy Applied
System Policy Loaded

For more information about custom detection filters, see Create a custom filter.

New proxy support for Runtime Malware Scanning

Fri, 30 May 2025 00:00:00 GMT

May 30, 2025—Runtime Malware Scanning now supports HTTP, HTTPS, and sock5 proxy in Container Security. You can assign proxy settings while creating clusters in Container Inventory or when installing Helm chart.

For information about creating new clusters or installing Helm chart, see Kubernetes clusters and Supported Helm versions.

Cloud Security → Container Security → Container Inventory

Runtime Secret Scanning now available

Sat, 31 May 2025 00:00:00 GMT

May 31, 2025—TrendAI Vision One™ now supports Runtime Secret Scanning in Container Security. Enable Runtime Secret Scanning to detect secrets in your containers, ensuring that any exposures in production containers are detected quickly.

For more information, see Enable Runtime Security and scanning features.

Cloud Security → Container Security → Container Inventory

Zero Trust Secure Access module for Windows version 2.23.1042

Mon, 02 Jun 2025 00:00:00 GMT

June 2, 2025—The latest version of the Zero Trust Secure Access Module for Windows has been released.

New features
- During OOBE (Out-of-Box Experience) mode, Zero Trust Secure Access bypasses all traffic.
Enhancements
- Shows system notification when Private Access is disconnected.
Resolved issues
- When WMI (Windows Management Instrumentation) was corrupt in Windows, the Zero Trust Secure Access UI was unable to display.
- When NTLM is enabled and Forward Proxy Service was installed on the Service Gateway, Zero Trust Secure Access failed to sign-in.
- A sign-in pop-up window constantly appeared even if Internet Access was connected.

Pay-as-you-go billing for XDR for Cloud now available on AWS Marketplace

Mon, 02 Jun 2025 00:00:00 GMT

June 2, 2025—XDR for Cloud is now available with hourly pay-as-you-go billing via AWS Marketplace. You can now choose between allocating credits and using consumption-based pay-as-you-go billing for your XDR for Cloud usage.

To get started with pay-as-you-go, purchase a TrendAI Vision One™ pay-as-you-go contract on AWS Marketplace. For existing subscribers, you can simply switch between billing models for XDR for Cloud in Credits & Billing.

For more information, see Pay-as-you-go.

TrendAI™ Flex Licensing → Platform Usage and Credits

Support for Microsoft Defender for Endpoint logs in custom detection filters

Mon, 02 Jun 2025 00:00:00 GMT

June 2, 2025—TrendAI Vision One™ now supports Microsoft Defender for Endpoint logs in custom detection filters.

This update includes the following changes:

Suspicious Behavior by cmd.exe Observed
USB Drive Letter Changed
USB Drive Mounted
USB Drive Unmounted
User Account Added to Local Group
User Account Created
User Account Deleted
User Account Modified
User Account Removed from Local Group
LSASS Process Memory Write
Post-exploitation Tool Detected
SmartScreen Exploit Warning
SmartScreen URL Warning
SmartScreen User Override
Attempt to Tamper with Microsoft Defender XDR
Connection to Untrusted Wi-Fi Network
Get Clipboard Data
High Severity Alert
Registry Auto-Start Service
Remote Desktop Connection
Security Group Deleted

For more information about custom detection filters, see Create a custom filter.

EventBridge sync for File Security Storage CloudFormation template

Mon, 02 Jun 2025 00:00:00 GMT

June 2, 2025—Users now have an installation option that turns on the scanning of buckets by default if they have EventBridge enabled or does not turn on the scanning of any bucket when setting up their CloudFormation template.

Cloud Security → File Security → File Security Storage

Zero Trust Secure Access adds PoP site in Google Cloud Taiwan

Mon, 02 Jun 2025 00:00:00 GMT

June 2, 2025—Zero Trust Secure Access Internet Access now supports the Google Cloud Taiwan region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Internet Access rules allow for destination location filtering

Mon, 02 Jun 2025 00:00:00 GMT

June 2, 2025—You can now filter your internet access rules based on the destination. This enables you to enhance security by blocking specific countries and regions, or restricting access to URLs based on geographic location.

For more information, see Create an internet access rule.

Zero Trust Secure Access → Rules → Internet Access

Zero Trust Secure Access On-premises Gateway Version 1.0.65

Tue, 03 Jun 2025 00:00:00 GMT

June 3, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.65 is now available.

New Features

Support destination geolocation-based traffic filtering for internet access control.
Support mobile based device posture checking for internet access control.

Enhancements

Improved WRS query handling for private IP destinations in on-premises gateway
Optimized memory usage in the on-premises gateway
Integrated the latest prompt injection detection service for the on-premises gateway with AI.

New macOS Support for Vulnerability Assessment

Tue, 03 Jun 2025 00:00:00 GMT

June 3, 2023—TrendAI Vision One™ Vulnerability Assessment now includes support for macOS. This enhancement allows you to:

Detect known Common Vulnerabilities and Exposures (CVEs) in macOS applications and operating systems.
Automatically enable Vulnerability Assessment on macOS endpoints with the TrendAI Vision One™ Endpoint Security agent installed.
Connect additional third-party data sources for increased visibility into vulnerabilities in macOS assets.

This update ensures comprehensive vulnerability management across all major operating systems, enhancing your organization's security posture. To learn more about supported macOS versions and applications, see Vulnerability Assessment supported operating systems and Vulnerability Assessment supported macOS applications.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

TrendAI Vision One Endpoint Security agent June 2025 update - Windows

Wed, 04 Jun 2025 00:00:00 GMT

June 4, 2025—TrendAI Vision One™ Endpoint Security agent version 202506 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.1.0.5544
Service communication manager (VOM) plug-in version 1.2.0.987
Endpoint sensor version 1.2.0.6320
Attack Surface Discovery version 1.0.0.3854
Server & Workload Protection version 20.0.2.12290

Detailed release notes:

Enhancements
- Network Content Inspection Engine for Endpoint Sensor can now operate alongside the Standard Endpoint Protection version of Network Content Inspection Engine
- Attack Surface Discovery enhances data collection of hardware and network information
- Server & Workload Protection: Adds support for .jsp file extension
- Server & Workload Protection: Allows iAU to duplicate full pattern if incremental version is not available
- Server & Workload Protection: Web Reputation by default enables use of Server Name Indication (SNI) queries when determining the risk level of a website
- Server & Workload Protection: Enhancements to information of results from Process Memory Scan deduplications.
Bug fixes and resolved issues
- Fixed an issue preventing Endpoint Sensor from updating Network Content Inspection Engine pattern updates when deployed to agents with Standard Endpoint Protection features installed
- Server & Workload Protection: Fix issue causing agent crash on x86 systems if only Web Reputation is enabled
- Server & Workload Protection: Fix issue causing agent to not update using TrendAI Vision One™ version control policies
- Server & Workload Protection: Fix system hang issue when AMSP attempts to write logs
- Server & Workload Protection: Fix potential crash issue during SSL handshake

Release schedule:

Batch 1: June 4, 2025
Batch 2: June 11, 2025
Batch 3: June 18, 2025

TrendAI Vision One Endpoint Security agent June 2025 update - Linux

Wed, 04 Jun 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.744
Endpoint Sensor version 3.0.0.6437
Server & Workload Protection version 20.0.2.12010

Detailed release notes:

Enhancements
- Update CACert
- Endpoint Sensor supports .jsp file extension
- Server & Workload Protection: Adds support for .jsp file extension
- Server & Workload Protection: Web Reputation by default enables use of Server Name Indication (SNI) queries when determining the risk level of a website
Bug fixes and resolved issues
- Fixes bugs for agent program and Endpoint Sensor
- Server & Workload Protection: fix issue where agent reports 5102 Protection Module Deployment Failed with "no such file or directory" when version control policy is enabled
- Server & Workload Protection: Fix potential crash issue during SSL handshake

Release schedule:

Batch 1: June 4, 2025
Batch 2: June 11, 2025
Batch 3: June 18, 2025

TrendAI Vision One Endpoint Security agent June 2025 update - macOS

Wed, 04 Jun 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.521
- ws_communicator.app
- XBCAgent.app
- PreCheck.app
- SilentInstaller.app
Endpoint sensor version 1.2.520

Detailed release notes:

Enhancements
- Agent now supports Data Vulnerability
- Agent now supports Incident Response for macOS
Bug fixes and resolved issues
- Update includes several bug fixes to the agent program and Endpoint Sensor

Release schedule:

Batch 1: June 4, 2025
Batch 2: June 11, 2025
Batch 3: June 18, 2025

Zero Trust Secure Access Private Access Connector Version 2.37.0.1734

Thu, 05 Jun 2025 00:00:00 GMT

June 5, 2025—Improved System Stability and Performance Enhancements include fixes for memory leaks, relay server tunnel disconnects, and added metrics for relay connection status

Resolved Issues

Fixed memory leaks that occurred with the dPID process responsible for Access Rule enforcement.
Fixed frequent relay server tunnel disconnects caused by improper session cleanup.
Additional metrics to track the status of the relay connection.
Minor bug fixes

New custom detection filters for Microsoft logs

Thu, 05 Jun 2025 00:00:00 GMT

June 5, 2025—TrendAI Vision One™ supports new custom detection filters for Microsoft.

Try these detection filters to enhance Microsoft log analysis:

Possible theft of passwords and other sensitive web browser information
Backdoor Detected
Backdoor Prevented
BloodHound Process Detection
CertUtil Remote Download
Hacktool Detected
Hacktool Prevented
Malware Detected
Ransomware Prevented
Remote exfiltration activity
Suspicious Hacking Tool Detected
Unwanted Software Prevented
Unwanted Software Detected
Wevtutil Clear Windows Event Logs
Windows Network Sniffing
AMSI Script Detection
Possible ongoing hands-on-keyboard activity (Cobalt Strike)

Download these custom detection filters from GitHub. For more information see Custom filters.

XDR Threat Investigation → Detection Model Management

Virtual Network Sensor version 1.0.1495

Mon, 09 Jun 2025 00:00:00 GMT

June 09, 2025—Virtual Network Sensor version 1.0.1495 includes enhancements, bug fixes, and security updates.

This update includes the following change:

This update adds support for simulating the APT28 attack.

AI-recommended events for enhanced Workbench insight correlation

Mon, 09 Jun 2025 00:00:00 GMT

June 9, 2025—Workbench now intelligently surfaces AI-recommended events related to endpoints within an existing insight. These recommendations help you:

Discover related activity that may not have been initially included in the insight.
Add relevant events directly to the insight for further correlation.

This feature can give you a more complete and accurate picture of a potential incident and accelerate your investigation by uncovering hidden connections and suspicious activity that might otherwise go unnoticed.

XDR Threat Detection → Workbench

Real-Time Posture Monitoring now available for Azure Subscriptions

Tue, 10 Jun 2025 00:00:00 GMT

June 10, 2025—CREM Cloud Risk Management now supports Real-Time Posture Monitoring previously titled Real-Time Monitoring (RTM) for Azure subscriptions connected through the Cloud Accounts app. You can enable Real-Time Posture Monitoring while creating a new Azure subscription or turn the feature on for existing subscription or organizations. For more information, see Real-Time Posture Monitoring settings

Cloud Security → Cloud Risk Management

Helm Chart 3.0.1

Fri, 13 Jun 2025 00:00:00 GMT

June 13, 2025—The 3.0.1 Helm Chart release includes a minor update to your Helm value overrides and firewall settings required when upgrading from cloudone-container-security-helm. See Upgrade Helm chart from Trend Cloud One to TrendAI Vision One™ for more information.

Detailed release notes:

Enhancements
- Malware scanning supports ARM64 architecture.
- Send Kubernetes events when authentication token is expired or invalid.
- Automatically clean up all Container Security custom resources when uninstalling Helm Chart.
- Support for installing container images in a registry with no "project". The images.defaults.project field is not handled correctly when empty.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.0.1.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.0.1

Service Gateway: Smart Protection Services Version 2.0.5

Mon, 16 Jun 2025 00:00:00 GMT

June 16, 2025—Service Gateway Smart Protection Services Version 2.0.5 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update resolves integration issues between sg-gcs (Generic Cache Service) and other system components.
This update automatically removes outdated files during patch installation to ensure a clean deployment environment.

Service Gateway Firmware Version 3.0.20

Mon, 16 Jun 2025 00:00:00 GMT

June 16, 2025—Service Gateway Firmware Version 3.0.20 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update upgrades the appliance base OS to Rocky Linux 9.5, addressing several known security vulnerabilities.
This update upgrades MicroK8s to version 1.30, along with updated container images, to ensure improved orchestration and compatibility.
This update modifies default OVA settings to use RHEL 7 OS type and VMXNET3 NIC for better compatibility with VMware platforms.
This update introduces a new PML scan setting in File Security Virtual Appliance (FSVA) to enhance scan configuration flexibility.
This update addresses various issues to enhance overall system reliability and correctness.

Customized timeout RBAC permissions update

Mon, 16 Jun 2025 00:00:00 GMT

June 16, 2025—To provide proper Role-Based Access Control (RBAC) for console settings, only “Master Administrator” and “Operator" can edit pre-defined roles. "Endpoint Administrator" and "Email Administrator" can still view the Console Settings page, but no longer have the permissions required to make changes to it.

For more details, see Console Settings.

Administration → Console Settings

Helm Chart 3.0.2

Mon, 16 Jun 2025 00:00:00 GMT

June 16, 2025—The 3.0.2 Helm Chart release includes a minor update to your Helm value overrides and firewall settings required when upgrading from cloudone-container-security-helm. See Upgrade Helm chart from Trend Cloud One to TrendAI Vision One™ for more information.

Detailed release notes:

Enhancements
- Switched communication protocol used by internal components to communicate with backend.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.0.2.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.0.2

Container Security Helm chart upgrade

Mon, 16 Jun 2025 00:00:00 GMT

June 16, 2025—TrendAI Vision One™ now supports a new version of Helm chart for Container Security. This upgrade version improves performance and adds access to new functionality. The Helm chart repository is at a new location in GitHub: https://github.com/trendmicro/visionone-container-security-helm.

Important

You must modify your Helm override file values and firewall exceptions for this new version.

For more information, see Upgrade Helm chart from Cloud One to TrendAI Vision One™.

Cloud Security → Container Security → Container Inventory

New osquery and YARA rule templates with TrendAI Threat Intelligence for Response Management

Mon, 16 Jun 2025 00:00:00 GMT

June 16, 2025—Announcing the availability of new pre-built osquery and YARA rule templates in TrendAI Vision One™ Response Management. These templates are designed to detect suspicious and malicious behaviors, streamlining the investigation and triage of potential breaches. With these templates you can expect:

Enhanced security posture powered by TrendAI Vision One™, delivering proactive identification of emerging threats, adversary tactics, and vulnerabilities relevant to your environment.
Seamless integration of ready-to-use templates into your existing operational workflows, accelerating incident response and investigation.

Access these templates from the Response scripts tab in Response Management. For more information see Response Management.

Workflow and Automation → Response Management

Mail tracking logs for accepted traffic integrated with TrendAI Vision One

Tue, 17 Jun 2025 00:00:00 GMT

June 17, 2025—Cloud Email Gateway Protection now supports uploading mail tracking logs for the accepted traffic type to TrendAI Vision One™. This enhancement allows customers to:

Query accepted traffic logs directly in the Search app
Integrate these logs with third-party platforms via the Third-Party Integration app

To query mail tracking logs in the Search app, you can use the following fields:

scanType: gateway_realtime_accepted_mail_traffic
pname: Cloud Email Gateway Protection, and then filter the search result by LogType: messaging
msgUuid or mailMsgId

Note that multiple records may share the same msgUuid or mailMsgId if an email undergoes several rounds of scans or actions based on the configured policy rules.

Only newly generated accepted traffic logs are uploaded; historical logs are not migrated.

Agentic SIEM and XDR → XDR Data Explorer

Helm Chart 3.0.3

Tue, 17 Jun 2025 00:00:00 GMT

June 17, 2025—The 3.0.3 Helm Chart release includes a minor update to your Helm value overrides and firewall settings required when upgrading from cloudone-container-security-helm. See Upgrade Helm chart from Trend Cloud One to TrendAI Vision One™ for more information.

Detailed release notes:

Bug fixes
- Fixes occasional issues when upgrading from Cloud One.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.0.3.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.0.3

Mail tracking logs for accepted traffic integrated with TrendAI Vision One

Tue, 17 Jun 2025 00:00:00 GMT

June 17, 2025—Cloud Email Gateway Protection now supports uploading mail tracking logs for the accepted traffic type to TrendAI Vision One™. This enhancement allows customers to:

Query accepted traffic logs directly in the Search app
Integrate these logs with third-party platforms via the Third-Party Integration app

To query mail tracking logs in the Search app, you can use the following fields:

scanType: gateway_realtime_accepted_mail_traffic
pname: Cloud Email Gateway Protection, and then filter the search result by LogType: messaging
msgUuid or mailMsgId

Note that multiple records may share the same msgUuid or mailMsgId if an email undergoes several rounds of scans or actions based on the configured policy rules.

Only newly generated accepted traffic logs are uploaded; historical logs are not migrated.

Agentic SIEM and XDR → XDR Data Explorer

Email header scanning in DLP policy available for more email services and protection modes

Fri, 20 Jun 2025 00:00:00 GMT

June 20, 2025—The Data Loss Prevention policy feature, which previously supported scanning email header fields for Exchange Online, now extends to Gmail, Exchange Online (Inline Mode, and Gmail (Inline Mode). This enhancement allows DLP policies to inspect email headers in addition to the subject, body, and attachments, providing broader coverage and more consistent protection across supported platforms.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced email reporting to skip emails matching global approved header fields for Exchange Online

Fri, 20 Jun 2025 00:00:00 GMT

June 20, 2025—Cloud Email and Collaboration Protection enhances its email reporting feature by allowing administrators to control whether reported Exchange Online emails—matching the approved header field list configured under Global Settings—are sent to TrendAI™ for further analysis. This provides greater flexibility for admins to manage data handling based on organizational policies and privacy considerations.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced malware scanning to detect active content in PDF files

Fri, 20 Jun 2025 00:00:00 GMT

June 20, 2025—Besides Microsoft office files as attachments, Cloud Email and Collaboration Protection supports detecting active content in PDF files attached to emails in Exchange Online and Exchange Online (Inline Mode). It can then take the configured action on emails containing active content in attached PDF files.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Virtual Network Sensor version 1.0.1504

Mon, 23 Jun 2025 00:00:00 GMT

June 23, 2025—Virtual Network Sensor version 1.0.1504 includes enhancements, bug fixes, and security updates.

This update includes the following change:

This update adds support for simulating the Black Basta attack.

Zero Trust Secure Access On-premises Gateway Version 1.0.66

Mon, 23 Jun 2025 00:00:00 GMT

June 23, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.66 is now available.

Enhancements

Enhancements
- Disable the use of Google Public DNS for certain traffic in on-premises gateways and use the configured DNS instead.

Central management of Deep Discovery Inspector detection rules in Network Analysis Configuration

Mon, 23 Jun 2025 00:00:00 GMT

June 23, 2025—You can now manage detection rules in Network Analysis Configuration for all connected Deep Discovery Inspector appliances version 6.8 Service Pack 1 or later by enabling central management for Deep Discovery Inspector resources.

For more information, see Detection Rules.

Network Security → Network Analysis Configuration

Workbench insight enrichment with associated Threat Intelligence Sweeping alerts

Mon, 23 Jun 2025 00:00:00 GMT

June 23, 2025—Workbench can now automatically associate Threat Intelligence Sweeping alerts with Workbench insights to enhance your investigations. You can also manually add these alerts to insights when you identify relevant connections. The associated Threat Intelligence Sweeping alerts enrich the insights by providing additional indicators of compromise and threat context directly within your insights.

With this feature, you can have more streamlined and comprehensive investigations into potential security incidents.

XDR Threat Detection → Workbench

Endpoint Security Supports Red Hat Enterprise Linux 9 (ARM64)

Wed, 25 Jun 2025 00:00:00 GMT

June 25, 2025—The TrendAI Vision One™ Endpoint Security agent now supports deploying Server & Workload Protection and Endpoint Sensor to Red Hat Enterprise Linux 9 (ARM64) endpoints.

For details on supported Linux platforms, see Endpoint Agent System Requirements.

Endpoint Security → Endpoint Inventory

Central management of network resources now available in Network Resources

Wed, 25 Jun 2025 00:00:00 GMT

June 25, 2025—Users now have the flexibility to sync network resources from either Deep Discovery Inspector appliances version 6.8 or later or TrendAI Vision One™.

Network Security → Network Analysis Configuration → Network Resources

Helm Chart 3.0.4

Fri, 27 Jun 2025 00:00:00 GMT

June 27, 2025—The 3.0.4 Helm Chart release includes the following:

Enhancements
- Improved namespace management in Red Hat OpenShift.
Bug fixes
- Fixed Scout error in Amazon ECS and Red Hat OpenShift.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.0.4.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.0.4

Runtime malware scanning in Container Security now supports ARM64

Fri, 27 Jun 2025 00:00:00 GMT

June 27, 2025—The Runtime Malware Scanning feature now supports ARM64 CPU node clusters. This update brings full functionality to ARM64 architecture while maintaining support for x86 platforms, and applies to clusters running Helm chart 3.0.1 and later. For more information, see Enable Runtime Security and scanning features.

Cloud Security → Container Security

Nozomi Vantage integration now available

Sun, 29 Jun 2025 00:00:00 GMT

June 30, 2025—TrendAI Vision One™ now allows for integration with the Nozomi Networks Vantage OT/IoT security platform. The enables the Nozomi Vantage connector to extract asset data, inventory information, and security alerts from industrial control systems and forward the data telemetry to TrendAI Vision One™ for use in risk analysis and threat correlation. Configure API authentication in your Nozomi Vantage console to begin enabling the integration. to enable secure data feeds and enhance your converged IT/OT security visibility and threat correlation.

Workflow and Automation → Third-Party Integrations

Zero Trust Secure Access module for Windows version 2.24.1059

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—This update includes security enhancements, bug fixes, and feature releases as detailed in the following notes.

Version 2.24.1059

Enhancements
- Update skips connectivity checks for other proxies in the PAC file if any proxy is reachable.
- Update replaces the netsh command with a Windows API or PowerShell command.
Bug fixes and resolved issues
- Update prevents update an uninstall processes from running simultaneously
- Fix crash issues in ZTSAUpdate.exe and ZTSADownloader.exe that could occur during update process
- Fix issue where changes to the NTLM setting in TrendAI Vision One™ does not immediately take effect in the Zero Trust Secure Access module
- Fix issue where NTLM authentication fails when NT service account is logged in
- Fix issue where Private Access internal apps are not reachable if any internal app FQDN contains a space
- Fix issue where Private Access connection fails because an empty proxy is used for connecting to TrendAI™ services

Zero Trust Secure Access module for macOS version 2.21.90

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—This update includes security enhancements, bug fixes, and feature releases as detailed in the following notes.

Version 2.21.90

Bug fixes and resolved issues
- Fixed issue where Private Access disconnection notifications were missing after a module update and removed residual search domain information from the system
- Fixed issue where search domain details persisted in system settings following an abnormal Private Access disconnection.

Mobile Security for Business app version 2.0.1133

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—Mobile Security for Business app version 2.0.1133 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Optimizes posture check functions.

Keyword search for all platform data now available in public preview

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—Click the search bar at the top of the screen and type a keyword to search detections, assets, vulnerabilities, logs, and more across the TrendAI Vision One™ platform. Quickly obtain an overview of the information you need across TrendAI Vision One™ all in one convenient place.

Mobile Security for Business app version 2.0.1461

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—Mobile Security for Business app version 2.0.1461 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Optimizes posture check functions.
Displays detected issues while a scan is in progress.
Fixes an issue where the agent status on the console does not update when the app is uninstalled from the personal profile on company-owned devices when Microsoft Intune or Other MDM serves as the MDM.

Server & Workload Protection now features recommended exclusions for Anti-Malware scans

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—Server & Workload Protection now features Recommended Exclusions as a common object in Policies for use with Anti-Malware scans.

Recommended Exclusions is a list which contains apps and programs TrendAI™ recommends excluding from Anti-Malware scans depending on your security environment. You can add recommended exclusions individually, or run the Recommendation Scan from the computer editor to discover listed apps installed on individual endpoints. Additionally, you can configure your agent to dynamically apply exclusions based on regular scans. For more information, see Recommended Exclusions

Endpoint Security → Server & Workload Protection → Policies or Computers.

Retro scan available for custom detection models

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—Reanalyze historical data against your existing custom detection filters and uncover missed threats. Enhance threat hunting efficiency with retroactive scanning.

For more information, see Run retro scans on custom model data.

Agentic SIEM and XDR → Detection Model Management

Third-party log correlation in Workbench alerts

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—Workbench now uses third-party logs for alert correlation. The enriched content and linking details can give more context to triage security events.

Agentic SIEM and XDR → Workbench

Host investigation now available

Mon, 30 Jun 2025 00:00:00 GMT

June 30, 2025—The Search app now allows you to investigate hosts with greater efficiency. Simplify your workflow and reduce reliance on complex queries, enabling faster and more effective threat detection. Stay ahead of potential threats with continuous monitoring in the Dashboards app, now accessible on the Host Investigation tab.

Leverage host investigation and significantly reduce MTTx, ultimately improving your overall operational efficiency. Upgrade your threat-hunting process and stay one step ahead in the ever-evolving cybersecurity landscape.

For more information, see XDR Data Explorer.

Agentic SIEM and XDR → XDR Data Explorer

Dashboards and Reports → Dashboards

Extend Cyber Risk Exposure Management capabilities to cover Microsoft Defender for Endpoint assets

Mon, 30 Jun 2025 00:00:00 GMT

Important

This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.

June 30, 2025—You can now extend the capabilities of Cyber Risk Exposure Management to assets in your environment covered by Microsoft Defender for Endpoint. Integrating Microsoft Defender for Endpoint via an Azure subscription in Cloud accounts enables you to gain insights into the security configuration of your Microsoft Defender for Endpoint-managed assets in Cyber Risk Overview, visibility over discovered assets in Attack Surface Discovery, and information on asset misconfigurations in Threat and Exposure Management. To learn how to integrate your Microsoft Defender for Endpoint data for use in Cyber Risk Exposure Management, see Enable Microsoft Defender for Endpoint Log Collection.

Cyber Risk Exposure Management → Cyber Risk Overview

Host investigation now available

Mon, 30 Jun 2025 00:00:00 GMT

For more information, see XDR Data Explorer.

Agentic SIEM and XDR → XDR Data Explorer

Dashboards and Reports → Dashboards

Enhanced Condition node for Automated Response Playbooks

Tue, 01 Jul 2025 00:00:00 GMT

July 1, 2025—The Condition node in Automated Response Playbooks now supports three powerful new filters—Asset group, Asset criticality, and Custom tags—enabling more targeted automation that aligns response actions with the value and context of your assets.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

New frameworks and features added (July 2, 2025)

Wed, 02 Jul 2025 00:00:00 GMT

July 2, 2025—This release introduces new compliance frameworks and enhanced features to improve compliance management and audit readiness.

Frameworks added:

CIS Critical Security Controls Version 8.1
HIPAA 45 CFR
NIST CSF 2.0

Additional features included:

Enhanced custom compliance framework builder: Tailor existing frameworks, create new frameworks, and create new controls to meet specific industry requirements and ensure more relevant and effective compliance checks, greatly reducing the need for manual compliance audits.
Support for Compliance Management cases: Create Compliance Management cases for assets to be remediated to address your organization's compliance analysis fail rate.
CSV and PDF reports of your organization's pass rate for custom frameworks: View actionable and comprehensive recommendations and analysis generated by AI, and simplify the audit preparation process with easy-to-share reports.
Configuration exclusions: Disable certain configurations from compliance analysis to improve the pass rate of your organization.

New features and frameworks available in Compliance Management

Wed, 02 Jul 2025 00:00:00 GMT

July 2, 2025—Compliance Management now offers the following updated features:

New supported frameworks: CIS Critical Security Controls Version 8.1, HIPAA 45 CFR, and NIST CSF 2.0.
Enhanced custom compliance framework builder: Tailor existing frameworks, create new frameworks, and create new controls to meet specific industry requirements and ensure more relevant and effective compliance checks, greatly reducing the need for manual compliance audits.
Support for Compliance Management cases: Create Compliance Management cases for assets to be remediated to address your organization's compliance analysis fail rate.
CSV and PDF reports of your organization's pass rate for custom frameworks: View actionable and comprehensive recommendations and analysis generated by AI, and simplify the audit preparation process with easy-to-share reports.
Configuration exclusions: Disable certain configurations from compliance analysis to improve the pass rate of your organization.

Cyber Risk Exposure Management → Cyber Governance & Risk Compliance → Compliance Management

Compliance Management cases now supported

Wed, 02 Jul 2025 00:00:00 GMT

July 2, 2025—You can now open TrendAI Vision One™ cases in Compliance Management to track and manage non-compliant assets.

For more information, see TrendAI Vision One™ cases.

Cyber Risk Exposure Management → Cyber Governance & Risk Compliance → Compliance Management

Workflow and Automation → Case Management

Enhanced SAML group synchronization with Microsoft Entra ID

Thu, 03 Jul 2025 00:00:00 GMT

July 3, 2025—You can now add SAML groups using either group object IDs or email addresses for Microsoft Entra ID groups. This allows groups without email addresses to have SSO functionality.

TrendAI Vision One™ also supports real-time and regular sync of group data from Microsoft Entra ID to keep your SAML groups up to date, with an option to manually trigger data sync when needed.

The enhancements require access to the tenants where the groups reside. For groups added before June 30, 2025, ensure that the required access is granted to maintain SSO access and stay current.

For details, see Add a SAML Group Account for Microsoft Entra ID.

Administration → User Accounts

Zero Trust Secure Access On-premises gateway version 1.0.67

Mon, 07 Jul 2025 00:00:00 GMT

July 07, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.67 is now available.

Enhancements
- Enhanced the scanner to filter traffic of public AI services by AI category for rule matching.
- Fixed the issue that allowed users to bypass SafeSearch filters on the Yahoo Español search results page.

Subscription notification for Container Security releases

Mon, 07 Jul 2025 00:00:00 GMT

July 7, 2025—You can now add a subscription notification for new Container Security releases. Enabling this subscription sends email or webhook notifications about Helm Chart and ECS stack components when new updates are released.

For more information, see Notifications.

Administration → Notifications

New --evaluatePolicy flag for Artifact Scanner

Mon, 07 Jul 2025 00:00:00 GMT

July 7, 2025—TrendAI™ Artifact Scanner (TMAS) now supports the new --evaluatePolicy flag, which allows you to evaluate the TMAS scan results against your Code Security policy to preview the policy evaluation functionality. Policy evaluation is available for vulnerabilities, secrets, and malware scanners.

For more information, see the WHATS-NEW.md file included with the binary and the --evaluatePolicy flag information in Artifact Scanner CLI.

Important

This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.

Cloud Security → Code Security

Support for CrowdStrike Falcon logs in custom detection filters (July 8, 2025)

Tue, 08 Jul 2025 00:00:00 GMT

July 8, 2025—TrendAI Vision One™ now supports CrowdStrike Falcon logs in custom detection models.

This update includes the following changes:

BITS Admin File Transfer
Double Extension File
Execution of Python Script prevented by CrowdStrike
Local Account Discovery
Malicious File Found and Quarantined by CrowdStrike
NS Lookup Remote Payload
Process Prevented by CrowdStrike
Process Terminated and File Quarantined by CrowdStrike
Registry Operation Blocked
Scheduled Task Prevented by CrowdStrike

For more information about custom detection filters, see Custom filters.

New Available actions in Endpoint Inventory

Tue, 08 Jul 2025 00:00:00 GMT

July 8, 2025—Endpoint Security has new Available Actions to assist with Endpoint security policy features and platform support. You can resolve Server & Workload Protection issues with just a single click when reviewing the available actions in Endpoint Inventory.

To filter for endpoints that might require attention, check the Available actions section in Endpoint Inventory, and click the status types listed.

Endpoint Security → Endpoint Inventory

TrendAI Vision One Endpoint Security agent July 2025 update - Windows

Wed, 09 Jul 2025 00:00:00 GMT

July 9, 2025—TrendAI Vision One™ Endpoint Security agent version 202507 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.1.0.5557
Service communication manager (VOM) plug-in version 1.2.0.1141
Endpoint sensor version 1.2.0.6543
Attack Surface Discovery version 1.0.0.3895
Standard Endpoint Protection version 14.0.20114
Server & Workload Protection version 20.0.2.14490

Detailed release notes:

New features
- Add support for the updated Endpoint Security Policies (unified assignment). This is a pre-release feature with limited release.
- Agent includes new Windows Filtering Platform driver, tbimwfp, for Firewall feature in Endpoint Security Policies (unified assignment). This is a pre-release feature with limited release.
- All configurations of the agent now support the Agent Interface on Windows platforms (previously called Agent Console). This is a pre-release feature with limited release.
- Add support for terminating the agent using the Agent Interface. This is a pre-release feature with limited release.
Enhancements
- Attack surface discovery includes enhanced data collection of hardware and network information
- Attack surface discovery includes enhanced data collection of registry and local user group information
- Standard Endpoint Protection updates Curl module to version 8.14.1 and OpenSSL to version 3.0.16 to enhance product security and address the vulnerability CVE-2025-5025.
- Standard Endpoint Protection updates Data Loss Prevention module to version 6.2.6090 providing enhanced performance
- Standard Endpoint Protection system logs can now display policy names with non-English characters
- Standard Endpoint Protection updates Boost C++ libraries to version 1.88.0 to enhance security
- Server & Workload Protection adds a function to inject a packet when connection is not locked to avoid crashing
Bug fixes and resolved issues
- Standard Endpoint Protection: resolved an issue related to the trusted program list which might cause performance issues for listed programs
- Standard Endpoint Protection: resolved an issue related to the firewall exception profile rule set which might prevent the system from applying the firewall exception rules correctly
- Standard Endpoint Protection: resolved an issue related to update process which might prevent the system from updating TrendAI™ Endpoint Security agents correctly
- Standard Endpoint Protection: resolved an issue where after updating to 202501 release, the TMBMSRV.exe service might cause high memory usage
- Standard Endpoint Protection: resolved an issue related to Behavior Monitoring that might cause false positive alerts for Microsoft applications
- Standard Endpoint Protection: resolved an issue where enabling Data Loss Prevention might cause the system to not block the transmission of sensitive data through webmail
- Standard Endpoint Protection: resolved an issue where Data Loss Prevention might not block the upload of sensitive files with a non-English filename to Microsoft OneDrive
- Server & Workload Protection: fixed issue where the "Scan Now" button for on-demand Enhanced Recommendation Scans doesn't work until the first automatic scan is triggered after agent activation or after agent restart
- Server & Workload Protection: agent language now reverts to the system default language after remote upgrade
- Server & Workload Protection: fixed an issue where a file detected by Predictive Machine Learning is not scanned after changing to a higher detection level
- Server & Workload Protection: adds a hidden setting to prevent setting relative registry keys for Windows Defender

Release schedule:

Batch 1: July 2, 2025
Batch 2: July 9, 2025
Batch 3: July 16, 2025

TrendAI Vision One Endpoint Security agent July 2025 update - Linux

Wed, 09 Jul 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.824
Endpoint Sensor version 3.0.0.6679
Server & Workload Protection version 20.0.2.14430

Detailed release notes:

New features
- Add support for the updated Endpoint Security Policies (unified assignment). This is a pre-release feature with limited release.
- Add support for disabling self-protection using the authorization token (see Authorization tokens in Policy Resources)
- Supports TPL
- Endpoint Sensor supports Red Hat Enterprise Linux 10
- Server & Workload Protection supports Red Hat Enterprise Linux 10, including support for SELinux, Secure Boot and FIPS mode
Enhancements
- Enhance collection of hardware information including CPU, manufacturer brand and model, serial number, disk information, and network adapter information
- Server & Workload Protection adds a function to inject a packet when connection is not locked to avoid crashing
Bug fixes and resolved issues
- Server & Workload Protection: fixed issue where the "Scan Now" button for on-demand Enhanced Recommendation Scans doesn't work until the first automatic scan is triggered after agent activation or after agent restart

Release schedule:

Batch 1: July 2, 2025
Batch 2: July 9, 2025
Batch 3: July 16, 2025

TrendAI Vision One Endpoint Security agent July 2025 update - macOS

Wed, 09 Jul 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.522
- ws_communicator.app
- XBCAgent.app
Agent program services package (Endpoint Basecamp) 1.2.523
- PreCheck.app
- SilentInstaller.app
Endpoint sensor version 1.2.523
Standard Endpoint Protection version 3.5.8052

Detailed release notes:

New features
- Add support for the updated Endpoint Security Policies (unified assignment). This is a pre-release feature with limited release.
- Standard Endpoint Protection and Sensor-only deployments support the Agent Interface on macOS platforms (previously called Agent Console). This is a pre-release feature with limited release.
- Add support for configuring the Monitoring Level for security features
Enhancements
- Standard Endpoint Protection updates Data Loss Prevention module to version 6.2.6090 providing enhanced performance
- Standard Endpoint Protection system logs can now display policy names with non-English characters
- Standard Endpoint Protection updates the iCore module to enhance security
- Standard Endpoint Protection updates Boost C++ libraries to version 1.88.0 to enhance security
Bug fixes and resolved issues
- Standard Endpoint Protection: resolved an issue related to the firewall exception profile rule set which might prevent the system from applying the firewall exception rules correctly
- Standard Endpoint Protection: resolved an issue related to update process which might prevent the system from updating TrendAI™ Endpoint Security agents correctly
- Standard Endpoint Protection: resolved an issue where after updating to 202501 release, the TMBMSRV.exe service might cause high memory usage
- Standard Endpoint Protection: resolved an issue related to Behavior Monitoring that might cause false positive alerts for Microsoft applications
- Standard Endpoint Protection: resolved an issue where enabling Data Loss Prevention might cause the system to not block the transmission of sensitive data through webmail
- Standard Endpoint Protection: resolved an issue where Data Loss Prevention might not block the upload of sensitive files with a non-English filename to OneDrive

Release schedule:

Batch 1: July 2, 2025
Batch 2: July 9, 2025
Batch 3: July 16, 2025

Image Signature Verification for Admission Control

Thu, 10 Jul 2025 00:00:00 GMT

July 10, 2025—TrendAI Vision One™ Container Security now helps you enforce software supply chain security with the new Image Signature Verification deployment rule.

This rule, available in Kubernetes protection policies, validates that container images are signed by a trusted source using the Cosign tool before they are deployed to your cluster. You can create rules that automatically block or log any image that is not signed with one of your approved public keys, ensuring that only authentic and untampered images can run in your environment. Use conditions to apply this verification to specific image registries or repositories for granular control.

Important

To verify signatures for images stored in private registries, you must configure your Helm override file to allow the admission controller to access your registry. For more information, see the TrendAI Vision One™ Container Security Helm Chart public GitHub repository.

Locate this feature: Cloud Security → Container Security → Container Protection.

Support for Palo Alto Networks PAN-OS logs in custom detection filters (July 11, 2025)

Fri, 11 Jul 2025 00:00:00 GMT

July 11, 2025—TrendAI Vision One™ now supports Palo Alto Networks PAN-OS logs in custom detection models.

This update includes the following changes:

ActiveCampaign 1-2-All Admin Panel User Name Parameter SQL Injection
Adobe ColdFusion Improper Access Control Vulnerability
Aiohttp Directory Traversal Vulnerability
Apache Druid Remote Code Execution Vulnerability
Apache Flink Directory Traversal Vulnerability
Apache OFBiz XXE Vulnerability
Apache Solr Remote Code Execution Vulnerability
Apache Struts 2 Remote Code Execution Vulnerability
Apache Struts ClassLoader Security Bypass Vulnerability
Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability
Apache Struts2 Code Execution Vulnerability
Apache Struts2 Dynamic Method Remote Code Execution Vulnerability
Apache Struts2 Redirect or Action Method Remote Code Execution Vulnerability
Apache Tomcat Remote Code Execution via JSP Upload Vulnerability
Apache Web Server Access Control Bypass Vulnerability
Artica Proxy cyrus.php Command Injection Vulnerability
Artifex Ghostscript Arbitrary Command Execution Vulnerability
AVEVA InTouch Access Anywhere Secure Gateway Path Traversal Vulnerability
BE126 WIFI Local File Disclosure Vulnerability
Cisco Smart Install Protocol Vulnerability
CMS Made Simple SQL Injection Vulnerability
Compromised User Name or Password from Previous Data Breach in Inbound FTP Login
D-Link HNAP SOAPAction Header Command Execution Vulnerability
Elastic Elasticsearch Snapshot API Directory Traversal Vulnerability
ElasticSearch Groovy Script Engine Remote Command Execution Vulnerability
Ffay Lanproxy Directory Traversal Vulnerability
File detection - Unknown Binary File
FineCMS Remote Code Execution Vulnerability
Generic IoT Device Remote Command Execution Vulnerability
Ghost CMS Path Traversal Vulnerability
Grafana Labs Grafana Snapshot Authentication Bypass Vulnerability
GrandNode Ecommerce LetsEncryptController Directory Traversal Vulnerability
Hongdian H8922 Industrial Router Remote Command Execution Vulnerability
HP Enterprise VAN SDN Controller Remote Command Execution Vulnerability
HP OpenView Network Node Manager HTTP Request Parsing Command Execution Vulnerability
HP Universal CMDB Server Credential Code Execution Vulnerability
HTTP GET Requests Long URI Anomaly
HTTP2 Protocol Suspicious RST STREAM Frame detection
Huawei HG532 Home Gateway Remote Code Execution Vulnerability
Jackson-Databind JNDI Remote Command Execution Vulnerability
Javascript WSF HTA JSE or VBS File Sent in Email
JBoss Seam 2 Remote Command Execution Vulnerability
JetBrains TeamCity Path Traversal Vulnerability
Jolokia Agent JNDI Injection Vulnerability
Laravel Ignition Remote Code Execution Vulnerability
Magento Server MAGMI Plugin Directory Traversal Vulnerability
Microsoft IIS Escaped Characters Decoding Command Execution Vulnerability
Microsoft Jet Database Engine Remote Code Execution Vulnerability
Mofi Network MOFI4500-4GXeLTE Information Disclosure Vulnerability
Nagios SQL Injection Vulnerability
Nagios XI SQL Injection Vulnerability
NetBSD tnftp Url Fetching Command Execution Vulnerability
Netgear JNR1010 Path Traversal Vulnerability
NginxWebUI Remote Code Execution Vulnerability
Nmap Aggressive Option Print Detection
Nmap Service Detection
Node.js Remote Code Execution Vulnerability
OpenSSH Denial of Service Vulnerability
OpenSSL TLS Heartbleed Vulnerability
Oracle GlassFish Directory Traversal Vulnerability
Pentaho Authentication Bypass Vulnerability
PHP DIESCAN Information Disclosure Vulnerability
PHP-Fusion Downloads.php Command Injection Vulnerability
PHPMoAdmin Object Parameter Handling Code Execution Vulnerability
PNG File Chunk Length Abnormal
Potential HTML Evasion Technique Detected in HTTP Response
RPC Portmapper DUMP Request Detected
Shiro Deserialization Remote Code Execution Vulnerability
SIPVicious Scanner Detection
SMB Data Segmented Across TCP Evasion Attack
SolarWinds Storage Manager Authentication Filter Policy Bypass Vulnerability
Spring Boot Actuator Remote Code Execution Vulnerability
Spring Data Commons Remote Code Execution Vulnerability
SSH Failed Brute-force Authentication Attempt
SSL Double Client Hello Cipher Suite Length Mismatch
Supervisor XML RPC Command Injection Vulnerability
ThinkAdmin ModuleService.php Check Allow Download Function Directory Traversal Vulnerability
ThinkPHP Arbitrary File Write Vulnerability
TLS SNI Denial-of-Service Vulnerability
TP-Link Archer Router Command Injection Vulnerability
TRENDNet TEW-827DRU Remote Command Execution Vulnerability
Webmin rpc.cgi Remote Code Execution Vulnerability
WordPress Formidable Forms Plugin Remote Code Execution Vulnerability
WordPress LearnPress Plugin SQL Injection Vulnerability
WordPress Multiple Plugins SQL Injection Vulnerability
WordPress Plugin and Theme Directory Traversal Vulnerability
WordPress Plugin Directory Traversal Vulnerability
WordPress SimpleBoardJob Plugin Directory Traversal Vulnerability
WordPress Video List Manager Plugin SQL Injection Vulnerability
Wordpress Visitor Statistics Plugin SQL Injection Vulnerability
Zentao Remote Code Execution Vulnerability
ZGrab Application Layer Scanner Detection

For more information about custom detection filters, see Custom filters.

Helm Chart 3.1.0

Mon, 14 Jul 2025 00:00:00 GMT

July 14, 2025—The 3.1.0 Helm Chart release includes support for Image Support Verification rules in admission controller, and for managing attestors using policy as code. This release also supports custom rules with one Falco container.

Enhancements
- Containerd upgraded to 1.7.27.
- Kubectl upgraded to 1.33.2.
- Switch event delivery using http.
- Batch event handling and retry mechanism.
- Load policy, ruleset, and rules into configMap.
- Download ebpf drivers using http.
- Scout running in ECS to directly use TrendAI Vision One™ endpoint.
- Use oc command when kubectl is not available.
Bug fixes
- Fixed an issue in which runtime events for excluded namespaces were incorrectly sent to TrendAI Vision One™.
- Fixed an issue in which enabling the malware scan caused the scan-manager to crash.
- Fixed an issue in which the k8s.pod.id was empty in OpenShift environments.
- Added crio.sock and containerd.sock to prevent container information from going missing from runtime security events in OpenShift environments.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro\
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.0.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.0

Helm Chart 3.1.1

Tue, 15 Jul 2025 00:00:00 GMT

July 15, 2025—The 3.1.1 Helm Chart release includes the following:

Bug fixes
- Fixed an issue in which runtime rules did not load in some environments.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.1.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.1

Support for CrowdStrike Falcon logs in custom detection filters (July 15, 2025)

Tue, 15 Jul 2025 00:00:00 GMT

July 15, 2025—TrendAI Vision One™ now supports CrowdStrike Falcon logs in custom detection models.

This update includes the following changes:

CrowdStrike Pattern Disposition - Critical Process Disabled
CrowdStrike Pattern Disposition - File Quarantine, Critical Process Disabled
CrowdStrike Pattern Disposition - Parent Process Prevented
CrowdStrike Pattern Disposition - Parent Process Terminated, Critical Process Disabled
CrowdStrike Pattern Disposition - Response Action Failed, File Quarantined, Process Blocked
CrowdStrike Pattern Disposition - Response Action Failed, Process Blocked
CrowdStrike Pattern Disposition - Detection
CrowdStrike Pattern Disposition - Operation Blocked
CrowdStrike Pattern Disposition - Process Terminate
CrowdStrike Pattern Disposition - Process Terminate Operation Blocked
CrowdStrike Pattern Disposition - Quarantine File

For more information about custom detection filters, see Custom filters.

Service Gateway: Smart Protection Services Version 2.0.6

Wed, 16 Jul 2025 00:00:00 GMT

July 16, 2025—Service Gateway Smart Protection Services Version 2.0.6 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update includes the client IP address in Web Reputation Services access logs to provide more detailed visibility into incoming requests.

Service Gateway: Generic Caching Service 1.0.3

Wed, 16 Jul 2025 00:00:00 GMT

July 16, 2025—Service Gateway Generic Caching Service 1.0.3 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update fixes the request routing path to prevent misprocessing of the requests.
This update corrects product names in requests sent to the Service Gateway Management app.

Service Gateway Firmware Version 3.0.21

Wed, 16 Jul 2025 00:00:00 GMT

July 16, 2025—Service Gateway Firmware Version 3.0.21 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update enables customers to deploy the Service Gateway virtual appliance on Google Cloud Platform from Marketplace.
This update provides more details on the ActiveUpdate Service status and shows a warning message on the console when pattern update fails.
This update addresses various issues to improve overall system reliability and correctness.

Service Gateway: Local ActiveUpdate Service Version 3.0.10

Wed, 16 Jul 2025 00:00:00 GMT

July 16, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.10 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update provides more details on the ActiveUpdate Service status and shows a warning message on the console when pattern update fails.
This update addresses various issues to improve overall system reliability and correctness.

Helm Chart 3.1.2

Thu, 17 Jul 2025 00:00:00 GMT

July 17, 2025—The 3.1.2 Helm Chart release updates the scope of the attestor custom resource definition to "cluster".

Detailed release notes:

Enhancements:
- Includes attestor Custom Resource in the log collection script
Upgrade instructions
- If you are upgrading from 3.1.0 or 3.1.1, you must manually delete the attestor CRD before upgrading using the following command: kubectl delete crd attestors.container-security.trendmicro.com
- Sample upgrade command:
```
helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.2.tar.gz
```
References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.2

Data Posture Security now available for Azure subscriptions

Thu, 17 Jul 2025 00:00:00 GMT

July 17, 2025 — Data Security Posture is now extended to Azure subscriptions. With this feature, you can now comprehensively monitor sensitive data and prevent data leakage caused by misconfigurations and vulnerabilities in your Azure environments. This update offers you the same level of data protection and risk mitigation in Azure that was previously exclusive to AWS environments. For more information, see Enable Data Security Posture on Azure subscriptions.

Data Security ➞ Data Security Posture

Template Scanner now Supports Azure

Fri, 18 Jul 2025 00:00:00 GMT

July 18, 2025—Cloud Risk Management Template Scanner now supports Azure in addition to AWS allowing you to have a more comprehensive view over detecting risks in your IaC before its deployed. For more information, see TrendAI Vision One™ - Template Scanner Coverage.

Cyber Risk Exposure Management → Template Scanner

Automatic reversal of false positive quarantines in OneDrive

Fri, 18 Jul 2025 00:00:00 GMT

July 18, 2025—Cloud Email and Collaboration Protection leverages the latest URL pattern intelligence to automatically identify false positive URLs in files within OneDrive, as detected by Web Reputation Services. When a false positive is confirmed, the system retrieves the relevant file information from the detection logs and automatically reverses the Quarantine action, restoring the file to its original location in the corresponding collaboration service.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Template Scanner now Supports Azure

Fri, 18 Jul 2025 00:00:00 GMT

Cyber Risk Exposure Management → Template Scanner

Zero Trust Secure Access On-premises Gateway Version 1.0.68

Mon, 21 Jul 2025 00:00:00 GMT

July 21, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.68 is now available.

New features

Added support for bypassing authentication by public IP address in On-premises gateways
Added support for adding, deleting, or updating X-Forwarded-For headers in On-premises gateways

Platform data query in public preview

Mon, 21 Jul 2025 00:00:00 GMT

July 21, 2025—Platform data query is now available in public preview. Click the search bar at the top of the screen and type a keyword to search detections, assets, vulnerabilities, and more across the TrendAI Vision One™ platform.

Email address modification to change the recipient or sender addresses before delivery

Mon, 21 Jul 2025 00:00:00 GMT

July 21, 2025—Cloud Email Gateway Protection includes support for email address modification, a feature that allows administrators to rewrite sender or recipient addresses in message envelopes or headers and modify domains in email addresses. This enhancement improves mail flow control, supports advanced routing scenarios, and helps enforce organizational policies and compliance requirements.

Email and Collaboration Security → Cloud Email Gateway Protection

New tokens in notifications and stamps for header sender information

Mon, 21 Jul 2025 00:00:00 GMT

July 21, 2025—Cloud Email Gateway Protection includes a new token, %HEADER_SENDER%, which administrators can use in email notifications for policy matches and in message body stamps. This token retrieves the sender address from the message header—rather than the envelope—providing a more accurate representation of the sender in certain scenarios. It serves as an alternative to the existing %SENDER% token.

Email and Collaboration Security → Cloud Email Gateway Protection

Sanitize attachments action available for PDF files

Mon, 21 Jul 2025 00:00:00 GMT

July 21, 2025—Cloud Email Gateway Protection enhances the "Sanitize attachments" action in Content Filtering policy to remove active content from PDF files, in addition to the previously supported Microsoft Word, Excel, and PowerPoint attachments.

Email and Collaboration Security → Cloud Email Gateway Protection

Enhanced virus scan capability to detect .alz and .egg archive files

Mon, 21 Jul 2025 00:00:00 GMT

July 21, 2025—Cloud Email Gateway Protection supports detection of .alz and .egg compressed files in both inbound and outbound email traffic. Once extracted, file contents are scanned by the Advanced Threat Scan Engine (ATSE) and Virtual Analyzer (if enabled) according to the configured virus policy rules.

Additionally, for inbound emails, if File Password Analysis is enabled, encrypted .alz and .egg files will be decrypted using the retrieved password, then scanned by ATSE and Virtual Analyzer (if enabled), ensuring comprehensive protection against hidden threats.

Email and Collaboration Security → Cloud Email Gateway Protection

CIS Azure Kubernetes Service (AKS) Benchmark scanning now available

Wed, 23 Jul 2025 00:00:00 GMT

July 23, 2025—TrendAI Vision One™ now supports compliance scanning with CIS Azure Kubernetes Service (AKS) Benchmark version 1.7.0 in your Microsoft AKS clusters. Assess and guarantee adherence to industry-leading security standards effortlessly, enhancing your Kubernetes security posture.

For more information, see Compliance.

Cloud Security → Container Security → Container Protection

Server & Workload Protection and Endpoint Sensor support Red Hat Enterprise Linux 10 64-bit (x86-64)

Fri, 25 Jul 2025 00:00:00 GMT

July 25, 2025—Server & Workload Protection and Endpoint Sensor now support deployment to Red Hat Enterprise Linux 10 64-bit (x86-64) endpoints.

For more information, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Zero Trust Secure Access module for Windows version 2.25.1019

Mon, 28 Jul 2025 00:00:00 GMT

July 28, 2025—This update includes security enhancements, bug fixes, and feature releases as detailed in the following notes.

Version 2.25.1019

New features
- Added connector IP information to Private Access connection details page.
Enhancements
- Checks connectivity to the TrendAI Vision One™ Endpoint Security agent proxy when switching networks and falls back to direct connection if the proxy is unreachable.
Resolved issues
- Fixed an issue where changes to the NTLM enable/disable setting in TrendAI Vision One™ does not immediately take effect in the ZTSA module.
- ZTSA failed to log in via NTLM when multiple users were logged into Windows.
- The user displayed in the ZTSA UI differed from the user shown on the Internet Access diagnostics page.

Zero Trust Secure Access module for macOS version 2.22.111

Mon, 28 Jul 2025 00:00:00 GMT

July 28, 2025—This update includes security enhancements and feature releases as detailed in the following notes.

Version 2.22.121

New features
- Added connector IP information to Private Access connection details page.
Enhancements
- Provides a notification pop-up reminding users to sign into the ZTSA module.

Import/export of custom detection models and filters now available

Mon, 28 Jul 2025 00:00:00 GMT

July 28, 2025—Import and export of custom detection models and filters is now supported in Detection Model Management, empowering security analysts and security operations managers to streamline the creation, testing, and deployment of custom detection rules and improve operational efficiency and flexibility.

For more information, see Custom models and Custom filters.

Agentic SIEM and XDR → Detection Model Management

Service Gateway: Local ActiveUpdate Service Version 3.0.11

Fri, 01 Aug 2025 00:00:00 GMT

August 1, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.11 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update addresses an issue where the service may not function properly when a large number of ActiveUpdate sites were configured.

Estimate your credit requirements with the new credit calculator

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—The new credit calculator is now available in Platform Usage and Credits. This tool allows you to estimate your credit requirements based on projected usage of selected solutions. You can easily determine how many credits you need overall, without doing any calculations.

On the new All available solutions tab, you can view an inventory of TrendAI Vision One™ solutions that require credits, along with the description and credit requirement for each. To estimate your required credits with the credit calculator, you can select available solutions and input your projected unit usage, such as the number of cloud accounts or email users in your organization. The calculator then provides your estimated required credits, current credit balance, and recommended credit purchase. You can download a spreadsheet of the provided figures or directly contact your sales representative to purchase credits.

For more information, see Platform Usage and Credits.

TrendAI™ Flex Licensing → Platform Usage and Credits

Helm Chart 3.1.3

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—The 3.1.3 Helm Chart release includes the following:

Bug fixes
- Applied a fix to ensure proper use of the latest TLS certificate. The scan-manager now restarts after TLS changes, ensuring that it always uses the latest certificate.
- Resolved an issue where self-signed certificates were not automatically added to Scout. This fix ensures proper integration of self-signed certificates, improving security and reducing manual configuration.

Upgrade instractions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.3.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.3

Introducing TrendAI Vision One - Agentic SIEM

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—Easily ingest your third-party data and get meaningful insights with real-time threat detection and correlation at scale. Now generally available, TrendAI Vision One™ - Agentic SIEM helps you cut through the noise with seamless third-party data ingestion, actionable data visibility, and built-in support for long-term data retention, auditing, and regulatory exporting to ensure you're compliance-ready, all in one console.

At release, Agentic SIEM includes the following new features and capabilities:

Data ingestion & retention:
- Data ingestion for any third-party data source log in CEF or syslog format such as third-party network, application, or endpoint logs
- Data ingestion for Microsoft Defender for Endpoint logs
- Custom filtering to allow you to manage your third-party data ingestion and retention volume
- Flexible data retention management with support for both analytic and archival ingestion and long-term retention of up to two years for analytic data and seven years for archival data
- In-app free trial for Agentic SIEM accessible directly from the TrendAI Vision One™ console
Threat Detection & Investigation:
- XDR threat detections and correlations for third-party logs, with automated detection and correlation between third-party data and TrendAI™ native logs
- IOC sweeping of third-party logs powered by TrendAI™ Threat Intelligence
- Ready-made detection filters and templates for third-party logs for easy custom model creation and management
- Unified platform data query capabilities across all data in TrendAI Vision One™
- Purpose-built SIEM widgets and dashboards for threat hunting and monitoring
- Retroactive scanning for IoAs
- Enhanced Workbench Insights console with host investigation, tailored impact scope view, enhanced highlighted object view, and a new timeline view to optimize threat investigation
- AI-guided threat investigation presented in Workbench Insights overview
- Proactive priority recommendations and detection of possible false positive Workbench insights to help SOC teams triage more efficiently
- AI-generated PDF reports that include Workbench Insights summaries, threat activity timelines, actions taken, and recommendations to help security teams quickly understand and communicate investigation findings

To learn more, get started in Data Source and Log Management.

Agentic SIEM and XDR → Detection Model Management

Agentic SIEM and XDR → Data Source and Log Management

New names for the Search app and XDR Threat Investigation

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—To align with the expanding scope of XDR capabilities, the Search app has been renamed to XDR Data Explorer and XDR Threat Investigation app group has been renamed to Agentic SIEM and XDR.

For more information, see XDR Data Explorer.

Agentic SIEM and XDR → XDR Data Explorer

View All CVEs for Internal Assets

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—Cyber Risk Exposure Management displays high and medium impact CVEs (CVEs with an impact score of 31 to 100) in your internal assets by default. However, visibility into low-impact CVEs (CVEs with an impact score range of 0-30) may also be necessary for your organization to meet compliance requirements or follow internal policies. You can now configure your level of CVE coverage in Threat and Exposure Management. To learn more, see Vulnerability assessment visibility and configuration.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

SLA metrics in Case Management

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—Configure service level agreement (SLA) metrics to track whether case handling complies with your SLA requirements. You can apply SLA metrics based on case priority or to all cases regardless of priority level. Workbench, Risk Event, and Compliance Management case types support SLA metrics. SLA metrics appear in the Mean Time Metrics, Mean Time to Close, and My Open Case widgets.

For more information, see Configure service level agreement (SLA) targets & notifications.

Workflow and Automation → Case Management

Export and import security playbooks

Mon, 04 Aug 2025 00:00:00 GMT

August 4, 2025—The Security Playbooks app now supports exporting and importing playbooks, making it easier to share and reuse automated workflows. Whether you are replicating a proven playbook across environments or adopting a shared playbook from another team, this feature helps streamline collaboration and accelerate the deployment of effective security operations.

Workflow and Automation → Security Playbooks

TrendAI Vision One Endpoint Security agent August 2025 update - Windows

Wed, 06 Aug 2025 00:00:00 GMT

August 6, 2025—TrendAI Vision One™ Endpoint Security agent version 202508 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Service communication manager (VOM) plug-in version 1.2.0.1199
Endpoint Sensor version 1.2.0.6677
Attack Surface Discovery version 1.0.0.3925
Standard Endpoint Protection version 14.0.20168
Server & Workload Protection version 20.0.2-17700

Detailed release notes:

New features
- Standard Endpoint Protection: Adds the quarantine file path and SHA-256 information to the detection results in Data Explorer.
Enhancements
- Endpoint Sensor: Enhances data collection of hardware and network information.
- Standard Endpoint Protection: Removes the Diagnostic Tool UI from the web console.
- Standard Endpoint Protection: Updates the Windows SDK to version 10.0.19041.
- Standard Endpoint Protection: Enhances protection capabilities of Behavior Monitoring to detect and block malicious activity originating from a valid driver.
- Standard Endpoint Protection: Updates the ofcntcer.dat file.
- Standard Endpoint Protection: Enables removal of specific outdated components from the agent folder.
- Standard Endpoint Protection: Updates the debug log to enhance agent processes on x86 platforms.
- Standard Endpoint Protection: Updates the Virus Scan Engine (VSAPI) to version 25.560.1004 to enhance memory and file scans.
- Standard Endpoint Protection: Updates the Advanced Threat Scan Engine (ATSE) to version 25.560.1004 to enhance memory and file scans.
- Server & Workload Protection: Prevents the use of invalid path strings when setting up temporary folders.
Bug fixes and resolved issues
- Standard Endpoint Protection: Fixes an issue that causes excessive memory usage when Behavior Monitoring is enabled.
- Standard Endpoint Protection: Resolved—When configuring scan exceptions, the system might create duplicate entries.
- Standard Endpoint Protection: Fixes an issue related to the agent update process that might prevent agents from performing updates.
- Standard Endpoint Protection: Resolved—Sometimes the system tray icon might not display.
- Standard Endpoint Protection: Resolved—When the Ntrtscan.exe process becomes unresponsive, the agent console might display the "Protection at Risk" status.
- Standard Endpoint Protection: Resolved—Sometimes the agent driver (tmnciesc.sys) might become unresponsive.
- Standard Endpoint Protection: Fixes an issue related to Data Loss Prevention which might prevent the system from applying the approved list for the SMB channel.
- Standard Endpoint Protection: Resolved—Sometimes the TCacheGen_x64.exe tool might not stop PccNTMon.exe properly.
- Standard Endpoint Protection: Fixes an issue related to Data Loss Prevention which might prevent the agent from checking compressed files in email messages.
- Server & Workload Protection: Resolved—Agent sometimes crashes when performing heartbeat connection.

Release schedule:

Batch 1: August 6, 2025
Batch 2: August 13, 2025
Batch 3: August 20, 2025

TrendAI Vision One Endpoint Security agent August 2025 update - Linux

Wed, 06 Aug 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.956
Endpoint Sensor version 3.0.0.6986
Server & Workload Protection version 20.0.2.17500

Detailed release notes:

Enhancements
- Updates CACert.
- Shortens the time to update information on the proxy in use.
- Server & Workload Protection: Update removes all Agent-PGPCore* files and Agent-Core* files in the agent app folder after an agent update.
Bug fixes and resolved issues
- Server & Workload Protection: Prevents an Integrity Check fail when multiple plugins download the same KSP at almost the same time.
- Server & Workload Protection: Resolved—Agent sometimes crashes when performing heartbeat connection.

Release schedule:

Batch 1: August 6, 2025
Batch 2: August 13, 2025
Batch 3: August 20, 2025

TrendAI Vision One Endpoint Security agent August 2025 update - macOS

Wed, 06 Aug 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.525
- XBCAgent.app
- ws_communicator.app
- PreCheck.app
- SilentInstaller.app
Endpoint Sensor version 1.2.525
Standard Endpoint Protection version 3.5.8060

Detailed release notes:

New features
- Standard Endpoint Protection: Adds the quarantine file path and SHA-256 information to the detection results in Data Explorer.
Enhancements
- Update allows enabling of Data Detection and Response / Data Security Sensor without needing to enable Endpoint Sensor.
- Update enhances Attack Surface Discovery data collection to include additional hardware information.
- Standard Endpoint Protection: Removes the Diagnostic Tool UI from the web console.
- Standard Endpoint Protection: Enhances protection capabilities of Behavior Monitoring to detect and block malicious activity originating from a valid driver.
- Standard Endpoint Protection: Updates the ofcntcer.dat file.
- Standard Endpoint Protection: Enables removal of specific outdated components from the agent folder.
- Standard Endpoint Protection: Updates the debug log to enhance agent processes on x86 platforms.
- Standard Endpoint Protection: Updates the Virus Scan Engine (VSAPI) to version 25.560.1004 to enhance memory and file scans.
- Standard Endpoint Protection: Updates the Advanced Threat Scan Engine (ATSE) to version 25.560.1004 to enhance memory and file scans.
Bug fixes and resolved issues
- Standard Endpoint Protection: Fixes an issue that causes excessive memory usage when Behavior Monitoring is enabled.
- Standard Endpoint Protection: Resolved—When configuring scan exceptions, the system might create duplicate entries.
- Standard Endpoint Protection: Fixes an issue related to the agent update process that might prevent agents from performing updates.
- Standard Endpoint Protection: Resolved—When the Ntrtscan.exe process becomes unresponsive, the agent console might display the "Protection at Risk" status.
- Standard Endpoint Protection: Resolved—Sometimes the agent driver (tmnciesc.sys) might become unresponsive.
- Standard Endpoint Protection: Fixes an issue related to Data Loss Prevention which might prevent the system from applying the approved list for the SMB channel.
- Standard Endpoint Protection: Fixes an issue related to Data Loss Prevention which might prevent the agent from checking compressed files in email messages.

Release schedule:

Batch 1: August 6, 2025
Batch 2: August 13, 2025
Batch 3: August 20, 2025

Content delivery network tags added to internet-facing assets

Fri, 08 Aug 2025 00:00:00 GMT

August 8, 2025—Internet-facing assets displayed in Attack Surface Discovery that are hosted by a content delivery network (CDN) are now tagged with a CDN tag in asset profiles. CDN-hosted asset profiles might contain inaccurate information, like related assets, open ports, and services, due to the nature of content delivery network hosting. The CDN tag gives you better situational awareness about the asset.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Agentless Vulnerability & Threat Detection version 1.500.09100859

Sun, 10 Aug 2025 00:00:00 GMT

September 10, 2025 — The Agentless Vulnerability & Threat Detection 1.500.09100859 release excludes Agentless Vulnerability & Threat Detection resources from impacting compliance and risk scores in Cloud Security Posture.

Cloud platform: AWS
Release date: September 10, 2025
Deployment method: CloudFormation
Enhancements:
- Adds the conformity:suppress tag to exclude Agentless Vulnerability & Threat Detection resources, preventing Cloud Security Posture rule violations from impacting the compliance and risk scores of your cloud accounts.

Cloud Security → Cloud Accounts → AWS

Virtual Network Sensor version 1.0.1524

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025—Virtual Network Sensor version 1.0.1524 includes enhancements, bug fixes, and security updates.

This update includes the following change:

This update enhances the capabilities of Virtual Network Sensor to categorize traffic that was previously unidentifiable.

Zero Trust Secure Access On-premises Gateway Version 1.0.69

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.69 is now available.

New features

Added support to assign standard HTTP(S) port 80/443 for On-premises Gateway proxy services.
Added an option to record DLP and AI content matching data into detection log for visibility.

Agentless Vulnerability & Threat Detection version 1.484.07301135

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025—The 1.484.07301135 Agentless Vulnerability & Threat Detection release updates the Python runtime version and adds tags for EBS snapshots.

Detailed release notes:

Cloud Platform: AWS
Enhancements:
- Updates the runtime version to Python 3.12 for Agentless Vulnerability & Threat Detection Lambda functions to deploy in the CloudFormation stack.
- Adds tags for EBS snapshots temporarily created by the Agentless Vulnerability & Threat Detection scanning process. You can use these tags to include or exclude EBS snapshots.

Cloud Security → Cloud Accounts

Agentless Vulnerability & Threat Detection version 1.158.09041233

Mon, 11 Aug 2025 00:00:00 GMT

September 11, 2025 — The 1.158.09041233 version of Agentless Vulnerability & Threat Detection initiates scans of Azure environments more quickly, reducing the wait time before scanning begins.

Cloud platform: Azure
Release date: September 11, 2025
Deployment method: Terraform
Enhancements:
- Reduces the wait time before scanning begins from approximately 2 hours to 30 minutes.

Cloud Security → Cloud Accounts → Azure

Microsoft Defender for Endpoint Log Collection version 1.0.55

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025—The 1.0.55 Microsoft Defender for Endpoint Log Collection release includes support for Azure Functions SDK log level settings.

Cloud Platform: Azure
Enhancements
- Provides support for Azure SDK log level settings for Azure Functions.

Cloud Security → Cloud Accounts

Helm Chart 3.1.5

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025 — The Helm Chart 3.1.5 release includes the following:.

Bug fixes
- Fixes issue with Runtime Security support for Linux kernels version 6.12 and later.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.5.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.5

Outbound static IP supports bandwidth usage queries

Mon, 11 Aug 2025 00:00:00 GMT

August 8, 2025—Zero Trust Secure Access Internet Access and Zero Trust Secure Access AI Service Access now support bandwidth usage queries for outbound static IP addresses.

For more information, see Outbound static IP settings.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

AI-generated Workbench insight summaries and highlights now available

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025—Streamline your incident investigations with AI-generated Workbench insight summaries and highlights, plus proactive suggestions for next steps to quickly remediate incidents in your environment.

For more information, see Workbench insights.

Agentic SIEM and XDR → Workbench

Filter assets by tag and asset group in Threat and Exposure Management

Mon, 11 Aug 2025 00:00:00 GMT

August 11, 2025—For enhance visibility and asset management, you can now filter risk events based on asset custom tags and affected asset groups. In Threat and Exposure Management, select a risk factor. Then, use the filters to find risk events associated with a particular custom tag or asset group.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Click the asset total in Cyber Risk Subindexes to view all related assets in Attack Surface Discovery

Mon, 11 Aug 2025 00:00:00 GMT

August 8, 2025—For easier asset management, you can now view all assets in an asset group from Cyber Risk Subindexes. To view the assets, click Cyber Risk Subindexes in Cyber Risk Overview, and then click the asset total. You are taken to Attack Surface Discovery, where you can view a list of all assets within the asset group along with the asset contribution to your overall Cyber Risk Index.

Cyber Risk Exposure Management → Cyber Risk Overview

New configuration options for ECS protection

Tue, 12 Aug 2025 00:00:00 GMT

August 12, 2025—TrendAI Vision One™ now supports new configuration options for ECS protection with Amazon EC2.

CPU and memory limits: Modify values for large or small EC2 instances, and adjust the trendmicro-scout resource usage to match the needs of your container instance size.
Falco and Scout container images: Configure a base path to use a private image from a personal registry instead of public Container Security images.

Cloud Security → Container Security

Zero Trust Secure Access Private Access Connector Version 2.37.0.1790

Wed, 13 Aug 2025 00:00:00 GMT

August 13, 2025—Zero Trust Secure Access Private Access Connector Version 2.37.0.1790 delivers new features.

New features

Added a new CLI command for maintenance mode.
Supports ICMP protocol in the Private Access Internal app.
The connector automatically rolls back to the last successfully connected region if it starts up and tries to connect to an unreachable region.

Automatic reversal of false positive quarantines extended to SharePoint Online

Fri, 15 Aug 2025 00:00:00 GMT

August 15, 2025—Cloud Email and Collaboration Protection automatically reverses false positive quarantines in SharePoint Online, in addition to OneDrive. Using advanced URL pattern intelligence, it identifies false positives, retrieves file details from detection logs, and restores affected files to their original locations—no manual action needed.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Enhanced audit log details for policy configuration updates

Fri, 15 Aug 2025 00:00:00 GMT

August 15, 2025—Cloud Email and Collaboration Protection provides more granular visibility into policy configuration changes in audit logs. Administrators can view detailed records of what specific settings were changed, such as updates to the approved or blocked list in policies. This improves traceability, accountability, and ease of troubleshooting during policy reviews or investigations.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Approved sender list for Data Loss Prevention policy in Exchange Online

Fri, 15 Aug 2025 00:00:00 GMT

August 15, 2025—Cloud Email and Collaboration Protection allows configuring the approved sender list in Data Loss Prevention policy to exclude specific senders from scanning for Exchange Online in both API-based protection and inline protection modes.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Support for multiple administrator email addresses in email reporting

Fri, 15 Aug 2025 00:00:00 GMT

August 15, 2025—The Report to administrator option in email reporting settings now supports up to 10 email addresses in the current organization, an enhancement from the previous limit of one. This allows greater flexibility in notifying multiple stakeholders when emails are reported by end users, improving visibility and response coordination across teams.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Email tracking log enhancement for inline protection: sender IP column added

Fri, 15 Aug 2025 00:00:00 GMT

August 15, 2025—The email tracking log for Exchange Online (Inline Mode) now includes a sender IP column, showing the IP address first received by Microsoft Exchange Online. This provides enriched visibility into email origins for investigation and auditing.

Note that if TrendAI™ Email Security or TrendAI Vision One™ Cloud Email Gateway Protection is deployed before Microsoft Exchange Online, the sender IP shown will be the IP address received by the corresponding TrendAI™ solution.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Helm Chart 3.1.4

Mon, 18 Aug 2025 00:00:00 GMT

August 18, 2025—The Helm Chart 3.1.4 release includes the following:

Features
- Added a new environment variable LOG_LEVEL to configure logging levels for ECS Fargate in task definitions.
Enhancements
- Added image version tags to task definitions to facilitate easier version comparison.
Bug fixes
- Resolved issues with malware/secret scan timeouts and job creation failures.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.4.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.4

TrendAI Vision One now supports Oracle Cloud compartments

Mon, 18 Aug 2025 00:00:00 GMT

August 18, 2025—TrendAI Vision One™ now supports Oracle Cloud compartments for the following features:

Cloud Accounts: You can now connect your Oracle Compartments in Cloud Accounts to monitor your Oracle cloud assets for risk. For more information, see Connect an OCI compartment using Oracle Resource Manager (ORM).
Cyber Risk Exposure Management:
- Connected Oracle Cloud compartments are now viewable in the Cloud Assets tab in Attack Surface Discovery, including Asset Profile and Cloud Risk Graph views. For more information, see Cloud assets.
- You can evaluate potential attack paths in your connected Oracle Compartments in Attack Path Prediction. For more information, see Attack Path Prediction.
Cloud Risk Management:
- Monitor and manage risks for your Oracle Cloud compartment in Cloud Security Posture. View your connected Oracle Cloud compartments on the Cloud Overview tab, and group your Oracle Cloud compartments into projects. For more information, see Cloud Security Posture.
- The Misconfiguration and Compliance (CSPM) app has been updated with forty rules to scan Oracle Cloud compartments. These rules are mapped to the CIS Oracle Foundations benchmark, which is now supported in Cloud Risk Management. For more information, see Misconfiguration and Compliance and Cloud Risk Management.
New configuration options for ECS protection

Cloud Security → Cloud Accounts → Oracle

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Cloud Security → Cloud Risk Management

Privilege-based insight visibility

Mon, 18 Aug 2025 00:00:00 GMT

August 18, 2025—TrendAI Vision One™ now better aligns Workbench insight visibility with user permissions, ensuring security analysts can view the full impact of security incidents while limiting their view of assets that do not fall within their designated management scope. This enhancement refines the investigation experience by ensuring that the presented information is actionable and relevant to the user's role.

This alignment is particularly beneficial for multinational organizations. If a security incident spans multiple geographic regions, analysts from each involved SOC can now view the same unified insight to understand the full picture of an attack. This shared context streamlines collaborative investigations, while scope-aware controls ensure teams can only act on the assets for which they are responsible.

For more information, see Workbench insights.

Agentic SIEM & XDR → Workbench

Asset Group Management now supports larger and more complex organizational structures

Tue, 19 Aug 2025 00:00:00 GMT

August 19, 2025—To support more complex asset organization and improve scalability, Asset Group Management now allows users to create up to 500 asset groups, increased from the previous limit of 30.

Additionally, the maximum number of layers for nested asset groups has been expanded from two levels to ten, enabling more granular organization and control. These enhancements are designed to meet the asset management needs of large-scale deployments and complex operational models.

For more information, see Asset Group Management.

Service Management → Asset Group Management

Centralized policy resource management in Email and Collaboration Security

Tue, 19 Aug 2025 00:00:00 GMT

August 19, 2025—Email and Collaboration Security now offers a centralized location for managing policy-related resources and performing email security operations across supported solutions.

The first available feature is the approved and blocked lists, enabling administrators to define trusted or suspicious senders and content once and apply them consistently across supported solutions, including Cloud Email and Collaboration Protection and Cloud Email Gateway Protection. This reduces duplicated setup effort and ensures uniform enforcement. For solution-specific control, configurations can still be made individually.

In this release, only sender addresses are supported for the approved list, with more object types and common lists coming soon under Policy Resources.

Email and Collaboration Security → Configuration and Operations

DMARC report analysis result export enhancements

Tue, 19 Aug 2025 00:00:00 GMT

August 19, 2025—Cloud Email Gateway Protection now allows administrators to export DMARC report compliance check details into CSV files directly from the console, either by selecting specific records or exporting all filtered results.

Exporting selected records happens instantly, while exporting all results triggers an export task. This streamlined export process improves efficiency, supports faster data analysis, and enables easier day-to-day follow-up and reporting.

Email and Collaboration Security → Cloud Email Gateway Protection

Proxy settings now support self-signed certificates

Thu, 21 Aug 2025 00:00:00 GMT

August 21, 2025—TrendAI Vision One™ now supports proxy for self-signed certificates for Kubernetes clusters in Container Security. This enables you to use secure web proxy solutions as a proxy to access the internet and inspect HTTPS traffic.

For more information, see Proxy Settings Script Generator (for Kubernetes clusters).

Cloud Security → Container Security → Container Inventory

Zero Trust Secure Access module for Windows version 2.26.1301

Mon, 25 Aug 2025 00:00:00 GMT

August 25, 2025—This update includes resolved issues, as detailed in the following notes.

Resolved issues
- Fixed an issue where Private Access sometimes failed to connect to expired cookies.

Zero Trust Secure Access module for macOS version 2.23.127

Mon, 25 Aug 2025 00:00:00 GMT

August 25, 2025—This update includes enhancements and resolved issues, as detailed in the following notes.

Enhancements
- Log timestamps and format have been unified.
- Internet Access authentication header is now recorded in user defaults when in tunnel mode.
Resolved issues
- The "Changing Configuration by Administrator" pop-up displays after an update.

Virtual Network Sensor version 1.0.1532

Mon, 25 Aug 2025 00:00:00 GMT

August 25, 2025—Virtual Network Sensor version 1.0.1532 includes enhancements, bug fixes, and security updates.

This update includes the following change:

Virtual Network Sensor supports configuring session tracking and hostname lookup settings.
Virtual Network Sensor avoids scanning the network traffic of other Virtual Network Sensors or Deep Discovery Inspector appliances within the same TrendAI Vision One™ account.

Cloud Detections for AWS CloudTrail version 1.43.0

Mon, 25 Aug 2025 00:00:00 GMT

August 25, 2025—The 1.43.0 Cloud Detections for AWS CloudTrail release enhances AWS Lambda efficiency.

Detailed release notes:

Cloud Platform: AWS
Enhancements:
- Enhances AWS Lambda efficiency by optimizing and reducing the number of AWS Service Systems Manager (SSM) connections.

Cloud Security → Cloud Accounts

Nozomi Central Management Console (CMC) integration available

Mon, 25 Aug 2025 00:00:00 GMT

August 25, 2025—TrendAI Vision One™ now integrates with the Nozomi Networks Central Management Console (CMC) on-premises platform to streamline and centralize your security operations. To enable the Nozomi CMC integration, configure your API authentication settings in Nozomi CMC and install the Third-party security data forwarding service on your deployed Service Gateway. Data forwarded to TrendAI Vision One™ includes consolidated asset inventory and security alerts from distributed industrial control systems across multiple sites. The integration enables secure data feeds and strengthens your unified IT/OT security posture with enhanced multi-site threat correlation and centralized visibility.

Workflow and Automation → Third-Party Integrations

Container Protection for Amazon ECS version 1.1.2

Tue, 26 Aug 2025 00:00:00 GMT

August 26, 2025 — Container Protection for Amazon ECS version 1.1.2 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Bug fixes
- Fixes an issue where runtime security components for ECS failed to communicate with TrendAI Vision One™.
- Fixes runtime security support for kernel versions 6.12 or later.
- Fixes a typo in IAM perms.

Helm Chart 3.1.6

Wed, 27 Aug 2025 00:00:00 GMT

August 27, 2025 — The Helm Chart 3.1.6 release includes the following:

Enhancements
- This release enhances the Workload Operator component to be idempotent.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.6.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.6

AI-recommended related XDR Data Explorer events now supported in Workbench insight alerts

Wed, 27 Aug 2025 00:00:00 GMT

August 27, 2025—AI-recommended related events from XDR Data Explorer in Workbench insight alerts are now supported. To view related XDR Data Explorer events, go to the Alerts tab in a Workbench insight and click the magnifying glass icon. On the Related events panel on the Activities tab, you can view a variety of activities from related XDR Data Explorer events.

For more information, see Alerts correlated in Workbench insights.

Agentic SIEM & XDR → Workbench

Service Gateway: Forward Proxy Service Version 2.0.6

Thu, 28 Aug 2025 00:00:00 GMT

August 28, 2025—Service Gateway Forward Proxy Service Version 2.0.6 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update provides granular substatus information to help users better understand the current service status.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Smart Protection Services Version 2.0.7

Thu, 28 Aug 2025 00:00:00 GMT

August 28, 2025—Service Gateway Smart Protection Services Version 2.0.7 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update provides granular substatus information to help users better understand the current service status.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway: Generic Caching Service 1.0.4

Thu, 28 Aug 2025 00:00:00 GMT

August 28, 2025—Service Gateway Generic Caching Service 1.0.4 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update provides granular substatus information to help users better understand the current service status.

Some features may not be available in all regions or on all Service Gateway appliances.

Service Gateway Firmware Version 3.0.22

Thu, 28 Aug 2025 00:00:00 GMT

August 28, 2025—Service Gateway Firmware Version 3.0.22 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update adds support for standard ports 443 and 80 for reverse proxy deployment on ZTSA On-premises Gateway and ZTSA On-premises Gateway with AI.
This update resolves the Forward Proxy Service overlapping domain check issue.
This update includes multiple vulnerability fixes.

Service Gateway: Local ActiveUpdate Service Version 3.0.12

Thu, 28 Aug 2025 00:00:00 GMT

August 28, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.12 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update introduces a new feature that includes the critical pattern version in service substatus for monitoring.
This update resolves the issue with the cleanup logic that occurred when the server.ini file could not be downloaded.
This update adds logging to record agent requests to the ActiveUpdate sites.

View your intended credit usage in License Information

Thu, 28 Aug 2025 00:00:00 GMT

August 28, 2025—In License Information, you can now view the solutions that your organization intended to use credits for when purchasing a TrendAI™ Flex (credits) license. This enhancement enables you to see which specific solutions you intended to budget for, including the estimated units and number of credits you planned to use for each. You can view these details both on your license certificate and in License Information.

For more information, see License Information.

TrendAI™ Flex Licensing → License Information

Virtual Network Sensor version 1.0.1535

Mon, 01 Sep 2025 00:00:00 GMT

September 01, 2025—Virtual Network Sensor version 1.0.1535 includes enhancements, bug fixes, and security updates.

Template Scanner now Supports Google Cloud

Fri, 05 Sep 2025 00:00:00 GMT

September 5, 2025—Cloud Risk Management Template Scanner now supports Google Cloud (GCP) in addition to AWS and Azure, allowing you to have a more comprehensive view over detecting risks in your IaC before its deployed. For coverage details, see Template Scanner Coverage.

Cyber Risk Exposure Management → Template Scanner

Zero Trust Secure Access On-premises Gateway Version 1.0.70

Mon, 08 Sep 2025 00:00:00 GMT

September 8, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.70 is now available.

Enhancements

Supports URL matching with special characters (UTF-16 / UTF-32 encoded, comma) in the Allow/Deny/URL Category lists.

Resolved issues

Fixed the issue where the AI service was unable to detect and block files being uploaded to Microsoft Copilot.

Zero Trust Secure Access Private Access Connector Version 2.37.0.2062

Mon, 08 Sep 2025 00:00:00 GMT

September 8, 2025—Zero Trust Secure Access Private Access Connector Version 2.37.0.2062 delivers key enhancements.

Enhancements

Adds resiliency to the IoT connection on the connector. Automates the recovery process by detecting IoT service issues and automatically reconnecting to restore normal operation.
ZTNA browser access enables time synchronization for RDP applications.

Agentless Vulnerability & Threat Detection version 1.494.09031302

Mon, 08 Sep 2025 00:00:00 GMT

September 8, 2025—The 1.494.09031302 version of Agentless Vulnerability & Threat Detection adds the ability for AWS customers to scan encrypted disks that use customer-managed keys.

Detailed release notes:

Cloud platform: AWS
Deployment method:: CloudFormation
Enhancements:
- Adds AWS KMS decryption IAM policies to the Agentless Vulnerability & Threat Detection stack template, enabling the scanner to scan disks encrypted with customer managed keys.

Cloud Security → Cloud Accounts → AWS

Zero Trust Secure Access Internet Access or AI Service Access supports multiple static IPs

Mon, 08 Sep 2025 00:00:00 GMT

September 8, 2025—Zero Trust Secure Access Internet Access or AI Service Access now supports multiple outbound static IPs in different regions.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Customize the retention period for risk event data in Cyber Risk Exposure Management

Mon, 08 Sep 2025 00:00:00 GMT

September 8, 2025—Retain risk event data for longer than 30 days by configuring the risk event data retention settings in the Data sources and retention section of Data Source and Log Management. You can set a custom retention period of up to two years. Risk event data older than 30 days does not display in Threat and Exposure Management, but the data is viewable using platform search.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

TrendAI Vision One Endpoint Security agent September 2025 update - Windows

Wed, 10 Sep 2025 00:00:00 GMT

September 10, 2025—TrendAI Vision One™ Endpoint Security agent version 202509 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Service communication manager (VOM) plug-in version 1.2.0.1223
Endpoint Sensor version 1.2.0.6793
Vulnerability Assessment version 1.0.0.3972
Standard Endpoint Protection version 14.0.20225
Server & Workload Protection version 20.0.2-20480

Detailed release notes:

Enhancements
- Standard Endpoint Protection: Updates Product Licensing Management to version 2.5.6220.
- Standard Endpoint Protection: Updates PHP module to version 8.2.29 and rebuilds extension using new version to enhance product security.
- Standard Endpoint Protection: Updates 7-Zip module to version 25.1 to enhance product security.
Bug fixes and resolved issues
- Standard Endpoint Protection: Fixes an issue causing Behavior Monitoring to display incorrect log numbers when log number is zero.
- Standard Endpoint Protection: Resolved—When the option "Agents use the proxy server settings configured in Windows Internet Options when connecting to TrendAI™ servers" is enabled, agents do not maintain the setting after installing an agent update.
- Standard Endpoint Protection: Resolved—Behavior Monitoring displays and alert when launching a Microsoft application.
- Standard Endpoint Protection: Fixes an issue related to unable to stop agent repeating the update process.
- Server & Workload Protection: Fixes a potential memory leak.
- Server & Workload Protection: Fixes an issue causing restoration function to fail when there is no real-time scan configuration.

Release schedule:

Batch 1: September 10, 2025
Batch 2: September 17, 2025
Batch 3: September 24, 2025

TrendAI Vision One Endpoint Security agent September 2025 update - Linux

Wed, 10 Sep 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.994
Endpoint Sensor version 3.0.0.7226
Server & Workload Protection version 20.0.2-20480

Detailed release notes:

New features
- Agent supports Oracle Linux 10, including Server & Workload Protection
- Agent supports Red Hat Linux 10
Enhancements
- Updates CACert
Bug fixes and resolved issues
- Server & Workload Protection: Fixes a potential memory leak
- Server & Workload Protection: Fixes an issue related to get podman information

Release schedule:

Batch 1: September 10, 2025
Batch 2: September 17, 2025
Batch 3: September 24, 2025

TrendAI Vision One Endpoint Security agent September 2025 update - macOS

Wed, 10 Sep 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.527
- XBCAgent.app
- ws_communicator.app
- PreCheck.app
- SilentInstaller.app
Endpoint Sensor version 1.2.527
Standard Endpoint Protection version 3.5.8052

Detailed release notes:

New features
- Standard Endpoint Protection: Adds the quarantine file path and SHA-256 information to the detection results in Data Explorer.
Enhancements
- Updates TrendAI Vision One™ third-party libraries to the latest version
- Standard Endpoint Protection: Updates Product Licensing Management to version 2.5.6220.
- Standard Endpoint Protection: Updates PHP module to version 8.2.29 and rebuilds extension using new version to enhance product security.
- Standard Endpoint Protection: Updates 7-Zip module to version 25.1 to enhance product security.
Bug fixes and resolved issues
- Standard Endpoint Protection: Fixes an issue causing Behavior Monitoring to display incorrect log numbers when log number is zero.
- Standard Endpoint Protection: Resolved—Behavior Monitoring displays and alert when launching a Microsoft application.
- Standard Endpoint Protection: Fixes an issue related to unable to stop agent repeating the update process.

Release schedule:

Batch 1: September 10, 2025
Batch 2: September 17, 2025
Batch 3: September 24, 2025

New “Group by” option available for custom models

Wed, 10 Sep 2025 00:00:00 GMT

September 10, 2025—You can now group by container when creating a custom model. Events are triggered when the threshold is met for one container.

For more information, see Configure a custom model.

Agentic SIEM and XDR → Detection Model Management

Approved sender list for Data Loss Prevention policy extended to Gmail

Fri, 12 Sep 2025 00:00:00 GMT

September 12, 2025—Cloud Email and Collaboration Protection allows configuring the approved sender list in Data Loss Prevention policy to exclude specific senders from scanning for Gmail in both API-based protection and inline protection modes.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Automatic bypass for Microsoft Teams meeting URLs in Time-of-Click Protection

Fri, 12 Sep 2025 00:00:00 GMT

September 12, 2025—Starting September 30, 2025, Microsoft Teams will begin validating meeting join URLs. Rewritten or modified URLs may be treated as malicious, which could interfere with email delivery and link protection features. To prevent false positives and ensure uninterrupted access to legitimate Teams meetings, Cloud Email and Collaboration Protection automatically bypasses URLs from teams.microsoft.com in Time-of-Click Protection.

This update helps maintain seamless meeting access while preserving accurate threat detection—no configuration required.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Approved SharePoint Online sites in Global Settings

Fri, 12 Sep 2025 00:00:00 GMT

September 12, 2025—Cloud Email and Collaboration Protection supports defining an approved site list for SharePoint Online in Global Settings. Files uploaded, created, synchronized, or modified on these approved sites will be excluded from scanning, allowing administrators to bypass ATP or DLP policy enforcement for trusted SharePoint Online locations.

This feature helps streamline policy configuration—especially for customers managing large numbers of SharePoint Online sites—by enabling centralized exception management similar to approved Exchange Online users.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Helm Chart 3.1.7

Tue, 16 Sep 2025 00:00:00 GMT

September 16, 2025—The Helm Chart 3.1.7 release includes the following:

Enhancements
- Improved support for OKE clusters.
- Enhanced node selector and toleration flexibility for scan jobs.
Bug fixes
- Added workaround for existing soft lockup issue in the Azure Linux 2 kernel.
- Improved handling of scan manager when malware or secret cron schedules were empty.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.7.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.7

Customizable notifications for default global outbound virus and spam policy rules

Tue, 16 Sep 2025 00:00:00 GMT

September 16, 2025—Administrators with "Manage security policies and policy objects" permission and full domain visibility scope can now customize notification settings for default global outbound policy rules in Virus Scan and Spam Filtering. Options include enabling notifications, selecting notification templates, and configuring BCC recipients. This enhancement improves operational flexibility for security teams. For example, it allows them to alert internal stakeholders more effectively without compromising global protection rules.

Email and Collaboration Security → Cloud Email Gateway Protection

Improved quarantine query

Tue, 16 Sep 2025 00:00:00 GMT

September 16, 2025—Cloud Email Gateway Protection offers enhanced quarantine query capabilities, including full wildcard support across both the user and domain parts of email addresses, as well as the ability to filter by header sender and recipient fields. These updates make it easier to locate quarantined emails with greater flexibility and precision.

Email and Collaboration Security → Cloud Email Gateway Protection

Header sender field added to log export

Tue, 16 Sep 2025 00:00:00 GMT

September 16, 2025—To improve traceability and analysis, Cloud Email Gateway Protection now includes the "Email Header (From)" field in both log views within the console and exported CSV files for mail tracking accepted logs and policy event logs. Whether exporting selected entries or the full log, users can now view header sender data directly.

Email and Collaboration Security → Cloud Email Gateway Protection

Automatic bypass for Microsoft Teams meeting URLs in Time-of-Click Protection

Tue, 16 Sep 2025 00:00:00 GMT

September 16, 2025—Starting September 30, 2025, Microsoft Teams will begin validating meeting join URLs. Rewritten or modified URLs may be treated as malicious, which could interfere with email delivery and link protection features. To prevent false positives and ensure uninterrupted access to legitimate Teams meetings, Cloud Email Gateway Protection automatically bypasses URLs from teams.microsoft.com in Time-of-Click Protection.

This update helps maintain seamless meeting access while preserving accurate threat detection—no configuration required.

Email and Collaboration Security → Cloud Email Gateway Protection

Service Gateway Firmware Version 3.0.23

Wed, 17 Sep 2025 00:00:00 GMT

17 September, 2025—Service Gateway Firmware Version 3.0.23 delivers key enhancements and security updates.

Service Gateway Firmware 3.0.23 contains the following changes:

Support for Kernel-based virtual machines (KVM)
Vulnerability fixes

Service Gateway: Local ActiveUpdate Service Version 3.0.13

Wed, 17 Sep 2025 00:00:00 GMT

September 17, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.13 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update fixes an issue where update downloads failed due to improperly placed exception handlers (RelayDownloadFailedError).

Introducing the TrendAI Artifact Scanner (TMAS) GitHub action

Wed, 17 Sep 2025 00:00:00 GMT

September 17, 2025—Use the new TMAS GitHub action to install TMAS for Code Security and Container Security deployments in TrendAI Vision One™. This GitHub action uses automated CI/CD integration to run scans in every pull request or push to enforce policies directly in the pipeline.

Learn more about the TMAS GitHub action in the GitHub README or in Integrate TrendAI™ Artifact Scanner (TMAS) into a CI/CD pipeline.

Cloud Security → Code Security

Cloud Security → Container Security → Logs

Improved visualization of lateral movement in Execution Profiles

Fri, 19 Sep 2025 00:00:00 GMT

September 19, 2025—Quickly and accurately visualize lateral movement within the network to identify potential threats with a more focused scope. View connections in the observed graph and stay updated on nodes that can run Execution Profiles in order to efficiently respond to alerts and insights.

For more information, see Execution profile.

Agentic SIEM and XDR → Workbench

New Endpoint Security experience and Policy Resources coming soon

Sat, 20 Sep 2025 00:00:00 GMT

September 20, 2025—The new Endpoint Security Policy management and Policy Resources are releasing soon.

On October 31, 2025, Endpoint Security Policies will officially upgrade to the "unified assignment" experience. The new version of Endpoint Security Policies along with Policy Resources provide several key benefits:

Assignments allow users to apply policies to endpoint groups across your security environment to simplify enforcement and management of security and compliance requirements.
Policies simplify managing endpoint security settings by centralizing control for agent features, ensuring consistent configurations, security measures, and application settings across your security environment.
Policy Resources make policy management more efficient by creating reusable resources, reducing redundancy, and maintaining consistency.

For more information about the new Endpoint Security Policies, see Endpoint Security Policies.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

For more information about Policy Resources, see Policy Resources.

Endpoint Security → Endpoint Security Configuration → Policy Resources

Zero Trust Secure Access On-premises Gateway version 1.0.71

Mon, 22 Sep 2025 00:00:00 GMT

September 22, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.71 is now available.

Enhancement

- Added support for AI proxy to protect private AI services with multiple LLM integration.

Zero Trust Secure Access adds PoP site in Azure Sweden

Mon, 22 Sep 2025 00:00:00 GMT

September 22, 2025—Zero Trust Secure Access Internet Access now supports the Azure Sweden region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Private GenAI protection now supports multiple LLMs

Mon, 22 Sep 2025 00:00:00 GMT

September 22, 2025—Zero Trust Secure Access AI Service Access in on-premises gateways now supports enhanced private GenAI protection with the new AI proxy mode, enabling multiple LLM integrations.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Filter relevant XDR insights and events in Workbench and Observed Attack Techniques

Mon, 22 Sep 2025 00:00:00 GMT

September 22, 2025—You can now filter Workbench insights and Observed Attack Techniques events by asset group, custom asset tag, criticality, and endpoint group. Click Add filter and select a filter from the drop-down menu.

For more information, see Workbench insights and Observed Attack Techniques.

Agentic SIEM and XDR → Workbench

Agentic SIEM and XDR → Observed Attack Techniques

Explore third-party integrations with the new marketplace-style UI

Mon, 22 Sep 2025 00:00:00 GMT

September 22, 2025—The Third-Party Integrations app now features a sleek, marketplace-style design that makes browsing, filtering, and evaluating integrations faster and easier. Whether you are a customer, partner, or service provider, you will enjoy a more intuitive experience and clearer integration details.

For more information, see Third-Party Integrations.

Workflow and Automation → Third-Party Integrations

Mobile Security for Business app version 2.0.1152

Tue, 23 Sep 2025 00:00:00 GMT

September 23, 2025—Mobile Security for Business app version 2.0.1152 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Requires users to log in after they disconnect from and then reconnect to Private Access on the agent if the feature is enabled on the console.
Fixes an issue where users cannot access websites from certain domains.

Mobile Security for Business app version 2.0.1149

Tue, 23 Sep 2025 00:00:00 GMT

September 23, 2025—Mobile Security for Business app version 2.0.1149 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Supports using the last valid credentials for authentication upon failure to connect to Private Access.
Fixes an issue where internal domains cannot be accessed through Private Access.
Fixes an issue where the app automatically starts scanning each time users return to the app.

Hotfix for Windows agents - Sep 24, 2025

Wed, 24 Sep 2025 00:00:00 GMT

September 24, 2025—TrendAI Vision One™ Endpoint Security agent version 202509 hotfix addresses the following component and module updates.

This update includes the following changes:

Endpoint Sensor version 1.2.0.6845

Bug fixes and resolved issues

Resolves an upgrade failure (error code: 201) that occurred when a service could not be stopped during the update process.
Fixed an issue where the tm_netsrv service failed to restart properly.

Helm Chart 3.1.8

Mon, 29 Sep 2025 00:00:00 GMT

September 29, 2025 — The Helm Chart 3.1.8 release includes the following:

Enhancements
- Added node-level compliance checks for master nodes to ensure alignment with Kubernetes and OpenShift standards.
- Enhanced deployment log visibility by including signature verification rule evaluation events, along with detailed evaluation reasons, for both frontend and public API deployments.
Bug fixes
- Resolved an issue with scan manager schedule logging.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.1.8.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.1.8

File Security Storage now supports full and scheduled scans

Mon, 29 Sep 2025 00:00:00 GMT

September 29, 2025—File Security Storage version 2.3.18 introduces two key enhancements:

Full-bucket scans - scan all files within an S3 bucket
Scheduled scans - automatically scan buckets on a defined schedule

Cloud Security → File Security

Zero Trust Secure Access module for Windows version 2.27.1051

Tue, 30 Sep 2025 00:00:00 GMT

September 30, 2025—This update includes a new feature release as detailed in the following notes.

Version 2.27.1051

New Feature
- Private Access can now connect using the connector that was last known to have a good status, even if the backend is temporarily unavailable.

Zero Trust Secure Access module for macOS version 2.24.177

Tue, 30 Sep 2025 00:00:00 GMT

September 30, 2025—This update includes a new feature release as detailed in the following notes.

Version 2.24.177

New Feature
- When the backend is temporarily unavailable, Private Access can now connect using the last known good configuration. This only applies if the previously known good information is still valid.

Virtual Network Sensor version 1.0.1547

Tue, 30 Sep 2025 00:00:00 GMT

September 30, 2025—Virtual Network Sensor version 1.0.1547 includes enhancements, bug fixes, and security updates.

This update includes the following change:

Support deployment on Oracle Cloud Infrastructure.

Mobile Security for Business app version 2.0.1515

Tue, 30 Sep 2025 00:00:00 GMT

September 30, 2025—Mobile Security for Business app version 2.0.1515 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Makes updates to comply with Android system requirements.
Fixes an issue where risky apps are incorrectly identified as other types and not shown in Risky Mobile Apps on the console.
Supports using the last valid credentials for authentication upon failure to connect to Private Access.

Virtual Network Sensor now available for Oracle Cloud Infrastructure

Tue, 30 Sep 2025 00:00:00 GMT

September 30, 2025—You can now deploy the Virtual Network Sensor on Oracle Cloud Infrastructure, in addition to the other supported cloud platforms: AWS, Azure, and Google Cloud. This enables you to monitor network traffic within your Oracle Cloud environment.

To deploy, download the Virtual Network Sensor image from the TrendAI Vision One™ console.

For details, see Deploy a Virtual Network Sensor with Oracle Cloud Infrastructure.

Network Security → Network Inventory

Server & Workload Protection and Endpoint Sensor support Oracle Linux 10 64-bit (x86-64)

Tue, 30 Sep 2025 00:00:00 GMT

September 30, 2025—Server & Workload Protection and Endpoint Sensor now support deployment to Oracle Linux 10 64-bit (x86-64) endpoints.

For more information, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

TrendAI Vision One Endpoint Security agent October 2025 update - Windows

Wed, 01 Oct 2025 00:00:00 GMT

October 1, 2025—TrendAI Vision One™ Endpoint Security agent version 202510 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Service communication manager (VOM) plug-in version 1.2.0.1241
Endpoint Sensor version 1.2.0.6879
Vulnerability Assessment version 1.0.0.4014
Attack Surface Discovery version 1.0.0.4014
Standard Endpoint Protection version 14.0.20315
Server & Workload Protection version 20.0.2-22850

Detailed release notes:

New features
- Server & Workload Protection: Advanced TLS traffic inspection now supports TLS1.3 on Windows 11, Windows Server 2022, and Windows Server 2025.
Enhancements
- Vulnerability Assessment: Enhances data collection
- Standard Endpoint Protection: Updates the Virus Scan Engine (VSAPI) to version 25.560.1005 to improve capabilities.
- Standard Endpoint Protection: Updates the Damage Cleanup Engine (DCE) to version 7.5.1217 to enhance process chain cleanup capability and provide more details for cleanup information.
- Standard Endpoint Protection: Updates the TmEyes module to version 8.55.1403 for enhanced ransomware detection capability.
- Standard Endpoint Protection: Updates the AMSP module to version 6.6.1216 for enhanced ransomware detection capability.
- Standard Endpoint Protection: Updates the Net Filter module to version 1.0.456 to enhance web browser detection capability.
- Standard Endpoint Protection: Updates Data Loss Prevention (DLP) to version 6.2.6098 to enhance print check logic and support Windows 11 25H2.
- Standard Endpoint Protection: Enhances log upload mechanism to reduce network payload for Data Loss Prevention, Device Access Control, Behavior Monitoring, and Predictive Machine Learning logs.
- Standard Endpoint Protection: Enhances the quarantined file verification to prevent incorrect operations.
- Standard Endpoint Protection: Updates the agent program to protect against a potential resource loading security issue.
Bug fixes and resolved issues
- Resolves an application crash issue.
- Standard Endpoint Protection: Resolved—The notification of a firewall policy violation does not behave according to the policy rule settings.
- Standard Endpoint Protection: Resolved—Agent is unable to start Data Loss Prevention (DLP) service due to version comparison issue.
- Standard Endpoint Protection: Resolved—Malicious IP not being blocked by user-defined suspicious object list (UDSO).
- Standard Endpoint Protection: Resolved—Manual scan ends with displayed message "Stopped by Apex One" without any user interaction.

Release schedule:

Batch 1: October 01, 2025
Batch 2: October 08, 2025
Batch 3: October 15, 2025

TrendAI Vision One Endpoint Security agent October 2025 update - Linux

Wed, 01 Oct 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.1046
Endpoint Sensor version 3.0.0.7488
Server & Workload Protection version 20.0.2-22850

Detailed release notes:

Enhancements
- Updates CACert
Bug fixes and resolved issues
- Server & Workload Protection: Fixes potential crashes caused by race conditions when manipulating Linux network devices during network packet processing
- Server & Workload Protection: Fixes potential crashes caused by race conditions when multiple threads update the driver configuration
- Server & Workload Protection: Resolved—metrics of bmsensor is missing when agent reports to TrendAI Vision One™
- Server & Workload Protection: Fixes the memfd detection failed issue

Release schedule:

Batch 1: October 01, 2025
Batch 2: October 08, 2025
Batch 3: October 15, 2025

TrendAI Vision One Endpoint Security agent October 2025 update - macOS

Wed, 01 Oct 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.533
- XBCAgent.app
- ws_communicator.app
- PreCheck.app
- SilentInstaller.app
CETAgent.app version 3.5.10135
Endpoint Sensor version 1.2.533
Standard Endpoint Protection version 3.5.8052

Detailed release notes:

New features
- Agent supports quarantine actions
- Agent supports macOS 26 Tahoe
Enhancements
- Standard Endpoint Protection: Updates the Virus Scan Engine (VSAPI) to version 25.560.1005 to improve capabilities.
- Standard Endpoint Protection: Updates the Damage Cleanup Engine (DCE) to version 7.5.1217 to enhance process chain cleanup capability and provide more details for cleanup information.
- Standard Endpoint Protection: Updates the TmEyes module to version 8.55.1403 for enhanced ransomware detection capability.
- Standard Endpoint Protection: Updates the AMSP module to version 6.6.1216 for enhanced ransomware detection capability.
- Standard Endpoint Protection: Updates the Net Filter module to version 1.0.456 to enhance web browser detection capability.
- Standard Endpoint Protection: Enhances log upload mechanism to reduce network payload for Data Loss Prevention, Device Access Control, Behavior Monitoring, and Predictive Machine Learning logs.
- Standard Endpoint Protection: Enhances the quarantined file verification to prevent incorrect operations.
- Standard Endpoint Protection: Updates the agent program to protect against a potential resource loading security issue.
Bug fixes and resolved issues
- Standard Endpoint Protection: Resolved—The notification of a firewall policy violation does not behave according to the policy rule settings.
- Standard Endpoint Protection: Resolved—Agent is unable to start Data Loss Prevention (DLP) service due to version comparison issue.
- Standard Endpoint Protection: Resolved—Malicious IP not being blocked by user-defined suspicious object list (UDSO).
- Standard Endpoint Protection: Resolved—Manual scan ends with displayed message "Stopped by Apex One" without any user interaction.

Release schedule:

Batch 1: October 01, 2025
Batch 2: October 08, 2025
Batch 3: October 15, 2025

Mobile Security for Business app version 2.0.1520

Wed, 01 Oct 2025 00:00:00 GMT

October 1, 2025—Mobile Security for Business app version 2.0.1520 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes an issue where the Mobile Security for Business app cannot be installed in the personal profile on corporate-owned devices with work profiles when Microsoft Intune serves as the MDM.

Data retention periods now customizable with credit allocation for Network Sensor and Deep Discovery Inspector

Wed, 01 Oct 2025 00:00:00 GMT

October 1, 2025—You can now customize data retention periods for Network Sensor and TrendAI™ Deep Discovery Inspector in Data Source and Log Management. Credits will be allocated based on the selected retention periods. This flexibility allows you to tailor retention to meet your analysis, correlation, and threat hunting needs.

If you already have a data retention license for Network Sensor, only the retention period included in your license is available.

Agentic SIEM and XDR → Data Source and Log Management

Zero Trust Secure Access Private Access connector version 2.37.0.2115

Mon, 06 Oct 2025 00:00:00 GMT

October 6, 2025—Zero Trust Secure Access Private Access Connector version 2.37.0.2115 introduces new features and resolves known issues.

New Feature

Added support for Nutanix platform

Resolved issue

Fixed connector heartbeat disconnect issue
Vulnerability remediation
Connection stability improvements

Secure Access Module → Secure Access Configuration → Private Access Configuration

Helm Chart 3.2.0

Mon, 06 Oct 2025 00:00:00 GMT

October 6, 2025 — The Helm Chart 3.2.0 release includes the following:

Features
- Introduces support for custom rules in Container Security Runtime Security. You can now create, configure, and import your own rules to tailor runtime protection to your specific environment. This feature enables custom exclusions and granular filtering, allowing you to detect events of interest with greater precision. It extends coverage beyond managed rules, providing personalized and adaptable protection.
Enhancements
- Improved compliance scanning to ensure integrity of check files by preventing unauthorized modifications.
- Upgraded to the latest malware-scanning image for improved detection capabilities and performance.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.2.0.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.2.0

Support for custom rules in Container Security Runtime Security

Mon, 06 Oct 2025 00:00:00 GMT

October 6, 2025—TrendAI Vision One™ now supports custom rules for Container Security runtime protection. This allows you to create, configure, and import your own custom rules for runtime protection, enabling you to specify custom exclusions or granular filtering to detect events of interest in your specific environment. This capability provides personalized detections extending the coverage from managed rules.

Additional improvements released with custom rules:

Custom detection model (CDM) support that matches custom rules detections.
XDR Data Explorer able to show and search detections from Container Security custom rules.
Splunk HEC connector configuration includes new option for custom rule detections. See Splunk HEC connector configuration for more information.

Note

Custom rule detection data ingestion requires credit allocation. The data usage can be viewed in Data Source and Log Management. See Platform Usage and Credits for more information.

For more information about custom rules, see Object management.

Cloud Security → Container Security

Enhanced vulnerability insights and updated CVE column naming for internet-facing assets

Mon, 06 Oct 2025 00:00:00 GMT

October 6, 2025—New enhancements in vulnerability management and asset profiling make it easier to prioritize and mitigate vulnerabilities in your internet-facing assets.

A new CVE impact score column has been added to the internet-facing asset table within the Vulnerabilities factor in Threat and Exposure Management. This enhancement provides clearer visibility into the potential impact of each vulnerability, helping you prioritize remediation efforts more effectively.
The "Highly Exploitable CVEs" column has been updated to "Total CVEs" in both the IP address asset table in Attack Surface Discovery and Related IPs in domain asset profiles. This change ensures more accurate and consistent terminology across the platform, making vulnerability data interpretation easier.

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Cloud Risk Management Releases New 'Services, Regions and Resources' Public API

Thu, 09 Oct 2025 00:00:00 GMT

October 9, 2025—Cloud Risk Management released a new public API for Services, Regions and Resources to enable enhanced visibility, control, and automation for managing cloud resources efficiently across services and regions. See the Automation Center for more information.

Cyber Risk Exposure Management → Cloud Risk Management → Public API

Agentless Vulnerability & Threat Detection 1.187.10101315

Fri, 10 Oct 2025 00:00:00 GMT

October 10, 2025 — The 1.187.10101315 version of Agentless Vulnerability & Threat Detection for Google Cloud creates subnets only in the regions where it is deployed, rather than in all supported regions.

Cloud platform: Google Cloud
Release date: October 10, 2025
Deployment method: Terraform
Enhancement: Creates subnets only in the regions where Agentless Vulnerability & Threat Detection is deployed, which reduces unnecessary resource provisioning and minimizes network overhead in unused regions.

Cloud Security → Cloud Accounts → Google Cloud

Agentless Vulnerability & Threat Detection 1.85.10082048

Fri, 10 Oct 2025 00:00:00 GMT

October 10, 2025 — The Agentless Vulnerability & Threat Detection 1.85.10082048 release provides support for Oracle Cloud Infrastructure (OCI) accounts.

Cloud platform: Oracle Cloud Infrastructure
Release date: October 10, 2025
Deployment method: Terraform
New features: Agentless Vulnerability & Threat Detection for Oracle Cloud (OCI) supports vulnerability and anti-malware scanning for OCI compute VM instances, disk volumes, and Oracle Container Registry images.

Cloud Security → Cloud Accounts → Oracle

Helm Chart 3.2.1

Fri, 10 Oct 2025 00:00:00 GMT

Enhancements
- Improved custom rule detection with mitigation action.
Bug fixes
- Resolved an issue that caused source rule file metadata to be missing from the OCI repository on the custom ruleset detail page.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.2.1.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.2.1

Agentless Vulnerability & Threat Detection now supports Oracle Cloud Infrastructure (OCI)

Fri, 10 Oct 2025 00:00:00 GMT

October 10, 2025 — Agentless Vulnerability & Threat Detection now supports Oracle Cloud Infrastructure (OCI), enabling comprehensive security coverage for your cloud assets.

Perform vulnerability and anti-malware scanning on OCI Compute VM instances, disk volumes, and Oracle Container Registry images.
Benefit from streamlined protection without the need to install agents, reducing operational complexity and improving security posture.

For more information, see Connect Oracle Cloud Infrastructure (OCI) compartments.

Cloud Security → Cloud Accounts → Oracle

Enhanced visibility for duplicate and inactive agents in Endpoint Inventory

Mon, 13 Oct 2025 00:00:00 GMT

October 13, 2025—Endpoint Inventory now provides enhanced visibility and messaging for duplicate and inactive agents, helping you to identify and clean up potential issues with cloned endpoints.

Endpoint Inventory can now flag inactive agents and provide warnings to clean up cloned agents before issues occur. Additionally, new inventory table columns, Cloned endpoint type and Cloned agent configuration, enhance filtering capabilities to locate persistent and non-persistent cloned endpoints in your inventory.

For more information about Endpoint Inventory columns, see Endpoint Inventory table columns.

Endpoint Security → Endpoint Inventory

Workbench insight asset visibility scope refinement

Tue, 14 Oct 2025 00:00:00 GMT

October 14, 2025—Streamline investigations and resolve information inconsistencies during cross-region security incidents. If displayed assets in a Workbench insight are outside the user asset visibility scope, the user is unable to take any actions on those assets. This enhancement ensures secure and efficient investigation processes while protecting organization assets.

Agentic SIEM and XDR → Workbench

Set cluster protection status by version gap

Wed, 15 Oct 2025 00:00:00 GMT

October 15, 2025—You can now set a cluster protection status for clusters in Container Security by a version gap, making it easier to keep your clusters updated. This setting changes the cluster protection status to "unhealthy" when the current deployed version falls behind the latest release by a predefined number of versions.

See Inventory/Overview for more information.

Cloud Security → Container Security

Service Gateway: Forward Proxy Service Version 2.0.7

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—Service Gateway Forward Proxy Service Version 2.0.7 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update improves error handling and recovery in Squid operations.

Service Gateway: Generic Caching Service 1.0.5

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—Service Gateway Generic Caching Service 1.0.5 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update improves the log rotation mechanism.

Zero Trust Secure Access On-premises Gateway version 1.0.72

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.72 is now available and contains the following enhancements.

Enhancements:

Enhanced Cloud (application) Reputation Service (CRS) query handling to cache for a null result in a short period.
Enhanced Web Reputation Service (WRS) query handling to recognize the application name and category for untested URL being accessed, except when security scanning with a security level as HIGH.
Enriched the Activity Log by adding a remarks field to capture device posture details and LLM profile information for relevant accessing.

New Features:

Supports Perplexity public AI service in advanced content inspection.

Service Gateway Firmware Version 3.0.24

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—Service Gateway Firmware Version 3.0.24 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update adds support for Oracle Cloud Infrastructure (OCI).
This update allows customers to disable and enable weak ciphers via CLISH.

Service Gateway: Local ActiveUpdate Service Version 3.0.14

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.14 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update upgrades Python to version 3.12.
This update fixes bugs related to the default pattern version type.

Tag Management now available for preview

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—Tag Management, which enables you to implement comprehensive asset tagging across the TrendAI Vision One™ platform, is now available for public preview. In Tag Management, you can create and manage tags, configure rules for automated asset tagging, map platform tags to third-party attributes, and gain centralized visibility into all TrendAI Vision One™ tags used by your organization. Leveraging asset tagging helps to keep your assets organized, enhancing your overall security posture and operational efficiency.

Tag Management includes several key features:

Tag library: A centralized inventory of all your custom and platform tags, allowing you to easily view and organize your tags.
Automated tagging: Create condition-based rules to automatically tag applicable assets when run, increasing efficiency and reducing manual effort.
External tags: Define mapping relationships between TrendAI Vision One™ tag properties and organizational attributes from third-party sources including Microsoft Entra ID, Active Directory, and cloud service providers. This integration enables you synchronize and centrally manage tags from various sources.
Execution results: A table view of the results of actions related to your automated tagging rules and external mappings, helping you monitor tagging activity across the platform.

For more information, see Tag Management.

Service Management → Tag Management

Zero Trust Secure Access adds PoP site in Oracle Netherlands

Mon, 20 Oct 2025 00:00:00 GMT

October 20, 2025—Zero Trust Secure Access Internet Access now supports the Oracle Netherlands region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Extended query period for mail tracking and policy event logs in Cloud Email Gateway Protection

Tue, 21 Oct 2025 00:00:00 GMT

October 21, 2025—Cloud Email Gateway Protection allows administrators to query mail tracking logs and policy event logs retained for up to 180 days, instead of the previous 90 days.

Email and Collaboration Security → Cloud Email Gateway Protection

Agentless Vulnerability & Threat Detection version 1.519.10151529

Wed, 22 Oct 2025 00:00:00 GMT

October 22, 2025—The Agentless Vulnerability & Threat Detection 1.519.10151529 release prevents unpredictable cost increases when using AWS Vulnerability & Threat Detection (AVTD) with Auto Scaling Groups.

Cloud platform: AWS
Release date: October 22, 2025
Deployment method: CloudFormation
Enhancements:
- By default, Agentless Vulnerability & Threat Detection now excludes Auto Scaling Group (ASG) instances and their EBS volumes from scanning to prevent unpredictable cost increases. (This change is delivered automatically. No CloudFormation template update or user action is required.)
Resolved issues:
- Missing EventBridge tagging permissions (events:TagResource and events:UntagResource) in the CommonControlPlanePolicyPart1 CloudFormation policy caused "Unauthorized tagging operation" errors when creating EventBridge rules during deployment.

Cloud Security → Cloud Accounts → AWS

Container Protection for Amazon ECS version 1.1.3

Wed, 22 Oct 2025 00:00:00 GMT

October 22, 2025—Container Protection for Amazon ECS version 1.1.3 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Bug fixes
- Updated container images and lambda functions to latest versions.
- Changed the default log level in the Runtime Security scout container to info to reduce logging costs.

Oracle Cloud support in Container Security

Wed, 22 Oct 2025 00:00:00 GMT

October 22, 2025—TrendAI Vision One™ now supports Oracle Cloud OKE in Container Security. Add an OKE cluster in Inventory/Overview → Kubernetes → Oracle Cloud OKE to add OKE clusters and view node and pod information. Use the Map to Cloud Account function to enable Cyber Risk Exposure Management.

For more information, see Protect Oracle Cloud OKE clusters.

Cloud Security → Container Security

Helm Chart 3.2.2

Thu, 23 Oct 2025 00:00:00 GMT

October 23, 2025 — The Helm Chart 3.2.2 release includes the following:

Enhancements
- Improved health status reporting in EKS Fargate clusters.
- Improved handling of excluded namespaces, especially in malware scanning.
- Updated open source packages.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.2.2.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.2.2

Enhanced user-reported email analysis and response in Cloud Email and Collaboration Protection

Fri, 24 Oct 2025 00:00:00 GMT

October 24, 2025—Cloud Email and Collaboration Protection offers enhanced capabilities for analyzing and responding to user-reported emails. When a user reports a suspicious message, the system automatically analyzes the email to determine whether it poses a threat—such as phishing or spam—and identifies key indicators like malicious URLs or suspicious senders. It also provides a list of recent emails that share similar suspicious indicators with the reported message, allowing administrators to apply manual or automatic actions to mitigate these threats.

In addition, Cloud Email and Collaboration Protection enhances detection capabilities by learning from the reported email to help prevent recurrence. Administrators can also add relevant objects—such as sender addresses, domains, or URLs—from the reported email to monitored lists used in Correlated Intelligence policies, helping block future unwanted or anomalous messages based on organizational context.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Two more conditions available for detection signal customization in Correlated Intelligence in Cloud Email and Collaboration Protection

Fri, 24 Oct 2025 00:00:00 GMT

October 24, 2025—Cloud Email and Collaboration Protection adds two more conditions for defining custom detection signals for anomalies in Correlated Intelligence. These new conditions allow administrators to define anomalies in their environment based on specific URLs or URL domains found in emails. This enhancement helps tailor anomaly identification to the unique characteristics of each customer's environment.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Extended query duration for user-reported emails in Cloud Email and Collaboration Protection

Fri, 24 Oct 2025 00:00:00 GMT

October 24, 2025—Cloud Email and Collaboration Protection allows administrators to search and view emails reported by end users for up to 90 days, expanding beyond the previous limits of 24 hours, 7 days, and 30 days. This longer retention period improves investigation capabilities, supports more thorough incident analysis, and helps security teams respond more effectively to delayed or complex threats.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access module for Windows version 2.28.1047

Mon, 27 Oct 2025 00:00:00 GMT

October 27, 2025—This update includes an enhancement as well as resolved issues as described in the notes.

Enhancements

After XBC proxy updates, Zero Trust Secure Access now keeps Private Access connections active without disconnecting.

Resolved issues

Private Access would fail to connect when multiple IP addresses were assigned to LightTunnelAdapter.
Private Access would hang when connecting after Windows updates.
Refined the wording on the sign-in loading page when NTLM authentication is enabled.

Zero Trust Secure Access module for macOS version 2.25.210

Mon, 27 Oct 2025 00:00:00 GMT

October 27, 2025—This update includes resolved issues as described in the notes.

Resolved issues

Cumulative bug fixes

Virtual Network Sensor version 1.0.1561

Mon, 27 Oct 2025 00:00:00 GMT

October 27, 2025—Virtual Network Sensor version 1.0.1561 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Support identifying HASSH fingerprints for detecting anomalies in SSH traffic
Support VLAN awarenss for identifying multiple VLANs operating on the same network
Support more instance types for deployment on AWS

User role control flags and API key permission changes

Mon, 27 Oct 2025 00:00:00 GMT

October 27, 2025—TrendAI Vision One™ introduces user role control flags and API key permission changes.

User role control flags determine whether a role is assignable to API keys and/or user accounts. Only Master Administrators can configure control flags for custom roles. Control flags for predefined roles are defined by TrendAI™ and cannot be configured by customers.

API keys can no longer be assigned Master Administrator permissions. Existing API keys with the Master Administrator role are unaffected by this change, but it is recommended that you review your existing API keys and assign them different roles. SIEM & SOAR roles are intended for API key assignments and should not be assigned to user accounts.

For more information, see User Accounts, Configure custom user roles, and API Keys.

Support for VLAN awareness in Virtual Network Sensor

Mon, 27 Oct 2025 00:00:00 GMT

October 27, 2025—You can now configure Virtual Network Sensor in Network Inventory to be VLAN-aware, allowing the sensor to recognize and capture VLAN IDs. With this feature, the sensor can identify multiple VLANs operating on the same network and generate more accurate telemetry and detections.

For details, see Sensor Details.

Network Security → Network Inventory

Support for Scan for Malware in security playbooks

Mon, 27 Oct 2025 00:00:00 GMT

October 27, 2025—You can now add the Scan for Malware response action to the following playbooks:

Risk Event Response playbooks
Automated Response Playbooks
Endpoint Response playbooks

This feature helps you quickly initiate a malware scan on endpoints during investigations, improving threat containment and reducing the risk of lateral movement.

For details on the requirements to run the Scan for Malware action, see Manually create Risk Event Response playbooks, Manually create Automated Response Playbooks, and Manually create Endpoint Response playbooks.

Workflow and Automation → Security Playbooks

Helm Chart 3.2.3

Thu, 30 Oct 2025 00:00:00 GMT

October 30, 2025 — The Helm Chart 3.2.3 release includes the following:

Bug fixes
- Improved consistency of runtime malware and secret scanning.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.2.3.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.2.3

Container Protection for Amazon ECS version 1.1.4

Thu, 30 Oct 2025 00:00:00 GMT

October 30, 2025—Container Protection for Amazon ECS version 1.1.4 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Bug fixes
- Removed Falco container’s stdout_output stream to further reduce logging costs.

Installer updates for October

Fri, 31 Oct 2025 00:00:00 GMT

October 31, 2025—The TrendAI Vision One™ Endpoint Security agent installer has received the following updates and fixes:

Enhancements
- Added the parameter FQDN_ARG to the installation command for enabling the deployment script on Sovereign and Private Cloud instances
Bug fixes and resolved issues
- Fixed an activation timing issue that might cause deployment of Server & Workload Protection features to fail

Endpoint Security → Endpoint Inventory

TrendAI Vision One has a new United Kingdom Data Center

Fri, 31 Oct 2025 00:00:00 GMT

October 31, 2025—TrendAI Vision One™ opened a Data Center to support the United Kingdom region. Users in this region may configure their service FQDNs to reflect the new location.

Note

The following applications currently are not supported by the United Kingdom Data Center:

Endpoint Security (agent package), agent rollout is November 12.
Forensic App, release date is November 15.
Zero Trust Secure Access (Private Access), release date is November 15.
File Security, target release is December 31.

For more information, see Port and FQDN/IP address requirements andUnited Kingdom - firewall exceptions .

New Endpoint Security Policy experience and Policy Resources now available

Fri, 31 Oct 2025 00:00:00 GMT

October 31, 2025—The new Endpoint Security Policy management and Policy Resources are officially released.

The new version of Endpoint Security Policies along with Policy Resources provide several key benefits:

Assignments allow users to apply policies to endpoint groups across your security environment to simplify enforcement and management of security and compliance requirements.
Policies simplify managing endpoint security settings by centralizing control for agent features, ensuring consistent configurations, security measures, and application settings across your security environment.
Policy Resources make policy management more efficient by creating reusable resources, reducing redundancy, and maintaining consistency.

The new policy experience release schedule depends on your region.

Region	Release date
UK, Australia	October 31, 2025 (Friday)
MEA	November 3, 2025 (Monday)
US	November 4, 2025 (Tuesday)
EU	November 5, 2025 (Wednesday)
Singapore, India	November 6, 2025 (Thursday)
Japan	November 10, 2025 (Monday)

To access the updated policies and assignments, go to Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

To access policy resources, go to Endpoint Security → Endpoint Security Configuration → Policy Resources

Centralized management of endpoint security features available for pre-release

Fri, 31 Oct 2025 00:00:00 GMT

October 31, 2025—Endpoint Security Policies support for managing Standard Endpoint Protection and Server & Workload Protection security features are available as a pre-release feature.

To allow Endpoint Security Policies to manage the security policy settings instead of your Protection Managers, you can opt-in to the pre-release using Platform Directory. Once you opt-in, you can configure any policy to manage settings for agents with Standard Endpoint Protection and Server & Workload Protection features.

For more information, see Endpoint Security Policies.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

Zero Trust Secure Access On-premises Gateway version 1.0.73

Mon, 03 Nov 2025 00:00:00 GMT

November 03, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.73 is now available and contains the following enhancement.

Note

Please update to the latest build of version 1.0.73, as it resolves an issue that was present in the first build.

Enhancement:

Improved the XDR log uploading service to prevent continuous attempts to retrieve the service token when the backend service or network is unavailable.

Mobile Security for Business app version 2.0.1527

Mon, 03 Nov 2025 00:00:00 GMT

November 3, 2025—Mobile Security for Business app version 2.0.1527 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes an issue where Zero Trust Secure Access functions become unavailable.
Requires users to log in after they disconnect from and then reconnect to Private Access on the agent if the feature is enabled on the console.

Agentless Vulnerability & Threat Detection now supports Alibaba Cloud

Mon, 03 Nov 2025 00:00:00 GMT

November 3, 2025 — Agentless Vulnerability & Threat Detection now supports Alibaba Cloud projects, enabling comprehensive security coverage for your cloud assets.

Perform vulnerability and anti-malware scanning on Elastic Compute Service (ECS) instances, cloud disks, and Alibaba Container Registry images.
Benefit from streamlined protection without the need to install agents, reducing operational complexity and improving security posture.

For more information, see Connect Alibaba Cloud accounts.

Cloud Security → Cloud Accounts → Alibaba Cloud

TrendAI Vision One Endpoint Security agent November 2025 update - Windows

Wed, 05 Nov 2025 00:00:00 GMT

November 5, 2025—TrendAI Vision One™ Endpoint Security agent version 202511 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Base agent program (Basecamp) version 1.1.0.5801
Service communication manager (VOM) plug-in version 1.2.0.1319
Endpoint Sensor version 1.2.0.6967
Vulnerability Assessment version 1.0.0.4037
Attack Surface Discovery version 1.0.0.4037
Standard Endpoint Protection version 14.0.20315
Server & Workload Protection version 20.0.2-26770

Detailed release notes:

New features
- Agent now supports the UK region
- Agent supports deployment scripts for Sovereign and Private Cloud (SPC) deployments
- Installer supports early check
- Agent now supports Windows 11 25H2
- Server & Workload Protection: User-based firewall is officially released and will be gradually deployed to customers
Enhancements
- Vulnerability Assessment: Enhances data collection
- Standard Endpoint Protection: Updates the Virus Scan Engine (VSAPI) and Advanced Threat Scan Engine (ATSE) to version 25.580.1003 to enhance memory and file scans
- Standard Endpoint Protection: Updates the Network Content Inspection Engine (NCIE) to version 3.7.1028 to enhance secure driver loading
- Standard Endpoint Protection: Updates the server program to protect against a potential path traversal security issue
- Standard Endpoint Protection: Updates the Curl module to version 8.16.0 to enhance product security
- Standard Endpoint Protection: Updates the OpenSSL module to version 3.6.0 to enhance product security.
- Standard Endpoint Protection: Updates the TmEyes module to version 8.55.1409 to enable Windows 11 25H2 support
- Standard Endpoint Protection: Updates the Behavior Monitoring Core Service module to version 2.98.2141 to enhance system performance
- Standard Endpoint Protection: Updates the Behavior Monitoring Core Drive module to version 2.98.2131 to enhance system performance
- Server & Workload Protection: Increases the file size limitation of the collection function from 128 MB to 4 GB in Agent Control Manager
Bug fixes and resolved issues
- Fixes an issue where Service communication manager (VOM) update fails because the service is restarted by watchdog during the update process
- Standard Endpoint Protection: Resolved—When Web Reputation security level is set to "high," but the "Block pages that have not been tested by TrendAI™" option is not enabled, the system might incorrectly block untested domains
- Standard Endpoint Protection: Resolved—Endpoint systems might encounter issues related to DLL corruption (TmUmEvt64.dll)
- Standard Endpoint Protection: Resolved—System might display garbled content for Web Browser Extension on endpoints running on non-English versions of supported operating systems
- Standard Endpoint Protection: Resolved—Agent might block URLs or websites that are not under monitoring
- Server & Workload Protection: Fixes a timing issue where ICRC connection events might not be sent to TrendAI™ services
- Server & Workload Protection: Fixes an issue where enabling an HTTP/2 feature caused an infinite loop crash

Release schedule:

Batch 1: November 05, 2025
Batch 2: November 12, 2025
Batch 3: November 19, 2025

TrendAI Vision One Endpoint Security agent November 2025 update - Linux

Wed, 05 Nov 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.1102
Endpoint Sensor version 3.0.0.7853
Server & Workload Protection version 20.0.2-26770

Detailed release notes:

New features
- Agent supports Debian 13 and Rocky Linux 10
- Server & Workload Protection: User-based firewall is officially released and will be gradually deployed to customers
Enhancements
- Server & Workload Protection: Increases the file size limitation of the collection function from 128 MB to 4 GB in Agent Control Manager
Bug fixes and resolved issues
- Server & Workload Protection: Fixes an issue where enabling an HTTP/2 feature caused an infinite loop crash
- Server & Workload Protection: Fixes an issue causing incorrect infected file information

Release schedule:

Batch 1: November 05, 2025
Batch 2: November 12, 2025
Batch 3: November 19, 2025

TrendAI Vision One Endpoint Security agent November 2025 update - macOS

Wed, 05 Nov 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.547
- XBCAgent.app
- ws_communicator.app
- PreCheck.app
- SilentInstaller.app
CETAgent.app version 3.5.10136
Endpoint Sensor version 1.2.533
Standard Endpoint Protection version 3.5.8052

Detailed release notes:

New features
- Agent supports applying Firewall policy settings
- Agent supports TrendAI Vision One™ Sovereign and Private Cloud 2.0 deployments
Enhancements
- Removed support for macOS 11
- Updates icons for all permission guides
- Standard Endpoint Protection: Updates the Virus Scan Engine (VSAPI) and Advanced Threat Scan Engine (ATSE) to version 25.580.1003 to enhance memory and file scans
- Standard Endpoint Protection: Updates the Network Content Inspection Engine (NCIE) to version 3.7.1028 to enhance secure driver loading
- Standard Endpoint Protection: Updates the server program to protect against a potential path traversal security issue
- Standard Endpoint Protection: Updates the Curl module to version 8.16.0 to enhance product security
- Standard Endpoint Protection: Updates the OpenSSL module to version 3.6.0 to enhance product security.
- Standard Endpoint Protection: Updates the Behavior Monitoring Core Service module to version 2.98.2141 to enhance system performance
- Standard Endpoint Protection: Updates the Behavior Monitoring Core Drive module to version 2.98.2131 to enhance system performance
Bug fixes and resolved issues
- Standard Endpoint Protection: Resolved—When Web Reputation security level is set to "high," but the "Block pages that have not been tested by TrendAI™" option is not enabled, the system might incorrectly block untested domains
- Standard Endpoint Protection: Resolved—Endpoint systems might encounter issues related to DLL corruption (TmUmEvt64.dll)
- Standard Endpoint Protection: Resolved—System might display garbled content for Web Browser Extension on endpoints running on non-English versions of supported operating systems
- Standard Endpoint Protection: Resolved—Agent might block URLs or websites that are not under monitoring

Release schedule:

Batch 1: November 05, 2025
Batch 2: November 12, 2025
Batch 3: November 19, 2025

Zero Trust Secure Access Private Access Connector version 2.38.0.1156

Mon, 10 Nov 2025 00:00:00 GMT

Nov 10, 2025—Zero Trust Secure Access Private Access Connector Version 2.38.0.1156 delivers enhancements.

Enhancements

Fixes and enhanced logging for disconnect issues

Aligned package names and enhanced credit visibility in Credits & Billing

Mon, 10 Nov 2025 00:00:00 GMT

November 10, 2025—Credits & Billing now displays aligned names for Email and Collaboration Security and Endpoint Security packages, clarifying the connection between the licenses you purchase and the solutions you use in TrendAI Vision One™. You can now easily identify and understand the email and endpoint packages you have purchased, making credit management more straightforward and efficient.

For more information, see Credit requirements for TrendAI Vision One™ solutions.

TrendAI™ Flex Licensing → Platform Usage and Credits

Change risk event status directly from Risk Event Response playbooks

Mon, 10 Nov 2025 00:00:00 GMT

November 10, 2025—The Risk Event Response playbook is enhanced to support a new action in Action Settings: Change risk event status.

With this update, you can now update the status of specified risk events directly from the playbook. Available status options include:

In progress
Remediated
Dismissed
Accepted

You can also require manual approval before applying the action.

For more information, see Manually create Risk Event Response playbooks.

Workflow and Automation → Security Playbooks

Agentless Vulnerability & Threat Detection version 1.65.11111517

Wed, 12 Nov 2025 00:00:00 GMT

November 12, 2025 — The Agentless Vulnerability & Threat Detection 1.65.11111517 release provides support for Alibaba Cloud accounts.

Cloud platform: Alibaba Cloud
Release date: November 12, 2025
Deployment method: Terraform
New features: Agentless Vulnerability & Threat Detection for Alibaba Cloud supports vulnerability and anti-malware scanning for Elastic Compute Service (ECS) instances, cloud disks, and Alibaba container registry images.

Cloud Security → Cloud Accounts → Alibaba Cloud

TrendAI Vision One Endpoint Security agent supports Endpoint Sensor for Windows 11 ARM64 endpoints

Wed, 12 Nov 2025 00:00:00 GMT

November 12, 2025—The TrendAI Vision One™ Endpoint Security agent now supports enabling Endpoint Sensor (XDR for Endpoints) on Windows 11 ARM64 endpoints.

This initial release includes support for process, file, and registry telemetry, along with exception handling and self-protection capabilities. For more details about supported platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Mobile Security for Business app version 2.0.1533

Thu, 13 Nov 2025 00:00:00 GMT

November 13, 2025—Mobile Security for Business app version 2.0.1533 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Optimizes log collection functions.

Zero Trust Secure Access On-premises Gateway Version 1.0.74

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.74 contains new features and enhancements.

New Features

Support for harmful prompt detection for both public and private AI services.
Support for sensitive data upload detection for public AI service (ChatGPT, Gemini, Copilot for Bing).
Support for applying MIP to uploaded file content inspection for public AI service (ChatGPT, Gemini, Copilot for Bing).

Enhancements

- Fixed iTunes update error caused by authentication failure.

Helm Chart 3.2.4

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025 — The Helm Chart 3.2.4 release includes the following:

Enhancements
- Support for Service Gateway.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.2.4.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.2.4

GKE Autopilot support for Container Security clusters

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—You can now select GKE Autopilot to adjust agent deployment for GKE clusters with GKE Autopilot enabled.

For more information, see Connect Google GKE clusters.

Cloud Security → Container Security

Zero Trust Secure Access adds PoP site in AWS Thailand

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—Zero Trust Secure Access Internet Access now supports the AWS Thailand region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

TrendAI Vision One Endpoint Security agent now supports Debian 13 and Rocky Linux 10 64-bit operating systems

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—The TrendAI Vision One™ Endpoint Security agent now supports deployments to endpoints using Debian 13 64-bit (x86-64) and Rocky Linux 10 64-bit (x86-64).

Support for Linux platforms includes deploying the agent with Server & Workload Protection and XDR for Endpoint (EDR) features. For more information on supported systems, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

TrendAI Vision One Endpoint Security agent now supports Windows 11 25H2

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—The TrendAI Vision One™ Endpoint Security agent now supports deployments to endpoints using Windows 11 25H2.

Windows 11 25H2 support includes deploying the agent with Standard Endpoint Protection, Server & Workload Protection, and XDR for Endpoint (EDR) features. For more information on supported systems, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Service Gateway support for Kubernetes clusters in Container Security

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—You can now select a Service Gateway as a connection method when you add a Kubernetes cluster in Container Security.

For more information, see Kubernetes cluster security and Service Gateway Management.

Cloud Security → Container Security

Enhanced internet-facing asset discovery improves accuracy

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—TrendAI Vision One™ Cyber Risk Exposure Management has enhanced the discovery process used to find internet-facing assets in Attack Surface Discovery. The enhancement results in:

More accurate identification of internet-facing assets by preventing the discovery and display of IP addresses or domains that do not belong to your organization.
Improved reliability and confidence in your internet-facing asset inventory, supporting more effective risk management and mitigation decisions to secure your external attack surface.
A more precise Cyber Risk Index that reflects your organization's true cyber security posture.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Endpoint Security supports custom download location for agent installer script

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—When generating a deployment script in Endpoint Inventory, you can select a custom location from which to download the agent installer package.

This method allows for control over the version of the agent to deploy to your endpoints by redirecting the installation script to download a prepared source file. For more information, see Deploy agents using the deployment script.

Endpoint Security → Endpoint Inventory

Endpoint Security supports selecting installation proxy for agent installer

Mon, 17 Nov 2025 00:00:00 GMT

November 17, 2025—When generating an agent installer in Endpoint Inventory, you can now select a specific proxy to use during agent installation.

You can select from deployed Service Gateways, a defined custom proxy, or the system proxy configured on the endpoint. For instructions on specifying the installer proxy, see the following deployment topics:

Endpoint Security → Endpoint Inventory

Improved DMARC mechanism check for inbound email authentication in Cloud Email Gateway Protection

Tue, 18 Nov 2025 00:00:00 GMT

November 18, 2025—Cloud Email Gateway Protection now supports more flexible and robust DMARC authentication for inbound messages. Administrators can now configure separate actions for domains with well-defined DMARC policies and those with misconfigured or missing records, supporting more accurate enforcement across diverse sender domains.

Additionally, as DMARC adoption grows and more organizations configure their policies correctly, and as major email providers enforce stricter DMARC standards, DMARC authentication behavior in Cloud Email Gateway Protection has been strengthened to align with RFC standards, improving spoofing protection and helping customers align with evolving industry practices.

Email and Collaboration Security → Cloud Email Gateway Protection

Endpoint Security Policies supports managing firewall settings for macOS agents

Wed, 19 Nov 2025 00:00:00 GMT

November 19, 2025—The TrendAI Vision One™ Endpoint Security agent now supports applying firewall settings configured in Endpoint Security Policies to macOS endpoints using the Standard Endpoint Protection configuration.

This enhancement applies to agent versions 202511 and later, and requires enabling central management of protection features for the target endpoint group. For more information about centralizing management of endpoint protection features, see Before you enroll your endpoint groups.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

Zero Trust Secure Access On-premises Gateway Version 1.0.75

Thu, 20 Nov 2025 00:00:00 GMT

November 20, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.75 contains the following enhancement.

Enhancement

Rolled back the URL filtering enhancement for the Untested or Newly Observed Domain category. This rollback applies globally, except for the Japan site.

Zero Trust Secure Access Private Access connector version 2.38.0.1176

Thu, 20 Nov 2025 00:00:00 GMT

November 20, 2025—Zero Trust Secure Access Private Access Connector version 2.38.0.1176 introduces a new enhancement:.

Enhancement

Automatically detects backend service disruptions and preserves network connectivity by using cached configurations, while monitoring for service recovery.

Add-in for Outlook available in French in Cloud Email and Collaboration Protection

Fri, 21 Nov 2025 00:00:00 GMT

November 21, 2025—Cloud Email and Collaboration Protection expands language support for its Outlook Add-in. End users are be able to access these interfaces in French.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Email notification of analysis results to end users in Cloud Email and Collaboration Protection

Fri, 21 Nov 2025 00:00:00 GMT

November 21, 2025—Cloud Email and Collaboration Protection supports sending analysis results of reported emails directly to end users, based on administrator configuration. Whether the email is analyzed as phishing, spam, or flagged for further attention, users receive feedback that reinforces their role in threat detection. This enhancement helps close the email reporting loop, encourages continued user engagement, and strengthens overall organizational security awareness.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Zero Trust Secure Access module for Windows version 2.29.1043

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—This update includes a new feature, an enhancement as well as resolved issues as described in the notes.

New features

Added "feedback status" button in the "Debug Settings" page for troubleshooting.
Implemented a proxy fallback mechanism that automatically switches to a reachable proxy.

Enhancements

Changed "AI Service Access" to "AI Secure Access"

Resolved issues

Internet Access traffic would sometimes bypass the SWG when the endpoint had Group Policy settings enabled for DNSClient

Zero Trust Secure Access module for macOS version 2.26.255

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—This update includes new features, an enhancement as well as resolved issues as described in the notes.

New features

Added "feedback status" button in the "Debug Settings" page for troubleshooting.
Supports system proxy in service mode for internet access
Support for macOS Tahoe 26

Enhancements

Changed "AI Service Access" to "AI Secure Access"

Resolved issues

Sign-in pop-up kept popping up, even when Internet Access was disabled

Receive notifications when Workbench alerts are created or closed

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—Simplify your security operations workflow with notifications via email, webhook, and TrendAI Vision One™ mobile app whenever a Workbench alert is created or closed. Go to Administration → Notifications → Alerts and click Workbench alert to configure notification settings.

For more information, see Alerts.

Administration → Notifications

Agentic SIEM and XDR → Workbench

Agentless Vulnerability & Threat Detection 1.188.112111442

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025 — The 1.188.112111442 version of Agentless Vulnerability & Threat Detection for Google Cloud adds a tag to prevent Cloud Security Posture rule failures.

Cloud platform: Google Cloud
Release date: November 24, 2025
Deployment method: Terraform
New features: Adds the tag conformity:suppress to exclude Agentless Vulnerability & Threat Detection resources and prevent Cloud Security Posture rule failures from affecting cloud account compliance and risk scores.

Cloud Security → Cloud Accounts → Google Cloud

Helm Chart 3.3.0

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025 — The Helm Chart 3.3.0 release includes the following:

Features
- Support for file integrity monitoring, which detects file changes to critical areas of containers by comparing their current state to a pre-established baseline. File integrity monitoring scans files for unexpected changes and logs an event if a deviation is found, providing visibility into potential security threats.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.0.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.0

File integrity monitoring available in Container Security

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—TrendAI Vision One™ now includes file integrity monitoring as part of its Container Security runtime protection capabilities. This feature monitors critical files and directories within your containerized environments and generates detailed security events when changes are detected, including essential file attributes that provide comprehensive details about the changes.

Key Capabilities

Custom file integrity monitor rules: Create tailored monitoring rules for specific folders and files in your containers.
Trend-managed rules: Leverage predefined rules maintained by TrendAI Vision One™ for common security scenarios.
Scheduled monitoring: Continuously detect file changes according to your configured monitoring schedule.

For more information, see File integrity monitoring.

Cloud Security → Container Security → Configuration → Object Management

Real-Time Status Feedback on current module status

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—Users can now send instant feedback on the current module status to help with troubleshooting. To prevent spam, a five-minute cooldown applies—users must wait five minutes before submitting another status update.

Zero Trust Secure Access supports the macOS System Proxy Support for Service Mode

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—Zero Trust Secure Access now supports using the macOS system proxy for traffic forwarding in Secure Access Modules. Select System Proxy as the service mode when the Tunnel (VPN) option is already in use by other solutions on your company’s Mac devices.

Zero Trust Secure Access → Secure Access Module → Global Settings → Service Mode for Internet Access → macOS

Upgraded compliance scan support for new benchmark versions

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—TrendAI Vision One™ now has enhanced compliance scanning capabilities for the following latest CIS benchmark versions:

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.7.0
CIS Kubernetes Benchmark v1.11.1
CIS Red Hat OpenShift Container Platform Benchmark v1.8.0
CIS Google Kubernetes Engine (GKE) Benchmark v1.8.0

Select a specific benchmark version to apply to each cluster type, ensuring your Kubernetes environments adhere to the latest security standards and best practices.

Important

Starting November 24 2025, EKS benchmark version 1.4.0 will start to be deprecated. Support for EKS 1.4.0 will end January 23, 2026.

Cloud Security → Container Security → Inventory/Overview

Enhanced Workbench insights

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—Simplify your security operations with enhanced Workbench insights. Easily create, update, and close cases directly from the Workbench Insights tab, and opt-in to AI-powered investigations to generate investigation reports from the insight details screen.

For more information, see Workbench insight details.

Agentic SIEM and XDR → Workbench

New cross-layer attack simulations available for third-party logs

Mon, 24 Nov 2025 00:00:00 GMT

November 24, 2025—You can now run the cross-layer attack simulation with ingested data from Microsoft Defender for Endpoint, Palo Alto Networks firewalls, and Fortinet FortiGate firewalls. To run a cross-layer simulation, go to Resource Center → Simulations → Cross-layer attack simulations and select the simulation you want to run. To view simulation results, go to Agentic SIEM and XDR → Workbench or Agentic SIEM and XDR → Observed Attack Techniques for correlated alerts and events related to the T1071, T1204, T1518.001, and T1105 technique set, and the T1003 and T1071 technique set.

Agentic SIEM and XDR → Workbench

Agentic SIEM and XDR → Observed Attack Techniques

Agentless Vulnerability & Threat Detection version 1.542.11191153

Wed, 26 Nov 2025 00:00:00 GMT

November 26, 2025 — The Agentless Vulnerability & Threat Detection 1.542.11191153 release increases the maximum supported size for AWS container image vulnerability scans to 20GB, allowing larger container images to be scanned for security issues without manual workarounds.

Cloud platform: AWS
Release date: November 26, 2025
Deployment method: CloudFormation
Enhancements:
- AWS container image scanning now supports images up to 20GB in size, enabling security scans for larger containers without additional configuration.

Cloud Security → Cloud Accounts → AWS

Access strategic reports via Threat Insights

Wed, 26 Nov 2025 00:00:00 GMT

November 26, 2025—TrendAI Vision One™ now offers Advanced Persistent Threat (APT) and Cybercrime Situational Threat Awareness reports through Threat Insights. These additions deliver extensive strategic intelligence and situational awareness to stay ahead of evolving threats.

Comprehensive view of APT and cybercrime trends to shape effective security strategies.
Quickly review summaries within TrendAI Vision One™ and download full versions of the reports for deeper insights.
Mutual linking between emerging threat, threat actor, and report summary pages, streamlining navigation and improving context for threat investigations.

These reports empower security teams to make informed decisions and respond proactively to both targeted and broad cyber threats.

Threat Intelligence → Threat Insights

Cloud Detections for AWS VPC Flow Logs version 1.557.12011407

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025—The Cloud Detections for AWS VPC Flow Logs version 1.557.12011407 release introduces support for AWS VPC Flow Logs detections in private Virtual Private Cloud (VPC) environments.

Cloud platform: AWS
Release date: December 1, 2025
Deployment method: AWS CloudFormation
New features: Adds support for AWS VPC Flow Logs detections in VPCs, improving visibility into network-isolated environments.

Cloud Security → Cloud Accounts → AWS

Cloud Detections for AWS CloudTrail version 1.48.0

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025—The Cloud Detections for AWS CloudTrail version 1.48.0 release introduces support for AWS CloudTrail detections in private VPC environments.

Cloud platform: AWS
Release date: December 1, 2025
New features:
- Adds support for AWS CloudTrail detections in private VPCs, improving visibility into network-isolated environments.

Cloud Security → Cloud Accounts → AWS

Agentless Vulnerability & Threat Detection version 1.557.12011407

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025—The Agentless Vulnerability & Threat Detection1.557.12011407 release resolves an issue that prevented removal of the Agentless Vulnerability & Threat Detection CloudFormation stack.

Cloud platform: AWS
Release date: December 1, 2025
Deployment method: CloudFormation
Enhancements:
- Resolved an issue that prevented the resource bucket and log bucket from being deleted, allowing the Agentless Vulnerability & Threat Detection stack to be removed successfully.

Cloud Security → Cloud Accounts → AWS

Cloud Detections for Azure VNet Flow Logs version 1.163.11181617

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025 — This release provides support for Cloud Detections for Azure VNet Flow logs in your Azure subscription.

Cloud platform: Azure
Release date: December 1, 2025
Deployment method: Terraform
New features: Cloud Detections for Azure VNet Flow Logs supports ingestion of Virtual Network (VNet) flow logs in your Azure subscription. This feature enables TrendAI Vision One™ to gather insight into your VNet traffic, with detection models to identify and provide alerts on malicious IP traffic, SSH brute force attacks, data exfiltration, and more.

Cloud Security → Cloud Accounts → Azure

AI Security Blueprint for unified AI asset protection

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025—AI Security Blueprint in TrendAI Vision One™ is your starting point for securing AI across development, deployment, and production. The AI Security Blueprint dashboard provides clear guidance to help you protect both your AI stacks and the users who access AI services. It gives unified visibility into your AI assets—including services, models, workloads, data stores, entitlements, code repositories, APIs, and container images—so you can identify vulnerabilities, reduce risk, and strengthen security across every layer of your AI environment.

AI Security → AI Security Blueprint

AI Guard is real-time protection for AI systems

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025—Announcing the official release of AI Guard, an application programming interface (API) endpoint that provides real-time protection by monitoring and filtering AI system inputs and outputs. This solution addresses the unique security challenges that arise when deploying AI at scale.

Key features include:

Guardrails for inbound requests to block malicious input and prevent misuse.
Scanning for harmful content generation and sensitive information leakage.
Protection against AI model poisoning.
Sensitive data protection and privacy compliance.
Infrastructure security to manage risks in applications powered by LLMs, preventing abuse and misuse.

AI Guard enables users to safely implement AI capabilities while maintaining security standards and compliance requirements. For more information, see AI Application Security.

AI Security → AI Application Security → AI Guard

Comprehensive AI model security scanning

Mon, 01 Dec 2025 00:00:00 GMT

December 1, 2025—TrendAI Vision One™ introduces a powerful solution for scanning AI models, including large language models (LLMs), to identify common attack techniques, security objectives, and vulnerabilities.

Assess risks in your LLM deployments and pinpoint gaps in your security posture.
Receive detailed, itemized feedback reports highlighting vulnerabilities and actionable recommendations.
Leverage the TrendAI™ Artifact Scanner (TMAS) command-line interface (CLI) which now supports scanning LLM endpoints and LLM-powered applications.
View results in TrendAI Vision One™ for streamlined analysis and reporting.

This feature addresses the growing need for robust security insights as LLM adoption accelerates, helping your organization maintain regulatory compliance and prevent exploitative usage of AI models.

AI Security → AI Application Security → AI Scanner

TrendAI Vision One Endpoint Security agent December 2025 update - Windows

Tue, 02 Dec 2025 00:00:00 GMT

December 2, 2025—TrendAI Vision One™ Endpoint Security agent version 202512 includes security enhancements, bug fixes, and feature releases. Updates to individual components and agent modules may follow different batch release schedules.

This update includes the following changes:

Service communication manager (VOM) plug-in version 1.2.0.1365
Endpoint Sensor version 1.2.0.7045
Vulnerability Assessment version 1.0.0.4064
Attack Surface Discovery version 1.0.0.4064
Standard Endpoint Protection version 14.0.20422
Server & Workload Protection version 20.0.2-29760

Detailed release notes:

Enhancements

Note

Some enhancements might not follow the normal release schedule.
- Includes performance enhancements for Vulnerability Assessment and Attack Surface Discovery
- Standard Endpoint Protection - Updates the Behavior Monitoring Core Service to version 2.98.2144 to enhance system performance
- Standard Endpoint Protection - Updates the Scheduled Updates configuration in the web console for agents
- Server & Workload Protection - Firewall and Intrusion Prevention system events now display process and user info if the data is available. This enhancement is being rolled out gradually and might not follow the normal release schedule.
- Server & Workload Protection - Strong cipher and minimum Transport Layer Security (TLS) version can be set in the agent configuration file for agents using Deep Security Relay
- Server & Workload Protection - Updates the Advanced Threat Scan Engine to version 25.560
Bug fixes and resolved issues
- Fixes an authorization issue that enabled the agent to accept all policy requests
- To prevent RPC hang, agent now terminates WebInstaller if abnormal behavior is detected during agent update or installation
- Data Security Sensor - Fixes included to prevent heap corruption
- Standard Endpoint Protection - Resolved issue: after a malware file is quarantined on agent endpoints, the system might not clean the encrypted malware file properly
- Standard Endpoint Protection - Resolved issue: backup folders and files for agent updates are not periodically removed properly and might occupy excessive disk space on endpoints
- Standard Endpoint Protection - Fixed an issue related to Behavior Monitoring and Microsoft Defender might cause agent endpoints to become unresponsive
- Standard Endpoint Protection - Resolved issue: user-defined suspicious objects (IP address) might not be detected and blocked properly by agents
- Standard Endpoint Protection - Resolved issue: the TrendAI™ Apex One Data Protection service (DSAGENT.exe) might stop unexpectedly
- Server & Workload Protection - Resolved issue: uploading logs using the File Collection or Custom Script functions failed on some systems
- Server & Workload Protection - Resolved issue: Software builds took much longer on certain systems running the agent with Device Control enabled
- Server & Workload Protection - Fixed an issue where the agent did not populate the Last updated column in the Software information tab in Endpoint Inventory endpoint details
- Server & Workload Protection - Resolved issue: Anti-Malware proteciton sometiems stops working when the operating system was running in low power mode (for example, with the laptop screen off or closed)
- Server & Workload Protection - Resolved issue: while Application Control was running in lockdown mode, applications could execute if Application Control was processing a ruleset change

Release schedule:

Batch 1: December 2, 2025
Batch 2: December 9, 2025
Batch 3: December 11, 2025

TrendAI Vision One Endpoint Security agent December 2025 update - Linux

Tue, 02 Dec 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package 1.2.0.1253
Endpoint Sensor version 3.0.0.8173
Server & Workload Protection version 20.0.2-29760

Detailed release notes:

New features
- Agent supports Ubuntu 24 ARM64 (AWS Arm-based Graviton 2) deployments
Enhancements

Note

Some enhancements might not follow the normal release schedule.
- Updates CACert
- Server & Workload Protection - Firewall and Intrusion Prevention system events now display process and user info if the data is available. This enhancement is being rolled out gradually and might not follow the normal release schedule.
- Server & Workload Protection - Strong cipher and minimum Transport Layer Security (TLS) version can be set in the agent configuration file for agents using Deep Security Relay
- Server & Workload Protection - Updates the Advanced Threat Scan Engine to version 25.560
Bug fixes and resolved issues
- Server & Workload Protection - Resolved issue: agent was unable to start on some Red Hat Package Manager (RPM)-based Linux distributions using a newer RPM library (rpm-4.16.1.3-39.el9.x86_64 or later / rpm-4.19.1.1-20.el10.x86_64 or later)
  
  For more information, see the Success Portal Knowledge Base.
- Server & Workload Protection - Resolved issue: uploading logs using the File Collection or Custom Script functions failed on some systems
- Server & Workload Protection - Resolved issue: while Application Control was running in lockdown mode, applications could execute if Application Control was processing a ruleset change
- Server & Workload Protection - Resolved issue: Application Control blocked some applications from being executed through a shell when they should have been allowed

Release schedule:

Batch 1: December 2, 2025
Batch 2: December 9, 2025
Batch 3: December 11, 2025

TrendAI Vision One Endpoint Security agent December 2025 update - macOS

Tue, 02 Dec 2025 00:00:00 GMT

This update includes the following changes:

Agent program services package (Endpoint Basecamp) 1.2.563
- XBCAgent.app
- ws_communicator.app
- PreCheck.app
- SilentInstaller.app
CETAgent.app version 3.5.10136
Endpoint Sensor version 1.2.550
Standard Endpoint Protection version 3.5.8143

Detailed release notes:

Enhancements
- Enhances endpoint capability status regular update
- Supports Standard Endpoint Protection deployment scripts
- Supports sending system events to xLogR
- Enhanced policy statuses
- Standard Endpoint Protection - Updates the Behavior Monitoring Core Service to version 2.98.2144 to enhance system performance
- Standard Endpoint Protection - Updates the Scheduled Updates configuration in the web console for agents
Bug fixes and resolved issues
- Standard Endpoint Protection - Resolved issue: after a malware file is quarantined on agent endpoints, the system might not clean the encrypted malware file properly
- Standard Endpoint Protection - Resolved issue: backup folders and files for agent updates are not periodically removed properly and might occupy excessive disk space on endpoints
- Standard Endpoint Protection - Resolved issue: user-defined suspicious objects (IP address) might not be detected and blocked properly by agents
- Standard Endpoint Protection - Resolved issue: the TrendAI™ Apex One Data Protection service (DSAGENT.exe) might stop unexpectedly

Release schedule:

Batch 1: December 2, 2025
Batch 2: December 9, 2025
Batch 3: December 11, 2025

Service Gateway: Forward Proxy Service Version 2.0.8

Wed, 03 Dec 2025 00:00:00 GMT

December 3, 2025—Service Gateway Forward Proxy Service Version 2.0.8 delivers key enhancements, bug fixes, and security updates.

This update includes the following change:

This update fixes multiple vulnerabilities.

Service Gateway: Smart Protection Services Version 2.0.8

Wed, 03 Dec 2025 00:00:00 GMT

December 3, 2025—Service Gateway Smart Protection Services Version 2.0.8 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update allows disabling legacy TLS versions for Smart Protection Services through CLISH.
This update fixes multiple vulnerabilities.

Service Gateway: Local ActiveUpdate Service Version 3.0.15

Wed, 03 Dec 2025 00:00:00 GMT

December 3, 2025—Service Gateway Local ActiveUpdate Service Version 3.0.15 includes an enhancement.

This update includes the following change:

This update supports displaying the latest Virus Scan Engine pattern version.

Mobile Security for Business app version 2.0.1547

Mon, 08 Dec 2025 00:00:00 GMT

December 8, 2025—Mobile Security for Business app version 2.0.1547 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes internal application access failures caused by a Zero Trust Secure Access issue.
Fixes login failures that occur when Private Access is enabled but Internet Access is not.

Mobile Security for Business app version 2.0.1159

Mon, 08 Dec 2025 00:00:00 GMT

December 8, 2025—Mobile Security for Business app version 2.0.1159 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Fixes internal application access failures caused by a Zero Trust Secure Access issue.
Fixes the failure to connect to specific internal applications.
Fixes slow internet connection when Private Access is enabled.

File Security now supports Virtual Private Cloud deployment

Mon, 08 Dec 2025 00:00:00 GMT

December 8, 2025—You can now deploy File Security directly into your Virtual Private Cloud (VPC), giving you greater control over network security and resource isolation.

Risk Event, Account Response, and High-Risk Account Response playbooks now support Google Workspace

Mon, 08 Dec 2025 00:00:00 GMT

December 8, 2025—Security playbooks now supports Google Workspace for Risk Event, Account Response, and High-Risk Account Response playbooks.

You can now configure your playbooks to scan for and respond to potential security risks discovered in accounts managed by your Google Workspace IAM. The response playbooks require permission to access your Google Workspace data, which you can manage in Data Source and Log Management.

For more information, see User-defined playbooks.

Workflow and Automation → Security Playbooks

Enhancements to risk score messaging for internet-facing assets

Mon, 08 Dec 2025 00:00:00 GMT

December 8, 2025—New enhancements in Attack Surface Discovery make it easier for you to understand why some internet-facing assets receive a risk score of 0.0.

Some internet-facing assets with 0.0 risk scores may actually contain no risk. However, it is more likely that Attack Surface Discovery has received incomplete or inconsistent information about the asset during assessment. Assets with incomplete or inconsistent information cannot complete assessment, so a risk score cannot be calculated. TrendAI™ recommends investigating assets with 0.0 risk scores to confirm whether the asset hosting method is causing inconsistent information to be returned during assessment.

To learn more, see Internet-Facing Assets.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

TrendAI Vision One Automation Center has moved

Mon, 08 Dec 2025 00:00:00 GMT

December 8, 2025—You can now go to Workflow and Automation → API Automation Center to visit TrendAI Vision One™ Automation Center. Quickly and efficiently locate the OpenAPI specifications, endpoint references, and integration walkthroughs that you need.

For more information, see API Automation Center.

Workflow and Automation → API Automation Center

Extended sliding window for log search in Cloud Email Gateway Protection

Tue, 09 Dec 2025 00:00:00 GMT

December 9, 2025—Cloud Email Gateway Protection extends the sliding window for mail tracking, policy event, and audit log search to 90 continuous days, instead of the previous 60, 60, and 7 days respectively.

Email and Collaboration Security → Cloud Email Gateway Protection

TrendAI Vision One Endpoint Security agent supports additional XDR capabilities for Windows 11 ARM64 endpoints

Tue, 09 Dec 2025 00:00:00 GMT

December 9, 2025—Endpoint Sensor (XDR for Endpoints) has expanded capability support for Windows 11 ARM64, including support for Isolate Endpoint response action, monitoring Windows event telemetry, and monitoring connection telemetry.

For more details about supported platforms, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Two-way sync of Workbench insight impact scope and highlighted objects with Jira Cloud

Tue, 09 Dec 2025 00:00:00 GMT

December 9, 2025—Workbench insight impact scope and highlighted objects in Case Management are now bi-directionally synced with Jira Cloud issues, enabling efficient case management and investigation.

For more information, see Jira Cloud integration (for Case Management).

Workflow and Automation → Case Management

Agentic SIEM and XDR → Workbench

TrendAI Vision One Endpoint Security agent now supports Ubuntu 24.04 ARM64

Thu, 11 Dec 2025 00:00:00 GMT

December 11, 2025—The TrendAI Vision One™ Endpoint Security agent now supports deployments to endpoint using Ubuntu 24.04 ARM64 (AArch64).

Support for Ubuntu 24.04 ARM64 (AArch64) includes deploying the agent with Server & Workload Protection and XDR for Endpoint (EDR) features. For more information on supported systems, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Zero Trust Secure Access module for Windows server version 2.29.1047

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—This update includes the following enhancement:

Enhancement

Support for the new Canada site.

Zero Trust Secure Access module for macOS version 2.26.269

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—This update includes the following enhancement:

Enhancement

Support for the new Canada site.

Helm Chart 3.3.1

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—The Helm Chart 3.3.1 release includes the following:

Enhancements
- Displays the Falco version in the Falco logs for better debugging.
- Adds SHA1 hash to File Integrity Monitoring events.
Bug fixes
- Fixed an error where the Fargate injector incorrectly added the Service Gateway configmap and secret to pods when Service Gateway was not enabled.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.1.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.1

Microsoft Teams Graph API integration (preview) in Cloud Email and Collaboration Protection

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—Cloud Email and Collaboration Protection transitions to Microsoft Teams Graph API and Graph subscriptions, replacing the legacy CSOM API and remote event receiver. This upgrade enhances integration reliability and scalability, laying the groundwork for more efficient data handling and future feature expansion.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Agentic AI-powered threat detection in Cloud Email and Collaboration Protection

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—Cloud Email and Collaboration Protection introduces Agentic AI to power threat detection for phishing and spam in Correlated Intelligence for Exchange Online. This enhancement brings advanced AI-driven analysis to improve detection accuracy and reduce manual effort for security teams.

This feature is in private preview. If you want to access this feature before it enters public preview or is officially released, contact your sales representative.

Email and Collaboration Security → Cloud Email and Collaboration Protection

TrendAI Vision One has a new Canada Data Center

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—TrendAI Vision One™ has opened a data center to support the Canadian region. Users in this region may configure their service FQDNs to reflect the new location.

Automatic reversal of false positive quarantines extended to Teams in Cloud Email and Collaboration Protection

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—Cloud Email and Collaboration Protection automatically reverses false positive quarantines in Teams, in addition to OneDrive and SharePoint Online. Using advanced URL pattern intelligence, it identifies false positives, retrieves file details from detection logs, and restores affected files to their original locations—no manual action needed.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Automatic detection of more problematic messages from reported emails in Cloud Email and Collaboration Protection

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—Cloud Email and Collaboration Protection enhances the user-reported email analysis and response feature by leveraging implemented automatic remediation and prevention measures to identify more problematic messages. After these measures are generated based on reported emails confirmed as phishing or spam and automatically implemented, the system further identifies historical emails and provides an extra list of more problematic messages for administrator review and automatic or manual mitigation. This enhancement improves threat coverage, reduces blind spots, and strengthens proactive response across the email environment.

Email and Collaboration Security → Cloud Email and Collaboration Protection

Cloud Risk Management releases new CIS Azure and AWS compliance standards

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—TrendAI Vision One™ - Cloud Risk Management has released the following new compliance standards:

CIS Foundations Benchmarks. - CIS Azure Foundations Benchmark v4.0.0: Cloud Risk Management has updated the CIS Azure compliance standard to the latest version to meet the Center of Internet Security (CIS) Foundations Benchmarks for Microsoft Azure. You can now filter Checks and download Compliance Reports to ensure your cloud environment complies with the latest CIS Foundations Benchmarks. - CIS Azure Foundations Benchmark v4.0.0.

Deprecation Notice: We've also deprecated CIS Azure Foundations Benchmark v2.1.0 for removal on February 8 2026. It will no longer be accessible in the filters, preventing the creation of new reports or report-configurations with this outdated benchmark. If any existing report configurations include deprecated compliance standards, it will not be possible to generate new PDF/CSV reports. However, the list of previously generated PDF/CSV reports remains available. TrendAI Vision One™ Cloud Risk Management recommends updating your report configurations to use the latest versions of CIS Azure Foundations Benchmark before February 8 2026.

AWS Well-Architected Framework Generative AI Lens: TrendAI Vision One™ - Cloud Risk Management has added support for the new Amazon Web Services Well-Architected Framework Generative AI Lens. Generative AI Lens is an extension of the AWS Well-Architected Framework, complementing the AWS WAF with Gen AI specific controls.

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Template Scanner enhances support for Azure resources

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—TrendAI Vision One™ - Cloud Risk Management Template Scanner has added the following updates to support your Azure cloud infrastructure. For coverage details, see Template Scanner Coverage.

New Azure resources
- DNS Zones
- DNS Private Zones
- FrontDoor Profiles
- Access Control Roles
- Access Control Custom Roles
- MachineLearning Learning Workspaces
- SecurityCenter Tasks
- SecurityCenter Alerts
- SecurityCenter Pricings
- CosmosDB Servers
API Management Management APIs
SQL Servers

Cyber Risk Exposure Management → Template Scanner

Cloud Risk Management releases new CIS Azure and AWS compliance standards

Fri, 12 Dec 2025 00:00:00 GMT

December 12, 2025—TrendAI Vision One™ - Cloud Risk Management has released the following new compliance standards:

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Zero Trust Secure Access On-premises Gateway Version 1.0.76

Mon, 15 Dec 2025 00:00:00 GMT

December 15, 2025—The Zero Trust Secure Access On-premises Gateway version 1.0.76 contains new features, enhancements, and resolved issues.

New features

Supports sensitive data upload detection for Microsoft Copilot for Microsoft 365

Enhancements

Improved large file downloading stability in poor client network conditions

Resolved issues

Fixed the issue where srcLocation and dstLocation fields appeared as empty values in XDR logs
Fixed issues caused by public AI services protocol changes

CyberArk is now available as a third-party integration

Mon, 15 Dec 2025 00:00:00 GMT

December 15, 2025—You can now integrate CyberArk with TrendAI Vision One™ for proactive security outcomes. Currently, TrendAI Vision One™ syncs user data from CyberArk for risk assessment in Cyber Risk and Exposure Management.

For more information, see CyberArk integration.

Workflow and Automation → Third-Party Integrations

Zero Trust Secure Access adds PoP site in Google Cloud Qatar

Mon, 15 Dec 2025 00:00:00 GMT

December 15, 2025—Zero Trust Secure Access Internet Access now supports the Google Cloud Qatar region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Tailored local threat intelligence with unified sandbox and artifact collection

Mon, 15 Dec 2025 00:00:00 GMT

December 15, 2025—TrendAI Vision One™ introduces a major enhancement that unifies dynamic sandbox analysis with static artifact collection, creating a tailored local threat intelligence source for your organization. This update delivers:

Centralized visibility by merging dynamic and static analysis results in one view
Fusion of sandbox (dynamic) and artifact (static) intelligence for deeper threat context
Seamless integration with the Workbench for streamlined investigation and hunting
Customizable intelligence, allowing organizations to promote relevant artifacts and analysis results for local use
Enhanced investigation and hunting capabilities, empowering security teams to respond faster and more effectively

For more information, see Sandbox Analysis.

Threat Intelligence → Sandbox Analysis

Virtual Network Sensor version 1.0.1584

Tue, 16 Dec 2025 00:00:00 GMT

December 16, 2025—Virtual Network Sensor version 1.0.1584 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Change the default password for default user "admin".
Split the metadata token used for deploying Virtual Network Sensor on Google Cloud into two parts.
Support monitoring traffic transmitted using DNS over TCP/UDP and sending the payload size in telemetry.

Hotfix for Windows agents - Dec 24, 2025

Wed, 24 Dec 2025 00:00:00 GMT

December 24, 2025—TrendAI Vision One™ Endpoint Security agent version 202512 hotfix addresses the following component and module updates.

This update includes the following changes:

Server & Workload Protection version 20.0.2-29810

Bug fixes and resolved issues

Resolved issue: Application Control failed to retain the inventory when a ruleset update was applied

For more information, see the Success Portal Knowledge Base.

Hotfix for Linux agents - Dec 24, 2025

Wed, 24 Dec 2025 00:00:00 GMT

December 24, 2025—TrendAI Vision One™ Endpoint Security agent version 202512 hotfix addresses the following component and module updates.

This update includes the following changes:

Server & Workload Protection version 20.0.2-29810

Bug fixes and resolved issues

Resolved issue: Application Control failed to retain the inventory when a ruleset update was applied

For more information, see the Success Portal Knowledge Base.

Changes to the TrendAI Vision One credits model

Mon, 05 Jan 2026 00:00:00 GMT

January 5, 2026—Platform Usage and Credits, formerly called Credits & Billing, is now available in TrendAI Vision One™. Platform Usage and Credits offers centralized visibility into your credits, pay-as-you-go, and trial usage, allowing you to monitor your usage across all solutions with improved efficiency and transparency. The existing credit allocation model has changed to a monthly credit drawdown model, improving your understanding of how you are utilizing your credit balance across the TrendAI Vision One™ platform.

Key updates include:

The TrendAI™ Flex (credits) license (formerly called the TrendAI Vision One™ Credits license): The TrendAI™ Flex (credits) license is now the only license type available for purchase. All your existing TrendAI Vision One™ licenses automatically convert to credits, enabling you to access all paid solutions across TrendAI Vision One™.
Improved credit visibility: View your total credit balance in Platform Usage and Credits, as well as any credits expiring soon. Your credit balance equates to the number of credits purchased in your TrendAI™ Flex (credits) license, multiplied by the number of years in the contract period.
Monthly credit drawdown: Each month, TrendAI Vision One™ deducts credits from your credit balance based on your usage of paid solutions, packages, and features in the previous month. Different solutions calculate your credit usage based on either your peak usage on any day of the month, or your accumulated usage over the course of the month.
Trial usage insights: Many TrendAI Vision One™ solutions offer a free trial. Platform Usage and Credits provides insight into your usage during the trial period, along with the estimated number of credits required to continue your usage after the trial ends.

For more information, see Platform Usage and Credits.

TrendAI™ Flex Licensing → Platform Usage and Credits

Unified Threat Intelligence package

Mon, 05 Jan 2026 00:00:00 GMT

January 5, 2026—TrendAI Vision One™ introduces a Threat Intelligence package that combines Threat Insights and Threat Intelligence Feed into a single, streamlined offering. This package provides unlimited user access and features a simplified pricing model per organization for easier budgeting.

Seamless access to both Threat Insights and Threat Intelligence Feed in one package
Unlimited user access, so team members can leverage advanced threat data without per-user charges
New pricing model: 6,666.67 credits per organization monthly for full access to both capabilities
Customers using SKUs benefit from unified access and simplified management

Threat Intelligence → Threat Intelligence Hub

TXOne connectors removed from Product Instance

Tue, 06 Jan 2026 00:00:00 GMT

January 6, 2026—Product Instance no longer supports the TXOne StellarOne and TXOne EdgeOne connectors. Instead, you can leverage Third-Party Log Collection to ingest and retain log data from your organization's third-party data sources.

This change is part of the transition from XDR for OT (Device and Network) to TrendAI Vision One™ Agentic SIEM, which began on January 1, 2026. Going forward, TrendAI Vision One™ bills your Agentic SIEM usage, including third-party log data ingestion and retention, based on the new credits model. You must migrate your log collection from Product Instance to Third-Party Log Collection by March 31, 2026.

To get started, go to Service Management → Product Instance and take the following steps for each unsupported connector:

Go to Agentic SIEM and XDR → Data Source and Log Management and create or select a third-party log repository.
Add the TXOne OT collector to the repository.
Configure your OT environment to forward log data to the newly added collector.
Go back to Product Instance and remove the TXOne StellarOne or TXOne EdgeOne connector.

For more information, see Third-Party Log Collection.

Service Management → Product Instance

Agentic SIEM and XDR → Data Source and Log Management

Cloud Detections for AWS VPC Flow Logs version 1.565.12081656

Tue, 06 Jan 2026 00:00:00 GMT

January 6, 2026—The Cloud Detections for AWS VPC Flow Logs version 1.565.12081656 release introduces support for the new XDR for Cloud solution trial.

Cloud platform: AWS
Release date: January 6, 2026
Deployment method: AWS CloudFormation
New features:
- Adds support for the new XDR for Cloud solution trial.

Cloud Security → Cloud Accounts → AWS

Cloud Risk Management reports now support Japanese language output

Thu, 08 Jan 2026 00:00:00 GMT

January 8, 2026—Cloud Risk Management Reports now support generating reports in Japanese for daily reports, configured reports, and on-demand reports in PDF, CSV, and XLSX formats.

For more information on configuring reports and the language setting, see:

Cloud Security → Cloud Risk Management → Misconfiguration and Compliance

Zero Trust Secure Access On-premises Gateway Version 1.0.77

Mon, 12 Jan 2026 00:00:00 GMT

January 12, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.77 contains enhancements and resolved issues.

Enhancements

Added support for a new entry used by Microsoft Copilot for Bing in AI Secure Access.
Enhanced activity and detection logs with the associated LLM model information for AI Secure Access.

Resolved issues

Fixed a core dump issue caused by DLP scanning.
Fixed issues due to a public AI services protocol change.

Zero Trust Secure Access Private Access Connector Version 2.38.0.1323

Mon, 12 Jan 2026 00:00:00 GMT

January 12, 2026—Zero Trust Secure Access Private Access Connector Version 2.38.0.1323 delivers new features and resolved issues.

New features

Extends support for re-authentication duration to a maximum of 30 days

Resolved issues

Fixed incorrect DNS mappings between IP addresses and domain names
Improved handling of network disconnections and re-connections

Automated tagging for the Cyber Risk Exposure Management exception list

Mon, 12 Jan 2026 00:00:00 GMT

January 12, 2026—TrendAI Vision One™ now supports leveraging automated tagging rules to add assets to the Cyber Risk Exposure Management exception list, eliminating the need to manually add each asset. This enhancement streamlines exception management by allowing you to simultaneously add multiple assets to the exception list based on predefined conditions, improving your operational efficiency.

This enhancement focuses on device-type assets. You can add conditions to tagging rules using asset attributes such as organizational unit, work location, and user principal name. Once a tagging rule assigns the CREM exception list tag value to assets that meet the conditions, Cyber Risk Exposure Management excludes those assets from cyber risk assessments and risk event analysis, and the assets do not count towards your Cyber Risk Exposure Management credit usage.

For more information, see Automated tagging or Attack Surface Discovery.

Service Management → Tag Management

Container Protection for Amazon ECS version 2.0.0

Mon, 12 Jan 2026 00:00:00 GMT

January 12, 2026—Container Protection for Amazon ECS version 2.0.0 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Enhancements
- Automatically patch ECS Fargate tasks and services with the latest runtime sensor version instead of using a manual process. Changes to your task role permissions are required.

New Private Access Notification Controls

Mon, 12 Jan 2026 00:00:00 GMT

January 12, 2026—Administrators can now selectively enable or disable specific notification categories directly from the management console.

Zero Trust Secure Access → Secure Access Configuration → Customization Settings → Secure Access Module Notifications

Endpoint Security Policies now supports excluding hash values from Anti-Malware scans

Mon, 12 Jan 2026 00:00:00 GMT

January 12, 2025—You can now exclude file hash values from Anti-Malware scans using Endpoint Security Policies.

To exclude hash values, create a hash list in Policy Resources, then add the list to the Anti-Malware scan exclusions in your Endpoint Security Policies. Currently, only SHA-1 values are supported for this release. Support for additional hash types is coming soon.

For information on creating a hash list, see Hash Lists.

For information on the Anti-Malware policy settings, see Anti-Malware.

Endpoint Security → Endpoint Security Configuration → Policy Resources

Alert auto-correlation disabled for closed cases related to Workbench insights

Tue, 13 Jan 2026 00:00:00 GMT

January 13, 2026—To enhance workflow efficiency for security analysts, auto-correlation with new Workbench alerts is disabled once a case related to a Workbench insight is closed. This ensures that completed investigations remain undisturbed, avoiding confusion and the need for reinvestigation.

For more information, see Alerts correlated in Workbench insights.

Agentic SIEM and XDR → Workbench

Workflow and Automation → Case Management

Service Gateway: Forward Proxy Service Version 2.0.9

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—Service Gateway Forward Proxy Service Version 2.0.9 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds a command to display the top 5 FQDNs consuming the most network traffic on Forward Proxy Service.
This update prevents exposure of internal information about accessing the Forward Proxy Service root path.

Service Gateway: Smart Protection Services Version 2.0.9

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2025—Service Gateway Smart Protection Services Version 2.0.9 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds a CLISH command to enable and disable weak ciphers.

Service Gateway: Generic Caching Service 1.0.6

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—Service Gateway Generic Caching Service 1.0.6 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update applies some vulnerability fixes.

Service Gateway Firmware Version 3.0.26

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—Service Gateway Firmware Version 3.0.26 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update supports MicroK8s certificate refresh during the NTP refresh process.
This update introduces a CLISH command for collecting pcap files.
This update fixes network connection instability when managing large numbers of endpoints caused by insufficient ARP cache limits.
This update applies some vulnerability fixes.

Service Gateway Firmware Version 3.0.25

Wed, 14 Jan 2026 00:00:00 GMT

December 3, 2025—Service Gateway Firmware Version 3.0.25 includes enhancements, bug fixes, and security updates for Service Gateway.

Service Gateway Firmware 3.0.25 contains the following changes:

This update adds support for UDP traffic to Service Gateway services.
This update allows disabling legacy TLS versions for Smart Protection Services through CLISH.
This update allows Service Gateway services to access the Snaps API (api.snapcraft.io) for Linux package management.
This update fixes a Service Gateway log upload issue.

Service Gateway: Local ActiveUpdate Service Version 3.0.16

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—Service Gateway Local ActiveUpdate Service Version 3.0.16 includes enhancements, bug fixes, and security updates。

This update includes the following changes:

This update fixes an issue where log files were occupied and could not be rotated successfully.

Helm Chart 3.3.2

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—The Helm Chart 3.3.2 release includes the following:

Features
- Support for RBAC audit log collections for Gardener clusters.
Enhancements
- Provides an option to specify a ConfigMap for rule-loader to load custom rules.
No longer supported
- Removed legacy Splunk support feature from the Scout component.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.2.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.2

Support for audit logs for Gardener clusters

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—You can now collect Kubernetes API server audit logs for Gardner clusters for RBAC and activity monitoring in Container Security.

For more information, see Enable audit log collection for Gardener clusters.

Cloud Security → Container Security

Quarantine message response action available for Gmail in Response Management

Wed, 14 Jan 2026 00:00:00 GMT

January 14, 2026—You can now use the Quarantine Message response action for Gmail to isolate suspicious or harmful emails during investigations. Previously, this action was only available for Exchange Online. Organizations using Cloud App Security or Cloud Email and Collaboration Protection can now take the same quarantine action on Gmail messages, enabling consistent and effective containment across their email environments. For details, see Quarantine Message task.

Workflow and Automation → Response Management

Endpoint Security Policies now supports selecting multiple exclusion lists

Mon, 19 Jan 2026 00:00:00 GMT

January 19, 2026—You can now select multiple lists for Anti-Malware scan exclusions and Trusted Programs.

You can select up to 10 of each type of list configured in policy resources for Anti-Malware exclusions, including directory lists, file lists, file extension lists, and hash lists. Additionally, you can select up to two program lists for Trusted Programs in Exclusions.

For more information, see the following Endpoint Security Policy topics:

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

IPv6 support for outbound email traffic in Cloud Email Gateway Protection

Tue, 20 Jan 2026 00:00:00 GMT

January 20, 2026—Cloud Email Gateway Protection now supports IPv6 for outbound email traffic, expanding compatibility with modern email platforms such as Microsoft 365 and Gmail. This enhancement applies exclusively to the outbound direction and includes both outbound email delivery over IPv6 and IPv6-based email reception from user-defined mail servers. Administrators can configure IPv6 addresses for user-defined mail servers, and outbound policy rules using Deliver Now can route messages to IPv6 destinations. This update improves interoperability in IPv6-enabled environments and helps ensure reliable outbound mail flow.

Email and Collaboration Security → Cloud Email Gateway Protection

Workbench insights now displayed by severity and score

Tue, 20 Jan 2026 00:00:00 GMT

January 20, 2026—Workbench insights now support severity mapping to streamline security operations by priority. Severity color indicates the level of urgency and potential impact of an insight, while score numbers represent overall priority. Focus on and promptly address insights with higher scores to ensure efficient security management.

For more information, see Workbench insights.

Agentic SIEM and XDR → Workbench

Agentic AI-powered threat detection in Cloud Email Gateway Protection

Tue, 20 Jan 2026 00:00:00 GMT

January 20, 2026—Cloud Email Gateway Protection introduces Agentic AI to power threat detection for phishing and spam in Correlated Intelligence for Exchange Online. This enhancement brings advanced AI-driven analysis to improve detection accuracy and reduce manual effort for security teams.

This feature is in private preview. If you want to access this feature before it enters public preview or is officially released, contact your sales representative.

Email and Collaboration Security → Cloud Email Gateway Protection

Helm Chart 3.3.3

Thu, 22 Jan 2026 00:00:00 GMT

January 22, 2026—The Helm Chart 3.3.3 release includes the following:

Features
- In-clusters components now support user-managed custom rulesets configured in TrendAI Vision One™.
Enhancements
- This release enhances the stability and patch vulnerability of in-cluster components.
- Because custom rulesets are now supported by in-cluster components, the runtimeSecurity.customRules.enable flag is no longer needed in the override file. You can now create a ConfigMap to import custom rules for in-cluster components. See Import custom rules with cluster-managed configuration for more information.
Bug fixes
- This release fixes the admission controller blocking the isolation action issue.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.3.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.3

Gain granular visibility into your network traffic patterns

Mon, 26 Jan 2026 00:00:00 GMT

The new "Protocol traffic analysis" tab allows you to filter traffic by protocol groups or specific protocols. You can now identify top IP addresses by traffic volume and seamlessly drill down into connection details within the XDR Data Explorer for deeper investigation.

For details, see Network Overview.

Network Security → Network Overview

Add and manage domains and IP addresses used for internet-facing asset discovery in Seed Management

Mon, 26 Jan 2026 00:00:00 GMT

January 26, 2026—Seed Management in now available for internet-facing assets in Attack Surface Discovery. The new Seed Management feature provides a centralized location to add, view, and manage the public-facing root domains, hosts, and IP addresses used to discover your organization's internet-facing assets. The benefits of Seed Management include:

Greater visibility into the assets used as discovery seeds to map your organization's external attack surface
Better control over tracked and assessed public-facing assets
Enhanced ability to remove discovery seeds without affecting unrelated assets
Simplified management of internet-facing asset discovery

Click Seed Management to add, view, and manage your organization's public-facing root domains, hosts, and IP addresses. Assets used as discovery seeds are identified by the seed icon () in Attack Surface Discovery → Internet-facing assets. Discovery of additional assets based on newly added seeds may take up to seven days. When you remove a seed asset, new assets related to the seed are no longer discovered. To learn more, see Seed Management.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

New features and frameworks available in Compliance Management

Mon, 26 Jan 2026 00:00:00 GMT

January 26, 2026—Compliance Management now offers the following updated features:

New compliance report templates: NIST AI RMF 1.0, Digital Operation Resilience Act - Chapters II, III, IV, and VI, and NIS2: Commission Implementing Regulation (EU) 2024/2690.
Exception list support: Endpoints added to the Attack Surface Discovery exception list are excluded from compliance analysis, ensuring more accurate and intentional compliance reporting.
OSCAL import and export for custom frameworks: Import custom compliance frameworks using OSCAL-formatted YAML files, eliminating the need to build frameworks from scratch. Frameworks can also be exported and imported across different TrendAI Vision One™ instances, facilitating reuse of standardized frameworks across environments.

Cyber Risk Exposure Management → Cyber Governance & Risk Compliance → Compliance Management

Manage the risk of your SentinelOne endpoints

Mon, 26 Jan 2026 00:00:00 GMT

January 26, 2026—Cyber Risk Exposure Management now supports visibility, unified risk insights, and streamlined response workflows for your endpoints managed by SentinelOne Singularity. This new integration with TrendAI Vision One™ expands support for leading EPP/EDR platforms, providing the same core Cyber Risk Exposure Management experience for endpoints managed by third-party solutions.

The integration introduces continuous asset discovery for devices managed by SentinelOne Singularity, enabling Cyber Risk Exposure Management to:

Detect and ingest endpoint inventory and security configuration events captured by SentinelOne
Identify previously unmanaged or unknown assets, enriching Cyber Risk Exposure Management's unified asset catalog
Consolidate visibility across Windows, macOS, and Linux environments using SentinelOne’s multi‑OS telemetry

This deeper visibility ensures that Attack Surface Discovery accurately reflects your complete endpoint landscape.

SentinelOne endpoint telemetry—including vulnerability exposure data, misconfigurations, and endpoint security events—can now contribute to your Cyber Risk Index. This allows Cyber Risk Exposure Management to:

Enrich cyber risk scoring using real‑time endpoint context
Prioritize remediation based on business impact, not just CVSS scoring
Highlight the riskiest SentinelOne Singularity‑managed assets across your environment

This turns raw endpoint data into actionable, prioritized exposure insights, which are summarized in Cyber Risk Overview and highlighted as risk events in Threat and Exposure Management. Connect your SentinelOne Singularity account in Third-Party Integrations.

Cyber Risk Exposure Management → Threat and Exposure Management

Local response detection filters available for Windows endpoints

Thu, 29 Jan 2026 00:00:00 GMT

January 29, 2026—Detection filters can now be deployed on Windows endpoints as local response filters. A process can be terminated locally when a local response filter is matched, shortening MTTD and improving overall usability. To add local response filters, go to Agentic SIEM and XDR → Observed Attack Techniques and expand any associated entity. Right-click a detection filter name and select Add filter to local response.

You can view and configure local response filters connected to existing endpoint policies in Endpoint Security Configuration → Endpoint Security Policies → Policies. Click a policy name and then XDR for Endpoints (EDR) to view a list of local response filters related to the selected endpoint policy.

This feature is in private preview. If you want to access this feature before the feature enters public preview or is officially released, contact your sales representative.

For more information, see Local response filters.

Agentic SIEM and XDR → Observed Attack Techniques

Agentic SIEM and XDR → Detection Model Management

Create custom widgets from XDR Data Explorer

Thu, 29 Jan 2026 00:00:00 GMT

January 29, 2026—You can now create custom widgets directly from your XDR Data Explorer search results. This allows you to turn search queries into an actionable visualizations to help identify trends, compare patterns, and monitor key indicators without leaving the investigation workflow. By converting search results into widgets, you can build dashboards tailored to your reporting, threat hunting, and operational needs.

After running a query in XDR Data Explorer, click the Custom Widget icon () to open the Custom Widget Builder. Configure your data settings including aggregation functions (Count, Sum, Average, Min, Max, Distinct Count), grouping methods (by field, time binning, or both), and result display options. Available chart types include bar charts, pie charts, line charts, time series charts, and tables, depending on your grouping method.

For more information, see Create a Custom Widget.

Dashboards and Reports → Dashboards

Cloud Risk Management Releases GET Accounts Public API V3.0

Sat, 31 Jan 2026 00:00:00 GMT

January 31, 2026—Cloud Risk Management releases GET Accounts V3.0 Public API for enhanced risk management capabilities, streamlined compliance processes, improved data security, and more efficient operational oversight.. See the Automation Center for more information.

Cyber Risk Exposure Management → Cloud Risk Management → Public API

Cloud Risk Management Releases GET Accounts Public API V3.0

Sat, 31 Jan 2026 00:00:00 GMT

Cyber Risk Exposure Management → Cloud Risk Management → Public API

Container Protection for Amazon ECS version 2.0.1

Sun, 01 Feb 2026 00:00:00 GMT

February 1, 2026—Container Protection for Amazon ECS version 2.0.1 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Enhancements
- Released terraform template to install Container Security for ECS v2.

Deployment script updates for February 2026

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—The TrendAI Vision One™ Endpoint Security agent installer deployment script has received the following updates and fixes:

Enhancements
- Updated "Sensor Only" deployment script streamlines deployment process by removing the check for the XES status; improving reliability and ensures installation completes without unnecessary interruptions.
- Updated Server & Workload Protection deployment script removes redundant activation steps when choosing a custom download source location.

For more information about using the deployment script, see Deploy agents using the deployment script.

Zero Trust Secure Access On-premises Gateway Version 1.0.78

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.78 contains new features.

New Features

Supports tenancy restriction for ChatGPT in both Internet Access rules and AI Secure Access rules.
Supports access control for traffic to MCP servers in AI Secure Access rules

TrendAI Flex licensing now available

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—The TrendAI Vision One™ Credits license is now called the TrendAI™ Flex (credits) license, reflecting the new TrendAI™ Flex model—a clearer and more flexible way to manage your license entitlements. This update continues the transition that began in January 2026, when all new orders and renewals adopted the credits‑based model. All previously purchased solutions and packages remain fully available, and there is no change to your entitlements.

TrendAI™ Flex provides improved visibility into your total credit balance, how you are using credits, and how TrendAI Vision One™ draws down credits from your balance each month. To make this information more easily accessible, Licensing Information and Platform Usage and Credits have moved from Administration to the new TrendAI™ Flex Licensing section of the navigation bar.

For more information, see Credits and What is TrendAI™ Flex?

TrendAI™ Flex Licensing → Platform Usage and Credits

AWS Cloud Account template version v1.0.2089

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—The AWS Cloud Account template version v1.0.2089 enhances security by restricting IAM role permissions used for stack lifecycle management. This template supports both single and organization AWS deployments.

Cloud platform: AWS
Release date: February 2, 2026
Deployment method: CloudFormation
Enhancement:
- Restricts the IAM role permissions used for CAM stack lifecycle management.

Cloud Security → Cloud Accounts

Microsoft Defender for Endpoint Log Collection version 1.0.65

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—Microsoft Defender for Endpoint Log Collection version 1.0.65 improves data processing reliability and reduces storage and Log Analytics costs.

Cloud platform: Azure
Release date: February 2, 2026
Deployment method: Terraform
Enhancements and bug fixes:
- Fixed an issue where TrendAI Vision One™ could not process large MDE log data.
- Fixed a processing error encountered when handling large-scale TVM device data.
- Reduced storage overhead by identifying and cleaning up stale data within the storage table.
- Enhanced log filtering to suppress noise, effectively lowering Log Analytics consumption costs.

Cloud Security → Cloud Accounts

Container Protection for Amazon ECS version 2.0.2

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—Container Protection for Amazon ECS version 2.0.2 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Enhancements
- Fixed stack creation and deletion timeout issue introduced in release 2.0.1
- Fixed image scanning for ECS when digest is missing.
- Fixed health info status calculation for ECS v2.

Enhanced ServiceNow ticket mapping for streamlined synchronization

Mon, 02 Feb 2026 00:00:00 GMT

February 2, 2026—You can now define precise column mappings between TrendAI Vision One™ cases and ServiceNow tickets. This enhancement ensures robust bidirectional synchronization, allowing actions executed in ServiceNow to be accurately reflected within TrendAI Vision One™ Case Management. By delivering granular mapping of case and ticket fields and their corresponding values, this update optimizes workflow consistency and strengthens operational efficiency for security and IT operations teams.

Workflow and Automation → Third-Party Integration

Blocking of untrusted Windows applications enters public preview

Tue, 03 Feb 2026 00:00:00 GMT

February 3, 2026—Cyber Risk Exposure Management now allows you to designate local applications as trusted or untrusted and enable auto-blocking of unwanted applications found on Windows endpoints in your environment.

In the local apps section of Attack Surface Discovery, set app status to trusted or untrusted based on your evaluation of their risk and the context provided by Cyber Risk Exposure Management. Setting an app to untrusted increases the risk score of assets on which the application is installed.

In addition, you can enable auto-blocking of all untrusted Windows applications that have executable files associated with the applications. After enabling the feature, the hashes of all executables associated with untrusted applications are forwarded to Suspicious Object Management. Suspicious Object Management blocks execution of the executable files on all Windows endpoints.

To enable auto-blocking, you must opt in to the auto-blocking public preview via Platform Directory or directly within Local Apps. You must also enable Advanced Risk Telemetry in Endpoint Security Policies.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Zero Trust Secure Access Private Access Connector version 2.38.0.1388

Thu, 05 Feb 2026 00:00:00 GMT

February 05, 2026—Zero Trust Secure Access Private Access Connector Version 2.38.0.1388 delivers new features, enhancements and resolved issues

New features

Supports fail-safe mode, ensuring continued operation and connectivity even when communication with the controller is temporarily unavailable
Extended maximum re-authentication duration to 30 days

Enhancements

Upgraded to a new version of FreeRDP, providing improved stability and compatibility for remote desktop connections
Added retry logic for public key retrieval during client authentication to improve reliability in networks with intermittent connectivity
Improved reliability of IoT device heartbeat monitoring to ensure consistent device status reporting

Resolved issues

Resolved issues with DNS mapping that could cause incorrect name resolution for certain configurations
Fixed an issue that could cause inaccurate speed test results in certain environments
Fixed an issue where container updates could time out with Error 108 under certain conditions
Resolved upgrade script issues that could affect connector upgrades

Zero Trust Secure Access module for Windows server version 2.31.1017

Mon, 09 Feb 2026 00:00:00 GMT

February 9, 2026—The latest version of the Zero Trust Secure Access Module for Windows has been released. It contains new features and resolved issues.

New Features

Added a "Do not show this message again" checkbox to the sign-in pop up.

Resolved issues

Fixed an issue where a proxy defined in the PAC file was incorrectly marked as down when HTTP read error occurred.
Fixed an issue where the sign-in pop-up appeared unexpectedly due to an exception encountered while reading the configuration.

Virtual Network Sensor version 1.0.1605

Mon, 09 Feb 2026 00:00:00 GMT

February 9, 2026—Virtual Network Sensor version 1.0.1605 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Visibility of TLS version in network telemetry.
System event logs sent to TrendAI Vision One™.

Network attack surface visibility

Mon, 09 Feb 2026 00:00:00 GMT

February 9, 2026—TrendAI Vision One™ now shows all devices on your network that are discovered by network sensors along with their associated risk levels. You can view categorized device types and see asset risk scores based on vulnerabilities and exposure. A graphical representation of the devices within your network structure is also available, helping you quickly identify high‑risk devices that require attention. This feature provides clearer visibility into your network's attack surface and helps you prioritize remediation.

For details, see Discovered devices and Network Risk Graph.

Network Security → Network Overview

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Newly detected cloud apps set automatically set to not configured in Attack Aurface Discovery

Mon, 09 Feb 2026 00:00:00 GMT

February 9, 2026—All newly detected cloud apps in Attack Surface Discovery are now set to Not configured by default. An app with a Not configured status is considered trusted in your environment. To change the status of the app to Trusted to allow the app in your environment or Untrusted to block the app in your environment, select the app or go to the app profile and manually change the status.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Agentless Vulnerability & Threat Detection version 1.590.02090022

Tue, 10 Feb 2026 00:00:00 GMT

February 10, 2026—The Agentless Vulnerability & Threat Detection version 1.590.02090022 adds scan schedule configuration for AWS accounts, enabling you to configure the scan frequency and start time, and toggle scanning on or off without requiring stack redeployment. This release also introduces EC2-based scanning for EBS volumes to improve scanning performance and reliability.

Cloud platform: AWS
Release date: February 10, 2026
Deployment method: CloudFormation
New feature:
- Configure the scan frequency and start time for Agentless Vulnerability & Threat Detection in your AWS account. You can also enable or disable scanning without redeploying the CloudFormation stack. For more information, see Get started with Agentless Vulnerability & Threat Detection in AWS.
Enhancement:
- Introduces EC2-based scanning for EBS volumes to improve scanning performance and reliability. New IAM policies enable TrendAI Vision One™ to launch temporary EC2 scanner instances, attach EBS volumes for scanning, and manage the scanner lifecycle within your AWS account.

Cloud Security → Cloud Accounts → AWS

Updates to Cloud Risk Management risk levels rolled back

Fri, 13 Feb 2026 00:00:00 GMT

February 13, 2026—Previously unannounced updates to the risk level classification for some rules resulted in some unexpected changes to risk levels. Risk levels have already been restored to the previous classification. No customer action is required at this time.

For more information, see Introduction to Cloud Risk Management rules.

Cloud Security → Cloud Risk Management → Misconfiguration and Compliance

Update to TrendAI Artifact Scanner (TMAS) FQDNs

Tue, 17 Feb 2026 00:00:00 GMT

February 17, 2026—TrendAI™ Artifact Scanner (TMAS) updated the Fully Qualified Domain Names (FQDNs) associated with TrendAI Vision One™ Container Security and Code Security solutions. Update your firewall settings to allow new exceptions. See Firewall exception requirements for TrendAI Vision One™ for more information.

Cloud Security → Container Security

Cloud Security → Code Security

AI Security → AI Scanner

Intrusion Prevention Configuration enhancements

Thu, 19 Feb 2026 00:00:00 GMT

February 19, 2026—Improvements to the Intrusion Prevention Configuration settings page include enhancements to policy recommendations and security monitoring for TippingPoint devices in TrendAI Vision One™.

You can now streamline virtual patching by enabling filtering across DV status types, performance impacts, and filter types while still preserving existing settings. These enhancements also include the ability to export filtered recommendations, which allows teams to share and use virtual patching in existing processes and ticketing systems, improving collaboration and traceability.

For more information, see Intrusion Prevention Configuration.

Network Security → Intrusion Prevention Configuration

Cloud Detections for AWS CloudTrail version 1.49.0

Mon, 23 Feb 2026 00:00:00 GMT

February 23, 2026—The Cloud Detections for AWS CloudTrail version 1.49.0 release introduces support for Permissions Boundary for AWS CloudTrail and AWS CloudTrail with Control Tower, and includes vulnerability fixes and improvements.

Cloud platform: AWS
Release date: February 23, 2026
Deployment method: AWS CloudFormation
New features:
- Adds support for Permissions Boundary for AWS CloudTrail and AWS CloudTrail with Control Tower.
Enhancements and bug fixes:
- Vulnerabilities fixes and improvements.

Cloud Security → Cloud Accounts → AWS

File Security Storage for AWS CloudFormation Template Version 4.0.0

Mon, 23 Feb 2026 00:00:00 GMT

February 23, 2026—The AWS File Security Storage CloudFormation template version 4.0 contains new features and minor bug fixes and improvements.

New features

Supports File Security Storage in private VPCs
Supports Permission Boundary for File Security Storage

Resolved issues

Minor bug fixes and improvements

TrendAI Vision One™ Cloud Risk Management now supports creating custom rules using API

Mon, 23 Feb 2026 00:00:00 GMT

February 23, 2026—Cloud Risk Management now supports Custom Rules, enabling you to define your own compliance rules tailored to your organization's specific requirements. Custom Rules can be created and managed via public API for any supported cloud resource type, giving you the flexibility to enforce policies beyond the built-in rule set. To learn more Custom Rules API Reference and Custom rules quick reference guide.

Cyber Risk Exposure Management → Cloud Risk Management → Custom Rules

Agentless Vulnerability & Threat Detection version 1.170.13800d3

Thu, 26 Feb 2026 00:00:00 GMT

February 26, 2026—The Agentless Vulnerability & Threat Detection version 1.170.13800d3 migrates Azure Key Vault access policies to the Azure role-based access control (RBAC) model to ensure compatibility with the latest Azure Key Vault API.

Cloud platform: Azure
Release date: February 26, 2026
Deployment method: Terraform
Enhancement:
- Migrated Azure AVTD Key Vault access policies to Azure role-based access control (RBAC) model to ensure compatibility with the latest Azure Key Vault API.

Cloud Security → Cloud Accounts → Azure

Log Inspection configuration for Endpoint Security Policies in private preview

Thu, 26 Feb 2026 00:00:00 GMT

February 26, 2026—Log Inspection settings in Endpoint Security Policies are available for private pre-release preview.

Log Inspection settings apply to TrendAI Vision One™ Endpoint Security agents with Server & Workload Protection features on Windows and Linux endpoints. Log Inspection is a TrendAI Vision One™ Endpoint Security Pro feature which might require additional credits to enable. Managing the feature with Endpoint Security Policies is a pre-release feature.

If you want access to Log Inspection before it enters public preview or is officially released, contact your sales representative.

For more information, see Log Inspection.

Path to app in console

Integrity Monitoring configuration for Endpoint Security Policies in private preview

Thu, 26 Feb 2026 00:00:00 GMT

February 26, 2026—Integrity Monitoring settings in Endpoint Security Policies are available for private pre-release preview.

Integrity Monitoring settings apply to TrendAI Vision One™ Endpoint Security agents with Server & Workload Protection features on Windows and Linux endpoints. Integrity Monitoring is a TrendAI Vision One™ Endpoint Security Pro feature which might require additional credits to enable. Managing the feature with Endpoint Security Policies is a pre-release feature.

If you want access to Integrity Monitoring before it enters public preview or is officially released, contact your sales representative.

For more information, see Integrity Monitoring.

Path to app in console

Zero Trust Secure Access module for macOS version 2.28.422

Mon, 02 Mar 2026 00:00:00 GMT

March 2, 2026—The latest version of the Zero Trust Secure Access Module for macOS has been released. It contains new features.

New Features

Displays a reminder notification when an auto-update is triggered.
Updated product branding from "Trend Vision One™ " to " TrendAI Vision One™".

Zero Trust Secure Access module for Windows server version 2.32.1036

Mon, 02 Mar 2026 00:00:00 GMT

March 2, 2026—The latest version of the Zero Trust Secure Access Module for Windows has been released. It contains new features and enhancements.

Note

This version has been replaced by version 2.32.1049.

New Features

Displays a reminder notification when an auto-update is triggered.
Updated product branding from "Trend Vision One™ " to " TrendAI Vision One™".

Enhancements

Removed the netsh.exe dependency checking when connecting Private Access.

Virtual Network Sensor version 1.0.1625

Mon, 02 Mar 2026 00:00:00 GMT

March 2, 2026—Virtual Network Sensor version 1.0.1625 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Virtual Network Sensor rebranded from Trend Vision One to TrendAI Vision One™.
Virtual Network Sensor now supports new CLI commands for enabling and disabling the Geneve protocol.

Zero Trust Secure Access On-premises Gateway Version 1.0.79

Mon, 02 Mar 2026 00:00:00 GMT

March 2, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.79 contains new features.

New Features

Supports sensitive data upload detection for public AI service (Perplexity, DeepSeek, Claude, Amazon BedRock, GitHub Copilot)

Enhancements

Updated relevant notification pages for Trend AI re branding
Fixed the potential issue of HTTPS traffic being stuck in tunnel mode

Mobile Security for Business app version 2.0.1570

Mon, 02 Mar 2026 00:00:00 GMT

March 2, 2026—Mobile Security for Business app version 2.0.1570 includes enhancements and updates.

This update includes the following changes:

Rebrands Trend Micro to TrendAI™, including updated logo and product name throughout the app interface.

Mobile Security for Business app version 2.0.1173

Mon, 02 Mar 2026 00:00:00 GMT

March 2, 2026—Mobile Security for Business app version 2.0.1173 includes enhancements and updates.

This update includes the following changes:

Rebrands Trend Micro to TrendAI™, including updated logo and product name throughout the app interface.

TrendAI Vision One Cloud Risk Management now supports Oracle Cloud Infrastructure Well-Architected Framework

Mon, 02 Mar 2026 00:00:00 GMT

March 02, 2026—Cloud Risk Management has released support for the Oracle Cloud Infrastructure Well-Architected Framework (updated 2025) compliance standard. You can now sort OCI checks and generate reports based on this best practices framework in Cloud Risk Management.

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Agent Interface now includes Identity Security Sensor status

Wed, 04 Mar 2026 00:00:00 GMT

March 4, 2026—You can now view the Identity Security Sensor status for your endpoints from the TrendAI Vision One™ Endpoint Security Agent Interface Security capability status menu.

Endpoint Security → Agent Interface

Mobile Security for Business app version 2.0.1579

Mon, 09 Mar 2026 00:00:00 GMT

March 9, 2026—Mobile Security for Business app Android version 2.0.1579 includes bug fixes and enhancements.

This update includes the following changes:

Add timeout to stop if the enrollment step keep loading
Fix the bug that old user turn on whole device protection in multi-profile MDD

Endpoint Alerts now officially released

Mon, 09 Mar 2026 00:00:00 GMT

March 9, 2026—Endpoint Alerts is now officially released, providing a centralized location to view and manage security and system alerts your endpoint agents generate.

Endpoint Alerts provides two key features: configurable alerts in Notifications, and a centralized list view in Endpoint Security. In Notifications, you can configure alert watchlists for both security and system events, ensuring the most important and critical notifications are sent immediately to your team. With Endpoint Alerts, you can view each alert on your watchlists in detail including severity and affected endpoints.

For more information, see Endpoint Alerts.

Endpoint Security → Endpoint Alerts

Add internet-facing assets to the exception list to prevent discovery and assessment

Mon, 09 Mar 2026 00:00:00 GMT

March 9, 2026—You can now add non-seed internet-facing domains and IP addresses to the exception list in Attack Surface Discovery. Adding internet-facing assets to the exception list removes the assets from the asset list, excludes them from organization cyber risk assessments including Cyber Risk Index calculation, and prevents rediscovery. Only non-seed domains and IP addresses can be added to the exception list. To manage seed domains and IP addresses, remove them from Seed Management.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery

Zero Trust Secure Access module for Windows server version 2.32.1049

Tue, 10 Mar 2026 00:00:00 GMT

March 10, 2026—The latest version of the Zero Trust Secure Access Module for Windows has been released. It contains resolved issues and replaces Windows version 2.32.1036.

Resolved issues

Resolved an issue where the internet access status frequently toggled between connected, connecting, and disconnected.

Template Scanner now supports additional AWS resources in Terraform

Tue, 10 Mar 2026 00:00:00 GMT

March 10, 2026—The following AWS resources are now supported by Template Scanner in Terraform:

Bedrock Agent
Bedrock Custom Model
Bedrock Guardrail
Bedrock Knowledge Base
Bedrock Model Invocation Logging Configuration
IAM Certificate
IAM Account Password Policy
IAM OpenID Connect Provider
IAM SAML Provider
IAM User
SageMaker Domain
SageMaker Endpoint
SageMaker Endpoint Config
SageMaker Model
SageMaker Notebook Instance

Cyber Risk Exposure Management → Cloud Risk Management → Template Scanner

Service Gateway: Forward Proxy Service Version 2.0.10

Wed, 11 Mar 2026 00:00:00 GMT

March 11, 2026—Service Gateway: Forward Proxy Service Version 2.0.10 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update applies some vulnerability fixes.

Service Gateway: Generic Caching Service 1.0.7

Wed, 11 Mar 2026 00:00:00 GMT

March 11, 2026—Service Gateway: Generic Caching Service 1.0.7 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

This update enhances log rotation with compression and reduced retention period.

Service Gateway Firmware Version 3.0.27

Wed, 11 Mar 2026 00:00:00 GMT

March 11, 2026—Service Gateway Firmware Version 3.0.27 includes enhancements, bug fixes, and security updates for Service Gateway.

This update includes the following changes:

This update adds custom CA certificate support for hosted services.
This update enhances concurrent connection tracking for pods not using the host network.
This update improves iptables multiport rule management to prevent duplicate rules.
This update adds support for uploading large logs to TrendAI Vision One™.
This update adds a feature to avoid service updates when disk space is insufficient.
This update fixes custom port configuration overwriting UDP ports.
This update fixes duplicate iptables multiport rules causing zero traffic count.
This update fixes CA trust store update validation during appliance upgrade.
This update applies some vulnerability fixes.

Container Protection for Amazon ECS version 2.0.3

Wed, 11 Mar 2026 00:00:00 GMT

March 11, 2026—Container Protection for Amazon ECS version 2.0.3 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Enhancements
- Added option to disable automated patching/install for Scout daemon and Fargate sidecar.
- Added option to configure log level.
Big fixes
- Fixed issue where some vulnerability occurrences were missing.
- Reduced error logging for expected retry scenarios.
- Fixed parameters from the CAM template not being applied to ECS protection stack.
- Fixed issue where only a limited number of Fargate services received runtime security sidecar injection.

Helm Chart 3.3.4

Thu, 12 Mar 2026 00:00:00 GMT

March 12, 2026—The Helm Chart 3.3.4 release includes the following:

Enhancements
- Increased auth token rotation interval to reduce offline issues due to maintenance.
- Enhanced scan results with detailed failure reasons for FAIL statuses.
Bug fixes
- Fixed an issue where vulnerability scan jobs didn't follow the concurrent job limit.
- Fixed an issue where malware and secret scan jobs failed when CRI runtime was configured.
- Fixed an issue where the admission controller would block malware and secret scan jobs with some policies.
- Updated GKE workload allowlist to fix compatibility with GKE Autopilot clusters.
- Fixed an issue where scout couldn't connect to the kubernetes metacollector on EKS Fargate.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.4.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.4

Context menu action "Collect Quarantined File" now available

Thu, 12 Mar 2026 00:00:00 GMT

March 12, 2025—The "Collect Quarantined File" action is now available in context menus within Workbench, Observed Attack Techniques, or XDR Data Explorer.

Streamline your incident response with new quarantined file actions available across multiple investigation workflows. When investigating alerts and insights in Workbench, Observed Attack Techniques, or XDR Data Explorer, the system automatically detects quarantined files and displays the "Collect Quarantined File" action in context menus, replacing standard file collection for files quarantined by Standard Endpoint Protection and Server & Workload Protection. You can also restore or delete quarantined files from Endpoint Event Viewer using the Anti-Malware Identified file event view.

For more information about Endpoint Event Viewer, see Endpoint Event Viewer.

Workflow and Automation → Response Management

Endpoint Security → Endpoint Event Viewer

Endpoint Event Viewer now available

Thu, 12 Mar 2026 00:00:00 GMT

March 12, 2026—You can now view endpoint security events and system events in Endpoint Event Viewer.

The Endpoint Event Viewer provides a single location to view security and system events across your endpoints with the TrendAI Vision One™ Endpoint Security agent installed. You can filter each event list by data fields, endpoint groups, and custom tags. Each list supports exporting events to a CSV file.

Additionally, you can view and manage quarantined files and quarantine events in the Anti-Malware list Identified file event view.

For more information, see Endpoint Event Viewer.

Endpoint Security → Endpoint Event Viewer

Centralized quarantine management with Response actions for endpoints now available with Endpoint Event Viewer

Thu, 12 Mar 2026 00:00:00 GMT

March 12, 2026—You can now view, manage, and take Response actions on quarantined files in Endpoint Event Viewer.

The Anti-Malware list Identified file event view provides a centralized location where you can manage files Anti-Malware has quarantined on your endpoints. From the view, you can take three Response actions: Delete, Collect, and Restore quarantined files.

For more information, see Anti-Malware Identified file event view.

Endpoint Security → Endpoint Event Viewer

Duplicate action now available for all Policy Resources

Fri, 13 Mar 2026 00:00:00 GMT

March 13, 2026—You can now use the duplicate action for all rules, lists, and schedules in Policy Resources.

Policy Resources has expanded the duplicate action to include the following resource types:

File Extension Lists
Web Lists
IP Lists
Port Lists
Schedules

With this enhancement, all resource types, except authorization tokens, can be duplicated. For more information, see Policy Resources.

Endpoint Security → Endpoint Security Configuration → Policy Resources

Device vulnerability data support for some Third-Party Integrations connectors

Fri, 13 Mar 2026 00:00:00 GMT

March 13, 2026—You can now select Device Vulnerabilities as a data scope for the following outbound connectors: Google Security Operations SIEM, Splunk HEC Connector, and AWS S3 Bucket Connector. This lets you send device vulnerability data to your SIEM or storage destination.

To learn more, see Data specification for AWS S3 buckets, Google Security Operations SIEM integration, and Splunk HEC connector configuration.

Workflow and Automation → Third-Party Integrations

DKIM Sign Enhancement

Mon, 16 Mar 2026 00:00:00 GMT

March 16, 2026—TrendAI™ Email Security now supports header-sender signing, oversigning, and unlimited body signing within the Outbound DKIM Signing settings. These enhancements allow administrators to apply DKIM signatures to messages based on a specified header-sender domain.

Enhanced search and filtering for User Accounts

Wed, 18 Mar 2026 00:00:00 GMT

March 18, 2026—The User Accounts app now includes a Last sign-in column, a Created date column, and a search bar for finding accounts by email. It also includes new filters for Account type, Role name, and Last sign-in date (30, 60, 90, or 180 days) to help administrators identify and manage inactive accounts.

Administration → User Accounts

TrendAI Vision One Endpoint Security agent now supports Windows 11 IoT Enterprise LTSC 2024

Wed, 18 Mar 2026 00:00:00 GMT

March 18, 2026—The TrendAI Vision One™ Endpoint Security agent now supports deployments to endpoints using Windows 11 IoT Enterprise LTSC 2024.

Support for Windows 11 Enterprise LTSC 2024 includes deploying the agent with Standard Endpoint Protection, Server & Workload Protection and XDR for Endpoints (EDR) features. For more information on supported systems, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Zero Trust Secure Access On-premises Gateway Version 1.0.80

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.80 contains enhancements.

Enhancements

Enhanced device posture checking in Internet Access and AI Service Access rules.
Updated the prompt injection detection service for on-premises gateway with AI.
Fixed issues caused by protocol changes in Microsoft Copilot for Bing.
Enhanced scanning of files uploaded to Google Drive by adding base64 decoding support.
Enhanced scanning for large archive files downloaded from internet.

Agentless Vulnerability & Threat Detection version 1.200.be30965

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—The Agentless Vulnerability & Threat Detection version 1.200.be30965 release introduces audit log support for Google Cloud. Scan lifecycle events and resource-level errors are now recorded in TrendAI Vision One™ Audit Logs on a per-region basis, giving security teams visibility into when scans start, progress, complete, and encounter failures across each cloud region.

Cloud platform: Google Cloud
Release date: March 23, 2026
Deployment method: Terraform
New feature:
- Agentless Vulnerability & Threat Detection now generates entries in TrendAI Vision One™ Audit Logs → System Logs under the Agentless Vulnerability & Threat Detection category. The following events are recorded:
  - Scan started: Logged per region when a scan begins, including the scan trigger type, cloud provider, account ID, region, and a count of disks and container images targeted for scanning in that region.
  - Scan in progress: Logged per region as the scan advances, showing the current completion percentage.
  - Scan completed: Logged per region when a scan finishes, highlighting the total duration, and the number of resources successfully scanned out of the total targeted resources.
  - Resource scan error: Logged when an individual resource cannot be scanned, including the account ID, resource type, resource ID, region, and the underlying error message.

Cloud Security → Cloud Accounts → Google Cloud

Agentless Vulnerability & Threat Detection version 1.603.03150442

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—The Agentless Vulnerability & Threat Detection version 1.603.03150442 release introduces audit log support for AWS. Scan lifecycle events and resource-level errors are now recorded in TrendAI Vision One™ Audit Logs on a per-region basis, giving security teams visibility into when scans start, progress, complete, and encounter failures across each cloud region.

Cloud platform: AWS
Release date: March 23, 2026
Deployment method: CloudFormation, Terraform
New feature:
- Agentless Vulnerability & Threat Detection now generates entries in TrendAI Vision One™ Audit Logs → System Logs under the Agentless Vulnerability & Threat Detection category. The following events are recorded:
  - Scan started: Logged per region when a scan begins, including the scan trigger type, cloud provider, account ID, region, and a count of disks, container images, and serverless functions targeted for scanning in that region.
  - Scan in progress: Logged per region as the scan advances, showing the current completion percentage.
  - Scan completed: Logged per region when a scan finishes, highlighting the total duration, and the number of resources successfully scanned out of the total targeted resources.
  - Resource scan error: Logged when an individual resource cannot be scanned, including the account ID, resource type, resource ID, region, and the underlying error message.
Enhancement:
- Introduced anti-malware scan caching for scanned machine AMI, reducing redundant scans and improving overall scanning efficiency.
- Improved scanning performance for EBS volumes by supporting an additional direct-access scanning method.

Cloud Security → Cloud Accounts → AWS

Agentless Vulnerability & Threat Detection version 1.175.71e5c1c

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—The Agentless Vulnerability & Threat Detection version 1.175.71e5c1c release introduces audit log support for Azure. Scan lifecycle events and resource-level errors are now recorded in TrendAI Vision One™ Audit Logs on a per-region basis, giving security teams visibility into when scans start, progress, complete, and encounter failures across each cloud region.

Cloud platform: Azure
Release date: March 23, 2026
Deployment method: Terraform
New feature:
- Agentless Vulnerability & Threat Detection now generates entries in TrendAI Vision One™ Audit Logs → System Logs under the Agentless Vulnerability & Threat Detection category. The following events are recorded:
  - Scan started: Logged per region when a scan begins, including the scan trigger type, cloud provider, account ID, region, and a count of disks and container images targeted for scanning in that region.
  - Scan in progress: Logged per region as the scan advances, showing the current completion percentage.
  - Scan completed: Logged per region when a scan finishes, highlighting the total duration, and the number of resources successfully scanned out of the total targeted resources.
  - Resource scan error: Logged when an individual resource cannot be scanned, including the account ID, resource type, resource ID, region, and the underlying error message.
Enhancement:
- Removed automatic creation of the deprecated AzureWebJobsDashboard parameter in the Agentless Vulnerability & Threat Detection scanner's Azure Function Apps, eliminating unnecessary configuration settings and aligning with Microsoft's current best practices for improved security and cleaner deployments.

Cloud Security → Cloud Accounts → Azure

Mobile Security for Business app version 2.0.1582

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—Mobile Security for Business app Android version 2.0.1582 includes bug fixes and enhancements.

This update includes the following changes:

Improved the manual log collection process.
Enhanced overall stability of the mobile agent for better performance and reliability.

Mobile Security for Business app version 2.0.1176

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—Mobile Security for Business app iOS version 2.0.1176 includes bug fixes and enhancements.

This update includes the following changes:

Improved the manual log collection process.
Enhanced overall stability of the mobile agent for better performance and reliability.

TrendAI Vision One Endpoint Security agent now supports Red Hat Enterprise Linux 10 ARM64 (AArch64)

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—The TrendAI Vision One™ Endpoint Security agent now supports deployments to endpoint using Red Hat Enterprise Linux 10 ARM64 (AArch64).

Support for Red Hat Enterprise Linux 10 ARM64 (AArch64) includes deploying the agent with Server & Workload Protection and XDR for Endpoint (EDR) features. For more information on supported systems, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

TrendAI Vision One Endpoint Security agent now supports SUSE Linux Enterprise Server 16 64-bit (x86-64)

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—The TrendAI Vision One™ Endpoint Security agent now supports deployments to endpoint using SUSE Linux Enterprise Server 16 64-bit (x86-64).

Support for SUSE Linux Enterprise Server 16 64-bit (x86-64) includes deploying the agent with Server & Workload Protection and XDR for Endpoint (EDR) features. For more information on supported systems, see TrendAI Vision One™ Endpoint Security agent system requirements.

Endpoint Security → Endpoint Inventory

Endpoint Inventory provides enhanced information for agent status, filtering, and detailed information

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—Endpoint Inventory has enhanced the information available for checking the status of your agents and agent components, with new and consolidated data fields in the Endpoint Inventory table. This information can be accessed in the detailed profile and used to filter the table view. The enhanced information data fields support the TrendAI Vision One™ Endpoint Security agent version 202601 and later.

Last agent status reported provides a consolidated view of when the TrendAI Vision One™ Endpoint Security agent last connected. It provides both a time range for a quick glance and exact time stamp for the last connection. You can filter for endpoints by those which connected within a time period or last connected outside of a time range (such as within 24 hours or more than 30 days ago). The following data fields have been replaced by Last agent status reported:

Sensor connectivity
Sensor last connected
Protection module status
Protection module last connected

The Credit allocation status field has been renamed to Package and offers a quick view of which Endpoint Security credits packages are enabled on the endpoint. For more information about packages and how credits are calculated, see How are credits calculated for TrendAI Vision One™ Endpoint Security?.

Additionally, the following data fields have been added to provide an overview of the status of the endpoint protection features within your environment. Each data field provides both the Endpoint Security Policy configuration (enabled/disabled) and the status of the module on the endpoint, such as running, not running, or only partially running. You can filter by both the configuration setting and module status to quickly find endpoints that might need attention.

Advanced risk telemetry
Anti-malware
Application Control
Browser extension
Data security Sensor
Device Control
Firewall
Identity security sensor - Active Directory
Integrity monitoring
Intrusion prevention
Log inspection
Sandbox analysis (renamed from Sandbox submission)
Web reputation
XDR for Endpoints (EDR)

Endpoint Security → Endpoint Inventory

You can now manage schedules for agent updates using Version Control Policies

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—Version Control Policies now features options to allow you to manage schedules for updating your TrendAI Vision One™ Endpoint Security agents.

Create schedules in Policy Resources and assign them to your policies to control when your agents check for software updates. You can control the start time and duration window for when agents are allowed to look for updates. Support for scheduling agent component updates is coming soon.

For more information, see Version Control Policies.

Endpoint Security → Endpoint Security Configuration → Version Control Policies

New Kubernetes cluster information displayed

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—You can now see who created a Kubernetes cluster in the TrendAI Vision One™ Container Security console. The account or API key that created the cluster is displayed in the new Created by field.

Cloud Security → Container Security

Flexible notification sequence for Automated Response Playbooks

Mon, 23 Mar 2026 00:00:00 GMT

March 23, 2026—Automated Response Playbooks now support a flexible building block sequence. You can add a notification action with expanded Workbench alert details directly after the target or condition node without requiring a preceding response action. This allows security operations teams to forward alert details to third-party systems via webhook or email without taking response actions in TrendAI Vision One™.

For more information, see Manually create Automated Response Playbooks.

Workflow and Automation → Security Playbooks

Helm Chart 3.3.5

Tue, 24 Mar 2026 00:00:00 GMT

March 24, 2026—The Helm Chart 3.3.5 release includes the following:

Features
- Support RBAC audit log collection for EKS, GKE, AKS, and self managed clusters.
Enhancements
- Allows scanner and scout to only access the malware scanner.
- Changed images to be FIPS compliant images.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.5.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.5

Container Protection for Amazon ECS version 2.0.4

Wed, 25 Mar 2026 00:00:00 GMT

March 25, 2026—Container Protection for Amazon ECS version 2.0.4 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Enhancements
- Changed scout, falco, pdig to be FIPS compliant.
Big fixes
- Fixed delay with populating ECS inventory after install.
- Fixed image URI parameters not using the new default.
- Fixed occasional issue where Scout init containers are stuck in running status.

Cloud Risk Management now supports managing Misconfiguration and Compliance using Terraform

Wed, 25 Mar 2026 00:00:00 GMT

March 25, 2026—Cloud Risk Management now supports set up and management of Misconfiguration and Compliance features using Terraform. The functionality includes managing the following resources:

Groups
Profiles
Custom rules
Reports
Communication channels

For details, see the Vision One provider in the Terraform registry.

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Updated compliance standards: CIS Foundations Benchmarks

Wed, 25 Mar 2026 00:00:00 GMT

March 25, 2026—We have updated our compliance standards to meet the Center of Internet Security (CIS) Foundations Benchmarks. You can now filter Checks and download Compliance Reports to ensure your cloud environment complies with the latest CIS Foundations Benchmarks.

CIS Azure Foundations Benchmark v5.0.0
CIS Oracle Cloud Infrastructure Foundations Benchmark v3.1.0

Deprecation notice

CIS Azure Foundations Benchmark v3.0.0 is no longer supported and is scheduled for removal on April 29, 2026. It will no longer be accessible in filters, preventing the creation of new reports or report configurations with this outdated benchmark. If any existing report configurations include this compliance standard, it will not be possible to generate new PDF or CSV reports. However, previously generated PDF and CSV reports remain available.

We recommend updating your report configurations to use the latest versions of CIS Azure Foundations Benchmark before June 25, 2026.

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Virtual Network Sensor version 1.0.1646

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—Virtual Network Sensor version 1.0.1646 includes enhancements, bug fixes, and security updates.

This update includes the following changes:

Virtual Network Sensor supports VMware NSX (Network Virtualization and Security Platform).

Cloud Detections for AWS CloudTrail version 1.50.2

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—The Cloud Detections for AWS CloudTrail version 1.50.2 release includes security enhancements and vulnerability fixes.

Cloud platform: AWS
Release date: March 30, 2026
Deployment method: AWS CloudFormation
Affected features:
- Cloud Detections for AWS CloudTrail (AWS CloudTrail with Control Tower)
- Cloud Detections for AWS Security Lake
Enhancement:
- Vulnerabilities fix: CVE-2025-45768

Cloud Security → Cloud Accounts → AWS

Microsoft Defender for Endpoint Log Collection version 1.0.74

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—Microsoft Defender for Endpoint Log Collection version 1.0.74 introduces a redesigned ingestion architecture that improves performance and supports larger log entries.

Important

This release includes a breaking change. The Table Storage ingestion pipeline has been removed and replaced with an event-driven Blob Storage pipeline. Existing data in Table Storage will not be carried over to the new architecture. This is by design, as TrendAI Vision One™ focuses on real-time threat alerting rather than historical log retention.

Cloud platform: Azure
Release date: March 30, 2026
Deployment method: Terraform
Enhancements:
- Redesigned ingestion architecture from Table Storage to an event-driven Blob Storage pipeline, improving scalability and reliability.
- Increased support for log entries larger than 64 KB, enabling processing of more comprehensive security event data.
Breaking change:
- The Table Storage ingestion pipeline has been completely removed. Existing data stored in Table Storage will not be migrated to the new Blob Storage architecture.

Cloud Security → Cloud Accounts

Upgraded compliance scan support for new benchmark versions

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—TrendAI Vision One™ now has enhanced compliance scanning capabilities for the following latest CIS benchmark versions for Container Security:

CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.8.0
CIS Kubernetes Benchmark v1.12.1
CIS Google Kubernetes Engine (GKE) Benchmark v1.9.0
CIS Azure Kubernetes Service (AKS) Benchmark v1.8.0

Select a specific benchmark version to apply to each cluster type, ensuring your Kubernetes environments adhere to the latest security standards and best practices.

Important

Starting March 30, 2026, the following benchmark versions will start to be deprecated:

CIS Amazon Elastic Kubernetes Service (EKS) v1.5.0
CIS Kubernetes Benchmark v1.9.0
CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0

Support for these versions will end May 30, 2026.

Cloud Security → Container Security → Inventory/Overview

File Security Virtual Appliance has expanded scanning capabilities

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—File Security Virtual Appliance now supports:

ICAP scans. For more information, see Virtual Appliance support for ICAP scan.
Scan policy configuration. For more information, seeConfigure file scan policy settings .

Cloud Security → File Security → Virtual Appliance

IP geolocation details now available in Workbench insights and alerts

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—Geolocation information is now available for IP addresses displayed in Workbench insights and alerts. Quickly identify the geographic origin of network traffic and determine whether an alert or activity poses a genuine threat to your environment.

For more information, see Alert details and Workbench insight details.

Agentic SIEM and XDR → Workbench

Email notifications include vulnerability attachments

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—Security Playbook email notifications for risk events related to common vulnerabilities and exposures (CVE) now include a detailed comma-separated value (CSV) attachment. This CSV file provides comprehensive information such as event metadata, risk event details, asset names, and asset attributes, mirroring the content available in console exports. With this update, you can quickly access vulnerable device details directly from the email notification, eliminating the need to sign in to TrendAI Vision One™ to retrieve the device list.

For more information, see Manually create CVEs with Global Exploit Activity playbooks.

Workflow and Automation → Security Playbooks

Enhanced search experience for Workbench alerts and insights

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—On the All Alerts (Agentic SIEM & XDR → Workbench → All Alerts) and Workbench Insights tabs (Agentic SIEM & XDR → Workbench → Workbench Insights), you can now search alerts or insights by typing keywords in the search bar and pressing enter. This enhancement reduces unnecessary API data loading and provides a smoother experience.

For more information, see All Alerts and Workbench insights.

Agentic SIEM and XDR → Workbench

Vulnerability search database in Threat Intelligence Hub

Mon, 30 Mar 2026 00:00:00 GMT

March 30, 2026—Threat Intelligence Hub now provides a Vulnerability tab that provides a searchable vulnerability database. You can search any common vulnerability and exposure (CVE), offering clear visibility into detection coverage across your environment.

The Vulnerability tab includes quick access to the following information:

Trending vulnerabilities with rising relevance over the past week based on severity, community activity, and other indicators
Actively exploited vulnerabilities for CVEs with newly available exploits that may require immediate remediation
Detection coverage visibility showing whether Cyber Risk Exposure Management can detect specific vulnerabilities
Detailed vulnerability profiles with exploitability information, including whether a vulnerability is actively exploited, has publicly available exploits, or has triggered XDR alerts

For details, see Vulnerabilities.

Threat Intelligence → Threat Intelligence Hub

Zero Trust Secure Access Private Access Connector version 2.38.0.1783

Tue, 31 Mar 2026 00:00:00 GMT

March 31st, 2026—Zero Trust Secure Access Private Access Connector Version 2.38.0.1783 delivers the following new features and enhancements

New features

Added support for real-time streaming of connector diagnostic logs.
Added support for the upcoming South Africa home site.

Enhancements

Extended the log rotation mechanism to include DNS records.
Added retry mechanism and improved error handling for container image pulls from the container registry. Additionally, added local verification for successfully pulled images.
Adjusted memory management trigger thresholds to better reflect real-world usage.
Added a pause/resume mechanism for the service monitor during upgrade, rollback, and maintenance operations.
Added detailed diagnostic logging for improved visibility into memory buffer utilization.
Upgraded the OpenSSH package.

Enhanced stability and response speed in Companion sessions

Tue, 31 Mar 2026 00:00:00 GMT

March 31, 2026—Companion has been updated to provide enhanced stability and response speed in sessions. As part of these updates, all prior session history has been discarded. If you need a backup file of your session history prior to March 31, 2026, contact your support provider. Going forward, Companion session history will be automatically purged after 30 days.

For more information, see TrendAI™ Companion.

TrendAI rebranding includes Server & Workload Protection syslog messages

Tue, 31 Mar 2026 00:00:00 GMT

March 31, 2026—The Device Vendor field in Server & Workload Protection syslog messages has updated from Trend Micro to TrendAI™ as part of the TrendAI Vision One™ rebranding.

This affects syslog messages generated by Server & Workload Protection features installed on the TrendAI Vision One™ Endpoint Security agent. TrendAI™ is currently working to rollback the rebranding for syslogs.

In the meantime, if you currently filter for syslog messages by Device Vendor, make sure to update your filters to continue receiving syslog data.

For more information, see Syslog message formats.

Server & Workload Protection supports enabling Intrusion Prevention detection capabilities on endpoints without kernel level support

Tue, 31 Mar 2026 00:00:00 GMT

March 31, 2026—The TrendAI Vision One™ Endpoint Security agent now supports enabling Server & Workload Protection Intrusion Prevention detection capabilities on endpoints without kernel level support.

You can now configure whether agent network drivers operate on kernel level or user level even for endpoints with operating systems that do not have kernel level support. For these systems, the drivers operate on the user level, providing basic detection functions for Firewall, Intrusion Prevention, and Web Reputation. You can manage the feature from the Settings menu in the Computer editor.

Endpoint Security → Server & Workload Protection

Detect additional Initial Access techniques in Attack Path Prediction

Tue, 31 Mar 2026 00:00:00 GMT

March 31, 2026—Attack Path Prediction now includes additional internal detection rules for MITRE ATT&CK Initial Access techniques. The additional rules improve your visibility into early-stage attack paths.

New rules cover the following scenarios:

Valid Accounts
Account Manipulation
Brute Force

Detections using the added rules help you identify common entry-point risk events such as unusual sign-in patterns, suspicious group membership changes, and password guessing or spraying activities. The result is better detection and easier investigation of potential compromise paths that originate from identity-based attacks.

For more information, see how to investigate and remediate attack paths in Attack Path Prediction.

Cyber Risk Exposure Management → Cyber Attack Prediction → Attack Path Prediction

Zero Trust Secure Access module for macOS - version 2.29.66

Wed, 01 Apr 2026 00:00:00 GMT

April 1, 2026—The latest version of the Zero Trust Secure Access Module for macOS has been released. It contains new features, enhancements and resolved issues. It replaces macOS versions 2.29.55.

New site supported: South Africa

Enhancements

Updated the Speed Test wording in Debug Settings.

Resolved issues

Resolved connection issues for internal applications containing CNAME records in Private Access.
Fixed an issue where debug logging would be turned off every 5 minutes if multiple users logged in.
Fixed an issue where updating success notification doesn’t pop up.

Zero Trust Secure Access module for Windows server - version 2.33.1033

Wed, 01 Apr 2026 00:00:00 GMT

April 1, 2026—The latest version of the Zero Trust Secure Access Module for Windows has been released. It contains new features, enhancements and resolved issues. It replaces Windows version 2.33.1032.

New site supported: South Africa

Enhancements

Updated the Speed Test wording in Debug Settings.

Resolved issues

Resolved connection issues for internal applications containing CNAME records in Private Access.
Fixed an issue where two sign-in pop ups appeared after logging into Windows.
Resolved a black screen issue that occurred after a fresh installation of ZTSA.
Fixed an issue causing ZTSAWindows.exe to crash when the config.json file was corrupted.
Corrected an issue that resulted in inaccurate Speed Test results.
Resolved an issue where clicking "Update now" in the Action Center failed to trigger an update on Windows Server 2016.
Fixed an issue where Internet Access failed to connect to Secure Web Gateway when the routing table contained two routes with the same metric.
Prevented the sign-in page and sign-in pop up from appearing simultaneously.

TrendAI Vision One Endpoint Security Deepfake detector now supports macOS agents

Wed, 01 Apr 2026 00:00:00 GMT

April 1, 2026—The TrendAI Vision One™ Endpoint Security agent now supports enabling Deepfake detector on your macOS endpoints.

Deepfake detector can be enabled on agents version 202604 and later deployed to macOS 13 or later on ARM64 (Apple Silicon) endpoints. Manage your Deepfake detector settings by configuring XDR for Endpoints (EDR) in Endpoint Security Policies.

For more information, see XDR for Endpoints (EDR).

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

File Security Storage now supports Azure and Google Cloud Platform storage

Thu, 02 Apr 2026 00:00:00 GMT

April 2, 2026—File Security Storage support for Azure and Google Cloud Platform (GCP) is now generally available. You can now scan files stored in Azure storage accounts and GCP cloud buckets for malware, in addition to the existing Amazon Web Services (AWS) support.

With this release, File Security Storage extends its anti-malware scanning capabilities across all three major cloud service providers, allowing you to integrate automated file scanning into your multi-cloud workflows and detect all types of malware including viruses, trojans, spyware, and more.

For more information, see File Security Storage.

Cloud Security → File Security

Zero Trust Secure Access On-premises Gateway Version 1.0.81

Mon, 06 Apr 2026 00:00:00 GMT

April 6, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.81 contains new features and enhancements.

New Features

Added support for configurable settings to unmask/mask the matched DLP/AI content inspection data in log

Enhancements

Enhanced file upload scanning for Google Drive

Zero Trust Secure Access adds PoP site in Azure Austria East

Mon, 06 Apr 2026 00:00:00 GMT

April 6, 2026—Zero Trust Secure Access Internet Access now supports the Azure Austria East region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Endpoint Inventory now supports saving applied filters

Mon, 06 Apr 2026 00:00:00 GMT

April 6, 2026—You can now save applied filters in Endpoint Inventory as a custom filter to make searching for endpoints easier.

After applying filters to narrow the Endpoint Inventory view, you can now click the save icon () to save your filter settings as a custom filter for later use. Each TrendAI Vision One™ account can create up to 20 custom filters, which are visible across your organization.

For more information, see Endpoint Inventory.

Endpoint Security → Endpoint Inventory

Mobile Security for Business app version 2.0.1179

Tue, 07 Apr 2026 00:00:00 GMT

April 7, 2026—Mobile Security for Business app iOS version 2.0.1179 includes bug fixes.

This update includes the following changes:

Fixed an issue where VPN could fail to turn on in some cases.

Automated tagging now supports operating system version conditions

Wed, 08 Apr 2026 00:00:00 GMT

April 8, 2026—Tag Management now supports operating system version as a condition for automated tagging rules, giving you better control over which endpoints get tagged. The condition previously labeled "Operating system" has been renamed "Operating system and version" to reflect this expanded capability.

When configuring an operating system and version condition, you can now choose from the following:

Any of: Select one or more operating systems from a dropdown list.
Contains or Begins with: Type an operating system version string (for example, “Windows Server 2025 Datacenter”) or partial string (like “Server 2025”) to match endpoints by specific version. As you type, TrendAI Vision One™ suggests matching values.

Service Management → Tag Management

Cloud Risk Management updates to compliance frameworks and standards

Wed, 08 Apr 2026 00:00:00 GMT

April 08, 2026—TrendAI Vision One™ Cloud Risk Management has released the following compliance updates. You can now filter Checks and download Compliance Reports to ensure your cloud environment complies with the latest standards.

New compliance frameworks

AWS Security Reference Architecture
AWS Security Reference Architecture for AI

Updated compliance standard

CIS Amazon Web Services Foundations Benchmark v7.0.0

Deprecation notice

CIS AWS Foundations Benchmark v5.0.0 is no longer supported. Cloud Risk Management recommends updating your report configurations to use the latest versions of CIS AWS Foundations Benchmark before July 7, 2026.

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Mobile Security for Business app version 2.0.1590

Thu, 09 Apr 2026 00:00:00 GMT

April 9, 2026—Mobile Security for Business app Android version 2.0.1590 includes bug fixes and enhancements.

This update includes the following changes:

Optimized and reduced server API calls from the agent to lower server loading.
Improved stability of the ZTSA and VPN module.
Fixed an SNI issue for parsing domain names before sending the IP to SWG.
Fixed an issue in web reputation with the allow and block URL list.
Resolved an issue of temporarily high battery usage by Mobile Security.

TrendAI Vision One has a new South Africa Data Center

Fri, 10 Apr 2026 00:00:00 GMT

April 10, 2026— TrendAI Vision One™ has opened a data center to support the South Africa region. Users in this region may configure their service FQDNs to reflect the new location.

For more information, see South Africa - firewall exceptions.

Helm Chart 3.3.6

Fri, 10 Apr 2026 00:00:00 GMT

April 10, 2026—The Helm Chart 3.3.6 release includes the following:

Enhancements
- Upgraded dependencies to address vulnerabilities.
- Updated admission control webhook to remove unneeded DELETE operations and to improve performance.
Bug fixes
- Set sigstore TUF root to a writeable path to fix an issue with signature verification in FIPS images.
- Fixed log collection for Helm v4.
- Reverted mistakenly bumped GKE Allowlist version to fix installation issues on GKE Autopilot clusters.
- Made scout hostNetwork configurable through values.yaml to fix issue with scout initialization in some networks.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.6.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.6

Agentless Vulnerability & Threat Detection version 1.606.04062108

Mon, 13 Apr 2026 00:00:00 GMT

April 13, 2026—The Agentless Vulnerability & Threat Detection version 1.606.04062108 release extends AWS region support to include two AWS China regions.

Cloud platform: AWS
Release date: April 13, 2026
Deployment method: CloudFormation
New feature:
- Agentless Vulnerability & Threat Detection and Cloud Detections for VPC Flow Logs now support the AWS China regions cn-north-1 and cn-northwest-1.

Cloud Security → Cloud Accounts → AWS

Agentless Vulnerability & Threat Detection version 1.183.b6f9f32

Mon, 13 Apr 2026 00:00:00 GMT

April 13, 2026—The Agentless Vulnerability & Threat Detection version 1.183.b6f9f32 release introduces Azure Management Group deployment support, enhances deployment reliability with unique resource identifiers, and fixes critical permission and region mapping issues.

Cloud platform: Azure
Release date: April 13, 2026
Deployment method: Terraform
New feature:
- Agentless Vulnerability & Threat Detection now supports deployment at the Azure Management Group level (private preview). Deploy at the management group level to scan all subscriptions under the management group in parallel, streamlining security coverage across your Azure environment.
Enhancement:
- Each deployment now generates unique secret tokens and IAM roles to prevent "Resource already exists" errors when deploying multiple instances, improving deployment reliability and flexibility.
Bug fixes:
- Resolved issues with dispatcher permissions and Contributor role assignments across Azure regions.
- Corrected the region mapping logic used when downloading artifacts from AWS to Azure environments.

Cloud Security → Cloud Accounts → Azure

Service Gateway: Forward Proxy Service Version 2.0.11

Wed, 15 Apr 2026 00:00:00 GMT

April 15, 2026—Service Gateway: Forward Proxy Service Version 2.0.11 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update improves upgrade configuration management to preserve settings across firmware upgrades.
This update fixes cloud proxy connectivity test to route through the configured proxy correctly.

For detailed update schedules, see 2026 Release for TrendAI Vision One™ Service Gateway in the Success Portal.

Service Gateway Firmware Version 3.0.28

Wed, 15 Apr 2026 00:00:00 GMT

April 15, 2026—Service Gateway Firmware Version 3.0.28 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update adds ThingsBoard IoT client support for ZA site connectivity.
This update upgrades the base OS to Rocky Linux 9.7 with updated Microk8s.
This update fixes incorrect service inbound connection count in appliance metrics.
This update fixes available disk space unit display in diagnostics.
This update fixes CDT file upload to reject files exceeding the size limit.
This update fixes cloud proxy connectivity test to route through the configured proxy correctly.
This update fixes upgrade configmap patching to prevent configuration loss during firmware upgrades.

For detailed update schedules, see 2026 Release for TrendAI Vision One™ Service Gateway in the Success Portal.

Service Gateway: Local Active Update Service Version 3.0.17

Wed, 15 Apr 2026 00:00:00 GMT

April 15, 2026—Service Gateway: Local Active Update Service Version 3.0.17 delivers key enhancements, bug fixes, and security updates.

This update includes the following changes:

This update improves relay process reliability to prevent single points of failure.

For detailed update schedules, see 2026 Release for TrendAI Vision One™ Service Gateway in the Success Portal.

Endpoint policy overrides now includes settings for security module configurations

Wed, 15 Apr 2026 00:00:00 GMT

April 15, 2026—You can now configure overrides for Anti-Malware, Intrusion Prevention, and Exclusions in Endpoint Inventory.

The Override endpoint security policy action has now been enhanced with a more robust design that expands coverage of override settings to include these endpoint security modules in addition to Advanced Risk Telemetry, XDR for Endpoints (EDR), and Data Security Sensor. These overrides apply to endpoints using the unified Endpoint Security Policy to manage endpoint protection features.

For more information, see Endpoint security policy overrides.

Endpoint Security → Endpoint Inventory

Recommendation scan now available for Anti-Malware and Exclusions in Endpoint Security Policies

Wed, 15 Apr 2026 00:00:00 GMT

April 15, 2026—You can now configure policies to exclude recommended applications from Anti-Malware scans, and enable the recommendation scan for Exclusions.

Use Exclusions when configuring your Endpoint Security Policies to manage which recommended applications your agents should exclude when running Anti-Malware scans. Additionally, you can enable recommendation scan to dynamically exclude applications based on your environment. You can also view the list of recommended applications excluded by your policy settings in Anti-Malware.

For more information, see Exclusions.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

Zero Trust Secure Access On-premises Gateway Version 1.0.82

Mon, 20 Apr 2026 00:00:00 GMT

April 20, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.82 contains new features and resolved issues.

New Features

Added support for warning action in AI Secure Access rules for access control.
Enhanced the detection log with the matched item in the allow/deny list.

Resolved issues

Fixed issues due to public AI services protocol changes.

Cloud Detections for AWS VPC Flow Logs version 1.614.04202156

Mon, 20 Apr 2026 00:00:00 GMT

April 20, 2026—The Cloud Detections for AWS VPC Flow Logs version 1.614.04202156 release introduces enhancements for VPC Flow Logs detections in private VPC environments and improves encryption compliance with AWS Control Tower policies.

Cloud platform: AWS
Release date: April 20, 2026
Deployment method: AWS CloudFormation
Enhancements:
- Simplified VPC proxy configuration by removing the automatic NO_PROXY connectivity check.
- Enabled SSE-KMS encryption (with Bucket Key) on the stack resource bucket and SSE-SQS on the VPC Flow Logs event queues to comply with AWS Control Tower policies. Supporting IAM KMS permissions have been added for affected roles.

Cloud Security → Cloud Accounts → AWS

Cloud Detections for AWS CloudTrail version 1.52.5

Mon, 20 Apr 2026 00:00:00 GMT

April 20, 2026—The Cloud Detections for AWS CloudTrail version 1.52.5 release includes security enhancements and vulnerability fixes.

Cloud platform: AWS
Release date: April 20, 2026
Deployment method: AWS CloudFormation
Affected features:
- Cloud Detections for AWS CloudTrail (AWS CloudTrail with Control Tower)
- Cloud Detections for AWS Security Lake
Enhancements:
- Vulnerability fixes: CVE-2026-25645, CVE-2026-32597

Cloud Security → Cloud Accounts → AWS

Attack Surface Discovery Local Apps now extends visibility to executables, allows blocking of untrusted executables

Mon, 20 Apr 2026 00:00:00 GMT

April 20, 2026—Local Apps now extends visibility to executables on your Windows endpoints, allowing you to set their status and automatically block untrusted executables found in your environment.

To allow the scanning and hashing of executable files on your endpoints, you must enable Advanced Risk Telemetry and configure the executable scanning and hashing settings in Endpoint Security Policies.

For more information, see Applications.

To configure Advanced Risk Telemetry in Endpoint Security Policies, see Advanced Risk Telemetry.

Cyber Risk Exposure Management → Continuous Risk Management → Attack Surface Discovery → Applications

Visibility and alert enhancement for email gateway alerts

Tue, 21 Apr 2026 00:00:00 GMT

April 21, 2026—Cloud Email Gateway Protection now includes the Message delivery history chart on the Other Statistics tab of the Dashboards page. Use this chart to monitor the number of email messages in the delivery queue and temporary delivery failures for incoming and outgoing email traffic.

Administrators can also configure business continuity alerts through the TrendAI Vision One™ Notifications app. Alerts trigger when the message count reaches a specified threshold for a defined number of consecutive data points. The configured threshold is displayed on the dashboard, and notifications are sent when the threshold is reached.

Email and Collaboration Security → Cloud Email Gateway Protection → Dashboards

New compliance standard: CIS Controls version 8.1

Wed, 22 Apr 2026 00:00:00 GMT

April 22, 2026—Cloud Risk Management now supports the CIS Controls version 8.1 compliance standard. You can filter Checks and download Compliance Reports to ensure your cloud environment complies with this standard.

CIS Controls version 8.1 is available for the following cloud providers:

AWS
Azure
Google Cloud
OCI

Cyber Risk Exposure Management → Cloud Risk Management → Misconfiguration and Compliance

Helm Chart 3.3.7

Thu, 23 Apr 2026 00:00:00 GMT

April 23, 2026—The Helm Chart 3.3.7 release includes the following:

Enhancements
- Improved vulnerability detections, particularly for JavaScript packages.
Bug fixes
- Fixed an issue where Falco crashed on certain kernels.
- Fixed a bug where exceptions were mistakenly applied to signature verification admission rules.
- Fixed a bug where workload image custom resources could remain stuck in Waiting status.

Upgrade instructions

Sample upgrade command:

helm upgrade \
--values overrides.yaml \
--namespace trendmicro-system \
trendmicro \
https://github.com/trendmicro/visionone-container-security-helm/archive/3.3.7.tar.gz

References
- https://github.com/trendmicro/visionone-container-security-helm/releases/tag/3.3.7

Container Protection for Amazon ECS version 2.1.0

Thu, 23 Apr 2026 00:00:00 GMT

April 23, 2026—Container Protection for Amazon ECS version 2.1.0 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Features
- Admission control for Amazon ECS.
Enhancements
- Policies redesigned to be platform-specific for Kubernetes and Amazon ECS. Learn more.
Bug fixes
- Fixed scout crashloop race condition.

Zero Trust Secure Access Private Access Connector version 3.0.0.1920

Mon, 27 Apr 2026 00:00:00 GMT

April 27, 2026—Zero Trust Secure Access Private Access Connector version 3.0.0.1920 contains new features, enhancements, and resolved issues.

New features

The Connector OS has been migrated from CentOS 7 to Rocky Linux 9. This transition brings a supported, modernized OS platform with updated networking, system services, and platform integrations.
A new update CLI command allows administrators to upgrade the Connector in place, without redeploying the virtual appliance.
A new rollback CLI command enables administrators to revert a failed or problematic Connector upgrade to the previous known-good version.
Administrators can now stream Connector logs in real time for faster troubleshooting and operational visibility.
Customers can now deploy and register Connectors in South Africa for improved local coverage and reduced latency.
The Hyper-V base VM image now supports EFI/UEFI boot, aligning with modern virtualization requirements.

Enhancements

Limited dig command output and enabled DNS record log rotation to reduce log volume and prevent disk pressure.
Added descriptive error messages to upgrade logging for easier troubleshooting of upgrade failures.
Added retry logic and improved error handling when pulling ACR images, reducing transient deployment failures.
Adjusted the memory check threshold to better reflect real-world workloads.
The admin user no longer ships with a default password. Administrators are required to set credentials during initial setup.
Disabled secure boot to ensure consistent image boot behavior across supported platforms.

Resolved issues

Fixed SSH password authentication regression.
Fixed hostname inconsistency between the Connector and Vision One.
Fixed ICMP health check status reporting.
Fixed command channel crash-loop when the Connector is unregistered.
Fixed eth1 bring-up delay on Azure.
Fixed configure dhcp eth0 CLI command.
Fixed hostname setting behavior.
Fixed missing zip dependency required for packet capture.
Fixed find command syntax used during backup file removal.
Fixed a race condition between the crontab monitor and firmware update that caused incorrect module counts.
Fixed WALinuxAgent installation on Azure.
Fixed multiple OpenSSH vulnerabilities with upstream security patches.
Added missing systemd timer dependencies.
Resolved duplicate Connector status updates sent to the management console.

Playbooks trigger on Threat Intelligence sweeping workbench alerts

Mon, 27 Apr 2026 00:00:00 GMT

May 4, 2026—Workbench alerts generated by Threat Intelligence sweeping can now automatically trigger your Automated Response Playbooks, helping you act faster on high‑fidelity intelligence matches.

When Threat Intelligence sweeping matches an indicator against your telemetry and raises a workbench alert, any playbook configured for that alert runs automatically to execute response actions—such as isolating affected assets, forcing user sign‑out, or sending notifications—without requiring manual analyst intervention.

For more information, see Security Playbooks.

Workflow and Automation → Security Playbooks

Connector for ServiceDesk Plus Cloud

Mon, 27 Apr 2026 00:00:00 GMT

April 27, 2026—TrendAI Vision One™ now integrates with ManageEngine ServiceDesk Plus Cloud through the Trend Vision One Connector, available on the ManageEngine Marketplace. Security teams can create and manage ServiceDesk Plus Cloud tickets directly from TrendAI Vision One™ Case Management, eliminating the need to switch between platforms during incident response.

This connector supports the following capabilities:

Bi-directional synchronization: Case status, priority, and other case data synchronize automatically between TrendAI Vision One™ Case Management and ServiceDesk Plus Cloud. Updates made in either platform reflect in the other.
Automated ticket creation: When someone opens a case in TrendAI Vision One™, the connector creates a corresponding ticket in ServiceDesk Plus Cloud with all relevant fields automatically populated.
Configurable field mappings: Map TrendAI Vision One™ case statuses and priorities to their ServiceDesk Plus Cloud equivalents. If a field does not have mapping configured, the connector ignores that field during synchronization.
Tag-based assignment: Automate ticket assignments in ServiceDesk Plus Cloud based on tags set in TrendAI Vision One™.

The Trend Vision One Connector supports ServiceDesk Plus Cloud instances with an Enterprise license only. Only users with the SDAdmin role can install the extension. Search for the TrendAI Vision One Connector on the ManageEngine Marketplace and follow the setup instructions in the connector documentation.

Workflow and Automation → Third-Party Integration

Agentless Vulnerability & Threat Detection version 1.616.04272125

Tue, 28 Apr 2026 00:00:00 GMT

April 28, 2026—Agentless Vulnerability & Threat Detection version 1.616.04272125 improves deployment reliability on AWS by automatically provisioning a required ECS role before stack deployment.

Cloud platform: AWS
Release date: April 28, 2026
Deployment method: AWS CloudFormation
Enhancements:
- Detects and creates the required AWS ECS service-linked role prior to stack deployment, preventing Agentless Vulnerability & Threat Detection failures in accounts where the role does not yet exist.

Cloud Security → Cloud Accounts → AWS

Reverted: TrendAI rebranding includes Server & Workload Protection syslog messages

Tue, 28 Apr 2026 00:00:00 GMT

April 28, 2026—The rebranding of Trend Micro to TrendAI™ within Server & Workload Protection syslog messages as detailed in TrendAI™ rebranding includes Server & Workload Protection syslog messages has been reverted.

For more information, see Syslog message formats.

TrendAI Vision One Endpoint Security agent relays and realtime connection policies now available

Tue, 28 Apr 2026 00:00:00 GMT

April 28, 2026—You can now use Connection Policies to create and manage connections and updates for TrendAI Vision One™ Endpoint Security agents and assign designated agents as relays for downloading updates.

Connection Policies includes two new features to assist in managing updates and connections: Runtime connection policies and Relay management.

Runtime connection policies moves the Runtime Proxy Settings from Global Settings in Endpoint Inventory to be part of Connection Policies. Use Runtime connection policies to specify how agents connect to TrendAI Vision One™ and what source to use to download updates, including the new relay group feature.

Relay management is where you can create relay groups to act as an update source for your agents. Relay groups consist of agents you specify to act as relays for providing updates to other agents within your environment, and supports Version Control Policies. This feature helps to centralize and replace the Update Agent in Standard Endpoint Protection and the Relay feature in Server & Workload Protection.

For more information about these features, see Connection Policies.

Endpoint Security → Endpoint Security Configuration → Connection Policies

File Security Storage now supports Python 3.13 in AWS

Tue, 28 Apr 2026 00:00:00 GMT

April 28, 2026—The AWS File Security Storage CloudFormation template version 4.0.4 supports Python runtime version 3.13. The template also includes minor enhancements and security updates.

Zero Trust Secure Access Private Access Connector version 3.1.0.1924

Wed, 29 Apr 2026 00:00:00 GMT

May 4, 2026—Zero Trust Secure Access Private Access Connector version 3.1.0.1924 contains new features, enhancements, and resolved issues.

New features

The connector now pulls complete site information from the ZTNA backend at registration time, replacing the previous hardcoded connection-test site list. This improves accuracy of site-to-Connector mapping and simplifies onboarding in new regions.

Enhancements

CLI command outputs have been reformatted to be easier to read and parse in administrative workflows.
DNS caching is now filtered to apply only to Private Access (PA) applications, reducing unnecessary cache entries and improving efficiency for other traffic.
The operating system identifier now reflects "TrendAI Vision One Private Access Connector" for clearer platform identification.
Updated the Rocky Linux 9 base with the latest security and stability patches and pinned the OS image to ensure reproducible, consistent builds.
Adjusted memory check threshold and polling interval to reduce false alerts and better reflect real-world workloads.

Resolved issues

Fixed OVF guest OS identifier and hardware version for proper ESXi compatibility, resolving deployment issues on VMware ESXi.
Fixed a missing import in the firmware updater that could impact connector upgrade execution.
Fixed NTP force-update incorrectly invoking the chrony client when the chrony daemon was stopped.
Fixed PAM syslog identity incorrectly overriding the sshd identity in system logs.

Zero Trust Secure Access Private Access Connector version 2.39.0.1910

Wed, 29 Apr 2026 00:00:00 GMT

April 29, 2026—Zero Trust Secure Access Private Access Connector Version 2.39.0.1910 delivers new features and resolved issues.

New features

Added support for the South Africa (ZA) region, enabling customers to deploy and register connectors in the South Africa region for improved local coverage and reduced latency.

Enhancements

DNS caching logic has been refined so that DNS entries from traffic are now only cached when the traffic is associated with TrendAI Vision One™ applications. This reduces unnecessary cache consumption and improves overall connector efficiency for application traffic.

Resolved issues

Fixed an issue where connector status updates could be sent or processed multiple times, which could result in redundant events and inconsistent state reporting in the management console.

Mobile Security for Business app version 2.0.1602

Wed, 29 Apr 2026 00:00:00 GMT

April 29, 2026—Mobile Security for Business app Android version 2.0.1602 includes bug fixes and enhancements.

This update includes the following changes:

Improved the enrollment process to handle cases where enrollment information is not yet available.
Optimized crash log collection to prevent excessive data accumulation.
Added missing Japanese localization.
Fixed an SWG bypass issue by improving domain name resolution handling during proxy connections.
Improved stability and performance of the VPN module, including certificate fetch timeout handling and connection leak fixes.

Container Protection for Amazon ECS version 2.2.0

Thu, 30 Apr 2026 00:00:00 GMT

April 30, 2026—Container Protection for Amazon ECS version 2.2.0 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Features
- File integrity monitoring for Amazon ECS. Learn more.

Microsoft Defender for Endpoint Log Collection version 1.0.76

Mon, 04 May 2026 00:00:00 GMT

May 4, 2026—Microsoft Defender for Endpoint Log Collection version 1.0.76 improves deployment reliability on Azure by strengthening Terraform resource resilience and fixing Event Hubs provisioning conflicts.

Cloud platform: Azure
Release date: May 4, 2026
Deployment method: Terraform
Enhancements:
- Added retry and buffer time in Terraform resources to mitigate Azure Resource Manager API issues.
Bug fixes:
- Changed Event Hubs instance creation in Terraform to use the Azure CLI to prevent "eventhub already exists" errors.

Cloud Security → Cloud Accounts → Azure

Secure Access Module traffic routing option

Mon, 04 May 2026 00:00:00 GMT

May 4, 2026—The Secure Access Module has added a traffic routing option that controls whether the Windows ZTSA agent forwards management traffic through the XBC proxy or directly.

Attack Path Prediction now shows all attack paths for all asset types

Mon, 04 May 2026 00:00:00 GMT

May 4, 2026—You can now see attack paths for all asset types in Attack Path Prediction, regardless of whether you have Cyber Risk Exposure Management - Essentials or cloud account assessment for Cyber Risk Exposure Management enabled.

Previously, the attack paths displayed in Attack Path Prediction depended on which features were active. Device paths required Cyber Risk Exposure Management - Essentials, and cloud paths required cloud account assessment for Cyber Risk Exposure Management. This created an inconsistency with the Predictive Analytics risk factor in Threat and Exposure Management, which showed all attack path risk events regardless of feature enablement. With this update, having either feature enabled grants full access to all attack paths in Attack Path Prediction.

To view attack paths for an asset type, the assets must be connected to or have been discovered by TrendAI Vision One™.

For more information, see Attack Path Prediction.

Cyber Risk Exposure Management → Cyber Attack Prediction → Attack Path Prediction

TrendAI Vision One Vulnerability Management and Threat and Exposure Management now surface ZDI-powered zero-day vulnerability risk events before public disclosure

Mon, 04 May 2026 00:00:00 GMT

May 4, 2026—Risk events powered by TrendAI™ Zero Day Initiative™ now appear in Vulnerability Management and Threat and Exposure Management when a zero-day vulnerability affecting software in your environment is identified. ZDI-powered events generate before a CVE is publicly disclosed, giving you time to prepare, monitor, and isolate affected assets ahead of any patch.

To help protect your assets, post-exploitation detection models monitor flagged assets for suspicious behavior such as shell drops or lateral movement, and trigger workbench alerts when activity is observed. For network-based vulnerabilities, virtual patching is available through TippingPoint Intrusion Prevention rules that block exploitation attempts at the network level while you wait for a vendor patch. For Windows application vulnerabilities, application blocking lets you prevent vulnerable application versions from launching on protected endpoints.

To use Application Blocking, endpoints must be protected by TrendAI Vision One™ Endpoint Security with Windows endpoint protection enabled.

For more information, see Vulnerability Management.

Cyber Risk Exposure Management → Continuous Risk Management → Vulnerability Management

Cyber Risk Exposure Management → Continuous Risk Management → Threat and Exposure Management

New compliance standards for connected SaaS app compliance violations

Tue, 05 May 2026 00:00:00 GMT

May 05, 2026—The connected SaaS app compliance violations widget in Threat and Exposure Management now supports the following additional compliance standards and frameworks:

CIS Critical Security Controls 8.1
ISO 27001 (2022)
NIST CSF 2.0
SOC 2:2019

These new standards are available alongside the existing standards. The compliance standards list is now sorted by standard name.

Cyber Risk Exposure Management → Cyber Risk Overview > Risk Factors > Connected SaaS app compliance violations

Agentless Vulnerability & Threat Detection version 1.617.04292011

Thu, 07 May 2026 00:00:00 GMT

May 7, 2026—Agentless Vulnerability & Threat Detection version 1.617.04292011 resolves an issue with the internal telemetry collector Lambda function.

Cloud platform: AWS
Release date: May 7, 2026
Deployment method: AWS CloudFormation
Bug fix:
- Fixed an issue where the scheduled internal telemetry collector Lambda function was not running due to a missing EventBridge invocation permission. After the update, the collection resumes automatically.

Cloud Security → Cloud Accounts → AWS

Agentless Vulnerability & Threat Detection version 1.175.71e5c1c - Notifications

Fri, 08 May 2026 00:00:00 GMT

May 8, 2026—The Agentless Vulnerability & Threat Detection version 1.175.71e5c1c release introduces Notifications integration for Azure. Agentless Vulnerability & Threat Detection now sends scan failure alerts through the TrendAI Vision One™ Notifications screen, giving security teams immediate notification when completed scans encounter elevated failure rates across their Azure environment.

Cloud platform: Azure
Release date: May 8, 2026
Deployment method: Terraform
New feature:
- Agentless Vulnerability & Threat Detection now sends notifications through the TrendAI Vision One™ Notifications screen when a completed scan's failure rate exceeds a configured threshold. The following notifications are sent:
  - Email notification: Sent to recipients when the scan failure rate meets or exceeds a configurable threshold (default 5%). To configure the recipients and the threshold, go to Administration → Notifications.
  - In-console bell notification: Displayed in the TrendAI Vision One™ console Notifications screen when the scan failure rate exceeds 5%. The alert links directly to Audit Logs, filtered to the Agentless Vulnerability & Threat Detection category, for immediate investigation.

Cloud Security → Cloud Accounts → Azure

Administration → Notifications

Agentless Vulnerability & Threat Detection version 1.200.be30965 - Notifications

Fri, 08 May 2026 00:00:00 GMT

May 8, 2026—The Agentless Vulnerability & Threat Detection version 1.200.be30965 release introduces Notifications integration for Google Cloud. Agentless Vulnerability & Threat Detection now sends scan failure alerts through the TrendAI Vision One™ Notifications screen, giving security teams immediate notification when completed scans encounter elevated failure rates across their Google Cloud environment.

Cloud platform: Google Cloud
Release date: May 8, 2026
Deployment method: Terraform
New feature:
- Agentless Vulnerability & Threat Detection now sends notifications through the TrendAI Vision One™ Notifications screen when a completed scan's failure rate exceeds a configured threshold. The following notifications are sent:
  - Email notification: Sent to configured recipients when the scan failure rate meets or exceeds a configurable threshold (default: 5%). To configure the recipients and the threshold, go to Administration → Notifications.
  - In-console bell notification: Displayed in the TrendAI Vision One™ console Notifications screen when the scan failure rate exceeds 5%. The alert links directly to Audit Logs, filtered to the Agentless Vulnerability & Threat Detection category, for immediate investigation.

Cloud Security → Cloud Accounts → Google Cloud

Administration → Notifications

Container Protection for Amazon ECS version 2.2.1

Fri, 08 May 2026 00:00:00 GMT

May 8, 2026—Container Protection for Amazon ECS version 2.2.1 is now available.

Cloud Platform
- Amazon Web Services (AWS)
Enhancements
- Implemented cluster-level exclusion tags to skip automated Fargate patching. Learn more.
Bug fixes
- Fixed an ECS Fargate init container that sometimes became stuck in running state.
- Fixed an issue where Fargate tasks were not patched for AWS accounts with certain SCPs.

File Security Storage has released template version 2.0.8 for Google Cloud

Mon, 11 May 2026 00:00:00 GMT

May 11, 2026—File Security Storage has released template version 2.0.8 for Google Cloud. It resolves the following issues:

Fixed an issue where the token rotator failed silently after 7 days
Fixed minor vulnerabilities

File Security Storage has released template version 4.0.5 for AWS

Mon, 11 May 2026 00:00:00 GMT

May 11, 2026—File Security Storage has released template version 4.0.5 for AWS. It resolves the following issue:

Fixed an overly permissive FSS stack set role on the KMS resource

File Security Storage has released template version 2.1.5 for Azure

Mon, 11 May 2026 00:00:00 GMT

May 11, 2026—File Security Storage has released template version 2.1.5 for Azure. It contains the following enhancements:

Added Azure Management Group deployment support

Note

Users who have an existing single-subscription deployment and wish to switch to Management Group deployment must remove the existing deployment before reinstalling.

Added patches for known CVEs affecting Azure Functions dependencies
Other minor enhancements

Zero Trust Secure Access module for macOS version 2.30.40

Wed, 13 May 2026 00:00:00 GMT

May 13, 2026—The latest version of the Zero Trust Secure Access Module for macOS has been released. It contains enhancements and resolved issues.

Enhancements

Removed non-functional menu items from the system menu bar.

Resolved issues

Fixed multiple issues that prevented ZTSA from displaying the login page when the Internet Access session expired.
Fixed an issue where the sign-in page still appeared after an update, even when Don't show popup was selected.
Fixed an issue where a comment in a PAC file could prevent Internet Access from working correctly.

Zero Trust Secure Access module for Windows - version 2.34.1035

Wed, 13 May 2026 00:00:00 GMT

May 13, 2026—The latest version of the Zero Trust Secure Access Module for Windows has been released. It contains new features, enhancements and resolved issues.

New features

Added a traffic routing option in TrendAI Vision One™ that controls whether the Windows ZTSA agent forwards management traffic through the XBC proxy or directly.
Updated the file property from “Trend Vision One™” to " TrendAI Vision One™".

Enhancements

Added aadcdnjp.msftauth.net and aadcdnjp.msauth.net to the allow list for browser-based authentication.

Resolved issues

Fixed an issue where the vertical scroll bar was missing on the Connection Details page.
Fixed a crash that occurred when the start time or end time in Update Settings was set to 24:00 in TrendAI Vision One™.
Fixed an issue where the Internet Access status repeatedly toggled between connected and disconnected due to a ZTSA service crash.
Fixed an issue that prevented users from accessing an internal app when its FQDN, IP, or protocol overlapped with another internal app in a different connector group.

Zero Trust Secure Access Private Access Connector version 2.40.0.1957

Wed, 13 May 2026 00:00:00 GMT

May 13, 2026—Zero Trust Secure Access Private Access Connector version 2.40.0.1957 contains resolved issues.

Resolved issues

Resolved a JSON parsing error that could cause incorrect keep-alive settings, improving connection stability.
Resolved an issue where Private Access traffic could be dropped after the agent automatically reconnected.

Zero Trust Secure Access On-premises Gateway Version 1.0.83

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026—The Zero Trust Secure Access On-premises Gateway version 1.0.83 contains new features, enhancements, and resolved issues.

New features

Added support for the new tenancy restriction profile for Anthropic Claude.

Enhancements

Extended AI file upload inspection support to cover Google Gemini official API-based file uploads, enabling consistent DLP protection for both web and API upload scenarios.

Resolved issues

Resolved several issues affecting Claude content inspection, including response timeout handling and malicious response detection reliability during add-in interactions.
Fixed DeepSeek response detection issues caused by API behavior changes that introduced a retry mechanism when prompts are blocked.

Zero Trust Secure Access adds PoP site in AWS Malaysia

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026—Zero Trust Secure Access Internet Access now supports the AWS Malaysia region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access adds PoP site in Google Cloud Chile

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026—Zero Trust Secure Access Internet Access now supports the Google Cloud Chile region. Users in the region may configure their service FQDNs to reflect the new location. For more information, see Port and FQDN/IP address requirements.

Zero Trust Secure Access → Secure Access Configuration → Internet Access and AI Secure Access Configuration

Endpoint Security Policies now supports duplicating policies, increased policy visibility

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026 - You can now duplicate policies in Endpoint Security Policies.

Duplicate policies keep all of the same settings, including which policy resources apply to the endpoint security features. To duplicate a policy, select the policy you want to copy, and click Duplicate.

Additionally, TrendAI Vision One™ Administrator accounts can configure user permissions to allow TrendAI Vision One™ users to view policies outside the user's asset visibility scope. Users can duplicate any visible policy, but cannot edit or delete a policy outside their scope.

For more information, see Policies.

Endpoint Security → Endpoint Security Configuration → Endpoint Security Policies

New Endpoint Inventory columns provide unified visibility for agent version and update status

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026—Endpoint Inventory introduces three new columns to provide enhanced unified visibility for how Version Control Policies applies to your agents.

This update adds the following three columns:

Agent version: displays the unified agent version (YYYYMM). Hover over the version number to get the detailed Protection Module and Endpoint Sensor versions.
Agent update setting: displays the applied policy setting for update checks (Always, Scheduled, or Never)
Agent version status: displays the status of the current agent version, whether it is the latest version allowed by the policy, an update is recommended or required to maintain protection capabilities, or if the OS is not supported

For more information, see Endpoint Inventory table columns.

Endpoint Security → Endpoint Inventory

Execution profile enhancements

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026—Execution profile process chains are now streamlined to stabilize output quality, improve accuracy, and prevent unexpected errors without changing detection behavior or enforcement logic.

For more information, see Execution profile.

Agentic SIEM and XDR → Workbench

Cyber Risk Exposure Management capabilities and related solutions to temporarily be read-only during scheduled maintenance

Mon, 18 May 2026 00:00:00 GMT

May 18, 2026—In June and July 2026, scheduled maintenance will be performed across all regions to implement a performance upgrade. During each region's maintenance period, the following capabilities and solutions will temporarily be in read-only mode and edit actions will be unavailable.

Affected capabilities and solutions:

Cyber Risk Overview
Attack Surface Discovery
Threat and Exposure Management
Vulnerability Management
Attack Path Prediction
Cloud Security Posture
Identity Security Posture
Cyber Risk Exposure Management Public API (read operations will remain accessible)
Network Overview
Zero Trust Secure Access
Reports
Tag Management

During the maintenance period, you can still sign in to TrendAI Vision One™ and view your data. However, write operations and data updates will be temporarily unavailable until the maintenance is complete.

The following table lists the planned maintenance schedule.

Important

Exact dates and times are subject to change. Watch for the in-console banners in each affected capability.

Region	Planned window (EST)	Duration
ZA	June 2, 2026, 12:00 PM to 6:00 PM	6 hours
UK	June 9, 2026, 12:00 PM to 6:00 PM	6 hours
CA	June 11, 2026, 5:00 PM to 11:00 PM	6 hours
AU	June 16, 2026, 9:30 AM to 5:30 PM	8 hours
IN	June 18, 2026, 9:30 AM to 5:30 PM	8 hours
SG	June 23, 2026, 9:30 AM to 5:30 PM	8 hours
EU	June 25, 2026, 12:00 PM to June 26, 2026, 12:00 AM	12 hours
JP	June 30, 2026, 9:30 AM to 5:30 PM	8 hours
US	July 4, 2026, 9:30 AM to 5:30 PM	8 hours

Cyber Risk Exposure Management

Reports

Tag Management

Zero Trust Secure Access

Agentless Vulnerability & Threat Detection version 20260519.183850

Tue, 19 May 2026 00:00:00 GMT

May 19, 2026—Agentless Vulnerability & Threat Detection version 20260519.183850 reduces the number of deployed resources and improves stability for Azure deployments.

Cloud platform: Azure
Release date: May 19, 2026
Deployment method: Terraform
Enhancements:
- Resource consolidation: Reduced the number of deployed resources, including function apps, service plans, and role assignments, by 50%. This change, along with related improvements, also reduced the overall deployment duration by 50%.
- Stable pattern updates: Improved the stability of pattern updates to ensure successful downloads from the Sentry backend and uploads to customer subscriptions.
- Function updater fix: Ensured that newly released functions automatically update deployed functions in customer subscriptions.
- Stable function synchronization: Enhanced synchronization of functions during stack deployment to ensure stability and prevent blocking deployment across multiple regions.

Important

A stack update is required to apply these changes.

Cloud Security → Cloud Accounts → Azure

Service Gateway Appliance Firmware 3.0.29

Wed, 20 May 2026 00:00:00 GMT

May 20, 2026—Service Gateway: Service Gateway Appliance Firmware 3.0.29 delivers key enhancements, bug fixes, and security updates.

Added "configure port list" CLI command to display port status
Applied CIS Section 5 security hardening for SSH, PAM, and password policies
Enhanced temporary root password generation with CIS-compliant rules
Fixed cloud configuration corruption on Rocky Linux 9.7 for Azure image deployments
Fixed port disable feature blocking outbound traffic due to incorrect firewall rules
Fixed incorrect active connection count calculation in appliance metrics
Fixed incorrect input type in temporary root password generation
Vulnerability fix

For detailed update schedules, see 2026 Release for TrendAI Vision One™ Service Gateway in the Success Portal.