Behavior Monitoring logs show tmufe error codes 727 and /or 721 on the census query. This happened when the agent failed to connect to "osce14-en-census.trendmicro.com:443". This will impact performance because the behavior monitoring module will wait for query timeout when handling events. This may indicate unstable network connectivity or agents that are deployed in air-gapped environments.
Logs
E [CCensusEngine::RateFile]: Census query failed, tmufe error code: -727 [ (0)] E [CProcInfo::CheckCensusSync]: The Census query result of process(pid: 0x68e1c, path: C:\Windows\System32\conhost.exe) failed, error: -534511609 [ (0)] E [CCensusEngine::RateFile]: Census query failed, tmufe error code: -721 [ (0)] E [CCensusEngine::RateFile]: Census query failed, tmufe error code: -721 [ (0)] D [CCensusEngine::RateFile]: Can't reach Census server in last 5 queries, start suspending Census query for next 180 seconds [ (0)]
Solution
- Ensure that the URLs used by Apex One are allowed to pass through the firewall:
- Add the following configuration below on the Apex One Server. After enabling the key, it will force the behavior monitoring module event worker thread to use queried results from previous events by an async thread instead of querying from the TrendMicro backend service that causes a timeout.
- In Apex One server machine, go to <Apex One Installation directory> Trend Micro\Apex One \PCCSRV\ ofcscan.ini. Under the [Global Setting] section, manually add/modify the following configurations:
- [Global Setting]
- AegisUseQueriedCensusResult=1
- On the agent side, make sure the following registries are updated.
- Open the registry editor and look for the following key: [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS]
- "UseQueriedCensusResult"=dword:00000001
- In Apex One server machine, go to <Apex One Installation directory> Trend Micro\Apex One \PCCSRV\ ofcscan.ini. Under the [Global Setting] section, manually add/modify the following configurations: