This KB contains recommendations that may help mitigate these behaviors.
- Apex One on-prem Patch 3 (above SP1 recommended)
- Patch 5 Apex Central
Verify that endpoint basecamp is installed on all endpoints in order to avoid the upgrade resulting into endpoints ending up with the sensor disabled.
The recommended method is comparing the Apex One and Endpoint Inventories to see if there is a delta between the number of endpoints. Both inventories can be exported for easy comparison.
If the number of missing endpoints is small, the recommended option is the deployment of endpoint basecamp on the missing machines to force a re-enter into the inventory.
If the number of missing endpoints is large, please reach out to Trend Micro Technical Support and provide the export containing the machines you need assistance with. For reference, please refer to this: Managing the Endpoint List in Endpoint Inventory 2.0
Verify that XDR Endpoint Sensor (XES) is correctly aligned to the Trend Vision One business ID as outlined here: Endpoint Inventory Update Considerations
If the XES is not aligned to the correct Trend Vision One business ID, please reach out to Trend Micro Technical Support for assistance.
If a number of endpoints missing from the Endpoint Inventory, it can be due to a different configuration for auto-purge settings prior to upgrade to the Foundation based Trend Vision One.
For more details, check out this article: Missing Endpoint scenarios for Trend Vision One
When your inventory for protection agents is imported into endpoint inventory, its improved logic will visualize the endpoints that were previously purged from the Endpoint Inventory.
Additionally, as shown in the below screenshot, the audit log from Endpoint Inventory will show "Agent Removal" activity if endpoints were removed manually or automatically.
In the Foundation Endpoint Inventory, clicking on the hyperlink context window will provide the endpoint’s details, the GUID visible is of the protection agent. The created duplicated entry will be for Endpoint basecamp.
For Standard Endpoint Protection:
An enhancement has been deployed in the December Maintenance to mitigate this issue. More details can be found here: Trend Micro Apex One™ as a Service December 2023 Maintenance Notice
If the issue appears after the December update, please reach out to Trend Micro Technical Support for assistance.
For Server & Workload Protection:
The duplicate endpoints issue can be resolved by deactivating & reactivating the agent with the command below. This action will realign the GUID’s.
Deactivate C1 agent
$ /opt/ds_agent/dsa_control -r #
Activate C1 agent
$ /opt/ds_agent/dsa_control -a dsm://agents.workload.cloudone.trendmicro.com:443/ "tenantID:" "token:"
If the steps have not resolved the issue, please reach out to Trend Micro Technical Support for further assistance.
Following the upgrade to Trend Vision One Foundation, it is recommended to upgrade to the XDR endpoint sensor (XES) to take advantage the improved functionality.
To perform the upgrade, filter on the endpoints with the relevant status and click ‘Enable Sensor’. This action will start the XES installation process and automatically replace iES with XES.
For endpoints on Server & Workload Protection that are using Activity Monitoring it is also recommended to deploy the Trend Vision One Sensor XES.
To perform the upgrade to XES, please use the tooltip within Endpoint Inventory to deploy the Sensor package to the endpoints.
- Login to the Trend Vision One Console.
- Obtain the missing device GUID’s as per the instructions within this KB article: Finding Endpoint Information
- Go to Help & Support
- Click Run diagnostic test
- Under ‘Endpoint not found in Endpoint Inventory’ click on Run test
- Specify the GUID’s of the missing endpoints.
Additionally, XDR endpoint communication issues can also cause endpoints to not appear in the Endpoint Inventory. Communication issues can be identified with Trend Vision One as outlined within this KB: XDR Endpoint Checker