Details

After the user confirms the installation of the Network Content Inspection Engine, applying a new 'Suspicious Object' through 'Suspicious Object Management' will result in the creation of so_policy_.json files in C:\Program Files\Trend Micro\Cloud Endpoint\modules\NetFilterBridgeModule\soPolicy without cleaning up old so_policy_.json files.

When a customer confirms the installation of the Network Content Inspection Engine (Network Content Inspection Engine | Trend Micro Service Central ) through the Trend Micro Network Service (tm_netsrv.exe), and configures a new Suspicious Object, the Trend Micro Network Service will receive a copy of the so_policy file without cleaning up the old so_policy files.

The Network Content Inspection Engine is a new feature released in the October Sensor for Windows update: Trend Vision One Endpoint Component Revision History.

Mitigation

Customers need to manually disable the sensor and then manually delete the so_policy files located in C:\Program Files\Trend Micro\Cloud Endpoint\modules\NetFilterBridgeModule\soPolicy.

This issue will be resolved in the November Sensor for Windows update.

Details

When a Network Detection event is triggered by the Network Content Inspection Engine (Network Content Inspection Engine | Trend Micro Service Central), the PID information for inbound traffic detection is currently always 0.

Mitigation

This is a known issue due to technical limitations. Trend Micro will address this with enhancements in a future release.