Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Detections not being reported back to the Apex One server

    • Updated:
    • 27 Mar 2020
    • Product/Version:
    • Apex One All
    • Platform:
Summary

Detections on endpoints are not being reported to the Apex One server. However, email notifications are being received.

Detection not reported in Apex One

Details
Public

The log collected during the Apex One Master Service restart shows that logAccessor was not able to start correctly, which is why the log eventually cannot send to SQL:

2020 01/29 11:21:08 [272c : 24b8] (00) (D) [][LogAccessor.exe]Err: An SqlException exception occurred at Open Connection.: Login failed for user ''. - [(1)]

AES256 encryption is on as well as FipsAlgorithmPolicy:

===
EncType=1
===
===
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Enabled=1
===

According to Microsoft, decrypting will cause exception when AES256 and FipsAlgorithmPolicy are both on:

If the Windows security policy setting for Federal Information Processing Standards (FIPS)-compliant algorithms is enabled, using this algorithm throws a CryptographicException.

Disable AES256 (EncType=0) in Server-Agent Communication under Global Setting or disable FipsAlgorithmPolicy in Windows Security Settings > Local Policies > Security Options > System Cryptography.

You can also disable FIPS for good by following the steps in this link. More info:

"FIPS mode" doesn’t make Windows more secure. It just blocks access to newer cryptography schemes that haven’t been FIPS-validated. That means it won’t be able to use new encryption schemes, or faster ways of using the same encryption schemes. In other words, it makes your computer slower, less functional, and arguably less secure.

Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot
Solution Id:
000248133
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.