Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Comparison between Apex One Endpoint Sensor (SaaS) and XDR Sensor

    • Updated:
    • 28 Apr 2021
    • Product/Version:
    • Apex One All
    • Platform:
Summary

Apex One Endpoint Sensor (SaaS) supports the following platforms:

  • Windows Desktop
  • Windows Server
  • macOS

For the platforms that XDR sensor supports, please refer to the following link: XDR Sensor System Requirements.

Details
Public
FeaturesApex One
Endpoint Sensor
(SaaS)
XDR Sensor
Windows
XDR Sensor
Linux
XDR Sensor
macOS
Resource UsageFrequency of sending dataAverage every 5 minutesAverage every 5 minutesEvery 5 minutes or GPB size >900KBEvery 5 minutes
Average Generated Data20 MB/agent/day7 MB/agent/day8.7 MB/agent/dayAround 6 MB/(agent*day)
Average Network Bandwidth Usage20 MB/agent/day7 MB/agent/day8.7 MB/agent/dayAround 6 MB/(agent*day)
Local telemetry cache size when sensor cannot send data to server500 MBin memory200MBin memory (200MB)
The agent behavior after the license expiredDon't record and send any telemetry dataCurrently, when the license expires, the sensor still sends telemetry data to the server and stops renewing the required tokens, so the server will no longer receive the telemetry data.
InvestigationBased on criteria to do an investigation✔️✔️✔️✔️
Based on IOC to do an investigation✔️
Do a live investigation to check the present status✔️*1✔️*2✔️*2✔️*2
DetectionThreat Detection w/ Attack Discovery✔️*3✔️*4✔️*4✔️*4
Mitigation/ResponseAdd to User-defined suspicious object✔️✔️✔️
Terminate Process✔️✔️*5
Network isolation of endpoint✔️*6✔️*7
Collect File✔️✔️✔️
Remote Shell✔️✔️✔️
Coordination to EPP production✔️*8✔️*9✔️*9✔️*9
 

*1 The Apex One Endpoint Sensor (SaaS) supports doing live investigation via diskIOC scan, YARA scan, and registry scan.

*2 The XDR sensor supports checking present status via remote shell feature.

*3 The Apex One Endpoint Sensor (SaaS) has its own attack discovery detection engine. After Apex One is registered to Vision One, the Vision One backend server provides detection capability based on recorded activity data.

*4 XDR Sensor doesn't have a detection engine. However, the Vision One backend service provides detection capability based on recorded activity data.

*5 The XDR sensor supports to kill running processes via remote shell feature.

*6 This is for Windows only and it relies on Apex One EPP

*7 This is available when Apex One as a service has registered to Vision One. Users can click isolate endpoint in the Context menu of events in the Vision One Search App or Workbench App that is triggered by Apex One EPP, such as the Apex One detection log.

*8 Apex One Endpoint Sensor (SaaS) is an integrated module of Apex One. If users would like to install Apex One security agent with other EPP products, they have to install the Apex One Coexist agent, not the Full agent. 

*9 The XDR Sensor is a standalone sensor, and it can coexist with Trend Micro EPP products and 3rd-party EPP products.

 

Supported coexistence products:

  • Apex One On-Premise
  • Apex One as a Service
  • Deep Security On-Premise
  • Microsoft Defender
  • Symantec Endpoint Protection (SEP)
  • McAfee Endpoint Security (MES)
 
Microsoft will default enable the case-sensitive feature after the Windows 10 21H2 update, and Apex One Endpoint Sensor (SaaS) cannot support case sensitivity due to the design specification. It means that users should migrate Apex One Endpoint Sensor (SaaS) to XDR sensor or they should disable case-sensitive feature to make sure that Apex One Endpoint Sensor (SaaS) can work properly.
Premium
Internal
Partner
Rating:
Category:
SPEC
Solution Id:
000286401
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.