Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Comparison between Apex One Endpoint Sensor (SaaS) and XDR Sensor

    • Updated:
    • 18 Oct 2021
    • Product/Version:
    • Apex One
    • Apex One All
    • Platform:
Summary

XDR Sensor is the succeeding version of Apex One Endpoint Sensor which is tightly integrated with Trend Micro Vision One. Customers are encouraged to upgrade their existing Apex One Endpoint Sensor to XDR sensor to take advantage of its advanced features.

This article provides a comparison between Apex One Endpoint Sensor and XDR Sensor

For the platforms that XDR sensor supports, please refer to the following link: XDR Sensor System Requirements .

Details
Public
 

The Sensor used in Apex One SaaS is based on how users deploy Sensors:

 
  • The Apex One Security Agent will use the Apex One Endpoint Sensor (SaaS) when enabling Endpoint Sensor via Apex Central Policy.
  • The Apex One Security Agent will use the XDR Sensor when enabling Sensor through Vision One Endpoint Inventory.
FeaturesApex One
Endpoint Sensor
(SaaS)
XDR Sensor
Windows
XDR Sensor
Linux
XDR Sensor
macOS
Resource UsageFrequency of sending dataAverage every 5 minutesAverage every 5 minutesEvery 5 minutesEvery 5 minutes
Average Generated Data20 MB/agent/day7 MB/agent/day8.7 MB/agent/day6 MB/(agent*day)
Average Network Bandwidth Usage20 MB/agent/day7 MB/agent/day8.7 MB/agent/day6 MB/(agent*day)
Local telemetry cache size when sensor cannot send data to server500 MBin memory (50MB)200MBin memory (200MB)
The agent behavior after the license expiredDon't record and send any telemetry dataCurrently, when the license expires, the sensor still sends telemetry data to the server and stops renewing the required tokens, so the server will no longer receive the telemetry data.
InvestigationBased on criteria to do an investigation✔️✔️✔️✔️
Do a live investigation to check the present status✔️*1✔️*2✔️*2✔️*2
DetectionThreat Detection w/ Attack Discovery✔️*3✔️*4✔️*4✔️*4
Mitigation/ResponseAdd to User-defined suspicious object✔️
Regarding the mitigation/response features, please refer to the link below for more details. 
Terminate Process✔️
Network isolation of endpoint✔️*5
Collect File✔️
Remote Shell
Coordination to EPP production✔️*6✔️*7✔️*7✔️*7
 

*1 The Apex One Endpoint Sensor (SaaS) supports doing live investigation via diskIOC scan, YARA scan, and registry scan.

*2 The XDR sensor supports checking present status via remote shell feature.

*3 The Apex One Endpoint Sensor (SaaS) has its own attack discovery detection engine. After Apex One is registered to Vision One, the Vision One backend server provides detection capability based on recorded activity data.

*4 XDR Sensor doesn't have a detection engine. However, the Vision One backend service provides detection capability based on recorded activity data.

*5 This is for Windows only and it relies on Apex One EPP

*6 Apex One Endpoint Sensor (SaaS) is an integrated module of Apex One. If users would like to install Apex One security agent with other EPP products, they have to install the Apex One Coexist agent, not the Full agent. 

*7 The XDR Sensor is a standalone sensor, and it can coexist with Trend Micro EPP products and 3rd-party EPP products.

 

Supported coexistence products:

  • Apex One On-Premise
  • Apex One as a Service
  • Deep Security On-Premise
  • Microsoft Defender
  • Symantec Endpoint Protection (SEP)
  • McAfee Endpoint Security (MES)
 
Microsoft will default enable the case-sensitive feature after the Windows 10 21H2 update, and Apex One Endpoint Sensor (SaaS) cannot support case sensitivity due to the design specification. It means that users should migrate Apex One Endpoint Sensor (SaaS) to XDR sensor or they should disable case-sensitive feature to make sure that Apex One Endpoint Sensor (SaaS) can work properly.
Premium
Internal
Partner
Rating:
Category:
SPEC
Solution Id:
000286401
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.