Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Safelisting Trend Micro Apex One™ as a Service DNS Name and IPs

    • Updated:
    • 5 Aug 2020
    • Product/Version:
    • Apex One as a Service
    • Platform:
    • N/A
Summary

Due to security concerns, some organizations may rely on a safelisting approach to Internet communications. As Apex One as a Service relies on Internet communication for command and control management, the DNS Name/IPs used by Apex One as a Service may need to be approved to allow this communication.

Details
Public
 
Trend Micro recommends configuring your firewall Outbound filter rule to allow the following Apex One as a Service DNS Name, IPs, and URLs.

Regardless of whether the servers are approved by DNS or IP, the following ports are used.

  • Apex One: TCP 443
  • Apex One (Mac): TCP 8443

The recommended method of safelisting is by DNS name. Apex One as a Service resides on Microsoft’s Azure Cloud infrastructure. As such, there is not a set of IP or IPs that the Apex One as a Service server operates on. By approving the DNS name a large number of IP Subnets will not need to be approved as the IP can be dynamically approved based on DNS.

The first DNS name is the name for the management login. This can be found in the address bar when logging into Apex One as a Service.

Apex One

Apex One™ DNS

Two other required names are the Apex One server’s DNS Name and the Apex One (Mac) DNS Name.

To find the Apex One name:

  1. Log into the Apex One as a Service (Apex Central) web console.
  2. Click Administration.
  3. Click Managed Servers.
  4. Click Server Registration.
  5. Verify that the Server Type is Apex One.

You will see the server name listed there.

Verify that the Server Type is Apex One™

Apex One (Mac)

To find the Apex One (Mac) as a Service name:

  1. Log into the Apex One as a Service (Apex Central) web console.
  2. Click Administration.
  3. Click Managed Servers.
  4. Click Server Registration.
  5. Verify that the Server Type is Apex One (Mac).

You will see the server name listed there.

Verify that the Server Type is Apex One™ (Mac)

Apex One as a Service resides in Microsoft’s Azure Cloud infrastructure. As such, there is not a set of IP or IPs that the Apex One as a Service server operates on.

Currently, Apex One as a Service resides in several regions of the Azure Cloud. Microsoft provides a list of their datacenter IP ranges that can be used for safelisting in JSON format.

Microsoft Azure Datacenter IP Ranges

From this page, you can download the current Microsoft provided Public IP list. Customers only need to import the following Region Name in IP Range file:

  • "name": "AzureCloud.australiaeast"
  • "name": "AzureCloud.centralus"
  • "name": "AzureCloud.westeurope"
  • "name": "AzureCloud.southeastasia"

The following URLs will also need to be available for the agents:

 
  • The following services were using CDN (Content Delivery Network) as cache so no static IPs can be provided.
  • Some URLs are accessed depending on which product localization is used. If you are using English version, only the “*-en” URLs need to be approved.
  • Apex One as a Service with XDR

    If the customer's Apex One SaaS is integrated with Trend Micro XDR, the following address should be allowed for agents uploading activity data up to datalake:

    • *.etdl.trendmicro.com:443
  • ActiveUpdate - https://osce14-p.activeupdate.trendmicro.com/activeupdate
  • Global Smart Scan Server - https://osce14.icrc.trendmicro.com/tmcss
  • License Server - http://licenseupdate.trendmicro.com/ollu/license_update.aspx
  • Host Data Lake - xdr-nabu-prod.etdl.trendmicro.com
  • PR Feedback Server - https://licenseupdate.trendmicro.com/fb/bifconnect.ashx
  • Web Rating Server
    • osce14-0-en.url.trendmicro.com
    • osce14-0-jp.url.trendmicro.com
    • osce14-0-tc.url.trendmicro.com
    • osce14-0-de.url.trendmicro.com
    • osce14-0-fr.url.trendmicro.com
    • osce14-0-sp.url.trendmicro.com
    • osce14-0-ru.url.trendmicro.com
    • osce14-0-it.url.trendmicro.com
    • osce14-0-po.url.trendmicro.com
    • osce14-0-kr.url.trendmicro.com
  • Smart Feedback
    • osce140-de.fbs25.trendmicro.com
    • osce140-en.fbs25.trendmicro.com
    • osce140-es.fbs25.trendmicro.com
    • osce140-fr.fbs25.trendmicro.com
    • osce140-jp.fbs25.trendmicro.com
    • osce140-pl.fbs25.trendmicro.com
    • osce140-it.fbs25.trendmicro.com
    • osce140-ru.fbs25.trendmicro.com
    • osce140-tc.fbs25.trendmicro.com
    • osce140-kr.fbs25.trendmicro.com
  • NFC Server
    • osce14-en.gfrbridge.trendmicro.com
    • osce14-jp.gfrbridge.trendmicro.com
    • osce14-tc.gfrbridge.trendmicro.com
    • osce14-kr.gfrbridge.trendmicro.com
    • osce14-de.gfrbridge.trendmicro.com
    • osce14-fr.gfrbridge.trendmicro.com
    • osce14-it.gfrbridge.trendmicro.com
    • osce14-es.gfrbridge.trendmicro.com
    • osce14-ru.gfrbridge.trendmicro.com
    • osce14-po.gfrbridge.trendmicro.com
  • Census server
    • https://osce14-en-census.trendmicro.com
    • https://osce14-de-census.trendmicro.com
    • https://osce14-fr-census.trendmicro.com
    • https://osce14-es-census.trendmicro.com
    • https://osce14-it-census.trendmicro.com
    • https://osce14-pl-census.trendmicro.com
    • https://osce14-ru-census.trendmicro.com
    • https://osce14-jp-census.trendmicro.com
    • https://osce14-kr-census.trendmicro.com
    • https://osce14-tc-census.trendmicro.com
  • Census server (Backup)
    • osce14bak-en-census.trendmicro.com
    • osce14bak-de-census.trendmicro.com
    • osce14bak-es-census.trendmicro.com
    • osce14bak-fr-census.trendmicro.com
    • osce14bak-it-census.trendmicro.com
    • osce14bak-jp-census.trendmicro.com
    • osce14bak-kr-census.trendmicro.com
    • osce14bak-pl-census.trendmicro.com
    • osce14bak-ru-census.trendmicro.com
    • osce14bak-sc-census.trendmicro.com
    • osce14bak-tc-census.trendmicro.com
  • Predictive Machine Learning (File)
    • osce140-en-f.trx.trendmicro.com
    • osce140-de-f.trx.trendmicro.com
    • osce140-es-f.trx.trendmicro.com
    • osce140-fr-f.trx.trendmicro.com
    • osce140-it-f.trx.trendmicro.com
    • osce140-jp-f.trx.trendmicro.com
    • osce140-kr-f.trx.trendmicro.com
    • osce140-pl-f.trx.trendmicro.com
    • osce140-ru-f.trx.trendmicro.com
    • osce140-tc-f.trx.trendmicro.com
  • Predictive Machine Learning (Behavior)
    • osce140-en-b.trx.trendmicro.com
    • osce140-de-b.trx.trendmicro.com
    • osce140-es-b.trx.trendmicro.com
    • osce140-fr-b.trx.trendmicro.com
    • osce140-it-b.trx.trendmicro.com
    • osce140-jp-b.trx.trendmicro.com
    • osce140-kr-b.trx.trendmicro.com
    • osce140-pl-b.trx.trendmicro.com
    • osce140-ru-b.trx.trendmicro.com
    • osce140-tc-b.trx.trendmicro.com
  • Predictive Machine Learning (Co-Exist Mode)
    • oscecmp140-de-f.trx.trendmicro.com
    • oscecmp140-en-f.trx.trendmicro.com
    • oscecmp140-es-f.trx.trendmicro.com
    • oscecmp140-fr-f.trx.trendmicro.com
    • oscecmp140-it-f.trx.trendmicro.com
    • oscecmp140-jp-f.trx.trendmicro.com
    • oscecmp140-kr-f.trx.trendmicro.com
    • oscecmp140-pl-f.trx.trendmicro.com
    • oscecmp140-ru-f.trx.trendmicro.com
    • oscecmp140-tc-f.trx.trendmicro.com
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1119967
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.