TrendMicro Apex One Update 13150 kills SmartScan

Posted on 2025-01-27 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]A short note to administrators and IT service providers among the blog readers who use TrendMicro Apex One for themselves or their customers. The update 13150 available for this security solution should be used with caution. A blog reader has informed me (thank you) that the update may kill the SmartScan function.

Advertising

Blog reader Sebastian A. recently contacted me by email because he ran into a problem when using TrendMicro Apex One, which may also affect other admins. The reader wrote that the on-premise installation of TrendMicro Apex One SP1 with the latest update was causing a problem in his environment. The installation runs normally. The clients are also downloading the update as normal, wrote the blog reader.

SmartScan-Problem

TrendMicro Status

As the screenshot above shows, SmartScan no longer works once TrendMicro Apex One Update 13150 has been installed. This must have been rolled out on January 23, 2025. According to the reader, all clients/servers are online but marked "red" in the admin console.

TrendMicro Status

Advertising

According to the reader, there are no further entries in the event log, neither on the client nor on the server.

diagnostic_spsc_updatepattern.log
2025/01/17 22:56:36:523 Mitteleuropäische Zeit [ 7068:16036] ERROR [UpdateImportPattern::Import] import error 230[0xe6](ICRC_CONSOLE_DB_FAIL) [updatepattern_import_obj.cpp:156]

TmuDump.txt
Err 20250117 22:56:28 17828 17032 Getaddrinfo failure, return code: 11001, error: Der angegebene Host ist unbekannt. .
Err 20250117 22:56:28 17828 17032 Connect returns, WSAerror(183)
Err 20250117 22:56:28 17828 17032 Getaddrinfo error
Err 20250117 22:56:28 17828 17032 HttpsConnection: Socket connect fail
Err 20250117 22:56:28 17828 17032 connect failed, will not send the report

The reader is in contact with support and writes that the above entries were the first errors that support saw. According to the reader, he is aware of others affected. However, virus detection continues to function normally – the EICAR test file is recognized immediately, the reader notes.

IIn the administration under "Smart Protection > Integrated Server", an error message without text and an implausible date stamp can be seen, the reader added. According to the instructions in the changelog, a rollback is also not entirely possible, as files are missing that are referenced. Anyone else affected?

Advertising
This entry was posted in Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).