SoraYazılım
English
Custom software solutions from Türkiye
Trend Micro · Cybersecurity

Apex One

AI-driven enterprise endpoint protection (EPP + EDR).

Request a quoteFAQ
Quick answer

Apex One is Trend Micro's enterprise endpoint protection product. It combines EPP and EDR in a single agent and protects Windows, macOS and Linux clients with behavioral analysis, virtual patching and machine learning. It runs SaaS (As a Service) or on-prem and feeds the Vision One XDR sensor.

Apex One is Trend Micro's enterprise endpoint protection product — the successor to OfficeScan. It unifies EPP (Endpoint Protection Platform) and EDR (Endpoint Detection and Response) into a single agent.

Layered defenses include behavioral analysis, file reputation, machine learning, anti-exploit, ransomware rollback and virtual patching (Vulnerability Protection). Vulnerability Protection in particular shields Windows endpoints that have not yet received a patch — closing the 0-day window at the network level.

Apex One can be deployed in three modes: SaaS (Apex One as a Service), on-prem and hybrid. It is the foundational sensor of the Vision One XDR architecture — Vision One customers install the Apex One agent and stream telemetry into the correlation platform.

Anti-ransomware leadership: in 2024 and 2025 SE Labs Endpoint Protection tests, Apex One scored AAA (highest tier) and detected/blocked 100% of ransomware samples without false positives. Behavioral monitoring spots ransomware behavior before file encryption begins; if encryption does start, Ransomware Rollback can restore the latest 30 seconds of file changes from cache.

Virtual patching (Vulnerability Protection) value: 80% of enterprise endpoints carry at least one known CVE that has not been patched. Patch deployment averages 30–60 days in enterprise environments due to test/validation cycles. Apex One's host IPS engine inspects network traffic for attack signatures matching known CVEs and blocks attempts on unpatched endpoints — bridging this 0-day window. Not a replacement for patch management; a critical complement.

Multi-OS support: Windows 7 SP1+ to Windows 11/Server 2022, macOS 12 (Monterey) and later (including native Apple silicon M1/M2/M3/M4), and selected Linux distributions. Single agent across the heterogeneous fleet.

Key features

What it offers

  • EPP + EDR in a single agent
  • Behavioral monitoring and ransomware rollback
  • Virtual patching (Vulnerability Protection)
  • Application control and device control
  • Full integration with Vision One XDR
  • Windows, macOS, limited Linux support
  • DLP add-on module for data-loss prevention
  • Predictive Machine Learning (file + process)
  • AAA-rated by SE Labs
  • Apple silicon native (M-series)
Tech Summary

Important technical data

Operating systems
Windows 10/11/Server 2016+, macOS 12+
Deployment model
SaaS, on-prem, hybrid
Agent footprint
~250 MB disk, ~150 MB RAM
Management console
Apex Central (SaaS or on-prem)
Licensing
Per device, annual (3-year discounted)
XDR sensor
Same agent as Vision One
SE Labs rating
AAA (2024 & 2025)
MITRE ATT&CK Evaluations
High detection + low FP
Use Cases

When would you choose this product?

Insurance

Centralized protection for 10,000+ clients

A Turkish insurer protects 12,000 endpoints across HQ + broker network from a single Apex One console; virtual patching neutralizes patch latency on broker PCs.

Healthcare

Hospital information system (HIS) protection

A private hospital chain positions Apex One alongside application control on HIS endpoints — only authorized clinical applications are allowed to run.

Logistics

Field laptops + office protection

Field-staff laptops and warehouse scanners are managed under one Apex One policy with web-threat, exploit and ransomware protection.

Government

Virtual patching for unpatchable legacy Windows

A government organization with legacy Windows Server 2012 R2 endpoints keeps them protected with Vulnerability Protection while modernization budget arrives.

Education

University student laptop fleet

A university manages 8,000 student-issued laptops centrally with Apex One; tampered or rooted devices trigger automatic isolation.

Who is it for?

Enterprise Windows/Mac/Linux client fleets — typically 250+ endpoints across mid-to-large organizations.

Frequently Asked Questions

Frequently asked questions

What is the difference between Apex One and Worry-Free?
Worry-Free is the simplified cloud-managed version for 5–500 user SMBs. Apex One adds enterprise policy flexibility, virtual patching, application control and Vision One XDR integration.
Can Apex One be used without Vision One?
Yes. Apex One can stand alone as EPP + EDR managed via Apex Central. To get correlated XDR, SOAR and Companion AI, however, you add Vision One.
How strong is Linux support?
The Apex One agent runs on RedHat, CentOS, Ubuntu and SUSE — but it is not as rich as on Windows. For server Linux we recommend Trend Cloud One Workload Security (Deep Security).
How does virtual patching work?
The Vulnerability Protection module behaves like a host IPS, scanning network traffic for attack signatures matching known CVEs. Even on an unpatched Windows endpoint, attack attempts are blocked. It is not a replacement for patch management — it is a temporary bridge.
Does Apex One support Mac protection?
Yes. macOS 12 (Monterey) and later are fully supported: anti-malware, web reputation, behavioral protection and device control. Apple silicon (M1/M2/M3/M4) runs natively.
Does ransomware rollback really work?
Yes. When ransomware is detected, Apex One restores the last 30 seconds of file changes from cache. It is not the primary defense against modern ransomware, but it is a valuable last line.
Can it be installed on Domain Controllers or Exchange Servers?
For servers we recommend Deep Security / Server Workload Protection rather than Apex One. Apex One can run on servers, but Deep Security adds host IPS, FIM, log inspection and cloud-workload features designed for servers.
Can Apex One and Microsoft Defender run simultaneously?
No — for performance and compatibility, Defender is automatically moved to passive mode on Apex One install (on Windows 11/Server 2022).
How does license renewal work?
There are 1-year and 3-year packages. The 3-year bundle is typically 15–20% discounted. Sora Yazılım sends a renewal reminder 90 days before expiry and prepares quotes.
Can USB be blocked with device control?
Yes. The Apex One Device Control module can block or allow USB, CD/DVD, Bluetooth, modem and mobile devices by serial number or device class. Common usage for KVKK and DLP policies.
Vendor's official product page

Opens the vendor's original technical documentation and product page in a new tab.

Trend MicroApex One
From the same brand

Trend Micro family — other products

Trend Vision One

AI-driven platform unifying XDR, ASRM and cyber risk management in a single console.

Details

Worry-Free Business Security

Cloud-based endpoint + email protection for SMBs.

Details

Deep Security / Server & Workload Protection

Hybrid workload security for physical, virtual and cloud servers.

Details

Trend Email Security

Advanced email threat protection for Microsoft 365 and Google Workspace.

Details
Comparable Solutions

Similar solutions from other brands

Bitdefender

GravityZone Business Security Enterprise

EPP + EDR + XDR sensors in a single package.

DetailsFortinet

FortiClient (ZTNA + EPP)

One agent for VPN, ZTNA, EDR and compliance.

Details
Related Services

Services we deliver alongside this product

devops-altyapi

Apex One licensing + deployment + support

Sora Yazılım handles licensing, deployment, training and ongoing management — all from a single team.

Request a quoteTrend Micro