Enroll your Standard Endpoint Protection and Server & Workload Protection instances in version control policies to centralize management of agent and component updates.
 |
Important
|
Version control policies automatically manage agent and component updates for the
TrendAI Vision One™ Endpoint Security agent. Updates for endpoint protection components are managed based on the enrollment status
of your Protection Managers. The table below details what version control policies
manages:
 |
NoteTrendAI Vision One™ Endpoint Security agent engine updates follow the same policy settings as agent software updates. This includes
Standard Endpoint Protection and Server & Workload Protection.
|
|
Solution
|
TrendAI Vision One™ Endpoint Security agent components (software, XDR for Endpoints (EDR))
|
Endpoint protection components (software, engines, patterns)
|
|
TrendAI™ endpoint agents reporting to
TrendAI Vision One™ Endpoint Inventory
|
Yes
Only controls updates to components for the TrendAI Vision One™ Endpoint Security agent, does not include software or engine updates for other connected agents.
|
No
Component updates (software, patterns, engines) for TrendAI™ Apex One as a Service or Cloud One Endpoint & Workload Protection cannot be enrolled
in Version Control Policies.
|
|
Standard Endpoint Protection Managers - enrolled in version control policies
|
Yes
|
Yes
|
|
Standard Endpoint Protection Managers - not enrolled in version control policies
|
Yes
|
No
|
|
Server & Workload Protection Managers - enrolled in version control policies
|
Yes
|
Yes
|
|
Server & Workload Protection Managers - not enrolled in version control policies
|
Yes
|
No
|
For connected endpoint protection solutions (for example, TrendAI™ Apex One as a Service or Cloud One Endpoint & Workload Protection), the version control
policies only apply to endpoints that report to TrendAI Vision One™ Endpoint Inventory (endpoints with the TrendAI Vision One™ Endpoint Security agent installed). The connected endpoint protection servers apply their own components
policies to manage all other components.
To manage endpoint protection updates for Standard Endpoint Protection and Server
& Workload Protection, you must enroll your Protection Manager instances. To enroll
your Protection Manager instances, click the settings icon (
) and select Protection Manager enrollment.
) and select Protection Manager enrollment. |
ImportantNewly created Protection Manager instances are automatically enrolled in Version Control
Policies and do not appear in Protection Manager enrollment. If you need to unenroll an instance not listed in Protection Manager enrollment, please contact your support provider.
If you updated from Cloud One Endpoint & Workload Security to Server & Workload Protection,
verify the API keys have been generated in your Cloud One console. If the API keys
do not generate correctly, you cannot view or select your Server & Workload Protection
Manager in the enrollment list. For more information, see Why is my Protection Manager not on the enrollment list?
You can still assign endpoint groups to version control policies even if the Protection
Manager instance is not enrolled.
|
When enrolling, please note the following:
-
Version control policies only support TrendAI Vision One™ Endpoint Security agent version 202412 and later. For detailed information, see Version control policies agent requirements.
-
Version control policies cannot manage endpoints which do not have the TrendAI Vision One™ Endpoint Security agent installed. For more information, see What is an unmanaged endpoint?.To download and install the TrendAI Vision One™ Endpoint Security agent package, see Deploy agents.
-
Version Control Policies does not support Update Agents or Relays configured in your Protection Managers. Instead, you can use Runtime Proxy Settings to configure your endpoints to connect with a Service Gateway with ActiveUpdate service and Generic Caching Service enabled.
Important
The Generic Caching Service is a pre-release feature not supported in all regions and might not appear in your list of Service Gateway services. To access the service, please contact your sales representative.Connection Policies is a new feature you can use to configure agent relays using the TrendAI Vision One™ Endpoint Security agent. This feature is currently in private preview with an expected release date of April 2026. If you want to access this feature before it enters public preview or is officially released, contact your sales representative. For more information, see Connection Policies -
Policy settings override any settings in the Protection Manager. This includes version control and pausing, resuming, or disabling updates.
-
Some component update settings are handled by the Protection Managers.
-
For Standard Endpoint Protection, you can configure the agent update schedule as well as which components are included in agent updates. Updating the agent program is controlled by the assigned version control policy.To configure the update schedule and component settings for Standard Endpoint Protection, see Component Updates.
-
For Server & Workload Protection, you can configure the agent update schedule. All other settings are ignored by endpoint agents managed by a version control policy.To configure the update schedule for Server & Workload Protection, see Apply component updates.
-