<> Trend Micro, Inc. June 19, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) ServerProtect(TM) for Storage 6.0 Patch 1 - Build 1194 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This readme file was current as of the date above. However, all customers are advised to check the Trend Micro website for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: http://olr.trendmicro.com Contents =================================================================== 1. About Trend Micro ServerProtect for Storage 6.0 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About Trend Micro ServerProtect for Storage 6.0 ====================================================================== ServerProtect for Storage 6.0 is an enhanced version of ServerProtect developed exclusively to provide antivirus solutions for NetApp devices, EMC Celerra, VNX/VNXe series and storage devices supporting Internet Content Adaptation Protocol (ICAP) antivirus scanner. 1.1 Overview of This Release =================================================================== This Patch includes all modifications released since ServerProtect for Storage 6.0 General Release Build 1095. 1.2 Who Should Install This Release =================================================================== You should install this patch if you are currently running ServerProtect for Storage 6.0. 2. What's New ====================================================================== Note: Please install this patch before completing any procedures in this section (see "Installation"). 2.1 Enhancements =================================================================== This patch includes the following new features and enhancements: Enhancement 1: This patch implements asynchronous input/output [Hot Fix 1107 EN] to improve the accepting thread for ICAP servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To configure the maximum number of threads that can be handled by the accepting thread: a. Install this patch (see "Installation"). b. Open a registry editor on the Normal Server. c. Add the following key and set its value to "4": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ IcapSetting Key: AcceptorHandlerThreadsNumber Type: DWORD Value: The default value is 4, but it is sufficient to improve the performance of the accepting thread. d. Restart the Normal Server service. Enhancement 2: This patch enables the ICAP Scanner in [Hot Fix 1124 EN] ServerProtect for Storage 6.0 to support ICAP REQMOD requests. The service name for REQMOD requests is "SPFS-AV-REQ" and should be in the following URI format: icap://[IP][:PORT]/SPFS-AV-REQ Enhancement 3: This patch enables ServerProtect for Storage 6.0 [Hot Fix 1135 EN] to display the long virus names instead of the short virus names. [Critical Patch 1164 EN] Enhancement 4: This patch adds a special antivirus program compatibility registry key to the Normal Server and Information Server. Microsoft(TM) checks for this special registry key value on the computer before running the next Security Update for Windows. Microsoft KB4056892 was released on January 4, 2018 and requires the new registry key be installed before you can apply the update. For more information about Microsoft KB4056892, refer to the following link: https://support.microsoft.com/en-us/help/4056892/ windows-10-update-kb4056892 This registry is created automatically each time spntsvc restarts even after this key has been deleted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 4: To disable this behavior: a. Install this patch (see "Installation"). b. Open the Registry Editor. c. Add the following key: Key="HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService" Name="DisableSUVPCompat" Type="REG_DWORD" Value="0x00000001" Enhancement 5: This patch enables ServerProtect for Storage to [Hot Fix 1178 EN] locate and delete files on HDI storage by true file type. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To enable ServerProtect for Storage to locate and delete files on HDI storage by true file type: a. Install this patch (see "Installation"). b. On the Normal Server: For 64-bit operating systems, open ".\Trend\SProtect\x64\TFTD.ini". For 32-bit operating systems, open ".\Trend\SProtect\TFTD.ini". c. Locate "EnableDeleteAction" and set it to "1". NOTE: Set "EnableDeleteAction=0" to disable the feature. d. Set the HDI server count in the "Count" key under the "ServerList" section. e. Set HDI server information in the "Server1" key under the "ServerList" section. NOTE: To add more than one HDI servers, set the information in "Server2" and so on. f. Set the true file type count in the "Count" key under the "TrueFileTypeList" section. g. Set the true file type value in the "FileType1" key. NOTE: To add more than one true file type, set the information in "FileType2" and so on. The true file type value table is defined in "TFTD.ini". Enhancement 6: This patch allows users to set the sleep time [Hot Fix 1179 EN] between scanning each folder during a manual scan or scheduled scan. Adjusting this time interval can help balance ServerProtect for Storage's CPU usage with its scan speed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To set the sleep time between scanning each folder during a manual scan or scheduled scan: a. Install this hotfix (see "Installation"). b. Open a registry editor on the Normal Server. c. Add the following key and set the time interval in milliseconds: Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\SpntService Key: ManualScanWaitTime Type: DWORD Value: The default value is "0", the unit is milliseconds d. Restart the Normal Server service. Enhancement 7: After updating MCP SDK to version 5.0.0.2270, [SPNT Hotfix 1494 EN] ServerProtect for Storage provides many cipher suites when starting an HTTPS connection. Enhancement 8: This patch upgrades Virus Scan Engine (user mode) to version 10.000.0.1040 to support more true file type detections. Enhancement 9: This patch allows the ICAP client to send requests without passing the file size by header "Content-Length" or ICAP_HEAD_X_SCAN_FILE_LENGTH. Enhancement 10: This patch adjusts some ICAP debug level logs to error level logs. Enhancement 11: This patch allows ServerProtect for Storage to download and deploy Virus Scan Engine (user mode) from the ActiveUpdate server. Enhancement 12: This patch enables ServerProtect for storage to exclude processes during real-time scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 12: To configure the Exclude Process List: a. Install this patch (see “Installation”). b. Open the Registry Editor. c. Add the following key: Path: "HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ Exception" Key: ProcessList Type: Multi-String Value Value: add the process full path to this ProcessList d. Restart the Normal Server Service "Spntsvc". Enhancement 13: This patch shows the ellipsis sign (...) in server names when you view logs if the server name is too long. 2.2 Resolved Known Issues =================================================================== This patch resolves the following issues: Issue 1: ServerProtect for Storage 6.0 cannot establish [Hot Fix 1099 EN] connections when it receives 215 or more connection requests within a short period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch enables ServerProtect for Storage 6.0 to process connection requests faster to ensure that it can handle up to 500 connection requests received within a short period of time. Issue 2: A previous hotfix changed the IP string format. [Hot Fix 1120 EN] As a result, ServerProtect for Storage cannot perform ICAP client validation by IP address. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch resolves the issue so that ServerProtect for Storage can perform ICAP client validation by IP address successfully. Issue 3: If the ServerProtect Normal Server with ICAP mode [Hot Fix 1120 EN] is installed on the Japanese version of the Microsoft(TM) Windows(TM) server, Japanese characters appear in the "Date" header of ICAP responses. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch ensures that no Japanese characters appear in ICAP responses under the scenario described above. Issue 4: When the C-mode Filer has been removed or [Hot Fix 1126 EN] unregistered from ServerProtect for Storage but the scanner server is still configured in the C-mode Filer, AV-Connect will still send scan requests to ServerProtect for Storage. As a result, the C-mode Filer may stop responding. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch enables the RPC Scanner in ServerProtect for Storage to reject requests from the AV-Connector if the filer has been removed or unregistered from ServerProtect for Storage. Issue 5: When the first action fails, the second action [Hot Fix 1126 EN] does not appear in email virus notifications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch ensures that the action description in email virus notifications are consistent with the information in the corresponding log records. Issue 6: The ICAP Scanner records a large number of [Hot Fix 1133 EN] compress violation logs as virus logs, which makes it difficult for users to manage virus logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch prevents the ICAP Scanner from recording compress violation logs as virus logs. If any file in a compressed file is skipped during a scan because of a compress scan policy in ICAP Scanner, the ICAP scanner will record a warning event log. By default, ServerProtect will send these warning event logs to users, but users can prevent ServerProtect from sending these logs through the registry. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To prevent ServerProtect from sending these warning event logs: a. Install this patch (see "Installation"). b. Open a registry editor on the Normal Server. c. Add the following key and set its value to "1": Path: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ ServerProtect\CurrentVersion\Engine\ IcapSetting Key: DisableCompressWanLog Type: DWORD Value: 1 Note: To receive the logs again, set the key to "0". d. Restart the Normal Server. Issue 7: When ServerProtect for Storage 6.0 is installed [Hot Fix 1145 EN] on Microsoft Windows Server 2016, the wrong platform version appears on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch ensures that the correct platform version appears on the Management Console. Issue 8: When ServerProtect for Storage 6.0 is installed [Hot Fix 1145 EN] on Microsoft Windows Server 2016 and registered to Control Manager, the wrong operating system information appears on the Control Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch ensures that the correct operating system information appears on the Control Manager console. Issue 9: When ServerProtect for Storage 6.0 runs, the [Hot Fix 1147 EN] SPNTSVC.exe" process goes up to over 90% of CPU utilization, and it remains at that level. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: Installing this patch reduces the CPU usage and ensures that the program works normally. Issue 10: When ServerProtect for Storage 6.0 is running, [Hot Fix 1148 EN] the file name with leading space is send to the scanner by scan request, and the scanner will give the "400 bad request" response to HNAS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: Installing this patch fixes the issue and treats it as a normal scan request. Issue 11: When ServerProtect for Storage 6.0 restarts, the [Hot Fix 1150 EN] corresponding item on the Control Manager console appears yellow and does not go back to green until after the Trend Micro Management Communication Protocol (MCP) Control Manager Agent (CMAgent) service has restarted again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: Installing this patch ensures that the Information Server restarts before the MCP CMAgent so that ServerProtect for Storage 6.0 appears in green on the Control Manager console after it restarts. Issue 12: Under certain conditions, a heap corruption issue [Hot Fix 1152 JP] triggers the Japanese version of ServerProtect for Storage 6.0 to stop unexpectedly while its spntsvc service attempts to send an email notification. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch ensures that ServerProtect for Storage allocates enough memory to operate to prevent the heap corruption issue so it can send out email notifications normally. Issue 13: Before scanning a compressed file, ServerProtect [Hot Fix 1154 JP] first determines whether the file can be scanned or not by checking if the contents exceed the maximum size configured by the user. There is no limit to the value that users can set the maximum content size to on the Management Console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch limits the value of the maximum content size to 2 GB. After applying this patch, the Management Console will not allow users to set the maximum content size to any value larger than 2 GB. Issue 14: In ICAP mode, the ICAP server returns a code 400 [Hot Fix 1158 EN] bad request error if it receives an ICAP request containing a file name with illegal characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch updates the workflow to enable ServerProtect for Storage to create a temporary file after receiving an ICAP request to make sure that the ICAP server works normally when the request contains a file name with illegal characters. Issue 15: In ICAP mode, the ICAP server returns a code 400 [Hot Fix 1158 EN] bad request error if it receives an ICAP request with certain file names from an ICAP client. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch updates the workflow for extracting file names from ICAP requests to ensure that file names are extracted correctly. Issue 16: When an ICAP client uses an HTTP persistent [Hot Fix 1158 EN] connection in ICAP mode, the ICAP server closes the connection to this ICAP client after it sends a 400 bad request response to the ICAP client. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch enables the ICAP server to close the connection to an ICAP client on an HTTP persistent connection in ICAP mode only after it sends a 408 request timeout response to the ICAP client. Issue 17: When ServerProtect for Storage receives a large [Hot Fix 1160 EN] number of RPC scan requests during a pattern update, the RPC scan threads might stall and running scans may fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch adds a read-write lock for pattern operations to help ensure that scans proceed normally during pattern updates. Issue 18: When ServerProtect for Storage scans files in a [Hot Fix 1163 JP] C-mode filer, it will request to set up an SMB session each time it opens a file. As a result, it takes longer to scan files in C-mode filers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch enables all scan threads to establish a persistent network connection for every C-mode filer address sent from the AV connector. This eliminates the need to set up an SMB session each time ServerProtect for Storage opens a file in a C-mode filer for scanning. Issue 19: The CMAgent stops responding when it receives [Hot Fix 1169 EN] certain abnormal commands. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix enables the CMAgent to handle abnormal commands. Issue 20: An issue prevents the exclusion extensions [SPNT Hotfix 1465 EN] setting from working normally after the Normal Server restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch resolves the issue to ensure that the exclusion extensions setting works normally. Issue 21: The Trend Micro Control Manager Agent (CMAgent) [SPNT Hotfix 1467 JP] for ServerProtect may stop unexpectedly while running vulnerability scanner tools. This happens if the CMAgent receives unexpected data from any of the vulnerability scanner tools which then trigger an exception error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch enables the ServerProtect CMAgent to handle the exception, which helps prevent it from stopping unexpectedly when it receives unexpected data from vulnerability scanner tools. Issue 22: The Trend Micro Control Manager Agent (CMAgent) [SPNT Hotfix 1468 JP] of ServerProtect stops unexpectedly after starting simultaneously with Control Manager. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch ensures that the ServerProtect CMAgent works normally. Issue 23: The "spntsvc.exe" service may stop unexpectedly [SPNAF Hotfix 1244 JP] while attempting to free the "NtApRpc.dll" library when the RPC scan threads are handling scan requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch enables ServerProtect for Network Appliance Filers to force RPC scan threads to exit in time when the"spntsvc.exe" service frees the "NtApRpc.dll" library. Issue 24: In mail notification of ICAP storage, the "Infection Source" section shows Normal Server's computer name. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch makes "Infection Source" show the IP address of the storage server in mail notifications. Issue 25: In log record of ICAP storage, the "Infection Source" section shows None, and the "User" section shows the IP address of the storage server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch makes "Infection Source" show the IP address of the storage server, "User" show the IP address of the storage server in log records of ICAP storage. Issue 26: Trend Micro Control Manager 7.0 cannot download patchagent for ServerProtect for Storage using manual download. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch adds patchagent information to the profile that will be sent to Control Manager. 3. Documentation Set ====================================================================== The documentation set for this product includes the following: * Getting Started Guide -- product overview, installation planning, installation and configuration instructions, and basic information intended to get you "up and running." * Readme.txt file -- version enhancements, basic installation, known issues, and release history. * Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ * Online help -- context-sensitive help screens that provide guidance for performing a task. * Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ====================================================================== Refer to the ServerProtect for Storage 6.0 readme file for the complete list of system requirements. 5. Installation/Uninstallation ====================================================================== 5.1 Installation =================================================================== To apply this Patch from the same computer as the Information Server: 1. Close the management console. If this is not running at the time of installation, proceed with the next step. 2. If your Normal Servers are running Windows Server 2008 (x64) or Windows Server 2008 R2 (x64), install "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" on your Normal Servers before applying this patch. Download the Microsoft package from the following location: https://www.microsoft.com/en-us/download/details.aspx?id=26347 3. Copy the "spfs_600_win_en_patch1_b1194.exe" patch installation file to a temporary folder. 4. Run the Patch file. The license screen appears. 5. If you disagree with the terms of the legal agreement, choose the "I do not agree with the terms of the legal agreement." option and click "Cancel" to abort the installation. Otherwise, choose the "I accept the terms of the legal agreement" and click "Next". The "readme" appears. Notes: - The Information Server deploys the Patch to Normal Servers 30 seconds after the installation is completed and restarts the ServerProtect services. If the installation does not complete successfully, contact Trend Micro technical support. To apply this Patch to a management console that is not associated with the computer hosting the Information Server: 1. Apply the Patch to the Information Server. 2. Close the management console. 3. Go to the management console home directory and back up the following five files to another location: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 4. On the Information Server, copy the following files from the Information Server home directory to the management console home directory to overwrite the local files: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 5. If the Management Console is not installed on the same server as both the Information Server and Normal Server, manually add the following key on the server where the Management Console is installed: Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\QualityCompat" Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Value="0x00000000” 5.2 Uninstallation =================================================================== To roll back to the previous build: 5.2.1 Uninstallation of Information Server and Normal Server ------------------------------------------------------------------- 1. On the Normal Server, run the following Shell command to stop the Normal Server service: net stop spntsvc 2. On the Information Server, run the following Shell command to stop the Information Server service: net stop earthagent 3. On the Information Server, run the following Shell command to stop the CMAgent service: net stop ServerProtectCMAgent 4. On the Normal Server, rename the backup files in the ServerProtect home directory and use them to replace the current files. The names of the backup files have "bak" in the extension. 5. On the Information Server, open the Information Server's home directory and copy the files from the ".\backup\filegroup10" folder to the current directory. 6. On the Information Server, open CMAgent's home directory and copy the files from the "..\backup\filegroup100" folder to the current directory. 7. On the Information Server, a. Open "Agent.ini" in CMAgent's home directory. b. Set the "Agent_BuildNumber" key in the "Common" section to the previous version. c. Set the "Agent_Version" key in the "Common" section to the previous version. d. Open "Product.ini" in CMAgent's home directory. e. Set the "UpdateInfo" key in the "Product_Info" section to 1. f. Set the "MenuVersion" key in the "Product_Info" section to the previous version. The previous version can be checked in the following file: .\backup\filegroup100\ProductUI.zip\ProductInfo.xml 8. On the Normal Server, run the following command to start the Normal Server service: net start spntsvc 9. On the Information Server, run the following command to start the Information Server service: net start earthagent 10.On the Information Server, run the following command to start the CMAgent service: net start ServerProtectCMAgent 5.2.2 Uninstalling the Management Console ------------------------------------------------------------------- NOTE: It is not necessary to roll back the Management Console separately. You should roll back the Management Console only when it is not installed on the same machine as the Information Server. 1. On Management Console, open the backup directory of the following files in the installation section: - admin.exe - Adm_enu.dll - AgentClient.dll - ADM_ENU.chm - spuninst.exe - spuninstrc.DLL 2. Copy the files in the list above to the management console home directory to overwrite the local files. 6. Post-Installation Configuration ====================================================================== No special post-installation steps are required. Note: Trend Micro recommends updating all components immediately after installing the product. 7. Known Issues ====================================================================== Here are the known issues in this release: 7.1 When enable delete file feature for HDI storage, it is possible for a user to access a file before the file is deleted from HDI. ===================================================================== ServerProtect for Storage implements this feature after the Real-time Scan Callback function. Since the Callback function is called asynchronously after the scan completes, there is a time gap (shorter than 500ms during testing) between the HDI allowing file access and deleting the file from HDI. Users are able to access files that are to be deleted during the time gap. 7.2 When enable delete file feature for HDI storage, files in HDI may not be deleted successfully if another user is accessing it. ===================================================================== Related to Known Issue 7.4, if ServerProtect for Storage deletes files on HDI storage while someone is accessing the file, the file may not be deleted successfully. 7.3 When enable delete file feature for HDI storage, files in HDI may not be deleted successfully if the same files are copied to HDI again within a short period of time. ===================================================================== Because of the Windows SMB cache, when the same file is copied to an HDI storage again within a short time, Hitachi Server Protect Agent (HSPA) will not process the file and does not trigger the delete action. Refer to the following KB to disable all three kinds of cache to work around this known issue: https://docs.microsoft.com/en-us/previous-versions/windows/ it-pro/windows-7/ff686200(v=ws.10) 7.4 When enable delete file feature for HDI storage, users copy a large number of files to HDI, some of the files that are to be deleted are left on HDI storage. ===================================================================== This is because HSPA will miss some files while copying a large number of files to HDI, which prevents ServerProtect from scanning any missing file and triggering the delete action. This issue can be fixed by adding more servers where HSPA is installed to balance the load. 7.5 When enable delete file feature for HDI storage, target files may still be copied from HDI before being deleted. ===================================================================== Since HDI does not block the file access before HSPA touches files, there is a short period of time when the files that are to be deleted can still be copied. This issue can be fixed by configuring the "Deny access" setting to "Procedure if scanning fails" under the HDI Scanner servers’ scan condition. 8. Release History ====================================================================== - ServerProtect for Storage 6.0, July 13, 2015 9. Files Included in This Release ====================================================================== Module File Name Build No. ==================== ========= 32-bit Normal Server AgentClient.dll 6.00.0.1194 SpntSvc.exe 6.00.0.1194 NtIcapServer.dll 6.00.0.1194 EventMsg2.dll 6.00.0.1194 StRpcSrv.dll 6.00.0.1194 StCommon.dll 6.00.0.1194 LogMaster.dll 6.00.0.1194 NtApRPC.dll 6.00.0.1194 LogViewer.exe 6.00.0.1194 DCE.dll 6.00.0.1194 Notification.dll 6.00.0.1194 Eng50.dll 6.00.0.1194 StUpdate.exe 6.00.0.1194 HDITakeAction.exe 6.00.0.1194 VSAPI32.dll 10.000.0.1040 log.conf N/A TFTD.ini N/A 64-bit Normal Server AgentClient.dll 6.00.0.1194 SpntSvc.exe 6.00.0.1194 NtIcapServer.dll 6.00.0.1194 EventMsg2.dll 6.00.0.1194 StRpcSrv.dll 6.00.0.1194 StCommon.dll 6.00.0.1194 LogMaster.dll 6.00.0.1194 NtApRPC.dll 6.00.0.1194 LogViewer.exe 6.00.0.1194 DCE.dll 6.00.0.1194 Notification.dll 6.00.0.1194 Eng50.dll 6.00.0.1194 StUpdate.exe 6.00.0.1194 StUpdate_32.exe 6.00.0.1194 HDITakeAction.exe 6.00.0.1194 VSAPI32.dll 10.000.0.1040 VSAPI64.dll 10.000.0.1040 log.conf N/A TFTD.ini N/A Information Server EarthAgent.exe 6.00.0.1194 DeployTool.exe 6.00.0.1194 Notification.dll 6.00.0.1194 AgentClient.dll 6.00.0.1194 Management Console Admin.exe 6.00.0.1194 Adm_enu.dll 6.00.0.1194 AgentClient.dll 6.00.0.1194 MCP CMAgent ProductLibrary.dll 6.00.0.1194 CMAgent.exe 6.00.0.1194 ProductUI.zip N/A cgiCmdNotify.exe 5.0.0.2270 En_BlobConvertUtility.dll 5.0.0.2270 En_I18N.dll 5.0.0.2270 En_Utility.dll 5.0.0.2270 libapr-1.dll 1.1.1.0 libcurl.dll 7.43.0.0 libeay32.dll 1.0.2.10 ssleay32.dll 1.0.2.10 SSO_PKIHelper.dll 5.0.0.2270 TrendAprWrapperDll.dll 5.0.0.2270 zlib.dll 1.2.3.0 Patch Files Tmpatch.exe 2.2.0.1054 Setup.ini N/A Hotfix.ini N/A readme.txt N/A license.txt N/A 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2018, Trend Micro Incorporated. All rights reserved. Trend Micro, ServerProtect, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide