|
|
July 9,
2014
|
1. About Trend Micro Deep Discovery Email Inspector
2. What's New
9. Known Issues
10. Release History
1. About Trend Micro Deep Discovery Email Inspector
Trend Micro™ Deep Discovery Email Inspector™ stops sophisticated targeted attacks and cyber threats by scanning, simulating, and analyzing suspicious links and attachments in email messages before they can threaten your network. Designed to integrate into your existing anti-spam/antivirus network topology, Deep Discovery Email Inspector can act as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance silently monitoring your network for cyber threats.
2. What's New
2.1 Risk Level Enhancement
Deep Discovery Email Inspector highlights the risk of unknown threats to help security administrators focus investigation on high-risk threats.
2.2 Improved Archive-password Capturing
Deep Discovery Email Inspector improves email scanning capabilities to heuristically capture passwords when the password and password-protected archive attachment exist in separate email messages.
2.3 Policy Actions for Unscannable Archives
Deep Discovery Email Inspector supports specific policy actions for password-protected archive that could not be extracted and scanned using the password list or heuristically obtained passwords.
2.4 Trend Micro Smart Feedback Support
Deep Discovery Email Inspector integrates the new Trend Micro Feedback Engine. This engine sends anonymous threat information to the Trend Micro Smart Protection Network, which allows Trend Micro to identify and protect against new threats.
2.5 System Status Visibility Enhancement
Deep Discovery Email Inspector increases system status visibility from the dashboard. The new Hardware Status widget shows the overall health and status of the Deep Discovery Email Inspector appliance hardware.
2.6 Improved Virtual Analyzer Submission Filters
Deep Discovery Email Inspector improves Virtual Analyzer submission filters by submitting the entire archive file for analysis if any file in the archive contains a selected file type.
3.1 Advanced Detection
Deep Discovery Email Inspector advanced detection technology discovers targeted threats in email messages, including spear-phishing attacks.
■ Reputation and heuristic technologies catch unknown threats and document exploits
■ Detects threats hidden in password-protected files and shortened URLs
3.2 Visibility, Analysis, and Action
Deep Discovery Email Inspector provides real-time threat visibility and analysis in an intuitive, multi-level format. This allows security professionals to focus on the real risks, perform forensic analysis, and rapidly implement containment and remediation procedures.
3.3 Flexible Deployment
Deep Discovery Email Inspector integrates into your existing anti-spam/antivirus network topology by acting as a Mail Transfer Agent in the mail traffic flow or as an out-of-band appliance monitoring your network for cyber threats.
3.4 Light-Weight Policy Management
Deep Discovery Email Inspector simplifies preventative actions with a streamlined policy structure.
■ Block and quarantine suspicious email messages
■ Allow certain email messages to pass through to the recipient
■ Strip suspicious attachments
■ Tag the email subject or body with a customized string
3.5 Custom Threat Simulation Sandbox
The Virtual Analyzer sandbox environment opens files, including password-protected archives, and URLs to test for malicious behavior. Virtual Analyzer is able to find exploit code, Command & Control (C&C) and botnet connections, and other suspicious behaviors or characteristics.
3.6 Email Attachment Analysis
Deep Discovery Email Inspector utilizes multiple detection engines and sandbox simulation to investigate file attachments. Supported file types include a wide range of executable, Microsoft Office, PDF, web content, and compressed files.
3.7 Embedded URL Analysis
Deep Discovery Email Inspector utilizes reputation technology, direct page analysis, and sandbox simulation to investigate URLs embedded in an email message.
3.8 Password Derivation
Deep Discovery Email Inspector decrypts password-protected archives using a variety of heuristics and customer-supplied keywords.
View and download the electronic documentation at:
http://docs.trendmicro.com/en-us/enterprise/deep-discovery-email-inspector.aspx
In addition to this readme, the documentation for Deep Discovery Email Inspector includes:
■ Administrator's Guide – A PDF document that contains detailed instructions on how to deploy, configure and manage Deep Discovery Email Inspector, and provides explanations on product concepts and features.
■ Online Help – Online HTML pages that provide "how to's", usage advice, and field-specific information. To access the Help, open the management console and click the help icon.
■ Quick Start Guide – A PDF document that provides user-friendly instructions on connecting Deep Discovery Email Inspector to your network and on performing the initial configuration.
■
Trend Community – Get help, share your experiences, ask questions, and discuss
security concerns in the forums with fellow users, enthusiasts, and security
experts.
http://community.trendmicro.com/
■
TrendEdge – A program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products
http://trendedge.trendmicro.com/
Trend Micro provides the Deep Discovery Email Inspector appliance hardware. No other hardware is supported.
5.1 Command Line Interface
■ VGA connections require a monitor with a VGA port and a VGA cable
■ SSH connections require a computer with an Ethernet port, an Ethernet cable, and an SSH client (example: PuTTy)
5.1 Management Console
■ Microsoft Internet Explorer (IE) 9.0, 10.0, 11.0
■ Mozilla Firefox 24 or later
■ Google Chrome 31 or later
To perform a fresh installation of Deep Discovery Email Inspector, see the Chapter 2: Deployment in the Deep Discovery Email Inspector Administrator's Guide.
To apply this service pack, Deep Discovery Email Inspector must be running:
■ Deep Discovery Email Inspector 2.0 Build 1223 English
■ Hot Fix 0004 or later
Note: Before installing this service pack, back up your Deep Discovery Email Inspector
configuration file from the management console. For details, see Chapter 9: Administration (System and Accounts) in the Deep Discovery Email Inspector Administrator's Guide.
7.1 Installation
1. Log on to the Deep Discovery Email Inspector management console.
2. Go to Administration > Product Updates > Firmware.
3. Click Browse to locate the service pack installation package.
4. Click Install.
5. Wait for the package to upload and install.
After installation completes, the management console logon screen appears.
6. Clear your web browser's cache before logging on the management console.
Note: Trend Micro recommends updating the scan engine and pattern files immediately after installation.
7.2 Uninstallation
The service pack cannot be uninstalled. Contact Trend Micro Support for assistance.
Installing this service pack maintains all configurations and data, except for the Virtual Analyzer network settings.
For details about configuring Virtual Analyzer settings, see Chapter 9: Administration (Scanning and Analysis) in the Deep Discovery Email Inspector Administrator's Guide.
9. Known Issues
The following are known issues/limitations with Deep Discovery Email Inspector:
9.1 Hot Fix Required to Install Service Pack
Solution: Apply Hot Fix 0004 on Deep Discovery Email Inspector 2.0 Build 1223 before upgrading to Service Pack 1.
9.2 Widget Preferences Do Not Migrate
Solution: Reconfigure your widget preferences.
9.3 Unable to Install if an IP Conflict Exists
Problem: Deep Discovery Email Inspector cannot successfully install if an IP conflict exists. The Deep Discovery Email Inspector appliance has a default IP address (192.168.252.1). If another endpoint uses the same IP address, Deep Discovery Email Inspector cannot start services.
Solution: Trend Micro recommends not connecting the appliance to the network until after the default IP address has been changed to a unique IP address on the network.
9.4 Virtual Analyzer Unable to Import Images from FTP Servers in Active Mode
Problem: Deep Discovery Email Inspector is unable to import Virtual Analyzer images from an FTP server in active mode. Deep Discovery Email Inspector security does not allow this type of connection.
Solution: Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method.
9.5 Limited Support for Email Messages in Non-Standard Formats
Problem: Deep Discovery Email Inspector cannot read the subject of email messages in non-standard formats.
10. Release History
Deep Discovery Email Inspector 2.0 April, 2014
■ Trend Micro website: http://www.trendmicro.com
■ Worldwide offices and phone numbers: http://www.trendmicro.com/en/about/overview.htm
Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers.
A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers’ needs, stops new threats faster, and protects data in physical, virtual and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe.
For additional information, go to http://www.trendmicro.com.
(c) 2014 Trend Micro Incorporated. All Rights Reserved. Trend Micro, the Trend Micro logo, and Trend Micro Control Manager are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
Information about your license agreement with Trend Micro can be viewed at:
http://us.trendmicro.com/us/about/company/user_license_agreements/
Third-party licensing agreements can be viewed by:
■ Selecting the "About" option in the management console
■ Going to the third-party license agreement directly