~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Agent 9.0 SP1, Deep Security Relay 9.0 SP1 and Deep Security Notifier 9.0 SP1 for Windows Platforms: Windows Server 2012 (64-bit), Windows 8 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), Windows Server 2008 R2 (64-bit), Windows Server 2008 (32-bit and 64-bit), Windows Server 2008 R2 Hyper-V(*), Windows Vista (32-bit and 64-bit), Windows Server 2003 SP1 (32-bit and 64-bit) with patch "Windows Server 2003 Scalable Networking Pack"(***), Windows Server 2003 SP2 (32-bit and 64-bit), Windows Server 2003 R2 SP2 (32-bit and 64-bit), Windows XP (32-bit and 64-bit), Windows XP Embedded(**)(***) (*)There is no agentless solution for Windows Hyper-V. The Agent installed on the Hyper-V hypervisor will only protect the hypervisor itself. To protect guest images running on Hyper-V, an Agent must be installed on each Hyper-V guest. (**)Due to the customization possible with Windows XP Embedded, customers should make sure that the services and ports necessary to run the Deep Security Agent are been enabled in their environments. (***) The Relay and Notifiers are not supported on these platforms. Not currently supported: Windows Server 2012 Core Windows Server 2008 Core Microsoft Virtual Server 2005 R2 SP1 Date: May 21, 2013 Release: 9.0 SP1 Build Version: 9.0.0.2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our Web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.0 SP1 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Support Expiration Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 7.1 Issues in Deep Security Agent, Relay or Notifier 9.0 SP1 - WINDOWS 7.2 Issues fixed in previous release but not in this release 8. Release History 8.1 Prior Deep Security 9.0 Releases 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security 9.0 SP1 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security 9.0 SP1 contains a number of bug fixes as well as some new feature enhancements. 1.2 Who Should Install This Release ===================================================================== You should install the 9.0 SP1 release if you are currently running Deep Security 7.0, 7.5, 8.0, or 9.0. 1.3 Support Expiration Notice ===================================================================== Please refer to Trend Micro Download or Support center for an official notice about product version life-cycle and End of Support information. Please visit the Trend Micro Download Center website to download the latest releases at: http://downloadcenter.trendmicro.com/ 2. What's New ======================================================================== For major changes in Deep Security 9.0 SP1 from previously released versions of Deep Security, please read the "What's New in 9 SP1" section of the Deep Security Manager's on-line help or the Deep Security Administrator's Guide or Deep Security Installation Guide, available for download from the Trend Micro Download Center. 2.1 Enhancements ====================================================================== - Localization support of Deep Security Notifier 2.2 Resolved Known Issues ====================================================================== Issue 1: [18053/17837/TT264368] Self protection of the AMSP processes (CoreFrameworkhost.exe and CoreServiceShell.exe) does not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This is fixed by changing the post-install configuration to prevent killing the CoreServiceShell.exe process ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [17797/17500/TT253828] Manual & scheduled AV scans were not working on mounted volumes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: Fix provided in AMSP plugUtilEnum 2.6.1189. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== In addition to this readme, the documentation set for this product includes the following: o Deep Security 9.0 SP1 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 9.0 SP1 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance and ESXi Filter Driver. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security 9.0 SP1 Installation Guide." 5. Installation/Uninstallation ======================================================================== See the "Deep Security 9.0 SP1 Installation Guide" document available for download from the Trend Micro Download Center. 6. Known Incompatibilities ======================================================================== 1) Resonate Load Balancer (5.0.1) Deep Security Agents Affected: All Issue: Environments in which Resonate load balancing software is installed may experience a loss of Resonate functionality when the Deep Security Agent is installed. Resolution: Restart the Resonate Central Dispatch Controller services. 2) Trend Micro Client Server Messaging Security for SMB Deep Security Agents Affected: All Issue: Connectivity issues have been noted when running with Trend Micro Client Server Messaging Security for SMB older than Version 3.5 Build 1113. Resolution: Upgrade your Trend Micro Client Server Messaging Security to Version 3.5 Build 1138 or higher. 3) Realtek RTL8169/8110 Family Gigabit Ethernet NIC Deep Security Agents Affected: All Issue: Issues have been noted when using Version 5.663.1212.2006 of the Realtek Gigabit Ethernet NIC Resolution: To resolve the issue, upgrade the driver to the latest version. 4) Intel(R) PRO/100+ Dual Port Server Adapter Deep Security Agents Affected: All Issue: Issues have been noted when using Intel NIC cards with driver versions less than 8.0.17.0 Resolution: To resolve the issue, upgrade the driver to version v8.0.19 or higher. 5) Microsoft Network Load Balancer (MS-NLB) Deep Security Agents Affected: All Issue: Issues have been noted when using Microsoft Network Load Balancer (MS-NLB) Resolution: MS-NLB is incompatible with Deep Security Agent and currently there is no solution available for this incompatibility. 7. Known Issues ============================================================================ 7.1 Known Issues in Deep Security Agent, Relay or Notifier 9.0 SP1 - WINDOWS ============================================================================ - In some cases a laptop computer has the "Microsoft Virtual Wi-Fi Miniport Adapter" turned on. Such device, used for creating Wi-Fi hotspots (ad hoc networks) via the wireless adapter, would enable both the real device for the true wireless connection and the "Microsoft Virtual Wi-Fi Miniport Adapter" for the ad hoc connections, with the same Mac address. This will result in the DSA on such laptop computers requesting an interface update on every heartbeat. [17502] - The Web Reputation Service (WRS) feature is only supported on Windows platforms. There is no WRS functionality in the Linux/Solaris/HP-UX/AIX agents. Therefore, if both DSVA and a Linux DSA are installed to provide "coordinated approach" protection, and if the DSA is in use, the WRS functionality will be lost because there is no WRS support on the Linux DSA. [FB15428] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the DSA hostname will disrupt DSM/DSA communication. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - On Windows 2008 and Windows Server 2012, after installing the DSM with a co-located Relay, the DS Notifier icon does not automatically show up in the Windows notification area. However, the DS Notifier will still function. Users need to relaunch the DS Notifier from the Start menu or restart the system. [17533] - The Deep Security Notifier 8.0 is incompatible with DSVA 9.0 in VMware environments due to an architectural change between VMware vSphere 5.0 and 5.1. In vSphere (ESXi) 5.1. DS Notifier 9.0 is compatible with DSVA 9.0. - When installing on Windows Vista, Windows 2008, or Windows 7 you may see a system event that indicates: The Trend Micro Deep Security Agent service is marked as an interactive service. However, the system is configured not allow interactive services. This service may not function properly. This is a normal warning on Windows Vista or higher. On these platforms, Windows does not allow services to interact with the user's desktop, so the OS displays the warning when the Agent tries to use interactive services. This desktop interaction feature is used by the Agent to provide the reboot notice on pre-Vista versions of Windows. The warning message can be safely ignored. [Deep Security 8.0 Tier 2-00253] - Starting with Vista, we encounter problems from time to time when upgrading the Agent. The problem is related to the timing of the VC RTL assemblies being published to WinSxS, but it only seems to cause trouble on Vista or higher and only if the version of the RTL is not changing. The root cause was some corrupted Windows components. The workaround is to either run the Windows System File Checker (sfc.exe) to repair the OS, or to install the Microsoft Visual C++ Redistributable Package from the following URL before starting the upgrade procedure again. http://www.microsoft.com/download/en/details.aspx?id=26347 After installing the package from Microsoft, you should reboot the machine. If this is not done before the upgrade the upgrade may fail. To recover from this, you can install the package and re-run the installer. [Deep Security 8.0-01044] [13863/16376] - The Deep Security Relay server does not support a component rollback. If a rollback is performed on a Deep Security Relay, the components listed in the Deep Security Manager may no longer match the actual versions present on the Relay. Subsequent component updates will re-sync the component versions displayed in Deep Security Manager. [Deep Security 8.0 Tier 2-00180] [14253] - Deep Security Notifier may not start after a remote upgrade of the Deep Security Agent. If this occurs, manually restart the Notifier from the start menu, or reboot the machine. [Deep Security 8.0-01196] [13880] - On the Custom Setup page of the Deep Security Agent or Relay installer, "URL filtering" is incorrectly described as being part of the the Anti-Malware module. "URL filtering" is in fact part of Intrusion Prevention. - Intrusion Prevention is not supported over IPv6 SSL connections. - On Windows XP, if you attempt to uninstall the Agent or Relay through Add/Remove programs while agent Self Protection is enabled, you may get the following error: Fatal Error During Installation. This message come from the Windows OS indicating that the uninstall did not proceed (precisely because self protection is enabled). It is not a Deep Security error. [Deep Security 8.0-00410] - When running an Anti-Malware Manual Scan with Smart Scan enabled, if the Agent cannot contact the Smart Scan server, the resulting error event will indicate a "Real-Time" scan type instead of "Manual". [Deep Security 8.0 Tier 2-00024] - If network connectivity is lost for an extended period of time during an Agent upgrade it may be necessary to re-boot the host machine. - It is possible that NDIS drivers will hang when installing or uninstalling if they do not properly free packets when requested to unbind. The Trend Micro Deep Security Agent with accompanying NDIS 5.1 or NDIS 6.0 driver has been fixed so that it will free all packets correctly before upgrading or uninstalling. However, when installing or uninstalling NDIS drivers, Microsoft requires that all NDIS drivers be unbound and then rebound. This means that if other third-party NDIS drivers do not properly free packets, it is still possible for the Deep Security Agent install, upgrade, or uninstall to hang. This is beyond Trend Micro's control and will only happen in very limited situations. If this does occur then a reboot will be likely to resolve the issue with a reattempt at installing, uninstalling, or upgrading happening afterwards. - On VMware vSphere 4, if a new Ethernet adapter is dynamically added to a running Windows VM being protected by an agent, the adapter may not be protected by the agent installed on the Virtual machine. To ensure the newly added adapter is protected follow these steps after adding a new Ethernet device in vSphere client: a) Open the console for the VM b) Go to control panel -> network connections c) Select the new network adapter that was just added d) Select properties e) Verify that "Trend Micro DSA Filter Driver" is checked f) Select OK [10559] - Log Inspection Events have a size limitation of 6000 characters. - When the network engine is working in TAP mode and the in-guest Agent is offline, the DSVA status will display "Stand By". In fact, the DSVA is actually online and IP/FW Events will continue to be logged as Rules are triggered. [10948] 7.2 Issues fixed in previous release but not in this release ========================================================================= The following issues have been fixed in previous Deep Security maintenance (Hotfixes/Patches/Service Packs) releases but did not make it to this Deep Security 9.0 SP1 release: - Fix for DSA anti-malware engine offline. [TT262925] 8. Release History ======================================================================== See the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9.0.0.2014 May 21, 2013 8.1 Prior Deep Security 9.0 Releases ===================================================================== 9.0.0.883 January 30, 2013 Enhancements in Deep Security 9.0.883 ===================================================================== - Addition of Anti-Malware Quick Scan feature in the Windows based Deep Security Agent - Support for IPv6 Firewall Resolved Known Issues in 9.0.883 ===================================================================== Issue 1: [TT255553, FB16310] The Web Reputation Service feature would not function through a proxy if the user name contains '\' character. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT250817, FB16543, FB16541, FB16602] The ds_agent service will not start after an upgrade or a cold-boot. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: Fixed the service dependency issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [TT249723, FB16558, FB15641] There is a packet re-transmission issue causing an "Invalid parameters in handshake" error to be generated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [FB16012] When the Deep Security Relay is installed on a Microsoft Windows XP or Windows 2003 environment, the Web server (nginx) closes each time a user logs out from the computer. This prevents the Deep Security Agent from updating components through the Deep Security Relay after a user logs out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The nginx has a hidden window console opened. After user logout, the nginx would be terminated by the system. This issue has been fixed by implementing a watchdog in dsvp.exe, and restarting the nginx if it has been terminated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [Deep Security 8.0 Tier 2-00200, FB 14340] Unable to establish PPTP connection to a VPN server when the Agent is running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: If you wish to use Point To Point Tunneling Protocol (PPTP) with Deep Security, you must modify some of the advanced settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: 1. Log in to Deep Security Manager and go to Computer Settings > Network Engine tab. 2. Make the following changes in the Advanced Network Engine Settings: Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels Maximum Tunnel Depth: 4 Action if Maximum Tunnel Depth Exceeded: Bypass Then click Save. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: For new installation of 9.0 SP1, the above settings described in the Procedure above are set to default values already. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [Deep Security 8.0 Tier 2-00136, 14227] When you activate a Deep Security Agent that has been installed with Anti-Malware protection enabled, the Agent immediately downloads the latest Anti-Malware components (virus patterns, detection engines, etc.) from the Deep Security Relay. But if you install a Deep Security Agent without Anti-Malware protection enabled and then subsequently enable Anti-Malware protection from the Deep Security Manager, the component update will not occur until the next heartbeat. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: The user can force a component update if they do not want to wait until next heartbeat. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: 1. Select the computer in the Manager's Computers screen 2. Right-click it, and select Actions > Update Components. Note 6: Anti-Malware protection will not be in effect on the computer until this update occurs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This release includes all resolved issues that were resolved in Deep Security 8.0 SP2 except those explicitly listed in the section 7 "Known Issues in Deep Security Agent, Relay or Notifier 9.0 SP1 - WINDOWS". 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Agent-Windows-9.0.0-2014.x86_64.msi (64-bit) Agent-Windows-9.0.0-2014.i386.msi (32-bit) Relay-Windows-9.0.0-2014.x86_64.msi (64-bit) Relay-Windows-9.0.0-2014.i386.msi (32-bit) Notifier-Windows-9.0.0-2016.i386.msi (32-bit - can be installed on 64-bit) 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, go to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen will display. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== Please refer to the 3rd party licenses file inside the DSA package for detailed information about 3rd party libraries used in the Deep Security Agent. Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2013 Trend Micro Inc. All rights reserved. Published in Canada.