~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Manager 9.0 SP1 Platforms: Windows Server 2012 (64-bit) Windows Server 2008 (64-bit), Windows Server 2008 R2 (64-bit), Windows Server 2003 SP2 (64-bit) Windows Server 2003 R2 SP2 (64-bit) Redhat Enterprise Linux 5 (64-bit) Redhat Enterprise Linux 6 (64-bit) Not Supported: RHEL Xen Hypervisor Windows Server 2012 Core Windows Server 2008 Core As of Deep Security 9.0, Deep Security Manager is no longer supported on 32-bit versions of the Windows. Date: May 21, 2013 Release: 9.0 SP1 Build Version: 9.0.5370 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click-through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our Web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/virtualization/deep-security/ Download the latest version of this readme the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.0 SP1 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Support Expiration Notice 1.4 Upgrade Notice 2. What's New 2.1 New in Deep Security 9.0 2.2 Issues Resolved in this release 3. Documentation Set 4. System Requirements 5. Known Incompatibilities 6. Known Issues 6.1 Known issues in Deep Security Manager 9.0 SP1 6.2 Issues fixed in previous release but not in this release 7. Release History 7.1 Prior Deep Security 9.0 Releases 8. Files Included in This Release 9. Contact Information 10. About Trend Micro 11. License Agreement 12. Third Party Software =================================================================== 1. About Deep Security 9.0 SP1 ======================================================================= 1.1 Overview of This Release ===================================================================== Deep Security 9.0 SP1 contains a number of bug fixes as well as enhancements. For a list of the major changes in Deep Security 9.0 SP1 from previously released versions of Deep Security Manager, please see the "What's New in Deep Security 9 SP1" section of the online help, or the Administrator's Guide or Installation Guide, available for download from the Trend Micro Download Center. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 7.0, 7.5, 8.0, or 9.0. All new Deep Security users should install Deep Security 9.0 SP1. 1.3 Support Expiration Notice ===================================================================== Please refer to Trend Micro Download or Support center for an official notice about product version life-cycle and End-of-Support information. Please visit the Trend Micro Download Center website to download the latest releases at: http://downloadcenter.trendmicro.com/ 1.4 Upgrade Notice ===================================================================== To upgrade to Deep Security 9.0 SP1, you must running Deep Security 8.0 SP2 or later. If you are running an earlier version of Deep Security, you must first upgrade to Deep Security 8.0 SP2 (or later) before upgrading to version 9.0. If you choose to upgrade your Deep Security Manager (DSM) to version 9.0 SP1 while having certain older versions of Deep Security Agents under protection, you will be warned during the upgrade installation that DSM 9.0 SP1 will no longer be able to communicate with those Agents. Deep Security Manager (DSM) 9.0 SP1 will ONLY support 7.5 SP4, 8.0 SP1, and 9.x or later Deep Security Agent/ Deep Security Relay/Deep Security Virtual Appliance. Please see Section 5 Known Incompatibilities for details. Deep Security 9.0 does not support ESXi version 4.1. To deploy Deep Security 9.0, your VMware infrastructure (vCenter, vShield Manager, vShield Endpoint, and vShield Endpoint drivers) must be upgraded to version 5.x. Also be sure to read the VMware documentation for upgrading your VMware environment including the KB article on VMware's website: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032756 2. What's New ======================================================================== 2.1 New in Deep Security 9.0 SP1 ===================================================================== - Localization support of Deep Security Manager and Notifier - Enhancements for Trusted Common Baseline: a) The ability to define an auto-tagging rule so that a change to a file on any Computer in a group of Computers is tagged as okay so long as a file with the same contents and name exists on some other Computer in the group. b) Scalability of auto-tagging integrity events - Enhancement in DSM UI to allow configuration of Max Files in Anti-Malware Compressed file scanning. Such setting can be apply to every agent which anti-malware protection is enabled (per-agent setting). - Enhancement to allow user select Relay Groups on the New Computer wizard. - Enhancement to allow Relay set to update patterns only. 2.2 Resolved Known Issues ===================================================================== Issue 1: [17008/TT252018] In some situations, it has been reported that the Integrity Monitoring/Anti-Malware scanning would cause 100% CPU usage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: A hidden global setting for CPU usage control has been added to DSM to allow high/medium/low control of CPU usage for IM/AM scanning. Such setting applies to the following platforms: - Linux(TM) Red Hat(TM) 5 64-bit - AIX(TM) 5.3 - Solaris(TM) 10 Sparc Note: On AIX system, the CPU usage shows differently in system command "topas" and "ps." It is recommended that user uses "ps" command, if needed, to verify the CPU usage control feature on the AIX system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [17351] On occasion the Download Security Update wizard appears to stop and time out, even though the rules have been applied successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This issue has been fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [17840/17881/TT263949] Under certain circumstances DSM would open a connection to the DSVA but not supply the tunneling header. This would leave the DSVA in a hung state waiting for a blocking read. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: Fixed by applying a 30 second timeout to the read. Impact: The agent will only stay in the hung state now for 30 seconds. After 30 seconds it will log a message that the tunneling header was not received and communication with DSM will be re-established. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [18152/18144/TT266650] The Directory list won't accept "." in the path. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: Implement logic that allows "." in the Windows/UNC/Linux path. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [17986/17784/18537/18649/18875/18845/19065] [TT264045/TT269107/TT269326/TT265819/TT267339] Issues were found where the DSM console takes too long time to respond when there is a significant number of activated agents. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: Changes have been made in the code to greatly improve the performance of DSM page displays. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [17990/17785/TT264045] Unable to perform a Virtual Sync when failing with the following error: Jan dd, YYYY h:mm:ss AM com.thirdbrigade.manager.core.virtual.VirtualSync doVirtualSync SEVERE: Virtual Synchronize Job Failed: The DELETE statement conflicted with the REFERENCE constraint "FNQTKCOHXZWIQIYA". The conflict occurred in database "dsm", table "dbo.hosts", column 'HostGroupID'. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: Fixed the issue for SQL constraint exception. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [17945] Test Database Connection on the Tenant Properties window could place the DSM in an error state from which it could not recover without a service restart. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: The fix consists of two modifications: - If the tenant database is actually the primary database, the test connection will return success. - If the tenant database is one of the secondary databases, DSM will call clean/close database if and only if the database handlers were specifically created to perform the test connection operation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [18001/17999/TT265517] When creating an exclusion list, DSM would not accept certain variable parameters like ${systemroot}\system32\LogFiles\. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [18023/17530/TT262614] A custom Intrusion Prevention rule will switch to "Detect only" mode after a Deep Security Rule Update (DSRU). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [17497] The contents of the "Type" field on the "General" tab of the auto-tag rule properties page would disappear from the display after switching to another tab. The workaround was to close and re-open the properties page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: The issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [TT263203/17662] Deep Security Manager cannot sort Intrusion Prevention rules on the "Intrusion Prevention Rules" screen by the "Issued" date. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: The issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [18048/17879/TT264045] Occasionally the DSVA was not cleaning up resources after a Guest VM was vMotioned to another ESXi/DSVA. This resulted in the first DSVA reporting an interface out of sync for that guest VM while the new DSVA reported interface in sync. This would cause DSM and vCenter to periodically generate reconfiguration events for a guest VM. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [17750] If synchronization with an Active Directory failed, there was a possibility that users could be removed from the DSM. They would get added during the next successful synchronization. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 14: [17522] There was an issue since early releases where, with App Type ports not being updated it caused an "app type misconfiguration" error in DSM. This issue would prevent Deep Security Rules Update (DSRU) from having the ability to add ports to App Types when new vulnerabilities come out. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: The issue is fixed by preventing users from editing the Application Types issued by Trend Micro (also known as Authoritative). They can still create and edit their own types, but not Trend's. If the user wants to make changes to an Authoritative Application Type he/she needs to create an override for a specific Policy or Host. The best way to achieve the old “global” change is to create an override on the Base Policy, which will be inherited by all of the other Policies/Hosts in the system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 15: [18036] In DS 9.0, the Directory List Objects only support the UNC path with the format "\\ComputerName\Shared\" However in some use cases computers managed by the DSM may have network resources of certain computer(s) that are not directly managed by the DSM. If a user wishes to exclude scanning of those network resources, but keep the ability of an Anti-Malware network scan, the exclusion list with network computer name is needed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This is fixed by allowing “\\ComputerName\” (without the directory name) entries in the Directory List Object on DSM. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 16: [18240] Performance of Event related screens in the DSM is slow. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: Some fixes have been made to make sure the table in the forensic report is not locked. Also some event loading code is optimized to help with the performance of the event viewer and reports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 17: [18259/18117/TT266286] DSM Integreted AWS(EC2 & VPC)environment, Instance's Hostname is null. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: The issue is now fixed. EC2 instances with an elastic IP assigned use the FQDN of the elastic IP as the hostname until the elastic IP is released. Once released, the hostname will change to the instance's FQDN on the next cloud connector sync. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 18: [17749/18337/TT266120] Customers need to generate a computer report in order to view their Computer status (managed/unmanaged). Unfortunately the Computer Report will only be available in DSM if Firewall/DPI is licensed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: The issue is fixed so that the Computer Report will be generated even if the user only has an Anti-Malware license. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 19: [17940/TT261297] There is a UI issue on the DSM Updates page, where DSM will use the same counter for both Agents and Relays. Reproduction: 1. On DSM with both Agents and Relays activated. 2. Go to the Updates page and you will see that Relays and Agents have the same counts although Relays are normally 1 or two in number. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: The issue is fixed by using separate counters for Agents/Relays. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 20: [18399/TT266590] Deep Packet Inspection (DPI) rules are assigned automatically even though the application type was specified to exclude from "scanning for the recommendations". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: After the fix, a DPI rule is not listed in the recommendations if the application type is specified to exclude it from "scanning for the recommendations". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 21: [18476/18474/TT265831] An issue is found in DSM where old log data is being sent to the syslog server when the DSM and the database are busy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: The issue is fixed by improving the log processing function to avoid sending old logs to syslog server when database query exception happens. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 22: [18991/18993/TT270016] In the DSM multi-tenants environment, if users browse to the Administration->System Setting->Tenants-> Database Servers->View Database Servers->Property page of the primary database and click the "OK" button, then go to Administration->Tenants->New and run through the wizard, the new tenant creation will fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: The issue is fixed in the DSM by properly collecting data from disabled UI fields and setting the correct state in the database accordingly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 23: [18310/18243/18244/TT 260393] The Manager Panel is missing on Updates page for DSM nodes on Linux platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security 9.0 SP1 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 9.0 SP1 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. (All the content of the Administrator's Guide can be found in the Deep Security Manager's online help.) o Readme.txt files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent, Virtual Appliance, and ESXi Filter Driver. o Supported Kernel Document -- list of currently supported Linux kernels. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. (The online help contains all the information contained in the Administrator's Guide.) o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security 9.0 SP1 Installation Guide. 5. Known Incompatibilities ======================================================================== - Microsoft Windows Vista is not a supported platform of Deep Security Manager and contains several known bugs. - Deep Security Manager 9.0 does not support version 7.5 or earlier of Deep Security Virtual Appliance. - Deep Security Manager (DSM) 9.0 SP1 will ONLY support 7.5 SP4, 8.0 SP1, and 9.x or later Deep Security Agent/Deep Security Relay/Deep Security Virtual Appliance. Previous versions of Deep Security Manager incorporated Java 6, which has reached its end-of-life. DSM 9.0 SP1 has been upgraded to incorporate Java 7. Impacts: * Any Deep Security Agent version prior to 7.5 SP4 will be unable to communicate with Deep Security Manager. These Agents will be unable to activate, reactivate, deactivate, send events, receive updates, or communicate with DSM in any way. This applies to Deep Security Agents (DSA), Deep Security Relays (DSR) and Deep Security Virtual Appliance (DSVA). * Similarly, Deep Security 8.0 Agents prior to 8.0 SP1 will be unable to communicate with DSM * Deep Security 7.5 SP4 and later, 8.0 SP1 and later and 9.x Agents will be able to communicate with the updated DSM without problems. 6. Known Issues ======================================================================== 6.1 Known Issues in Deep Security Manager (DSM) 9.0 SP1 ======================================================================== - DSM will show error on Policy Overview pages for users whose role privilege is set to "Edit All Computers" but "View Selected Policies" only. The workaround is to enable the setting "Allow viewing of non-selected Policies" at [Policy Rights] of this User Role setting. [19164] - The Deep Security Manager (DSM) does not support installation path containing any special characters (non-alphabet and non-numeric characters). Same restriction also applies to the database name and/or database account used by DSM. [16708] - Exclusion directory list does not support share folder format. [17979] - When user runs Agent-initiated recommendation scan by "dsa_control -m RecommendationScan:true", no system event related to recommendation scan is recorded. - In rare situations, DSM may not correctly identify the status of the EPsec Driver installed on an ESXi. When you activate an Appliance, if DSM does not identify the correct status of vShield Endpoint, it will not register with the vShield Manager. If DSM gives you this warning, perform a full "Synchronize" with your vCenter and it will update the current installation status of all drivers on all ESXi(s) in the environment. [17636] - In Multi-Tenant installations, the Primary tenant DSM may cause "Reconnaissance Detected: Network or Port Scan" alerts on Tenants' DSMs. To avoid these alerts, Tenants can manually add the Primary Tenant's DSM's IP address to the "Ignore Reconnaissance" IP list. (Policies > Common Objects > Lists > IP Lists). [17175] - In rare cases, adding a vCloud or AWS Cloud Account in the DSM can result in the creation of two identical Cloud Accounts. If this occurs, either one the two accounts can be safely removed. [17280/17051] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the DSA hostname will disrupt DSM/DSA communication. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - If the Manager node(s) and the Database are installed on machines with synchronized clocks but configured for different time-zones, an incorrect error will be reported indicating that the clocks are not synchronized. [17100] - On Windows 2008 and Server 2012 systems, after installing the DSM with a co-located Relay, the DS Notifier icon does not automatically appear in the Windows notification area. However, the DS Notifier will still function. Users need to relaunch the DS Notifier from the Start menu or restart the system. [17533] - When using Deep Security with iCRC mode, a DNS server must be available. If a DNS server is unavailable the Anti-malware feature of the Deep Security Virtual Appliance may not function correctly. [Deep Security 8.0-01169] - The Trend Micro Filter Driver provided by Trend Micro is in a different format from the Trend Micro Filter Driver provided by VMware using the VMware Update Manager. If you wish to deploy the Filter Driver from Deep Security Manager you must use the one from the Trend Micro Download Center. [Deep Security 8.0 Tier 2-00043] - When using Relay Groups, Linux Relays will not update correctly if they use Windows Relays as their update source. Relays should only be configured to update from the Global update source or from Relays of the same OS platform. [Deep Security 8.0-01110] - Deep Security Manager does not support License updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS proxy. To use these two features, use an HTTP proxy. [Deep Security 8.0-1024] - In certain cases, when attempting to use the dsm_s stop command on Linux to stop the Deep Security Manager service, you may get the following message: Timeout. Daemon did not shutdown yet. Dsm_s is based on install4j whose timeout value is 15 seconds, which cannot be changed. The Deep Security Manager may require longer than this to shut down. To ensure the service is has been shut down perform a ps -ef | grep DSMService. [Deep Security 8.0-00095] - Air-gapped Relays will still try to contact an Update Server to check for Updates. To avoid Update failure Alerts, set the Relay to use itself as an Update source: 1. In the Relay's Details window, go to System > System Settings > Updates 2. In the Relays area, select "Other Update Source:" and enter https://localhost:4122 3. Click Save. [Deep Security 8.0-01124] - If an ESXi with an installed vShield Endpoint driver is removed from its vCenter, the DSM will not detect the installed driver if the ESXi is later re-added to the vCenter. This will cause any newly DSVA-protected VMs to not have Anti-Malware enabled. The workaround is to uninstall and reinstall the driver through the VSM. [Deep Security 8.0-01036] - The default value for whois in Deep Security does not resolve properly. To use the whois feature you must modify the WHOIS url to use a different server. [Deep Security 8.0-01248] - Intrusion Prevention is not supported over SSL connections when using IPv6. - The Anti-malware scan inclusion/exclusion directory settings are sensitive to forward slash "/" and backslash "\". For use with Windows operating systems the inclusion/exclusion paths must use the backslash "\". [7.5 SP1-00231] - When creating custom Integrity Monitoring Rules using the RegistryKeySet tag, the attribute values must be in uppercase letters. For example, Using lowercase may result in an "Integrity Monitoring Rule Compile Issue" error. [7.5 SP1-00171] - Malware scans of network share folders are only supported using real-time scan. Manual scans or scheduled scans will not work. [7.5-00012] - If a CD or a mounted ISO file contains malware and the anti-malware configuration is set to "Delete" upon detection ,the DSM will still report that the malware was "deleted" even if it was unable to do so. [7.5-00010] - DSM will display an incorrect filename in the Anti-Malware Event if the malware found in the Recycle Bin. [7.5-00023] - During an upgrade, the Deep Security Manager service may fail to install properly on some platforms if the Services screen is open. make sure the services screen is closed prior to installation or upgrade of Deep Security Manager. - If you receive a "java.lang.OutOfMemoryError" error during the installation of the DSM, please refer to the Installation Guide for instructions on how to configure the maximum memory usage for the installer. - During an upgrade, if you receive a message stating that the Manager was unable to start the service, a reboot usually fixes the problem. In rare cases, you may have to run the installer again in Upgrade/Repair mode after the reboot. - If Windows Firewall is enabled on the Deep Security Manager, it may interfere with port scans causing false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720 resulting in these ports always appearing open regardless of any filters placed on the computer. - By default Exchange 2000 and later servers will dynamically assign a non-privileged port (1024-65535) for communications between the client and the server for the System Attendant, Information Store, and Name Service Provider Interface (NSPI) services. If you will be using the Microsoft Exchange Server profile with an Exchange 2000 or later server then you should configure these services to use static ports as described in the article "Exchange 2000 and Exchange 2003 static port mappings" (http://support.microsoft.com/?kbid=270836). Once static ports have been configured you should extend the appropriate Exchange Server port list to include the ports that have been assigned to these services. You may also want to set the No RFR Service registry setting to 1 to prevent the Exchange server from referring clients to the domain controller for address book information. See the article "How Outlook 2000 Accesses Active Directory" (http://support.microsoft.com/?kbid=302914) for more information. Alternatively, it is possible to configure Exchange RPC to run over HTTPS if you are using Outlook 2003 on Windows XP SP1 or later with Exchange Server 2003. In this case only port 443 needs to be added to the Exchange port list. - The "Recommendation" Alert may remain raised on some computers even after all recommended Intrusion Prevention, Integrity and Log Inspection Rules appear to have been applied. This can occur because even though an Application Type may be recommended for a computer, the Application Type will not be displayed in the "Show Recommended" view if no Intrusion Prevention Rules associated with Application Type are currently recommended. To resolve the situation, use the "Show All" view of the Intrusion Prevention Rules screen and assign all recommended Application Types (even if no associated Rules are currently recommended). (Alternatively, you can just dismiss the Alert after verifying that you have assigned all recommended rules to the computer.) [8345] - If DSM is unable to connect to vCenter for an extended period of time, you may notice certain errors constantly being raised and resolved on Deep Security Virtual Appliance VMs, particularly the "Interfaces Out of Sync" error. In general, when DSM is integrated with vCenter, it must maintain constant connectivity with vCenter in order to properly provide protection to the environment. When connectivity is broken, DSM will not be able to respond to the dynamic environment and issues like this can occur. The solution is to ensure that connectivity between DSM and vCenter is always maintained. [10564] - When an Appliance-protected Virtual Machine is migrated from one Appliance-protected ESXi to another, and if that Virtual Machine currently has warnings or errors associated with it (e.g. Reconnaissance Detected), those errors may incorrectly get cleared during the migration. [10602] - Log Inspection Events have a size limitation of 6000 characters. 6.2 Issues fixed in previous Deep Security release but which did not make it to 9.0 SP1 release ======================================================================== None. 7. Release History ======================================================================== See the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9.0.5370 May 21, 2013 7.1 Previous Deep Security 9.0 Releases ===================================================================== 9.0.4017 January 30, 2013 Enhancements in Deep Security 9.0.4017 ===================================================================== - Support for vSphere 5.1, vCenter 5.1 and vShield 5.1 - Support for IPv6 Firewall - Support for Agentless Recommendation - Performance enhancement for Anti-Malware on-demand scans - Support for Cloud environments - Multi-Tenancy support - Hypervisor Integrity Monitoring - A new User Interface for the Deep Security management console, with improved workflow for Policy management - Support for certificate rollover Resolved Known Issues in 9.0.4017 ===================================================================== Issue 1: [14617] The Event-Based Task for "Computer Moved" for vCenter virtual machines currently only works if the machine is moved between ESXi(s). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: We now generate an EBT trigger for folder moves as well as ESXi moves. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This release includes all resolved issues that were resolved in Deep Security 8.0 SP2 except those explicitly listed in the section "Known Issues in Deep Security Manager 9.0" and "Issues fixed in previous Deep Security release but which did not make it to 9.0 SP1 release". 8. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Manager-Windows-9.0.5370.x64.exe (64-bit) Manager-Linux-9.0.5370.x64.sh (64-bit) 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Trend Micro" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 12. Third Party Software ======================================================================== Deep Security Manager employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [INSTALL DIRECTORY]\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2013 Trend Micro Inc. All rights reserved. Published in Canada.