~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Virtual Appliance 9.0 SP1 and Deep Security Filter Driver 9.0 SP1 Platforms: ESXi 5.1, 5.0 Anti-Malware Support: Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit), Windows XP SP2 (32-bit, 64-bit), Windows Server 2003 SP2 (32-bit, 64-bit), Windows Server 2003 R2 (32-bit, 64-bit), Windows Server 2008 (32-bit, 64-bit), Windows Server 2008 R2 (64-bit) Date: May 21, 2013 Release: 9.0 SP1 Build Version: 9.0.0.2009 (DSVA) 9.0.0.995 (Filter Driver) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our Web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.0 SP1 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Support Expiration Notice 1.4 Upgrade Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 8.1 Prior Deep Security 9.0 Releases 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security 9.0 SP1 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security 9.0 SP1 contains a number of bug fixes as well as some new feature enhancements. 1.2 Who Should Install This Release ===================================================================== You should install the 9.0 SP1 release if you are currently running Deep Security 7.0, 7.5, 8.0, or 9.0. Note: When upgrading to 9.0 SP1 it is required that both the Deep Security Filter Driver and the Deep Security Virtual Appliance be upgraded to the 9.0 SP1 version. 1.3 Support Expiration Notice ===================================================================== Trend Micro strongly urges you to upgrade to the most recent version to take full advantage of new features and improved performance. Please visit the Trend Micro Download Center website to download the latest releases at: http://downloadcenter.trendmicro.com/ 1.4 Upgrade Notice ===================================================================== If you are currently using Deep Security 7.5 with the Deep Security Virtual Appliance, you should upgrade your Deep Security Virtual Appliance and Filter Driver to 8.0 SP2 or later version. Deep Security Manager 9.0 does not support DSVA 7.5 or earlier version. Also be sure to read the VMware documentation for upgrading your VMware environment including the KB article on the VMware website: Unmanaged vShield Endpoint 1.0 components remain after upgrading vShield Manager from 4.1 to 5.0 (http://kb.vmware.com/kb/2011482) 2. What's New ======================================================================== For major changes in Deep Security 9.0 from previously released versions of Deep Security, please read the "What's New in Deep Security 9 SP1" section of the Deep Security Manager on-line help, the Deep Security Administrator's Guide or Deep Security Installation Guide, available for download from the Trend Micro Download Center. 2.1 Enhancements ===================================================================== - Changed default setting for compressed file scanning to improve the performance of realtime anti-malware performance for Compressed Files. User can also configure such setting on the Deep Security Manager console. 2.2 Resolved Known Issues ===================================================================== Issue 1: [17840/17881/TT263949] Under certain circumstances DSM would open a connection to the DSVA master agent but not supply the tunneling header. This would leave the DSVA master agent in a hung state waiting for a blocking read. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: Fixed by applying a 30 second timeout to the read. Impact: The agent will only stay in the hung state now for 30 seconds. After 30 seconds it will log a message that the tunneling header was not received and communication with DSM will be re-established. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT268579] The ds_am process would crash because of an error in the handling of EPSecStatus return code. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The issue is fixed to properly handle the non-zero rtscan_epsec_read() return code in ds_am. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [17994/17943/TT263949] Diagnostic package for new ds_monitor logs does not pick up all the required log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: The issue fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [18762/TT269591/TT270131/TT268865/TT268779/TT268134/TT269224] We have identified an issue in Deep Security 9 that may possibly cause a significant impact if experienced. - A race condition may occur when resources are being de-allocated for a virtual machine. This de-allocation occurs during VM shutdown or a vMotion action. - In addition, the race condition can be encountered more often on ESXi servers that have a large range of varying remote addresses (i.e. connections inbound) that are sending IP (any IP/IPv6) packets to a given VM(s). A list of tracked hosts grows in size and when it is cleaned up (such as during VM shutdown or vMotion action), it results in the holding of a lock for too long and the VMware kernel does not tolerate the resource hold that is occurring. - This may result in a PSoD (Purple Screen of Death) on the ESXi server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security 9.0 SP1 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 9.0 SP1 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance and ESXi Filter Driver. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security 9.0 SP1 Installation Guide." 5. Installation/Uninstallation ======================================================================== - See the "Deep Security 9.0 SP1 Installation Guide" document available for download from the Trend Micro Download Center. - The 9.0 SP1 version of the Deep Security Virtual Appliance requires the 9.0 SP1 version of the Deep Security Filter Driver. - When a Deep Security Virtual Appliance (DSVA) is deployed in a VMware environment that makes use of the VMware Distributed Resource Scheduler (DRS), it is important that the DSVA does not get vMotioned. DSVAs must be "pinned" to their particular ESXi host. You must actively change the DRS settings for all the DSVAs to "Manual" or "Disabled" (recommended) so that they will not be vMotioned by the DRS. If a DSVA (or any VM) is set to "Disabled", vCenter Server does not migrate that virtual machine or provide migration recommendations for it. This is known as "pinning" the virtual machine to its registered host and is the recommended course of action for DSVAs in a DRS environment. (An alternative is to deploy the DSVA onto a local store as opposed to a shared store. When DSVA is deployed onto a local store it cannot be vMotioned by DRS.) For further information on DRS and pinning VMs to a specific ESXi, please consult your VMware documentation. 6. Known Incompatibilities ======================================================================== None 7. Known Issues in Deep Security Virtual Appliance 9.0 SP1 ======================================================================== - If the DSVA runs out of disk space during its upgrades, the upgrade will fail with error message from vCenter and Deep Security Manager, instead of cleaning up the space or warning user before the upgrade starts. [18706] - In some cases, if you deploy the Deep Security Virtual Appliance and you select to use a static IP address, the default DNS domain will be set incorrectly. To resolve this, log in to the DSVA console command line and vi /etc/resolv.conf. Ensure the values for search and nameserver are correct for your environment. [Deep Security 8.0 Tier 2-00184] - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 SP1 or later of the Windows Agents or versions 7.5 SP1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - On some Windows platforms, when downloading malware using Internet Explorer, the download process windows will be closed upon detection. The file has still been detected and cleaned even though no error or warning was given. [00619] - The quarantine action may fail if the maximum quarantine size is set too high. The default size is 32MB. It is recommended not to set the limit higher than 200MB. - If your ESXi or Deep Security Virtual Appliance are in a different domain than your DSM, they may have problems connecting to DSM. Renaming your DSM to use the fully qualified name fixes this, e.g. manager.hq.local. For information on how to rename your DSM's hostname, consult the documentation. - For any images you have on your ESXi machine, ensure you have latest VMware Tools installed. - The DSVA cannot perform Log Inspection - therefore you cannot assign Log Inspection Rules to machines without an in-guest Deep Security Agent. - Set configuration to guest VM will fail with an "Operation timed out" showed on DSM, if the processing of the configuration takes longer than 60 seconds. User needs to restart the DSVA to recover. [TT268577/19201] 8. Release History ======================================================================== See the following Web site for more information about updates to this product: http://www.trendmicro.com/download DSVA 9.0.0.2009 May 21, 2013 FD 9.0.0.995 May 21, 2013 8.1 Previous Deep Security 9.0 Releases ===================================================================== 9.0.0.883 (DSVA) January 30, 2013 9.0.0.854 (Filter Driver) January 30, 2013 Enhancements in DSVA 9.0.0.883 and FD 9.0.0.854 ===================================================================== - Support for ESXi 5.1 - Enhancement of Anti-Malware on demand scan performance improvement - Addition of Agentless Recommendation feature Resolved Known Issues in 9.0.883 ===================================================================== Issue 1: [FB17095] With the 1G default memory deployment size of DSVA, many customers are running out of memory, causing inconvenience to increase DSVA memory later. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The default memory size of the DSVA has been increased to 2 GB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT255553, FB16310, FB16291] The Agent-less Web Reputation Service feature would not function through a proxy if the user name contains '\' character. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [FB12822] If Context specific FW/Intrusion Prevention rules are assigned to machines without in-guest Deep Security Agent installed, it may cause the ESXi server to crash. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This issue was resolved by modifying the Deep Security Compiler (DSC) in the DSVA to ignore DPI/FW Rules associated with Contexts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note 3: The use of Contexts with Rules is intended to give rules running on mobile workstations "location awareness" and is not intended for use in Agentless virtualized environments. For information on Contexts, see Components > Contexts in the online help. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [TT257923, FB16451] The Web Reputation Service feature with "allow override" was not working as expected for the DSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [TT253665, FB16360] An issue was identified in the Deep Security Virtual Appliance (DSVA) which causes slow response during an anti-malware scan while opening/copying files from the network file share. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: A Real-Time scan cache feature has been implemented in the DSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [TT260076, 16864] Excessive messages were generated when the ds_guest_agent fails to bind to its ListenSocket ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: Fixed by having the ds_guest_agent exit if it fails to create or bind to it's listen socket. This prevents excessive amount of logs from being generated when this problem is encountered. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This release includes all resolved issues that were resolved in Deep Security 8.0 SP2 except those explicitly listed in the section "Known Issues in Deep Security Virtual Appliance 9.0 SP1". 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Appliance-ESX-9.0.0-2009.x86_64.zip FilterDriver-ESX_5.0-9.0.0-995.x86_64.zip (Use this package for ESXi 5.0 or ESXi 5.1) 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, go to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen will display. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== The 3rd party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2013 Trend Micro Inc. All rights reserved. Published in Canada.