<> Trend Micro, Inc. March 12, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Intrusion Defense Firewall(TM) 1.5 Service Pack 1 for Trend Micro OfficeScan(TM) 8.0 to OfficeScan 10.6 Patch 1 - Build 1.5.2331 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Notes: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation, or online at: http://olr.trendmicro.com Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp. Contents ===================================================================== 1. About Intrusion Defense Firewall 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-installation Configuration 7. Known Issues 7.1 Known Incompatibilities 7.2 Known Issues in the IDF Server Plug-in 7.3 Known Issues in the IDF Client Plug-in 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-party Licensing ===================================================================== 1. About Intrusion Defense Firewall ======================================================================== Intrusion Defense Firewall for OfficeScan Client/Server Edition is an intrusion defense system that enables you to create and enforce security policies that protect sensitive data, applications, computers, or network segments. The server component, Server Plug-in, is installed on the OfficeScan web console. It deploys and manages the client component, Client Plug-in which is installed on client computers with the OfficeScan client program. 1.1 Overview of this Release ===================================================================== Intrusion Defense Firewall 1.5 Service Pack 1 Patch 1 contains a some important bug fixes and Intrusion Defense Firewall client enhancements incorporated from the latest version of the Trend Micro Deep Security(TM) Agent. 1.2 Who Should Install this Release ===================================================================== You should install this release if you are currently running Intrusion Defense Firewall 1.5 Service Pack 1. 2. What's New ======================================================================== This Patch addresses the following issues and includes the following enhancements: 2.1 Enhancements ===================================================================== The following enhancements are included in this Patch: Enhancement 1: Intrusion Defense Firewall Widget - This Patch adds the "Show Computers without a Security Profile" option in the Intrusion Defense Firewall Widget. When enabled, this option allows the Intrusion Defense Firewall Widget to display the number of clients that do not have a security profile in the IDF Computer status information. Note: You need to update the widgets after installing this Patch to successfully add this option to the Intrusion Defense Firewall Widget. Enhancement 2: Intrusion Defense Firewall Client Plug-in - This Patch enables the Intrusion Defense Firewall client plug-in to support the Microsoft(TM) Windows(TM) 8, Microsoft(TM) Windows(TM) 8.1, Windows Server 2012, and Windows Server 2012 R2 platforms. Note: Specific versions of OfficeScan are required for running the Intrusion Defense Firewall client-plug-in on some Windows platforms. Windows 8 and Windows Server 2012 require OfficeScan 10.6 SP2, while Windows 8.1 and Windows Server 2012 R2 require OfficeScan 10.6 SP3 Patch 1. If you are running on any of these Windows platforms, you need to upgrade to the correct version of OfficeScan to be able to run the Intrusion Defense Firewall client plug-in. 2.2 Resolved Known Issues ===================================================================== This Patch resolves the following issues: Issue 1: Sometimes, an issue with the hardware fingerprint retrieval task prevents the deployment of Intrusion Defense Firewall clients. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch resolves the issue with the hardware fingerprint retrieval task to ensure that it does not interfere with Intrusion Defense Firewall client deployment. Issue 2: Intrusion Defense Firewall does not block traffic on Mobile Broadband UMTS devices. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch ensures that the Intrusion Defense Firewall can block traffic on Mobile Broadband UMTS devices. Issue 3: Users cannot uninstall Intrusion Defense Firewall clients that were installed using the standalone package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch ensures that users can successfully uninstall Intrusion Defense Firewall clients that were installed using the standalone package. Issue 4: Connection errors trigger Intrusion Defense Firewall to drop fragmented ICMP/UDP packets. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch prevents the connection errors to enable Intrusion Defense Firewall to accept and process fragmented ICMP/UDP packets. Issue 5: The Windows Media Player encounters network errors. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch resolves the network errors to ensure that Windows Media Player can run normally. Issue 6: The Intrusion Defense Firewall driver for the Windows 7 platform cannot be loaded using a dial-up connection. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch ensures that the Intrusion Defense Firewall driver for the Windows 7 platform can be loaded using a dial-up connection. Issue 7: The value of the "Maximum number of fragmented IP packets to keep" setting rolls back to the default value after users specify another value and click the "Save" button. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Patch ensures that users can successfully change the value of the "Maximum number of fragmented IP packets to keep" setting. Issue 8: An "Unable to open engine \\.\Global\TBIMDSA" event is triggered during updates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Patch ensures that users can successfully apply updates without triggering the event. 3. Documentation Set ======================================================================== The document set for the OfficeScan client includes: o Readme - this readme file contains a list of known issues. It may also contain late-breaking product information not found in the online or printed documentation. o Deployment Guide - A PDF document included with the software describing installation procedures o Administrator's Guide - A PDF document included with the software describing how to manage and administer the software o On-line Help - included with the Server Plug-in software that provides "how to's", usage advice, and field-specific information. The help is accessible from the Intrusion Defense Firewall's management console by clicking the "Help" button displayed on every screen. o Knowledge Base - The Knowledge Base is an online database of problem-solving and troubleshooting information. It provides the latest information about known product issues. To access the Knowledge Base, go to the following web site: http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the system requirements, please refer to the "Intrusion Defense Firewall Deployment Guide". 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== For installation instructions please consult the Deployment Guide included with the software. 5.2 Uninstallation ===================================================================== No uninstallation steps provided. 6. Post-installation Configuration ======================================================================== Refer to Section 7 for more information on procedures to work around certain known issues that can occur after applying this Patch. 7. Known Issues ======================================================================== 7.1 Known Incompatibilities ===================================================================== The following are known software incompatibilities affecting the Intrusion Defense Firewall Client Plug-in: 7.1.1 Windows 2003 Service Pack 1 and Teamed NICs --------------------------------------------------------------------- Incompatibilities have been noted between the Client Plug-in and specific Windows configurations that have network interface teaming enabled. To resolve this issue, upgrade Windows Server 2003 to Service Pack 2, or apply the following patch provided by Microsoft: http://support.microsoft.com/kb/912222/article 7.1.2 Windows 2003 Service Pack 1 --------------------------------------------------------------------- Incompatibilities have been noted between the Client Plug-in and Windows 2003 Service Pack 1. To resolve this issue, upgrade Windows Server 2003 to Service Pack 2, or apply the following patch provided by Microsoft: http://support.microsoft.com/kb/912222/article 7.1.3 Resonate Load Balancer (5.0.1) --------------------------------------------------------------------- Environments where the Resonate load balancing software is installed may experience a loss of Resonate functionality when the Client Plug-in is installed in the same environment. To work around this issue, restart the Resonate Central Dispatch Controller services. 7.1.4 Trend Micro Client Server Messaging Security for SMB --------------------------------------------------------------------- Connectivity issues have been noted while the Client Plug-in runs with any version of Trend Micro Client Server Messaging Security for SMB that are older than Version 3.5 Build 1113. To resolve this issue, upgrade Trend Micro Client Server Messaging Security to Version 3.5 Build 1138 or higher. 7.1.5 Realtek RTL8169/8110 Family Gigabit Ethernet NIC --------------------------------------------------------------------- Issues have been noted when between Version 5.663.1212.2006 of the Realtek Gigabit Ethernet NIC and the Client Plug-in. To resolve this issue, upgrade the driver to the latest version 7.1.6 Intel(R) PRO/100+ Dual Port Server Adapter --------------------------------------------------------------------- Issues have been noted when using Intel NIC cards with driver versions older than 8.0.17.0 in computers running the Client Plug-in. To resolve this issue, upgrade the driver to version 8.0.19 or any higher version. 7.1.7 Windows 2000 Service Pack 1 and Service Pack 2 --------------------------------------------------------------------- Incompatibilities have been noted between the client plug-in and Windows 2000 running Service Pack 1 or Service Pack 2. To resolve this issue, upgrade Windows Server 2000 to Service Pack 3 or Service Pack 4. Note: When deploying Intrusion Defense Firewall Client Plug-in on computers running Windows Server 2000 Service Pack 3, you must also apply the following patch provided by Microsoft: http://support.microsoft.com/kb/884016 7.1.8 Microsoft Windows 2000 Service Pack 3 and Service Pack 4 --------------------------------------------------------------------- In the Windows 2000 platform, the Intrusion Defense Firewall client plug-in may display a "Digital Signature Not Found" message. To resolve this issue, users need to install the latest Root Certificates package from the Microsoft web site. Note: For detailed information please refer to the Microsoft Knowledge Base page: http://support.microsoft.com/kb/931125 7.2 Known Issues for the Intrusion Defense Firewall Server Plug-in: ===================================================================== The following are known issues/limitations for the Intrusion Defense Firewall Server Plug-in: 7.2.1 If DNS is not available, Intrusion Defense Firewall Server Plug-in cannot communicate with all clients --------------------------------------------------------------------- By default the Server Plug-in attempts to resolve the hostnames of clients using DNS in order to communicate with them. In some environments DNS is not available, so the Server Plug-in cannot communicate with all clients. To work around this issue, you can enable a setting on the Server Plug-in to allow it to use the last known IP of the computer that OfficeScan has reported instead of the hostname. This will allow the IDF Server Plug-in to communicate with computers when no DNS is available. To enable the setting: 1. Stop the Intrusion Defense Firewall service. 2. Add the following line to the "dsm.properties" file in the "\Addon\Intrusion Defense Firewall\ webclient\webapps\ROOT\WEB-INF" folder: hssHostnameIPDisplaynameClientname=true 3. Start the Intrusion Defense Firewall service. Notes: - This new scheme will store the IP in the "hostname" field, and the client name in the "displayname" field so all your hosts will appear as " ()" in the GUI. - A full sync, which is done when you log in to the Server Plug-in, will need to be done to update all the hostnames. If you did all the restarts while still logged in, you may need to run another full sync from the "Hosts" list. 7.2.2 Some frames within the console may be unresponsive --------------------------------------------------------------------- On rare occasions after installing or upgrading the Intrusion Defense Firewall Server, some of the frames within the console may become unresponsive. For instance, the dashboard may not show up when you first load the console. If this problem persists, restart the Intrusion Defense Firewall service on the server. 7.2.3 Microsoft SQL Server may interfere with Server Plug-in installation --------------------------------------------------------------------- If installation of the Server Plug-in fails because of Microsoft SQL Server, restart the computer and retry the installation. There are rare circumstances where Microsoft SQL Server 2005/2008 requires a reboot to complete the installation. 7.2.4 Intrusion Defense Firewall Server console will not open in some installations of Microsoft Internet Explorer(TM) 7+ --------------------------------------------------------------------- In some cases, the Server console will not open in some installations of Internet Explorer 7+. This is caused by a certificate error in Internet Explorer 7+. You can try any of the following procedures to work around this issue: 1. Import the Intrusion Defense Firewall Server certificate. To access the Intrusion Defense Firewall Server certificate: a. Open an Internet Explorer 7+ window and connect to "https://:4119". b. Click "Continue to this website?" c. Click "Certificate Error". d. Click "View certificates". e. Install the certificate. f. Automatically select the certificate store based on the type of certificate. g. Go back to the OfficeScan console, and access the Intrusion Defense Firewall Server. 2. Add the OfficeScan server address to the list of "Trusted Sites" in Internet Explorer 7+. To do this: a. Open an Internet Explorer 7+ window and go to "Tools > Internet Options". b. Select the "Security" tab, and click "Trusted Sites". c. Add the OfficeScan server site to the list and save the changes. d. Go back to the OfficeScan console and access the Intrusion Defense Server. 7.2.5 Computers must be deleted from Intrusion Defense Firewall manually --------------------------------------------------------------------- Computers must be deleted from Intrusion Defense Firewall manually. This is to prevent loss of configuration when OfficeScan auto-deletes inactive computers after seven days. If computers that still exist in OfficeScan are deleted, these will re-appear on the next synchronization. Synchronization may run when you click the "Manage Program" button or every 24 hours automatically. 7.2.6 Deployment or removal of Client Plug-in may not complete before time-out --------------------------------------------------------------------- When deploying or removing the Client Plug-in, the Intrusion Defense Firewall Server Plug-in waits up to three hours for a successful operation. Operations may not be able to complete before the timeout if: - The computer is off or not connected - The OfficeScan server has the computer in the Offline state and remains in this state for over three hours. - The operation completed but the result is not sent back to the server. 7.2.7 Upgrades may fail if the "Services" screen is open --------------------------------------------------------------------- During upgrades on some platforms, the Intrusion Defense Firewall service may not be installed properly if the "Services" screen is open. Trend Micro recommends closing the "Services" screen prior to installation or upgrade of Intrusion Defense Firewall. 7.2.8 Windows Firewall may interfere with port scans --------------------------------------------------------------------- If Windows Firewall is enabled on Intrusion Defense Firewall, it may interfere with port scans and cause false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720, causing these ports to always appear open regardless of any filters placed on the host. 7.2.9 The clock on a client machine must be synchronized with Intrusion Defense Firewall --------------------------------------------------------------------- The clock on a client machine must be synchronized with Intrusion Defense Firewall to within 24 hours. If the clock is behind the clock on the Server Plug-in, the activate operation will fail. 7.2.10 Caching successful DNS lookups forever may prevent Intrusion Defense Firewall from communicating with computers that use DHCP or whose IP address has changed. --------------------------------------------------------------------- The Intrusion Defense Firewall Server Plug-in runs in a Java(TM) Virtual Machine (JVM), and the JVM places certain controls on network behavior. Java uses a cache to store both successful and unsuccessful DNS lookups. By default, successful lookups are cached forever as a guard against DNS spoofing attacks. However, this type of caching may prevent the Intrusion Defense Firewall from communicating with computers that use DHCP or whose IP address has changed. To prevent communication issues, Intrusion Defense Firewall overrides this setting to a 60-second cache through the "networkaddress.cache.ttl=60" setting in the "java.security" file under the "Trend Micro\OfficeScan\AddOn\Intrusion Defense Firewall\jre\lib\security" folder. Note: In environments where DNS servers are at risk of DNS spoofing, users may opt to prevent Intrusion Defense Firewall from looking up IP addresses from a DNS server by configuring the DNS cache to an unlimited lifetime. To reconfigure this setting: a. Open the "java.security" file under the "Trend Micro \OfficeScan\AddOn\Intrusion Defense Firewall\jre\ lib\security" folder. b. Locate "networkaddress.cache.ttl" and set its value to "-1". c. Save the changes and close the file. d. Restart the Intrusion Defense Firewall service. After the DNS spoofing situation has been resolved, users should promptly reconfigure the setting to "networkaddress.cache.ttl=60" by following the procedure above. This can help prevent the communication issue between Intrusion Defense Firewall and computers that use DHCP or whose IP address has changed. Refer to the following site for more information on the Java network cache settings: http://java.sun.com/j2se/1.5.0/docs/guide/net/properties.html 7.2.11 Sample profiles may require modification before use --------------------------------------------------------------------- The sample profiles included with the product may require modification before use. Specifically, the profiles are designed to operate in a non-domain environment. To use the profiles in a Windows Domain environment, you should modify the profiles as follows to enable communication from the Domain Controller to the domain clients: 1. Edit the "Domain Controller(s)" IP list and replace the IP of 127.0.0.1 with the list of IPs that represent the Domain Controller(s) with which the client may communicate. 2. Add the following two packet filters to the profile: - TCP from Domain Controller - UDP from Domain Controller 7.2.12 Firewall Rules must be considered when writing custom Security Profiles --------------------------------------------------------------------- Firewall Rules to consider when writing custom Security Profiles: - If you rely on dynamic ARP, include an appropriate rule to allow ARP. - If the UDP stateful option is enabled, a "Force Allow" rule must be used when running UDP servers (e.g., DHCP). - If you do not have a DNS or WINS server configured for your computers, a "Force Allow, Incoming UDP Ports 137" rule may be required for NetBios. 7.2.13 If Intrusion Defense Firewall Backup and Restore are used to migrate computers from one OfficeScan server to another, the migrated computers must be updated within Intrusion Defense Firewall with the new OfficeScan server computer name --------------------------------------------------------------------- If the Intrusion Defense Firewall Backup and Restore processes (as described in the Intrusion Defense Firewall "Administrator's Guide" and on-line help) are being used to migrate computers from one OfficeScan server to another, the migrated computers must be updated within Intrusion Defense Firewall with the new OfficeScan server computer name. For all migrated computers, right-click, and select "Actions > Update Client Plug-in(s) Now". 7.2.14 Summary report system events graph may not properly display data if you select a one-hour time interval --------------------------------------------------------------------- When creating a summary report, if you select a one-hour time interval, the system events graph might not properly display the data. To resolve the issue, use a time interval of two hours or more. 7.2.15 A "java.lang.OutOfMemoryError" error may occur during the installation of the Server Plug-in --------------------------------------------------------------------- If you receive a "java.lang.OutOfMemoryError" error while installing the Server Plug-in, refer to the "Deployment Guide" for instructions on how to configure the maximum memory usage for the installer. 7.2.16 A "Recommendation" alert may occur on some computers even after all the recommended DPI Rules have been applied --------------------------------------------------------------------- A "Recommendation" alert may occur on some computers even after all the recommended DPI Rules have been applied. This may occur because there are Application Types that are recommended for a computer, but all DPI Rules within a particular Application Type are not recommended. To resolve the issue, use the "Show All" view of the DPI Rules screen for the computer to ensure that all recommended Application Types are assigned, or simply dismiss the alert after verifying that you have assigned all recommended rules for the computer. 7.2.17 An "Update Failed" error may occur When performing an Activate/Reactivate on an already activated Client Plug-in --------------------------------------------------------------------- When performing an Activate/Reactivate on an already activated Client Plug-in, you may get an "Update Failed" error. If you see this error, the activate/reactivate has succeeded; however, the update may not have. To resolve this, perform a clear error/warnings on the affected host and then right-click and select "Update Now". This will force the update to take effect. 7.2.18 In an IPv6 and IPv4 mixed environment, Intrusion Defense Firewall client deployment may remain in the "deploying client" stage for a long time --------------------------------------------------------------------- In an IPv6 and IPv4 mixed environment, Intrusion Defense Firewall client deployment may remain in the "deploying client" stage for a long time because the OfficeScan server is using IPv6 and Intrusion Defense Firewall does not support IPv6 in this release. To work around this issue: 1. In the OfficeScan 10.6 web console go to "Networked Computers > Global Client Settings". 2. In the "Preferred IP Address" section, select the "IPv4 first, then IPv6" option under the "Clients with IPv4 and IPv6 addresses register to server using" settings. 3. Open the "dsm.properties" file in the "C:\Program Files\ Trend Micro\OfficeScan\Addon\Intrusion Defense Firewall\ webclient\webapps\ROOT\WEB-INF\" folder and add the following line: hssHostnameIPDisplaynameClientname=true 4. Restart the Intrusion Defense Firewall services. 7.2.19 The Intrusion Defense Firewall Widget may Disappear after Users Upgrade the Intrusion Defense Firewall Server --------------------------------------------------------------------- When this happens, manually add the widget back from the OfficeScan web console. 7.3. Known Issues for the Intrusion Defense Firewall Client Plug-in: ===================================================================== The following are known issues/limitations for the Intrusion Defense Firewall Client Plug-in: 7.3.1 Running more than one firewall on a single host can lead to unpredictable behavior. --------------------------------------------------------------------- Running more than one firewall on a single host can lead to unpredictable behavior. Before enabling the IDF firewall, any firewalls already running on a host should be disabled/turned off. Note: Running both OfficeScan firewall and Intrusion Defense Firewall, regardless of whether IDF is active, may lead to unpredictable behavior on some Windows XP/2003 systems. (Refer to the "Deployment Guide" for more information.) 7.3.2 Stateful Inspection (with TCP and UDP logging enabled) must be enabled for the Traffic Analysis feature --------------------------------------------------------------------- Stateful Inspection (with TCP and UDP logging enabled) must be enabled for the Traffic Analysis feature to function correctly. 7.3.3 Upgrade of the Intrusion Defense Firewall driver may not have completed but the Intrusion Defense Firewall server shows "Managed" --------------------------------------------------------------------- During an upgrade, the upgrade of the Intrusion Defense Firewall driver may not have completed but the Intrusion Defense Firewall server shows "Managed". The Intrusion Defense Firewall driver install/upgrade may need you to restart the Intrusion Defense Firewall services but in rare cases it does not show the "Reboot Required" warning message. The Intrusion Defense Firewall client will continue to use the previous driver until after Intrusion Defense Firewall has restarted. 7.3.4 Intrusion Defense Firewall client deployment or upgrade may succeed but the Intrusion Defense Firewall server console displays an "Update Failed" status for the computer --------------------------------------------------------------------- In rare cases an Intrusion Defense Firewall client deployment or upgrade will succeed but the Intrusion Defense Firewall server console displays an "Update Failed" status for the computer. This may be due to the driver being successfully installed without bindings to network adapters on the host. To resolve this issue locally, manually enable the bindings by selecting the checkboxes associated with "Third Brigade DSA Filter Driver" for a network adapter in "Local Area Connection > Properties" or remotely uninstall and re-deploy the client. The Uninstallation should remove the driver entirely, and the fresh install should reinstate the bindings. 7.3.5 If connectivity is lost during upgrade, client machine may need to be restarted --------------------------------------------------------------------- When upgrading the Client Plug-in, if network connectivity becomes lost for an extended period of time, it may be necessary to restart the Client Plug-in's host machine. 7.3.6 NDIS drivers may stop responding during installation or uninstallation if these do not properly free packets when requested to unbind --------------------------------------------------------------------- It is possible that NDIS drivers will stop responding during installation or uninstallation if these do not properly free packets when requested to unbind. The Intrusion Defense Firewall Client Plug-in with accompanying NDIS 5.1 or NDIS 6.0 driver is set to free all packets correctly before upgrades or uninstallation; however, when installing or uninstalling NDIS drivers, Microsoft requires that all NDIS drivers be unbound and then rebound. This means that if other third-party NDIS drivers do not properly free packets, it is still possible for the Intrusion Defense Firewall Client Plug-in install, upgrade, or uninstall processes to stop responding. This is beyond Trend Micro's control and will only happen in very limited situations. If this does occur, restarting your computer will likely resolve the issue so that you can attempt to install, uninstall, or upgrade afterwards. 7.3.7 Firewall and DPI Events may display numbers instead of object name --------------------------------------------------------------------- Under certain circumstances the Firewall and DPI Events on the Intrusion Defense Firewall Client Plug-in or Server Plug-in display numbers for a DPI Rule, traffic stream, and Firewall Rule instead of the object's name. This occurs when the event viewer does not have access to the objects referred to by the event log entry in the following instances: - The rule has been unassigned from the host - The Client Plug-in has been locally deactivated, which causes the Client Plug-in to clear all previous security settings, in addition to returning the Client Plug-in to a pre-activation state - A new set of rules has been assigned to the Client Plug-in, but the "Refresh" button has not been clicked on the Client Plug-in "Configuration" tab. 8. Release History ======================================================================== - Intrusion Defense Firewall 1.5.2331, April, 2013 - Intrusion Defense Firewall 1.5.1229, June, 2012 - Intrusion Defense Firewall 1.5.1206, August, 2011 9. Files Included in this Release ======================================================================== This patch is released in an Active Update package. Users can download this Intrusion Defense Firewall 1.5 Service Pack 1 Patch 1 package from the OfficeScan Activate Update Server: IdfClientAgent.zip IdfClientPlugin.zip IdfClientPlugin_i386.zip IdfClientPlugin_x86_64.zip IdfPatchAgent.zip IdfServerPlugin.zip 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro by fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Trend Micro" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, OfficeScan, Intrusion Defense Firewall, and Deep Security are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide 13. Third-party licensing ======================================================================== 13.1 Intrusion Defense Firewall Server Plug-in ===================================================================== Intrusion Detection Firewall makes use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [INSTALL DIRECTORY]\webclient\webapps\ROOT\WEB-INF\lib\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. For more information on the 3rd party binary distributions and access to source code see the following locations: Apache Commons: http://commons.apache.org Axis: http://ws.apache.org/axis/ BeanShell: http://www.beanshell.org/ Bouncy Castle: http://www.bouncycastle.org/ CSVWriter: http://www.osjava.org/genjava/license.html Derby: http://db.apache.org/derby/ iText: http://www.lowagie.com/iText/index.html Jasper: http://jasperforge.org/plugins/project/project_home.php?group_id=102 Java: http://www.sun.com/java/ JavaMail API: http://java.sun.com/products/javamail/ JAX-RPC: https://jax-rpc.dev.java.net/ JCommon: http://www.jfree.org/jcommon/ JFreeChart: http://www.jfree.org/jcommon/ JExcel API: http://jexcelapi.sourceforge.net/ JTDS: http://jtds.sourceforge.net/ JUnit: http://www.junit.org/ MD5Crypt: http://www.mackman.net/code/MD5Crypt.java Oracle JDBC: http://www.oracle.com/technology/tech/java/sqlj_jdbc/index.html SAAJ: https://saaj.dev.java.net/ SNMP4J: http://www.snmp4j.org/ Tomcat: http://tomcat.apache.org/ VMware: http://www.vmware.com/ WSDL4J: http://sourceforge.net/projects/wsdl4j Xalan: http://xml.apache.org/xalan-j/ Xerces: http://xerces.apache.org/xerces2-j/ XML Commons: http://xml.apache.org/commons/ 13.2 Intrusion Defense Firewall Client Plug-in ===================================================================== This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). IDF Client Plug-in also employs the use of the following software. Third-party binary distributions: Expat (http://expat.sourceforge.net/) fksec (http://win32.mvps.org/) IP Filter (http://coombs.anu.edu.au/~avalon/) SQLite (http://www.sqlite.org/) WxWidgets (http://www.wxwidgets.org/) zlib (http://www.zlib.net/) Third-party source: GMTime (http://www.jbox.dk/sanos/source/lib/time.c.html) Tree (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/sys/tree.h) The third-party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Public domain source code licenses are available here: SQLite - http://www.sqlite.org/copyright.html fksec - http://win32.mvps.org/license.html Where third-party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2013 Trend Micro Inc. All rights reserved. Published in Canada.