<> Trend Micro, Inc. August 26, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Intrusion Defense Firewall(TM) 1.5 Service Pack 1 for Trend Micro OfficeScan(TM) 10.0 to OfficeScan 11 Patch 3 - Build 1.5.2392 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at: http://olr.trendmicro.com Contents ===================================================================== 1. About Intrusion Defense Firewall 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-Installation Configuration 7. Known Issues 7.1 Known Incompatibilities 7.2 Known Issues in the Intrusion Defense Firewall Server Plug-In 7.3 Known Issues in the Intrusion Defense Firewall Client Plug-In 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-party Licensing ===================================================================== 1. About Intrusion Defense Firewall ======================================================================== Intrusion Defense Firewall for OfficeScan Client/Server Edition is an intrusion defense system that enables you to create and enforce security policies that protect sensitive data, applications, computers, or network segments. The server component, Server Plug-In, is installed on the OfficeScan web console. It deploys and manages the client component, Client Plug-In which is installed on client computers with the OfficeScan client program. 1.1 Overview of this Release ===================================================================== Intrusion Defense Firewall 1.5 Service Pack 1 Patch 3 contains solutions to several known issues. 1.2 Who Should Install this Release ===================================================================== You should install this release if you are currently running Intrusion Defense Firewall 1.5 or any later release. 2. What's New ======================================================================== NOTE: Please install this Patch before completing any procedure in this section (see "5.1 Installation"). This Patch addresses the following issues and includes the following enhancements: 2.1 Enhancements ===================================================================== There are no enhancements for this hot fix release. 2.2 Resolved Known Issues ===================================================================== This Patch resolves the following issues: Issue 1: A socket closure error may trigger recommendation scans to fail when the CPU usage level is set to "Medium". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 2379] This hot fix extends the CPU usage allowance for recommendation scans to give more time for these scans to complete before the socket closes. Issue 2: An error handling issue in the Intrusion Defense Firewall driver for Network Driver Interface Specification (NDIS) API triggers blue screen of death (BSOD) while a protected computer shuts down. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 2381] This hot fix resolves the issue by improving the error handling mechanism in the Intrusion Defense Firewall driver for NDIS API. Issue 3: A race condition may trigger the IDF client service to exit unexpectedly while shutting down. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 2381] This hot fix resolves the issue by adjusting the thread model between the Microsoft(TM) Windows(TM) Service Controller and IDF client service. Issue 4: Attack reports on the IDF server does not display the correct information in the "Summary" section when the custom time filter is set to a time range before the current time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 2383] This hot fix ensures that attack reports display complete and accurate information. Issue 5: The OfficeScan agent Plug-in Manager may not be able to display the Intrusion Defense Firewall version information on some computers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot Fix 2383] This hot fix resolves the issue by updating the Intrusion Defense Firewall client registration information on the OfficeScan Plug-in Manager. Issue 6: OfficeScan 11 Service Pack 1 and newer versions use a different settings encryption method than the previous versions. This change triggers issues in the Intrusion Defense Firewall's Deep Security(TM) Rules Update (DSRU) process through a proxy server that requires credentials to access. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot Fix 2388] This hot fix resolves the issue by enabling Intrusion Defense Firewall to support the new setting encryption method of OfficeScan. Issue 7: The path to the Intrusion Defense Firewall server service in the registry is not enclosed in quotation marks. This may cause certain vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot Fix 2390] This hot fix encloses the Intrusion Defense Firewall server service path in quotation marks to prevent the vulnerabilities. Issue 8: Sometimes, the Intrusion Defense Firewall client exits abnormally while shutting down. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hot Fix 2391] The hot fix resolves the issue by improving the memory access mechanism during shutdown. Issue 9: The Intrusion Defense Firewall rule engine may attempt to access invalid memory which can trigger BSOD. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch ensures that the IDF rule engine does not attempt to access invalid memory. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deployment Guide -- Provides product overview, deployment plan, installation steps and basic information intended to help you deploy Intrusion Defense Firewall smoothly. o Administrator's Guide -- Provides post-installation instructions on how to configure the settings to help you get Intrusion Defense Firewall "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Intrusion Defense Firewall. o Readme.txt files -- version enhancements, basic installation, known issues, and release history. Electronic versions of the printed manuals are available at: http://docs.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the system requirements, see the Deployment Guide: http://docs.trendmicro.com/ 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== For installation instructions, refer to the Deployment Guide at: http://docs.trendmicro.com/ 5.2 Uninstallation ===================================================================== For uninstallation instructions, refer to the Deployment Guide at: http://docs.trendmicro.com/ 6. Post-installation Configuration ======================================================================== Refer to Section 7 for more information on procedures to work around certain known issues that can occur after applying this Patch. 7. Known Issues ======================================================================== 7.1 Known Incompatibilities ===================================================================== The following are known software incompatibilities affecting the Intrusion Defense Firewall Client Plug-In: 7.1.1 Windows 2003 Service Pack 1 and Teamed NICs --------------------------------------------------------------------- Incompatibilities have been noted between the Client Plug-In and specific Windows configurations that have network interface teaming enabled. To resolve these issues, upgrade Windows Server 2003 to Service Pack 2, or apply the following patch provided by Microsoft: http://support.microsoft.com/kb/912222/article 7.1.2 Windows 2003 Service Pack 1 --------------------------------------------------------------------- Incompatibilities have been noted between the Client Plug-In and Windows 2003 Service Pack 1. To resolve these issues, upgrade Windows Server 2003 to Service Pack 2, or apply the following patch provided by Microsoft: http://support.microsoft.com/kb/912222/article 7.1.3 Resonate Load Balancer (5.0.1) --------------------------------------------------------------------- Environments where the Resonate load balancing software is installed may experience a loss of Resonate functionality when the Client Plug-In is installed in the same environment. To work around this issue, restart the Resonate Central Dispatch Controller services. 7.1.4 Trend Micro Client Server Messaging Security for SMB --------------------------------------------------------------------- Connectivity issues have been noted while the Client Plug-In runs with any version of Trend Micro Client Server Messaging Security for SMB that are older than Version 3.5 Build 1113. To resolve these issues, upgrade Trend Micro Client Server Messaging Security to Version 3.5 Build 1138 or higher. 7.1.5 Realtek RTL8169/8110 Family Gigabit Ethernet NIC --------------------------------------------------------------------- Issues have been noted between Version 5.663.1212.2006 of the Realtek Gigabit Ethernet NIC and the Client Plug-In. To resolve these issues, upgrade the driver to the latest version. 7.1.6 Intel(R) PRO/100+ Dual Port Server Adapter --------------------------------------------------------------------- Issues have been noted when using Intel NIC cards with driver versions older than 8.0.17.0 on endpoints running the Client Plug-In. To resolve this issue, upgrade the driver to version 8.0.19 or later. 7.1.7 Windows 2000 Service Pack 1 and Service Pack 2 --------------------------------------------------------------------- Incompatibilities have been noted between the Client Plug-In and Windows 2000 running Service Pack 1 or Service Pack 2. To resolve these issues, upgrade Windows Server 2000 to Service Pack 3 or Service Pack 4. NOTE: When deploying Intrusion Defense Firewall Client Plug-In on endpoints running Windows Server 2000 Service Pack 3, you must also apply the following patch provided by Microsoft: http://support.microsoft.com/kb/884016 7.1.8 Windows 2000 Service Pack 3 and Service Pack 4 --------------------------------------------------------------------- In the Windows 2000 platform, the Intrusion Defense Firewall Client Plug-In may display a "Digital Signature Not Found" message. To resolve this issue, users need to install the latest Root Certificates package from the Microsoft website. NOTE: For detailed information, please refer to the Microsoft Knowledge Base page: http://support.microsoft.com/kb/931125 7.2 Known Issues for the Intrusion Defense Firewall Server Plug-In: ===================================================================== The following are known issues and limitations for the Intrusion Defense Firewall Server Plug-In: 7.2.1 If DNS is not available, the Intrusion Defense Firewall Server Plug-In is unable to communicate with clients --------------------------------------------------------------------- By default, the Server Plug-In attempts to resolve the host names of clients using DNS in order to communicate with them. In some environments, DNS is not available, so the Server Plug-In is unable to communicate with all clients. To work around this issue, you can enable a setting on the Server Plug-In to allow it to use the last known IP of the endpoint as reported by OfficeScan instead of the host name. This will allow the Intrusion Defense Firewall Server Plug-In to communicate with endpoints when no DNS is available. To enable the setting: 1. Stop the Intrusion Defense Firewall service. 2. Add the following line to the "dsm.properties" file in the "\Addon\Intrusion Defense Firewall\ webclient\webapps\ROOT\WEB-INF" folder: hssHostnameIPDisplaynameClientname=true 3. Start the Intrusion Defense Firewall service. NOTE: - This new scheme will store the IP in the "hostname" field, and the client name in the "displayname" field so all your hosts will appear as " ()" in the GUI. - Log on to the Server Plug-In to update all the host names. If you restarted endpoints while still logged on, go to "Console > Computer" and click "Synchronize with OfficeScan". 7.2.2 Some frames within the console may be unresponsive --------------------------------------------------------------------- On rare occasions after installing or upgrading the Intrusion Defense Firewall Server, some of the frames within the console may become unresponsive. For example, the dashboard may not display when you first load the console. If this problem persists, restart the Intrusion Defense Firewall service on the server. 7.2.3 Microsoft SQL Server may interfere with Server Plug-In installation --------------------------------------------------------------------- If installation of the Server Plug-In fails because of Microsoft SQL Server, restart the endpoint and retry the installation. There are rare circumstances where Microsoft SQL Server 2005/2008 requires a reboot to complete the installation. 7.2.4 Intrusion Defense Firewall Server console will not open using some installations of Microsoft Internet Explorer 7 or later --------------------------------------------------------------------- In some cases, the Server console will not open using some installations of Internet Explorer 7 or later. This is caused by a certificate error in Internet Explorer. You can try any of the following procedures to work around this issue: 1. Import the Intrusion Defense Firewall Server certificate. To access the Intrusion Defense Firewall Server certificate: a. Open the affected Internet Explorer and go to "https://:4119". b. Click "Continue to this website?". c. Click "Certificate Error". d. Click "View certificates". e. Install the certificate. f. Select the option to automatically select the certificate store based on the type of certificate. g. Go back to the OfficeScan console, and access the Intrusion Defense Firewall Server. 2. Add the OfficeScan server address to the list of "Trusted Sites" in the affected Internet Explorer. To do this: a. Open the affected Internet Explorer and go to "Tools > Internet Options". b. Go to the "Security" tab, and click "Trusted Sites". c. Add the OfficeScan server site to the list and save the changes. d. Go to the OfficeScan console and access the Intrusion Defense Server. 7.2.5 Endpoints must be deleted from Intrusion Defense Firewall manually --------------------------------------------------------------------- Endpoints must be deleted from Intrusion Defense Firewall manually. This is to prevent loss of configuration when OfficeScan auto-deletes inactive endpoints after seven days. If endpoints that still exist in OfficeScan are deleted, they will re-appear on the next synchronization. Synchronization may run when you click the "Manage Program" button or it may run automatically every 24 hours. 7.2.6 Deployment or removal of Client Plug-In may not complete before timeout --------------------------------------------------------------------- When deploying or removing the Client Plug-In, the Intrusion Defense Firewall Server Plug-In waits up to three hours for a successful operation. Operations may not be able to complete before the time-out when: - The endpoint is off or not connected - The OfficeScan server has the endpoint in the Offline state and it remains in that state for more than three hours. - The operation completed but the result is not sent back to the server. 7.2.7 Upgrades may fail if the "Services" screen is open --------------------------------------------------------------------- During upgrades on some platforms, the Intrusion Defense Firewall service may not be installed properly if the "Services" screen is open. Trend Micro recommends closing the "Services" screen prior to installation or upgrade of Intrusion Defense Firewall. 7.2.8 Windows Firewall may interfere with port scans --------------------------------------------------------------------- If Windows Firewall is enabled on Intrusion Defense Firewall, it may interfere with port scans and cause false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720, causing these ports to always appear open regardless of any filters placed on the host. 7.2.9 The clock on a client endpoint must be synchronized with Intrusion Defense Firewall --------------------------------------------------------------------- The clock on a client endpoint must be synchronized with Intrusion Defense Firewall to within 24 hours. If the clock is behind the clock on the Server Plug-In, the activate operation will fail. 7.2.10 Caching successful DNS lookups forever may prevent Intrusion Defense Firewall from communicating with endpoints that use DHCP or whose IP address has changed --------------------------------------------------------------------- The Intrusion Defense Firewall Server Plug-In runs in a Java(TM) Virtual Machine (JVM), and the JVM places certain controls on network behavior. Java uses a cache to store both successful and unsuccessful DNS lookups. By default, successful lookups are cached forever as a guard against DNS spoofing attacks. However, this type of caching may prevent the Intrusion Defense Firewall from communicating with endpoints that use DHCP or whose IP address has changed. To prevent communication issues, Intrusion Defense Firewall overrides this setting to a 60-second cache, using the "networkaddress.cache.ttl=60" setting in the "java.security" file under the "Trend Micro\OfficeScan\AddOn\Intrusion Defense Firewall\jre\lib\security" folder. NOTE: In environments where DNS servers are at risk of DNS spoofing, users may opt to prevent Intrusion Defense Firewall from looking up IP addresses from a DNS server by configuring the DNS cache to an unlimited lifetime. To reconfigure this setting: a. Open the "java.security" file under the "Trend Micro \OfficeScan\AddOn\Intrusion Defense Firewall\jre\ lib\security" folder. b. Locate "networkaddress.cache.ttl" and set its value to "-1". c. Save the changes and close the file. d. Restart the Intrusion Defense Firewall service. After the DNS spoofing situation has been resolved, users should promptly reconfigure the setting to "networkaddress.cache.ttl=60" by following the procedure above. This can help prevent the communication issue between Intrusion Defense Firewall and endpoints that use DHCP or whose IP address has changed. Refer to the following site for more information on the Java network cache settings: http://java.sun.com/j2se/1.5.0/docs/guide/net/properties.html 7.2.11 Sample profiles may require modification before use --------------------------------------------------------------------- The sample profiles included with the product may require modification before use. Specifically, the profiles are designed to operate in a non-domain environment. To use the profiles in a Windows Domain environment, you should modify the profiles as follows to enable communication from the Domain Controller to the domain clients: 1. Edit the "Domain Controller(s)" IP list and replace the IP of 127.0.0.1 with the list of IPs that represent the Domain Controller(s) with which the client may communicate. 2. Add the following two packet filters to the profile: - TCP from Domain Controller - UDP from Domain Controller 7.2.12 Firewall Rules must be considered when writing custom Security Profiles --------------------------------------------------------------------- Firewall Rules to consider when writing custom Security Profiles: - If you rely on dynamic ARP, include an appropriate rule to allow ARP. - If the UDP stateful option is enabled, use a "Force Allow" rule when running UDP servers (e.g., DHCP). - If you do not have a DNS or WINS server configured for your endpoints, a "Force Allow, Incoming UDP Ports 137" rule may be required for NetBios. 7.2.13 If Intrusion Defense Firewall Backup and Restore are used to migrate endpoints from one OfficeScan server to another, the migrated endpoints must be updated within Intrusion Defense Firewall with the new OfficeScan server endpoint name --------------------------------------------------------------------- If the Intrusion Defense Firewall Backup and Restore processes (as described in the Intrusion Defense Firewall "Administrator's Guide" and on-line help) are being used to migrate endpoints from one OfficeScan server to another, the migrated endpoints must be updated within Intrusion Defense Firewall with the new OfficeScan server endpoint name. For all migrated endpoints, right-click, and select "Actions > Update Client Plug-In(s) Now". 7.2.14 Summary report system events graph may not properly display data if you select a one-hour time interval --------------------------------------------------------------------- When creating a summary report, if you select a one-hour time interval, the system events graph might not properly display the data. To resolve the issue, use a time interval of two hours or more. 7.2.15 A "java.lang.OutOfMemoryError" error may occur during the installation of the Server Plug-In --------------------------------------------------------------------- If you receive a "java.lang.OutOfMemoryError" error while installing the Server Plug-In, refer to the "Deployment Guide" for instructions on how to configure the maximum memory usage for the installer. 7.2.16 A "Recommendation" alert may occur on some endpoints even after all the recommended DPI Rules have been applied --------------------------------------------------------------------- A "Recommendation" alert may occur on some endpoints even after all recommended DPI Rules have been applied. This may occur because there are Application Types that are recommended for a endpoint, but all DPI Rules within a particular Application Type are not recommended. To resolve the issue, use the "Show All" view of the DPI Rules screen for the endpoint to ensure that all recommended Application Types are assigned, or simply dismiss the alert after verifying that you have assigned all recommended rules for the endpoint. 7.2.17 An "Update Failed" error may occur When performing an Activate/Reactivate on an already activated Client Plug-In --------------------------------------------------------------------- When performing an Activate/Reactivate on an already activated Client Plug-In, you may get an "Update Failed" error. If you see this error, the activate/reactivate has succeeded; however, the update may not have. To resolve this, perform a clear error/warnings on the affected host and then right-click and select "Update Now". This will force the update to take effect. 7.2.18 In an IPv6 and IPv4 mixed environment, Intrusion Defense Firewall client deployment may remain in the "deploying client" stage for a long time --------------------------------------------------------------------- In an IPv6 and IPv4 mixed environment, Intrusion Defense Firewall client deployment may remain in the "deploying client" stage for a long time because the OfficeScan server is using IPv6 and Intrusion Defense Firewall does not support IPv6 in this release. To work around this issue: 1. In the OfficeScan 10.6 web console go to "Networked Computers > Global Client Settings". 2. In the "Preferred IP Address" section, select the "IPv4 first, then IPv6" option under the "Clients with IPv4 and IPv6 addresses register to server using" settings. 3. Open the "dsm.properties" file in the "C:\Program Files\ Trend Micro\OfficeScan\Addon\Intrusion Defense Firewall\ webclient\webapps\ROOT\WEB-INF\" folder and add the following line: hssHostnameIPDisplaynameClientname=true 4. Restart the Intrusion Defense Firewall services. 7.2.19 The Intrusion Defense Firewall Widget may disappear after users upgrade the Intrusion Defense Firewall Server --------------------------------------------------------------------- When this happens, manually add the widget back from the OfficeScan web console. 7.3. Known Issues for the Intrusion Defense Firewall Client Plug-In: ===================================================================== The following are known issues/limitations for the Intrusion Defense Firewall Client Plug-In: 7.3.1 Running more than one firewall on a single host can lead to unpredictable behavior. --------------------------------------------------------------------- Intrusion Defense Firewall may behave abnormally if you run more than one firewall on a single host. Before enabling Intrusion Defense Firewall, any firewalls already running on a host should be disabled/turned off. NOTE: Running both OfficeScan firewall and Intrusion Defense Firewall, regardless of whether Intrusion Defense Firewall is active, may lead to unpredictable behavior on some Windows XP/2003 systems. (Refer to the "Deployment Guide" for more information.) 7.3.2 Stateful Inspection (with TCP and UDP logging enabled) must be enabled for the Traffic Analysis feature --------------------------------------------------------------------- Stateful Inspection (with TCP and UDP logging enabled) must be enabled for the Traffic Analysis feature to function correctly. 7.3.3 Upgrade of the Intrusion Defense Firewall driver may not have completed but the Intrusion Defense Firewall server shows "Managed" --------------------------------------------------------------------- During an upgrade, the upgrade of the Intrusion Defense Firewall driver may not have completed but the Intrusion Defense Firewall server shows "Managed". The Intrusion Defense Firewall driver install/upgrade may need you to restart the Intrusion Defense Firewall services but in rare cases it does not show the "Reboot Required" warning message. The Intrusion Defense Firewall client will continue to use the previous driver until the Intrusion Defense Firewall has restarted. 7.3.4 Intrusion Defense Firewall client deployment or upgrade may succeed but the Intrusion Defense Firewall server console displays an "Update Failed" status for the endpoint --------------------------------------------------------------------- In rare cases, an Intrusion Defense Firewall client deployment or upgrade will succeed but the Intrusion Defense Firewall server console displays an "Update Failed" status for the endpoint. This may be due to the driver being successfully installed without bindings to network adapters on the host. To resolve this issue locally, manually enable the bindings by selecting the checkboxes associated with "Third Brigade DSA Filter Driver" for a network adapter in "Local Area Connection > Properties" or remotely uninstall and re-deploy the client. The Uninstallation should remove the driver entirely, and the fresh install should reinstate the bindings. 7.3.5 If connectivity is lost during upgrade, the client endpoint may need to be restarted --------------------------------------------------------------------- When upgrading the Client Plug-In, if network connectivity becomes lost for an extended period of time, it may be necessary to restart the Client Plug-In's host machine. 7.3.6 NDIS drivers may stop responding during installation or uninstallation if they do not properly free packets when requested to unbind --------------------------------------------------------------------- It is possible that NDIS drivers will stop responding during installation or uninstallation if they do not properly free packets when requested to unbind. The Intrusion Defense Firewall Client Plug-In with accompanying NDIS 5.1 or NDIS 6.0 driver is set to free all packets correctly before upgrades or uninstallation; however, when installing or uninstalling NDIS drivers, Microsoft requires that all NDIS drivers be unbound and then rebound. This means that if other third-party NDIS drivers do not properly free packets, it is still possible for the Intrusion Defense Firewall Client Plug-In install, upgrade, or uninstall processes to stop responding. This is beyond Trend Micro's control and will only happen in very limited situations. If this does occur, restarting your endpoint will likely resolve the issue so that you can attempt to install, uninstall, or upgrade afterwards. 7.3.7 Firewall and DPI Events may display numbers instead of object names --------------------------------------------------------------------- Under certain circumstances, the Firewall and DPI Events on the Intrusion Defense Firewall Client Plug-In or Server Plug-In display numbers for a DPI Rule, traffic stream, and Firewall Rule instead of the object's name. This occurs when the event viewer does not have access to the objects referred to by the event log entry in the following instances: - The rule has been unassigned from the host - The Client Plug-In has been locally deactivated, which causes the Client Plug-In to clear all previous security settings, in addition to returning the Client Plug-In to a pre-activation state - A new set of rules has been assigned to the Client Plug-In, but the "Refresh" button has not been clicked on the Client Plug-In "Configuration" tab. 7.3.8 Firewall Status Registration issue in Security Center --------------------------------------------------------------------- If the Intrusion Defense Firewall status entry in the Windows Security Center is removed accidentally, restart the Intrusion Defense Firewall client service to restore the entry in the Windows Security Center. However, if the Windows Security Center service is not running, which usually happens when the endpoint restarts, the registration may not work. When this happens, restart the Intrusion Defense Firewall client service again once the Windows Security Center service is running properly. 7.3.9 Unsuccessful Client Installation caused by Expired Certificate --------------------------------------------------------------------- Patch installation may be unsuccessful because of an expired certificate on certain Intrusion Defense Firewall clients. If you encounter this issue, manually delete the old certificate (ds_agent.crt) from the client's installation directory and re-install this patch. 7.3.10 Unsuccessful Client Installation caused by Deactivated Client --------------------------------------------------------------------- Patch installation may be unsuccessful if an Intrusion Defense Firewall client is deactivated and the Intrusion Defense Firewall Client service is not running. If you encounter this issue, remove the Client Plug-In and then install Client Plug-In again. For more information about the uninstallation process, see "Intrusion Defense Firewall Deployment Guide". 7.3.11 Unsuccessful client upgrade if Intrusion Defense Firewall client was installed by the 1.5.2366 standalone Client Plug-In installer --------------------------------------------------------------------- If you have installed Intrusion Defense Firewall Client 1.5.2366 using the standalone MSI, the deployment may be unsuccessful because of an MSI issue. To work around this, place the Intrusion Defense Firewall Client 1.5.2366 standalone installer package in the following folder and then Deploy Intrusion Defense Firewall Client Plug-In again: "\Temp\AoS\" 7.3.12 Possibly unsuccessful upgrade of Intrusion Defense Firewall client 1.5.2366 when using the standalone Client Plug-In Installer of this patch --------------------------------------------------------------------- Upgrading the Intrusion Defense Firewall client 1.5.2366 using the standalone Client Plug-In Installer of this patch may be unsuccessful because of a Windows installer limitation. If you encounter this issue, consider upgrading the Intrusion Defense Firewall Client Plug-In by deploying from the Intrusion Defense Firewall web console or uninstalling and reinstalling the Intrusion Defense Firewall Client Plug-In. 8. Release History ======================================================================== - Intrusion Defense Firewall 1.5.2373, February, 2013 - Intrusion Defense Firewall 1.5.2331, April, 2013 - Intrusion Defense Firewall 1.5.1229, June, 2012 - Intrusion Defense Firewall 1.5.1206, August, 2011 9. Files Included in this Release ======================================================================== This Patch is released in an Active Update package. Users can download this Intrusion Defense Firewall 1.5 Service Pack 1 Patch 3 package from the OfficeScan Activate Update Server. The package includes the following files: IdfClientAgent.zip IdfClientPlugin.zip IdfClientPlugin_i386.zip IdfClientPlugin_x86_64.zip IdfPatchAgent.zip IdfServerPlugin.zip 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro by fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, OfficeScan, and Intrusion Defense Firewall are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide 13. Third-party licensing ======================================================================== 13.1 Intrusion Defense Firewall Server Plug-In ===================================================================== Intrusion Detection Firewall makes use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [INSTALL DIRECTORY]\webclient\webapps\ROOT\WEB-INF\lib\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. For more information on the 3rd party binary distributions and access to source code see the following locations: Apache Commons: http://commons.apache.org Axis: http://ws.apache.org/axis/ BeanShell: http://www.beanshell.org/ Bouncy Castle: http://www.bouncycastle.org/ CSVWriter: http://www.osjava.org/genjava/license.html Derby: http://db.apache.org/derby/ iText: http://www.lowagie.com/iText/index.html Jasper: http://jasperforge.org/plugins/project/ project_home.php?group_id=102 Java: http://www.sun.com/java/ JavaMail API: http://java.sun.com/products/javamail/ JAX-RPC: https://jax-rpc.dev.java.net/ JCommon: http://www.jfree.org/jcommon/ JFreeChart: http://www.jfree.org/jcommon/ JExcel API: http://jexcelapi.sourceforge.net/ JTDS: http://jtds.sourceforge.net/ JUnit: http://www.junit.org/ MD5Crypt: http://www.mackman.net/code/MD5Crypt.java Oracle JDBC: http://www.oracle.com/technology/tech/java/ sqlj_jdbc/index.html SAAJ: https://saaj.dev.java.net/ SNMP4J: http://www.snmp4j.org/ Tomcat: http://tomcat.apache.org/ VMware: http://www.vmware.com/ WSDL4J: http://sourceforge.net/projects/wsdl4j Xalan: http://xml.apache.org/xalan-j/ Xerces: http://xerces.apache.org/xerces2-j/ XML Commons: http://xml.apache.org/commons/ 13.2 Intrusion Defense Firewall Client Plug-In ===================================================================== This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Intrusion Defense Firewall Client Plug-In also employs the use of the following software. Third-party binary distributions: Expat (http://expat.sourceforge.net/) fksec (http://win32.mvps.org/) IP Filter (http://coombs.anu.edu.au/~avalon/) SQLite (http://www.sqlite.org/) WxWidgets (http://www.wxwidgets.org/) zlib (http://www.zlib.net/) Third-party source: GMTime (http://www.jbox.dk/sanos/source/lib/time.c.html) Tree (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/sys/tree.h) The third-party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Public domain source code licenses are available here: SQLite - http://www.sqlite.org/copyright.html fksec - http://win32.mvps.org/license.html Where third-party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2015 Trend Micro Inc. All rights reserved.