Trend Micro, Inc.

September 2014

Trend Micro™ Deep Discovery Advisor

Version 3.0 Service Pack 1, Hot Fix Build 3090

NOTICE: This hot fix was developed as a workaround or solution to a customer-reported problem. As such, this hot fix has received limited testing and has not been certified as an official product update. Consequently, THIS HOT FIX IS PROVIDED "AS IS". TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.

Contents


  1. Hot Fix Release Information

    1.1. Issues

    1.2. Enhancements

    1.3. Files Included in this Release

  2. Documentation Set

  3. System Requirements

  4. Installation/Uninstallation

    4.1. Deploying this Hot Fix

  5. Post-installation Configuration

  6. Known Issues

  7. Release History

  8. Contact Information

  9. About Trend Micro

  10. License Agreement


1. Hot Fix Release Information


1.1 Issues

This hot fix resolves the following issues:

Issue 1: If Virtual Analyzer receives a large number of samples of unsupported file types, it may apply the final results before updating the status of the samples. When this happens, the samples remain in the Queued tab because Virtual Analyzer can no longer change the status of the samples.

Solution 1: This hot fix ensures that Virtual Analyzer always updates the status of samples before applying the final results so the samples move to the Processing tab.

Issue 2: Sometimes, the web service does not shut down properly when the Management Server shuts down while Sandbox Controller uploads XML files. As a result, the Internet service analysis may return inconsistent results.

Solution 2: This hot fix resolves this issue by preventing the web service from accepting Internet service analysis results while the Management Server is shutting down.

Issue 3: When Deep Discovery Inspector logs do not contain any "CCCA_RiskLevel" and "CCCA_DetectionSource" CCCA related field information, the web console displays "Unknown" and "User Defined" on these fields, respectively. Under this scenario, no logs are filtered out when users filter logs by setting "Risk Level" to "Unknown" or "C&C List source" to "User Defined".

Solution 3: This hot fix modifies the query statement so that Deep Discovery Advisor can properly filter out logs under the scenario described above.

Issue 4: Deep Discovery Advisor uses a version of OpenSSL that is affected by the Change Cipher Spec (CCS) injection vulnerability (CVE-2014-0224).

Solution 4: This hot fix upgrades the OpenSSL package to help stop this vulnerability.

Issue 5: Deep Discovery Advisor truncates malware names that are longer than 16 characters in generated reports.

Solution 5: This hot fix ensures that Deep Discovery Advisor displays the full malware names in generated reports.

Issue 6: Deep Discovery Advisor uses a version of BASH that is affected by the Bash 'Shellshock' vulnerabilities (CVE-2014-6271 and CVE-2014-7169).

Solution 6: This hot fix upgrades the BASH package to help stop these vulnerabilities.


1.2 Enhancements

There are no enhancements for this hot fix.


1.3 Files Included in this Release

File Name
Build Number
app-DTAS.jar N/A
bash-4.1.2-15.el6_5.2.x86_64.rpm N/A
appliance-manifest.xml N/A
fn_SyncCompleteTask.sql N/A
fn_SyncQueuedTask.sql N/A
openssl-1.0.1e-16.el6_5.14.x86_64.rpm N/A
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm N/A
postgresql.conf N/A
report_parser.class.php N/A
TrueFileExtract N/A
u-sandbox_3.51.1095_centos_6_2_dda.tgz N/A
version.txt N/A
virtual_analyzer.tpl N/A
WbfsService.php N/A
webconf.ini N/A

Back to top



2. Documentation Set


In addition to this readme file, the documentation set for this product includes the following:

View and download product documentation at:

http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx

Back to top



3. System Requirements


Install this hot fix only on Deep Discovery Advisor 3.0 Service Pack 1.

Back to top



4. Installation/Uninstallation


4.1. Deploying this Hot Fix

  1. If the Deep Discovery Advisor device is a slave device, switch it to a master device.

  2. Log off from the management console.

  3. On the logon page of the management console, select Extended and then log on using a valid user name and password.

    login.gif

  4. On the management console, go to Administration > Updates and click the Product Updates tab.

    hotfix_page.gif

  5. Click Browse... and select the hot fix file.

    3.0sp1_version.png

  6. Click Apply.

    If the update is successful, the following message displays:

    3.0sp1_hotfix_success.png

  7. If you have switched the Deep Discovery Advisor device to a master device in Step 1, switch the device back to a slave device.



5. Post-installation Configuration


No post-installation steps are required.

Back to top



6. Known Issues


There are no known issues for this hot fix release.

Back to top



7. Release History


See the following web site for more information about updates to this product:

http://docs.trendmicro.com/

Back to top



8. Contact Information


A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our web site.

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

Back to top



9. About Trend Micro


Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection Network are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top



10. License Agreement


Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

Back to top