Trend Micro, Inc.
September 2014
Trend Micro™ Deep Discovery Advisor
Version 3.0 Service Pack 1, Hot Fix Build 3090
NOTICE: This hot fix was developed as a workaround or solution to a customer-reported problem. As such, this hot fix has received limited testing and has not been certified as an official product update. Consequently, THIS HOT FIX IS PROVIDED "AS IS". TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
1.1. Issues
1.2. Enhancements
This hot fix resolves the following issues:
Issue 1: If Virtual Analyzer receives a large number of samples of unsupported file types, it may apply the final results before updating the status of the samples. When this happens, the samples remain in the Queued tab because Virtual Analyzer can no longer change the status of the samples.
Solution 1: This hot fix ensures that Virtual Analyzer always updates the status of samples before applying the final results so the samples move to the Processing tab.
Issue 2: Sometimes, the web service does not shut down properly when the Management Server shuts down while Sandbox Controller uploads XML files. As a result, the Internet service analysis may return inconsistent results.
Solution 2: This hot fix resolves this issue by preventing the web service from accepting Internet service analysis results while the Management Server is shutting down.
Issue 3: When Deep Discovery Inspector logs do not contain any "CCCA_RiskLevel" and "CCCA_DetectionSource" CCCA related field information, the web console displays "Unknown" and "User Defined" on these fields, respectively. Under this scenario, no logs are filtered out when users filter logs by setting "Risk Level" to "Unknown" or "C&C List source" to "User Defined".
Solution 3: This hot fix modifies the query statement so that Deep Discovery Advisor can properly filter out logs under the scenario described above.
Issue 4: Deep Discovery Advisor uses a version of OpenSSL that is affected by the Change Cipher Spec (CCS) injection vulnerability (CVE-2014-0224).
Solution 4: This hot fix upgrades the OpenSSL package to help stop this vulnerability.
Issue 5: Deep Discovery Advisor truncates malware names that are longer than 16 characters in generated reports.
Solution 5: This hot fix ensures that Deep Discovery Advisor displays the full malware names in generated reports.
Issue 6: Deep Discovery Advisor uses a version of BASH that is affected by the Bash 'Shellshock' vulnerabilities (CVE-2014-6271 and CVE-2014-7169).
Solution 6: This hot fix upgrades the BASH package to help stop these vulnerabilities.
There are no enhancements for this hot fix.
File Name
|
Build Number
|
app-DTAS.jar | N/A |
bash-4.1.2-15.el6_5.2.x86_64.rpm | N/A |
appliance-manifest.xml | N/A |
fn_SyncCompleteTask.sql | N/A |
fn_SyncQueuedTask.sql | N/A |
openssl-1.0.1e-16.el6_5.14.x86_64.rpm | N/A |
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm | N/A |
postgresql.conf | N/A |
report_parser.class.php | N/A |
TrueFileExtract | N/A |
u-sandbox_3.51.1095_centos_6_2_dda.tgz | N/A |
version.txt | N/A |
virtual_analyzer.tpl | N/A |
WbfsService.php | N/A |
webconf.ini | N/A |
In addition to this readme file, the documentation set for this product includes the following:
View and download product documentation at:
http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx
Install this hot fix only on Deep Discovery Advisor 3.0 Service Pack 1.
If the Deep Discovery Advisor device is a slave device, switch it to a master device.
Log off from the management console.
On the logon page of the management console, select Extended and then log on using a valid user name and password.
On the management console, go to Administration > Updates and click the Product Updates tab.
Click Browse... and select the hot fix file.
Click Apply.
If the update is successful, the following message displays:
If you have switched the Deep Discovery Advisor device to a master device in Step 1, switch the device back to a slave device.
No post-installation steps are required.
There are no known issues for this hot fix release.
See the following web site for more information about updates to this product:
A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.
Evaluation copies of Trend Micro products can be downloaded from our web site.
For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.
The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.
Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection Network are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.