Trend Micro, Inc.
September 2014
Trend Micro™ Deep
Discovery Advisor
Version 3.0
Service Pack 1, Hot
Fix Build 3090
NOTICE: This hot fix was developed as a
workaround or solution to a customer-reported problem. As such, this
hot fix has received limited testing and has not been certified as an
official product update. Consequently, THIS HOT FIX IS PROVIDED "AS
IS". TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR
PERFORMANCE OF THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS
ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO
DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT
LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT
AND FITNESS FOR A PARTICULAR PURPOSE.
Contents
- Hot Fix Release Information
1.1. Issues
1.2. Enhancements
1.3. Files
Included in this Release
- Documentation Set
- System Requirements
- Installation/Uninstallation
4.1. Deploying
this Hot Fix
- Post-installation Configuration
- Known Issues
- Release History
- Contact Information
- About Trend Micro
- License Agreement
1.
Hot Fix Release Information
1.1
Issues
This hot fix resolves the following
issues:
Issue 1: If Virtual Analyzer receives a large number of samples of unsupported file types, it may apply the final results before updating the status of the samples. When this happens, the samples remain in the Queued tab because Virtual Analyzer can no longer change the status of the samples.
Solution 1: This hot fix ensures that Virtual Analyzer always updates the status of samples before applying the final results so the samples move to the Processing tab.
Issue 2: Sometimes, the web service does not shut down properly when the Management Server shuts down while Sandbox Controller uploads XML files. As a result, the Internet service analysis may return inconsistent results.
Solution 2: This hot fix resolves this issue by preventing the web service from accepting Internet service analysis results while the Management Server is shutting down.
Issue 3: When Deep Discovery Inspector logs do not contain any "CCCA_RiskLevel" and "CCCA_DetectionSource" CCCA related field information, the web console displays "Unknown" and "User Defined" on these fields, respectively. Under this scenario, no logs are filtered out when users filter logs by setting "Risk Level" to "Unknown" or "C&C List source" to "User Defined".
Solution 3: This hot fix modifies the query statement so that Deep Discovery Advisor can properly filter out logs under the scenario described above.
Issue 4: Deep Discovery Advisor uses a version of OpenSSL that is affected by the Change Cipher Spec (CCS) injection vulnerability (CVE-2014-0224).
Solution 4: This hot fix upgrades the OpenSSL package to help stop this vulnerability.
Issue 5: Deep Discovery Advisor truncates malware names that are longer than 16 characters in generated reports.
Solution 5: This hot fix ensures that Deep Discovery Advisor displays the full malware names in generated reports.
Issue 6: Deep Discovery Advisor uses a version of BASH that is affected by the Bash 'Shellshock' vulnerabilities (CVE-2014-6271 and CVE-2014-7169).
Solution 6: This hot fix upgrades the BASH package to help stop these vulnerabilities.
1.2 Enhancements
There are no enhancements for this hot fix.
1.3 Files Included in this Release
|
File Name
|
Build Number
|
| app-DTAS.jar |
N/A |
| bash-4.1.2-15.el6_5.2.x86_64.rpm |
N/A |
| appliance-manifest.xml |
N/A |
| fn_SyncCompleteTask.sql |
N/A |
| fn_SyncQueuedTask.sql |
N/A |
| openssl-1.0.1e-16.el6_5.14.x86_64.rpm |
N/A |
| openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm |
N/A |
| postgresql.conf |
N/A |
| report_parser.class.php |
N/A |
| TrueFileExtract |
N/A |
| u-sandbox_3.51.1095_centos_6_2_dda.tgz |
N/A |
| version.txt |
N/A |
| virtual_analyzer.tpl |
N/A |
| WbfsService.php |
N/A |
| webconf.ini |
N/A |
Back to top
2.
Documentation Set
In addition to this readme file, the
documentation set for this product includes the following:
- Administrator's Guide: A PDF
document that discusses getting started information and helps
administrators plan for deployment and configure all product settings
- Quick Start Guide: Provides an
overview of the Deep Discovery Advisor device and a list of
requirements to deploy the device successfully
- Help: HTML files that provide "how
to's", usage advice, and field-specific information
- Readme file: Contains a list of
known issues. It may also contain late-breaking product information not
found in the other documents.
View and download product documentation at:
http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx
Back to top
3. System
Requirements
Install this hot fix only on Deep
Discovery Advisor 3.0 Service Pack 1.
Back to top
4.
Installation/Uninstallation
4.1.
Deploying this Hot Fix
-
If the Deep Discovery Advisor device is a slave device,
switch it to a master device.
-
Log off from the management console.
-
On the logon page of the management console, select Extended
and then log on using a valid user name and password.
-
On the management console, go to Administration
> Updates and click the Product
Updates tab.
-
Click Browse...
and select the hot fix file.
-
Click Apply.
If the update is successful, the
following message displays:
-
If you have switched the Deep Discovery Advisor device to
a master device in Step 1, switch the device back to a slave device.
5. Post-installation
Configuration
No post-installation steps are required.
Back to top
6. Known Issues
There are no known issues for this hot
fix
release.
Back to top
7. Release History
See the following web site for more
information about updates to this product:
http://docs.trendmicro.com/
Back to top
8. Contact
Information
A license to the Trend Micro software
usually includes the right to product updates, pattern file updates,
and basic technical support for one (1) year from the date of purchase
only. After the first year, Maintenance must be renewed on an annual
basis at Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax,
phone, and email, or visit us at http://www.trendmicro.com.
Evaluation copies of Trend Micro products
can be downloaded from our web site.
Global Mailing Address/Telephone numbers
For global contact information in the
Asia/Pacific region, Australia and New Zealand, Europe, Latin America,
and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.
The Trend Micro "About Us" screen
displays. Click the appropriate link in the "Contact Us" section of the
screen.
Note: This information is subject to
change without notice.
Back to top
9. About Trend Micro
Trend Micro Incorporated, a global leader
in Internet content security and threat management, aims to create a
world safe for the exchange of digital information for businesses and
consumers. A pioneer in server-based antivirus with over 20 years
experience, we deliver top-ranked security that fits our customers'
needs, stops new threats faster, and protects data in physical,
virtualized and cloud environments. Powered by the Trend Micro Smart
Protection Network™ infrastructure, our industry-leading
cloud-computing security technology and products stop threats where
they emerge, on the Internet, and are supported by 1,000+ threat
intelligence experts around the globe. For additional information,
visit http://www.trendmicro.com.
Copyright 2014, Trend Micro Incorporated.
All rights reserved. Trend Micro, the Trend Micro t-ball
logo, and Smart Protection Network are
trademarks or registered trademarks of Trend Micro, Incorporated. All
other product or company names may be trademarks or registered
trademarks of their owners.
Back to top
10. License
Agreement
Information about your license agreement
with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.
Back to top