Trend Micro, Inc.

December 2013

Trend Micro™ Deep Discovery Advisor

Version 3.0 SP1

This readme file is current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates at http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx.

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation, or online at http://olr.trendmicro.com.

Trend Micro always seeks to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro document, please contact us at docs@trendmicro.com.

Please evaluate this documentation on the following site: www.trendmicro.com/download/documentation/rating.asp.

 

Contents


  1. About Deep Discovery Advisor
  2. What's New
  3. Document Set
  4. System Requirements
  5. Installation
  6. Post-installation Configuration
  7. Known Issues
  8. Release History
  9. Contact Information
  10. About Trend Micro
  11. License Agreement


1. About Deep Discovery Advisor


Trend Micro™ Deep Discovery Advisor is designed to be the next generation in Trend Micro's security visibility and central management products. Deep Discovery Advisor is designed to:

Deep Discovery Advisor provides unique security visibility based on Trend Micro's proprietary threat analysis and recommendation engines.

Back to top



2. What's New


Deep Discovery Advisor includes the following new features and enhancements:


What's New in Deep Discovery Advisor 3.0 Service Pack 1


Resolved Issues in Deep Discovery Advisor 3.0 Service Pack 1


What's New in Deep Discovery Advisor 3.0

For detailed information and instructions on these new features and enhancements, visit the following web page:

http://docs.trendmicro.com/all/ent/dda/v3.0/en-us/dda_3.0_sp1_olh/new_release.html

For more information about how other Trend Micro products integrate with Deep Discovery Advisor, visit the following web page:

http://docs.trendmicro.com/all/ent/dda/v3.0/en-us/dda_3.0_sp1_olh/tm_product_integrate.html

Back to top



3. Document Set


The documentation set for Deep Discovery Advisor includes the following:

View and download product documentation at:

http://docs.trendmicro.com/en-us/enterprise/deep-discovery-advisor.aspx

Back to top



4. System Requirements


Deep Discovery Advisor is installed on a Dell™ PowerEdge™ R720 device with VMware ESXi server 5.x as hypervisor. The device provides better performance and reduces overall deployment costs.

Notes:

Specifications and Requirements


Size of the Deployment Package

Note: A user must install the critical patch before installing Service Pack 1, so a total size has been provided.

Back to top



5. Installation


Installing Deep Discovery Advisor

See the Quick Start Guide and Administrator's Guide for Deep Discovery Advisor 3.0 installation and deployment instructions.

Note: Fresh deployments of Deep Discovery Advisor 3.0 come with Service Pack 1 pre-configured into the OVA file used during deployment. If performing a fresh deployment, do not perform the steps found in Upgrading to Deep Discovery Advisor 3.0 Service Pack 1.

Back to top


Upgrading to Deep Discovery Advisor 3.0 Service Pack 1

Perform the following tasks if you have already installed Deep Discovery Advisor 3.0 and you want to upgrade it to Deep Discovery Advisor 3.0 Service Pack 1.

Note: If the Deep Discovery Advisor device is a slave device, assign it as a master device.

  1. Download the following two files from the Trend Micro download center:

    • dda_30_esxi_en_criticalpatch_pre-sp1-b3068.zip

    • dda_30_esxi_en_sp1_b3073.zip

  2. On the logon page of the management console, select Extended and then log on using a valid user name and password.

    login.gif


  3. On the same browser window, open a new tab and type the following URL:

    https://{IP address of the management console}/pages/tmPopup.php?template=hotfixUpload

    For example:

    https://10.1.1.1/pages/tmPopup.php?template=hotfixUpload

    A screen similar to the one below appears.


  4. Click Browse and then locate the file named "dda_30_esxi_en_criticalpatch_pre-sp1-b3068.zip".


  5. Click Upload File. The deployment starts.

    Important: Do not close or refresh the browser, open another page, perform tasks on the management console, or shut down the computer until updating is complete. The Product Updates tab must remain open during update deployment.


  6. Click Show me the hotfix result to monitor the status of deployment.

    Note: If the following error displays, re-deploy the patch.

    error.gif

    When the deployment has completed successfully, the following status displays:

    The Product Update Manager installation is complete.


  7. Refresh the Deep Discovery Advisor management console.

  8. On the management console, go to Administration > Updates and click the Product Updates tab.


  9. Click Browse... and select the file named "dda_30_esxi_en_sp1_b3073.zip".


  10. Click Apply.

    Note: Because of the size difference between these two files, applying this file (dda_30_esxi_en_sp1_b3073.zip) will take longer than the previous file.

    If the update is successful, the following message displays:

  11. Restart the Management Server.

    The Management Server can be restarted from the vSphere client, as shown in the image below.

    restart.gif

    Note: If the device was a slave device and has been assigned as a master device for the sake of this update, switch the device back to a slave device.


Back to top



6. Post-installation Configuration


Visit the following web page:

http://docs.trendmicro.com/all/ent/dda/v3.0/en-us/dda_3.0_sp1_olh/intro_tasks.html

Back to top



7. Known Issues


  1. A sandbox image cannot be selected during deployment if the image name:

  2. If a sandbox image is renamed from the VMware ESXi server datastore, the new name will not be reflected in the preconfiguration console.

    To avoid encountering this issue, export the renamed image to an OVA file and then import the OVA file to the VMware ESXi server. See the Administrator's Guide for the procedure.


  3. If a sandbox image created from a VMware ESXi server version (such as 5.1) is exported to an OVA file and then imported into a device with another VMware ESXi server version (such as 5.0 Update 1), warning messages display during the import process.
  4. ovfwarning.gif

    The image will still be imported successfully. To avoid seeing the warning messages, be sure that the VMware ESXi versions are the same.


  5. On the C&C Callback Events screen, a keyword search will only show items that start with the keyword. For example, if the keyword is "test", only items that start with "test", such as "test_new", will display. Items such as "new_test" or "3test" will not display.

  6. In the Event Investigation section:
    1. When users mouseover or click an object, the context menu sometimes does not display.
    2. If this issue occurs, refresh the screen or click the fit content button.

      context.gif

    3. When Focus scope is selected in the context menu, a message indicating that no data was found displays sometimes.

  7. The following functions do not work properly when using Internet Explorer 8:

    Use Internet Explorer 9 or Firefox for best functionality when using Deep Discovery Advisor.


  8. If the Management Server hostname includes an underscore (_), Investigation items will fail.
  9. To resolve this issue, change the Management Server hostname in these three places:

    After changing the hostname, go to Power > Restart Guest.


  10. The VMware vSphere client cannot import or export OVA or OVF files through Management Server port forwarding. Instead, directly connect to the VMware ESXi server through the service port on the back of the Deep Discovery Advisor device. For details, see Method 3: Creating and Deploying an OVA or OVF File.

  11. Since the VMware ESXi management network is not assigned an IP address, functions such as NFS and iSCSI are not accessible by default. To use these VMware ESXi features assign an additional IP address to the service port in the management network specifically to connect to these services.
  12. This would increase the total IP addresses required to two, one for the Management Server and one for the VMware ESXi network, plus one optional IP address for the NAT.

Back to top



8. Release History


Deep Discovery Advsior 3.0: July 21, 2013

Deep Discovery Advsior 2.95: January 20, 2013

Back to top



9. Contact Information


A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at http://www.trendmicro.com.

Evaluation copies of Trend Micro products can be downloaded from our website.

Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to http://www.trendmicro.com/en/about/overview.htm.

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

Back to top



10. About Trend Micro


Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit http://www.trendmicro.com.

Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, InterScan, and ScanMail are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top



11. License Agreement


Information about your license agreement with Trend Micro can be viewed at http://us.trendmicro.com/us/about/company/user_license_agreements/.

Third-party License Attributions can be viewed by selecting the "Licensing" option in the management console user interface.

Back to top