>>>
Trend Micro Incorporated July 31st, 2017
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trend Micro(TM) Deep Discovery Email Inspector 2.5 - Service Pack 1
English - Linux - 64 Bits
Critical Patch Build 1197
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contents
==============================================================================
1. Critical Patch Release Information
1.1 Resolved Known Issues
1.2 Enhancements
2. Documentation Set
3. System Requirements
4. Installation
4.1 Installing
4.2 Uninstalling
5. Post-installation Configuration
6. Known Issues
7. Release History
7.1 Prior Hotfixes
8. Contact Information
9. About Trend Micro
10. License Agreement
==============================================================================
1. Critical Patch Release Information
==============================================================================
1.1 Resolved Known Issues
============================================================================
This Critical Patch resolves the following issue(s):
Issue 1: Some pages of the Deep Discovery Email Inspector web console are
affected by Cross-Site Scripting (XSS) vulnerabilities.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This critical patch resolves the XSS vulnerabilities.
Issue 2: The wvWare third-party tool Deep Discovery Email Inspector uses
to analyze old versions of Microsoft(TM) Office(TM) files
contains a potential vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This critical patch removes the wvWare tool and upgrades the
Apache POI - the Java API for Microsoft Documents tool to
support old versions of Office files.
Issue 3: After updating or rolling back the SAL pattern from the
ActiveUpdate (AU) server, Deep Discovery Email Inspector does
not reload the new pattern or restart the corresponding process.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This critical patch ensures that Deep Discovery Email Inspector
reloads the SAL pattern immediately after the pattern has
finished updating or rolling back.
1.2 Enhancements
============================================================================
The following enhancements are included in this Critical Patch:
Enhancement: This critical patch enables Deep Discovery Email Inspector to
automatically send URLs under category 97 (Low Confidence or
Low Prevalence URL) and category 56 (Sharing Service) to
Virtual Analyzer for further analysis.
2. Documentation Set
==============================================================================
To download or view electronic versions of the documentation set for this
product, go to http://docs.trendmicro.com
- Online Help: The Online Help contains an overview of features and key
concepts, and information on configuring and maintaining the product.
To access the Online Help, go to http://docs.trendmicro.com
- Installation Guide (IG): The Installation Guide contains information on
requirements and procedures for installing and deploying the product.
- Administrator's Guide (AG): The Administrator's Guide contains an overview
of features and key concepts, and information on configuring and
maintaining the product.
- Getting Started Guide (GSG): The Getting Started Guide contains product
overview, installation planning, installation and configuration
instructions, and basic information intended to get the product 'up and
running'.
- Support Portal: The Support Portal contains information on troubleshooting
and resolving known issues.
- To access the Support Portal, go to http://esupport.trendmicro.com
3. System Requirements
==============================================================================
1. Trend Micro Deep Discovery Email Inspector 2.5 Service Pack 1
Build 1118 - English - Linux - x64
4. Installation
==============================================================================
This section explains key steps for installing the Critical Patch.
4.1 Installing
============================================================================
To install:
1. Click "Administration > Product Updates > Hot Fixes /
Patches". The "Install Hot Fix / Patch" screen appears.
2. Click "Browse" and select the
"ddei_25_sp1_lx_en_criticalpatch_b1197.tgz.tar" hotfix file.
3. Click "Install".
4. Verify that the hotfix has been installed successfully.
a. Click "Administration > Product Updates > Hot Fixes /
Patches". In the "History" table, check if the "Build" is "1197" and
"Description" is "Hot Fix 1197".
b. Choose the "About" option under "Help".
c. Verify that the "Hot fix" number on the "About" page is
"1197".
5. Clean the web browser cache.
NOTES:
* The program version for the device will NOT change after
applying this hotfix.
* Deep Discovery Email Inspector 2.5 Service Pack 1 restarts
automatically after installing this hotfix.
4.2 Uninstalling
============================================================================
To roll back to the previous build:
1. Click "Administration > Product Updates > Hot Fixes /
Patches". The "Hot Fixes / Patches" screen appears.
2. Click "Roll Back".
3. Verify that the hotfix has been successfully uninstalled.
a. After Deep Discovery Email Inspector restarts, verify that the
hotfix number has been removed from the "About" screen on the
management console.
b. Click "Administration > Product Updates > Hot Fixes /
Patches". The "History" table should be empty.
NOTE: Deep Discovery Email Inspector will restart automatically
after hotfix uninstallation.
5. Post-installation Configuration
==============================================================================
No post-installation steps are required.
NOTE: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing the product.
6. Known Issues
==============================================================================
Known issues in this release:
#1 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118]
**Problem:** When only the "Connect to Smart Protection for Web
Reputation Services" option is enabled on the Administration > Scanning
/ Analysis > Other Settings > Smart Protection screen, Deep Discovery
Email Inspector does not perform connection tests for the following:
* Web Inspection Service
* Certified Safe Software Service
* Community File Reputation
**Solution:** On the Administration > Scanning / Analysis > Other
Settings > Smart Protection screen, either clear the "Connect to Smart
Protection for Web Reputation Services" checkbox or select both
"Connect to Smart Protection for Web Reputation Services" and "Connect
to global services using Smart Protection Server".
#2 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118]
**Problem:** If Web Reputation Service and Community File Reputation are
unreachable using IPv4 addresses in a dual-stack network, the
Administration > System Maintenance > Network Services Diagnostics
screen still displays the final resolved IPv4 addresses for these
services.
#3 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118]
**Problem:** When performing sandbox analysis using a Windows 10 image
that requires higher system resources, the performance of Deep Discovery
Email Inspector may be affected.
**Solution:** Trend Micro recommends evaluating the system load capacity
on Deep Discovery Email Inspector before using a Windows 10 sandbox
environment for analysis.
#4 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Deep Discovery Email Inspector cannot receive incoming
emails messages from other IPv6 subnets if the "Hosts in the same
address class" option is enabled on the Administration > Mail Settings >
Limits and Exceptions screen.
#5 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** After daylight savings time changes to standard time on
Deep Discovery Email Inspector, a duplicate time value appears on
widgets.
#6 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** While operating in SPAN/TAP mode, Deep Discovery Email
Inspector cannot capture VLAN traffic that is encapsulated by Cisco
Inter-Switch Link (ISL) protocol.
#7 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Deep Discovery Email Inspector is unable to import Virtual
Analyzer images from an FTP server in active mode. Deep Discovery Email
Inspector security does not allow this type of connection.
**Solution:** Trend Micro recommends using FTP servers in passive mode,
or importing the Virtual Analyzer images through another method.
#8 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Deep Discovery Email Inspector cannot read the subject of
email messages in non-standard formats.
**Solution:** Trend Micro recommends only routing standard-formatted
email messages. Most mail user agents cannot read email messages in
non-standard formats.
#9 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Time format in the following pages cannot be changed if
"Date and time format" in System Settings > Time page is changed.
1. "Last updated" time of each widget in "Dashboard > Add Widgets”
2. "Last update" time in widget preview screenshot
3. Time in email screenshot in "Detection" details.
**Solution: **
1. For "Last updated" time of each widget, it was a limitation of the
widget framework used in Deep Discovery Email Inspector to show time in
a corresponding format.
2. For "Last update" time in the widget preview screenshot, it is not
possible to be changed due to the fact that the preview screenshot is a
picture.
3. For the time shown in the email screenshot, it was created by the
third-party email client. It depends on locale to show proper time
format, not the user-defined time format.
#10 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Some risky URLs in an email may not be rewritten to be a
link redirected to blocking or warning page, even if the same URLs have
been rewritten, if there are more than 60 URLs in an email.
**Solution:** Deep Discovery Email Inspector will at most extract 60
URLs from an email for scanning by default. If some of the URLs were
scanned have a risk, they will be rewritten to a link that can redirect
to a blocking or warning page. If the number of URLs in the email
exceeds 60, some of URLs will not be rewritten due to the fact that
they were not extracted by Deep Discovery Email Inspector.
#11 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** In Deep Discovery Email Inspector 2.5, submission filters
was changed that allow the user to select the specific file type groups
to be analyzed. After upgrading from Deep Discovery Email Inspector 2.1,
the specific file type group, (which includes file types selected in
Version 2.1) will be automatically selected to be analyzed. Afterward,
the other file types which belong to the specific file type group will
be also selected for analyzing.
**Solution:** Re-configure "Submission Filters" in "Administration >
Scanning / Analysis > Virtual Analyzer > Settings" page to select the
necessary file type groups.
#12 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Deep Discovery Email Inspector cannot scan
password-protected Office PowerPoint 2003 files.
**Solution:** The encryption of Office PowerPoint 2003 files is
different from later versions, and this format cannot be decrypted.
#13 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** If the user enables "Connect to Smart Protection Server for
Web Reputation Services" in the "Administration > Scanning / Analysis >
Other Settings > Smart Protection" page, the internal Virtual Analyzer
will not run the URL block reason query, Census query or the Certified
Safe Software Service query. Additionally, it will not provide Smart
Feedback.
**Solution:** This is the configuration of the internal Virtual
Analyzer. The user can either disable “Connect to Smart Protection for
Web Reputation Services” in the "Administration > Scanning / Analysis
> Other Settings > Smart Protection" page or enable both “Connect to
Smart Protection Server for Web Reputation Services” and “Connect to
global services using Smart Protection Server” in the "Administration
> Scanning / Analysis > Other Settings > Smart Protection" page.
#14 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** When integrated with Deep Discovery Analyzer, the final
risk level of a malicious URL in Deep Discovery Email Inspector is
different with the risk level in Deep Discovery Analyzer.
**Solution: **Deep Discovery Analyzer can support several different
products with varying risk levels, so for Deep Discovery Email
Inspector, the risk level for malicious URLs returned by Virtual
Analyzer (no matter whether either internal Virtual Analyzer or Deep
Discovery Analyzer) will be downgraded one level.
#15 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** After upgrading from Deep Discovery Email Inspector 2.1 to
2.5, the web console cannot be redirected to the login page
automatically. Additionally, the certificate of Deep Discovery Email
Inspector will be changed, therefore the user needs to confirm and
accept the new certificate.
**Solution:** Re-open Deep Discovery Email Inspector web console and
login again.
#16 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** For the same email attachment which has a different file
name, after being analyzed by Deep Discovery Analyzer, the analysis
reports for the two attachments will have the same file name.
**Solution:** As the current specification of Deep Discovery Analyzer,
it will return the cached analysis result for the same files or URLs to
Deep Discovery Email Inspector.
#17 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Under Microsoft Edge and IE10, there will be two delete
icons at the end of "Search" box in "Dashboard > Add Widgets" page.
**Solution:** Microsoft IE10 and Edge will create a delete icon for
"Search" box by default. However Widget Framework has already created
another delete icon.
#18 Known Issue: [Reported at: DDEI 2.5.0 GM B1300]
**Problem:** Under the current specifications of Deep Discovery Email
Inspector, Single-Sign-On from Control Manager is not supported under
the HTTP protocol.
**Solution:** Log into the Control Manager web console using HTTPS
protocol.
7. Release History
==============================================================================
For more information about updates to this product, go to:
http://www.trendmicro.com/download
7.1 Prior Hotfixes
============================================================================
Only this hotfix was tested for this release. Prior hotfixes were tested at
the time of their release.
[Hotfix 1195]
Issue 1: Administrators cannot set the "Timeout Setting" on the
"Password Analyzer Setting" hidden page to "0" (zero).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix allows users to set the "Timeout Setting" to "0".
Issue 2: Deep Discovery Email Inspector may truncate quoted and
href-tagged URLs that appear in multiple lines and extracted
from the Content-Type text/html part of an email message.
These truncated URLs may increase the occurrence of false
negatives.
For example, the following URL in the href tag occupies two
lines (using hxxp for demonstration):
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix optimizes the URL scanning mechanism to prevent
URL truncation under the scenario described above.
Enhancement 1: This hotfix upgrades the Usandbox to resolve some known
issues.
Enhancement 2: This hotfix optimizes the URL extraction logic to prevent
it from treating "%" as an escape character.
[Hotfix 1194]
Issue 1: Deep Discovery Email Inspector may truncate quoted and
href-tagged URLs that appear in multiple lines and extracted
from the Content-Type text/html part of an email message.
These truncated URLs may increase the occurrence of false
negatives.
For example, the following URL in the href tag occupies two
lines (using hxxp for demonstration):
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix optimizes the URL scanning mechanism to prevent
URL truncation under the scenario described above.
Issue 2: Deep Discovery Email Inspector (DDEI) may not import some
images after users apply Hot Fix 1188 and succeeding builds.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix resolves this issue by upgrading some internal
modules in DDEI.
[Hotfix 1192]
Issue: Virtual Analyzer reports generated for certain special samples
may contain inaccurate information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix optimizes the report generation logic to ensure that
Virtual Analyzer reports always contain complete and accurate
information.
[Hotfix 1191]
Enhancement 1: This hotfix enables the curl cookie engine with hyperlink
for the URL filter.
Enhancement 2: This hotfix adds an rdqa page where users can disable debug
logs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 2: To disable debug logs:
1. Install this hotfix (see "Installation").
2. Open a web browser window, access
"https://DDEI_IP_ADDRESS/hidden/rdqa.php", and log in using
a valid account and password.
3. Go to the "Debug Log Setting" page.
4. Select the checkbox for the "Only collect application
logs" option.
5. Click "Save".
NOTE: This feature is disabled by default.
Enhancement 3: This hotfix increases the limit on the number of records
that Deep Discovery Email Inspector can send out in each
message from 256 to 512 records.
[Hotfix 1189]
Issue 1: Users may encounter Deep Discovery Email Inspector 9100
performance issues because some HW-related configuration
parameters revert to the default values of Deep Discovery
Email Inspector 7100 after users upgrade Deep Discovery Email
Inspector from version 2.5 to version 2.5 Service Pack 1.
This issue does not affect freshly-installed Deep Discovery
Email Inspector 2.5 Service Pack 1 nor those that were
upgraded on Deep Discovery Email Inspector 7100.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix ensures that the HW-related settings are preserved
after Deep Discovery Email Inspector upgrades from version 2.5
to version 2.5 Service Pack 1.
Issue 2: Deep Discovery Email Inspector cannot parse specific PDF files
with specific security settings properly. When this happens, a
timeout issue causes temporary files to remain in the "/tmp"
directory.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix updates the Advance Threat Scan Engine (ATSE) to
enable it to handle PDF files with specific security settings.
Issue 3: The Usandbox module in Deep Discovery Email Inspector 2.5
Service Pack 1 is out-dated.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hotfix updates the Usandbox module to the latest version.
[Hotfix 1188]
Issue: Deep Discovery Email Inspector 2.5 Service Pack 1 cannot
recognize full-width white spaces when extracting URLs from
email messages.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix updates the URL extraction function to enable it to
recognize full-width white spaces.
Enhancement: This hotfix upgrades the Usandbox module to fix several
issues and enable it to support Microsoft(TM) Windows(TM) 10
Build 1607 (RedStone 1).
[Critical Patch 1182]
Issue 1: In Deep Discovery Email Inspector, the Apache and Postfix
modules may use Data Encryption Standard (DES) or triple DES
ciphers for the SSL/TLS protocol. This triggers a
CVE-2016-2183 vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix resolves the vulnerability by disabling DES and
triple DES ciphers in Deep Discovery Email Inspector.
Issue 2: Redundant and useless PHP and HTML files cause vulnerabilities
in the Deep Discovery Email Inspector web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix removes the redundant and useless PHP and HTML
files to resolve the vulnerabilities.
Issue 3: High CPU Usage alerts display inaccurate CPU usage
information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hotfix ensures that the CPU usage information in High CPU
Usage alerts is consistent with the information on the
"Triggered Alerts" page.
[Hotfix 1181]
Issue 1: Trend Micro Control Manager(TM) may not be able to parse
certain detection logs that it receives from Deep Discovery
Email Inspector.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix ensures that all detection logs that Deep
Discovery Email Inspector sends to Control Manager can be
parsed without issues.
Issue 2: When users set the time zone setting to a non-integer number,
the wrong time zone setting appears on the Deep Discovery
Email Inspector web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix ensures that the correct time zone setting appears
on the Deep Discovery Email Inspector web console.
Issue 3: A message tracing log remains in "Pending" status when the
sender's email address contains certain special characters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hotfix resolves the issue to ensure that the Msgtracing
module can handle the email status information correctly.
Enhancement: This hotfix enables the URL extraction module to handle URLs
that contain a zero width space character.
[Critical Patch 1178]
Issue 1: Some user interface (UI) vulnerabilities have been found on
Deep Discovery Email Inspector.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix fixed some user interface (UI) vulnerabilities to
improve the security of the front end interface.
Issue 2: Some hidden pages do not require user authentication.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix added user authentication for all the hidden pages
to improve the security of the front end interface.
[Hotfix 1173]
Enhancement 1: This hotfix modifies the CPU alert mechanism to avoid
incorrect declarations.
Enhancement 2: This hotfix adds a logic that filters exception
configurations synchronized with Control Manager.
Enhancement 3: This hotfix updates the Usandbox module to enable it to
support svg and pub file types.
[Hotfix 1165]
Issue: Deep Discovery Email Inspector fails to parse encrypted PDF
samples consisting of image files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix enables Deep Discovery Email Inspector to parse
encrypted PDF samples consisting of image files.
Enhancement: This hotfix adds a hyperlink to allow downloading quarantined
emails which were determined to be malformed.
[Hotfix 1159]
Issue: The Deep Discovery Email Inspector console is affected by
vulnerabilities.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix resolves the vulnerabilities to improve the security
of the front end interface.
Enhancement: This hotfix enhances the scanning workflow so that Deep
Discovery Email Inspector (DDEI) could extract files linked
and embedded in Microsoft(TM) Office(TM) files and then send
these onto Virtual Analyzer if the true file type is
supported and selected.
[Hotfix 1151]
Issue 1: The "Msgtracing" page of Deep Discovery Email Inspector
sometimes does not show the email log with "no risk" level.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix ensures that the "Msgtracing" page shows all the
email logs, including the "no risk" email log.
Issue 2: Deep Discovery Email Inspector sometimes restarts
unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix disables the Huge Pages parameter of Java to avoid
the unexpected system restart.
Issue 3: Deep Discovery Email Inspector sometimes cannot handle some
shortened URLs correctly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hotfix enhances the logic of the URL extractor part to
handle special shortened URLs.
Enhancement 1: This hotfix enhances the Control Manager part to ensure
that Deep Discovery Email Inspector (DDEI) can perform
single sign-on (SSO) from Control Manager successfully.
Enhancement 2: This hotfix updates the SA agent module to an updated
version.
[Hotfix 1144]
Issue: Deep Discovery Email Inspector may not be able to recognize some
email formats which prevents it from parsing the attachments or
URLs of specially formatted email messages.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix enables Deep Discovery Email Inspector to parse
attachments and URLs in email messages that follow certain
special formats.
Enhancement 1: This hotfix updates the TmMsg module to recognize email
formats that contain strings after the last boundary.
Enhancement 2: This hotfix optimizes the Threat Connect hyperlink to
ensure that it redirects to the correct page.
[Hotfix 1142]
Enhancement 1: This hotfix updates the Usandbox module to version
3.8.1300.
Enhancement 2: This hotfix enables the "EnablePauseVM" setting in the
sandbox module to prevent it from triggering the "Virtual
Analyzer Stopped" alert in certain scenarios.
[Hotfix 1138]
Issue 1: Users encounter a web browser compatibility issue while
accessing the Blocking and Warning Pages of the Deep Discovery
Email Inspector console in Internet Explorer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix resolves the issue to ensure that users can access
the Blocking and Warning Pages of the Deep Discovery Email
Inspector console in Internet Explorer.
Issue 2: When an email message contains two same malicious file
attachments, Deep Discovery Email Inspector removes just one
of the attachments.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix ensures that Deep Discovery Email Inspector
removes all malicious file attachments from email messages.
Issue 3: When users log on to the After Deep Discovery Email Inspector
web console by SSO from the Control Manager console, they may
encounter a "Permission denied" message while attempting to
access certain pages of the Deep Discovery Email Inspector
web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hotfix ensures that users can access the pages of the
Deep Discovery Email Inspector web console through SSO from
Control Manager normally.
[Hotfix 1137]
Issue 1: When users log on to the After Deep Discovery Email Inspector
web console by SSO from the Control Manager console, they may
encounter a "Permission denied" message while attempting to
access certain pages of the Deep Discovery Email Inspector
web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix ensures that users can access the pages of the
Deep Discovery Email Inspector web console through SSO from
Control Manager normally.
Issue 2: When several users log on to the After Deep Discovery Email
Inspector web console by SSO from the Control Manager console
at the same time, the detection detailed page may not be able
to display all the required information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix ensures that several users can access the
detection detailed page normally through SSO from Control
Manager.
[Hotfix 1136]
Issue 1: When Deep Discovery Email Inspector checks user-specified
recipient email addresses for notification and reports
recipients, it may treat certain internal domain email
addresses as invalid.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hotfix updates the checking logic to ensure that it can
correctly recognize and allow the affected internal domain
addresses.
Issue 2: When users add objects in the "Policy > Exceptions" page, the
time information is displayed in UTC time instead of in the
local time.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hotfix ensures that the "Exceptions" page displays time
information in the local time.
Issue 3: Sometimes, a protected computer cannot translate the NIC name
from "em" to "eth" which may prevent it from starting
successfully.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hotfix resolves the NIC translation issue to ensure that
protected computers can start up successfully.
[Hotfix 1134]
Issue: Deep Discovery Email Inspector still attempts to insert an end
stamp to email messages that do not contain an email body.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix prevents Deep Discovery Email Inspector from
inserting an end stamp to email messages that do not have an
email body.
[Hotfix 1131]
Issue: A browser compatibility issue prevents some contents of the
Blocking and Warning Pages of the Deep Discovery Email Inspector
web console from displaying correctly in Internet Explorer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix ensures that the Blocking and Warning Pages display
normally in Internet Explorer.
[Hotfix 1124]
Issue: Deep Discovery Email Inspector may not be able to scan PDF files
that are encrypted with "document opening require password" or
"require password for other actions" protection because it
cannot distinguish these two types from each other.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hotfix enables Deep Discovery Email Inspector to
distinguish between a PDF file that has been encrypted with
"document opening require password" protection and one with
"require password for other actions" protection.
Enhancement 1: This hotfix updates the U-Sandbox module to enable it to
support cmd and bat script file types.
Enhancement 2: This hotfix enables the "Image Import Tool" to import
images that are between 10 to 12 GB in size successfully.
[Hotfix 1121]
Enhancement: This hotfix adds a configuation option on the
"/hidden/rdqa.php" page so that the customer could disable
the detection logs being uploaded to Trend Micro Control
Manager(TM).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure: To disable the detection logs' uploading to Control Manager
in Deep Discovery Email Inspector 2.5 Service Pack 1:
1. Access "https://IP-of-DDEI/hidden/rdqa.php" through a web
browser window and login in using a valid account and
password.
2. Go to the "Internal Support and Testing > TMCM Setting"
page.
3. Select the checkbox to disable sending detection logs
4. Click "Save".
8. Contact Information
==============================================================================
A license to Trend Micro software usually includes the right to product
updates, pattern file updates, and basic technical support for one (1) year
from the date of purchase only. After the first year, you must renew
Maintenance on an annual basis at Trend Micro's then-current Maintenance
fees.
Contact Trend Micro via fax, phone, and email, or visit our website to
download evaluation copies of Trend Micro products.
http://www.trendmicro.com/us/about-us/contact/index.html
NOTE: This information is subject to change without notice.
9. About Trend Micro
==============================================================================
Smart, simple, security that fits
As a global leader in IT security, Trend Micro develops innovative security
solutions that make the world safe for businesses and consumers to exchange
digital information.
Copyright 2017, Trend Micro Incorporated. All rights reserved.
Trend Micro, Control Manager, and the t-ball logo are trademarks of Trend
Micro Incorporated and are registered in some jurisdictions. All other marks
are the trademarks or registered trademarks of their respective companies.
10. License Agreement
==============================================================================
View information about your license agreement with Trend Micro at:
http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Administrator's Guide