<<<>>> Trend Micro Incorporated July 31st, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Discovery Email Inspector 2.5 - Service Pack 1 English - Linux - 64 Bits Critical Patch Build 1197 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ============================================================================== 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hotfixes 8. Contact Information 9. About Trend Micro 10. License Agreement ============================================================================== 1. Critical Patch Release Information ============================================================================== 1.1 Resolved Known Issues ============================================================================ This Critical Patch resolves the following issue(s): Issue 1: Some pages of the Deep Discovery Email Inspector web console are affected by Cross-Site Scripting (XSS) vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch resolves the XSS vulnerabilities. Issue 2: The wvWare third-party tool Deep Discovery Email Inspector uses to analyze old versions of Microsoft(TM) Office(TM) files contains a potential vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This critical patch removes the wvWare tool and upgrades the Apache POI - the Java API for Microsoft Documents tool to support old versions of Office files. Issue 3: After updating or rolling back the SAL pattern from the ActiveUpdate (AU) server, Deep Discovery Email Inspector does not reload the new pattern or restart the corresponding process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This critical patch ensures that Deep Discovery Email Inspector reloads the SAL pattern immediately after the pattern has finished updating or rolling back. 1.2 Enhancements ============================================================================ The following enhancements are included in this Critical Patch: Enhancement: This critical patch enables Deep Discovery Email Inspector to automatically send URLs under category 97 (Low Confidence or Low Prevalence URL) and category 56 (Sharing Service) to Virtual Analyzer for further analysis. 2. Documentation Set ============================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://esupport.trendmicro.com 3. System Requirements ============================================================================== 1. Trend Micro Deep Discovery Email Inspector 2.5 Service Pack 1 Build 1118 - English - Linux - x64 4. Installation ============================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ============================================================================ To install: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Install Hot Fix / Patch" screen appears. 2. Click "Browse" and select the "ddei_25_sp1_lx_en_criticalpatch_b1197.tgz.tar" hotfix file. 3. Click "Install". 4. Verify that the hotfix has been installed successfully. a. Click "Administration > Product Updates > Hot Fixes / Patches". In the "History" table, check if the "Build" is "1197" and "Description" is "Hot Fix 1197". b. Choose the "About" option under "Help". c. Verify that the "Hot fix" number on the "About" page is "1197". 5. Clean the web browser cache. NOTES: * The program version for the device will NOT change after applying this hotfix. * Deep Discovery Email Inspector 2.5 Service Pack 1 restarts automatically after installing this hotfix. 4.2 Uninstalling ============================================================================ To roll back to the previous build: 1. Click "Administration > Product Updates > Hot Fixes / Patches". The "Hot Fixes / Patches" screen appears. 2. Click "Roll Back". 3. Verify that the hotfix has been successfully uninstalled. a. After Deep Discovery Email Inspector restarts, verify that the hotfix number has been removed from the "About" screen on the management console. b. Click "Administration > Product Updates > Hot Fixes / Patches". The "History" table should be empty. NOTE: Deep Discovery Email Inspector will restart automatically after hotfix uninstallation. 5. Post-installation Configuration ============================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ============================================================================== Known issues in this release: #1 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118] **Problem:** When only the "Connect to Smart Protection for Web Reputation Services" option is enabled on the Administration > Scanning / Analysis > Other Settings > Smart Protection screen, Deep Discovery Email Inspector does not perform connection tests for the following: * Web Inspection Service * Certified Safe Software Service * Community File Reputation **Solution:** On the Administration > Scanning / Analysis > Other Settings > Smart Protection screen, either clear the "Connect to Smart Protection for Web Reputation Services" checkbox or select both "Connect to Smart Protection for Web Reputation Services" and "Connect to global services using Smart Protection Server". #2 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118] **Problem:** If Web Reputation Service and Community File Reputation are unreachable using IPv4 addresses in a dual-stack network, the Administration > System Maintenance > Network Services Diagnostics screen still displays the final resolved IPv4 addresses for these services. #3 Known Issue: [Reported at: DDEI 2.5.1 Service Pack 1 B1118] **Problem:** When performing sandbox analysis using a Windows 10 image that requires higher system resources, the performance of Deep Discovery Email Inspector may be affected. **Solution:** Trend Micro recommends evaluating the system load capacity on Deep Discovery Email Inspector before using a Windows 10 sandbox environment for analysis. #4 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector cannot receive incoming emails messages from other IPv6 subnets if the "Hosts in the same address class" option is enabled on the Administration > Mail Settings > Limits and Exceptions screen. #5 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** After daylight savings time changes to standard time on Deep Discovery Email Inspector, a duplicate time value appears on widgets. #6 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** While operating in SPAN/TAP mode, Deep Discovery Email Inspector cannot capture VLAN traffic that is encapsulated by Cisco Inter-Switch Link (ISL) protocol. #7 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector is unable to import Virtual Analyzer images from an FTP server in active mode. Deep Discovery Email Inspector security does not allow this type of connection. **Solution:** Trend Micro recommends using FTP servers in passive mode, or importing the Virtual Analyzer images through another method. #8 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector cannot read the subject of email messages in non-standard formats. **Solution:** Trend Micro recommends only routing standard-formatted email messages. Most mail user agents cannot read email messages in non-standard formats. #9 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Time format in the following pages cannot be changed if "Date and time format" in System Settings > Time page is changed. 1. "Last updated" time of each widget in "Dashboard > Add Widgets” 2. "Last update" time in widget preview screenshot 3. Time in email screenshot in "Detection" details. **Solution: ** 1. For "Last updated" time of each widget, it was a limitation of the widget framework used in Deep Discovery Email Inspector to show time in a corresponding format. 2. For "Last update" time in the widget preview screenshot, it is not possible to be changed due to the fact that the preview screenshot is a picture. 3. For the time shown in the email screenshot, it was created by the third-party email client. It depends on locale to show proper time format, not the user-defined time format. #10 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Some risky URLs in an email may not be rewritten to be a link redirected to blocking or warning page, even if the same URLs have been rewritten, if there are more than 60 URLs in an email. **Solution:** Deep Discovery Email Inspector will at most extract 60 URLs from an email for scanning by default. If some of the URLs were scanned have a risk, they will be rewritten to a link that can redirect to a blocking or warning page. If the number of URLs in the email exceeds 60, some of URLs will not be rewritten due to the fact that they were not extracted by Deep Discovery Email Inspector. #11 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** In Deep Discovery Email Inspector 2.5, submission filters was changed that allow the user to select the specific file type groups to be analyzed. After upgrading from Deep Discovery Email Inspector 2.1, the specific file type group, (which includes file types selected in Version 2.1) will be automatically selected to be analyzed. Afterward, the other file types which belong to the specific file type group will be also selected for analyzing. **Solution:** Re-configure "Submission Filters" in "Administration > Scanning / Analysis > Virtual Analyzer > Settings" page to select the necessary file type groups. #12 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Deep Discovery Email Inspector cannot scan password-protected Office PowerPoint 2003 files. **Solution:** The encryption of Office PowerPoint 2003 files is different from later versions, and this format cannot be decrypted. #13 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** If the user enables "Connect to Smart Protection Server for Web Reputation Services" in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page, the internal Virtual Analyzer will not run the URL block reason query, Census query or the Certified Safe Software Service query. Additionally, it will not provide Smart Feedback. **Solution:** This is the configuration of the internal Virtual Analyzer. The user can either disable “Connect to Smart Protection for Web Reputation Services” in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page or enable both “Connect to Smart Protection Server for Web Reputation Services” and “Connect to global services using Smart Protection Server” in the "Administration > Scanning / Analysis > Other Settings > Smart Protection" page. #14 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** When integrated with Deep Discovery Analyzer, the final risk level of a malicious URL in Deep Discovery Email Inspector is different with the risk level in Deep Discovery Analyzer. **Solution: **Deep Discovery Analyzer can support several different products with varying risk levels, so for Deep Discovery Email Inspector, the risk level for malicious URLs returned by Virtual Analyzer (no matter whether either internal Virtual Analyzer or Deep Discovery Analyzer) will be downgraded one level. #15 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** After upgrading from Deep Discovery Email Inspector 2.1 to 2.5, the web console cannot be redirected to the login page automatically. Additionally, the certificate of Deep Discovery Email Inspector will be changed, therefore the user needs to confirm and accept the new certificate. **Solution:** Re-open Deep Discovery Email Inspector web console and login again. #16 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** For the same email attachment which has a different file name, after being analyzed by Deep Discovery Analyzer, the analysis reports for the two attachments will have the same file name. **Solution:** As the current specification of Deep Discovery Analyzer, it will return the cached analysis result for the same files or URLs to Deep Discovery Email Inspector. #17 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Under Microsoft Edge and IE10, there will be two delete icons at the end of "Search" box in "Dashboard > Add Widgets" page. **Solution:** Microsoft IE10 and Edge will create a delete icon for "Search" box by default. However Widget Framework has already created another delete icon. #18 Known Issue: [Reported at: DDEI 2.5.0 GM B1300] **Problem:** Under the current specifications of Deep Discovery Email Inspector, Single-Sign-On from Control Manager is not supported under the HTTP protocol. **Solution:** Log into the Control Manager web console using HTTPS protocol. 7. Release History ============================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 7.1 Prior Hotfixes ============================================================================ Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1195] Issue 1: Administrators cannot set the "Timeout Setting" on the "Password Analyzer Setting" hidden page to "0" (zero). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix allows users to set the "Timeout Setting" to "0". Issue 2: Deep Discovery Email Inspector may truncate quoted and href-tagged URLs that appear in multiple lines and extracted from the Content-Type text/html part of an email message. These truncated URLs may increase the occurrence of false negatives. For example, the following URL in the href tag occupies two lines (using hxxp for demonstration): Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix optimizes the URL scanning mechanism to prevent URL truncation under the scenario described above. Enhancement 1: This hotfix upgrades the Usandbox to resolve some known issues. Enhancement 2: This hotfix optimizes the URL extraction logic to prevent it from treating "%" as an escape character. [Hotfix 1194] Issue 1: Deep Discovery Email Inspector may truncate quoted and href-tagged URLs that appear in multiple lines and extracted from the Content-Type text/html part of an email message. These truncated URLs may increase the occurrence of false negatives. For example, the following URL in the href tag occupies two lines (using hxxp for demonstration): Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix optimizes the URL scanning mechanism to prevent URL truncation under the scenario described above. Issue 2: Deep Discovery Email Inspector (DDEI) may not import some images after users apply Hot Fix 1188 and succeeding builds. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix resolves this issue by upgrading some internal modules in DDEI. [Hotfix 1192] Issue: Virtual Analyzer reports generated for certain special samples may contain inaccurate information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix optimizes the report generation logic to ensure that Virtual Analyzer reports always contain complete and accurate information. [Hotfix 1191] Enhancement 1: This hotfix enables the curl cookie engine with hyperlink for the URL filter. Enhancement 2: This hotfix adds an rdqa page where users can disable debug logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 2: To disable debug logs: 1. Install this hotfix (see "Installation"). 2. Open a web browser window, access "https://DDEI_IP_ADDRESS/hidden/rdqa.php", and log in using a valid account and password. 3. Go to the "Debug Log Setting" page. 4. Select the checkbox for the "Only collect application logs" option. 5. Click "Save". NOTE: This feature is disabled by default. Enhancement 3: This hotfix increases the limit on the number of records that Deep Discovery Email Inspector can send out in each message from 256 to 512 records. [Hotfix 1189] Issue 1: Users may encounter Deep Discovery Email Inspector 9100 performance issues because some HW-related configuration parameters revert to the default values of Deep Discovery Email Inspector 7100 after users upgrade Deep Discovery Email Inspector from version 2.5 to version 2.5 Service Pack 1. This issue does not affect freshly-installed Deep Discovery Email Inspector 2.5 Service Pack 1 nor those that were upgraded on Deep Discovery Email Inspector 7100. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the HW-related settings are preserved after Deep Discovery Email Inspector upgrades from version 2.5 to version 2.5 Service Pack 1. Issue 2: Deep Discovery Email Inspector cannot parse specific PDF files with specific security settings properly. When this happens, a timeout issue causes temporary files to remain in the "/tmp" directory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix updates the Advance Threat Scan Engine (ATSE) to enable it to handle PDF files with specific security settings. Issue 3: The Usandbox module in Deep Discovery Email Inspector 2.5 Service Pack 1 is out-dated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix updates the Usandbox module to the latest version. [Hotfix 1188] Issue: Deep Discovery Email Inspector 2.5 Service Pack 1 cannot recognize full-width white spaces when extracting URLs from email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix updates the URL extraction function to enable it to recognize full-width white spaces. Enhancement: This hotfix upgrades the Usandbox module to fix several issues and enable it to support Microsoft(TM) Windows(TM) 10 Build 1607 (RedStone 1). [Critical Patch 1182] Issue 1: In Deep Discovery Email Inspector, the Apache and Postfix modules may use Data Encryption Standard (DES) or triple DES ciphers for the SSL/TLS protocol. This triggers a CVE-2016-2183 vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the vulnerability by disabling DES and triple DES ciphers in Deep Discovery Email Inspector. Issue 2: Redundant and useless PHP and HTML files cause vulnerabilities in the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix removes the redundant and useless PHP and HTML files to resolve the vulnerabilities. Issue 3: High CPU Usage alerts display inaccurate CPU usage information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that the CPU usage information in High CPU Usage alerts is consistent with the information on the "Triggered Alerts" page. [Hotfix 1181] Issue 1: Trend Micro Control Manager(TM) may not be able to parse certain detection logs that it receives from Deep Discovery Email Inspector. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that all detection logs that Deep Discovery Email Inspector sends to Control Manager can be parsed without issues. Issue 2: When users set the time zone setting to a non-integer number, the wrong time zone setting appears on the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the correct time zone setting appears on the Deep Discovery Email Inspector web console. Issue 3: A message tracing log remains in "Pending" status when the sender's email address contains certain special characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue to ensure that the Msgtracing module can handle the email status information correctly. Enhancement: This hotfix enables the URL extraction module to handle URLs that contain a zero width space character. [Critical Patch 1178] Issue 1: Some user interface (UI) vulnerabilities have been found on Deep Discovery Email Inspector. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix fixed some user interface (UI) vulnerabilities to improve the security of the front end interface. Issue 2: Some hidden pages do not require user authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix added user authentication for all the hidden pages to improve the security of the front end interface. [Hotfix 1173] Enhancement 1: This hotfix modifies the CPU alert mechanism to avoid incorrect declarations. Enhancement 2: This hotfix adds a logic that filters exception configurations synchronized with Control Manager. Enhancement 3: This hotfix updates the Usandbox module to enable it to support svg and pub file types. [Hotfix 1165] Issue: Deep Discovery Email Inspector fails to parse encrypted PDF samples consisting of image files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to parse encrypted PDF samples consisting of image files. Enhancement: This hotfix adds a hyperlink to allow downloading quarantined emails which were determined to be malformed. [Hotfix 1159] Issue: The Deep Discovery Email Inspector console is affected by vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix resolves the vulnerabilities to improve the security of the front end interface. Enhancement: This hotfix enhances the scanning workflow so that Deep Discovery Email Inspector (DDEI) could extract files linked and embedded in Microsoft(TM) Office(TM) files and then send these onto Virtual Analyzer if the true file type is supported and selected. [Hotfix 1151] Issue 1: The "Msgtracing" page of Deep Discovery Email Inspector sometimes does not show the email log with "no risk" level. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that the "Msgtracing" page shows all the email logs, including the "no risk" email log. Issue 2: Deep Discovery Email Inspector sometimes restarts unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix disables the Huge Pages parameter of Java to avoid the unexpected system restart. Issue 3: Deep Discovery Email Inspector sometimes cannot handle some shortened URLs correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix enhances the logic of the URL extractor part to handle special shortened URLs. Enhancement 1: This hotfix enhances the Control Manager part to ensure that Deep Discovery Email Inspector (DDEI) can perform single sign-on (SSO) from Control Manager successfully. Enhancement 2: This hotfix updates the SA agent module to an updated version. [Hotfix 1144] Issue: Deep Discovery Email Inspector may not be able to recognize some email formats which prevents it from parsing the attachments or URLs of specially formatted email messages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to parse attachments and URLs in email messages that follow certain special formats. Enhancement 1: This hotfix updates the TmMsg module to recognize email formats that contain strings after the last boundary. Enhancement 2: This hotfix optimizes the Threat Connect hyperlink to ensure that it redirects to the correct page. [Hotfix 1142] Enhancement 1: This hotfix updates the Usandbox module to version 3.8.1300. Enhancement 2: This hotfix enables the "EnablePauseVM" setting in the sandbox module to prevent it from triggering the "Virtual Analyzer Stopped" alert in certain scenarios. [Hotfix 1138] Issue 1: Users encounter a web browser compatibility issue while accessing the Blocking and Warning Pages of the Deep Discovery Email Inspector console in Internet Explorer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix resolves the issue to ensure that users can access the Blocking and Warning Pages of the Deep Discovery Email Inspector console in Internet Explorer. Issue 2: When an email message contains two same malicious file attachments, Deep Discovery Email Inspector removes just one of the attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that Deep Discovery Email Inspector removes all malicious file attachments from email messages. Issue 3: When users log on to the After Deep Discovery Email Inspector web console by SSO from the Control Manager console, they may encounter a "Permission denied" message while attempting to access certain pages of the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix ensures that users can access the pages of the Deep Discovery Email Inspector web console through SSO from Control Manager normally. [Hotfix 1137] Issue 1: When users log on to the After Deep Discovery Email Inspector web console by SSO from the Control Manager console, they may encounter a "Permission denied" message while attempting to access certain pages of the Deep Discovery Email Inspector web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix ensures that users can access the pages of the Deep Discovery Email Inspector web console through SSO from Control Manager normally. Issue 2: When several users log on to the After Deep Discovery Email Inspector web console by SSO from the Control Manager console at the same time, the detection detailed page may not be able to display all the required information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that several users can access the detection detailed page normally through SSO from Control Manager. [Hotfix 1136] Issue 1: When Deep Discovery Email Inspector checks user-specified recipient email addresses for notification and reports recipients, it may treat certain internal domain email addresses as invalid. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix updates the checking logic to ensure that it can correctly recognize and allow the affected internal domain addresses. Issue 2: When users add objects in the "Policy > Exceptions" page, the time information is displayed in UTC time instead of in the local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that the "Exceptions" page displays time information in the local time. Issue 3: Sometimes, a protected computer cannot translate the NIC name from "em" to "eth" which may prevent it from starting successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the NIC translation issue to ensure that protected computers can start up successfully. [Hotfix 1134] Issue: Deep Discovery Email Inspector still attempts to insert an end stamp to email messages that do not contain an email body. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix prevents Deep Discovery Email Inspector from inserting an end stamp to email messages that do not have an email body. [Hotfix 1131] Issue: A browser compatibility issue prevents some contents of the Blocking and Warning Pages of the Deep Discovery Email Inspector web console from displaying correctly in Internet Explorer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix ensures that the Blocking and Warning Pages display normally in Internet Explorer. [Hotfix 1124] Issue: Deep Discovery Email Inspector may not be able to scan PDF files that are encrypted with "document opening require password" or "require password for other actions" protection because it cannot distinguish these two types from each other. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hotfix enables Deep Discovery Email Inspector to distinguish between a PDF file that has been encrypted with "document opening require password" protection and one with "require password for other actions" protection. Enhancement 1: This hotfix updates the U-Sandbox module to enable it to support cmd and bat script file types. Enhancement 2: This hotfix enables the "Image Import Tool" to import images that are between 10 to 12 GB in size successfully. [Hotfix 1121] Enhancement: This hotfix adds a configuation option on the "/hidden/rdqa.php" page so that the customer could disable the detection logs being uploaded to Trend Micro Control Manager(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To disable the detection logs' uploading to Control Manager in Deep Discovery Email Inspector 2.5 Service Pack 1: 1. Access "https://IP-of-DDEI/hidden/rdqa.php" through a web browser window and login in using a valid account and password. 2. Go to the "Internal Support and Testing > TMCM Setting" page. 3. Select the checkbox to disable sending detection logs 4. Click "Save". 8. Contact Information ============================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ============================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Control Manager, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ============================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide