<<<>>> Trend Micro, Inc. April 21, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Deep Security(TM) 8.0 Service Pack 2 Deep Security Manager 8.0 Critical Patch - Build 4151 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hot Fixes 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Overview of this Critical Patch Release ======================================================================= This critical patch resolves the following issue: Issue 1: The Deep Security 8.0 Manual Anti-Malware scan engine could potentially fail to detect malware if it was located in adirectory with certain specific characteristics. Solution 1: This critical patch will send alerts to Deep Security Manager to indicate that administrators need to check the path manually. The alert is "Files were not scanned because the file path exceeded the maximum file path length limit." 1.1 Files Included in this Release ==================================================================== Manager-Windows-8.0.4151.i386.exe (Microsoft(TM) Windows(TM) 32-bit) Manager-Windows-8.0.4151.x64.exe (Microsoft(TM) Windows(TM) 64-bit) Manager-Linux-8.0.4151.x64.sh (Red Hat(TM) 6 64-bit) 2. Documentation Set ======================================================================= In addition to this readme.txt, the documentation set for this product includes the following: o Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you deploy Deep Security smoothly. o User's Guide (UG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. o Readme.txt files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent, Virtual Appliance, and ESX Filter Driver. o Electronic versions of the documents are available at: http://docs.trendmicro.com/en-us/enterprise/deep-security.aspx o Online help -- Context-sensitive help screens available on the Deep Security Manager that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 3. System Requirements ======================================================================= Refer to the "Installation Guide" or release notes for a complete list of system requirements. 4. Installation/Uninstallation ======================================================================= 4.1 Installation ==================================================================== Refer to the "Installation Guide" in the following web site for the complete installation procedure: http://docs.trendmicro.com/en-us/enterprise/deep-security.aspx 4.2 Uninstallation ==================================================================== Refer to the "Installation Guide" in the following web site for the complete uninstallation procedure: http://docs.trendmicro.com/en-us/enterprise/deep-security.aspx 5. Post-installation Configuration ======================================================================= No post-installation steps are required. 6. Known Issues ======================================================================= There are no known issues for this critical patch release. For other known issues, please refer to the product release notes. 7. Release History ======================================================================= - Deep Security 8.0 Service Pack 2 Build 8.0.4100, January 9, 2013 - Deep Security 8.0 Service Pack 2 Patch 1 Build 8.0.4126, June 14, 2013 - Deep Security 8.0 Service Pack 2 Patch 2 Build 8.0.4136, January 24, 2014 See the following web site for more information about updates to this product: http://www.trendmicro.com/download 7.1 Prior Hot Fixes ==================================================================== NOTE: Only the new hot fix was tested for this release. Prior hot fixes were tested at the time of their release. Critical Patch - Build 4145 (November 18, 2014) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue : An issue related to an SSLv2 hello protocol attribute prevents Deep Security Manager from deploying the Filter Driver on ESXi 5.0 or 5.1. Solution: This critical patch resolves the issue related to the SSLv2 hello protocol attribute so that Deep Security Manager can successfully deploy the Filter Driver on ESXi 5.0 or 5.1. Hot Fix 8.0.4144 (November 4th, 2014) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 1: In a controlled environment, with certain steps, the logging user can see the administrator's login name. Solution 1: Enhance the session checking to block the URL of administrator password setting page in invalid session. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: An issue with the SSLv3 protocol triggers a certain vulnerability in Deep Security Manager 8.0 Service Pack 2. Solution 2: This critical patch enables Deep Security Manager 8.0 Service Pack 2 web servers to accept only TLSv1.0 connections and prevents these from accepting SSLv3 connections to prevent the vulnerability. Hot Fix 8.0.4142 (July 12, 2014) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue: Deep Security Manager 8.0 uses a version of the Apache(TM) Tomcat(TM) web server that is affected by the CVE-2014-0075, CVE-2014-0099, and CVE-2014-0119 vulnerabilities. Solution: This critical patch updates the Tomcat web server program in Deep Security Manager 8.0 to remove the vulnerabilities. Hot Fix 8.0.4138 (April 2, 2014) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue: Deep Security Manager identifies interfaces using MAC addresses. However, when multiple interfaces are bonded or bridged, some interfaces may share MAC addresses but will have different names. Deep Security Manager interprets this as a change in interface name and triggers it to report several "Computer Updated" events. Solution: This hot fix adds an option to enable Deep Security Manager to recognize interfaces that have different names but the same MAC addresses. This allows Deep Security Manager to support bonded or bridged interface configurations. Procedure: To enable Deep Security Manager to recognize interfaces that have different names but the same MAC addresses: a. Install this hot fix (see "Installation"). b. Open a command prompt. c. Change to the directory where Deep Security Manager is installed. For example, "C:\Program Files\ Trend Micro\Deep Security Manager". d. Run the following dsm_c.exe command in a single line. dsm_c -action changesetting -name configuration.supportMACAddressDuplication -value true Deep Security Manager restarts after the setting has been applied successfully. Hot Fix 8.0.4137 (February 6, 2014) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue: Deep Security Manager encounters an error while attempting to install a second manager node. Solution: This hot fix resolves the error by ensuring that Deep Security Manager can successfully access a certain static field in the second manager's installation class while it installs the second manager node. 8. Contact Information ======================================================================= A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ======================================================================= Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years of experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, and Deep Security are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ======================================================================= More information about your license agreement with Trend Micro and Third-party licensing agreements can be found in the release notes.