~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Agent 9.0 Service Pack 1 Patch 1 and Deep Security Relay 9.0 Service Pack 1 Patch 1 for Linux(TM) Deep Security Agent Platforms: Red Hat(TM) 5 (32-bit and 64-bit), Red Hat 6 (32-bit and 64-bit), CentOS 5 (32-bit and 64-bit), CentOS 6 (32-bit and 64-bit), Oracle Linux 5 (32-bit and 64-bit), Oracle Linux 6 (32-bit and 64-bit), SUSE(TM) 11, SUSE 11 SP1, SP2 (32-bit and 64-bit), SUSE 10 SP3, SP4 (32-bit and 64-bit), Amazon(TM) AMI (32-bit and 64-bit), Ubuntu Linux 10.04 (64-bit), Ubuntu Linux 12.04 (64-bit) Deep Security Relay Platforms: Red Hat 5 (64-bit), Red Hat 6 (64-bit), CentOS 5 (64-bit), CentOS 6 (64-bit) Kernel Support in this release: Please refer to the Deep Security 9.0 Service Pack 1 kernel support document. Agent-based Anti-Malware not supported on: Red Hat 5 (32-bit), Red Hat 6 (32-bit), CentOS 5 (32-bit), CentOS 6 (32-bit), Oracle Linux 5 (32-bit and 64-bit), Oracle Linux 6 (32-bit and 64-bit), SuSE 10 (32-bit), SuSE 11 (32-bit), Amazon Linux (32-bit) Ubuntu Linux 10.04 (64-bit), Ubuntu Linux 12.04 (64-bit) Date: September 5, 2013 Release: 9.0 Service Pack 1 Patch 1 Build Version: 9.0.0.2401, 9.0.0.2402 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security Agent 9.0 Service Pack 1 Patch 1 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 8.1 Prior Deep Security Agent 9.0 Releases 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security Agent 9.0 Service Pack 1 Patch 1 ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Agent 9.0 Service Pack 1 Patch 1 contains solutions for several issues. Refer to Section 2.2 for more information. 1.2 Who Should Install this Release ===================================================================== You should install the Patch 1 if you are currently running Deep Security Agent 7.0, 7.5, 8.0, or 9.0. 1.3 Support Expiration Notice ===================================================================== Please refer to Trend Micro Download Center or Support website for Information about product support expiration notice. Please visit the Trend Micro Download Center website to download the latest releases at: http://downloadcenter.trendmicro.com/ 2. What's New ======================================================================== For major changes in Deep Security Agent 9.0 from previously released versions of Deep Security Agent, refer to "What's New in Deep Security Agent 9 Service Pack 1" section of the Deep Security Manager's on-line help, the Deep Security Agent Administrator's Guide, or Deep Security Agent Installation Guide available for download from the Trend Micro Download Center. 2.1 Enhancements ===================================================================== There are no new enhancements for this release. 2.2 Resolved Known Issues ===================================================================== Issue 1: [19412] dsa_query cannot run on the Ubuntu Linux platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch modifies the dsa_query script to enable dsa_query to run on the Ubuntu Linux platform. Issue 2: [19515/TT273908] On Red Hat SMP systems, the lock used to protect connection counters does not work properly, which will lead to incorrect connection counts. This can prevent the connection control function from working properly and can trigger the function to deny all connections. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch converts the lock that protects the connection counters to an SMP-safe lock mechanism. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security Agent 9.0 Service Pack 1 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you deploy Deep Security Agent smoothly. o Deep Security Agent 9.0 Service Pack 1 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security Agent. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance, and ESXi Filter Driver. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security Agent 9.0 Service Pack 1 Installation Guide". 5. Installation/Uninstallation ======================================================================== Refer to the "Deep Security Agent 9.0 Service Pack 1 Installation Guide" available for download from the Trend Micro Download Center. For CentOS 5, you can use the Red Hat 5 rpm; for CentOS 6 use the Red Hat 6 rpm. 6. Known Incompatibilities ======================================================================== There are no known incompatibilities for this release. 7. Known Issues ======================================================================== - The Web Reputation Service (WRS) function is only supported on Microsoft(TM) Windows(TM) platforms, there is no WRS function on the Linux, Solaris(TM), HP-UX, and AIX Agent. Hence, when a user has both Deep Security Virtual Appliance and Linux Deep Security Agent installed as coordinated approach, if Deep Security Agent is in use, they will lose the WRS function because there is no WRS support on the Linux Deep Security Agent. [FB 15428] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [FB 15608] - Intrusion Prevention (DPI) is not supported over SSL connections when using IPv6. - Because the Deep Security Relay server does not support a component rollback, if a rollback is performed on a Deep Security Relay, the components listed in Deep Security Manager may not match the actual versions available on the Deep Security Relay Server. The next update of components will re-synch the component versions displayed in Deep Security Manager. [Deep Security 8.0 Tier 2-00180] - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 Service Pack 1 or later of the Windows Agents or versions 7.5 Service Pack 1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - CentOS uses the Red Hat Agent installer package. Therefore, it shows up as Red Hat in the Deep Security Manager. - Log entries (Firewall and IPS Events) for OUTGOING traffic show zero-ed out MAC addresses. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, Deep Security Virtual Appliance is actually online and DPI/FW events will be logged when rules are triggered. [FB 10948] - Log Inspection event logs are limited to 6000 characters. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download 8.1 Prior Deep Security Agent 9.0 Releases ===================================================================== - Deep Security Agent 9.0.0.2008 and 9.0.0.2009, May 21, 2013 - Deep Security Agent 9.0.0.883, January 30, 2013 Enhancements in Deep Security Agent 9.0.2008 and 9.0.2009 ===================================================================== Deep Security Agent now supports Oracle Linux. Enhancements in Deep Security Agent 9.0.883 ===================================================================== There are no enhancements for this release. Resolved Known Issues in Deep Security Agent 9.0.2008 and 9.0.2009 ===================================================================== Issue 1: [TT261356, FB17584, FB17861] Deep Security Agent cannot generate a diagnostic package when it is in Agent Initiated communication while both IPv4 and IPv6 are available. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: The RPC code now uses "all" addresses translated by Dual Stack instead of the first address which enables Deep Security Agent to generate a diagnostic package under the scenario described above. Issue 2: [17496/17324/TT258369/TT252946/TT266606] Installing Deep Security Agent automatically disables the IP tables. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: The IP tables are no longer disabled after installing Deep Security Agent which allows Deep Security Agent to support iptables firewall. Issue 3: [17008/TT252018] Sometimes, Integrity Monitoring/Anti-Malware scans can use up all of the CPU resources. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: A hidden global setting has been added to allow users to set the CPU usage during Integrity Monitoring/Anti-Malware scans to either high, medium, or low. This setting is available in the following platforms: - Linux Red Hat 5 64-bit - AIX(TM) 5.3 - Solaris(TM) 10 Sparc Resolved Known Issues in Deep Security Agent 9.0.883 ===================================================================== Issue 1: [Deep Security 8.0 Tier 2-00200, FB 14340] Point To Point Tunneling Protocol (PPTP) connection to a VPN server cannot be established while the Deep Security Agent is running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: If you wish to use PPTP with Deep Security, you must modify some of the advanced settings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: To modify the settings: a. Log on to Deep Security Manager and go to the "Computer Settings > Network Engine" tab. b. Make the following changes in the Advanced Network Engine Settings: Filter IPV4 Tunnels: Disable detection of IPV4 Tunnels Maximum Tunnel Depth: 4 Action if Maximum Tunnel Depth Exceeded: Bypass c. Click "Save". Note: For a new installation of 9.0 Service Pack 1, the above settings described in the Procedure are set to default values. Issue 2: [Deep Security 8.0 Tier 2-00230, FB 14377] When installing Deep Security Agent on Ubuntu, you may see the following messages: update-rc.d: warning: ds_filter start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (3 5) update-rc.d: warning: ds_filter stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 1 2 6) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: These messages can be safely ignored. This release includes all resolved issues that were resolved in Deep Security Agent 8.0 Service Pack 2 except those explicitly listed in section 7, "Known Issues". 9. Files Included in this Release ======================================================================== This release is a complete installation. Use one of the following files, depending on your installation platform: Agent-RedHat_EL5-9.0.0-2402.i386.rpm Agent-RedHat_EL5-9.0.0-2401.x86_64.rpm Relay-RedHat_EL5-9.0.0-2401.x86_64.rpm Agent-RedHat_EL6-9.0.0-2401.i686.rpm Agent-RedHat_EL6-9.0.0-2401.x86_64.rpm Relay-RedHat_EL6-9.0.0-2401.x86_64.rpm Agent-Oracle_OL5-9.0.0-2401.i386.rpm Agent-Oracle_OL5-9.0.0-2401.x86_64.rpm Agent-Oracle_OL6-9.0.0-2401.i686.rpm Agent-Oracle_OL6-9.0.0-2401.x86_64.rpm Agent-SuSE_10-9.0.0-2401.i586.rpm Agent-SuSE_10-9.0.0-2401.x86_64.rpm Agent-SuSE_11-9.0.0-2401.i586.rpm Agent-SuSE_11-9.0.0-2401.x86_64.rpm Agent-Ubuntu_10.04-9.0.0-2401.x86_64.deb Agent-Ubuntu_12.04-9.0.0-2402.x86_64.deb Agent-amzn1-9.0.0-2401.i686.rpm Agent-amzn1-9.0.0-2401.x86_64.rpm For CentOS 5 Agent or Relay, use the Red Hat 5 packages. For CentOS 6 Agent or Relay, use the Red Hat 6 packages. Please refer to the Supported Linux Kernels documents for a list supported kernels for all packages. 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our website. Global Mailing Address/Telephone Numbers: For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security, and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================= The 3rd party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. The Deep Security Agent has a kernel interface layer that is compiled specifically for each Linux kernel. Trend Micro install packages for Linux are provided with precompiled versions for the supported Linux distributions. Trend Micro distributes source code and build materials for the kernel interface layer by request made to: http://esupport.trendmicro.com/srf/srfmain.aspx with a Subject field of "Kernel Interface Layer Source Code". ======================================================================== (C) 2013 Trend Micro Inc. All rights reserved. Published in Canada.