~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Manager 9.0 Service Pack 1 Patch 1 Platforms: Microsoft(TM) Windows(TM) 2012 Server (64-bit) Windows 2008 Server (64-bit), Windows 2008 Server R2 (64-bit), Windows 2003 Server Service Pack 2 (64-bit), Windows 2003 Server R2 Service Pack 2 (64-bit), Red Hat(TM) Enterprise Linux(TM) 5 (64-bit), Red Hat Enterprise Linux 6 (64-bit) Not Supported: Red Hat Enterprise Linux (RHEL) Xen Hypervisor Windows Server 2012 Core Windows Server 2008 Core As of Deep Security 9.0, Deep Security Manager is no longer supported on 32-bit versions of the Windows platform. Date: September 4, 2013 Release: 9.0 Service Pack 1 Patch 1 Build Version: 9.0.5500 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the click through license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center web site http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any other Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.0 Service Pack 1 Patch 1 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 1.4 Upgrade Notice 2. What's New 2.1 New in Deep Security 9.0 2.2 Issues Resolved in this release 3. Documentation Set 4. System Requirements 5. Known Incompatibilities 6. Known Issues 7. Release History 7.1 Prior Deep Security 9.0 Releases 8. Files Included in this Release 9. Contact Information 10. About Trend Micro 11. License Agreement 12. Third Party Software =================================================================== 1. About Deep Security 9.0 Service Pack 1 Patch 1 ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Manager 9.0 Service Pack 1 Patch 1 contains a number of bug fixes as well as enhancements. For a list of the major changes in Patch 1, please see "What's New in Deep Security 9 SP1" section of the online help, or the Administrator's Guide or Installation Guide, available for download from the Trend Micro Download Center and refer to the "What's New" section of this readme file. 1.2 Who Should Install this Release ===================================================================== You should install this release if you are currently running Deep Security Manager 7.0, 7.5, 8.0, or 9.0. All new Deep Security Manager users should install Deep Security Manager 9.0 Service Pack 1 Patch 1. 1.3 Support Expiration Notice ===================================================================== Please refer to Trend Micro Download or Support center for an official notice about product version life-cycle and End-of-Support information. Please visit the Trend Micro Download Center web site to download the latest releases at: http://downloadcenter.trendmicro.com/ 1.4 Upgrade Notice ===================================================================== To upgrade to Deep Security Manager 9.0 Service Pack 1 Patch 1, you must be running Deep Security Manager 8.0 Service Pack 2 or higher versions. If you are running an earlier version of Deep Security Manager, you must first upgrade to Deep Security Manager 8.0 Service Pack 2 or any later version before upgrading to version 9.0. If you choose to upgrade your Deep Security Manager (DSM) to version 9.0 Service Pack 1 Patch 1 while running older versions of Deep Security Agents under protection, you will be warned during the upgrade installation that this Patch will no longer be able to communicate with those Agents. Deep Security Manager 9.0 Service Pack 1 Patch 1 ONLY supports versions 7.5 Service Pack 4, 8.0 Service Pack 1, and 9.x or later versions of Deep Security Agent, Deep Security Relay, and Deep Security Virtual Appliance. Please refer to the "Known Incompatibilities" section of this read me file for details. Deep Security 9.0 does not support ESXi version 4.1. To deploy Deep Security 9.0, your VMware infrastructure (vCenter, vShield Manager, vShield Endpoint, and vShield Endpoint drivers) must be upgraded to version 5.x. Also be sure to read the VMware documentation for upgrading your VMware environment including the KB article on VMware's web site: http://kb.vmware.com/selfservice/microsites/ search.do?language=en_US&cmd=displayKC&externalId=2032756 2. What's New ======================================================================== 2.1 New in Deep Security 9.0 Service Pack 1 Patch 1 ===================================================================== - The log retention period for the Event Pruning feature has been extended from 52 weeks to 53 weeks. The filter constraint for recurring report tasks is also extended to allow generated reports to contain data from last 53 weeks (13 months). - The CVE information is now included in the results of DPI rules query from the original Deep Security web service without adding requiring a new API. 2.2 Resolved Known Issues ===================================================================== Issue 1: [19773] Deep Security Manager downloads the Deep Security Agent diagnostic package again after users click on the "close" button on the last page of the diagnostic package wizard using version 8 or 9 of the Microsoft Internet Explorer(TM) web browser. This issue occurs because after users click on the "close" button, the diagnostic wizard displays the last step including the trigger for downloading the diagnostic package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch enables the diagnostic package wizard to display the trigger of the diagnostic package download in the summary page. This prevents users from triggering the download diagnostic package task twice. Issue 2: [19705] In syslog, Deep Security Manager always displays the primary tenant's name instead of the current tenant's name. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch ensures that Deep Security Manager displays the current tenant name in syslog unless it does not contain special characters. Issue 3: [19627] The custom setting specified from the dsm_c command does not reach the Deep Security Agent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch ensures that the "freeFormDriverSettings" packet filter reaches to Agent. Issue 4: [19523] The component updates for agent-initiated agents are not processed on Deep Security Manager. Also agent-initiated workload can prevent Deep Security Manager from correctly counting jobs which can lead to too many jobs running at the same time. This also prevents the limit disk space and network usage protection functions from working properly when multi-tenancy is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch ensures that agent-initiated agents are processed on Deep Security Manager and that the agent-initiated workload does not lead to too many jobs running at the same time. When multi-tenancy is enabled this Patch ensures that the limit disk space and network usage protection functions to work correctly. Issue 5: [19483] The web page shows the "html5.js is not at "js/bootstrap/html5.js" " error message when users access web sits using old browser versions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch corrects the reference path for the HTML 5 shim javascript in Deep Security Manager 9.0 to ensure that old browser versions can display HTML elements properly. Issue 6: [FB 19369] Sometimes, the Deep Security Manager server cannot sync with vCenter and a "NullPointerException" event appears in the log file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch improves the Deep Security Manager error-handling mechanism to prevent the null pointer exception and ensure that Deep Security Manager can successfully sync with vCenter. Issue 7: [19431] When multi-tenant agent-less solution is enabled for tenants and a tenant virtual machine is protected by the appliance, the computer host widget in the tenant environment displays the number of managed computer as "0". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Patch ensures that the computer status dashboard widget always displays accurate information in multi-tenant vCloud environments. Issue 8: [19409] The status of remotely-managed virtual machines in the primary tenant's host list does not appear as "Remotely Managed". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Patch ensures that the status of remotely-managed virtual machines appear as "Remotely Managed" in the primary tenant's host list. Issue 9: [19409] In multi-tenant vCloud environments, remotely-managed virtual machines appear to not have antimalware protection from the Deep Security Manager console even when antimalware is enabled in these machines. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch ensures that the correct antimalware status of virtual machines appear on the Deep Security Manager console. Issue 10: [19539] Users who access the Deep Security Manager console in Internet Explorer 10 cannot create or edit a firewall rule that has the TCP+UDP protocol selected because both the "Ok" and "Apply" buttons do not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This Patch adjusts the "maxlength" attribute in the "protocol" input tag to ensure that users can create or edit firewall rules under this situation. Issue 11: In Deep Security Manager 9.0 Service Pack 1, the Linux and Solaris security profiles for "intrusion defense strategy" include rules that are only applicable in the Windows platform. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This Patch updates the Deep Security Manager installer "latest_dsru_map.csv" to ensure that Windows rules do not appear on the Linux and Solaris profiles. Issue 12: [19495/TT271519] A role with "Delete only" policy rights cannot delete policies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This Patch ensures that the validation logic on the "Computer and Policy" page can correctly verify role policy rights. Issue 13: [19131/TT269704] The wrong search results appear when users search for firewall events using the "Advanced Search" feature on the Deep Security Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This Patch adds newly-defined GUIDs for the packet filter into the database to ensure that the correct search results appear under this situation. Issue 14: [19512] Starting with Deep Security Manager 9.0 Service Pack 1, users should be able to create tenants using the REST Web Service API. However, attempting to do so triggers the following error message in "server0.log": "Unable to create new item. The system may be experiencing loss of database connectivity. Please try again." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This Patch ensures that new tenants can be created using the REST Web Service API. Issue 15: [19359] When the "Web Server Common Properties" point to a port list, "App Types" mismatch alerts appear on the Deep Security Manager console and several related errors are recorded in the "server0.log" file. This occurs because Deep Security Manager cannot restore the port list ID without a reference to the original or previous port list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This Patch resolves this issue. Issue 16: [19505/TT273979] In the "vCenter properties" page, the "Add/Update Certificate..." button is greyed-out when the account user name contains special characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This Patch enables the "vCenter properties" page to support special characters to ensure that the "Add/Update Certificate..." button works properly. Issue 17: [19516/TT274644] The "Event Based Task" configuration is automatically saved after users set the condition type because the user interface immediately sends the configuration update to the server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This Patch ensures that the user interface sends "Event Based Task" configuration updates to the server only after users save the changes. Issue 18: [19639/TT275483] Users cannot create a directory list that contains wildcard drive letters (for example "*:\") in policies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This Patch enables the policy directory list format to accept special characters for Citrix environments. Issue 19: [19418] Deep Security Manager 9.0 Service Pack 1 antimalware appears to be offline on the description of child policies although it is enabled on the parent policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This Patch ensures that the correct antimalware status appears on the child policy description. Issue 20: [19487/TT270663] SQL exception errors appear in the Deep Security Manager system events and client machines do not receive component updates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: The fix improves the Deep Security Manager error-handling mechanism to enable it to handle situations where one of the relay groups is deleted while a pending update is still in the system waiting to be processed. This prevents the SQL errors and ensures that client machines receive component updates. Issue 21: [19367/TT271141] If the database server is not available when Deep Security Manager is initializing it, Deep Security Manager will not be able to start the database server and a 412 error appears. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This Patch increases the database initialization retry time to reduce the chance of database initialization failure. This Patch also adds a "dbconnect.retry={n}" property in the "dsm.properties" file to set how many many times should the database server attempt to initialize before giving up. Issue 22: [19638/TT275275] The performance of the Deep Security Manager console slows down while handling over 3000 virtual machines. When this happens, it can take a long time for the Deep Security Manager to display the "Dashboard and Computers" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This Patch improves the performance of the Deep Security Manager console while it manages a large number of virtual machines. This ensures that the console can display the "Dashboard and Computer" pages faster. Issue 23: [19432] In multi-tenancy, tenant creation requires a "create DB" permission assigned to the database account used by Deep Security Manager. Without a "create DB" role, the creation of a new tenant leaves an "orphan" tenant entry in the tenant database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This Patch ensures that Deep Security Manager can properly handle the exception that occurs in the situation described above. This prevents Deep Security Manager from leaving invalid entries in the database. Issue 24: [19377] The log retention period for the event pruning feature is only 52 weeks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This Patch increases the retention period for the event pruning feature has been extended from 52 weeks to 53 weeks for QSA audit for PCI compliance. The filter constraint for recurring report tasks is also extended to allow generated reports to contain data from last 53 weeks (13 months). Issue 25: [18914] NSFocus, a leading anti-DDOS solution vendor, would like to integrate their vulnerability assessment solution with Deep Security virtual patch. However, in the response of DPI rules query of the Deep Security web service does not include CVE info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This Patch adds CVE information in the DPI rules query from the original web service without requiring a new API. Issue 26: [19167] In 9.0 Service Pack 1, Web Reputation Service (WRS) events are sent to Trend Micro Control Manager(TM). However, in Control Manager, ad hoc queries for Web Violation Information, if users set "Custom Criteria" to "Block", they would not be able to find any events. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This Patch enables Deep Security Manager to set the "Action" to "Block" when sending WRS events to Control Manager so that the users can send queries using the custom criteria. Issue 27: Hierarchical relay groups do not follow the predefined order when running security updates. This occurs because security update requests are being triggered on all relays instead of being triggered only on the relays that belong to the relay group that is currently being processed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This Patch ensures that security updates are triggered only on the relays that belong to the relay group that is currently being processed. Issue 28: In multi-node Deep Security Manager systems, several "Couldn't find host component with componentID X, not mapping" appear in the "server0.log" file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This Patch updates the component cache and resolves some multi-threaded issues to help resolve the problem. Issue 29: Users cannot access certain web sites when WRS is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This Patch ensures that users can access allowed web sites when WRS is enabled Issue 30: An issue prevents Deep Security Manager from synching with vCenter. When this happens, an SQL exception error occurs and users cannot see virtual machines on the Deep Security Manager console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This fix resolves the issue to ensure that Deep Security Manager can successfully sync with vCenter. Issue 31: [19495/TT271519] Role with Delete only policy rights can not delete policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This fix resolves the issue to ensure the validation logic on Computer and Policy Page verify against the correct Right. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security 9.0 Service Pack 1 Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 9.0 Service Pack 1 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. (All the content of the Administrator's Guide can be found in the Deep Security Manager's online help.) o Readme.txt files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent, Virtual Appliance, and ESXi Filter Driver. o Supported Kernel Document -- list of currently supported Linux kernels. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. (The online help contains all the information contained in the Administrator's Guide.) o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security 9.0 Service Pack 1 Installation Guide. 5. Known Incompatibilities ======================================================================== - Microsoft Windows Vista is not a supported platform of Deep Security Manager and contains several known bugs. - Deep Security Manager 9.0 does not support version 7.5 and earlier versions of Deep Security Virtual Appliance. - Deep Security Manager 9.0 Service Pack 1 ONLY supports versions 7.5 Service Pack 4, 8.0 Service Pack 1, and 9.x or higher versions of the Deep Security Agent, Deep Security Relay, and Deep Security Virtual Appliance. Previous versions of Deep Security Manager incorporated Java 6, which has reached its end-of-life. Deep Security Manager 9.0 Service Pack 1 has been upgraded to incorporate Java 7. Impacts: - Any Deep Security Agent version prior to 7.5 Service Pack 4 cannot communicate with Deep Security Manager. These Agents will not be able to activate, reactivate, deactivate, send events, receive updates, or communicate with Deep Security Manager in any way. This applies to Deep Security Agents, Deep Security Relays, and Deep Security Virtual Appliance. - Deep Security 8.0 Agent versions released before 8.0 Service Pack 1 cannot communicate with Deep Security Manager. - Deep Security 7.5 Service Pack 4 and higher versions, 8.0 Service Pack 1 and higher versions, and 9.x Agents can communicate with the updated Deep Security Manager without problems. 6. Known Issues ======================================================================== - Deep Security Manager shows an error on the "Policy Overview" pages for users whose role privilege is set to "Edit All Computers" but "View Selected Policies" only. The workaround is to enable the "Allow viewing of non-selected Policies" setting in the "Policy Rights" page of this User Role setting. [19164] - Deep Security Manager does not support installation paths that contain special characters (non-alphabet and non-numeric characters). The same restriction also applies to the database name and/or database account used by Deep Security Manager. [16708] - Exclusion directory list does not support the share folder format. [17979] - When a user runs Agent-initiated recommendation scan using the "dsa_control -m RecommendationScan:true" command, no system event related to recommendation scan is recorded. - In rare situations, Deep Security Manager may not correctly identify the status of the EPsec Driver installed on an ESXi. When you activate an Appliance, if Deep Security Manager does not identify the correct status of vShield Endpoint, it will not register with the vShield Manager. If Deep Security Manager gives you this warning, perform a full "Synchronize" with your vCenter and it will update the current installation status of all drivers on all ESXi(s) in the environment. [17636] - In Multi-Tenant installations, the Primary tenant Deep Security Manager may cause "Reconnaissance Detected: Network or Port Scan" alerts on Tenants' Deep Security Managers. To avoid these alerts, Tenants can manually add the Primary Tenant's Deep Security Manager IP address to the "Ignore Reconnaissance" IP list. (Policies > Common Objects > Lists > IP Lists). [17175] - In rare cases, adding a vCloud or AWS Cloud Account in Deep Security Manager can result in the creation of two identical Cloud Accounts. If this occurs, neither one of the two accounts can be safely removed. [17280/17051] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - If the Manager node(s) and the Database are installed on machines with synchronized clocks but configured for different time-zones, an error indicating that the clocks are not synchronized will be triggered incorrectly. [17100] - On Windows 2008 and Server 2012 systems, after installing the Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically appear in the Windows notification area. However, the Deep Security Notifier will still function. Users need to re-launch the Deep Security Notifier from the "Start" menu or restart the system. [17533] - When using Deep Security with iCRC mode, a DNS server must be available. If a DNS server is unavailable the Anti-malware feature of the Deep Security Virtual Appliance may not function correctly. [Deep Security 8.0-01169] - When using Relay Groups, Linux Relays will not update correctly if they use Windows Relays as their update source. Relays should only be configured to update from the Global update source or from Relays of the same OS platform. [Deep Security 8.0-01110] - Deep Security Manager does not support License updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS proxy. To use these two features, use an HTTP proxy. [Deep Security 8.0-1024] - In certain cases, when attempting to use the dsm_s stop command on Linux to stop the Deep Security Manager service, you may get the following message: Timeout. Daemon did not shutdown yet. Dsm_s is based on install4j whose timeout value is 15 seconds, which cannot be changed. The Deep Security Manager may require longer than this to shut down. To ensure the service has been shut down run the "ps -ef | grep DSMService" command. [Deep Security 8.0-00095] - Air-gapped Relays will still try to contact an Update Server to check for Updates. To avoid Update failure Alerts, set the Relay to use itself as an Update source: 1. In the Relay's "Details" window, go to "System > System Settings > Updates". 2. In the "Relays" area, select "Other Update Source:" and add "https://localhost:4122". 3. Click "Save". [Deep Security 8.0-01124] - If an ESXi with an installed vShield Endpoint driver is removed from its vCenter, Deep Security Manager cannot detect the installed driver if the ESXi is later re-added to the vCenter. This will cause any newly Deep Security Virtual Appliance- protected virtual machines to not have antimalware enabled. The workaround is to uninstall and reinstall the driver through the VSM. [Deep Security 8.0-01036] - The default value for whois in Deep Security does not resolve properly. To use the whois feature, you must modify the WHOIS URL to use a different server. [Deep Security 8.0-01248] - Intrusion Prevention is not supported over SSL connections when using IPv6. - The Anti-malware scan inclusion/exclusion directory settings are sensitive to forward slash "/" and backslash "\". For use with Windows operating systems the inclusion/exclusion paths must use the backslash "\". [7.5 SP1-00231] - When creating custom Integrity Monitoring Rules using the "RegistryKeySet" tag, the attribute values must be in uppercase letters. For example, Using lowercase may result in an "Integrity Monitoring Rule Compile Issue" error. [7.5 SP1-00171] - Malware scans of network share folders are only supported using real-time scan. Manual scans or scheduled scans will not work. [7.5-00012] - If a CD or a mounted ISO file contains malware and the anti-malware configuration is set to "Delete" upon detection, Deep Security Manager will still report that the malware was "deleted" even if it was unable to do so. [7.5-00010] - Deep Security Manager cannot display an incorrect filename event in the Anti-Malware Event if the malware was found in the "Recycle Bin". [7.5-00023] - During an upgrade, the Deep Security Manager service may not be able to install properly on some platforms if the "Services" screen is open. To work around this, make sure the "Services" screen is closed prior to installation or upgrade of Deep Security Manager. - If you receive a "java.lang.OutOfMemoryError" error during the installation of Deep Security Manager, please refer to the "Installation Guide" for instructions on how to configure the maximum memory usage for the installer. - During an upgrade, if you receive a message stating that the Deep Security Manager cannot start the service, restarting Deep Security Manager usually fixes the problem. In rare cases, you may have to run the installer again in Upgrade/Repair mode after restarting. - If Windows Firewall is enabled on Deep Security Manager, it may interfere with port scans causing false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720 resulting in these ports always appearing open regardless of any filters placed on the computer. - By default Exchange 2000 and later servers will dynamically assign a non-privileged port (1024-65535) for communications between the client and the server for the System Attendant, Information Store, and Name Service Provider Interface (NSPI) services. If you will be using the Microsoft Exchange Server profile with an Exchange 2000 or later server then you should configure these services to use static ports as described in the article "Exchange 2000 and Exchange 2003 static port mappings" (http://support.microsoft.com/?kbid=270836). Once static ports have been configured you should extend the appropriate Exchange Server port list to include the ports that have been assigned to these services. You may also want to set the "No RFR Service" registry setting to 1 to prevent the Exchange server from referring clients to the domain controller for address book information. See the article "How Outlook 2000 Accesses Active Directory" (http://support.microsoft.com/?kbid=302914) for more information. Alternatively, it is possible to configure Exchange RPC to run over HTTPS if you are using Outlook 2003 on Windows XP Service Pack 1 or later with Exchange Server 2003. In this case only port 443 needs to be added to the Exchange port list. - The "Recommendation" Alert may remain raised on some computers even after all recommended Intrusion Prevention, Integrity and Log Inspection Rules appear to have been applied. This can occur because even though an "Application Type" may be recommended for a computer, the "Application Type" will not be displayed in the "Show Recommended" view if no Intrusion Prevention Rules associated with Application Type are currently recommended. To resolve the situation, use the "Show All" view of the Intrusion Prevention Rules screen and assign all recommended "Application Types" (even if no associated Rules are currently recommended). Alternatively, you can just dismiss the Alert after verifying that you have assigned all recommended rules to the computer. [8345] - If Deep Security Manager is unable to connect to vCenter for an extended period of time, you may notice certain errors constantly being raised and resolved on Deep Security Virtual Appliance virtual machines, particularly the "Interfaces Out of Sync" error. In general, when Deep Security Manager is integrated with vCenter, it must maintain constant connectivity with vCenter in order to properly provide protection to the environment. When connectivity is broken, Deep Security Manager will not be able to respond to the dynamic environment and issues like this can occur. The solution is to ensure that connectivity between Deep Security Manager and vCenter is always maintained. [10564] - When an Appliance-protected Virtual Machine is migrated from one Appliance-protected ESXi to another, and if that virtual machine currently has warnings or errors associated with it (for example "Reconnaissance Detected"), those errors may incorrectly get cleared during the migration. [10602] - Log Inspection Events have a size limitation of 6000 characters. 7. Release History ======================================================================== See the following web site for more information about updates to this product: http://www.trendmicro.com/download 9.0.5370, June 06, 2013 7.1 Previous Deep Security 9.0 Releases ===================================================================== 9.0.4017, January 30, 2013 Enhancements in Deep Security 9.0.4017 ===================================================================== - Support for vSphere 5.1, vCenter 5.1 and vShield 5.1 - Support for IPv6 Firewall - Support for Agentless Recommendation - Performance enhancement for Anti-Malware on-demand scans - Support for Cloud environments - Multi-Tenancy support - Hypervisor Integrity Monitoring - A new User Interface for the Deep Security management console, with improved workflow for Policy management - Support for certificate rollover Resolved Known Issues in 9.0.4017 ===================================================================== Issue: [14617] The Event-Based Task for "Computer Moved" for vCenter virtual machines currently only works if the machine is moved between ESXi(s). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: The Event-Based Task for "Computer Moved" for vCenter virtual machines can now be triggered when moving machines between folders as well as ESXi. This release includes all resolved issues that were resolved in Deep Security 8.0 Service Pack 2 except those explicitly listed in the section "Known Issues in Deep Security Manager 9.0" and "Issues fixed in previous Deep Security release but which did not make it to 9.0 Service Pack 1 release. 8. Files Included in this Release ======================================================================== This release is a complete installation. Use one of the following files: Manager-Windows-9.0.5500.x64.exe (64-bit) Manager-Linux-9.0.5500.x64.sh (64-bit) 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Trend Micro" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 12. Third Party Software ======================================================================== Deep Security Manager employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [INSTALL DIRECTORY]\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2013 Trend Micro Inc. All rights reserved. Published in Canada.