~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security(TM) Virtual Appliance 8.0 Service Pack 2 Patch 2 Platforms: ESXi 5.0, ESXi 5.1, ESX/ESXi 4.1 Anti-Malware Support: Microsoft(TM) Windows(TM) Vista (32-bit), Windows 7 (32-bit, 64-bit), Windows XP (32-bit), Windows 2003 (32-bit, 64-bit), Windows 2008 (32-bit, 64-bit) Windows 8 (32-bit, 64-bit) Windows 2012 (64-bit) Date: January 24, 2014 Release: 8.0 Service Pack 2 Patch 2 Build Version: 8.0.0.2197 (DSVA) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our web site at: http://us.trendmicro.com/us/solutions/enterprise/security-solutions/ virtualization/deep-security/ Download the latest version of this readme from the "Software" page at the Trend Micro Download Center web site: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security Virtual Appliance 8.0 Service Pack 2 Patch 2 1.1 Overview of this Release 1.2 Who Should Install this Release 1.3 Support Expiration Notice 1.4 Upgrade Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security Virtual Appliance 8.0 Service Pack 2 Patch 2 ======================================================================== 1.1 Overview of this Release ===================================================================== Deep Security Virtual Appliance 8.0 Service Pack 2 Patch 2 resolves several issues in version 7.0, 7.5, and 8.0 Service Pack 2. 1.2 Who Should Install this Release ===================================================================== You should install the Deep Security Virtual Appliance 8.0 Service Pack 2 Patch 2 if you are currently running Deep Security Virtual Appliance version 7.0, 7.5, or 8.0 Service Pack 2. Note: When upgrading to version 8.0 Service Pack 2 Patch 2 of Deep Security Virtual Appliance, you must also upgrade the Deep Security Filter Driver to version 8.0 Service Pack 2. 1.3 Support Expiration Notice ===================================================================== Trend Micro strongly recommends that you upgrade to the most recent version to take full advantage of new features and improved performance. Please visit the Trend Micro Download Center web site to download the latest releases at: http://downloadcenter.trendmicro.com/ 1.4 Upgrade Notice ===================================================================== If you are currently using Deep Security 7.5 with the Deep Security Virtual Appliance and you are intending to upgrade to Deep Security 8.0 Service Pack 2 Patch 2, please read the "Upgrading" section of the Deep Security 8.0 "Getting Started" and "Installation Guide". Refer to the VMware documentation for upgrading your VMware environment including the KB article on the VMware web site: Unmanaged vShield Endpoint 1.0 components remain after upgrading vShield Manager from version 4.1 to 5.0 (http://kb.vmware.com/kb/2011482). 2. What's New ======================================================================== For major changes in Deep Security 8.0 Service Pack 2 from previously released versions of Deep Security, please read the "What's New in 8.0 SP2" section of the Deep Security "Administrator's Guide" or Deep Security Manager on-line help, available for download from the Trend Micro Download Center. 2.1 Enhancements ===================================================================== There are no enhancements for this Patch. 2.2 Resolved Known Issues ===================================================================== Deep Security Virtual Appliance 8.0 Service Pack 2 Patch 2 resolves the following issues: Issue 1: Deep Security Virtual Appliance does not switch to the backup SPS server when the primary SPS server gets disconnected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch resolves this issue Issue 2: When a guest virtual machine is alive, the "dvfilter-dsa: tb_trace_write_formatted:43: iap_core_ioctl:280 IOCTL [UUID] cmd: 3, dom: 3999996 srclen: 8 outlen: 8 retlen: 8 rc: 0" error message appears several times in "vmkernel.log". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch minimizes the occurrence of the error message in "vmkernel.log" while a guest machine is alive. Issue 3: A deadlock may occur if the Deep Security Virtual Appliance configuration takes more than 60 seconds to process. This typically happens only on a heavily loaded Deep Security Virtual Appliance on the Linux and Unix platforms. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch prevents the deadlock issue. Issue 4: On the Deep Security Manager console, the anti-malware status of a guest virtual machine host keeps changing to "Anti-Malware engine offline" after it is vMotioned to another Deep Security Virtual Appliance. This occurs because a virtual agent process stays alive on the old Deep Security Virtual Appliance and keeps sending the false anti-malware engine alert through heartbeat events. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch improves some scripts that manage the life cycle of virtual agents on Deep Security Virtual Appliance. This can help ensures that the "saveState", "startAgent", and "stopAgent" operations run smoothly and in order to prevent the creation of zombie virtual agents. Issue 5: On the Deep Security Manager console, the anti-malware status of a guest virtual machine host keeps changing to "Anti-Malware engine offline" after it is vMotioned to another Deep Security Virtual Appliance. This occurs because a virtual agent process stays alive on the old Deep Security Virtual Appliance and keeps sending the false anti-malware engine alert through heartbeat events. Currently, Deep Security Manager does not check if a heartbeat comes from a valid or a zombie virtual agent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hot fix improves the Deep Security Manager's heartbeat event handling mechanism to check if the virtual agent that sent the heartbeat lives on a valid Deep Security Virtual Appliance. This enables Deep Security Manager to drop heartbeats from zombie virtual agents. This checking is possible by reading the hostInfo information included in the heart beat event in Deep Security 9. Issue 6: After a component update, an "Abnormal restart" alert appears on virtual machines protected by the Deep Security Virtual Appliance. This occurs because the current driver configuration prevents guest agents from restart properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch enables Deep Security Virtual Appliance to clear out the driver configuration before restarting guest agents. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security 8.0 SP2 Getting Started and Installation Guide (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. o Deep Security 8.0 SP2 Administrator’s Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. o Readme files -- version enhancements, known issues, and release history. There is one readme for each installable Deep Security component: Manager, Agent (including Relay and Notifier), Virtual Appliance and ESX Filter Driver. o Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the "Deep Security 8.0 SP2 Getting Started and Installation Guide". 5. Installation/Uninstallation ======================================================================== - See the "Deep Security 8.0 SP2 Getting Started and Installation Guide" document available for download from the Trend Micro Download Center. - Deep Security Virtual Appliance 8.0 Service Pack 2 Patch 2 requires Deep Security Filter Driver 8.0 Service Pack 2. - When a Deep Security Virtual Appliance is deployed in a VMware environment that makes use of the VMware Distributed Resource Scheduler (DRS), it is important that the Deep Security Virtual Appliance does not get vMotioned. Deep Security Virtual Appliances must be "pinned" to their particular ESX host. You must actively change the DRS settings for all the Deep Security Virtual Appliances to "Manual" or "Disabled" (recommended) so that they will not be vMotioned by the DRS. If a Deep Security Virtual Appliance or any virtual machine is set to "Disabled", the vCenter Server does not migrate that virtual machine or provide migration recommendations for it. This is known as "pinning" the virtual machine to its registered host and is the recommended course of action for Deep Security Virtual Appliances in a DRS environment. An alternative is to deploy the Deep Security Virtual Appliance onto a local store as instead of to a shared store. When Deep Security Virtual Appliance is deployed onto a local store it cannot be vMotioned by DRS. For further information on DRS and pinning virtual machines to a specific ESX, refer to your VMware documentation. 6. Known Incompatibilities ======================================================================== Deep Security uses VMware’s VMsafe-NET API to intercept network traffic at the hypervisor. 7. Known Issues ======================================================================== - In some cases, if you deploy the Deep Security Virtual Appliance and you select to use a static IP address, the default DNS domain will be set incorrectly. To resolve this, log on to the Deep Security Virtual Appliance console command line and run "vi /etc/resolv.conf". Ensure the values for "search" and "nameserver" are correct for your environment. [Deep Security 8.0 Tier 2-00184] - You may encounter the following error when you deploy and activate a version 7.5 Deep Security Virtual Appliance for the first time: The product has passed invalid parameters to ActiveUpdate. Please contact your Trend Micro technical support provider. If this occurs, clear the errors/warnings on the affected host and run another component update. [Deep Security 8.0-00546] - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 Service Pack 2 or later versions of the Windows Agents or version 7.5 Service Pack 2 or later versions of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - On some Windows platforms, when downloading malware using Internet Explorer, the download process windows close upon detection. The file has still been detected and cleaned even though no error or warning was given. [00619] - The quarantine action may fail if the maximum quarantine size is set to value that is too large. The default size is 32 MB. It is recommended not to set the limit to value larger than 200 MB. - If your ESX or Deep Security Virtual Appliance is not in the same domain as Deep Security Manager, ESX or Deep Security Virtual Appliance may have problems connecting to Deep Security Manager. Renaming your Deep Security Manager to use the fully qualified name can resolve this. For information on how to rename the Deep Security Manager's hostname, refer to the documentation. - For any images you have on your ESX machine, ensure you have VMware Tools installed. - Deep Security Virtual Appliance cannot perform Log Inspection which prevents you from assigning Log Inspection Rules to machines without an in-guest Deep Security Agent. - The ESX server may stop unexpectedly if context specific FW/DPI rules are assigned to machines without in-guest Deep Security Agent installed. Note: Context specific rules are not intended to be assigned in a virtualized environment with Deep Security Virtual Appliance. [12822] 8. Release History ======================================================================== 8.0.0.1199, January 16, 2012 8.0.0.1731, April 30, 2012 8.0.0.1770, August 17, 2012 8.0.0.2120, January 9, 2013 (SP2) 8.0.0.2151, June 14, 2013 (Patch 1) 9. Files Included in this Release ======================================================================== This release is a complete installation and contains the following file: Appliance-ESX-8.0.0-xxxx.x86_64.zip 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, go to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen will display. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2014, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security, and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ 13. Third Party Software ======================================================================== This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Deep Security Agent also makes use of the following software. 3rd party binary distributions: Expat (http://expat.sourceforge.net/) fksec (http://win32.mvps.org/) IP Filter (http://coombs.anu.edu.au/~avalon/) SQLite (http://www.sqlite.org/) WxWidgets (http://www.wxwidgets.org/) zlib (http://www.zlib.net/) 3rd party source: GMTime (http://www.jbox.dk/sanos/source/lib/time.c.html) Tree (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/sys/tree.h) The 3rd party software is subject to the licenses available in the following directory: [INSTALL DIRECTORY]\Licenses Public domain source code licenses are available here: SQLite - http://www.sqlite.org/copyright.html fksec - http://win32.mvps.org/license.html Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2014 Trend Micro Inc. All rights reserved. Published in Canada.