<> Trend Micro, Inc. November 20, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.0 Patch 1 - Build 1246 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Note: This readme file was current as of the date above. However, all customers are advised to check Trend Micro's web site for documentation updates at: http://www.trendmicro.com/download/ Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro web site. Register during installation or online at: http://olr.trendmicro.com/ Contents =================================================================== 1. About InterScan Web Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New? 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 5.1 Installation 5.2 Uninstallation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement =================================================================== 1. About InterScan Web Security Virtual Appliance ======================================================================== InterScan Web Security Virtual Appliance (IWSVA) is a highly scalable and reliable web security solution that includes virus protection for HTTP and FTP traffic. IWSVA delivers best-in-class HTTP and FTP virus scanning that leverages the administration, policy, and centralized management of Trend Micro's Enterprise Protection Strategy. 1.1 Overview of this Release ===================================================================== IWSVA 6.0 Patch 1 is cumulative and contains all product changes released after IWSVA 6.0 GM build. 1.2 Who Should Install this Release? ===================================================================== Install this Patch release if you are currently running IWSVA 6.0 GM build. 2. What's New? ======================================================================== Note: Please install the Patch before completing any procedures in this section (see "Installation"). This Patch addresses the following issues: 2.1 Enhancements ===================================================================== There are no enhancements for this Patch release. 2.2 Resolved Known Issues ===================================================================== Note: Patch 1 includes solutions to issues resolves in all fixes released from July 10, 2013 to November 5, 2013. Patch 1 resolves the following issues: Issue 1: [Hot Fix 1225] (TT-275597) Some users need the statistics for URL rating queries from IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hot Fix 1225] This hot fix adds a unique GUID in URL rating queries which could be identified by the rating server. The GUID is saved in the "RegGUID" key under the "TMUFE" section of the "/var/iwss/urlfcIFX.ini" file. Trend Micro can now provide URL rating queries statistics based on this unique GUID for each IWSVA. Issue 2: [Hot Fix 1225] (TT-275597) On the IWSVA web console, users cannot configure an OpenLDAP or SunLDAP server when the service account contains a lowercase "dc". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hot Fix 1225] This hot fix enables IWSVA to accept both lowercase "dc" and uppercase "DC" in service accounts. This can help ensure that users can now configure OpenLDAP and SunLDAP servers through the IWSVA web console using these service accounts. Issue 3: [Hot Fix 1226] (TT-276435) The "IP/Hostname" field in the "Access Control Setting > Client IP" page of the IWSVA web console accepts IP addresses but not hostnames and fully-qualified domain names (FQDN). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hot Fix 1226] This hot fix changes the label of the field from "IP/Hostname" to "IP address" to ensure that only IP addresses are added in this field. Issue 4: [Hot Fix 1227] (TT-277235) The IWSVA server cannot establish a Web Cache Communication Protocol (WCCP) connection with a Cisco switch using the MASK assignment method. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hot Fix 1227] This hot fix enables the IWSVA server to successfully establish a WCCP connection with a Cisco switch using the MASK assignment method. Issue 5: [Hot Fix 1231] (TT-277753) The cookie mode feature cannot be enabled while IWSVA is in standard authentication mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hot Fix 1231] This hot fix allows users to enable the cookie mode feature while IWSVA is in standard authentication mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To enable the cookie mode feature while IWSVA is in standard authentication mode: a. Install this Patch (see "Installation"). b. Open the "/etc/iscan/intscan.ini" file using a text editor. c. Add the following key under the "user-identification" section and set the value to "yes". [user-identification] enable_standard_cookie_mode=yes Note: To disable the cookie mode feature, set "enable_standard_cookie_mode=no". d. Save the changes and close the file. e. Restart the IWSVA services using the following command: /etc/iscan/rcIwss restart Issue 6: [Hot Fix 1231] (TT-276667) When an IWSVA server is configured with an upstream proxy, there will be no value for the "Server IP" field of access logs which prevents IWSVA from writing access logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hot Fix 1231] This hot fix adds an option to enable an IWSVA server to write access logs when there is no "Server IP" information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 6: To enable an IWSVA server to write access logs when there is no "Server IP" information: a. Install this Patch (see "Installation"). b. Open the "/etc/iscan/intscan.ini" file using a text editor. c. Add the following key in the "internet-access-monitoring" section and set its value to "yes". [internet-access-monitoring] access_log_even_server_ip_empty=yes Note: To disable the option, set "access_log_even_server_ip_empty=no" or delete the key and save the changes. d. Save the changes and close the file. e. Re-start the IWSVA HTTP scan daemon by running the following commands: /etc/iscan/S99ISproxy stop /etc/iscan/S99ISproxy start Issue 7: [Hot Fix 1233] (TT-277120) When IWSVA is in transparent bridge mode, users cannot access web sites with domain names that exceed 32 bytes. This issue occurs because of a limitation on the server names that can be extracted from the client hello packet. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hot Fix 1233] This hot fix implements RFC 3546 to resolve the server name size limitation . Issue 8: [Hot Fix 1233] (TT-277120) Sometimes, an incompatibility between the Transport Layer Security (TLS) versions used by HTTPS web sites and IWSVA prevents users from viewing pictures on certain HTTPS web sites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hot Fix 1233] This hot fix ensures that HTTPS web sites can be accessed and displayed completely in computers protected by IWSVA. Issue 9: [Hot Fix 1235] (TT-279536) Generated reports that should cover one week may only display one date. This occurs because when IWSVA is on the +1 time zone, it encounters issues while generating the corresponding database tables. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hot Fix 1235] This hot fix enables IWSVA to correctly generate the corresponding database tables to ensure that generated reports display all the dates covered. Issue 10: [Hot Fix 1235] (TT-277235) When users configure two routers, the WCCP mask assignment task encounters an error and IWSVA loses its connection to the router. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hot Fix 1235] This hot fix resolves the IWSVA mask assignment issue to enable users to configure two or more routers in IWSVA. Issue 11: [Hot Fix 1235] (TT-280952) The HTTP and FTP scanning daemon may not be able to start after users import the configuration file of IWSVA 5.6 English Version Build 1418 and higher builds to version 6.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hot Fix 1235] This hot fix ensures that the HTTP and FTP scanning daemon works properly in affected computers. Issue 12: [Hot Fix 1239] (TT-282825) In bridge mode, the data traffic on interested HTTPS port (port 443 by default) always go through IWSVA 6.0 even when HTTPS decryption is disabled. This may prevent users from accessing HTTPS web sites smoothly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hot Fix 1239] The hot fix prevents IWSVA from listening on interested HTTPS ports when HTTPS decryption is disabled in bridge mode. Issue 13: [Hot Fix 1240] (TT-279015) When the "Time Limit" feature is used in a URL Filtering policy, the "Time Quota URL Filtering Extension" feature does not work properly and prevents IWSVA 6.0 from purging the value of the "Extend Time Given" field the next day. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Hot Fix 1240] This hot fix ensures that when the "Time Limit" feature is enabled, IWSVA purges the value of the "Extend Time Given" field daily. Issue 14: [Hot Fix 1241] (TT-284361) When users set the "System Time" setting on the web console to the time zone of certain cities in South America such as Buenos Aires in Argentina, the "Report Type" field in generated reports will not show any information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: [Hot Fix 1241] This hot fix ensures that the correct information appears in the "Report Type" field of generated reports regardless of the "System Time" setting. Note: Please clear the browser cache to validate after applying this Patch to ensure that this solution is applied completely. Issue 15: (TT-284096) When users set the Application Control policy on the web console to block "UCSina" which is under the "Instant Messaging" category, the policy blocks the "http://www.sinatec.de/" web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This Patch ensures that the "http://www.sinatec.de/" will not be blocked by the Application Control policy under the scenario described above. Issue 16: If the LDAP authentication feature is enabled in IWSVA 6.0, IWSVA requires the client applications to do LDAP authentication. But some client applications may not support LDAP authentication, which means that the traffic from such client applications will be blocked by IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This Patch ensures that IWSVA will not require client applications to perform LDAP authentication if these applications do not support it. Note: Refer to Section 7.2 for information on a known issue for this solution. Issue 17: Some client applications may use the HTTP ports to transfer data even when these clients uses another data protocol which triggers IWSVA 6.0 to block the traffic from these client applications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This Patch enables IWSVA to tunnel the traffic from client applications that do not use the HTTP protocol on HTTP ports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 17: To enable IWSVA to tunnel such traffic: a. Install this Patch (see "Installation"). b. Open the "/etc/iscan/IWSSPIProtocolHttpProxy.pni" file using a text editor. c. Locate the following key under the "http" section and set its value to "yes". [http] tunnel_non_http_traffic=yes Note: The default value is "yes". To disable the feature, set "tunnel_non_http_traffic=no". d. Save the changes and close the file. e. Restart the IWSVA services using the following command: /etc/iscan/rcIwss restart Issue 18: Currently, if the authentication daemon in IWSVA 6.0 is restarted, clients need to run LDAP authentication again. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This Patch ensures that IWSVA stores the IP User cache in a cache file so that when the authentication daemon restarts, the IP User cache can be restored from the file. This eliminates the need for clients to run LDAP authentication again. Issue 19: svcmonitor does not detect when AuthDaemon stops abnormally which prevents it from restarting AuthDaemon. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This Patch ensures that svcmonitor can successfully detect when AuthDaemon stops abnormally allowing it to restart AuthDaemon promptly. Issue 20: The Application Control daemon cannot bypass traffic when the rpolicy bypass feature is enabled in bridge mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This Patch ensures that rpolicy bypass works on the Application Control function in bridge mode. Issue 21: The LAN bypass feature does not work when IWSVA 6.0 is installed in VMware. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This Patch adds a way to ensure that LAN bypass works in VMware. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 21: To make LAN bypass work in VMware: a. Install this Patch (see "Installation"). b. Install Silicom Bypass Driver for VMware ESXi 5.0 server. c. Add two ESXi virtual switches for the two LAN bypass interfaces. d. Set vSwitch "Promiscuous Mode" to "Accept". e. Connect both the IWSVA internal and external interfaces to the vSwitches. f. Open the "/etc/iscan/intscan.ini" file using a text editor. g. Set the "lanbypass_vm" option under the "bridge" section to "yes". h. Restart the IWSVA virtual machine. Notes: - This fix is supported only on VMware ESXi 5.0. - This fix works only with Silicom 2-port LAN bypass card. - The LAN bypass card cannot be switched to "bypass mode" when an IWSVA virtual machine is suspended. Issue 22: When IWSVA 6.0 cannot retrieve the server name from an HTTPS client hello packet which it needs to obtain the hostname for the certificate’s common name, IWSVA would initiate an SSL handshake with the server. However, in some cases, the server rejects the second connection attempt from IWSVA and blocks the connection. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This Patch enables IWSVA to tunnel the HTTPS connection when it cannot retrieve the server name from the client hello packet. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 22: To enable this feature: a. Install this Patch (see "Installation"). b. Open the "/etc/iscan/intscan.ini" file using a text editor. c. Locate the following key under the "https-scanning" section and set its value to "yes". [http] client_hello_no_host_tunnel=yes Note: The default value is "yes". To disable the feature, set "client_hello_no_host_tunnel=no". d. Save the changes and close the file. e. Restart the IWSVA services using the following command: /etc/iscan/rcIwss restart Issue 23: Under certain conditions, the HTTPS decryption mechanism may prevent users from accessing some online applications and web sites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This Patch enables IWSVA to detect the errors under this scenario and records the related connections. This allows administrators to query these error conditions through the web console. Note: By default, this function is hidden. To use it, please refer the detail description in document "HTTPS Tunneling Function.doc". Issue 24: Users can configure work/leisure day and time in IWSVA 6.0, but cannot use this information to generate reports. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This Patch ensures that IWSVA can generate work/leisure time reports by built-in reports and custom reports. Note: Refer to Section 7.1 for information on a known issue for this solution. 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Administrator's Guide -- product overview, and configuration instructions, and basic information to get you "up and running." o Installation Guide -- deployment, installation, and integration information designed to help you install and access IWSVA. o Electronic versions of the printed manuals are available at: www.trendmicro.com/download/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. o Knowledge Base -- a searchable database of known product issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== Install this Patch on computers running any build after IWSVA 6.0 GM version build 1214. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== To install this Patch: 1. Download the "iwsva_60_ar64_en_patch1.tgz" patch file onto your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Patch" page. 4. Click "Browse". 5. Browse your local hard disk for the patch file and click "Open". 6. Click "Upload". Your browser uploads the patch file to IWSVA and IWSVA validates if the file is a legitimate patch. 7. Click "Install". Note: Applying Patch 1 will interrupt HTTP and FTP service for several minutes. Plan appropriately for this downtime. 5.2 Uninstallation ===================================================================== To uninstall this Patch: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Patch" page. 3. Click "Uninstall" next to "patch1". A confirmation page appears. 4. Verify the patch ID and description on the confirmation page. 5. Click "Uninstall". Note: Removing Patch 1 will interrupt HTTP and FTP service for several minutes. Plan appropriately for this downtime. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this patch. 7. Known Issues ======================================================================== 7.1 Report For Work/Leisure Time Does not Support Report Generation in Fractions of an Hour. --------------------------------------------------------------------- When users set the work/leisure time in IWSVA 6.0 to a time that is not exactly on the hour, like 8:15, 8:30, or 8:45: - If the time is at 1-30 minutes past the hour, then work/leisure time starts at the beginning of the hour. For example if set to 8:15 or 8:30, it starts at 8:00. - If the time is at 31 minutes or more past the hour, then work/leisure time starts at beginning of the next hour. For example, if set to 8:45, it starts at 9:00. 7.2 HTTPS Requests do not go through LDAP Authentication. --------------------------------------------------------------------- HTTPS requests do not trigger the LDAP authentication and use IP-User cache only. As a result, if there is no IP-User cache record for the client, the HTTPS request cannot do a user-based policy match, and will run a policy match based on IP address instead. 8. Release History ======================================================================== - IWSVA 6.0 GM Build, June 28, 2013 9. Files Included in this Release ======================================================================== Filename Build No. ==================================================================== iwss-process 1246 svcmonitor 1246 isdelvd 1246 wccpd 1246 db_table_convert_5.6_to_6.0.py 1246 rule_file_va5.6_to_va6.0.xml 1246 rule_file_va6.0_to_va6.0.xml 1246 CDT_Config.ini 1246 CollectProductInfo.sh 1246 ldapUtil.js 1246 i18n_warnmsg.js 1246 commonurllist.js 1246 error_code.js 1246 date.js 1246 iwsvaCommon.properties 1246 iwsvaHttp.properties 1246 iwsvaFtp.properties 1246 IWSSGui.jar 1246 CSRFGuard.properties 1246 failed_https_accesses.jsp 1246 https_tunneling.jsp 1246 left.jsp 1246 mmc_cert_add.jsp 1246 report_action.jsp 1246 encpw 1246 getupdate 1246 import_cert.sh 1246 schedule_au 1246 schedulepr_update 1246 schedulereport 1246 testdb 1246 En_Main-process 1246 libAsyncDNS.so 1246 libhttpconn.so 1246 libIWSSAuthClient.so 1246 libIWSSAuthInterface.so 1246 libIWSSCommonUSERID.so 1246 libiwsslog.so 1246 libIWSSSharedUtils.so 1246 libIWSSUIJNI.so 1246 libProductLibrary.so 1246 libReportLogging.so 1246 libReportMetric.so 1246 libsystemeventlog.so 1246 migration 1246 IWSSPIDlpFilter.so 1246 IWSSPIJavascan.so 1246 IWSSPINcie.so 1246 IWSSPIUrlFilter.so 1246 IWSSPIScanVsapi.so 1246 IWSSPISigScan.so 1246 libftp.so 1246 libicap.so 1246 libhttpproxy.so 1246 tqo_IncrementConsumption.sql 1246 pm_CreateTables.sql 1246 ui_InsertReportTemplate.sql 1246 ui_UpdateReportTemplate.sql 1246 appd 1246 dtasagent 1246 ismetricmgmtd 1246 ismpeek 1246 logtodbd 1246 iwsvanetkmod.sh 1246 bypassbridge 1246 iwsvanetfun.sh 1246 recycle.sh 1246 S99ISproxy 1246 S99ISAuthDaemon 1246 S99ISftp 1246 svcmonitor_dump.sh 1246 haagent 1246 snmpd 1246 vmdetector 1246 AuthDaemon 1246 AuthDaemon.sh 1246 libcommoncache.so 1246 libcommonldap.so 1246 clf_datetime.py 1246 DB.py 1246 stats_engine.py 1246 summary_engine.py 1246 log_query.py 1246 report_manager.py 1246 service_uwsgi.py 1246 log_agent.ini 1246 iwss_log_converter.py 1246 common_id.py 1246 schema.xml 1246 bpvmctl 1246 libbpvm.so.5.0.1 1246 silicom-generic.sh 1246 MD5_bnr5Tt2sYw1Fcy3vy6R2jQ__.cer 1246 MD5_Bo6ipXRvQODyDKQHIpKlxg__.cer 1246 MD5_Bu703KNVFZrkK12Rs4V4iQ__.cer 1246 MD5_CIWKP3HSHaaNhriR2lA5LA__.cer 1246 MD5_CjyqIT2jq8LsqqioaecCQg__.cer 1246 MD5_E1HSS6xashSpEPpAuIeVcA__.cer 1246 MD5_fjtnMdgp7tK-Rl6JdgHWQQ__.cer 1246 MD5_iTkdR3VJyKqgH7yUJ1ZQFg__.cer 1246 MD5_IXhEbJIt6ga42q1WSW1KTA__.cer 1246 MD5_J7o2xPDpj334bdwwgJXSBA__.cer 1246 MD5_jWMCAq8Wg8JKrlOtMyRdvw__.cer 1246 MD5_k6fRARB8HQEjkTMopb36ew__.cer 1246 MD5_PjgE5g9JIhtIsVCUe390pg__.cer 1246 MD5_pnMjVYPMOVTCCGUDVmRpJw__.cer 1246 MD5_QnvAOHDYDYkHaTKc-FPQ9Q__.cer 1246 MD5_rnmX2ngLoYP7mZR9ehlesA__.cer 1246 MD5_uSyoiNaxSxucY44fUuE4Nw__.cer 1246 MD5_uvOMLgg2fr+Yib6nGYZwKQ__.cer 1246 MD5_vjS3k9-9JTiSbnHZV7NCTg__.cer 1246 MD5_VrR6BPpY6vtHSQ1A-+238g__.cer 1246 MD5_wO7vE4WqEUxUHkN4TOLgLg__.cer 1246 MD5_WXioQ-Xv-czjzrQJ0qY1Mw__.cer 1246 MD5_zGng23iycvpsvSBG9Jl-8g__.cer 1246 dynamic_CA_cert_sync_for_https.sh 1246 HttpsTunnelDomains.ini 1246 app_control_map 1246 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro Incorporated, a global leader in Internet content security and threat management, aims to create a world safe for the exchange of digital information for businesses and consumers. A pioneer in server-based antivirus with over 20 years experience, we deliver top-ranked security that fits our customers' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the Trend Micro Smart Protection Network(TM) infrastructure, our industry-leading cloud-computing security technology and products stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit www.trendmicro.com. Copyright 2013, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Smart Protection Network, and InterScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide