~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Manager 9.6 Patch 1 Platforms: Windows Server 2012 (64-bit), Windows Server 2012 R2 (64-bit), Windows Server 2008 (64-bit), Windows Server 2008 R2 (64-bit), Windows Server 2003 R2 SP2 (64-bit), Red Hat Enterprise Linux 5 (64-bit), Red Hat Enterprise Linux 6 (64-bit), Red Hat Enterprise Linux 7 (64-bit) Not Supported: Red Hat Enterprise Linux (RHEL) Xen Hypervisor Windows Server 2012 Core Windows Server 2008 Core As of Deep Security 9.0, Deep Security Manager is no longer supported on 32-bit versions of the Windows platform. Date: October 30, 2015 Release: 9.6 Patch 1 Build Version: 9.6.2613 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/ index.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4697&lang_loc=1 Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.6 Patch 1 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Upgrade Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Known Incompatibilities 7. Known Issues in Deep Security Manager 9.6 Patch 1 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third Party Software =================================================================== 1. About Deep Security 9.6 Patch 1 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Manager 9.6 Patch 1 contains a number of new feature enhancements as well as bug fixes. For a list of the major changes in Deep Security 9.6 Patch 1, please see the "What's New in Deep Security 9.6" section of the Installation Guides, which are available for download from the Trend Micro Download Center and refer to the "What's New" section of this readme file. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 9.0 SP1 Patch 5, 9.5 SP1 Patch 2, or 9.6. All new Deep Security users should install Deep Security 9.6 Patch 1. 1.3 Upgrade Notice ===================================================================== - If you choose to upgrade your Deep Security Manager to version 9.6 Patch 1 while running older versions of Deep Security Agents under protection, you will be warned during the upgrade installation that this version will no longer be able to communicate with those Agents. Deep Security Manager 9.6 Patch 1 ONLY supports the latest 9.0 SP1 and 9.5 SP1 versions of Deep Security Agent, and Deep Security Virtual Appliance. Please refer to the "Known Incompatibilities" section of this readme file for details. - Deep Security 9.6 Patch 1 does not support ESXi version 4.1. To deploy Deep Security 9.6 Patch 1, your VMware infrastructure (vCenter, vShield Manager, vShield Endpoint, and vShield Endpoint drivers) must be upgraded to version 5.x. Also be sure to read the VMware documentation for upgrading your VMware environment including the KB article on VMware's web site: http://kb.vmware.com/kb/2032756 http://kb.vmware.com/kb/2052329 - Coordinated approach is no longer supported in Deep Security 9.6 Patch 1. If you are upgrading to Deep Security Manager 9.6 Patch 1, any virtual machines that have a Deep Security Agent installed and are on an ESXi server that is protected with a Deep Security Virtual Appliance (DSVA) will be converted to Combined Mode. Combined Mode will be enabled when the DSVA or Agent is activated. In Combined Mode, the Deep Security Virtual Appliance (agentless protection) provides Anti-Malware protection and Integrity Monitoring in supported Windows platforms, while the rest of the features are provided by the Agent. - Prior to upgrading the Deep Security Manager to 9.6, check if the communication between the Deep Security Manager and MS SQL Server database is encrypted. Note that this is disabled by default and would have been manually configured. To check, verify if the Deep Security Manager\webclient\webapps\ROOT\WEB-INF\dsm.properties file contains the line: database.SqlServer.ssl=require If it exists, disable the encryption by deleting the line and restarting the Deep Security Manager service before upgrading. Add the line back after the upgrade. Failure to disable the encryption will cause the upgrade to fail. - Deep Security 9.6 Patch 1 includes improvements to scalability and efficiency, as it was in Deep Security 9.6 release, however this Patch 1 release makes it more easy and organized to perform database schema in steps mentioned in following Knowledge Base Article. Administrators upgrading to this Patch 1 are required to follow this KB upgrading their database schema. http://esupport.trendmicro.com/solution/en-US/1112218.aspx As usual, backup your database before upgrading and consider performing the upgrade during off-hours. To back up your 9.5 SP1 Deep Security data, see "Database Backup and Recovery" in the your Deep Security 9.5 SP1 online help or Administrator's Guide. Your Deep Security Agents and Appliances will continue to provide protection during the upgrade process. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== Deep Security Manager 9.6 Patch 1 adds the following enhancements: Enhancement 1: [30197] By default, the Deep Security Manager console uses TLSv1, TLSv1.1, TLSv1.2 protocols to communicate with port 4119. This release enhances the Deep Security Manager's capability to allow configuration of supported protocols by adding the protocols parameters to the configuration.properties file or limiting this communication to use any single protocol. ***IMPORTANT*** Deep Security Agents use TLSv1 to communicate with the Deep Security Manager and this communication must not be changed. If you need to change the settings defined below, you must add TLSv1 along with other protocols to keep Agents and Manager communication healthy. Please refer to point c) as an example. Follow the procedure below to use this capatibility. Procedure to change settings: a) Stop the Deep Security Manager Service. b) Open the configuration.properties file under C:\ProgramFiles\ TrendMicro\DeepSecurityManager. c) Add the following entry at the end of file and save the file: protocols=TLSv1,TLSv1.2 Note: You can define more than one protocol by separating them with commas, for example: protocols=TLSv1,TLSv1.1,TLSv1.2 d) Start the Deep Security Manager Service. e) Use the OpenSSL s_client command to verify the protocol on the Deep Security Manager's Web Console port 4119 as follows: OpenSSL> s_client -connect Deep_Security_Manager_IP_Address:4119 Under the SSL-Session section, verify that Protocol is TLSv1.2 or the one you defined in the configuration.properties file. Please Note: This change of protocol type for the Deep Security Manager's web console port 4119 affects operations like accessing the web GUI from a browser, preparing an ESXi server for Filter Driver, deploying Agents using deployment scripts, and deploying the Deep Security Virtual Appliance in an NSX environment. Administrators modifying the configuration.properties file are required to ensure that the Operating System they are using for deploying Agents using deployment scripts supports the protocol defined in the configuration.properties file. Otherwise, the deployment will fail. This is also true for different ESXi versions customers are using in preparing ESXi in non-NSX environment, and deploying DSVA in an NSX environment. Enhancement 2: [29471] This release added more detailed debug level logging for vCenter Server synchronization with Deep Security Manager. Enhancement 3: [30083/30269] The Deep Security Network Engine has been enhanced to choose Anti-Evasion Settings for the Intrusion Prevention System. These settings are available under Computer > Settings > Network Engine Tab. For more details, please refer to Online Help. 2.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Patch 1 resolves these issues: Issue 1: [29753] The Deep Security Manager handled the connection type for some policies incorrectly. In some cases, unnecessary rules were recommended. Solution 1: The Deep Security Manager code logic has been corrected to fix this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [29979] Agent reactivation did not work when only Agent-initiated communication was allowed. Solution 2: This code defect has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [29966] With Deep Security Manager 9.6, it was no longer possible to place Environment Variables inside an exception list, for example, ${windir}. If set to backslash, this error also appeared "The list of directories contains an invalid entry. All directory paths must end with a slash. ('\' for Windows, '/' for Linux.)". Solution 3: A change to the logic of the validating Environment Variable caused the breakage. The new logic has been enhanced to cover this case as well as other cases that were supported previously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [30144] The Deep Security Manager 9.6 included a database schema change. While upgrading to 9.6 version, customers encountered an upgrade timeout situation and restarted the Deep Security Manager service while the schema upgrade was happening. This was being triggered because the Deep Security Manager console waited for only 10 minutes for the Deep security Manager service to start. As a result, the database schema upgrade became corrupted or migration stopped. Solution 4: In this Patch, the upgrade process is being divided into steps: a) First, use the steps in this Knowledge Base Article to upgrade the database schema: http://esupport.trendmicro.com/solution/en-US/1112218.aspx b) Once the database schema change/migration is completed, run the installer as usual to upgrade Deep Security Manager to Patch 1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [30154] The Deep Security Manager did not check the parse item count, so when a File List item consisted of only comment '#' symbols, it caused an ArrayIndexOutOfBoudsException. Solution 5: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [30229] When the Ongoing Recommendation Scans option was configured, it sometimes did not not run properly. Solution 6: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [30223] Deep Security Manager produces reports generated by the Reports page. "Security Module Usage Report" when run, outputs the current computer's usage of protection modules. This report outputs duplicated records for the Primary Tenant's computers. Solution 7: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [TT331775/30255] The vCloud Synchronization with Deep Security Manager sometimes failed. As a result, no new virtual machines would be populated or updated within the Deep Security Manager after adding a new vCloud Organization. Solution 8: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-1] If an Event-Based Task is configured for "Agent-Initiated Activation" along with Assign Policy, and when this event happens, i.e. agent initiated activation performed, that policy never gets assigned and was hung. Solution 9: This has been fixed in current release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [TT333576/DSSEG-17] "Recommendation Report" shows "Not Assigned" for application groups which causes misleading if the rules are actually applied or not. Also some icons are greyed out. Solution 10: This has been fixed in current release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [30388/DS-518] The Deep Security Manager's Server0.log file shows some exceptions if recommendation scans are being run, when security updates are being pulled and DSM does not have appropriate resource to handle this situation. Solution 11: This issue has been fixed in current release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Deep Security 9.6 Installation Guides (IG) -- Provides product overview, deployment plan, installation steps and basic information intended to help you smoothly deploy Deep Security. The following Installation Guides are available in Trend Micro Download Center: Deep_Security_96_Install_Guide_basic_EN.pdf Deep_Security_96_Install_Guide_cloud_EN.pdf Deep_Security_96_Install_Guide_nsx_EN.pdf Deep_Security_96_Install_Guide_vmsafe_EN.pdf o Deep Security 9.6 Administrator's Guide (AG) -- Provides post-installation instructions on how to configure the settings to help you get Deep Security "up and running". Also includes instructions on performing other administrative tasks for the day-to-day maintenance of Deep Security. (All the content of the Administrator's Guide can be found in the Deep Security Manager's online help.) o Readme.txt files -- version enhancements, known issues, and release history. Electronic versions of the manuals are available from the Trend Micro Download Center at: http://downloadcenter.trendmicro.com/ o Online help -- Context-sensitive help screens that provide guidance for performing a task. (The online contains all the information contained in the Administrator's Guide.) o TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com o Knowledge Base -- a searchable database of known issues, including specific problem-solving and troubleshooting topics. http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security 9.6 Installation Guide. 5. Installation/Uninstallation ======================================================================== Refer to the "Deep Security Manager 9.6 Installation Guide" document available for download from the Trend Micro Download Center. 6. Known Incompatibilities ======================================================================== - Deep Security Manager 9.6 Patch 1 does not support version 8.0 and earlier versions of Deep Security Virtual Appliance and Deep Security Agent. - When adding vCloud in this version of Deep Security, only agentless Anti-Malware and Integrity Monitoring in vCNS is supported and must be added only to the tenants. NSX, Combined Mode and adding vCloud to the primary tenant is not supported. 7. Known Issues in Deep Security Manager 9.6 Patch 1 ======================================================================== - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager 9.6 Patch 1 will display “Intrusion Prevention Engine Offline and Firewall Engine Offline” regardless of policy until the Deep Security Virtual Appliance is upgraded to version 9.6 Patch 1. [28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade to version 9.6 and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - If agentless Anti-Malware real-time protection is turned off, the notifier will not get any status updates from the appliance. It will then turn off Antivirus protection in the Windows Action Center. [29230/29574] - When you deactivate the Deep security Virtual Appliance or agentless protection, the notifier will not be able to get any status from the Deep Security Virtual Appliance. The notifier knows that Anti-Malware is not working so it will turn it off in the Windows Action Center. It does not know the status of the firewall so it will leave the firewall status in the Windows Action center in its last known state. [29230/29574] - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Agentless protection is not supported in ESX 5.1 with NSX. ESX 5.5, VCenter 5.5 and NSX Manager 6.0.5 are the minimum requirements for agentless protection. [22062] - Excluding a folder in Anti-Malware agentless protection would also exclude folders that starts with the same folder name. For example, excluding c:\temp also excludes c:\temp1 and c:\temp2 from Anti-Malware scanning. [22037] - Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Security Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events. [21250] - It can take up to 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is in place at \temp would result in failure. [23150] - The Deep Security Manager will display the platform of CentOS machines as Red Hat. This is because the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package. [21674/25156] - Location awareness will not work on pure IPv6 environment. [12776] - Infected file will still appear in Quarantined Files list even if the Anti-Malware Event says Quarantine Failed. [21620] - In the computer updates page, DSM will show Smart Scan Agent Pattern, Spyware Active Monitoring Pattern and Virus pattern in Deep Security Agent for Linux regardless of the scan mode. [21829] - Software update using IPv6 is currently not supported by Trend Micro download center. [25937] - Deep Security Agent running on SUSE in Azure cloud will not be managed under Azure cloud account in the Deep Security Manager. The agent will appear under normal computers list. [26499] - After Deep Security Agent upgrade, the event "Abnormal Restart Detected" may appear. The upgrade is not affected by this event and may be safely ignored. Do Clear Warnings and Errors and perform a Check Status to reflect the actual status of the agent. [26619] - The Out of Sync relays hyperlink displays the correct count but clicking the link will display both out of date computers and relays. [23418/21042] - In NSX 6.1.2 and earlier, if more than one NSX Security Groups are defined and applied to the NSX Security Policy that contains Deep Security Services, any un-applying of the policy will not be reflected in Deep Security Manager with respect to NSX Security Group membership. [25304] - In NSX 6.1.1 and earlier, if your remove the Deep Security Services from an NSX Security Policy, it will not be reflected in Deep Security Manager with respect to NSX Security Group membership. [25303] - Deep Security Manager does not support installation paths that contain special characters (non-alphabet and non-numeric characters). The same restriction also applies to the database name and/or database account used by Deep Security Manager. [16708] - When a user runs Agent-initiated recommendation scan using the "dsa_control -m RecommendationScan:true" command, no system event related to recommendation scan is recorded. - In rare situations, Deep Security Manager may not correctly identify the status of the EPsec Driver installed on an ESXi. When you activate an Appliance, if Deep Security Manager does not identify the correct status of vShield Endpoint, it will not register with the vShield Manager. If Deep Security Manager gives you this warning, perform a full "Synchronize" with your vCenter and it will update the current installation status of all drivers on all ESXi(s) in the environment. [17636] - In Multi-Tenant installations, the Primary tenant Deep Security Manager may cause "Reconnaissance Detected: Network or Port Scan" alerts on Tenants' Deep Security Managers. To avoid these alerts, Tenants can manually add the Primary Tenant's Deep Security Manager IP address to the "Ignore Reconnaissance" IP list. (Policies > Common Objects > Lists > IP Lists). [17175] - In rare cases, adding a vCloud or AWS Cloud Account in Deep Security Manager can result in the creation of two identical Cloud Accounts. If this occurs, either one of the two accounts can be safely removed. [17280/17051] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - If the Manager node(s) and the Database are installed on machines with synchronized clocks but configured for different time-zones, an error indicating that the clocks are not synchronized will be triggered incorrectly. [17100] - On Windows 2008 and Server 2012 systems, after installing the Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically appear in the Windows notification area. However, the Deep Security Notifier will still function. Users need to re-launch the Deep Security Notifier from the "Start" menu or restart the system. [17533] - When using Deep Security in iCRC mode, a DNS server must be available. If a DNS server is unavailable the Anti-Malware feature of the Deep Security Virtual Appliance may not function correctly. [Deep Security 8.0-01169] - Deep Security Manager does not support License updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS5 proxy. To use these two features, use an HTTP proxy. [Deep Security 8.0-1024] - In certain cases, when attempting to use the dsm_s stop command on Linux to stop the Deep Security Manager service, you may get the following message: "Timeout. Daemon did not shutdown yet." Dsm_s is based on install4j whose timeout value is 15 seconds, which cannot be changed. The Deep Security Manager may require longer than this to shut down. To ensure the service has been shut down run the "ps -ef | grep DSMService" command before using the dsm_s stop command. [Deep Security 8.0-00095] - Air-gapped Relays will still try to contact an Update Server to check for Updates. To avoid update failure alerts, set the Relay to use itself as an update source: 1. In the Relay's "Details" window, go to "System > System Settings > Updates". 2. In the "Relays" area, select "Other Update Source:" and add "https://localhost:4122". 3. Click "Save". [Deep Security 8.0-01124] - If an ESXi with an installed vShield Endpoint driver is removed from its vCenter, Deep Security Manager cannot detect the installed driver if the ESXi is later re-added to the vCenter. This will cause any newly Deep Security Virtual Appliance- protected virtual machines to not have Anti-Malware enabled. The workaround is to uninstall and reinstall the driver through the VSM. [Deep Security 8.0-01036] - Intrusion Prevention is not supported over SSL connections when using IPv6. - The Anti-Malware scan inclusion/exclusion directory settings are sensitive to forward slash "/" and backslash "\". For use with Windows operating systems the inclusion/exclusion paths must use the backslash "\". [7.5 SP1-00231] - When creating custom Integrity Monitoring Rules using the "RegistryKeySet" tag, the attribute values must be in uppercase letters. For example, . Using lowercase may result in an "Integrity Monitoring Rule Compile Issue" error. [7.5 SP1-00171] - Malware scans of network shared folders are only supported using real-time scan. Manual scans or scheduled scans will not work. [7.5-00012] - If a CD or a mounted ISO file contains malware and the Anti-Malware configuration is set to "Delete" upon detection, Deep Security Manager will still report that the malware was "deleted" even if it was unable to do so. [7.5-00010] - Deep Security Manager cannot display an incorrect filename event in the Anti-Malware Event if the malware was found in the "Recycle Bin". [7.5-00023] - During an upgrade, the Deep Security Manager service may not be able to install properly on some platforms if the "Services" screen is open. To work around this, make sure the "Services" screen is closed prior to installation or upgrade of Deep Security Manager. - If you receive a "java.lang.OutOfMemoryError" error during the installation of Deep Security Manager, please refer to the "Installation Guide" for instructions on how to configure the maximum memory usage for the installer. - During an upgrade, if you receive a message stating that the Deep Security Manager cannot start the service, restarting Deep Security Manager usually fixes the problem. In rare cases, you may have to run the installer again in Upgrade/Repair mode after restarting. - If Windows Firewall is enabled on Deep Security Manager, it may interfere with port scans causing false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720 resulting in these ports always appearing open regardless of any filter placed on the computer. - By default Exchange 2000 and later servers will dynamically assign a non-privileged port (1024-65535) for communications between the client and the server for the System Attendant, Information Store, and Name Service Provider Interface (NSPI) services. If you will be using the Microsoft Exchange Server profile with an Exchange 2000 or later server then you should configure these services to use static ports as described in the article "Exchange 2000 and Exchange 2003 static port mappings" (http://support.microsoft.com/?kbid=270836). Once static ports have been configured you should extend the appropriate Exchange Server port list to include the ports that have been assigned to these services. You may also want to set the "No RFR Service" registry setting to "1" to prevent the Exchange server from referring clients to the domain controller for address book information. See the article "How Outlook 2000 Accesses Active Directory" (http://support.microsoft.com/?kbid=302914) for more information. Alternatively, it is possible to configure Exchange RPC to run over HTTPS if you are using Outlook 2003 on Windows XP Service Pack 1 or later with Exchange Server 2003. In this case only port 443 needs to be added to the Exchange port list. - The "Recommendation" Alert may remain raised on some computers even after all recommended Intrusion Prevention, Integrity and Log Inspection Rules appear to have been applied. This can occur because even though an "Application Type" may be recommended for a computer, the "Application Type" will not be displayed in the "Show Recommended" view if no Intrusion Prevention Rules associated with Application Type are currently recommended. To resolve the situation, use the "Show All" view of the Intrusion Prevention Rules screen and assign all recommended "Application Types" (even if no associated Rules are currently recommended). Alternatively, you can just dismiss the alert after verifying that you have assigned all recommended rules to the computer. [8345] - When an Appliance-protected VM is migrated from one Appliance-protected ESXi to another, and if that virtual machine currently has warnings or errors associated with it (for example "Reconnaissance Detected"), those errors may incorrectly get cleared during the migration. [10602] - Log Inspection Events have a size limitation of 6000 characters. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download - Deep Security Manager 9.6, Build 9.6.1589, August 12, 2015 8.1 Deep Security Manager 9.6.1589 ===================================================================== 8.1.1 Enhancements ===================================================================== Deep Security Manager 9.6.1589 adds the following enhancements: VMware vSphere 6 Support - Deep Security 9.6 now supports vSphere 6. NSX 6.1.4 Support and Integration - Agentless Anti-Malware, Integrity Monitoring, WRS, Firewall and Intrusion Prevention are available with NSX. vCNS 5.5.4 Support - Agentless Anti-Malware and Integrity Monitoring are available for vCNS Combined Mode with Agentless Anti-Malware and Integrity Monitoring and agent based support for WRS, Firewall and Intrusion Prevention. SAP Protection For Linux - Deep Security has integrated the SAP adapter into the Deep Security Agent. The SAP adapter works seamlessly with the SAP VSI interface (also referred to as NW-VSI-2.0). The VSI interface is available in applications and platforms such as NetWeaver, HANA and Fiori. - The SAP adapter has been fully incorporated in to Deep Security 9.6 as part of the Red Hat Enterprise Linux and SuSE Enterprise Linux builds and can now be licensed directly through Deep Security Manager. IBM QRadar Support - Deep Security can now output syslog inLog Event Extended Format (LEEF 2.0) for integration with IBM QRadar. DSM Database Support for Oracle 12c - Deep Security Manager now supports Oracle 12c for it’s back end database. Active Directory Synchronization on Login - New users created in Active Directory can now log in to Deep Security Manager before the Active Directory Synch task has been run. Minor Report Enhancements - The Security Module usage report now has columns for the Computer Group and the Instance Size (for AWS workloads). Automatic Updates of Online Help - The Deep Security online help can now be updated seamlessly in Deep Security Manager through a new Online Help package. Deep Security Relay Downloads from Trend Micro Download Center - In situations where the Deep Security relay cannot directly access the Deep Security Manager, the relay can now download software updates from Trend Micro Download Center. 8.1.2 Resolved Known Issues ===================================================================== This release includes all resolved issues that were resolved in Deep Security 9.5 SP1 except those explicitly listed in the section "Known Issues in Deep Security Manager 9.6 Patch 1" above. 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Manager-Windows-9.6.2613.x64.exe (64-bit) Manager-Linux-9.6.2613.x64.sh (64-bit) 10. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone Numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/us/about-us/contact/index.html The Trend Micro "About Trend Micro" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Copyright 2015, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Deep Security and "deep security solutions" are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/us/about-us/legal-policies/license- agreements/index.html 13. Third Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]\licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2015 Trend Micro Inc. All rights reserved. Published in Canada.