<> Trend Micro Incorporated February 21, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 6 for Linux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deep Security Agent Platforms: Red Hat Enterprise 5 (32-bit and 64-bit), Red Hat Enterprise 6 (32-bit and 64-bit), Red Hat Enterprise 7 (64-bit), CentOS 5 (32-bit and 64-bit), CentOS 6 (32-bit and 64-bit), CentOS 7 (64-bit), Oracle Linux 5 (32-bit and 64-bit)*, Oracle Linux 6 (32-bit and 64-bit)*, Oracle Linux 7 (64-bit)*, SUSE 10 SP3, SP4 (32-bit and 64-bit), SUSE 11 SP1, SP2, SP3 (32-bit and 64-bit), SuSe 12 (64-bit), Amazon AMI Linux EC2 (32-bit and 64-bit), Ubuntu 10.04 LTS (64-bit)**, Ubuntu 12.04 LTS (64-bit), Ubuntu 14.04 LTS (64-bit), Ubuntu 16.04 LTS (64-bit), Cloud Linux 5 (32-bit and 64-bit), Cloud Linux 6 (32-bit and 64-bit), Cloud Linux 7 (64-bit), Debian 6 (64-bit), Debian 7 (64-bit) Notes: * Oracle Linux is supported on Red Hat kernels and Unbreakable kernels. ** Ubuntu 10.04 LTS has reached end of life on Apr. 30, 2015. This will be the last version of Deep Security that will have an agent version released for Ubuntu 10.04. For a list of specific Linux kernels supported for each platform, see the document titled Deep Security 9.6 Service Pack 1 Supported Linux Kernels. Deep Security Agent with Relay Feature Platforms: Red Hat Enterprise 5 (64-bit), Red Hat Enterprise 6 (64-bit), Red Hat Enterprise 7 (64-bit), CentOS 5 (64-bit), CentOS 6 (64-bit), CentOS 7 (64-bit), Oracle Linux 5 (64-bit), Oracle Linux 6 (64-bit), Oracle Linux 7 (64-bit) SUSE 10 SP3, SP4 (64-bit), SUSE 11 SP1, SP2, SP3 (64-bit), SUSE 12 (64-bit), Ubuntu 10.04 LTS (64-bit), Ubuntu 12.04 LTS(64-bit), Ubuntu 14.04 LTS (64-bit), Ubuntu 16.04 LTS (64-bit), Cloud Linux 5 (64-bit), Cloud Linux 6 (64-bit), Cloud Linux 7 (64-bit), Debian 6 (64-bit), Debian 7 (64-bit) Amazon AMI Linux EC2 (64-bit), For a list of supported Deep Security features by software platform, see the document titled "Deep Security 9.6 Service Pack 1 Supported Features and Platforms". Date: February 21, 2017 Release: 9.6 Service Pack 1 Patch 1 Update 6 Build Version: 9.6.2-7723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/ index.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.6 Service Pack 1 Patch 1 Update 6 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Upgrade Notice 2. What's New 2.1 Resolved Known Issues 2.2 Enhancements 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-Party Software =================================================================== 1. About Deep Security 9.6 Service Pack 1 Patch 1 Update 6 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 6 contains feature enhancements as well as bug fixes. For a list of the major changes in Deep Security 9.6 Service Pack 1, please see the "What's New" section of the Installation Guides, which are available for download from the Trend Micro Download Center. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 9.0 SP1 Patch 5, 9.5 SP1 Patch 2, or 9.6. All new Deep Security users should install Deep Security 9.6 Service Pack 1 Patch 1. 1.3 Upgrade Notice ===================================================================== In pre-9.6 versions of Deep Security, the Deep Security Virtual Appliance (DSVA) and Filter Driver worked together to provide Agentless protection to virtual machines. Deep Security 9.6 does not include a Filter Driver and you cannot use an older Filter Driver with the 9.6 DSVA. Without the Filter Driver, the 9.6 DSVA is limited to providing Anti-Malware and Integrity Monitoring protection for your VMs. If you need pure agentless protection with Anti-Malware, Firewall, Intrusion Prevention and Integrity Monitoring, there should be no activated Deep Security Agent installed on the virtual machines and do not upgrade your Deep Security Virtual Appliance to 9.6. Please note that the above statement is also true for Deep Security 9.6 Service Pack 1 Patch 1 Update 6 release. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== The following enhancement(s) are included in this release: Enhancement 1: [DSSEG-735] Unexpected behavior was observed under these circumstances: - a vCloud Director was added into Deep Security Manager under the primary tenant (t0) - multi-tenancy was not enabled - vCloud Directory had virtual machines installed with Deep Security Agents - the virtual machines were using Fully Qualified Doman Names (FQDN) Under those circumstances, agent-initiated activation using the dsa_control command did not activate the virtual machine under the vCloud Director, but created a new virtual machine record under Computers and activated it. The same behavior did not occur if a virtual machine was not using FQDN. Note: This issue was not reported when vCloud Director was used in a multi-tenant deployment with the VCenter, ESXi, DSVA and VMs imported in the primary tenant of Deep Security Manager and vCloud was added under other tenants (TN). To handle this specific scenario, the dsa_control -a option has been enhanced with a new :noDomain sub-option, which can be used as follows: dsa_control -a dsm://:4120:noDomain/ Note: The above command needs to be run manually or as a batch job. It cannot be downloaded as an option from a deployment script from the Deep Security Manager console. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-726] Linux systems would sometimes hang when the Deep Security Agent's kernel module, dsa_filter, was getting the driver's information from certain network interfaces. Solution 1: The issue is fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-715] Real-time anti-malware scans could not detect virus activity in a docker container under devicemapper. Solution 2: The issue is fixed in this release ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-703] When the Deep Security Agent generated Web Threat Protection (WTP) syslog messages, it did not follow the syslog format. When the syslog is set to "direct forward" from the agent, the log message should be Common Event Format (CEF). Solution 3: This issue is fixed in this release. The WRS Syslog format is now CEF. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-222] In certain situations, if an Intrusion Prevention event was already sent to the Deep Security Manager, then restarting the Deep Security Agent service would send the event to the Deep Security Manager again, causing duplicate events to appear in the Deep Security Manager console on the Intrusion Prevention Events page. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Security 9.6. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying Deep Security 9.6. The following Installation Guides are available in Trend Micro Download Center: Deep_Security_96_SP1_Install_Guide_basic_EN.pdf Deep_Security_96_SP1_Install_Guide_vcloud_EN.pdf Deep_Security_96_SP1_Install_Guide_nsx_EN.pdf Deep_Security_96_SP1_Install_Guide_vmsafe_EN.pdf Deep_Security_96_SP1_Install_Guide_azure_EN.pdf - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining Deep Security 9.6. It also contains post-installation instructions on how to configure the settings to help you get Deep Security "up and running". All of the content of the Administrator's Guide can be found in the Deep Security Manager's online help. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security 9.6 Service Pack 1 Installation Guide. 5. Installation ======================================================================== Refer to the "Deep Security Manager 9.6 Service Pack 1 Installation Guide" document available for download from the Trend Micro Download Center. - Only use the Agent installer package (the .msi or the .rpm file) on its own to install the Deep Security Agent. If you extract the full Agent zip package and then run the Agent installer from the same folder that holds the other zipped Agent components, all the Security Modules will be installed. That may cause a conflict with the Anti-Malware or Firewall driver if you use applications other than Deep Security to provide those functionalities. - Before installing this Patch, please ensure that the Deep Security Manager has already been upgraded to 9.6 Service Pack 1. - All Deep Security Relay-Enabled Agents must first be upgraded to Deep Security Agent 9.6 Service Pack 1 before upgrading other Agents. 6. Known Incompatibilities ======================================================================== The Anti-Malware feature of Deep Security Agent is incompatible with Docker containers and partitions. 7. Known Issues ======================================================================== - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - If the Integrity monitoring feature in Combined Mode is disabled, the Deep Security Notifier status will display it as Not Capable instead of Not Configured. [29403] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager 9.6 Service Pack 1 Patch 1 will display "Intrusion Prevention Engine Offline and Firewall Engine Offline" regardless of policy until the Deep Security Virtual Appliance is upgraded to version 9.6. [28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade to version 9.6 Service Pack 1 Patch 1 Update 4 and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - Deep Security Agent could not convert shift-jis encoded characters to UTF-8. Therefore, any folders named with shift-jis encoding will be skipped during Integrity Monitoring scanning. [28879] - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Deep Security Agent may not successfully install on the first release of Ubuntu 12.04 without any updates and patches. [23797] - The Relay feature uses TCP port 4122. When enabling the relay feature, make sure TCP port 4122 is allowed in any firewall being used. [22749] - CPU usage control in Scan for Integrity may not work after a reboot. Rebuild Integrity Baseline or reactivation will fix this. [20725/20563] - In Linux platforms, some malwares may not be detected if the DNS is very slow to respond to queries. [21208] - Some security components of Deep Security Agent with Relay feature enabled may get removed unexpectedly after an update. As a workaround, retry the security update. [24004] - The Deep Security Manager will display the platform of the agent package regardless of the platform where it is installed. For example, since the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package, Deep Security Manager will display the platform as Red Hat. [21674/25156] - Deep Security Agent running on SUSE in Azure cloud will not be managed under Azure cloud account in the Deep Security Manager. The agent will appear under normal computers list. [26499] - After Deep Security Virtual Appliance upgrade, the error "Exceeded maximum concurrent events" may be noticed in the /var/log/messages file and the agentless protected guest virtual machines status change to "Anti-Malware Engine Offline". Rebooting the Deep Security Virtual Appliance will fix this issue. [26361] - Intrusion Prevention is not supported over SSL connections when using IPv6. - SYN Flood protection is only supported on versions 7.5 or earlier of the Windows Agents and on versions 7.5 or earlier of the Virtual Appliance. It is not supported on versions 7.5 Service Pack 1 or later of the Windows Agents or versions 7.5 Service Pack 1 or later of the Virtual Appliance. It is not supported on any versions of the Linux or Solaris Agents. - Log entries (Firewall and IPS Events) for OUTGOING traffic show zero-ed out MAC addresses. - When the network engine is working in TAP mode and the in-guest agent is offline, the Deep Security Virtual Appliance status will be "Stand By". When this occurs, Deep Security Virtual Appliance is actually online and IP/FW events will be logged when rules are triggered. [10948] - Log Inspection event logs are limited to 6000 characters. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download - Deep Security Agent 9.6, Build 9.6.1-1308, August 12, 2015 - Deep Security Agent 9.6 Patch 1, Build 9.6.1-3500, October 30, 2015 - Deep Security Agent 9.6 Service Pack 1, Build 9.6.2-5027 and 9.6.2-5028, December 15, 2015 - Deep Security Agent 9.6 Service Pack 1 Update 1, Build 9.6.2-5198, January 21, 2016 - Deep Security Agent 9.6 Service Pack 1 Update 2, Build 9.6.2-5449, March 11, 2016 - Deep Security Agent 9.6 Service Pack 1 Patch 1, Build 9.6.2-6400, April 22, 2016 - Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 1, Build 9.6.2-7050, June 30, 2016 - Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 2, Build 9.6.2-7256, July 29, 2016 - Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 3, Build 9.6.2-7516, October 14, 2016 - Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 3 R7524, Build 9.6.2-7524, October 14, 2016 - Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 6, Build 9.6.2-7723, February 21, 2017 8.1 Deep Security Agent 9.6.1-1308 ===================================================================== 8.1.1 Enhancements ===================================================================== SAP Protection for Linux - Deep Security has integrated the SAP adapter into the Deep Security Agent. The SAP adapter works seamlessly with the SAP VSI interface (also referred to as NW-VSI-2.0). The VSI interface is available in applications and platforms such as NetWeaver, HANA and Fiori. - The SAP adapter has been fully incorporated in to Deep Security 9.6 as part of the Red Hat Enterprise Linux and SUSE Enterprise Linux builds and can now be licensed directly through Deep Security Manager. Real-Time Anti-Malware for CloudLinux 7 - Real-time Anti-Malware is now available on CloudLinux 7 Additional Platform Support - Deep Security 9.6 adds support for the following platforms: Debian 6 & 7 Windows 2012 Server Core Cloud Linux 7 Oracle Linux 7 SUSE Enterprise Linux 12 Deep Security Relay Downloads from Trend Micro Download Center - In situations where the Deep Security relay cannot directly access the Deep Security Manager, the relay can now download software updates from Trend Micro Download Center. 8.1.2 Resolved Known Issues ===================================================================== This release includes all resolved issues that were resolved in Deep Security 9.5 SP1 except those explicitly listed in the section "Known Issues in Deep Security Agent 9.6 Patch 1" above. 8.2 Deep Security Agent 9.6.1-3500 ===================================================================== 8.2.1 Enhancements ===================================================================== This release adds following enhancements: Enhancement 1: [30139] If a user creates a diagnostic package for Deep Security Virtual Appliance, there exists a charts.html file under the Agent - dsva folder. This charts.html file only displayed charts for system and process statistics. This patch release enhances charts.html to also display the guest_stat.csv file, which is used to identify packet of Guest VM like errors to slowpath, DSVA packet in, DSVA packet out, and error to slowpath in a graphical display. Enhancement 2: This Release contains improvements in TCP/IP connection handling to eliminate the potential under certain conditions for evasion of IDS/IPS (Intrusion Prevention) functionality. These improvements do not affect Firewall functionality. Enhancement 3: [30299] Previously, Deep Security Agent would only load a new kernel support package during process rebooting. So, if customers imported the supported KSP, they needed to reboot the ds_agent process manually to make it work. This patch has been enhanced so that the agent tries to load the new kernel support automatically when it becomes available in the inventory. Enhancement 4: [30320] The Deep Security Real-time Anti-Malware scanning for Linux and other non-Windows operating systems uses some kernel modules to hook the file system-related calls. This release enhanced those kernel modules to gracefully handle the scanning tasks in heavy load environments. 8.2.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [30012] Deep Security Agent uses the Trend Micro Anti-malware scanning engine VSAPI to scan disk files for malware and clean them. The Deep Security Virtual Appliance and Deep Security Agent (Linux) crashed due to an incompatibility with the VSAPI IOPlugin structures added in its latest release. This was due to duplication of internal VSAPI IoPlugin type definition with Deep Security Agent's real-time scan structures. Solution 1: This issue has been resolved in this release. Issue 2: [30314] Iptables on Linux distributions is supported by Deep Security Agent and remains enabled. When the Agent is installed, it adds a rule in iptables to open port 4118 for communication. If iptables were not turned ON, the installer turned them ON and edited them accordingly. Solution 2: This release fixes this behavior of the Agent installer. The installer now checks whether iptables is ON or OFF. If iptables is OFF, the installer will not change it. If iptables is ON, the installer will add the rule to allow port 4118 for communication. Issue 3: [30333] The index of an internal memory buffer is not correctly calculated when relative offset counters start over at 4GB boundary. This incorrect pointer causes dsa_filter accessing an invalid memory address and will lead to the kernel panic. Solution 3: With this Patch, the calculation of the buffer offset is fixed when relative offset counters start over at 4GB boundary. 8.3 Deep Security Agent 9.6.2-5027, 9.6.2-5028 ===================================================================== 8.3.1 Enhancements ===================================================================== This release adds following enhancements: Real-Time Anti-Malware Support for Amazon Linux - Real-time Anti-Malware support is now available on Amazon Linux. 8.3.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [1620] When kdump generated the dump kernel, it generated errors such as "No module gsch found" or "No module redirfs found". Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [1333] On some Linux platforms, if iptables or ip6tables was disabled and when customer installed or restarted the Deep Security Agent, the ds_agent process would start iptables and add a rule to open port 4118. Solution 2: With this release, the ds_agent process will check the iptables/ip6tables status. If it is disabled, it will not be changed. If it is enabled, one rule to allow port 4118 for communication will be added. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [521] When Agent hardening was enabled on a destination Deep Security Virtual Appliance in a VMotion setup, and the guest virtual machine was password-protected, the VMotion failed and the guest VM went offline. Solution 3: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [1402] The redirfs kernel module which hooks the Virtual File System (VFS) switch in Linux crashed due to race condition. Solution 4: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [516] If the Deep Security Virtual Appliance experienced an ungraceful shutdown or power off, the ds_am.pid file remained under the /var/opt/ds_agent/am directory, pointing to a non-existent process ID. Sometimes, this process ID was taken by another process, which resulted in the PID defined under ds_am.pid pointing to a different process instead of ds_am process. As a result, the ds_am process failed to start because it did not correctly verify that previous ds_am process was still running. Solution 5: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [1401] The index of an internal memory buffer was not correctly calculated when relative offset counters started over at 4GB boundary. This incorrect pointer caused dsa_filter to access an invalid memory address, which lead to a kernel panic. Solution 6: With this release, the calculation of the buffer offset is fixed when relative offset counters start over at 4GB boundary. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [527] Deep Security Netfilter caused Kernel Panic to Linux servers during handling of connection metadata structure. Solution 7: The issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [1624] The Deep Security Agent only loaded the new kernel support package during process rebooting. So, if a customer imported a supported KSP, they needed to reboot the ds_agent process manually to make it work. Solution 8: This release has been enhanced so that the Agent tries to load the new kernel support automatically when it becomes available in the inventory. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [30386/30379] The Deep Security Agent's On-Demand/Scheduled Anti-Malware Scans would sometimes stop when scanning some special files. Because of this, some files would remain unscanned. Solution 9: This issue is fixed in this release. 8.4 Deep Security Agent 9.6.2-5198 ===================================================================== 8.4.1 Enhancements ===================================================================== This release does not add any enhancement. 8.4.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-63] If the Deep Security Agent is installed on a Linux platform with autofs configuration and Real-time Anti-malware scanning is enabled, the autofs hangs when the shared folder is mounted. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-62] The Anti-Malware scan engine does not support scanning files larger than 2GB. However, it floods the log with file open failure messages. Solution 2: The priority of the log message has been changed from notice to information. By default, this message will no longer show up. 8.5 Deep Security Agent 9.6.2-5449 ===================================================================== 8.5.1 Enhancements ===================================================================== This release does not add any enhancement. 8.5.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-93] In Azure environments, if one or more machines had the same host name due to staging or production dynamics, the information was not correctly handled by the Azure Cloud Connector and machines went offline. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-99] A memory leak was observed in Ubuntu-based systems when the Deep Security Agent was installed. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-89] In Debian and Ubuntu Servers, the Deep Security Agents would sometimes create zombie processes. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [TT338812/DSSEG-91] By design, if /etc/use_dsa_with_iptables exists, then the Deep Security Agent does not touch the Linux Firewall. In SUSE Linux, this process did not work so as a result, if the ds_agent service restarted, it stopped the SUSE firewall service. Solution 4: This issue is fixed in this release. Note: Since ds_agent will not touch the SuSEfirewall2 status, port 4118 is opened but not accessible from Deep Security Manager. You will need to create a firewall rule to allow access through port 4118. If you want to make this Deep Security Agent a Relay, you also need to add a Firewall Rule that allows TCP/IP Traffic on port 4122 on the Relay-enabled Agent. Please refer to page 38 of the Deep Security 9.6 Install Guide (Basic). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-105] Deadlocks could sometimes happen on a virtual appliance when it handled a large number of Virtual machines. Solution 5: Unnecessary locks have been removed and the lock granularity has been fine-tuned to improve overall performance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [TT332353/DSSEG-76] When a configuration is updated, the Deep Security Agent sends a heartbeat containing the current information to the Deep Security Manager. There was an issue where the local interface information did not match the security configuration information, even when the Deep Security Manager updated the configuration repeatedly. As a result, "Events Retrieved" and "Policy Sent" events were recorded under the System Events tab for every heartbeat. Solution 6: This issue has been fixed in this release. 8.6 Deep Security Agent 9.6.2-6400 ===================================================================== 8.6.1 Enhancements ===================================================================== This release adds the following enhancements: Enhancement 1: Currently, Deep Security Manager runs a schedule task for a security update job, sends a command to the Deep Security Agent, and then the Agent downloads the security update from the Global Server (iAU) or Relay. A new feature has been implemented in which the Agent can actively download security updates without a command from the Deep Security Manager. This can be accomplished using the command-line utility dsa_control. To download the security updates from the Agent: 1. Go to the Deep Security Agent's install directory. 2. Run the command: dsa_control -U When the Agent starts to download the security updates, an event will be generated in the Deep Security Manager console, pointing to the DSA > Overview > Events. Note: This feature is available to download security updates only and cannot be used to download software updates. Enhancement 2: [DSSEG-162] Deep Security Agent is now enhanced to log "Agent Self-Protection Enabled" or "Agent Self-Protection Disabled" events under System Events when the Agent Self-Protection settings are modified in the Deep Security Manager console (under Computer > Settings > Agent Self-Protection section), or using the dsa_control command-line utility. Enhancement 3: [DSSEG-151] CVE-2015-7547 requires a patch to the glibc and gblic-common libraries. This release patches glibc and glibc-common to 2.12-1.166 to address CVE-2015-7547. Note: This patch requires a DSVA reboot. Enhancement 4: [DSSEG-192] When the maximum connections are reached, the Deep Security Filter Driver throws an error log which would eventually take too much disk space. Log levels are refined to fix this issue. Enhancement 5: [DSSEG-55] Enterprise customers using Red Hat Satellite Server for release distribution information have issues if a Red Hat Enterprise Linux Agent package is imported in the system. For example, if ds_agent-9.6.2-1234.x86_64 (RedHat 5) is imported, then ds_agent-9.6.2-1234.x86_64 (RedHat 6) could not be imported to RedHat Satellite Server. This is because the RedHat rpm package is commonly released according to this format: - productname-version-buildnumber.release-architecture.rpm However, the Deep Security Agent package was released as: - productname-version-buildnumber-architecture.rpm The Release information for Deep Security Agent is being modified and added with release-architecture. This distinguishes the architecture information and fixes the issue. Enhancement 6: [DSSEG-175] In some scenarios, the VMware Tools are upgraded for Deep Security Virtual Appliance, which is not permitted by design. This upgrade is being stopped in the current release. 8.6.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-82/DSSEG-174] On Ubuntu-based Linux platforms and Amazon Linux platforms, running the command to check the status of the Deep Security Agent does not work. The command is: #service ds_agent status Solution 1: The command works in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT340161/DSSEG-101] When the SAP connector scans a SAR format file, the ds_am process would cause very high CPU usage. Solution 2: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [TT339963/TT336355/DSSEG-112] Kernel Panic would happen sometimes if there is no extension in the TLS Client Hello Packets received at the Deep Security Filter Driver. Solution 3: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-164] When the Deep Security Agent is configured to download security patterns from a primary update source, and the Agent is not in contact with the Deep Security Manager, and the "Allow Agents/Appliances to download Pattern updates when Deep Security Manager is not accessible" option is selected in the Deep Security Manager (under Administration > System Settings > Updates), the security patterns are not downloaded. Solution 4: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [TT340904/DSSEG-188] A dead connection in Deep Security Filter Driver's connection table is being re-used by the system, then the Syslog is being flooded with errors related to dead connections, such as: assertion failed: !conntrack_is_dead((ds_conn_common_t*)conn) Solution 5: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [TT334613/DSSEG-208] Particularly on SUSE Linux platforms, if the Deep Security Agent is loaded before loading the SUSE default firewall, then a rule for opening port 4118 for Deep Security Agent is not being added and the Agent stops communicating with the Deep Security Manager. Solution 6: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7 Deep Security Agent 9.6.2-7050 ===================================================================== 8.7.1 Enhancements ===================================================================== This release adds the following enhancements: Enhancement 1: [DSSEG-290] Support for Deep Security Agent for Red Hat Enterprise Linux (RHEL) has been added for Microsoft Azure Linux workloads. Customers running RHEL machines in Azure can now protect them with Deep Security Agents. 8.7.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-246] Deep Security Agent required an upgrade to the OpenSSL protocoltoolkit. Solution 1: This release upgraded the Deep Security Agent with OpenSSL version 1.0.2h. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT343953/DSSEG-285] The Deep Security Agent on Red Hat Linux 7 caused a kernel panic due to the redirfs kernel module used for file-system hooking. Solution 2: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [TT341932/DSSEG-249] When the real-time Anti-Malware scans were running on a Linux system (RedHat, SUSE), the GSCH driver would sometimes cause a system crash. Solution 3: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [TT346015/DSSEG-250] When real-time Anti-Malware scanning was enabled on a Linux system (Red Hat, SUSE) and the "ls" command was executed in the folder where hundreds of thousands of files resided, it took a long time to complete scan and seemed as if the machine was hung. Solution 4: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-288] The ds_agent process crashes when a Log Inspection task started to run while the Log Inspection service was asked to restart from another thread. Solution 5: Code now ensures that the Log Inspection service restarts after all tasks are finished. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [TT343123/DSSEG-302] On Linux, ds_am had a problem reading /proc/mounts content when the /proc/mounts contained a large size line that exceeded the ds_am maximum line buffer size. It caused ds_am to crash and Anti-Malware to go offline. Solution 6: The issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [TT346407/TT347298/DSSEG-307] On Linux, if iptables and ip6tables were turned OFF, then installing the Deep Security Agent or restarting the ds_agent service would turn those iptables and ip6tables ON. Solution 7: This issue has been resolved and iptables and ip6tables are not turned ON during installation of Deep Security Agent or restarting the ds_agent service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [TT341349/DSSEG-245] A System Kernel Panic message displayed on a Linux machine when the Deep Security Filter Driver (dsa_filter) received IP fragments out of order. Solution 8: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [TT347066/DSSEG-311] The command "rm -rf " failed with "Directory Not empty" even if the directory was empty for the NFS Client share folder. Solution 9: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-314] When the Deep Security Agent was installed on an NFS Client machine, redirfs for Anti-malware protection sometimes had an issue with unhooking from the NFS share if the NFS client mounted/umounted frequently. Solution 10: Redirfs hooking for NFS client folder is now off by default. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8 Deep Security Agent 9.6.2-7256 ===================================================================== 8.8.1 Enhancements ===================================================================== This release does not add any enhancements. 8.8.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-328] You can configure Deep Security Agents to forward events from specific protection module logs to a syslog server (in the computer editor, under Settings > SIEM). Under some circumstances, when the syslog server log forwarding process was set up, it failed to forward syslog entries and the Firewall and Intrusion Prevention modules stopped working correctly. Solution 1: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT-347903/DSSEG-320] DS9.6 DSVA uses system "curl" tool to init TLS connection with DSR to save or restore status files during vMotion. The curl is too old to turn off the TLS "CN Verification". After the DSA9.6 upgrade the OpenSSL(from 0.9.8 to 1.0.2x) and Curl library, by default the "CN verification" will be turned on and it causes the error: "certificate subject name 'Deep Security Relay' does not match target host name" when DSVA saves/restores status during vMotion. Solution 2: Install a new verison curl to DSVA "/opt/ds_agent" folder and use it to disable "CN Check" when DSVA saves/restores status during vMotion. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [TT-346439/DSSEG-343] The Intrusion Prevention Rule compilation error was observed after running recommendation scan on Deep Security Virtual Appliance in NSX environment, in the event when too many applications were running on single port, but those applications associated with recommended rules applied to this port were not installed on guest virtual machine. Solution 3: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-338] When there were many application types assigned to monitor the same port, there was a chance that some of those connections would not be monitored due to an internal defect. Solution 4: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9 Deep Security Agent 9.6.2-7516 ===================================================================== 8.9.1 Enhancements ===================================================================== This release does not add any enhancements. Enhancement 1: [DSSEG-251] This release enhances the Deep Security Agent's capability to collect AWS EC2 instance metadata information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-252] When an Amazon AMI with an activated Deep Security Agent is launched, the Deep Security Manager will automatically reactivate the Agent on this instance and invoke any corresponding event-based tasks. Note: This enhancement only works when the Deep Security Manager and the Deep Security Agents are both version 9.6 SP1 Patch 1 Update 3 or later. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-346] Wildcards were not supported when specifying directories to include when performing scheduled or manual scans for malware on Linux. Solution 1: Wildcards are now supported when specifying directories to include when performing scheduled or manual scans for malware on Linux. For example, the directory specification "/*/*example*/" would include the following directories: * /Usr/example/ * /Root/example2/ * /Bin/another-example 3/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-462] The Deep Security Agents deployed in a Microsoft Azure environment with the latest SUSE platforms could not be activated within the Azure Cloud Connector. Solution 2: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-471] Under certain circumstances, the Deep Security Relay-enabled Agent would fail to download any package if it encountered one failure. In this case, the Agent error log showed "easy handle already used in multi handle". Solution 3: This is now fixed. The Relay-enabled Agent will continue to download other packages even if one fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-473] When a user started or stopped the ds_agent service, the error "ufw: command not found" message would appear. Solution 4: The logic to identify the running platform of the system has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [TT344382/DSSEG-368] When the Anti-Malware feature was turned ON and Real-Time Anti-Malware protection was in place on a Red Hat Enterprise Linux 7 computer, an unexpected operating system reboot was observed due to a real-time anti-malware driver hook. Solution 5: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-362] The Deep Security Virtual Appliance EPSEC library required an upgrade in NSX environments. Solution 6: The EPSEC library has been upgraded to 6.2.3 EAD and the Curl version has been upgraded to 7.49.1 Note: This fix is applicable to Deep Security Virtual Appliance only, which can be upgraded using RHEL (6x64) package shipped with this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [TT348208/DSSEG-382] An error occurred when the Deep Security Agent started on Red Hat Enterprise Linux 7. Restarting ds_agent (via systemctl): /usr/bin/pkttyagent: symbol lookup error: /lib64/libgobject-2.0.so.0: undefined symbol: g_match_info_unref Solution 7: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-385] A segmentation fault happened on Ubuntu 14 computers during activation of the Deep Security Agent. Solution 8: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-395] Leap Year Second for December 31, 2016 has been announced. Deep Security Agent and Deep Security Virtual Appliance needed to be tested. Solution 9: This release verifies that Deep Security Agent and Deep Security Virtual Appliance are not affected by Leap Year Second. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [TT351050/DSSEG-408] On a Deep Security Virtual Appliance, when dsa_slowpath_nx crashed, Deep Security Manager reported "Abnormal Restart Detected". Solution 10: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DSSEG-419] When a deployment script for activating the Deep Security Agent was run on a virtual machine belonging to a tenant (TN), instead of activating it with TN, the agent was activated with the primary tenant (T0). Solution 11: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-424] When a real-time anti-malware scan was enabled, the system service could not start or stop (for example, service httpd start). Additionally, the mount/umount reference count did not match. Solution 12: In order to apply this fix, import the new Kernel Support packages (KSP) and reboot the system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [TT352904/TT352648/DSSEG-431] When ds_am started, it caused a segmentation fault that created many core dump files. Solution 13: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 14: [DSSEG-452] The IPS engine could sometimes cause a system crash (kernel panic) when there was a certain rule combination and traffic pattern, Solution 14: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 15: [DSSEG-458] The anti-malware process ds_am sometimes crashed on Ubuntu 14. Solution 15: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 16: [DSSEG-454] An OpenSSL minor version upgrade was required to patch low-impact vulnerabilities like: CVE-2016-6305, CVE-2016-2182 and CVE-2016-6304 is required Solution 16: OpenSSL 1.0.2h is upgraded to 1.0.2j ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10 Deep Security Agent 9.6.2-7524 ===================================================================== 8.10.1 Enhancements ===================================================================== This release does not add any enhancements. 8.10.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue: [TT355120/TT355032/TT355030/DSSEG-511] Anti-Malware Engine becomes offline after upgrading Deep Security Virtual Appliance to build 9.6.2.7516. Solution: This issue is resolved in current release. Note: This issue only applies to Deep Security Virtual Appliance in VMware vCNS deployment. NSX deployment is not affected. 64-bit Red Hat 6 Deep Security Agent is not affected. Due to vCNS end of life support from VMware, to achieve optimized performance, it is recommended to upgrade VMware environment with current available latest versions of: vShield Manager: 5.5.4 Update 3 build 3953973 vShield Endpoint Driver: 6.0.0-03125211 VMware Tools 10.0.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12 Deep Security Agent 9.6.2-7723 ======================================================================== 8.12.1 Enhancements ===================================================================== Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 5 adds the following enhancements: Enhancement 1: [DSSEG-530] The Deep Security Agent communication port (4118) previously allowed connections using a Triple-DES based cipher suite. The Triple-DES based cipher suite was removed from the list of acceptable cipher suites and new SHA-256 based cipher suites were added. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12.2 Resolved Known Issues ===================================================================== Deep Security Agent 9.6 Service Pack 1 Patch 1 Update 5 fixes the following issues: Issue 1: [DSSEG-485] The Deep Security Relay Web Server port (4122) allowed SSL connections using Anonymous and Triple DES cipher suites. Solution 1: These cipher suites have been removed from the set of cipher suites allowed to connect to this server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-494] The Web Reputation Smart Protection Server setting was not able to add a local server without a port number. This was due to a logic error in the code. Solution 2: The issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-504] The version of expat used in the Deep Security Agent contained vulnerabilities. Solution 3: The expat used in the Deep Security Agent was replaced with the 2.2.0 version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-507] The version of nginx used in the Deep Security Relay contained vulnerabilities. Solution 4: The nginx used in the Deep Security Relay was replaced with the 1.10.2 version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-556] When the Intrusion Prevention rule "1000128 - HTTP Protocol Decoding" is enabled and "Specify raw characters that are not allowed in the URI:" is used, when the Deep Security Agent detects an illegal character, the Deep Security Manager will show the illegal character in an Intrusion Prevention event. However, the Deep Security Agent sometimes did not report the correct location of the illegal character, so it was not displayed correctly in the Deep Security Manager. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-600] The Deep Security Virtual Appliance splash screen caused a system crash when a perl process was terminated. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-615] When Anti-malware SIEM events were forwarded directly from the Linux Agent, the action field always showed "DenyAccess". Solution 7: The issue is fixed. The SIEM event now shows the actions correctly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-645] In Amazon Linux, docker containers failed to communicate with each other via network when the Deep Security Agent was installed. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-655] When a user upgraded Deep Security Agent software to 9.6.2.7599, the status of the software upgrade remained as "software sent" and the Deep Security Agent did not start. The workaround was to restart Deep Security Agent manually. Solution 9: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-616] The Deep Security Agent did not start automatically after installation. Systemctl showed that the ds_agent service was not found. Solution 10: The installation now automatically reloads the systemctl daemon. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Agent-RedHat_EL5-9.6.2-7723.i386.zip Agent-RedHat_EL5-9.6.2-7723.x86_64.zip Agent-RedHat_EL6-9.6.2-7723.i386.zip Agent-RedHat_EL6-9.6.2-7723.x86_64.zip Agent-RedHat_EL7-9.6.2-7723.x86_64.zip Agent-Oracle_OL5-9.6.2-7723.i386.zip Agent-Oracle_OL5-9.6.2-7723.x86_64.zip Agent-Oracle_OL6-9.6.2-7723.i386.zip Agent-Oracle_OL7-9.6.2-7723.i386.zip Agent-Oracle_OL6-9.6.2-7723.x86_64.zip Agent-SUSE_10-9.6.2-7723.i386.zip Agent-SUSE_10-9.6.2-7723.x86_64.zip Agent-SUSE_11-9.6.2-7723.i386.zip Agent-SUSE_11-9.6.2-7723.x86_64.zip Agent-SUSE_12-9.6.2-7723.x86_64.zip Agent-Ubuntu_10.04-9.6.2-7723.x86_64.zip Agent-Ubuntu_12.04-9.6.2-7723.x86_64.zip Agent-Ubuntu_14.04-9.6.2-7723.x86_64.zip Agent-Ubuntu_16.04-9.6.2-7723.x86_64.zip Agent-amzn1-9.6.2-7723.i386.zip Agent-amzn1-9.6.2-7723.x86_64.zip Agent-CloudLinux_5-9.6.2-7723.i386.zip Agent-CloudLinux_5-9.6.2-7723.x86_64.zip Agent-CloudLinux_6-9.6.2-7723.i386.zip Agent-CloudLinux_6-9.6.2-7723.x86_64.zip Agent-CloudLinux_7-9.6.2-7723.x86_64.zip Agent-Debian_6-9.6.2-7723.x86_64.zip Agent-Debian_7-9.6.2-7723.x86_64.zip For Amazon EC2, use either the Red Hat Enterprise 6 Agent package (32-bit or 64-bit) or the SUSE 11 Agent package (64-bit), depending on the base operating system used by your Amazon AMI. For a list of specific Linux kernels supported for Amazon, see the document titled Deep Security 9.6 Supported Linux Kernels. 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide 13. Third-Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2017 Trend Micro Inc. All rights reserved. Published in Canad