<> Trend Micro Incorporated August 29, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Readme for Trend Micro (TM) Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Platforms: Windows Server 2012 (64-bit), Windows Server 2012 R2 (64-bit), Windows Server 2008 (64-bit), Windows Server 2008 R2 (64-bit), Windows Server 2003 R2 SP2 (64-bit), Red Hat Enterprise Linux 5 (64-bit), Red Hat Enterprise Linux 6 (64-bit), Red Hat Enterprise Linux 7 (64-bit) Not Supported: Red Hat Enterprise Linux (RHEL) Xen Hypervisor Windows Server 2012 Core Windows Server 2008 Core Deep Security Manager is no longer supported on 32-bit versions of the Windows platform. Date: August 29, 2017 Release: 9.6 Service Pack 1 Patch 1 Update 11 Build Version: 9.6.4145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This product is subject to the terms detailed in the license agreement and copied to the install directory. For more information about the Trend Micro suite of Deep Security products, visit our website at: http://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/ index.html Download the latest version of this readme from the Deep Security page at the Trend Micro Download Center website: http://downloadcenter.trendmicro.com/ Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at docs@trendmicro.com. Your feedback is always welcome. Contents =================================================================== 1. About Deep Security 9.6 Service Pack 1 Patch 1 Update 11 1.1 Overview of This Release 1.2 Who Should Install This Release 1.3 Upgrade Notice 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 6. Known Incompatibilities 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement 13. Third-Party Software =================================================================== 1. About Deep Security 9.6 Service Pack 1 Patch 1 Update 11 ======================================================================== 1.1 Overview of This Release ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 11 contains no feature enhancements but includes some bug fixes. For a list of the major changes in Deep Security 9.6, please see the "What's New" section of the Installation Guides, which are available for download from the Trend Micro Download Center. 1.2 Who Should Install This Release ===================================================================== You should install this release if you are currently running Deep Security 9.0 SP1 Patch 5, 9.5 SP1 Patch 3, 9.6 Service Pack 1, or 9.6 Service Pack 1 Patch 1. All new Deep Security users should install Deep Security 9.6 Service Pack 1 Patch 1 Update 11. 1.3 Upgrade Notice ===================================================================== - If you choose to upgrade your Deep Security Manager to version 9.6 Service Pack 1 Patch 1 Update 11 while running older versions of Deep Security Agents under protection, you will be warned during the upgrade installation that this version will no longer be able to communicate with those Agents. Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 11 ONLY supports the latest 9.0 SP1 and 9.5 SP1 versions of Deep Security Agent, and Deep Security Virtual Appliance. Please refer to the "Known Incompatibilities" section of this readme file for details. - Deep Security 9.6 Service Pack 1 Patch 1 Update 11 does not support ESXi version 4.1. To deploy Deep Security 9.6 Service Pack 1 Patch 1 Update 11, your VMware infrastructure (vCenter, vShield Manager, vShield Endpoint, and vShield Endpoint drivers) must be upgraded to version 5.x. Also be sure to read the VMware documentation for upgrading your VMware environment including the KB article on VMware's web site: http://kb.vmware.com/kb/2032756 http://kb.vmware.com/kb/2052329 - Coordinated approach is no longer supported in Deep Security 9.6 Service Pack 1 Patch 1 Update 11. If you are upgrading to Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 11, any virtual machines that have a Deep Security Agent installed and are on an ESXi server that is protected with a Deep Security Virtual Appliance (DSVA) will be converted to Combined Mode. Combined Mode will be enabled when the DSVA or Agent is activated. In Combined Mode, the Deep Security Virtual Appliance (agentless protection) provides Anti-Malware protection and Integrity Monitoring in supported Windows platforms, while the rest of the features are provided by the Agent. - Prior to upgrading the Deep Security Manager to 9.6 Service Pack 1 Patch 1 Update 11, check if the communication between the Deep Security Manager and MS SQL Server database is encrypted. Note that this is disabled by default and would have been manually configured. To check, verify whether the Deep Security Manager\webclient\webapps\ROOT\WEB-INF\ dsm.properties file contains the line: database.SqlServer.ssl=require If it exists, disable the encryption by deleting the line and restarting the Deep Security Manager service before upgrading. Add the line back after the upgrade. Failure to disable the encryption will cause the upgrade to fail. - Deep Security 9.6 Service Pack 1 Patch 1 includes the improvements to scalability and efficiency that were added as part of the Deep Security 9.6 Service Pack 1 Patch 1 release. If you are not already running Deep Security 9.6 Service Pack 1 Patch 1, this release makes it more easy and organized to perform database schema in steps mentioned in following Knowledge Base Article. Administrators upgrading to this Patch 1 are required to follow this KB upgrading their database schema. http://esupport.trendmicro.com/solution/en-US/1112218.aspx As usual, backup your database before upgrading and consider performing the upgrade during off-hours. To back up your 9.6 SP1 Deep Security data, see "Database Backup and Recovery" in the your Deep Security 9.6 SP1 online help or Administrator's Guide. Your Deep Security Agents and Appliances will continue to provide protection during the upgrade process. 2. What's New ======================================================================== 2.1 Enhancements ===================================================================== There are no enhancements in this release. 2.2 Resolved Known Issues ===================================================================== This release resolves the following issue: Issue 1: [DSSEG-1334/SEG-12684] Deep Security Manager would not allow empty scan file lists or scan directory lists. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Deep Security 9.6. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying Deep Security 9.6. The following Installation Guides are available in Trend Micro Download Center: Deep_Security_96_SP1_Install_Guide_basic_EN.pdf Deep_Security_96_SP1_Install_Guide_vcloud_EN.pdf Deep_Security_96_SP1_Install_Guide_nsx_EN.pdf Deep_Security_96_SP1_Install_Guide_vmsafe_EN.pdf Deep_Security_96_SP1_Install_Guide_azure_EN.pdf - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining Deep Security 9.6. It also contains post-installation instructions on how to configure the settings to help you get Deep Security "up and running". All of the content of the Administrator's Guide can be found in the Deep Security Manager's online help. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com - TrendEdge is a program for Trend Micro employees, partners, and other interested parties that provides information on unsupported, innovative techniques, tools, and best practices for Trend Micro products. The TrendEdge database contains numerous documents covering a wide range of topics. http://trendedge.trendmicro.com 4. System Requirements ======================================================================== For a complete list of the System requirements, please refer to the Deep Security 9.6 Installation Guide. 5. Installation ======================================================================== Refer to the "Deep Security Manager 9.6 Installation Guide", available for download from the Trend Micro Download Center. 6. Known Incompatibilities ======================================================================== - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 11 does not support version 8.0 and earlier versions of Deep Security Virtual Appliance and Deep Security Agent. - When adding vCloud in this version of Deep Security, only agentless Anti-Malware and Integrity Monitoring in vCNS is supported and must be added only to the tenants. NSX, Combined Mode and adding vCloud to the primary tenant is not supported. 7. Known Issues ======================================================================== - Some platforms (e.g. Linux) do not distinguish network interfaces at the packet level, when they are connected to the same network. When enabling "Policy -> Interface Types -> Rules can apply to specific interfaces" on these platforms, firewall policies that attempt to distinguish between network interfaces connected to the same network will result in only one of the policies being applied. [29543] - The Trusted Platform Module (TPM) monitoring does not work on vSphere 6 environment. When enabled, the event "The vCenter sent empty or unreliable TPM information that has been ignored. This is only an issue if the problem persists" will appear. In rare circumstances, the value may also be unreliable on vSphere 5.5 environment. VMware is already investigating this issue. [29268/27166] - When doing vMotion of many simultaneous VMs, some of the VMs may appear as Anti-Malware Engine Offline after it moves to the new host. This occurred because the DSM checked the status of the VMs during heartbeat before the vMotion is finished. Doing another check status or waiting for the next heartbeat will fix the status. [28825] - Deep Security Azure Connector does not identify virtual machines created by Azure Resource Manager a.k.a ARM VM (v2). DSA installed in ARM VM will not be included in Azure connector but in normal computer list. This limitation will have no impact on security features provided by Deep Security. [29630] - If vMotion occurs while Anti-Malware scan is happening, there is a possibility that the scan will not continue after moving from one Agentless protected host to another. If you see an event saying "Manual Malware Scan Failure" or if you see a "Manual Malware Scan Started" without a corresponding "Manual Malware Scan Completed", then this means that the scan has stopped and did not finish. [28059] - During the upgrade process after removing the Filter Driver, Deep Security Manager 9.6 Patch 1 will display "Intrusion Prevention Engine Offline and Firewall Engine Offline" regardless of policy until the Deep Security Virtual Appliance is upgraded to version 9.6 Patch 1. [28992] - If the Deep Security Relay is down during deployment of Deep Security Virtual Appliance, it will fail to upgrade to version 9.6 and will cause the vShield Endpoint to not register. Even after the Deep Security Virtual Appliance upgrade becomes successful, the vShield Endpoint will remain in a Not Registered state. Reactivating the Deep Security Virtual Appliance will resolve this issue. [28712] - If agentless Anti-Malware real-time protection is turned off, the notifier will not get any status updates from the appliance. It will then turn off Antivirus protection in the Windows Action Center. [29230/29574] - When you deactivate the Deep security Virtual Appliance or agentless protection, the notifier will not be able to get any status from the Deep Security Virtual Appliance. The notifier knows that Anti-Malware is not working so it will turn it off in the Windows Action Center. It does not know the status of the firewall so it will leave the firewall status in the Windows Action center in its last known state. [29230/29574] - The CPU Usage (Agent only) setting under Manual and Scheduled Scan Configuration in the Deep Security Manager console is not working on SUSE 10 SP3 and SP4. [20717] - Agentless protection is not supported in ESX 5.1 with NSX. ESX 5.5, VCenter 5.5 and NSX Manager 6.0.5 are the minimum requirements for agentless protection. [22062] - Excluding a folder in Anti-Malware agentless protection would also exclude folders that starts with the same folder name. For example, excluding c:\temp also excludes c:\temp1 and c:\temp2 from Anti-Malware scanning. [22037] - Anti-Malware, Web Reputation, Integrity Monitoring, and Log Inspection should not be enabled on the policy that is assigned to the Deep Security Virtual Appliance itself. These features are not supported when applied to the Deep Security Virtual Appliance and may produce error events. [21250] - It can take up to 30 minutes before the appliance is ready for deployment through NSX Manager after importing the Deep Security Virtual Appliance package to the DSM. Deploying the appliance before the package is in place at \temp would result in failure. [23150] - The Deep Security Manager will display the platform of CentOS machines as Red Hat. This is because the agent package used in CentOS and Red Hat are the same and labeled as Red Hat agent package. [21674/25156] - Location awareness will not work on pure IPv6 environment. [12776] - Infected file will still appear in Quarantined Files list even if the Anti-Malware Event says Quarantine Failed. [21620] - In the computer updates page, DSM will show Smart Scan Agent Pattern, Spyware Active Monitoring Pattern and Virus pattern in Deep Security Agent for Linux regardless of the scan mode. [21829] - Software update using IPv6 is currently not supported by Trend Micro download center. [25937] - Deep Security Agent running on SUSE in Azure cloud will not be managed under Azure cloud account in the Deep Security Manager. The agent will appear under normal computers list. [26499] - After Deep Security Agent upgrade, the event "Abnormal Restart Detected" may appear. The upgrade is not affected by this event and may be safely ignored. Do Clear Warnings and Errors and perform a Check Status to reflect the actual status of the agent. [26619] - The Out of Sync relays hyperlink displays the correct count but clicking the link will display both out of date computers and relays. [23418/21042] - In NSX 6.1.2 and earlier, if more than one NSX Security Groups are defined and applied to the NSX Security Policy that contains Deep Security Services, any un-applying of the policy will not be reflected in Deep Security Manager with respect to NSX Security Group membership. [25304] - In NSX 6.1.1 and earlier, if you remove the Deep Security Services from an NSX Security Policy, it will not be reflected in Deep Security Manager with respect to NSX Security Group membership. [25303] - Deep Security Manager does not support installation paths that contain special characters (non-alphabet and non-numeric characters). The same restriction also applies to the database name and/or database account used by Deep Security Manager. [16708] - When a user runs Agent-initiated recommendation scan using the "dsa_control -m RecommendationScan:true" command, no system event related to recommendation scan is recorded. - In rare situations, Deep Security Manager may not correctly identify the status of the EPsec Driver installed on an ESXi. When you activate an Appliance, if Deep Security Manager does not identify the correct status of vShield Endpoint, it will not register with the vShield Manager. If Deep Security Manager gives you this warning, perform a full "Synchronize" with your vCenter and it will update the current installation status of all drivers on all ESXi(s) in the environment. [17636] - In Multi-Tenant installations, the Primary tenant Deep Security Manager may cause "Reconnaissance Detected: Network or Port Scan" alerts on Tenants' Deep Security Managers. To avoid these alerts, Tenants can manually add the Primary Tenant's Deep Security Manager IP address to the "Ignore Reconnaissance" IP list. (Policies > Common Objects > Lists > IP Lists). [17175] - In rare cases, adding a vCloud or AWS Cloud Account in Deep Security Manager can result in the creation of two identical Cloud Accounts. If this occurs, either one of the two accounts can be safely removed. [17280/17051] - In a cloud provider environment if the "Enable regular synchronization with Cloud Provider" option is disabled, changing the Deep Security Agent hostname will disrupt the communication between Deep Security Manager and Deep Security Agent. Trend Micro strongly recommends keeping the "Enable regular synchronization with Cloud Provider" option ON. [15608] - If the Manager node(s) and the Database are installed on machines with synchronized clocks but configured for different time-zones, an error indicating that the clocks are not synchronized will be triggered incorrectly. [17100] - On Windows 2008 and Server 2012 systems, after installing the Deep Security Manager with a co-located Relay, the Deep Security Notifier icon does not automatically appear in the Windows notification area. However, the Deep Security Notifier will still function. Users need to re-launch the Deep Security Notifier from the "Start" menu or restart the system. [17533] - When using Deep Security in iCRC mode, a DNS server must be available. If a DNS server is unavailable the Anti-Malware feature of the Deep Security Virtual Appliance may not function correctly. [Deep Security 8.0-01169] - Deep Security Manager does not support License updates or connecting to the Trend Micro Certified Safe Software Service using a SOCKS5 proxy. To use these two features, use an HTTP proxy. [Deep Security 8.0-1024] - In certain cases, when attempting to use the dsm_s stop command on Linux to stop the Deep Security Manager service, you may get the following message: "Timeout. Daemon did not shutdown yet." Dsm_s is based on install4j whose timeout value is 15 seconds, which cannot be changed. The Deep Security Manager may require longer than this to shut down. To ensure the service has been shut down run the "ps -ef | grep DSMService" command before using the dsm_s stop command. [Deep Security 8.0-00095] - Air-gapped Relays will still try to contact an Update Server to check for Updates. To avoid update failure alerts, set the Relay to use itself as an update source: 1. In the Relay's "Details" window, go to "System > System Settings > Updates". 2. In the "Relays" area, select "Other Update Source:" and add "https://localhost:4122". 3. Click "Save". [Deep Security 8.0-01124] - If an ESXi with an installed vShield Endpoint driver is removed from its vCenter, Deep Security Manager cannot detect the installed driver if the ESXi is later re-added to the vCenter. This will cause any newly Deep Security Virtual Appliance- protected virtual machines to not have Anti-Malware enabled. The workaround is to uninstall and reinstall the driver through the VSM. [Deep Security 8.0-01036] - Intrusion Prevention is not supported over SSL connections when using IPv6. - The Anti-Malware scan inclusion/exclusion directory settings are sensitive to forward slash "/" and backslash "\". For use with Windows operating systems the inclusion/exclusion paths must use the backslash "\". [7.5 SP1-00231] - When creating custom Integrity Monitoring Rules using the "RegistryKeySet" tag, the attribute values must be in uppercase letters. For example, . Using lowercase may result in an "Integrity Monitoring Rule Compile Issue" error. [7.5 SP1-00171] - Malware scans of network shared folders are only supported using real-time scan. Manual scans or scheduled scans will not work. [7.5-00012] - If a CD or a mounted ISO file contains malware and the Anti-Malware configuration is set to "Delete" upon detection, Deep Security Manager will still report that the malware was "deleted" even if it was unable to do so. [7.5-00010] - Deep Security Manager cannot display an incorrect filename event in the Anti-Malware Event if the malware was found in the "Recycle Bin". [7.5-00023] - During an upgrade, the Deep Security Manager service may not be able to install properly on some platforms if the "Services" screen is open. To work around this, make sure the "Services" screen is closed prior to installation or upgrade of Deep Security Manager. - If you receive a "java.lang.OutOfMemoryError" error during the installation of Deep Security Manager, please refer to the "Installation Guide" for instructions on how to configure the maximum memory usage for the installer. - During an upgrade, if you receive a message stating that the Deep Security Manager cannot start the service, restarting Deep Security Manager usually fixes the problem. In rare cases, you may have to run the installer again in Upgrade/Repair mode after restarting. - If Windows Firewall is enabled on Deep Security Manager, it may interfere with port scans causing false port scan results. Windows Firewall may proxy ports 21, 389, 1002, and 1720 resulting in these ports always appearing open regardless of any filter placed on the computer. - By default Exchange 2000 and later servers will dynamically assign a non-privileged port (1024-65535) for communications between the client and the server for the System Attendant, Information Store, and Name Service Provider Interface (NSPI) services. If you will be using the Microsoft Exchange Server profile with an Exchange 2000 or later server then you should configure these services to use static ports as described in the article "Exchange 2000 and Exchange 2003 static port mappings" (http://support.microsoft.com/?kbid=270836). Once static ports have been configured you should extend the appropriate Exchange Server port list to include the ports that have been assigned to these services. You may also want to set the "No RFR Service" registry setting to "1" to prevent the Exchange server from referring clients to the domain controller for address book information. See the article "How Outlook 2000 Accesses Active Directory" (http://support.microsoft.com/?kbid=302914) for more information. Alternatively, it is possible to configure Exchange RPC to run over HTTPS if you are using Outlook 2003 on Windows XP Service Pack 1 or later with Exchange Server 2003. In this case only port 443 needs to be added to the Exchange port list. - The "Recommendation" Alert may remain raised on some computers even after all recommended Intrusion Prevention, Integrity and Log Inspection Rules appear to have been applied. This can occur because even though an "Application Type" may be recommended for a computer, the "Application Type" will not be displayed in the "Show Recommended" view if no Intrusion Prevention Rules associated with Application Type are currently recommended. To resolve the situation, use the "Show All" view of the Intrusion Prevention Rules screen and assign all recommended "Application Types" (even if no associated Rules are currently recommended). Alternatively, you can just dismiss the alert after verifying that you have assigned all recommended rules to the computer. [8345] - When an Appliance-protected VM is migrated from one Appliance-protected ESXi to another, and if that virtual machine currently has warnings or errors associated with it (for example "Reconnaissance Detected"), those errors may incorrectly get cleared during the migration. [10602] - Log Inspection Events have a size limitation of 6000 characters. 8. Release History ======================================================================== See the following website for more information about updates to this product: http://www.trendmicro.com/download - Deep Security Manager 9.6, Build 9.6.1589, August 12, 2015 - Deep Security Manager 9.6 Patch 1, Build 9.6.2613, October 30, 2015 - Deep Security Manager 9.6 Service Pack 1, 9.6.3177, December 15, 2015 - Deep Security Manager 9.6 Service Pack 1 Patch 1, 9.6.3400, April 22, 2016 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Critical Patch 1, 9.6.4000, May 31, 2016 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 1, 9.6.4014, June 30, 2016 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 3, 9.6.4064, October 14, 2016 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 4, Build 9.6.2-4072, November 30, 2016 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 5, Build 9.6.2-4085, January 20, 2017 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 6, Build 9.6.2-4093, February 21, 2017 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 7, Build 9.6.1-4111, April 19, 2017 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 8, Build 9.6.4125, June 02, 2017 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 9, Build 9.6.4133, June 26, 2017 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 10, Build 9.6.4143, August 03, 2017 - Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 11, Build 9.6.4145, August 29, 2017 8.1 Deep Security Manager 9.6.1589 ===================================================================== 8.1.1 Enhancements ===================================================================== Deep Security Manager 9.6.1589 adds the following enhancements: VMware vSphere 6 Support - Deep Security 9.6 now supports vSphere 6. NSX 6.1.4 Support and Integration - Agentless Anti-Malware, Integrity Monitoring, WRS, Firewall and Intrusion Prevention are available with NSX. vCNS 5.5.4 Support - Agentless Anti-Malware and Integrity Monitoring are available for vCNS Combined Mode with Agentless Anti-Malware and Integrity Monitoring and agent based support for WRS, Firewall and Intrusion Prevention. SAP Protection For Linux - Deep Security has integrated the SAP adapter into the Deep Security Agent. The SAP adapter works seamlessly with the SAP VSI interface (also referred to as NW-VSI-2.0). The VSI interface is available in applications and platforms such as NetWeaver, HANA and Fiori. - The SAP adapter has been fully incorporated in to Deep Security 9.6 as part of the Red Hat Enterprise Linux and SuSE Enterprise Linux builds and can now be licensed directly through Deep Security Manager. IBM QRadar Support - Deep Security can now output syslog inLog Event Extended Format (LEEF 2.0) for integration with IBM QRadar. DSM Database Support for Oracle 12c - Deep Security Manager now supports Oracle 12c for it's back end database. Active Directory Synchronization on Login - New users created in Active Directory can now log in to Deep Security Manager before the Active Directory Synch task has been run. Minor Report Enhancements - The Security Module usage report now has columns for the Computer Group and the Instance Size (for AWS workloads). Automatic Updates of Online Help - The Deep Security online help can now be updated seamlessly in Deep Security Manager through a new Online Help package. Deep Security Relay Downloads from Trend Micro Download Center - In situations where the Deep Security relay cannot directly access the Deep Security Manager, the relay can now download software updates from Trend Micro Download Center. 8.1.2 Resolved Known Issues ===================================================================== This release includes all resolved issues that were resolved in Deep Security 9.5 SP1 except those explicitly listed in the section "Known Issues in Deep Security Manager 9.6 Patch 1" above. 8.2 Deep Security Manager 9.6.2613 ===================================================================== 8.2.1 Enhancements ===================================================================== Deep Security Manager 9.6 Patch 1 adds the following enhancements: Enhancement 1: [30197] By default, the Deep Security Manager console uses TLSv1, TLSv1.1, TLSv1.2 protocols to communicate with port 4119. This release enhances the Deep Security Manager's capability to allow configuration of supported protocols by adding the protocols parameters to the configuration.properties file or limiting this communication to use any single protocol. Follow the procedure below to use this capability. Procedure to change settings: a) Stop the Deep Security Manager Service. b) Open the configuration.properties file under C:\ProgramFiles\ TrendMicro\DeepSecurityManager. c) Add the following entry at the end of file and save the file: protocols=TLSv1.2 Note: You can define more than one protocol by separating them with commas, for example: protocols=TLSv1,TLSv1.1,TLSv1.2 d) Start the Deep Security Manager Service. e) Use the OpenSSL s_client command to verify the protocol on the Deep Security Manager's Web Console port 4119 as follows: OpenSSL> s_client -connect Deep_Security_Manager_IP_Address:4119 Under the SSL-Session section, verify that Protocol is TLSv1.2 or the one you defined in the configuration.properties file. Please Note: This change of protocol type for the Deep Security Manager's web console port 4119 affects operations like accessing the web GUI from a browser, preparing an ESXi server for Filter Driver, deploying Agents using deployment scripts, and deploying the Deep Security Virtual Appliance in an NSX environment. Administrators modifying the configuration.properties file are required to ensure that the Operating System they are using for deploying Agents using deployment scripts supports the protocol defined in the configuration.properties file. Otherwise, the deployment will fail. This is also true for different ESXi versions customers are using in preparing ESXi in non-NSX environment, and deploying DSVA in an NSX environment. Enhancement 2: [29471] This release added more detailed debug level logging for vCenter Server synchronization with Deep Security Manager. Enhancement 3: [30083/30269] The Deep Security Network Engine has been enhanced to choose Anti-Evasion Settings for the Intrusion Prevention System. These settings are available under Computer > Settings > Network Engine Tab. For more details, please refer to Online Help. 8.2.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Patch 1 resolves these issues: Issue 1: [29753] The Deep Security Manager handled the connection type for some policies incorrectly. In some cases, unnecessary rules were recommended. Solution 1: The Deep Security Manager code logic has been corrected to fix this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [29979] Agent reactivation did not work when only Agent-initiated communication was allowed. Solution 2: This code defect has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [29966] With Deep Security Manager 9.6, it was no longer possible to place Environment Variables inside an exception list, for example, ${windir}. If set to backslash, this error also appeared "The list of directories contains an invalid entry. All directory paths must end with a slash. ('\' for Windows, '/' for Linux.)". Solution 3: A change to the logic of the validating Environment Variable caused the breakage. The new logic has been enhanced to cover this case as well as other cases that were supported previously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [30144] The Deep Security Manager 9.6 included a database schema change. While upgrading to 9.6 version, customers encountered an upgrade timeout situation and restarted the Deep Security Manager service while the schema upgrade was happening. This was being triggered because the Deep Security Manager console waited for only 10 minutes for the Deep Security Manager service to start. As a result, the database schema upgrade became corrupted or migration stopped. Solution 4: In this Patch, the upgrade process is being divided into steps: a) First, use the steps in this Knowledge Base Article to upgrade the database schema: http://esupport.trendmicro.com/solution/en-US/1112218.aspx b) Once the database schema change/migration is completed, run the installer as usual to upgrade Deep Security Manager to Patch 1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [30154] The Deep Security Manager did not check the parse item count, so when a File List item consisted of only comment '#' symbols, it caused an ArrayIndexOutOfBoudsException. Solution 5: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [30229] When the Ongoing Recommendation Scans option was configured, it sometimes did not run properly. Solution 6: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [30223] Deep Security Manager produces reports generated by the Reports page. "Security Module Usage Report" when run, outputs the current computer's usage of protection modules. This report outputs duplicated records for the Primary Tenant's computers. Solution 7: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [TT331775/30255] The vCloud Synchronization with Deep Security Manager sometimes failed. As a result, no new virtual machines would be populated or updated within the Deep Security Manager after adding a new vCloud Organization. Solution 8: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-1] If an Event-based Task was configured to watch for an "Agent-Initiated Activation" event and then perform an "Assign Policy" action, the task was not performed successfully. When Agent-initiated Activation occurred, the policy was not assigned. Solution 9: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [TT333576/DSSEG-17] The "Recommendation Report" showed "Not Assigned" for application groups, which caused confusion about whether the rules were actually applied. Also, some icons were grayed out. Solution 10: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [30388/DS-518] The Deep Security Manager's Server0.log file showed some exceptions if recommendation scans were being run, when security updates were being pulled and the Deep Security Manager did not have appropriate resources to handle this situation. Solution 11: This issue has been fixed in this release. 8.3 Deep Security Manager 9.6.3177 ===================================================================== 8.3.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 adds the following enhancements: Increased NSX Policy Integration - To allow for NSX certification, Deep Security Manager can now be configured to synchronize its policies with NSX. This creates a matching NSX Service Profile (which we call a "Mapped Service Profile") for each of the Deep Security policies. The Mapped Service Profiles are available as a choice when creating NSX Security Policies. - vRealize Blueprints can be configured with either an NSX Security Group or an NSX Security Policy that uses a Mapped Service Profile. This will result in VMs being activated and assigned particular Deep Security policies. Multi-factor Authentication with Google Authenticator - You can now enable multi-factor authentication when logging in to Deep Security Manager. Windows 10 Support - The Deep Security Agent can protect computers that are running Microsoft Windows 10. Note: Agentless support requires an update from VMware and is currently unavailable. Real-Time Anti-Malware Support for Amazon Linux - Real-time Anti-Malware support is now available on Amazon Linux. Terms and Conditions - Deep Security Manager can be configured to require users to accept Terms and Conditions before logging in to the Deep Security Manager. Report Classifications - The Reports feature has a new option that allows you to classify and mark reports using: - Top Secret - Secret - Confidential - For Official Use Only - Law Enforcement Sensitive (LES) - Limited Distribution - Unclassified - Internal Use Only Security Module Usage Cumulative Report - A new "Security Module Usage Cumulative" report extends the current Security Module Usage report. The new report provides a cumulative total and the total in blocks of 100, of the protection modules that were active over the course of a specified timeframe. 8.3.2 Resolved Known Issues: ===================================================================== The Deep Security Manager 9.6 Service Pack 1 resolves these issues: Issue 1: [DS-513] A newly-deployed Deep Security Virtual Appliance would always get 169.254.1.39 vNIC address, even if it was being configured differently from the Deep Security Manager console at the time of deployment. Solution 1: This has been fixed in current release. NOTE: This fix ONLY applies to the Deep Security Virtual Appliance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DS-1739] When offline vMotion happened, an "Send Policy Failed" error occurred before Deep Security Manager activated the VMs. Solution 2: The problem with Deep Security Manager has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DS-1626] The vCloud Synchronization with Deep Security Manager sometimes fails, as a result of which, no new virtual machines get populated or updated within DSM after adding a new vCloud Organization. Solution 3: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DS-1623] A thread in the iCRC common module behaved abnormally and could trigger a high CPU usage issue. Solution 2: This Patch resolves the issue by disabling the abnormal thread in the iCRC common module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DS-522] Deep Security Manager accepts some invalid directory/ file paths under exclusion lists for various policy configurations. Solution 3: Improved the existing validations in the Deep Security Manager to prevent invalid file/directory paths. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DS-730] Agent reactivation did not work when only Agent-initiated communication was allowed. Solution 4: This code defect has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DS-1334] When the Ongoing Recommendation Scans option was configured, it sometimes did not run properly. Solution 5: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DS-515] The Deep Security Manager did not check the parse item count, so when a File List item consisted of only comment '#' symbols, it caused an ArrayIndexOutOfBoudsException. Solution 6: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DS-492] The Deep Security Manager 9.5 SP1 Patch 1 included a database schema change. While upgrading to Patch 1, customers encountered an upgrade timeout situation and restarted the Deep Security Manager service while the schema upgrade was happening. This was being triggered because the Deep Security Manager console waited for only 10 minutes for the Deep Security Manager service to start. As a result, the database schema upgrade became corrupted or migration stopped. Solution 7: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DS-524] The Deep Security Manager reset the virtual appliance ID to the old DSVA after VMotion happened to clean up rogue Agents. This caused a mismatch of ESXi and DSVA information for the virtual machine. Solution 8: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DS-514] With Deep Security Manager 9.5 SP1, it was no longer possible to place Environment Variables inside an exception list, for example, ${windir}. If set to backslash, this error also appeared "The list of directories contains an invalid entry. All directory paths must end with a slash. ('\' for Windows, '/' for Linux.)". Solution 9: A change to the logic of the validating Environment Variable caused the breakage. The new logic has been enhanced to cover this case as well as other cases that were supported previously. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DS-1627] Constraints violation errors were continuously reported in the Deep Security Manager (9.5) log files after migrating from Deep Security Manager version 8.x to 9.5. The upgrade process failed to migrate existing hosts related data to new table(s). One of the fields in the Deep Security Manager database table, AntimalwareHosts, was not null-able, causing these errors to appear repeatedly in the Deep Security Manager logs. Solution 10: This issue has been fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DS-525] Due to an incorrect API, Deep Security Manager sometimes did not recommend certain Intrusion Prevention rules because it was unable to correctly parse the host metadata. Solution 11: This release resolves this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DS-1617] A Deep Security Virtual Appliance recommendation scan request would time out when a customer had another anti-malware product running on the VM that affected the file scan performance. The timeout value was hard- coded and could not be configured to extend its value. Solution 12: This release has been enhanced with a new setting to configure the timeout value. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [DS-1625] Any directory list created using wild card characters could not be saved and used for Scan Settings for Anti-Malware configuration. However, a bug was identified under Real-Time and Scheduled Scan configuration, where re-editing the wild card settings and removing those wild cards from Directory Lists twice could actually save the wild card under this list, which caused confusion. Solution 13: This issue has been fixed in this release. The wild cards cannot be used under scan settings for directory list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 14: [DS-739] The ds_filter process would sometimes crash after a virtual machine data transmit was completed during VMotion or if the virtual machine was powered off abnormally. Solution 14: The code has been fixed in this release to avoid crashing. 8.4 Deep Security Manager 9.6.3400 ====================================================================== 8.4.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 adds the following enhancements: Enhancement 1: [DSSEG-141] The new Korean AWS region (Seoul) is being added for "Add Cloud Account" under Amazon Cloud Provider. Enhancement 2: [DSSEG-191] The Deep Security Manager installer now includes the DSRU version 16-007.dsru as base version by default. Enhancement 3: [DSSEG-162] Deep Security Agent is being enhanced to log "Agent Self-Protection Enabled" or "Agent Self-Protection Disabled" events under System Events when the Agent Self-Protection settings are modified in the Deep Security Manager console (under Computer > Settings > Agent Self-Protection section), or using the dsa_control command-line utility. Enhancement 4: [DSSEG-140] In previous releases, the Deep Security database connection string path does not support LDAP syntax in Oracle Databases. If an administrator uses Oracle cluster with Oracle Internet Directory (OID), it is not supported by Deep Security Manager. This enhancement allows the Deep Security Manager to make connections to a cluster environment, rather than only ONE Oracle server, and allows the Deep Security Manager to accept LDAP syntax as the connection string. To implement this enhancement: 1. Stop the Deep Security Manager Service. 2. Open the "dsm.properties" file located here: For Windows: C:\Program Files\Trend Micro\Deep Security Manager \webclient\webapps\ROOT\WEB-INF For Linux: /opt/dsm/webclient/webapps/ROOT/WEB-INF 3. Add the following at the end of the "dsm.properties" file: database.Oracle.ldapEnable=1 database.Oracle.ldapSyntax=ldap://dbserver1.ds.com:389/DS,cn=dbserver1,dc=ds,dc=com ldap://dbserver2.ds.com:389/DS,cn=dbserver2,dc=ds,dc=com 4. Save the "dsm.properties" file. 5. Start the Deep Security Manager Service. Enhancement 5: [DSSEG-132] As a vulnerability fix, the following new log reasons are added to the Deep Security Agent code: log_reason_invalid_timestamp = 153, log_reason_syn_with_data = 154, log_reason_tcp_split_handshake = 155, The Deep Security Manager is enhanced to log these events properly. Enhancement 6: [DSSEG-135] When the Deep Security Manager receives a maintenance event (to put the ESXi Server into maintenance mode) from vCenter, it starts a thread and waits for 10 minutes for other VMs to turn off or get vMotion, then it sends a 'shutdown' command to Deep Security Virtual Appliance. However, if the 10 minutes time out, the thread would throw an exception "Timed out waiting for VMs to be stopped or moved" and then exits. This event would be lost and the vCenter maintenance job would be stuck. Deep Security Manager now checks whether all other VMs are being shut down or vmotioned and the thread waits until no activities are ongoing. 8.4.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 resolves these issues: Issue 1: [TT-338284/DSSEG-115] While upgrading the Deep Security Manager from older versions, sometimes the value for column "MajorVirusType" for table "antimalwareevents" remains NULL. As a result, all those with NULL value could not be displayed correctly from the Deep Security Manager console. Solution 1: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT337361/DSSEG-71] Deep Security Manager sometimes raises an "Internal Error" during the Deep Security Virtual Appliance activation process if the environment is not stable. Solution 2: To address this issue, a timeout value for the POST command execution is being implemented. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [TT#335271/DSSEG-23] If a scheduled task is created and saved but not enabled, and a user later right-clicked the task and clicked "Enabled Task", the task is enabled and also started, which is not the correct behavior. Solution 3: This behavior has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-88] Under certain circumstances, the use of Event-Based Tasks triggered by Agent-Initiated Activation to assign Deep Security Policies based on AWS EC2 instance tags would fail. Solution 4: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-118] When a Scheduled Task is configured to download Security Updates, it would sometimes fail because the Deep Security Agent received two UpdateComponent commands from the Deep Security Manager. Solution 5: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [TT336697/DSSEG-136] Enabling Deep Security Manager and Microsoft SQL Server communication using "-Djsse.enableCBCProtection equal false" in the .vmoptions file works, but it disables the BEAST countermeasures SSL3/TLS1.0 on the DSM and MSSQL channel. MS SQL Server 2008 R2 SP3 installed on Windows 2008 R2 implemented BEAST countermeasures used in TLS 1.0, which are not correctly handled by jtds-1.3.1.jar provided by Deep Security Manager. Solution 6: This fix upgrades the jtds driver patch and enables the successful connection between Deep Security Manager and Microsoft SQL in TLS 1.0 without the JVM option "-Djsse.enableCBCProtection equal false", which disables BEAST countermeasures. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [TT340695/DSSEG-137] Japanese characters in log messages files are corrupted. This is because the ja.properties file is saved with UTF-8 encoding instead of ANSI. Solution 7: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [TT335152/DSSEG-133] Sending/Receiving (POSTs and GETs) for "DeployAppliance" returns the message "Name cannot be blank" if a very large number of folders/groups are defined in vCenter. Solution 8: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-125] If exclusions like (C:\abc\*) are defined under Antimalware > Scan Configuration > Exclusion, it would cause an error that said the list of directories contains an invalid entry. However, if the path is defined under a second line of the exclusions list, it gets saved. Solution 9: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [TT-342337/DSSEG-186] NSX Manager will fail to deploy Trend Micro Deep Security service when vCenter is managing both supported ESXi version (5.5.x, 6.0.x) and unsupported ESXi version (5.1.x, 5.0.x, 4.x....). Solution 10: This release prevents unsupported ESXi versions being included in Trend Micro Deep Security Profile, so NSX Manager can deploy the Trend Micro Deep Security service successfully. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [TT340846/DSSEG-143] Under certain circumstances, a customer's Active Directory returns empty results. This causes the synchronization to delete all computers and groups from the Deep Security Manager, including the root group. However, the "Directory" object is not deleted, so when a user tries to add it back, Deep Security Manager says that the Active Directory already exists. Solution 11: This release fixes the issue with these two changes: - Prevent the root group from being deleted. - Abort the synchronization job if the Active Directory returns empty results. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-134] The MS SQL Failover Cluster Server Nodes protected by the Deep Security Virtual Appliance would sometimes drop the connection during activation or deactivation in an ESXi 5.5 environment. Solution 12: This issue has been fixed in the current release. Note: You must upgrade to ESXi 5.5U3b (Build# 3248547 or higher) to make this fix work. Modify the following file in ESXi: /etc/vmware/hostd/config.xml Set the key "useVigorVim" to false. Restart hostd service using following: /etc/init.d/hostd restart ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [TT-340918/DSSEG-157] A misconfigured rule in the policy could cause a rule compilation failure and the Deep Security Manager does no indicate this error state. Solution 13: This release added an error event and a new alert to indicate the error state. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 14: [TT338991/TT337978/DSSEG-173] Enhancement-1 introduced in Deep Security 9.6 Patch 1, which made the Deep Security Manager capable of configuring the TLS version under configuration.properties file has an issue where the Deep Security Relay fails to download the Software packages from the Deep Security Manager being configured to use TLSv1.2 only. Solution 14: This issue has been fixed. NOTE: When Deep Security Manager is forced to use TLS 1.2 only, communication between the Deep Security Manager and NSX will be broken because when NSX connects back to the Deep Security Manager over port 4119, it can only use TLS 1.0. This is a current NSX Manager limitation. Similarly, in non-NSX environments where Deep Security Filter Driver is deployed, minimum ESXi 5.5 version is required to make TLS 1.2 work properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 15: [DSSEG-179] The Deep Security Manager is not able to get an Integrity Monitoring event and would enter an infinite loop because of AgentEntityID overflow, if the value is over the maximum 32-bit integer. Solution 15: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 16: [DSSEG-185] When AWS instances uses Agent-Initiated Activation for Deep Security Agents and assigns a policy, there would sometimes be a race condition that could result in duplicate hosts names in the Deep Security Manager console. Solution 16: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 17: [TT340939/DSSEG-187] If an administrator creates a user for Deep Security Manager, defines an email address for that user, and checks the option "Receive Alert Emails" on the Contact Information tab, then if a scheduled task is enabled to Generate and Send Reports to that user, it would fail to send reports to that user's email address. Solution 17: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 18: [DSSEG-189] Upgrading the Deep Security Manager from some previous versions that require database schema changes requires customers to run custom scripts as a part of upgrade process. These scripts do not run if the MS SQL server is set to use Case Sensitive Collation. Solution 18: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 19: [TT341327/DSSEG-207] An event-based task is not triggered because the host display name is different and the host name is set empty. Solution 19: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 20: [DSSEG-210] If the Deep Security Manager has the Multi-tenant feature enabled and has a tenant (T1) with a Deep Security Relay and some Deep Security Agents that are configured to download the Security Updates from T1's relay, and if for any reason the T1's relay becomes offline, the Agents for T1 fails to download Security updates from the T0 relay. Solution 20: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 21: [DSSEG-178] The "Recommendations" section of the Intrusion Prevention page for a computer does not reflect an accurate number of "Recommended for Unassignment" rules if they are excluded from recommendation processing at the policy level (In the Policy editor, go to Intrusion Prevention > Assign/Unassign > Application Types > right-click any application type > Properties > Options > Exclude from Recommendations. Note: Not all application types are supported for recommendation by Recommendation Scans. Solution 21: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.5 Deep Security Manager 9.6.4000 ====================================================================== 8.5.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Critical Patch 1 adds the following enhancements: Enhancement 1: [DSSEG-267] Deep Security Manager 9.6 Service Pack 1 Patch 1 Critical Patch 1 adds two new widgets for tracking ransomware events caught by Deep Security. The Ransomware Status widget gives the total number of events caught by Deep Security within the selected timeframe. The Ransomware Event History indicates the number of events caught by module (Anti-malware, Web Reputation, Intrusion Prevention, and Integrity Monitoring). The two new widgets can be added to your Deep Security Dashboard by clicking the Add/Remove Widgets button and scrolling to Ransomware. Known Issue: If a user changes their language in the Deep Security Manager User Properties, the Ransomware Events History Widget does not change the language under Events Type and will continue to display in the language in which Deep Security Manager was installed. This will be fixed in next Patch release. Enhancement 2: [DSSEG-232] In certain scenarios, the Windows Deep Security Agent could significantly impact system performance. This is due to the system clean job performed by the Anti-malware Solution Platform (AMSP) engine consuming high system resources when realtime malware scan action is taken. System clean is an expensive job and may not always be necessary. With this fix, you can choose to disable system clean for realtime scans and offload this job to a manual scan or scheduled scan. To take advantage of this feature, deploy the Deep Security Manager and Deep Security Agents (Windows) in this combination: DSM: 9.6.3910 or higher DSA (Windows): 9.6.2.6950 or higher After installing/upgrading the Deep Security Manager and Deep Security Agent, you must run this command at the command prompt: C:\Program Files\Trend Micro\Deep Security Manager>dsm_c.exe -action changesetting -name "settings.configuration.enableAmspRealtimeScanSystemClean" -value false Note: By default this value is TRUE After changing this setting, the Deep Security Manager service will restart. To implement this change on the Deep Security Agent, right-click the upgraded Deep Security Agent and then click "Send Policy". Note: This setting is a global setting that affects all Windows Deep Security Agents running this version or higher. Enhancement 3: [DSSEG-242] By default, Deep Security Manager 9.6 or later uses combined mode if you have configured an agentless solution and would like to use both Anti-malware and Firewall/Intrusion Prevention. In this scenario, the Agent-based Anti-malware protection never works. This release in now capable of providing Agent-based Anti-malware protection in combined mode. To enable this feature, you must use the procedure below to change settings in the Deep Security Manager. After changing the settings, for all new activations the Deep Security Manager will detect an installed Deep Security Agent on a guest VM and will not activate the agentless protection at all. All new activations are done with Deep Security Agent. Already activated virtual machines must be reactivated to get Deep Security Agent protection. Procedure: 1. Log in to the Deep Security Manager machine. 2. Browse the Deep Security Manager Directory/Folder: On Windows: C:\ProgramFiles\Trend Micro\Deep Security Manager> On Linux: \opt\dsm\ 3. Run the command: dsm_c.exe -action changesetting -name settings.configuration.skipActivateAgentlessSolutionInGuestVm -value true 4. The Deep Security Manager service restarts. To verify that the setting has changed, run this command and check that value results are true: dsm_c.exe -action viewsetting -name settings.configuration.skipActivateAgentlessSolutionInGuestVm 8.5.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Critical Patch 1 resolves these issues: Issue 1: [DSSEG-240] When the Deep Security Manager is busy performing recommendation scans and does not send a new request to the Deep Security Agent, the connection between the Manager and the Agent remains at an idle status. If this idle status lasts longer than any network device's TCP idle timeout setting, the connection is reset and the recommendation scan fails with a protocol error. Solution 1: In this Hot Fix, a new key "recoScanKeepAliveTimeInterval" (Millisecond) was added to enable the Deep Security Manager to send "keep alive" requests to the Agent. This keeps the connection busy and prevents the timeout. To configure this setting: For example, if you want to send the "keep-alive" every 30 seconds, run the command prompt with Admin rights and go to the Deep Security Manager installation folder, which is normally: C:\ProgramFiles\TrendMicro\DeepSecurityManager> and then execute this command: dsm_c -action changesetting -name settings.configuration.recoScanKeepAliveTimeInterval -value 30000 where 30000 is in milliseconds (equal to 30 seconds). Note: 1) The "keep-alive" is only sent during recommendation scans. 2) The default value for this key is "0", which means it is disabled. 3) The value can be from 0 to 600000 (milliseconds). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-233] The Deep Security Manager disclosed unnecessary information about the web server version like Tomcat version when HTTP TRACK and TRACE methods were used to retrieve information. Solution 2: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [TT344554/DSSEG-255] If there was a network outage or interruption when the Active Directory Synchronization process was being run as a scheduled task, the synchronization would complete but resulted in a loss of enlisted computers in the Deep Security Manager console. Solution 3: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.6 Deep Security Manager 9.6.4014 ====================================================================== 8.6.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 1 does not add any enhancements. 8.6.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 1 resolves these issues: Issue 1: [TT342901/DSSEG-229] Under certain circumstances, the Deep Security Manager may connect to SMTP server unnecessarily. Solution 1: This hot fix fixes the issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [TT343803/DSSEG-236] Due to a race condition in the force activation process, managed VMs with an empty AgentGUID value in the Deep Security Manager hosts table record would cause the VM/Agent to go offline after 3 heartbeats. Solution 2: Code has been updated to avoid the race condition. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-273] Deep Security Manager synchronization with the NSX Manager sometimes failed if the NSX Service Profile did not have a Service Instance associated with it. This sometimes happened when another 3rd-party security solution was also deployed in the environment. Solution 3: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-282] Upgrading the Deep Security Manager from older versions of 9.0 Service Pack 1 running with Oracle Databases sometimes failed due to constraint handling (non-existing constraints) over some specific database tables. Solution 4: The Schema Manager has been upgraded in this release to avoid any Deep Security Manager upgrade failures. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [TT346020/DSSEG-297] Updating the Oracle schema type on the index column would cause an Oracle exception. Solution 5: This issue has been fixed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-315] A Firewall/Intrusion Prevention event did not include detailed payload data information. Solution 6: This issue has been fixed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-316] UTF-8 characters were not being properly displayed in reports when opened in Excel. Solution 7: This issue has been fixed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7 Deep Security Manager 9.6.4064 ====================================================================== 8.7.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 3 adds the following enhancements. Enhancement 1: [DSSEG-396/DSSEG-444/DSSEG-445] Added Diagnostic Logging Wizard to the Deep Security Manager, under Administration > System Information. The Diagnostic Logging Wizard allows you to temporarily enable extra Deep Security Manager logging for predefined functional areas. Additionally, a new status bar indicator shows when extra logging has been enabled manually or through the wizard. Using debug logging does not require restarting the DSM service. However, the debug logging options, when enabled through the wizard, do not persist past the next restart. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-296] Previously, the Deep Security Manager diagnostic package would only query up to 5000 hosts, which could cause the analysis tool or analysis process to be less accurate. This release improves this functionality and gives you the option to decide whether to get partial data (up to 5000 records) or full data. Suggested JVM usage if you want to fetch full records instead of the default 5000 records: For 10000 hosts: 16 GB system memory and 10 GB JVM. For 50000 hosts: 32 GB system memory and 16 GB JVM. Limitation: The dsm_c command used for generating the diagnostic package is limited to grab only default 5000 records. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-252] When an Amazon AMI with an activated Deep Security Agent is launched, the Deep Security Manager will automatically reactivate the Agent on this instance and invoke any corresponding event-based tasks. Note: This enhancement only works when the Deep Security Manager and the Deep Security Agents are both version 9.6 SP1 Patch 1 Update 3 or later. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DSSEG-369] The Deep Security Manager currently has two options for updating hostnames: [Administration] - [System Settings] - [Agents] 1. If an IP address is displayed in the Name column and an IP change is detected, the Deep Security Manager name is updated. 2. If a hostname is displayed in the Name column and a hostname change is detected, the Deep Security Manager will query the DNS server to resolve the IP address to the hostname and update the result under the Name column. However, under certain conditions, the hostname would not be resolved by the DNS server. The Deep Security Manager would be unable to update the hostname, resulting in an Agent status of Offline. Now, the hostname can be obtained from the Agent or the DNS server. These settings are now available as sub-options for option 2, above: 1. Use the hostname obtained from DNS server 2. Use the hostname specified by the Agent ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 5: [DSSEG-415] Deep Security now supports Windows 10 in agentless environments. This support requires the following combination: - Deep Security Manager 9.6 SP1 or higher - Deep Security Virtual Appliance Build 9.6.2.7314 or higher - NSX environment version 6.2.4 - VMware Tools version 10.0.9 or higher - ESXi version 5.5U3 or above, or ESXi 6.0U2 or higher ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 6: [DSSEG-442] Additional Host and Host Group data was added to the diagnostic package structure for support purposes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.7.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 3 resolves these issues: Issue 1: [DSSEG-337] Under certain circumstances, guest VMs under Deep Security Virtual Appliance could not be activated. The following error was shown: "An internal system error has occurred: ObjectNotFoundSQLException: Host Object not found, pkid: 539." Solution 1: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-325] If a protection module rule was excluded from Options > Recommendation Option > Exclude from Recommendations, and then a recommendation scan was run, after completion of the recommendation scan, the rule did not get assigned but there was an alert generated for that rule on the Alerts tab for that computer. Solution 2: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-333] Deep Security Manager generates CEF Syslog events containing invalid key-value pairs. Solution 3: Key-value pairs with invalid values are no longer included in Syslog output. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-370] Deep Security Manager used an outdated Java version. Solution 4: The July 2016 embedded JRE Security update is now included. Java has been updated from version 8U25 to 8U102. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [TT350205/DSSEG-376] When using combined mode protection in Deep Security 9.6, Anti-Malware and Integrity Monitoring are enabled on the Deep Security Virtual Appliance. Firewall, Intrusion Prevention, Web Reputation, and Log Inspection are enabled on the Deep Security Agent. During the recommendation scan process, the recommended Integrity Monitoring rules were not being assigned properly. Solution 5: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-447] The DPI Rule Recommendation Report contains an "Assigned Rules" tab. When the report was manually generated, the tab displayed the rules correctly, but when the report was generated from a schedule task, the tab did not display any rules. Solution 6: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-412] The event "Anti-Malware Quarantine Failed (Quarantine limit exceeded)" was confusing and did not show the exact numbers. Solution 7: This issue has been fixed and now the event shows file size in bytes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-427] Deep Security Manager was not forcing any rights on tenants, Host Usage and Host Usage Cumulative reports on report generation. Solution 8: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-441] AWS Instances could sometimes go offline if they didn't belong to a connector that had been imported. This could happen if the new instance was being added from a different AWS account. Solution 9: This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-443] The Deep Security Manager installer on Amazon Linux failed with permission denied. Solution 10:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DSSEG-467] Deep Security Manager failed to reconfigure a ransomware virus type. The ransomware widget drill down was not able to find the correct events. Solution 11:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-330] Schema update for the index column will impact big table due to reindexing. An Oracle instance does not need to be updated because NUMBER(22) is big enough to cover 64-bit integers. Solution 12:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [DSSEG-329] The engine team updated the virus detected name for Ransomware. A virus name checking list needed to be updated in the Deep Security Manager Anti-Malware module to reflect this change. Solution 13:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 14: [TT-346745/DSSEG-326] In certain situations, when a recommendation scan was run, the unassign recommendation scan rule information in the "Recommendations" section was inconsistent with the "IPS Rules" page on the Deep Security Manager console. Solution 14:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 15: [DSSEG-480] The diagnostic wizard leaves related logging enabled message after creating the Diagnostic Package under Deep Security Manager console. Solution 15:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 16: [DSSEG-423/TT349282] When the Deep Security Virtual Appliance is deployed in NSX environment, the NSX Manager shows Unknown Status for TrendMicro Service. Solution 16:This issue has been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 17: [DSSEG-411/TT346745] The Hot Fix released under DSSEG-326 which fixes the following issue: Under certain situations, when a recommendation scan was being run, the unassign recommendation scan rule information in the "Recommendations" section was inconsistent with "IPS Rules" page on the Deep Security Manager console. This somehow breaks the normal recommendation scan results. Solution 17:This issue has now been fixed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8 Deep Security Manager 9.6.4072 ===================================================================== 8.8.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 4 adds this enhancement: Enhancement 1: [DSSEG-555] New AWS regions have been added to Deep Security Manager's AWS Connector: - Asia Pacific (Mumbai) - Asia Pacific (Seoul) - US East (Ohio) - CA (Montreal) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-349] Deep Security Agent is now available for Ubuntu 16.04 LTS (64-bit). It includes support for real-time anti-malware scanning. Deep Security Manager can now activate and work with Deep Security Agents for Ubuntu 16.04 LTS (64-bit) Note: Minimum Supported Kernel Version Required is: Linux 4.4.0-21-generic ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.8.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 4 resolves these issues: Issue 1: [DSSEG-423/TT349282] The Trend Micro Deep Security service status showed "Unknown" on NSX service deployment page, even though everything was working from the Deep Security perspective. Solution 1: Due to an environment issue, when the Deep Security service was deployed, Deep Security Manager did not receive the NSX manager callback on time, which resulted in a NULL VSMAgentID field in the Deep Security Virtual Appliance Host table. With this release, Deep Security can recover from this error state. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-540/TT354858] The Deep Security Manager 9.6 SP1 P1 U3 release (9.6.4064) was missing some localized Japanese and Chinese strings, which resulted in strings being shown in English. Solution 2: This release has fixed this issue. The localized installation will show the correct localized strings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-553/TT353654] Deep Security Manager did not handle vMotion and activation well when they were triggered in a VM simultaneously. This action sometimes lead to the anti-malware module going offline on the VM. Solution 3: This release has fixed this issue. Deep Security Manager can now process vMotion and activation jobs simultaneously and the VM will be in the correct state after vMotion. Note: This fix works only on the Deep Security Virtual Appliances with a version 9.6 SP1 Patch1 Update 4 or higher. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.9 Deep Security Manager 9.6.4085 ===================================================================== 8.9.1 Enhancements ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 5 does not add any enhancements. 8.9.2 Resolved Known Issues ===================================================================== Deep Security Manager 9.6 Service Pack 1 Patch 1 Update 5 fixes the following issues: Issue 1: [DSSEG-339] In a vCloud environment, you could get a null exception when activating a VM if the "Allow Appliance protection of vCloud VMs" option was enabled but the associated vCenter was not imported into the Deep Security Manager. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-388] The Deep Security widget in the Trend Micro Control Manager console was not able to get data from Deep Security Manager. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-610] Integrity Monitoring event pruning took a long time and caused high CPU usage on the database server. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-634] In the timezone selection for a user, a "Coordinated Universal Time (UTC)" option has been added, in addition to "Coordinated Universal Time (Antarctica/Troll)". Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-637] The icon for Integrity Monitoring in the ransomware widget needed to be updated to the current Deep Security icon set. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-639] Some Intrusion Prevention rules depend on other rules so they must be assigned together. But when assigning Intrusion Prevention rules via the SOAP Web API, users were not notified about the rule dependency. Solution 6: This fix introduces a new SOAP Web API "DPIRuleDependenciesRetrieve", which retrieves "directly" dependent rules of the specified Intrusion Prevention Rule. Please note that the API queries only one layer of dependency; more queries might be needed to resolve all dependencies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-646] Japanese translation was missing from the Deep Security Manager console. Solution 7: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-669] When using the "Discover Computers" feature in Deep Security Manager, some VMs that did not exist were detected. Solution 8: This issue was due to a bug in JRE that is fixed in JRE 1.8u102 build 35. This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-670] vCenter synchronization was interrupted by an SQL exception when Deep Security Manager updated the host record by saving data to the antimalwarehosts table. Solution 9: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-673] In a previous release, three firewall event types were added. However, they were not added to the advanced search map, which prevented the advanced search function from finding those three event types. Solution 10: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 11: [DSSEG-464] The sorting algorithm used by java.util.Arrays.sort and (indirectly) by java.util.Collections.sort was replaced. The new sort implementation sometimes caused an IllegalArgumentException error if it detected a Comparable that violated the Comparable contract. The previous implementation silently ignored such a situation without throwing an error. Not capturing the exception caused a fatal error when trying to list the tenants screen. Solution 11: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 12: [DSSEG-641] The VIRTUAL_UUID field in the host table was either null or empty for non-VM-based agents, which caused many I/O operations and poor query performance when fetching hosts. Solution 12: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 13: [DSSEG-661] Apache Tomcat uses a package renamed copy of Apache Commons FileUpload to implement the file upload requirements of the Servlet specification. A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file. Solution 13: Apache Commons File Upload package and Embedded Tomcat Server has been upgraded in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.10 Deep Security Manager 9.6.4093 ===================================================================== 8.10.1 Enhancements ===================================================================== This release includes the following enhancement: Enhancement 1: [DSSEG-676] To help with troubleshooting, the vCenter's IP address, FQDN, or hostname is now displayed for VMWare vCenter Synchronization Jobs that appear under Administration > System Information > Manager Node > Jobs Active. 8.10.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-740] The Deep Security Virtual Appliance could not be upgraded because filter driver information was not cleaned in the NSX environment during vCenter sync. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-729] When the "Automatically Send Policy Changes to Computer" setting was off, there was unexpected behavior for new computer activations, where the Deep Security Manager would not push the configuration to Agents unless the user clicked the Send Policy button on the Computers Page. Solution 2: The behavior has been corrected so that the setting now works as expected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-694] "Reconnaissance detected" alerts could not be turned off. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-679] The rights assigned to a vCenter folder were not inherited by any new child folders that were created. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-576] The total number of "Unresolved Recommendations" shown on General tab was incorrect. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11 Deep Security Manager 9.6.4111 ===================================================================== 8.11.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-718/SEG-692] Standard time in Turkey has changed from GMT+2 to GMT+3. Solution 1: In this release, the bundled JRE has been updated to version 1.8.0_121, which resolves this issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-484] Collecting a Deep Security Manager diagnostic package using the dsm_c command with verbose enabled sometimes failed to include the debug.xml if there were more than 5000 hosts. Solution 2: This release has resolved this issue; however, for larger numbers of hosts (>10 000), the JVM memory for dsm_c.exe may need to be increased. This is done by creating a file named dsm_c.vmoptions and including, for example, "-Xmx8g" to increase memory to 8GB. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-435] When VMware Distributed Power Management puts an ESXi host in standby/power off mode, Deep Security Manager needs to handle the notification from vCenter to shut down the Deep Security Virtual Appliance. Previously, the Deep Security Virtual Appliance would prevent the ESXi from entering standby/power off mode. Solution 3: With this release, Deep Security Manager now will turn off the Deep Security Virtual Appliance when an ESXi host is going into standby mode, which allows the ESXi host to enter standby mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 4: [DSSEG-361] This release adds the ability to specify a timeout value for scheduled malware scans. You can see the new option by going to Administration > Scheduled Tasks and adding or editing a "Scan Computers for Malware" scheduled task. The timeout option is available for daily, weekly, monthly, and once-only scans. It is not available for hourly scans. When a scheduled malware scan is running and the timeout limit has been reached, any tasks that are currently running or pending will be cancelled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.11.2 Resolved Known Issues ===================================================================== This release resolves the following issue(s): Issue 1: [DSSEG-892] Deep Security Manager used a Long type when composing an SQL query on an integer-type data field, which resulted in a class case exception. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-884/SEG-2247] When Deep Security updated its components, some computers appeared out of date on the Security Updates page. The out-of-date warning message could persist for more than an hour. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-865] An error would occur when a user allowed a quarantined spyware via Events & Reports > Events > Anti-Malware Events > Quarantined Files. Solution 3: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-842/SEG-3748/SF00372864] In a deployment that includes the Deep Security Virtual Appliance, if there are two data centers with the same name located in the same vCenter (but in different folders), the appliance information page could display incorrect folder information. Solution 4: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-831/SEG-392] When Deep Security Manager performed a Synchronize VMware vCenter job and the job could not be completed, it occupied Deep Security Manager resources and other jobs could not be processed. Solution 5: This hot fix adds a timeout value to the Synchronize VMware vCenter job. If the job cannot be finished within two minutes, Deep Security Manager will terminate the job so that other jobs will not be affected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-774] When a user manually added a computer to the Deep Security Manager console and also imported the vCenter containing the computer, Deep Security Manager would raise a duplicate UUID alert. Solution 6: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-749] When Deep Security Manager was using Microsoft SQL Server 2008 R2 or earlier, the Deep Security Manager console was unable to show an instance list under a vCloud connector that contained more than 500 activated instances. Solution 7: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: [DSSEG-669/SEG-452] When the Deep Security Manager performed a computer discovery operation, it sometimes detected virtual machines that did not exist. This was caused by a bug in the JRE that is fixed in JRE 1.8u102 build 35. Solution 8: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 9: [DSSEG-624/SEG-1068] "Unable to communicate" alerts were still raised, even after the "Raise Offline Errors For Inactive Virtual Machines" setting was disabled. In addition, "Unable to communicate" alerts were not raised when a virtual machine was suspended. Solution 9: These issues are fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 10: [DSSEG-785/SEG-551/SEG-551] In the "Anti-Malware Protection Status" widget (on the Deep Security Manager Dashboard), clicking the "Unprotected" number would display incorrect results. Solution 10: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12 Deep Security Manager 9.6.4125 ===================================================================== 8.12.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-832] Sometimes, when a communication session between the Deep Security Manager and Agent ended, the manager would encounter a null point exception error when checking the versions of agents. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-781/SEG-875] In some environments, the Anti-Malware Solution Platform (AMSP) could cause high disk input/output when the common scan cache was on. Solution 2: By default, the AMSP common scan cache is on. To disable it, open a Windows command prompt on the Deep Security Manager computer, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.disableAmspCommonScanCache -value true ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 3: [DSSEG-852] Deep Security Manager now provides a single deployment script for both Windows and Linux and adds the ability to allow customers to select a proxy setting and add it to the deployment script. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.12.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1062/SEG-7362] If the database connection was not stable when the Deep Security Manager service started, the manager could fail to get a setting from the database and think it hadn't done the setting migration yet. If that happened, the manager would mistakenly perform the setting migration again and cause some settings to be restored to their default values. Solution 1: This issue is resolved in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1047] The Azure connector did not support Azure (China) accounts. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1024] The Deep Security Manager was affected by one or more of the CVEs reported in the Oracle Critical Patch Update issued April 18, 2017 and by a vulnerability related to CVE-2014-3490. Solution 3: The Java JRE used in the Deep Security Manager has been upgraded to the version released for the above- mentioned Critical Patch Update (Java 8 u131). The vulnerability related to CVE-2014-3490 is also resolved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1020/SEG-4929] If the database connection was not stable when the Deep Security Manager service started, the manager could fail to get a setting from the database and think it hadn't done the setting migration yet. If that happened, the manager would mistakenly perform the setting migration again and cause some settings to be restored to their default values. Solution 4: After applying this fix, if Deep Security Manager cannot get the setting from the database due to an unexpected error, it will not perform the setting migration at that time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-837/385457] When the “Use a Schedule for Upgrade” option is selected, the upgrade time is on based on the time zone of the Deep Security Manager computer. However, the schedule displayed under “Policies > Common Objects > Other > Schedules” reflected the time zone where the user is located, which could be different from the time zone of the Deep Security Manager. This difference sometimes caused confusion. Solution 5: The schedules displayed on the "Schedules" page are not associated with any time zone. But when a schedule is applied to a rule or task, it will be applied using the Deep Security Manager or Agent's local time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-744/SEG-1206] The default ICRC log level for a Deep Security Agent on Linux is "debug", which causes the ds_am-icrc.log file to grow quickly. Solution 6: Change the default ICRC log level to "warn". For a fresh agent installation, the default ICRC log level will be set to "warn" by default. To update an existing agent on Linux: 1. Upgrade the Deep Security Manager to the build that contains the fix. 2. On the Deep Security Manager computer, open a Windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true 3. Upgrade the Deep Security Agent to the build that contains the fix. 4. After the agents are upgraded and the default ICRC log level has been corrected, we recommend that you turn off the key. To do this, go to the Deep Security Manager computer, open a Windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.13 Deep Security Manager 9.6.4133 ===================================================================== 8.13.1 Enhancements ===================================================================== The following enhancements are included in this release: Enhancement 1: [DSSEG-781/SEG-875] In some environments, the Anti-Malware Solution Platform (AMSP) could cause high disk input/output when the common scan cache was on. Solution 1: By default, the AMSP common scan cache is on. To disable it, open a Windows command prompt on the Deep Security Manager computer, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.disableAmspCommonScanCache -value true Note 1: Anti-malware scan performance may decrease, depending on your environment. This enhancement was created for a Citrix Xen APP environment. It normally should not be disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.13.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1125] On the "Deployment Scripts" page, when a user selected a manager proxy that does not require authentication, it would display a command that was not necessary. As a result, the Deep Security Agent sometimes failed to connect via the proxy. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1108] The "Deployment Scripts" page included a "Proxy to contact Relay(s)" option, which is not supported with Deep Security 9.6. Solution 2: This option has been removed to avoid confusion. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-1060] In previous releases, the Deep Security Manager installer only accepted a colon as the separator in the host name on the Database screen. In a silent install, it was "DatabaseScreen.Hostname=Hostname\IP:Port number". Solution 3: In this release, you can use either a colon or comma as the separator. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-1056/SEG-7464] In Deep Security Manager, the number of rules listed as "Unresolved Recommendations" sometimes did not match the number of rules in the "Recommended for Assignment" list. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 5: [DSSEG-1001] Synchronizing with vCenter sometimes caused an internal deadlock in Deep Security Manager. Solution 5: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 6: [DSSEG-744/SEG-1206] The default ICRC log level for a Deep Security Agent on Linux is "debug", which causes the ds_am-icrc.log file to grow quickly. Solution 6: Change the default ICRC log level to "warn". For a fresh agent installation, the default ICRC log level will be set to "warn" by default. To update an existing agent on Linux: 1. Upgrade the Deep Security Manager to the build that contains the fix. 2. On the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value true 3. Upgrade the Deep Security Agent to the build that contains the fix. 4. After the agents are upgraded and the default ICRC log level has been corrected, we recommend that you turn off the key. To do this, go to the Deep Security Manager computer, open a windows command prompt, go to the Deep Security Manager root folder, and run this command: dsm_c -action changesetting -name settings.configuration.resetICRCLogConfig -value false ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 7: [DSSEG-699] Some users experienced issues with scheduled tasks, where the task was being performed on the wrong day. This was because the task day was scheduled in the timezone of the Deep Security Manager or tenant, which could be significantly different from the user timezone. While the time of day would be correctly converted between the user timezone and the scheduling timezone, in some cases if the conversion caused the day or date to change (for example, Wednesday May 10th 10pm UTC is equivalent to a Thursday May 11th 2am UTC+4), the task would be scheduled 24 hours too early or too late. Solution 7: With this release of Deep Security, all new scheduled tasks are created with a specified associated timezone. This can be edited in the scheduled task properties. Any existing tasks will have schedules displayed in the timezone in which they are currently scheduled (tenant or Deep Security Manager). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14 Deep Security Manager 9.6.4143 ===================================================================== 8.14.1 Enhancements ===================================================================== The following enhancement is included in this release: Enhancement 1: [DSSEG-1059] Deep Security Manager now provides a single deployment script for both Windows and Linux and adds the ability to select a proxy setting and add it to the deployment script. Note 1: - For SUSE Linux Enterprise Server 10, the sha256sum command is not added by default. The script can be modified to skip the sha256sum check. - Linux deployment scripts now require that you have curl installed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Enhancement 2: [DSSEG-1159/153520/159928/334365/133815/00422691/388436/465671] root/Administrator privileges are required to run Deep Security Agent deployment scripts. With this release, a message is displayed when a deployment script is run without the correct privilege. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8.14.2 Resolved Known Issues ===================================================================== This release resolves the following issues: Issue 1: [DSSEG-1169/SEG-9782] File lists would not accept multiple files. Solution 1: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 2: [DSSEG-1122] When changing a user password, the password was available as plain in the body of the response. Solution 2: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 3: [DSSEG-985] When a scheduled malware scan was running, the URL of a Deep Security Virtual Appliance displayed in the Malware Scan Status widget was incorrect. Solution 3: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 4: [DSSEG-920] There was a performance issue in Deep Security Manager when loading the Computers page and Computer Status widget with a large VMware environment deployment. Solution 4: This issue is fixed in this release. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9. Files Included in This Release ======================================================================== This release is a complete installation. Use one of the following files: Manager-Windows-9.6.4145.x64.exe (64-bit) Manager-Linux-9.6.4145.x64.sh (64-bit) 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, Deep Security, "deep security solutions", and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: www.trendmicro.com/us/about-us/legal-policies/license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide 13. Third-Party Software ======================================================================== Deep Security employs the use of 3rd party binary distributions. The binary distributions are subject to the licenses available in the following directory: [Install Directory]/licenses Where 3rd party licenses require open access to their source code, Trend Micro will provide the necessary materials upon written request. ======================================================================== (C) 2017 Trend Micro Inc. All rights reserved. Published in Canada.