<> Trend Micro Incorporated November 2, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.5 Service Pack 2 Patch 4 - Build 1844 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About InterScan Web Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New? 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About InterScan Web Security Virtual Appliance ====================================================================== InterScan Web Security Virtual Appliance (IWSVA) is a highly scalable and reliable web security solution that includes virus protection for HTTP and FTP traffic. IWSVA delivers best-in-class HTTP and FTP virus scanning that leverages the administration, policy, and centralized management of Trend Micro's Enterprise Protection Strategy. 1.1 Overview of this Release =================================================================== IWSVA 6.5 Service Pack 2 Patch 4 is cumulative and contains all product changes released after IWSVA 6.5 Service Pack 2 GM Build. 1.2 Who Should Install this Release? =================================================================== Install this patch if you are currently running any IWSVA 6.5 Service Pack 2 build. 2. What's New? ====================================================================== Note: Please install this patch before completing any of the procedures indicated in this section (see "Installation"). 2.1 Enhancements =================================================================== The following enhancements are included in this patch: Enhancement 1: This patch implements bypass for the TMCM AU URL: If the URL is HTTP, IWSVA will not use SSL. If the URL is HTTPS, IWSVA will not check any SSL restriction. Enhancement 2: This patch implements bypass mgmt interface in bridge mode. Enhancement 3: This patch updates the TMCM agent version from 1000 to 2300 and supports TLS1.2 for IWSVA connections to a TMCM 7 server. Enhancement 4: This patch supports File hash detection log and new format of web security log. Enhancement 5: This hotfix updates the OpenSSL version in IWSVA to improve the HTTPS decryption process. 2.2 Resolved Known Issues =================================================================== Note: Patch 4 includes solutions to issues resolved in all fixes released from April 1, 2018 to November 2, 2018. Patch 4 resolves the following issues: Issue 1: Syslog entries that exceed 1500 bytes are truncated automatically. [Hotfix 1810] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (SEG-26390) Solution 1: This hotfix increases the maximum length of syslog entries to resolve this issue. Issue 2: [Hotfix 1813] InterScan Web Security Virtual Appliance (IWSVA) does not (SEG-27349) support the GDPR DLP template. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix upgrades the eManager module to support the GDPR DLP template. Issue 3: The new Web Reputation Service (WRS) category "Coin Miners" [Hotfix 1813] has not been added into IWSVA. (SEG-26959) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix adds the "Coin Miners" WRS category to IWSVA. Issue 4: The bandwidth information in log reports is converted [Hotfix 1813] incorrectly. (SEG-25380) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix ensures that the bandwidth information in log reports is converted correctly. Issue 5: Some customers want to see the DLP template name in the syslog. [Hotfix 1815] (SEG-24605) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix enables IWSVA to display the DLP template name in the syslog. Issue 6: Administrator account privileges conflict with the online help. [Hotfix 1815] (SEG-21233) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix modifies the online Administrator section for deleting, creating and modifying users. Issue 7: The "Current Threat Activity" and "Global Botnet Map" links under the "Threat Resources" column [Hotfix 1816] on the "System Status" dashboard redirect to the wrong page. (SEG-26839)) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix ensures that both links redirect to the correct pages. Issue 8: XML files are blocked as COM files. [Hotfix 1817] (SEG-26839)) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix resolves a mapping issue to ensure that files are blocked correctly. Issue 9: Some customers need to hide the matched content in credit card numbers. [Hotfix 1818] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This hotfix enables the SRG feature to hide the matched content of credit card numbers. Procedure: To enable the SRG feature to hide the matched content of credit card numbers: 1. Install this hotfix (see "Installation"). 2. Open the " /etc/iscan/intscan.ini" file. 3. Add the following key under the [Request-scan] section and set its value to "yes": mask_creditcard_number=yes 4. Run the following command: /etc/iscan/S99ISproxy reload Issue 10: The HA cluster synchronization stops responding on the parent [Hotfix 1819] node when it waits for a response from the child node. (SEG-23849) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix introduces a synchronization timeout mechanism when the parent node waits for a response from the child node. Procedure : To enable the synchronization timeout mechanism: 1. Install this hotfix (see "Installation"). 2. Log on to IWSVA parent node directly or through an SSH as administrator. 3. Run the following commands: enable configure system ha synchronization timeout 60 exit NOTE: the unit is in minutes. To disable the synchronization timeout mechanism, run: enable configure system ha synchronization timeout 0 exit Issue 11: The High Availability (HA) synchronization cannot sync [Hotfix 1819] settings because a parent node cannot send a source package (SEG-23849) to a child node when the file is too large. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This hotfix enables users to postpone the refresh CRL during HA synchronization to ensure that HA synchronization completes without issues. Procedure : To postpone the refresh CRL during HA synchronization: 1. Install this hotfix (see "Installation"). 2. Log on to IWSVA either directly or with Secure Shell (SSH) as administrator. 3. Run the following commands: enable configure module migration syncURLList enable exit To restore default CRL synchronization between two HA nodes, run: enable configure module migration syncURLList disable exit Issue 12: Administrators of InterScan Web Security Virtual Appliance [Hotfix 1820] (IWSVA) cannot set priorities on the URL filtering policy (SEG-30828) using its web user interface. They can only move up or down each policy, which entails too much effort on administrators to set up priorities for each policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: The hotfix enables the IWSVA administrators to reprioritize URL filtering policies using the web user interface. Procedure: To enable this function. 1. Log on to IWSVA either directly or with Secure Shell (SSH) as administrator. 2. Run this command: enable configure module URLFiltering reprioritization enable exit Note: clean web browser and access web console again for new page. To disable this function: 1. Log on to IWSVA either directly or with Secure Shell (SSH) as administrator. 2. Run this command: enable configure module URLFiltering reprioritization disable exit ******************************************** * IWSVA * * * * WARNING: Authorized Access Only * ******************************************** Welcome admin it is Tue Jun 19 23:07:01 PDT 2018 enable# configure module URLFiltering reprioritization disable disable URLFiltering reprioritization on webUI.(default) enable# show module URLFiltering reprioritization Status: Disabled(Default) enable# configure module URLFiltering reprioritization disable URLFiltering reprioritization on webUI is already disabled. enable# show module URLFiltering reprioritization Status: Disabled(Default) enable# configure module URLFiltering reprioritization enable enable URLFiltering reprioritization on webUI. enable# show module URLFiltering reprioritization Status: Enabled enable# configure module URLFiltering reprioritization enable URLFiltering reprioritization on webUI is already enabled. enable# show module URLFiltering reprioritization Status: Enabled enable# exit Leaving privileged mode... Issue 13: Some URLs cannot be accessed through InterScan Web Security [Hotfix 1822] Virtual Appliance (IWSVA) 6.5 Service Pack 2 Patch 3. (SEG-26839) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: The hotfix resolves the issue by preventing a file download by FTP over HTTP failure that may occur while accessing certain websites. Issue 14: The IWSVA WMI DC Agent cannot detect Microsoft(TM) Windows(TM) [Hotfix 1822] Server 2012 domain controllers. (SEG-29123) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: The hotfix fixes the issue. Issue 15: The URL Access Control "Block List" is not sorted. [Hotfix 1823] (SEG-28867) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This hotfix ensures that IWSVA sorts the URLs in the "Block list" Issue 16: Duplicate entries appear on Application Control query results. [Hotfix 1823] (SEG-28425) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This hotfix prevents duplicate entries in Application Control query results. Issue 17: IWSVA cannot integrate with LDAP. [Hotfix 1823] (SEG-28425) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This hotfix enables IWSVA to support AES-256 for Kerberos Authentication. Issue 18: iwssd adds a log to the syslog if the HTTPS transaction after a [Hotfix 1824] restart closes without a request from the client. (SEG-31870) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This hotfix prevents iwssd from recording this event. Issue 19: PAC files that were deleted through the InterScan Web Security [Hotfix 1826] Virtual Appliance (IWSVA) web console remain on the computer and are accessible from the web browser. (SEG-30818) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix ensures that PAC files can be deleted successfully through the IWSVA web console. Issue 20: Data Loss Prevention(TM) (DLP) shows sensitive content in [Hotfix 1826] clear text. (SEG-30858) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This hotfix enables the DLP module to strip this information before it goes out from IWSVA. Issue 21: InterScan Web Security Virtual Appliance (IWSVA) does not block [Hotfix 1827] certain URLs in the URL Suspicious Object (SO) list from Trend (SEG-31962) Micro Control Manager(TM) if the URLs do not have an assigned port. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This hotfix resolves this issue by enabling IWSVA to assign port 80 to the URLs in the HTTP URL-SO list and port 443 for those in the HTTPS URL-SO list during Deep Discovery Analyzer configuration cache initialization. Issue 22: An issue prevents InterScan Web Security Virtual Appliance [Hotfix 1828] (IWSVA) from recognizing the Microsoft(TM) shell link file format. (SEG-31726) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This hotfix resolves the issue so IWSVA can correctly recognize the Microsoft shell link file format. Issue 23: An issue that may happen while IWSVA handles SSL states may [Hotfix 1833] cause the server connection to close unexpectedly. (SEG-33002) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This hotfix resolves the issue. Issue 24: Audit and performance logs do not appear in customized logs [Hotfix 1834] reports. (SEG-33359) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This hotfix ensures that customized log reports contain all the required information. Issue 25: The ICAP interface changes behavior between IWSVA version 6.5 [Hotfix 1834] Build 1080 and version 6.5 Build 1809 (SEG-32556) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This hotfix resolves the issue to ensure that IWSVA can scan for viruses when there is no content-length in ICAP mode. Issue 26: An HTTP Log NormalizeUrl TM_UF_ error occurs while InterScan [Hotfix 1834] Web Security Virtual Appliance (IWSVA) 6.5 is in ICAP mode. (SEG-32781) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix resolves the issue by ensuring that IWSVA does not add unnecessary prefixes to URLs in ICAP mode. Issue 27: Unable to synchronize with the LDAP server. [Hotfix 1835] (SEG-31536) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This hotfix resolves the issue by changing the request parameter sent to the LDAP server. Issue 28: InterScan Web Security Virtual Appliance is unable to detect the [Hotfix 1836] VBScript file type. (SEG-34361) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This hotfix resolves the issue by ensuring that the VBScript file type always maps to the correct MIME type and file name extension. Issue 29: Sometimes, users encounter a warning that certain SSL certificates have been revoked. [Hotfix 1837] (SEG-16470) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This hotfix resolves an issue to ensure that SSL certificate status does not switch from "active" to "inactive" unexpectedly. Issue 30: An issue prevents InterScan Web Security Virtual Appliance [Hotfix 1841] (IWSVA) from blocking post and upload options in Linkedin and Facebook (SEG-28512) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This hotfix resolves the issue by upgrading the ixEngine. Issue 31: Some times, the iwssd process crashes at https_ctx_delete [Hotfix 1843] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This hotfix adds some protection to https_ctx_delete to avoid the crash 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IWSVA. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IWSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IWSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Install this Patch on computers running any build released after IWSVA 6.5 Service Pack 2 Build 1548. 5. Installation ====================================================================== This section explains key steps for installing. 5.1 Installing =================================================================== To install: 1. Download the "iwsva_65_sp2_ar64_en_patch4.tgz" patch file onto your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the patch file and click "Open". 6. Click "Upload". Your browser uploads the patch file to IWSVA and IWSVA validates if the file is a legitimate patch. 7. Click "Install". Note: Applying this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5.2 Uninstalling =================================================================== To roll back to the previous build: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "patch4". A confirmation page appears. 4. Verify the patch ID and description on the confirmation page. 5. Click "Uninstall". Note: Removing this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 6. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues for this patch release. In order to resolve an issue, the dynamic certificates rule during Certification Replication has been modified. If you are using Configuration Replication, when installing hotfix 1837 or a later hotfix/patch, please upgrade the CCR Receiver first, then upgrade the CCR Source. If you have upgraded the CCR Source first, please use the steps below to copy the dynamic certificates to the Receivers: 1) WinSCP into the CCR Source > Download all files from /var/iwss/jscan/certificates/dynamic to a directory on the local machine 2) SSH into the CCR Receiver > Stop the IWSVA services: # /var/iwss/rcIwss stop (Note: this will interrupt the network traffic for a few minutes so plan accordingly) 3) WinSCP into the CCR Receiver > Upload all downloaded files to /var/iwss/jscan/certificates/dynamic 4) SSH into the CCR Receiver > Run the commands: chown iscan:iscan /var/iwss/jscan/certificates/dynamic/* /var/iwss/rcIwss start 8. Release History ====================================================================== IWSVA 6.5 Service Pack 2 GM Build, November 9, 2015 IWSVA 6.5 Service Pack 2 Patch 1 - Build 1707, July 11, 2016 IWSVA 6.5 Service Pack 2 Patch 2 - Build 1765, May 19, 2017 IWSVA 6.5 Service Pack 2 Patch 3 - Build 1809, April 1, 2018 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== There are no enhancements in IWSVA 6.5 EN SP2 Patch 1. 8.1.2 Resolved Known Issues =================================================================== IWSVA 6.5 SP2 Patch 1 resolves the following issues: Patch 1 resolves the following issues: Issue 1: Configuration replication may fail after users add a large amount of replication source information on the replication source machine. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1606] This patch ensures that configuration replication (TT-330566) works normally under the scenario described above. Issue 2: When IWSVA is deployed in bridge mode between a client and the proxy server, IWSVA may not be able to correctly categorize HTTPS websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1606] This patch ensures that IWSVA can correctly (TT-325466) categorize HTTPS websites when deployed in bridge mode between a client and the proxy server. Issue 3: Multicast data packets cannot pass through when IWSVA 6.5 is in bridge mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1606] This patch disables the "multicast_snooping" feature (TT-329888) to enable multicast data packets to pass through in bridge mode. Issue 4: Importing IWSVA 6.0 Service Pack 1 onto IWSVA 6.5 Service Pack 2 breaks the local SPS configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1606] This patch ensures that the local SPS configuration (TT-334243) file remains undamaged after importing the IWSVA 6.0 Service Pack 1 package onto IWSVA 6.5 Service Pack 2. Issue 5: IWSVA for Linux 6.5 Service Pack 2 does not support SMTP authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1606] This patch enables IWSVA to support SMTP (TT-328947) authentication. Issue 6: The IWSVA for Linux 6.5 Service Pack 2 stops unexpectedly while uploading log data while the log exception feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1606] This patch ensures that IWSVA can upload the log (TT-329327) data correctly while the log exception feature is enabled. Issue 7: In WCCP mode, the WCCPD daemon still communicates with the Cisco(TM) router after the HTTP/FTP scanning service stops. This results in HTTP/FTP traffic interruptions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1606] This patch adds a mechanism for monitoring the (TT-328981) status of the FTP/HTTP scanning service and the WCCPD daemon. This mechanism helps prevent HTTP/FTP traffic interruptions by stopping the WCCPD daemon from communicating with the Cisco server when the HTTP/FTP scanning service stops. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To enable this feature: a. Install this patch (see "Installation"). b. Run the following script: # nohup /usr/iwss/wccpd_monitor.py & Notes: The corresponding log will appear in the "/etc/iscan/log/wccpd_monitor.log" file. Issue 8: The DNS cache of IWSVA uses a fixed TTL setting of 12 hours and is not configurable. As a result, users may not be able to access certain websites with IP addresses that change frequently. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1606] This patch enables the DNS cache of IWSVA to (TT-332549) synchronize the TTL from the DNS server instead of using a fixed TTL. Issue 9: When users configure the local SPS through the web console, there are no instructions about the correct format for the SPS URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1606] This patch adds this information to the local SPS (TT-334245) instructions. Issue 10: IWSVA is affected by a certain vulnerability related to the autorun section in HTTP requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1606] This patch enables IWSVA to filter the malicious autorun section in HTTP requests to resolve the vulnerability. Issue 11: IWSVA 6.5 may generate several scheduled reports with the same timestamps. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1606] This patch ensures that IWSVA 6.5 does not generate (TT-330785) duplicate scheduled reports. Issue 12: The TMUSE engine stops unexpectedly when users enable the Dynamic URL Categorization feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 1606] This patch resolves this issue by updating the TMUSE (TT-333247) engine. Issue 13: Sometimes, users cannot successfully import the configuration file of IWSVA 6.5 Service Pack 1 to version 6.5 Service Pack 2 and the HTTP daemon may not be able to start. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Critical Patch 1608] This patch ensures that users can (TT-336035) successfully import the configuration file from IWSVA 6.5 Service Pack 1 to version 6.5 Service Pack 2. Issue 14: Sometimes, authentication fails when users add multiple domains in IWSVA 6.5 Service Pack 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that the authentication succeeds in multiple domain environments. Issue 15: After upgrading to IWSVA 6.5 SP2, users cannot access some HTTPS sites through IWSVA with HTTPS decryption enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that users can access HTTPS sites successfully even when enabling HTTPS decryption. Issue 16: IWSVA 6.5 Service Pack 2 may stop unexpectedly and generate dump files while parsing special types of cookies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Critical Patch 1608] This patch enables IWSVA 6.5 Service Pack 2 [SEGTT-336907] to handle special types of cookies. Issue 17: In IWSVA 6.5, administrators cannot retrieve reports for the last several days because the corresponding data have not been uploaded to the common log server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Critical Patch 1608] This patch resolves the issue by enabling (TT-336728) IWSVA 6.5 to regulate the size of the upload queue, which helps ensure that the log agent on clients can parse data more efficiently. Issue 18: When doing migration from configuration from the latest build of IWSVA6.5 Service Pack 1, all the HTTPS websites cannot be accessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [Critical Patch 1608] This patch updates the configuration of SSL (TT-337176) methods to fix this issue. Issue 19: A race issue between the appd daemon and kernel prevents clients from connecting to the Internet in proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [Hotfix 1609] This patch enables users to allow only the HTTP (TT-332780) scanning daemon to handle application control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 19: To allow only the HTTP scanning daemon to handle application traffic: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in the "/etc/iscan/" folder. c. Locate or add the "enable_appd_daemon" key in the "app-control" section and set its value to "no". [app-control] enable_appd_daemon=no d. Save the changes and close the file. e. Restart the appd daemon by running the following command: /usr/iwss/S99ISappd restart Issue 20: Under certain conditions, when users add a period "." to an organizational unit (OU) in the "Base distinguished name" Active Directory (AD) setting and save the configuration, a "DC=" string is inserted instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: [Hotfix 1612] This patch ensures that the correct setting is saved (TT-337279) in the "http_config_user_idetification.jsp" file. Issue 21: An issue related to how IWSVA receives HTTP data triggers a high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: [Hotfix 1612] This patch resolves the issue. (TT-337061) Issue 22: When IWSVA generates reports based on an LDAP group that starts with the "&" token, the reports do not display any information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: [Hotfix 1612] This patch ensures that these reports display (TT-338606) complete and accurate information. Issue 23: Users receive blank pattern update notifications from IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: [Hotfix 1613] This patch ensures that pattern update notifications (TT-339400) from IWSVA contain complete and accurate information. Issue 24: Email notifications from IWSVA 6.5 Service Pack 2 cannot be displayed correctly because IWSVA cannot recognize and parse the "\n" characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: [Hotfix 1616] This patch ensures that IWSVA can correctly recognize (TT-341216) and handle "\n" as line breaks. Issue 25: A line in the Diagnostic Tool script file causes the FTP download testing to fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hotfix 1616] This patch resolves the issue to ensure that the (TT-335781) Diagnostic Tool can perform FTP download testing correctly. Issue 26: Users may not be able to access certain HTTPS websites through IWSVA when the HTTPS decryption feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hotfix 1617] This patch ensures that users can access HTTPS (TT-338216) websites normally when HTTPS decryption is enabled. Issue 27: When users download a file to the computer and the "Scan before delivery" option is enabled, the download process stops unexpectedly and the file will not be saved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: [Hotfix 1617] This patch updates the way IWSVA 6.5 Service Pack 2 (TT-339799) determines if a download has completed when the "Scan before delivery" option is enabled. This helps ensure that users can download files normally under this scenario. Issue 28: An issue related to how the rest APIs of the following functions receive parameters from users may leave the computer vulnerable to remote code execution attacks. - testConfiguration function - wmi_domain_controllers function - domains ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: [Hotfix 1618] This patch safeguards against remote code execution (TT-338692, attacks by enabling IWSVA to enclose input TT-338693, parameters in double quotation marks and to skip and TT-338695) special characters inside these parameters. Issue 29: An issue prevents ixEngine from identifying the upload protocol from Google Drive and DropBox, which prevents IWSVA from blocking these programs using Application Control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: [Hotfix 1618] This patch adds new protocols in ixEngine to enable (TT-343197) it to block specific programs. Issue 30: The "X-Infection-Found:" header in ICAP responses is followed by two space characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: [Hotfix 1619] This patch removes the extra space character so that (TT-343676) the "X-Infection-Found:" header in ICAP responses is followed by a single space character. Issue 31: Users cannot access HTTPS websites with non-standard ports through IWSVA when both the upstream proxy and content cache are enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: [Hotfix 1621] This patch ensures that users can access HTTPS (TT341162) websites with non-standard ports through IWSVA when both the upstream proxy and content cache are enabled. Issue 32: The ransomware detections are not displayed on the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: [Hotfix 1622] This patch ensures that the total number of (TT-346050) ransomware detections displays on the Dashboard of the web console. Issue 33: The link to syncing Mozilla(TM) certificate authorities (CA) is out-of-date which prevents IWSVA from syncing certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch updates the link to make sure that IWSVA can sync Mozilla CA successfully. Issue 34: The "Enable FTP scanning" button is not greyed-out automatically in ICAP and reverse proxy modes, but this feature is not supported in these modes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: (TT345130) This patch enables IWSVA to grey-out the "Enable FTP scanning" button in FTP pages in ICAP and reverse proxy modes. Issue 35: IWSVA uses an HTTP channel by default for ActiveUpdate (AU). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch changes the default AU upgrade channel to an HTTPS channel. Issue 36: The Global approved and blocked lists has been enhanced for website option ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: (TT-342336) This patch enables users to configure IWSVA to add two entries to include both the domain and its sub domain in the Global approved and blocked lists when the website option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 36: To enable this feature: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "URL-blocking" section. [URL-blocking] convertDomain=yes c. Save the changes and close the file. d. Restart Tomcat(TM) by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 37: IWSVA does not record access logs when the network connection is interrupted unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch enables users to configure IWSVA to record an access log each time it detects that the network connection is interrupted unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 37: To enable IWSVA to record an access log each time it detects that the network connection is interrupted unexpectedly: a. Install this patch (see "Installation"). b. Open the "IWSSPIProtocolHttpProxy.pni" file in "/etc/iscan/" and add the following key in the "http" section. [http] enable_interrupted_log=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 38: The web browser uses the connect method to notify IWSVA that it will send an HTTPS request for a specific website. Usually, the connect method requires the host name, however, in special environments, it uses several extra headers such as the "X-FORWARDED-FOR" and some custom-built headers. A user requests for a way to enable IWSVA to record logs for these requests which can be differentiated according to the headers used in the connect method. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch provides a "customized text-based log" feature which can customize the HTTP header and keep the connect method to log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 38: To enable this feature: a. Install this patch (see "Installation"). b. Disable https decryption in the IWSVA web console. c. Enable text log, specify the header name which will appear in the log format setting. For example: `log_format=%a|%u|%H|%{ca_forwarded_for}h| %{x_forwarded_for}h|%{recv_request_begin}t|%{host}h| %r|%s|%{downstream_payload}p|%{handle_time}l|%n| %w|%m|%{name}f|%{size}f` Note: This setting will enable IWSVA to generate logs for requests using the header value if the header name is "x_forwarded_for" and "ca_forwarded_for". The header name is case insensitive and "_" is treated as "-". d. Open the " log_format.ini" file in "/etc/iscan/" and set "enable_text_based_log=yes" under the "text_log" section. e. Save the changes and close the file. f. Reload the daemon by running the following command: $/etc/iscan/S99ISproxy reload g. Check the log files in IWSVA. The log file is located in "/var/textlog/customized_access*" by default. Issue 39: The IWSVA socks proxy server does not support authentication and XML firewalling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch switches the socks proxy from "ssh" to "antinat" to enable it to support authentication and XML firewalling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 39: To enable this feature: a. Install this patch (see "Installation"). b. Enable the socks proxy by adding the following lines in "/etc/iscan/network.ini": socks5_proxy_enabled=yes socks5_proxy_port=1080 c. Specify the other settings. - enable authentication for the request, for example: socks5_auth_enable=yes - specify the username and password for authentication, separating each user with a ";", for example: socks5_auth_users=testuser/ testpassword;testuser2/testpassword2 - specify the destination port to block, separate each port with a ";", for example: socks5_reject_dstport=443;8443 - specify the default action for the socks proxy, for example: default_allow_action=yes Notes: - "yes" means the default action is "allow", coordinate with the "socks5_reject_srcip" setting. - "no" means the default action is "reject", coordinate with the "socks5_allow_srcip" setting - specify the source IP range that should be blocked, for example: socks5_reject_srcip=172.16.0.0/12;127.0.0.1/32 - specify the source IP range which is allowed, for example: socks5_allow_srcip=172.16.0.0/12;127.0.0.1/32 d. Save the changes and close the file. e. Restart the socks proxy service by running the following command: $/etc/iscan/S99ISsocks5 restart Issue 40: IWSVA does not list down all websites that require client certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch provides a way to configure IWSVA to list down all websites that require client certificates allows users to configure whether it should tunnel or block these websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 40: To enable this feature: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the " https-scanning" section. [https-scanning] clientcert_handling_enhance=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 41: IWSVA does not support high availability (HA) in forward proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch provides a way for users to enable IWSVA to support active/active HA mode and active/standby HA mode in forward proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 41: To enable IWSVA to support active/active HA mode and active/standby HA mode in forward proxy mode: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/", add the following lines. [HaProxy] enable=1 c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 42: IWSVA does not support customized ip-user cache TTL for specific usernames. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch enables users to customize the ip-user cache TTL for specific usernames. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 42: To customize the ip-user cache TTL for specific usernames: a. Install this patch (see "Installation"). b. Set the number of the users that will be configured with custom TTL for ip-user cache by adding the following lines in "/usr/iwss/ commonldap/LdapCache.ini": [CustomTTL] UserNum=x Note: the maximum value of "UserNum" is 64. c. Set the sub-items for the detailed username and TTL starting with "0" as the suffix of the "User_" section and increasing by degrees. For example: [User_0] username=domain1\username1 TTL=90 [User_1] username=domain2\username2 TTL=30 Note: Use the full "domain\username" format to set the username. d. Save the changes and close the file. e. Restart IWSVA by running the following commands: $/etc/iscan/S99ISAuthDaemon stop $/etc/iscan/S99ISproxy stop $rm /usr/iwss/commonldap/.authentication_cache.dat $/etc/iscan/S99ISAuthDaemon start $/etc/iscan/S99ISproxy start Issue 43: Some environments may use several LDAP servers and need a customized notification page for users from each domain. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This patch enables users to customize the notification page for each domain. Issue 44: IWSVA does not support Full Kerberos Authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch provides a way to enable IWSVA to support Full Kerberos Authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 44: To enable IWSVA to support Full Kerberos Authentication: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "user-identification" section. [user-identification] enable_full_kerberos_feature=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 45: Users cannot disable autoswitch for SPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch allows users to disable SPS autoswitch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 45: To disable SPS autoswitch: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "Scan-configuration" section. [Scan-configuration] enable_auto_switch=0 c. Save the changes and close the file. d. Reload the daemon by running the following command: /etc/iscan/S99ISproxy reload Issue 46: When the "scan before delivery" option is enabled, users are warned of space characters in the "tmpfs" file in "/var/iwss/tmp/". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: (TT-339805) This patch updates the mechanism for the "scan before delivery" option to resolve this issue. 8.2 Patch 2 Enhancement 1: This patch includes Hotfix 1762 which adds IPv6 support in WCCP mode. Procedure 1: To enable this enhancement: a. Navigate to the following directory: cd /usr/iwss/wccp b. Run the following command: bash wccp_ipv6.sh apply Enhancement 2: This patch includes Hotfix 1762 which adds the new TMUFE category "Dynamic DNS". Enhancement 3: This patch adds a client HTTPS certificate option. Enhancement 4: This patch adds support for DDAN protocol 1.3. Enhancement 5: This patch adds support for SOCKS5 white list and ACL. Enhancement 6: This patch provides the followng FTP enhancements: - Wording in the FTP access log now uses "FQDN" instead of "IP address" - Enables the saving of FTP connection information even if no file transfer occurred Enhancement 7: This patch replaces Oracle JDK with Open JDK. Issue 1: A vulnerability in the IWSVA 6.5 Service Pack 2 program may allow certain irregularly formatted viruses in HTTP responses to bypass it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1709] This hotfix removes the vulnerability to enable IWSVA (TT-333456) to catch these viruses in HTTP responses. Issue 2: Users can click on the "Enable FTP scanning" checkbox in the "FTP Scan Rules" tabs when ICAP is enabled in reverse proxy mode ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1709] This hotfix enables IWSVA to automatically disable the (TT-345130) checkbox in the FTP Scan Rules tabs when ICAP is (TT-342955) enabled in reverse proxy mode. Issue 3: The user name information does not appear in the virus logs from IWSVA when viewed from the Trend Micro Control Manager(TM) console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1709] This hotfix resolves an issue to ensure that the user (TT-342826) name information can be displayed properly in the IWSVA virus logs on the Control Manager console. Issue 4: When users search for specific application control policies, IWSVA cannot retrieve and display all the applicable policies if the appd process has stopped running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1709] This hotfix enables IWSVA to retrieve and display all (TT-345284) applicable application control policies even when the appd process has stopped. Issue 5: IWSVA does not run the AutoSetupAlchemySettings script automatically after the system's memory set-up changes, for example, when memory is added. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1709] This hotfix enables IWSVA to run the (TT-346623) AutoSetupAlchemySettings script automatically after the system's memory changes. Issue 6: IWSVA does not display the report type when the time zone is set to "America/Cordoba". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1709] This hotfix ensures that IWSVA displays the correct (TT-347847) report type Issue 7: In versions 8 and 10 of the Microsoft(TM) Internet Explorer(TM) web browser, users encounter a JSP error while migrating the configuration file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1709] This hotfix ensures that IWSVA can migrate the (TT-348090) configuration file normally on Internet Explorer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: When the IWSVA daemon restarts, it generates a new client UUID and registers again to Trend Micro Deep Discovery Analyzer as a new IWSVA. However, the original client UUID remains in the Deep Discovery Analyzer database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1709] This hotfix ensures that each IWSVA only takes one (TT-349120) UUID. Issue 9: The IWSVA log server stops receiving logs after a log upload process stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1709] This hotfix ensures that the IWSVA log server can still (TT-342579) receive logs after a log upload process stops unexpectedly. Issue 10: When HTTPS decryption is enabled, IWSVA cannot load an HTTPS webpage if the HTTP header does not contain a "Content-length" or "Transfer-Encoding" heading. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1710] This hotfix ensures that users can access HTTPS websites (TT-349268) successfully while HTTPS decryption is enabled. Issue 11: Microsoft(TM) Internet Explorer(TM) stops responding when users import the list of blocked URLs to IWSVA and the list has more than 7000 entries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1712] This hotfix updates the parsing algorithm to improve the (TT-348926) parsing speed to enable Internet Explorer to handle large blocked URL lists. Issue 12: [Hotfix 1714] When a client uploads files to a server through an (TT-351297) application server and IWSVA scans the files through ICAP, IWSVA does not allow the acknowledgment traffic (0-byte file) to pass and sends an error code 100 instead. This happens because IWSVA checks the "Encapsulated:" ICAP header only which does not have a "null-body". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This hotfix enables IWSVA to check both the "Encapsulated:" ICAP header and the "Content-length" HTTP header so that if the "Content-length" is "0", it will also treat it as a "null-body". This ensures that IWSVA allows the acknowledgment traffic (0-byte file) to pass. Issue 13: [Hotfix 1715] IWSVA stops unexpectedly when it calls the strncpy (TT-351297) function and the length of the char pointer is "0". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This hotfix resolves the issue by enabling IWSVA to check the length of the char pointer before calling the strncpy function. Issue 14: [Hotfix 1716] IWSVA cannot save changes to the priority setting of a (TT-352892) URL filtering policy if the current policy priority is lower than 2498. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This hotfix ensures that IWSVA can save changes to the priority setting of a URL filtering policy. Issue 15: [Hotfix 1717] The URL filtering feature of IWSVA 6.5 Service Pack 2 may (TT-352982) block the wrong domains. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This hotfix ensures that IWSVA can correctly match URLs with the filtering policy so that it blocks the correct domains. Enhancement: This hotfix integrates the Trend Micro Deep Discovery [Hotfix 1721] Inspector and Trend Micro Control Manager(TM) SO acquirement interface into the IWSVA web console. This enables IWSVA to retrieve the SO list from both products, to block SOs on the list including IPs, URLs, domains, and files, and perform Advanced Threat Protection scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the feature: a. Open the "intscan.ini" file in the "/etc/iscan" folder. b. Locate or add the "so_integration_enabled" key and set its value to "1". Note: To disable the feature, set "so_integration_enabled=0". c. Save the changes and close the file. d. Refresh the "HTTP > Advanced Threat Protection > Custom Defense > Custom Defense Settings" page. Issue 16: [Hotfix 1726] After updating to IWSVA Service Pack 2 Build 1707, (TT-350383) users may not be able to browse HTTPS websites properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This hotfix resolves the issue by ensuring that IWSVA can correctly handle the TCP FIN, so that when this is killed in the webserver, the corresponding HTTP header will keeallo alive. Issue 17: [Hotfix 1726] When a client uploads files to a server through an (TT-351297) application server and IWSVA scans the files through ICAP, IWSVA does not allow the acknowledgment traffic (0-byte file) to pass and sends an error code 100 instead. This happens because IWSVA checks the "Encapsulated:" ICAP header only which does not have a "null-body". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This hotfix enables IWSVA to check both the "Encapsulated:" ICAP header and the "Content-length" HTTP header so that if the "Content-length" is "0", it will also treat it as a "null-body". This ensures that IWSVA allows the acknowledgment traffic (0-byte file) to pass. Issue 18: [Hotfix 1726] Websites do not load properly when HTTPS decryption is (TT-352011) enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This hotfix resolves the issue by enabling IWSVA to properly handle zero length data from a webserver, such as in the website "https://www.it.nrw.de". Issue 19: [Hotfix 1726] The isftpd process triggers a 100% CPU usage issue. (TT-352635) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix adds the isftpd process to the approved list in IWSVA to prevent the high CPU usage issue. Issue 20: [Hotfix 1728] An issue may prevent source IWSVA devices from sending (TT-352510) chunked data to registered child IWSVA devices. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This hotfix resolves the issue by allowing the source IWSVA device to choose between chunked mode or content- length mode response to child IWSVA devices. Issue 21: [Hotfix 1729] Dropbox cannot sync in bridge mode after users add (TT-355847) "dropbox.com" to the global trusted list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This hotfix resolves the issue by enabling IWSVA to run through the list of global trusted domains before it attempts to connect to websites. Issue 22: [Hotfix 1730] The LDAP server diagnostic tool returns a "failed" (TT-357017) result even when the LDAP server has connected normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This hotfix ensures that the diagnostic tool returns the correct LDAP server connection results. Issue 23: [Hotfix 1730] HTTPS request authentication may fail when IWSVA is (TT-355574) deployed in bridge mode between a client and the upstream proxy and the upstream proxy uses Kerberos authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This hotfix ensures that HTTPS request authentication can run successfully under the scenario described above. Issue 24: [Hotfix 1731] End users cannot see the shared remote desktop using (TT-351773) Skype(TM) in WCCP mode. This issue occurs because the OpenSSL module sends an alert message when it comes across Skype HTTPS traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This hotfix handles this issue to channel Skype HTTPS traffic. Issue 25: [Hotfix 1731] Non-administrator users are able to go beyond their (TT-355725) access permissions and apply administrator operations. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This hotfix validates the user's permissions before applying administrator operations in the web service process. Issue 26: [Hotfix 1732] In some situations, the IWSVA FTP daemon may cause high (TT-357304) CPU usage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix resolves the high CPU issue for the FTP daemon. Issue 27: [Hotfix 1733] If the IWSVA user information sync fails from the trust (TT-355470) domain of the Global Catalog, even if the user authenticates successfully through Global Catalog, the connection still fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This hotfix resolves this issue by letting the connection pass when the user authentication is successful, even if the user information sync failed from the Global Catalog. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the function: a. Open the "intscan.ini" file under the "/etc/iscan/" folder. b. Under the "http" section, set the value of the "pass_auth_not_in_ldapcache" key to "yes". c. Under the "LDAP-Setting" section, set the value of the "Prefer-sAMA" key to "yes". d. Save the changes and close the file. e. Log on into IWSVA with SSH, and restart http proxy with the follow command: /etc/iscan/S99ISproxy stop;/etc/iscan/S99ISproxy start Issue 28: [Hotfix 1735] IWSVA cannot tunnel the failed extract file. (TT-352640) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This hotfix ensures that IWSVA can tunnel the failed extract file by enabling a hidden key. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 28: To enable this function: a. Open the "intscan.ini" file in the "/etc/iscan/" folder. b. Under the "Scan-configuration" section, locate or add the "failed_extract" key and set its value to "pass". c. Locate the "skipSpecificVirus" key and add "Failed_Extract_File" to it. d. Save the changes and close the file. e. Log on to IWSVA with SSH, and restart the HTTP proxy with the follow command: /etc/iscan/S99ISproxy stop;/etc/iscan/ S99ISproxy start Issue 29: [Hotfix 1735] The "*.co/*" should not match the "*.com:443" value (TT-357285) when IWSVA performs URL matching. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This hotfix ensures that IWSVA can perform URL matching normally. Issue 30: [Hotfix 1735] The IWSVA cannot send the correct event time to Control (TT-350271) Manager when the system time zone observes daylight savings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This hotfix ensures IWSVA could not send the correct event time to Control Manager when the system time zone observes daylight savings. Issue 31: [Hotfix 1735] Sometimes, it takes a long time to browse through (TT-357018) websites in computers protected by IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This hotfix resolves the issue. Issue 32: [Hotfix 1736] HTTPS pages will not load when the UA string is (TT-357135) Microsoft Internet Explorer 11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This hotfix handles the SSL alert message, which the HTTPS server sends to IWSVA, to resolve the decryption issue. Issue 33: [Critical Patch 1737] A vulnerability in the IWSVA 6.5 Service Pack 2 (TT-333456) program may allow certain irregularly formatted viruses in HTTP responses to bypass it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This hotfix removes the vulnerability to enable IWSVA to catch these viruses in HTTP responses. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the solution: a. Open the "intscan.ini" file in the "/etc/iscan/" folder. b. Locate or add the "scan_trunk_deep" key and set its value to "yes". NOTE: The default value is "no" which disables the solution. c. Save the changes and close the file. d. Restart HTTP daemon with the command: /etc/iscan/S99ISproxy stop;/etc/iscan/S99ISproxy start Issue 34: [Hotfix 1738] IWSVA still cannot generate the RSA 4096 key certificate (TT-358779) for HTTPS decryption. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This hotfix ensures that IWSVA can generate the RSA 4096 key certificate for HTTPS decryption by enabling a hidden key. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the solution: a. Open the "intscan.ini" file in the "/etc/iscan/" folder. b. Under the "https-scanning" section, add the "rsa_length" key and set the value to "4096". c. Save the changes and close the file. d. Log on to IWSVA with SSH, and restart the HTTP proxy and FTP with the following command: /etc/iscan/S99ISproxy stop;/etc/iscan/S99ISproxy start /etc/iscan/S99ISftp stop;/etc/iscan/S99ISftp start Issue 35: [Hotfix 1739] (TT-358217, 358168, 358215, 358213, 358214, 358216, 358218, 358219, 358208, 358209, 358210, 358211, 358212, 358304, 358412) The IWSVA web service process does not validate user permissions and input parameters, leading to Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This hotfix validates the user permissions and input parameters before applying the user's requested operations in the web service process. Issue 36: [Hotfix 1740] IWSVA does not properly handle an abnormal incoming (TT-357473) request, which causes a memory exception and crashes the system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This hotfix checks the parameter of the incoming request to avoid memory usage exceptions. Issue 37: [Hotfix 1741] Formatting errors in a user's HTTPS decryption exception (TT-355124) list trigger a Java exception which will make the IWSVA web console inaccessible. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This hotfix enables IWSVA to handle these format errors to ensure that the access to the IWSVA web console is not interrupted. Issue 38: [Critical Patch 1742] (TT-358220, 358221, 358413,358412, 358746, VRTS-16, VRTS-91) The IWSVA web service process does not validate user permissions and input parameters, leading to Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This hotfix enabled IWSVA to validate the user permissions and input parameters. Issue 39: [Critical Patch 1746] (TT-358909, VRTS-219, VRTS-222, VRTS-224, VRTS-226, VRTS-227) The IWSVA web service process does not validate user permissions and input parameters, leading to Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This critical patch validates the user permissions and input parameters before applying the user's requested operations in the web service process. Issue 40: [Critical Patch 1746] The svc monitor is forced to kill the IWSVA http daemon (TT-353999) after configuration replication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This critical patch ensures that the IWSVA http daemon works normally after configuration replication. Issue 41: [Hotfix 1751] The FTP process is affected by a file descriptor (FD) leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This hotfix resolves the FD leak issue. Issue 42: [Hotfix 1751] The iwssd process is affected by an FD leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This hotfix resolves the FD leak issue. Issue 43: [Hotfix 1751] Users encounter an "HTTP status 500" error on the (SEG-2700) policy editing page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This hotfix ensures that users can access and edit policies normally through the policy editing page. Issue 44: [Hotfix 1751] IWSVA does not tunnel HTTPS traffic with (SEG-2016,SEG-2635) "*.domain.com". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This hotfix updates the URL matching policy rule to resolve the issue. Issue 45: [Hotfix 1751] A URL category name was changed in TMUFE, but was not (TT-359323) updated on the IWSVA side. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This hotfix updates the URL category name on the IWSVA side to match the information in TMUFE. Issue 46: [Hotfix 1751] When IWSVA performs LDAP authentication on (SEG2645) administrator accounts, the user account password appears in the IWSVA local log file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This hotfix ensures that user passwords are not recorded in the IWSVA local log file. Issue 47: [Hotfix 1751] In rare instances, the IWSVA web service may record (SEG1389) an unusually large bandwidth data usage in logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: This hotfix ensures that the correct information appears in logs. Issue 48: [Hotfix 1751] After installing Critical Patch 1742, users encounter (SEG-2641) exception errors while attempting to view some administration pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 48: This hotfix ensures that users can view the administration pages properly. Issue 49: [Hotfix 1753] During configuration replication, the "keep_ssl_version" (TT-349268) setting in the "intscan.ini" file is not synchronized between the source and the receiver IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 49: This hotfix ensures that the receiver IWSVA inherits the "keep_ssl_version" setting of the source IWSVA after configuration replication. Issue 50: [Hotfix 1755] The Central Log cannot be configured through the web (SEG-2722) console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 51: This hotfix resolves the user privilege validation error to ensure that users can configure the Central Log from the web console. Issue 52: [Hotfix 1755] HA proxy cannot be configured through the web console. (SEG-2952) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 52: This hotfix resolves the user privilege validation error to ensure that users can configure the HA proxy from the web console. Issue 53: [Hotfix 1755] The Static Router is affected by a remote code (VRTS-326, 328)execution vulnerability through the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 53: This hotfix removes the vulnerability by adding a function that validates parameters. Issue 54: [Hotfix 1756] An issue may trigger the iwssd daemon to stop (SEG-2567) unexpectedly when IWSVA is deployed in ICAP mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 54: This hotfix ensures that IWSVA uses the correct head file to ensure that the iwssd daemon works normally in ICAP mode. Issue 55: [Hotfix 1757] An issue prevents the Application Control "Block play (TT-359900) media" feature in IWSVA from blocking videos in YouTube. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 55: This hotfix ensures that the "Block play media" feature can effectively block YouTube videos. Issue 56: [Hotfix 1758] Application Control cannot block the latest version of (TT-357941) the Teamviewer program. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 56: This hotfix updates the ixEngine lib to enable Application Control to block Teamviewer 12. Issue 57: [Hotfix 1758] The policy editing module encounters an HTTP status 500 (SEG-2700) - ArrayIndexOutOfBoundException error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 57: This hotfix adds the corresponding data range restriction to prevent the error. Issue 58: [Hotfix 1759] An issue may prevent users from mounting an external log (SEG-4076) device using the "mount" command on the IWSVA web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 58: This hotfix resolves this issue so users can mount an external log device without issues. Issue 59: [Hotfix 1761] A null pointer issue can trigger IWSVA to stop (SEG-2567) unexpectedly when it receives an ICAP message that does not have any content. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 59: This hotfix resolves the issue by preventing IWSVA from attempting to access a null pointer when it receives an ICAP message that does not have any content. Issue 60: [Hotfix 1762] User may not be able to access HTTPS websites that (TT-359683) use a special cipher suite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 60: This hotfix enables IWSVA to support the cipher suite. Issue 61: [Hotfix 1763] The backend web service for the web console cannot (TT-4745) retrieve the correct time zone setting. As a result, the wrong time information appears in the exported log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 61: This hotfix resolves this issue to ensure that the web console can retrieve the time zone setting successfully so the correct time information appears in the exported log files. Issue 62: [Hotfix 1764] Self-defined users are redirected to the wrong web page, (TT-4826) because of an issue that prevents the backend web service for the web console from querying the privileges of self-defined roles. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 62: This hotfix resolves this issue to ensure that the web console can query self-defined role privileges so that users are redirected to the correct web page. Issue 63: (CVE-2016-5195) IWSVA is affected by CVE-2016-5195 which may lead an unprivileged local user to increase their privileges on the system ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 63: This hotfix ensures that IWSVA is not affacted by this vulnerability. 8.3 Patch 3 Issue 1: [Hotfix 1807] The "configURL" value in the "Product.ini" file changes (SEG-23688) automatically after the Trend Micro Control Manager(TM) agent (CMAgent) restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix provides a way to preserve the "configURL" value after the CMAgent restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To preserve the ""configURL" value after the CMAgent restarts: 1. Install this hotfix (see "Installation"). 2. Logon to the InterScan Web Security Virtual Appliance (IWSVA) shell console. 3. Open the "Product.ini" file in the "/var/iwss/ISAGENT_MCP/" folder. 4. Locate the following key under the "Product_Info" section and set its value to "1". [Product_Info] PersistentURL=1 5. Save the changes and close the file. Issue 2: [Hotfix 1803] An issue prevents system event logs from displaying date (SEG-21475) information later than 2017. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that system event logs can display the date information normally. Issue 3: [Hotfix 1800] A socket issue procedure issue may prevent InterScan Web Security (SEG-20161) Virtual Appliance (IWSVA) from decrypting certain HTTPS websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue to ensure that IWSVA can decrypt HTTPS websites normally. Issue 4： [Hotfix 1799] The IWSVA LDAP does not support any TLS version higher than 1.0. (SEG-16195) This causes LDAP sync to fail in systems using any higher TLS version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves this issue by enabling the LDAP to support higher TLS versions. Issue 5: [Hotfix 1798] Normal Post requests incorrectly trigger the "File transfer (SEG-17579): protocol" filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates the ixengine pattern in InterScan Web Security Virtual Appliance (IWSVA) to ensure that the App Control module recognizes normal Post requests correctly. Issue 6: [Hotfix 1794] When the number of custom categories exceeds 64 which is (SEG-19773) currently the maximum, all custom categories specified after the 64th category do not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix changes the maximum number of custom categories to 256 to ensure that all custom categories work. Issue 7： [Hotfix 1794] Detailed Logs are not being displayed on Central Log IWSVA. (SEG-6476) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix fixes the issue when log purge deletes all status logs. Issue 8: [Hotfix 1793] Users cannot access specific websites through InterScan Web (SEG-18552) Security Virtual Appliance (IWSVA) when HTTPS decryption is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix resolves this issue by adding some cipher suites. Issue 9: [Hotfix 1793] When VSAPI cleans a file, the corresponding detailed log (SEG-16276) indicates a "BLOCK" action instead of "CLEAN". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This hotfix ensures that detailed logs indicate the correct action. Issue 10: [Hotfix 1791] IWSVA may retrieve the wrong HTTPS certificate from HTTPS (SEG-15240) websites that have multi-server certificates. When this happens, the browser displays an alert HTTPS warning page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix ensures that IWSVA retrieves the correct HTTPS certificate from the HTTPS server for websites with multi-server certificates. Issue 11: [Hotfix 1791] An issue prevents IWSVA from blocking an SO that is in the SO (SEG-16285) list from the Deep Discovery Analyzer server if the SO was downloaded from a certain HTTP website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This hotfix resolves the issue to ensure that IWSVA can block all SOs on the list. Issue 12: [Hotfix 1789] Sometimes, the configuration files of the DTAS module become (SEG-12991) corrupted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This hotfix fixes the corrupted configuration files. Issue 13: [Hotfix 1788] Dropbox and some other programs will not be able to access the (SEG-11051) Internet when HTTPS traffic go through IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This hotfix resolves this issue by enabling IWSVA to support a new cipher used in the affected programs. Issue 14 [Hotfix 1788] When InterScan Web Security Virtual Appliance (IWSVA) sends feedback to the Trend Micro Feedback Engine (TMFBE), it does not include the file's SHA1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This hotfix ensures that IWSVA sends a file's SHA1 when sending feedback to the TMFBE. Issue 15: [Hotfix 1783] The "Bandwidth" information in InterScan Web Security Virtual Appliance (IWSVA) reports do not have any adaptive metric. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This hotfix resolves this issue by ensuring that IWSVA can retrieve the report data. Issue 16: [Hotfix 1783] Sometimes, the configuration files of the Trend Micro Control (SEG-12991) Manager(TM) module become corrupted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This hotfix fixes the corrupted configuration files. Issue 17: [Hotfix 1783] The nginx server cannot be deployed successfully in IWSVA because of a missing compile parameter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This hotfix resolves this issue by adding the missing compile parameter. Issue 18 [Hotfix 1782] InterScan Web Security Virtual Appliance (IWSVA) incorrectly (SEG-12464) parses the "Transfer-Encoding" header in HTTP responses when "scan_trunk_deep" is enabled. This may prevent users from accessing certain websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This hotfix ensures that IWSVA can parse the "Transfer-Encoding" header in HTTP responses when "scan_trunk_deep" is enabled. Issue 19 [Hotfix 1782] IWSVA supports SNMP V2c but not V2. However, an option on the (SEG-11857) SNMP setting page may indicate that IMSVA supports SNMP V2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix resolves the issue by updating option on the SNMP setting page to "Enable SNMP Trap V1/V2c". Issue 20 [Hotfix 1782] The DLP module may not detect and block samples during POST (SEG-8656) upload in ICAP mode ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This hotfix ensures that the DLP module can detect and block samples during POST upload in ICAP mode. Issue 21: [Hotfix 1780] An issue prevents the IWSVA Application Control feature from (SEG-11797) blocking users from sending out email messages in Google Mail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This hotfix resolves the issue so that the Application Control feature can block users from sending out email messages in Google Mail. Issue 22 [Hotfix 1778] Tomcat log files are not rotated, and consume a large portion of disk space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This hotfix ensures that Tomcat logs are rotated regularly. Issue 23: [Hotfix 1778] Optional client certificate settings are not migrated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This hotfix adds optional client certificate settings in the migration scope. Issue 24: [Hotfix 1778] InterScan Web Security Virtual Appliance (IWSVA) does not support certain characters in Lightweight Directory Access Protocol (LDAP) passwords to prevent a remote code execution (RCE) vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This hotfix ensures that IWSVA can support all characters in LDAP passwords and defend against the RCE vulnerability. Issue 25: [Hotfix 1778] IWSVA does not support certain characters in web console account passwords to prevent an RCE vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This hotfix ensures that IWSVA supports all characters in web console account passwords and defend against the RCE vulnerability. Issue 26: [Hotfix 1778] IWSVA encounters errors while importing CAs into the active (SEG-10708) certificates list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix ensures that IWSVA can correctly import CAs into the active certificate list. Issue 27: [Hotfix 1778] SHA1-intermediate ~~~~sed in HTTPS decryption. (SEG-8654) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix disables Sha1-intermediate in HTTPS decryption. Issue 28: [Hotfix 1778] An error message appears when users restart the vmware-tools (SEG-8436) service after upgrading to Patch 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This hotfix resolves the issue by adding the ko file for the vmware tool. Issue 29: [Hotfix 1775] The "URL Filtering Policy" page displays an error message when (SEG-8640) the number of "Custom Categories " is greater than 64. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This hotfix increases the number of supported "Custom Categories" to 256 to resolve the error. Issue 30: The Secure Shell (SSH) configuration on IWSVA web consoles [Hotfix 1775] suffers from the RCE vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This hotfix ensures that IWSVA can defend against the RCE vulnerability. Issue 31: [Hotfix 1775] IWSVA uses RC4 for HTTPS decryption. (SEG-4652) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This hotfix disables RC4 for HTTPS decryption. Issue 32: [Hotfix 1769] The InterScan Web Security Virtual Appliance (IWSVA) web service may not be able to detect some LDAP accounts, as a result, the LDAP server may not be able to register to IWSVA and an LDAP connection cannot be established. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This hotfix ensures that the IWSVA web service can detect LDAP accounts correctly. Issue 33: [Hotfix 1766] A memory resource is overwritten unexpectedly when IWSVA (SEG-3335) receives a response that contains a long URL. This triggers a core dump issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This hotfix enables IWSVA to handle responses that contain long URLs to prevent the memory exception error and the core dump issue. Issue 34: [Hotfix 1766] After Cluster Continuous Replication (CCR) and partial (SEG-6637) migration, all IWSVAs take the same UUID if the CCR source and source IWSVA have been registered with Deep Discovery Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This hotfix prevents any changes to IWSVA UUIDs after partial migration and CCR. UUIDs will be overwritten only after full migration when each device takes a unique ID. Issue 35: [Hotfix 1766] The following error message appears on the IWSVA direct (SEG-4427) console: > Error: column "lastupdatetime" does not exist at character 32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This hotfix updates the related SQL codes to resolve this issue. 9. Files Included in this Release ====================================================================== Filename Build No. =================================================================== libdaemon.so 1844 svcmonitor 1844 isdelvd 1844 libiwsshelper.so 1844 libproductbase.so 1844 report_logsetting.jsp 1844 lang.js 1844 report_logsetting.js 1844 IWSSGui.jar 1844 IWSSPIDlpFilter.so 1844 IWSSPIDpi.so 1844 IWSSPIJavascan.so 1844 IWSSPINcie.so 1844 IWSSPIScanVsapi.so 1844 IWSSPISigScan.so 1844 IWSSPIUrlFilter.so 1844 libftp.so 1844 libhttpproxy.so 1844 libicap.so 1844 tmpstring.js 1844 allwidgets.json 1844 log_agent.ini 1844 iwss_log_converter.py 1844 logFilteringByHits.py 1844 common_id.py 1844 client.py 1844 syncclientcert.sh 1844 HttpsClientCertTunnelDomains.ini 1844 https_clientcertificate_tunneling.jsp 1844 httpsdecrypt_client_certificate_handling.jsp 1844 libuiauutil.so 1844 libHTTPSDecryption.so 1844 lg_remove_old_clientcert.sql 1844 ui_GetDiffCountsLogClientCertificateOnedayuser.sql 1844 ui_GetDiffLogClientCertificate.sql 1844 ui_GetCountsLogClientCertificatedomain.sql 1844 ui_GetDiffCountsLogClientCertificateSevendaydomain.sql 1844 ui_GetDiffLogClientCertificateuserdomain.sql 1844 ui_GetCountsLogClientCertificateOnedaydomain.sql 1844 ui_GetDiffCountsLogClientCertificateSevenday.sql 1844 ui_GetDiffLogClientCertificateuser.sql 1844 ui_GetCountsLogClientCertificateOneday.sql 1844 ui_GetDiffCountsLogClientCertificateSevendayuserdomain.sql 1844 ui_GetLogClientCertificatedomain.sql 1844 ui_GetCountsLogClientCertificateOnedayuserdomain.sql 1844 ui_GetDiffCountsLogClientCertificateSevendayuser.sql 1844 ui_GetLogClientCertificateOnedaydomain.sql 1844 ui_GetCountsLogClientCertificateOnedayuser.sql 1844 ui_GetDiffCountsLogClientCertificate.sql 1844 ui_GetLogClientCertificateOneday.sql 1844 ui_GetCountsLogClientCertificateSevendaydomain.sql 1844 ui_GetDiffCountsLogClientCertificateuserdomain.sql 1844 ui_GetLogClientCertificateOnedayuserdomain.sql 1844 ui_GetCountsLogClientCertificateSevenday.sql 1844 ui_GetDiffCountsLogClientCertificateuser.sql 1844 ui_GetLogClientCertificateOnedayuser.sql 1844 ui_GetCountsLogClientCertificateSevendayuserdomain.sql 1844 ui_GetDiffLogClientCertificatedomain.sql 1844 ui_GetLogClientCertificateSevendaydomain.sql 1844 ui_GetCountsLogClientCertificateSevendayuser.sql 1844 ui_GetDiffLogClientCertificateOnedaydomain.sql 1844 ui_GetLogClientCertificateSevenday.sql 1844 ui_GetCountsLogClientCertificate.sql 1844 ui_GetDiffLogClientCertificateOneday.sql 1844 ui_GetLogClientCertificateSevendayuserdomain.sql 1844 ui_GetCountsLogClientCertificateuserdomain.sql 1844 ui_GetDiffLogClientCertificateOnedayuserdomain.sql 1844 ui_GetLogClientCertificateSevendayuser.sql 1844 ui_GetCountsLogClientCertificateuser.sql 1844 ui_GetDiffLogClientCertificateOnedayuser.sql 1844 ui_GetLogClientCertificate.sql 1844 ui_GetDiffCountsLogClientCertificatedomain.sql 1844 ui_GetDiffLogClientCertificateSevendaydomain.sql 1844 ui_GetLogClientCertificateuserdomain.sql 1844 ui_GetDiffCountsLogClientCertificateOnedaydomain.sql 1844 ui_GetDiffLogClientCertificateSevenday.sql 1844 ui_GetLogClientCertificateuser.sql 1844 ui_GetDiffCountsLogClientCertificateOneday.sql 1844 ui_GetDiffLogClientCertificateSevendayuserdomain.sql 1844 ui_GetDiffCountsLogClientCertificateOnedayuserdomain.sql 1844 ui_GetDiffLogClientCertificateSevendayuser.sql 1844 left.jsp 1844 ha_proxy_active_active.jsp 1844 ha_proxy_active_standby.jsp 1844 i18n_warnmsg.js 1844 web.xml 1844 iwsvafw.sh 1844 ui_AddHaProxyDevice.sql 1844 ui_AddHaProxyEvent.sql 1844 ui_DeleteHaProxyAllDevice.sql 1844 ui_DeleteHaProxyDevice.sql 1844 ui_DeleteHaProxyEvent.sql 1844 ui_GetHaProxyDevice.sql 1844 ui_GetHaProxyDeviceCount.sql 1844 ui_GetHaProxyDeviceList.sql 1844 ui_GetHaProxyEventList.sql 1844 libcommoncache.so 1844 jscan.jar 1844 libIWSSAuthClient.so 1844 create_krb5.sh 1844 AuthDaemon 1844 LdapSyncTool 1844 libcommonldap.so 1844 test_configure 1844 http_config_user_idetification.jsp 1844 ldapUtil.js 1844 iwsvaAdmin.properties 1844 ransomware_dashboard.jsp 1844 iwsvaHttp.properties 1844 dashboard.html 1844 ca_converter.py 1844 urlblocking.jsp 1844 trustedurl.jsp 1844 commonurllist.js 1844 DiagnosticTool.sh 1844 ConfigCMP.py 1844 diagnostic_tool.ini 1844 httpsdecrypt_ssl_method.jsp 1844 LDAP_query_handler.py 1844 email_sender.py 1844 FtpDownload.sh 1844 libtmprotocols.so.2003317 1844 cache_helper.sh 1844 rcIwss 1844 IWSVA_6.5-SP1_Linux.tar 1844 wccpd_monitor.py 1844 report_task.py 1844 report_template.py 1844 notifications_smtp.jsp 1844 email_sender_logging.ini 1844 libtmuseng.so.1.0.1013 1844 db_table_convert_6.5sp1_to_6.5sp2.py 1844 agent_config.py 1844 rule_file_va6.5sp1_to_va6.5sp2.xml 1844 iwss-process 1844 S99ISproxy 1844 CollectProductInfo.sh 1844 CDT_Config.ini 1844 ftp_config_action.jsp 1844 ftp_config_dlp.jsp 1844 ftp_config_exception.jsp 1844 ftp_config_spyware.jsp 1844 report_action.jsp 1844 report_action.js 1844 report_engine.py 1844 report_config.py 1844 report_config.ini 1844 dashboard_settings.js 1844 S99ISappd 1844 ADAutoDetect 1844 tmskynet.crt 1844 libProductLibrary.so 1844 AutoSetupAlchemySettings 1844 northamerica 1844 config_backup_popup.jsp 1844 dtasagent 1844 lg_remove_old_ha_event.sql 1844 DbOldDataCleanup 1844 select_users_groups.js 1844 urlf_policy_list.jsp 1844 custom_defense.jsp 1844 support.jsp 1844 support_capture_packet.jsp 1844 support_diagnostic_tool.jsp 1844 support_verbose_log.jsp 1844 upload_sample_sizing.jsp 1844 risk_level.jsp 1844 query_blacklist.py 1844 query_ddi_blacklist.py 1844 S99ISdtasd 1844 test_connection.py 1844 get_sandbox_feedback_blacklists.xml 1844 nginx 1844 LDAPTest 1844 uihelper 1844 beuihelper 1844 cmd_check.json 1844 dw_cluster_setting.jsp 1844 dw_cluster_join.jsp 1844 top.jsp 1844 system_dashboard.jsp 1844 switchRole.jsp 1844 summary_hardware_status.jsp 1844 staticRoutes.jsp 1844 staticRouteEdit.jsp 1844 SSHConfig.jsp 1844 shutdown_progress.jsp 1844 restart_sw_progress.jsp 1844 replication_config.jsp 1844 reboot_progress.jsp 1844 modify_cluster_management.jsp 1844 mgmt_ipConfig.jsp 1844 mail_config_spam.jsp 1844 mail_config_scan.jsp 1844 mail_config_proxy.jsp 1844 http_config_captive_portal.jsp 1844 data_ipConfig.jsp 1844 config_date_time.jsp 1844 cluster_management_change_weight.jsp 1844 cluster_management.jsp 1844 bandwidth_control_get_status.jsp 1844 admin_patch_mgmt2.jsp 1844 admin_patch_mgmt.jsp 1844 timezone.jsp 1844 ftp_clientip.jsp 1844 access_control_settings.jsp 1844 migration.sh 1844 migration.sh 1844 migration.ini 1844 custom_category_url_add.jsp 1844 rb_java_urlf.txt 1844 statser2.py 1844 libtmctl.so.2.5.1033 1844 libtmdata.so.2.5.1033 1844 libtmengine.so.2.5.1033 1844 libtmfilter.so.2.5.1033 1844 libtmsecurity.so.2.5.1033 1844 libtmspn.so.2.5.1033 1844 bifconnect 1844 role_management.htm 1844 iptables-1.4.16.3.tgz 1844 kernel-lt-3.10.104-1.el6.elrepo.x86_64.rpm 1844 wccp_ipv6.sh 1844 i18n_log_dynamic.js 1844 https_clientcertificate_decrypt.jsp 1844 HttpsClientCertDecryp.ini 1844 socks_load_crond.sh 1844 login_account_add_modify.jsp 1844 rule_file_va6.5sp2_to_va6.5sp2.xml 1844 urlf_section_policy_rule.jsp 1844 urlf_custom_category.jsp 1844 libdaemonbase.so 1844 catalina.conf 1844 SecurityUI 1844 log_purge.py 1844 DB.py 1844 stats_engine.py 1844 service_uwsgi.py 1844 chart_handler.py 1844 report_template.js 1844 report_template.js 1844 IniRecover.sh 1844 enums.py 1844 CLFDict.ini.commonlog 1844 CLFDict.properties 1844 libfreebl3.so 1844 libfreeblpriv3.so 1844 libgtest1.so 1844 libnspr4.so 1844 libnss3.so 1844 libnssckbi.so 1844 libnssdbm3.so 1844 libnsssysinit.so 1844 libnssutil3.so 1844 libplc4.so 1844 libplds4.so 1844 libsmime3.so 1844 libsoftokn3.so 1844 libsqlite3.so 1844 libssl3.so 1844 syseventlogset.jsp 1844 login_accounts.htm 1844 libsystemeventlog.so 1844 about_login_accounts.htm 1844 threat_resource.htm 1844 configure_module.xml 1844 show_module.xml 1844 iwsva_https_cron.sh 1844 configure_system_central.xml 1844 show_system.xml 1844 Interface.py 1844 urlfadvanceset.js 1844 policy_query.jsp 1844 getupdate 1844 tomcatctl.sh 1844 bypass_mgmtIP.sh 1844 En_Main-process 1844 encrypt 1844 getEngVer 1844 libtmprotocols.so.2003345 1844 urlfcMapping.ini 1844 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http:/www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide