<> Trend Micro Incorporated April 4, 2018 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.5 Service Pack 2 Patch 3 - Build 1809 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/Service Pack release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About InterScan Web Security Virtual Appliance 1.1 Overview of this Release 1.2 Who Should Install this Release 2. What's New? 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Files Included in this Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About InterScan Web Security Virtual Appliance ====================================================================== InterScan Web Security Virtual Appliance (IWSVA) is a highly scalable and reliable web security solution that includes virus protection for HTTP and FTP traffic. IWSVA delivers best-in-class HTTP and FTP virus scanning that leverages the administration, policy, and centralized management of Trend Micro's Enterprise Protection Strategy. 1.1 Overview of this Release =================================================================== IWSVA 6.5 Service Pack 2 Patch 3 is cumulative and contains all product changes released after IWSVA 6.5 Service Pack 2 GM Build. 1.2 Who Should Install this Release? =================================================================== Install this patch if you are currently running any IWSVA 6.5 Service Pack 2 build. 2. What's New? ====================================================================== Note: Please install this patch before completing any of the procedures indicated in this section (see "Installation"). 2.1 Enhancements =================================================================== The following enhancements are included in this patch: Enhancement 1: This patch allows the LDAP password to support all characters. Enhancement 2: This patch provides the following password enhancements: - The password policy is: 8 to 32 alphanumeric characters + low & upper case + special character" - Passwords storage algorithm: SHA512 Procedure : To enable this enhancement: 1. Delete the user in WEBUI except admin, the path is : Administration-> Management Console->Role Management 2. Delete the old password file, the path is :/etc/iscan/prd.passwd 3. Change /etc/iscan/intscan.ini add password_enhance=yes in section [Common] 2.2 Resolved Known Issues =================================================================== Note: Patch 3 includes solutions to issues resolved in all fixes released from May 19, 2017 to April 1, 2018. Patch 3 resolves the following issues: Issue 1: [Hotfix 1807] The "configURL" value in the "Product.ini" file changes (SEG-23688) automatically after the Trend Micro Control Manager(TM) agent (CMAgent) restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hotfix provides a way to preserve the "configURL" value after the CMAgent restarts. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To preserve the ""configURL" value after the CMAgent restarts: 1. Install this hotfix (see "Installation"). 2. Logon to the InterScan Web Security Virtual Appliance (IWSVA) shell console. 3. Open the "Product.ini" file in the "/var/iwss/ISAGENT_MCP/" folder. 4. Locate the following key under the "Product_Info" section and set its value to "1". [Product_Info] PersistentURL=1 5. Save the changes and close the file. Issue 2: [Hotfix 1803] An issue prevents system event logs from displaying date (SEG-21475) information later than 2017. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix ensures that system event logs can display the date information normally. Issue 3: [Hotfix 1800] A socket issue procedure issue may prevent InterScan Web Security (SEG-20161) Virtual Appliance (IWSVA) from decrypting certain HTTPS websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hotfix resolves the issue to ensure that IWSVA can decrypt HTTPS websites normally. Issue 4： [Hotfix 1799] The IWSVA LDAP does not support any TLS version higher than 1.0. (SEG-16195) This causes LDAP sync to fail in systems using any higher TLS version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hotfix resolves this issue by enabling the LDAP to support higher TLS versions. Issue 5: [Hotfix 1798] Normal Post requests incorrectly trigger the "File transfer (SEG-17579): protocol" filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hotfix updates the ixengine pattern in InterScan Web Security Virtual Appliance (IWSVA) to ensure that the App Control module recognizes normal Post requests correctly. Issue 6: [Hotfix 1794] When the number of custom categories exceeds 64 which is (SEG-19773) currently the maximum, all custom categories specified after the 64th category do not work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hotfix changes the maximum number of custom categories to 256 to ensure that all custom categories work. Issue 7： [Hotfix 1794] Detailed Logs are not being displayed on Central Log IWSVA. (SEG-6476) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hotfix fixes the issue when log purge deletes all status logs. Issue 8: [Hotfix 1793] Users cannot access specific websites through InterScan Web (SEG-18552) Security Virtual Appliance (IWSVA) when HTTPS decryption is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This hotfix resolves this issue by adding some cipher suites. Issue 9: [Hotfix 1793] When VSAPI cleans a file, the corresponding detailed log (SEG-16276) indicates a "BLOCK" action instead of "CLEAN". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This hotfix ensures that detailed logs indicate the correct action. Issue 10: [Hotfix 1791] IWSVA may retrieve the wrong HTTPS certificate from HTTPS (SEG-15240) websites that have multi-server certificates. When this happens, the browser displays an alert HTTPS warning page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This hotfix ensures that IWSVA retrieves the correct HTTPS certificate from the HTTPS server for websites with multi-server certificates. Issue 11: [Hotfix 1791] An issue prevents IWSVA from blocking an SO that is in the SO (SEG-16285) list from the Deep Discovery Analyzer server if the SO was downloaded from a certain HTTP website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This hotfix resolves the issue to ensure that IWSVA can block all SOs on the list. Issue 12: [Hotfix 1789] Sometimes, the configuration files of the DTAS module become (SEG-12991) corrupted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This hotfix fixes the corrupted configuration files. Issue 13: [Hotfix 1788] Dropbox and some other programs will not be able to access the (SEG-11051) Internet when HTTPS traffic go through IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This hotfix resolves this issue by enabling IWSVA to support a new cipher used in the affected programs. Issue 14 [Hotfix 1788] When InterScan Web Security Virtual Appliance (IWSVA) sends feedback to the Trend Micro Feedback Engine (TMFBE), it does not include the file's SHA1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This hotfix ensures that IWSVA sends a file's SHA1 when sending feedback to the TMFBE. Issue 15: [Hotfix 1783] The "Bandwidth" information in InterScan Web Security Virtual Appliance (IWSVA) reports do not have any adaptive metric. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This hotfix resolves this issue by ensuring that IWSVA can retrieve the report data. Issue 16: [Hotfix 1783] Sometimes, the configuration files of the Trend Micro Control (SEG-12991) Manager(TM) module become corrupted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This hotfix fixes the corrupted configuration files. Issue 17: [Hotfix 1783] The nginx server cannot be deployed successfully in IWSVA because of a missing compile parameter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This hotfix resolves this issue by adding the missing compile parameter. Issue 18 [Hotfix 1782] InterScan Web Security Virtual Appliance (IWSVA) incorrectly (SEG-12464) parses the "Transfer-Encoding" header in HTTP responses when "scan_trunk_deep" is enabled. This may prevent users from accessing certain websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This hotfix ensures that IWSVA can parse the "Transfer-Encoding" header in HTTP responses when "scan_trunk_deep" is enabled. Issue 19 [Hotfix 1782] IWSVA supports SNMP V2c but not V2. However, an option on the (SEG-11857) SNMP setting page may indicate that IMSVA supports SNMP V2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix resolves the issue by updating option on the SNMP setting page to "Enable SNMP Trap V1/V2c". Issue 20 [Hotfix 1782] The DLP module may not detect and block samples during POST (SEG-8656) upload in ICAP mode ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This hotfix ensures that the DLP module can detect and block samples during POST upload in ICAP mode. Issue 21: [Hotfix 1780] An issue prevents the IWSVA Application Control feature from (SEG-11797) blocking users from sending out email messages in Google Mail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This hotfix resolves the issue so that the Application Control feature can block users from sending out email messages in Google Mail. Issue 22 [Hotfix 1778] Tomcat log files are not rotated, and consume a large portion of disk space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This hotfix ensures that Tomcat logs are rotated regularly. Issue 23: [Hotfix 1778] Optional client certificate settings are not migrated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This hotfix adds optional client certificate settings in the migration scope. Issue 24: [Hotfix 1778] InterScan Web Security Virtual Appliance (IWSVA) does not support certain characters in Lightweight Directory Access Protocol (LDAP) passwords to prevent a remote code execution (RCE) vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This hotfix ensures that IWSVA can support all characters in LDAP passwords and defend against the RCE vulnerability. Issue 25: [Hotfix 1778] IWSVA does not support certain characters in web console account passwords to prevent an RCE vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This hotfix ensures that IWSVA supports all characters in web console account passwords and defend against the RCE vulnerability. Issue 26: [Hotfix 1778] IWSVA encounters errors while importing CAs into the active (SEG-10708) certificates list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix ensures that IWSVA can correctly import CAs into the active certificate list. Issue 27: [Hotfix 1778] SHA1-intermediate is used in HTTPS decryption. (SEG-8654) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix disables Sha1-intermediate in HTTPS decryption. Issue 28: [Hotfix 1778] An error message appears when users restart the vmware-tools (SEG-8436) service after upgrading to Patch 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This hotfix resolves the issue by adding the ko file for the vmware tool. Issue 29: [Hotfix 1775] The "URL Filtering Policy" page displays an error message when (SEG-8640) the number of "Custom Categories " is greater than 64. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This hotfix increases the number of supported "Custom Categories" to 256 to resolve the error. Issue 30: The Secure Shell (SSH) configuration on IWSVA web consoles [Hotfix 1775] suffers from the RCE vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This hotfix ensures that IWSVA can defend against the RCE vulnerability. Issue 31: [Hotfix 1775] IWSVA uses RC4 for HTTPS decryption. (SEG-4652) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This hotfix disables RC4 for HTTPS decryption. Issue 32: [Hotfix 1769] The InterScan Web Security Virtual Appliance (IWSVA) web service may not be able to detect some LDAP accounts, as a result, the LDAP server may not be able to register to IWSVA and an LDAP connection cannot be established. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This hotfix ensures that the IWSVA web service can detect LDAP accounts correctly. Issue 33: [Hotfix 1766] A memory resource is overwritten unexpectedly when IWSVA (SEG-3335) receives a response that contains a long URL. This triggers a core dump issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This hotfix enables IWSVA to handle responses that contain long URLs to prevent the memory exception error and the core dump issue. Issue 34: [Hotfix 1766] After Cluster Continuous Replication (CCR) and partial (SEG-6637) migration, all IWSVAs take the same UUID if the CCR source and source IWSVA have been registered with Deep Discovery Analyzer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This hotfix prevents any changes to IWSVA UUIDs after partial migration and CCR. UUIDs will be overwritten only after full migration when each device takes a unique ID. Issue 35: [Hotfix 1766] The following error message appears on the IWSVA direct (SEG-4427) console: > Error: column "lastupdatetime" does not exist at character 32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This hotfix updates the related SQL codes to resolve this issue. 3. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com In addition to this Readme file, the documentation set for this product includes the following: - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining IWSVA. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying IWSVA. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining IWSVA. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to http://esupport.trendmicro.com 4. System Requirements ====================================================================== Install this Patch on computers running any build released after IWSVA 6.5 Service Pack 2 Build 1548. 5. Installation ====================================================================== This section explains key steps for installing. 5.1 Installing =================================================================== To install: 1. Download the "iwsva_65_sp2_ar64_en_patch3.tgz" patch file onto your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the patch file and click "Open". 6. Click "Upload". Your browser uploads the patch file to IWSVA and IWSVA validates if the file is a legitimate patch. 7. Click "Install". Note: Applying this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5.2 Uninstalling =================================================================== To roll back to the previous build: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "patch3". A confirmation page appears. 4. Verify the patch ID and description on the confirmation page. 5. Click "Uninstall". Note: Removing this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 6. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ====================================================================== There are no known issues for this patch release. 8. Release History ====================================================================== IWSVA 6.5 Service Pack 2 GM Build, November 9, 2015 IWSVA 6.5 Service Pack 2 Patch 1 - Build 1707, July 11, 2016 IWSVA 6.5 Service Pack 2 Patch 2 - Build 1765, May 19, 2017 8.1 Patch 1 =================================================================== 8.1.1 Enhancements =================================================================== There are no enhancements in IWSVA 6.5 EN SP2 Patch 1. 8.1.2 Resolved Known Issues =================================================================== IWSVA 6.5 SP2 Patch 1 resolves the following issues: Patch 1 resolves the following issues: Issue 1: Configuration replication may fail after users add a large amount of replication source information on the replication source machine. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1606] This patch ensures that configuration replication (TT-330566) works normally under the scenario described above. Issue 2: When IWSVA is deployed in bridge mode between a client and the proxy server, IWSVA may not be able to correctly categorize HTTPS websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1606] This patch ensures that IWSVA can correctly (TT-325466) categorize HTTPS websites when deployed in bridge mode between a client and the proxy server. Issue 3: Multicast data packets cannot pass through when IWSVA 6.5 is in bridge mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1606] This patch disables the "multicast_snooping" feature (TT-329888) to enable multicast data packets to pass through in bridge mode. Issue 4: Importing IWSVA 6.0 Service Pack 1 onto IWSVA 6.5 Service Pack 2 breaks the local SPS configuration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1606] This patch ensures that the local SPS configuration (TT-334243) file remains undamaged after importing the IWSVA 6.0 Service Pack 1 package onto IWSVA 6.5 Service Pack 2. Issue 5: IWSVA for Linux 6.5 Service Pack 2 does not support SMTP authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1606] This patch enables IWSVA to support SMTP (TT-328947) authentication. Issue 6: The IWSVA for Linux 6.5 Service Pack 2 stops unexpectedly while uploading log data while the log exception feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1606] This patch ensures that IWSVA can upload the log (TT-329327) data correctly while the log exception feature is enabled. Issue 7: In WCCP mode, the WCCPD daemon still communicates with the Cisco(TM) router after the HTTP/FTP scanning service stops. This results in HTTP/FTP traffic interruptions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1606] This patch adds a mechanism for monitoring the (TT-328981) status of the FTP/HTTP scanning service and the WCCPD daemon. This mechanism helps prevent HTTP/FTP traffic interruptions by stopping the WCCPD daemon from communicating with the Cisco server when the HTTP/FTP scanning service stops. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To enable this feature: a. Install this patch (see "Installation"). b. Run the following script: # nohup /usr/iwss/wccpd_monitor.py & Notes: The corresponding log will appear in the "/etc/iscan/log/wccpd_monitor.log" file. Issue 8: The DNS cache of IWSVA uses a fixed TTL setting of 12 hours and is not configurable. As a result, users may not be able to access certain websites with IP addresses that change frequently. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1606] This patch enables the DNS cache of IWSVA to (TT-332549) synchronize the TTL from the DNS server instead of using a fixed TTL. Issue 9: When users configure the local SPS through the web console, there are no instructions about the correct format for the SPS URL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1606] This patch adds this information to the local SPS (TT-334245) instructions. Issue 10: IWSVA is affected by a certain vulnerability related to the autorun section in HTTP requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1606] This patch enables IWSVA to filter the malicious autorun section in HTTP requests to resolve the vulnerability. Issue 11: IWSVA 6.5 may generate several scheduled reports with the same timestamps. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1606] This patch ensures that IWSVA 6.5 does not generate (TT-330785) duplicate scheduled reports. Issue 12: The TMUSE engine stops unexpectedly when users enable the Dynamic URL Categorization feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: [Hotfix 1606] This patch resolves this issue by updating the TMUSE (TT-333247) engine. Issue 13: Sometimes, users cannot successfully import the configuration file of IWSVA 6.5 Service Pack 1 to version 6.5 Service Pack 2 and the HTTP daemon may not be able to start. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: [Critical Patch 1608] This patch ensures that users can (TT-336035) successfully import the configuration file from IWSVA 6.5 Service Pack 1 to version 6.5 Service Pack 2. Issue 14: Sometimes, authentication fails when users add multiple domains in IWSVA 6.5 Service Pack 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch ensures that the authentication succeeds in multiple domain environments. Issue 15: After upgrading to IWSVA 6.5 SP2, users cannot access some HTTPS sites through IWSVA with HTTPS decryption enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch ensures that users can access HTTPS sites successfully even when enabling HTTPS decryption. Issue 16: IWSVA 6.5 Service Pack 2 may stop unexpectedly and generate dump files while parsing special types of cookies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: [Critical Patch 1608] This patch enables IWSVA 6.5 Service Pack 2 [SEGTT-336907] to handle special types of cookies. Issue 17: In IWSVA 6.5, administrators cannot retrieve reports for the last several days because the corresponding data have not been uploaded to the common log server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: [Critical Patch 1608] This patch resolves the issue by enabling (TT-336728) IWSVA 6.5 to regulate the size of the upload queue, which helps ensure that the log agent on clients can parse data more efficiently. Issue 18: When doing migration from configuration from the latest build of IWSVA6.5 Service Pack 1, all the HTTPS websites cannot be accessed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: [Critical Patch 1608] This patch updates the configuration of SSL (TT-337176) methods to fix this issue. Issue 19: A race issue between the appd daemon and kernel prevents clients from connecting to the Internet in proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: [Hotfix 1609] This patch enables users to allow only the HTTP (TT-332780) scanning daemon to handle application control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 19: To allow only the HTTP scanning daemon to handle application traffic: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in the "/etc/iscan/" folder. c. Locate or add the "enable_appd_daemon" key in the "app-control" section and set its value to "no". [app-control] enable_appd_daemon=no d. Save the changes and close the file. e. Restart the appd daemon by running the following command: /usr/iwss/S99ISappd restart Issue 20: Under certain conditions, when users add a period "." to an organizational unit (OU) in the "Base distinguished name" Active Directory (AD) setting and save the configuration, a "DC=" string is inserted instead. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: [Hotfix 1612] This patch ensures that the correct setting is saved (TT-337279) in the "http_config_user_idetification.jsp" file. Issue 21: An issue related to how IWSVA receives HTTP data triggers a high CPU usage issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: [Hotfix 1612] This patch resolves the issue. (TT-337061) Issue 22: When IWSVA generates reports based on an LDAP group that starts with the "&" token, the reports do not display any information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: [Hotfix 1612] This patch ensures that these reports display (TT-338606) complete and accurate information. Issue 23: Users receive blank pattern update notifications from IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: [Hotfix 1613] This patch ensures that pattern update notifications (TT-339400) from IWSVA contain complete and accurate information. Issue 24: Email notifications from IWSVA 6.5 Service Pack 2 cannot be displayed correctly because IWSVA cannot recognize and parse the "\n" characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: [Hotfix 1616] This patch ensures that IWSVA can correctly recognize (TT-341216) and handle "\n" as line breaks. Issue 25: A line in the Diagnostic Tool script file causes the FTP download testing to fail. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hotfix 1616] This patch resolves the issue to ensure that the (TT-335781) Diagnostic Tool can perform FTP download testing correctly. Issue 26: Users may not be able to access certain HTTPS websites through IWSVA when the HTTPS decryption feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: [Hotfix 1617] This patch ensures that users can access HTTPS (TT-338216) websites normally when HTTPS decryption is enabled. Issue 27: When users download a file to the computer and the "Scan before delivery" option is enabled, the download process stops unexpectedly and the file will not be saved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: [Hotfix 1617] This patch updates the way IWSVA 6.5 Service Pack 2 (TT-339799) determines if a download has completed when the "Scan before delivery" option is enabled. This helps ensure that users can download files normally under this scenario. Issue 28: An issue related to how the rest APIs of the following functions receive parameters from users may leave the computer vulnerable to remote code execution attacks. - testConfiguration function - wmi_domain_controllers function - domains ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: [Hotfix 1618] This patch safeguards against remote code execution (TT-338692, attacks by enabling IWSVA to enclose input TT-338693, parameters in double quotation marks and to skip and TT-338695) special characters inside these parameters. Issue 29: An issue prevents ixEngine from identifying the upload protocol from Google Drive and DropBox, which prevents IWSVA from blocking these programs using Application Control. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: [Hotfix 1618] This patch adds new protocols in ixEngine to enable (TT-343197) it to block specific programs. Issue 30: The "X-Infection-Found:" header in ICAP responses is followed by two space characters. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: [Hotfix 1619] This patch removes the extra space character so that (TT-343676) the "X-Infection-Found:" header in ICAP responses is followed by a single space character. Issue 31: Users cannot access HTTPS websites with non-standard ports through IWSVA when both the upstream proxy and content cache are enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: [Hotfix 1621] This patch ensures that users can access HTTPS (TT341162) websites with non-standard ports through IWSVA when both the upstream proxy and content cache are enabled. Issue 32: The ransomware detections are not displayed on the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: [Hotfix 1622] This patch ensures that the total number of (TT-346050) ransomware detections displays on the Dashboard of the web console. Issue 33: The link to syncing Mozilla(TM) certificate authorities (CA) is out-of-date which prevents IWSVA from syncing certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch updates the link to make sure that IWSVA can sync Mozilla CA successfully. Issue 34: The "Enable FTP scanning" button is not greyed-out automatically in ICAP and reverse proxy modes, but this feature is not supported in these modes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: (TT345130) This patch enables IWSVA to grey-out the "Enable FTP scanning" button in FTP pages in ICAP and reverse proxy modes. Issue 35: IWSVA uses an HTTP channel by default for ActiveUpdate (AU). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch changes the default AU upgrade channel to an HTTPS channel. Issue 36: The Global approved and blocked lists has been enhanced for website option ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: (TT-342336) This patch enables users to configure IWSVA to add two entries to include both the domain and its sub domain in the Global approved and blocked lists when the website option is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 36: To enable this feature: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "URL-blocking" section. [URL-blocking] convertDomain=yes c. Save the changes and close the file. d. Restart Tomcat(TM) by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 37: IWSVA does not record access logs when the network connection is interrupted unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch enables users to configure IWSVA to record an access log each time it detects that the network connection is interrupted unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 37: To enable IWSVA to record an access log each time it detects that the network connection is interrupted unexpectedly: a. Install this patch (see "Installation"). b. Open the "IWSSPIProtocolHttpProxy.pni" file in "/etc/iscan/" and add the following key in the "http" section. [http] enable_interrupted_log=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 38: The web browser uses the connect method to notify IWSVA that it will send an HTTPS request for a specific website. Usually, the connect method requires the host name, however, in special environments, it uses several extra headers such as the "X-FORWARDED-FOR" and some custom-built headers. A user requests for a way to enable IWSVA to record logs for these requests which can be differentiated according to the headers used in the connect method. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This patch provides a "customized text-based log" feature which can customize the HTTP header and keep the connect method to log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 38: To enable this feature: a. Install this patch (see "Installation"). b. Disable https decryption in the IWSVA web console. c. Enable text log, specify the header name which will appear in the log format setting. For example: `log_format=%a|%u|%H|%{ca_forwarded_for}h| %{x_forwarded_for}h|%{recv_request_begin}t|%{host}h| %r|%s|%{downstream_payload}p|%{handle_time}l|%n| %w|%m|%{name}f|%{size}f` Note: This setting will enable IWSVA to generate logs for requests using the header value if the header name is "x_forwarded_for" and "ca_forwarded_for". The header name is case insensitive and "_" is treated as "-". d. Open the " log_format.ini" file in "/etc/iscan/" and set "enable_text_based_log=yes" under the "text_log" section. e. Save the changes and close the file. f. Reload the daemon by running the following command: $/etc/iscan/S99ISproxy reload g. Check the log files in IWSVA. The log file is located in "/var/textlog/customized_access*" by default. Issue 39: The IWSVA socks proxy server does not support authentication and XML firewalling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This patch switches the socks proxy from "ssh" to "antinat" to enable it to support authentication and XML firewalling. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 39: To enable this feature: a. Install this patch (see "Installation"). b. Enable the socks proxy by adding the following lines in "/etc/iscan/network.ini": socks5_proxy_enabled=yes socks5_proxy_port=1080 c. Specify the other settings. - enable authentication for the request, for example: socks5_auth_enable=yes - specify the username and password for authentication, separating each user with a ";", for example: socks5_auth_users=testuser/ testpassword;testuser2/testpassword2 - specify the destination port to block, separate each port with a ";", for example: socks5_reject_dstport=443;8443 - specify the default action for the socks proxy, for example: default_allow_action=yes Notes: - "yes" means the default action is "allow", coordinate with the "socks5_reject_srcip" setting. - "no" means the default action is "reject", coordinate with the "socks5_allow_srcip" setting - specify the source IP range that should be blocked, for example: socks5_reject_srcip=172.16.0.0/12;127.0.0.1/32 - specify the source IP range which is allowed, for example: socks5_allow_srcip=172.16.0.0/12;127.0.0.1/32 d. Save the changes and close the file. e. Restart the socks proxy service by running the following command: $/etc/iscan/S99ISsocks5 restart Issue 40: IWSVA does not list down all websites that require client certificates. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This patch provides a way to configure IWSVA to list down all websites that require client certificates allows users to configure whether it should tunnel or block these websites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 40: To enable this feature: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the " https-scanning" section. [https-scanning] clientcert_handling_enhance=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 41: IWSVA does not support high availability (HA) in forward proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This patch provides a way for users to enable IWSVA to support active/active HA mode and active/standby HA mode in forward proxy mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 41: To enable IWSVA to support active/active HA mode and active/standby HA mode in forward proxy mode: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/", add the following lines. [HaProxy] enable=1 c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 42: IWSVA does not support customized ip-user cache TTL for specific usernames. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This patch enables users to customize the ip-user cache TTL for specific usernames. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 42: To customize the ip-user cache TTL for specific usernames: a. Install this patch (see "Installation"). b. Set the number of the users that will be configured with custom TTL for ip-user cache by adding the following lines in "/usr/iwss/ commonldap/LdapCache.ini": [CustomTTL] UserNum=x Note: the maximum value of "UserNum" is 64. c. Set the sub-items for the detailed username and TTL starting with "0" as the suffix of the "User_" section and increasing by degrees. For example: [User_0] username=domain1\username1 TTL=90 [User_1] username=domain2\username2 TTL=30 Note: Use the full "domain\username" format to set the username. d. Save the changes and close the file. e. Restart IWSVA by running the following commands: $/etc/iscan/S99ISAuthDaemon stop $/etc/iscan/S99ISproxy stop $rm /usr/iwss/commonldap/.authentication_cache.dat $/etc/iscan/S99ISAuthDaemon start $/etc/iscan/S99ISproxy start Issue 43: Some environments may use several LDAP servers and need a customized notification page for users from each domain. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This patch enables users to customize the notification page for each domain. Issue 44: IWSVA does not support Full Kerberos Authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This patch provides a way to enable IWSVA to support Full Kerberos Authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 44: To enable IWSVA to support Full Kerberos Authentication: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "user-identification" section. [user-identification] enable_full_kerberos_feature=yes c. Save the changes and close the file. d. Restart Tomcat by running the following command: /etc/iscan/S99IScanHttpd restart e. Clear the web browser cache. Issue 45: Users cannot disable autoswitch for SPS. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This patch allows users to disable SPS autoswitch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 45: To disable SPS autoswitch: a. Install this patch (see "Installation"). b. Open the "intscan.ini" file in "/etc/iscan/" and add the following key in the "Scan-configuration" section. [Scan-configuration] enable_auto_switch=0 c. Save the changes and close the file. d. Reload the daemon by running the following command: /etc/iscan/S99ISproxy reload Issue 46: When the "scan before delivery" option is enabled, users are warned of space characters in the "tmpfs" file in "/var/iwss/tmp/". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: (TT-339805) This patch updates the mechanism for the "scan before delivery" option to resolve this issue. 8.2 Patch 2 Enhancement 1: This patch includes Hotfix 1762 which adds IPv6 support in WCCP mode. Procedure 1: To enable this enhancement: a. Navigate to the following directory: cd /usr/iwss/wccp b. Run the following command: bash wccp_ipv6.sh apply Enhancement 2: This patch includes Hotfix 1762 which adds the new TMUFE category "Dynamic DNS". Enhancement 3: This patch adds a client HTTPS certificate option. Enhancement 4: This patch adds support for DDAN protocol 1.3. Enhancement 5: This patch adds support for SOCKS5 white list and ACL. Enhancement 6: This patch provides the followng FTP enhancements: - Wording in the FTP access log now uses "FQDN" instead of "IP address" - Enables the saving of FTP connection information even if no file transfer occurred Enhancement 7: This patch replaces Oracle JDK with Open JDK. Issue 1: A vulnerability in the IWSVA 6.5 Service Pack 2 program may allow certain irregularly formatted viruses in HTTP responses to bypass it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: [Hotfix 1709] This hotfix removes the vulnerability to enable IWSVA (TT-333456) to catch these viruses in HTTP responses. Issue 2: Users can click on the "Enable FTP scanning" checkbox in the "FTP Scan Rules" tabs when ICAP is enabled in reverse proxy mode ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: [Hotfix 1709] This hotfix enables IWSVA to automatically disable the (TT-345130) checkbox in the FTP Scan Rules tabs when ICAP is (TT-342955) enabled in reverse proxy mode. Issue 3: The user name information does not appear in the virus logs from IWSVA when viewed from the Trend Micro Control Manager(TM) console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: [Hotfix 1709] This hotfix resolves an issue to ensure that the user (TT-342826) name information can be displayed properly in the IWSVA virus logs on the Control Manager console. Issue 4: When users search for specific application control policies, IWSVA cannot retrieve and display all the applicable policies if the appd process has stopped running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: [Hotfix 1709] This hotfix enables IWSVA to retrieve and display all (TT-345284) applicable application control policies even when the appd process has stopped. Issue 5: IWSVA does not run the AutoSetupAlchemySettings script automatically after the system's memory set-up changes, for example, when memory is added. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: [Hotfix 1709] This hotfix enables IWSVA to run the (TT-346623) AutoSetupAlchemySettings script automatically after the system's memory changes. Issue 6: IWSVA does not display the report type when the time zone is set to "America/Cordoba". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: [Hotfix 1709] This hotfix ensures that IWSVA displays the correct (TT-347847) report type Issue 7: In versions 8 and 10 of the Microsoft(TM) Internet Explorer(TM) web browser, users encounter a JSP error while migrating the configuration file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: [Hotfix 1709] This hotfix ensures that IWSVA can migrate the (TT-348090) configuration file normally on Internet Explorer. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Issue 8: When the IWSVA daemon restarts, it generates a new client UUID and registers again to Trend Micro Deep Discovery Analyzer as a new IWSVA. However, the original client UUID remains in the Deep Discovery Analyzer database. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: [Hotfix 1709] This hotfix ensures that each IWSVA only takes one (TT-349120) UUID. Issue 9: The IWSVA log server stops receiving logs after a log upload process stops unexpectedly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: [Hotfix 1709] This hotfix ensures that the IWSVA log server can still (TT-342579) receive logs after a log upload process stops unexpectedly. Issue 10: When HTTPS decryption is enabled, IWSVA cannot load an HTTPS webpage if the HTTP header does not contain a "Content-length" or "Transfer-Encoding" heading. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: [Hotfix 1710] This hotfix ensures that users can access HTTPS websites (TT-349268) successfully while HTTPS decryption is enabled. Issue 11: Microsoft(TM) Internet Explorer(TM) stops responding when users import the list of blocked URLs to IWSVA and the list has more than 7000 entries. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: [Hotfix 1712] This hotfix updates the parsing algorithm to improve the (TT-348926) parsing speed to enable Internet Explorer to handle large blocked URL lists. Issue 12: [Hotfix 1714] When a client uploads files to a server through an (TT-351297) application server and IWSVA scans the files through ICAP, IWSVA does not allow the acknowledgment traffic (0-byte file) to pass and sends an error code 100 instead. This happens because IWSVA checks the "Encapsulated:" ICAP header only which does not have a "null-body". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This hotfix enables IWSVA to check both the "Encapsulated:" ICAP header and the "Content-length" HTTP header so that if the "Content-length" is "0", it will also treat it as a "null-body". This ensures that IWSVA allows the acknowledgment traffic (0-byte file) to pass. Issue 13: [Hotfix 1715] IWSVA stops unexpectedly when it calls the strncpy (TT-351297) function and the length of the char pointer is "0". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This hotfix resolves the issue by enabling IWSVA to check the length of the char pointer before calling the strncpy function. Issue 14: [Hotfix 1716] IWSVA cannot save changes to the priority setting of a (TT-352892) URL filtering policy if the current policy priority is lower than 2498. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This hotfix ensures that IWSVA can save changes to the priority setting of a URL filtering policy. Issue 15: [Hotfix 1717] The URL filtering feature of IWSVA 6.5 Service Pack 2 may (TT-352982) block the wrong domains. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This hotfix ensures that IWSVA can correctly match URLs with the filtering policy so that it blocks the correct domains. Enhancement: This hotfix integrates the Trend Micro Deep Discovery [Hotfix 1721] Inspector and Trend Micro Control Manager(TM) SO acquirement interface into the IWSVA web console. This enables IWSVA to retrieve the SO list from both products, to block SOs on the list including IPs, URLs, domains, and files, and perform Advanced Threat Protection scanning. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the feature: a. Open the "intscan.ini" file in the "/etc/iscan" folder. b. Locate or add the "so_integration_enabled" key and set its value to "1". Note: To disable the feature, set "so_integration_enabled=0". c. Save the changes and close the file. d. Refresh the "HTTP > Advanced Threat Protection > Custom Defense > Custom Defense Settings" page. Issue 16: [Hotfix 1726] After updating to IWSVA Service Pack 2 Build 1707, (TT-350383) users may not be able to browse HTTPS websites properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This hotfix resolves the issue by ensuring that IWSVA can correctly handle the TCP FIN, so that when this is killed in the webserver, the corresponding HTTP header will keep it alive. Issue 17: [Hotfix 1726] When a client uploads files to a server through an (TT-351297) application server and IWSVA scans the files through ICAP, IWSVA does not allow the acknowledgment traffic (0-byte file) to pass and sends an error code 100 instead. This happens because IWSVA checks the "Encapsulated:" ICAP header only which does not have a "null-body". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This hotfix enables IWSVA to check both the "Encapsulated:" ICAP header and the "Content-length" HTTP header so that if the "Content-length" is "0", it will also treat it as a "null-body". This ensures that IWSVA allows the acknowledgment traffic (0-byte file) to pass. Issue 18: [Hotfix 1726] Websites do not load properly when HTTPS decryption is (TT-352011) enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This hotfix resolves the issue by enabling IWSVA to properly handle zero length data from a webserver, such as in the website "https://www.it.nrw.de". Issue 19: [Hotfix 1726] The isftpd process triggers a 100% CPU usage issue. (TT-352635) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This hotfix adds the isftpd process to the approved list in IWSVA to prevent the high CPU usage issue. Issue 20: [Hotfix 1728] An issue may prevent source IWSVA devices from sending (TT-352510) chunked data to registered child IWSVA devices. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This hotfix resolves the issue by allowing the source IWSVA device to choose between chunked mode or content- length mode response to child IWSVA devices. Issue 21: [Hotfix 1729] Dropbox cannot sync in bridge mode after users add (TT-355847) "dropbox.com" to the global trusted list. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This hotfix resolves the issue by enabling IWSVA to run through the list of global trusted domains before it attempts to connect to websites. Issue 22: [Hotfix 1730] The LDAP server diagnostic tool returns a "failed" (TT-357017) result even when the LDAP server has connected normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This hotfix ensures that the diagnostic tool returns the correct LDAP server connection results. Issue 23: [Hotfix 1730] HTTPS request authentication may fail when IWSVA is (TT-355574) deployed in bridge mode between a client and the upstream proxy and the upstream proxy uses Kerberos authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This hotfix ensures that HTTPS request authentication can run successfully under the scenario described above. Issue 24: [Hotfix 1731] End users cannot see the shared remote desktop using (TT-351773) Skype(TM) in WCCP mode. This issue occurs because the OpenSSL module sends an alert message when it comes across Skype HTTPS traffic. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This hotfix handles this issue to channel Skype HTTPS traffic. Issue 25: [Hotfix 1731] Non-administrator users are able to go beyond their (TT-355725) access permissions and apply administrator operations. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This hotfix validates the user's permissions before applying administrator operations in the web service process. Issue 26: [Hotfix 1732] In some situations, the IWSVA FTP daemon may cause high (TT-357304) CPU usage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This hotfix resolves the high CPU issue for the FTP daemon. Issue 27: [Hotfix 1733] If the IWSVA user information sync fails from the trust (TT-355470) domain of the Global Catalog, even if the user authenticates successfully through Global Catalog, the connection still fails. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This hotfix resolves this issue by letting the connection pass when the user authentication is successful, even if the user information sync failed from the Global Catalog. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the function: a. Open the "intscan.ini" file under the "/etc/iscan/" folder. b. Under the "http" section, set the value of the "pass_auth_not_in_ldapcache" key to "yes". c. Under the "LDAP-Setting" section, set the value of the "Prefer-sAMA" key to "yes". d. Save the changes and close the file. e. Log on into IWSVA with SSH, and restart http proxy with the follow command: /etc/iscan/S99ISproxy stop;/etc/iscan/S99ISproxy start Issue 28: [Hotfix 1735] IWSVA cannot tunnel the failed extract file. (TT-352640) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This hotfix ensures that IWSVA can tunnel the failed extract file by enabling a hidden key. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 28: To enable this function: a. Open the "intscan.ini" file in the "/etc/iscan/" folder. b. Under the "Scan-configuration" section, locate or add the "failed_extract" key and set its value to "pass". c. Locate the "skipSpecificVirus" key and add "Failed_Extract_File" to it. d. Save the changes and close the file. e. Log on to IWSVA with SSH, and restart the HTTP proxy with the follow command: /etc/iscan/S99ISproxy stop;/etc/iscan/ S99ISproxy start Issue 29: [Hotfix 1735] The "*.co/*" should not match the "*.com:443" value (TT-357285) when IWSVA performs URL matching. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This hotfix ensures that IWSVA can perform URL matching normally. Issue 30: [Hotfix 1735] The IWSVA cannot send the correct event time to Control (TT-350271) Manager when the system time zone observes daylight savings. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This hotfix ensures IWSVA could not send the correct event time to Control Manager when the system time zone observes daylight savings. Issue 31: [Hotfix 1735] Sometimes, it takes a long time to browse through (TT-357018) websites in computers protected by IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This hotfix resolves the issue. Issue 32: [Hotfix 1736] HTTPS pages will not load when the UA string is (TT-357135) Microsoft Internet Explorer 11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This hotfix handles the SSL alert message, which the HTTPS server sends to IWSVA, to resolve the decryption issue. Issue 33: [Critical Patch 1737] A vulnerability in the IWSVA 6.5 Service Pack 2 (TT-333456) program may allow certain irregularly formatted viruses in HTTP responses to bypass it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This hotfix removes the vulnerability to enable IWSVA to catch these viruses in HTTP responses. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the solution: a. Open the "intscan.ini" file in the "/etc/iscan/" folder. b. Locate or add the "scan_trunk_deep" key and set its value to "yes". NOTE: The default value is "no" which disables the solution. c. Save the changes and close the file. d. Restart HTTP daemon with the command: /etc/iscan/S99ISproxy stop;/etc/iscan/S99ISproxy start Issue 34: [Hotfix 1738] IWSVA still cannot generate the RSA 4096 key certificate (TT-358779) for HTTPS decryption. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This hotfix ensures that IWSVA can generate the RSA 4096 key certificate for HTTPS decryption by enabling a hidden key. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable the solution: a. Open the "intscan.ini" file in the "/etc/iscan/" folder. b. Under the "https-scanning" section, add the "rsa_length" key and set the value to "4096". c. Save the changes and close the file. d. Log on to IWSVA with SSH, and restart the HTTP proxy and FTP with the following command: /etc/iscan/S99ISproxy stop;/etc/iscan/S99ISproxy start /etc/iscan/S99ISftp stop;/etc/iscan/S99ISftp start Issue 35: [Hotfix 1739] (TT-358217, 358168, 358215, 358213, 358214, 358216, 358218, 358219, 358208, 358209, 358210, 358211, 358212, 358304, 358412) The IWSVA web service process does not validate user permissions and input parameters, leading to Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This hotfix validates the user permissions and input parameters before applying the user's requested operations in the web service process. Issue 36: [Hotfix 1740] IWSVA does not properly handle an abnormal incoming (TT-357473) request, which causes a memory exception and crashes the system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This hotfix checks the parameter of the incoming request to avoid memory usage exceptions. Issue 37: [Hotfix 1741] Formatting errors in a user's HTTPS decryption exception (TT-355124) list trigger a Java exception which will make the IWSVA web console inaccessible. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This hotfix enables IWSVA to handle these format errors to ensure that the access to the IWSVA web console is not interrupted. Issue 38: [Critical Patch 1742] (TT-358220, 358221, 358413,358412, 358746, VRTS-16, VRTS-91) The IWSVA web service process does not validate user permissions and input parameters, leading to Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 38: This hotfix enabled IWSVA to validate the user permissions and input parameters. Issue 39: [Critical Patch 1746] (TT-358909, VRTS-219, VRTS-222, VRTS-224, VRTS-226, VRTS-227) The IWSVA web service process does not validate user permissions and input parameters, leading to Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 39: This critical patch validates the user permissions and input parameters before applying the user's requested operations in the web service process. Issue 40: [Critical Patch 1746] The svc monitor is forced to kill the IWSVA http daemon (TT-353999) after configuration replication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 40: This critical patch ensures that the IWSVA http daemon works normally after configuration replication. Issue 41: [Hotfix 1751] The FTP process is affected by a file descriptor (FD) leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 41: This hotfix resolves the FD leak issue. Issue 42: [Hotfix 1751] The iwssd process is affected by an FD leak issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 42: This hotfix resolves the FD leak issue. Issue 43: [Hotfix 1751] Users encounter an "HTTP status 500" error on the (SEG-2700) policy editing page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 43: This hotfix ensures that users can access and edit policies normally through the policy editing page. Issue 44: [Hotfix 1751] IWSVA does not tunnel HTTPS traffic with (SEG-2016,SEG-2635) "*.domain.com". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 44: This hotfix updates the URL matching policy rule to resolve the issue. Issue 45: [Hotfix 1751] A URL category name was changed in TMUFE, but was not (TT-359323) updated on the IWSVA side. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 45: This hotfix updates the URL category name on the IWSVA side to match the information in TMUFE. Issue 46: [Hotfix 1751] When IWSVA performs LDAP authentication on (SEG2645) administrator accounts, the user account password appears in the IWSVA local log file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 46: This hotfix ensures that user passwords are not recorded in the IWSVA local log file. Issue 47: [Hotfix 1751] In rare instances, the IWSVA web service may record (SEG1389) an unusually large bandwidth data usage in logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 47: This hotfix ensures that the correct information appears in logs. Issue 48: [Hotfix 1751] After installing Critical Patch 1742, users encounter (SEG-2641) exception errors while attempting to view some administration pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 48: This hotfix ensures that users can view the administration pages properly. Issue 49: [Hotfix 1753] During configuration replication, the "keep_ssl_version" (TT-349268) setting in the "intscan.ini" file is not synchronized between the source and the receiver IWSVA. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 49: This hotfix ensures that the receiver IWSVA inherits the "keep_ssl_version" setting of the source IWSVA after configuration replication. Issue 50: [Hotfix 1755] The Central Log cannot be configured through the web (SEG-2722) console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 51: This hotfix resolves the user privilege validation error to ensure that users can configure the Central Log from the web console. Issue 52: [Hotfix 1755] HA proxy cannot be configured through the web console. (SEG-2952) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 52: This hotfix resolves the user privilege validation error to ensure that users can configure the HA proxy from the web console. Issue 53: [Hotfix 1755] The Static Router is affected by a remote code (VRTS-326, 328)execution vulnerability through the web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 53: This hotfix removes the vulnerability by adding a function that validates parameters. Issue 54: [Hotfix 1756] An issue may trigger the iwssd daemon to stop (SEG-2567) unexpectedly when IWSVA is deployed in ICAP mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 54: This hotfix ensures that IWSVA uses the correct head file to ensure that the iwssd daemon works normally in ICAP mode. Issue 55: [Hotfix 1757] An issue prevents the Application Control "Block play (TT-359900) media" feature in IWSVA from blocking videos in YouTube. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 55: This hotfix ensures that the "Block play media" feature can effectively block YouTube videos. Issue 56: [Hotfix 1758] Application Control cannot block the latest version of (TT-357941) the Teamviewer program. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 56: This hotfix updates the ixEngine lib to enable Application Control to block Teamviewer 12. Issue 57: [Hotfix 1758] The policy editing module encounters an HTTP status 500 (SEG-2700) - ArrayIndexOutOfBoundException error. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 57: This hotfix adds the corresponding data range restriction to prevent the error. Issue 58: [Hotfix 1759] An issue may prevent users from mounting an external log (SEG-4076) device using the "mount" command on the IWSVA web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 58: This hotfix resolves this issue so users can mount an external log device without issues. Issue 59: [Hotfix 1761] A null pointer issue can trigger IWSVA to stop (SEG-2567) unexpectedly when it receives an ICAP message that does not have any content. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 59: This hotfix resolves the issue by preventing IWSVA from attempting to access a null pointer when it receives an ICAP message that does not have any content. Issue 60: [Hotfix 1762] User may not be able to access HTTPS websites that (TT-359683) use a special cipher suite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 60: This hotfix enables IWSVA to support the cipher suite. Issue 61: [Hotfix 1763] The backend web service for the web console cannot (TT-4745) retrieve the correct time zone setting. As a result, the wrong time information appears in the exported log files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 61: This hotfix resolves this issue to ensure that the web console can retrieve the time zone setting successfully so the correct time information appears in the exported log files. Issue 62: [Hotfix 1764] Self-defined users are redirected to the wrong web page, (TT-4826) because of an issue that prevents the backend web service for the web console from querying the privileges of self-defined roles. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 62: This hotfix resolves this issue to ensure that the web console can query self-defined role privileges so that users are redirected to the correct web page. Issue 63: (CVE-2016-5195) IWSVA is affected by CVE-2016-5195 which may lead an unprivileged local user to increase their privileges on the system ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 63: This hotfix ensures that IWSVA is not affacted by this vulnerability. 9. Files Included in this Release ====================================================================== Filename Build No. =================================================================== libdaemon.so 1809 svcmonitor 1809 isdelvd 1809 libiwsshelper.so 1809 libproductbase.so 1809 report_logsetting.jsp 1809 lang.js 1809 report_logsetting.js 1809 IWSSGui.jar 1809 IWSSPIDlpFilter.so 1809 IWSSPIDpi.so 1809 IWSSPIJavascan.so 1809 IWSSPINcie.so 1809 IWSSPIScanVsapi.so 1809 IWSSPISigScan.so 1809 IWSSPIUrlFilter.so 1809 libftp.so 1809 libhttpproxy.so 1809 libicap.so 1809 tmpstring.js 1809 allwidgets.json 1809 log_agent.ini 1809 iwss_log_converter.py 1809 logFilteringByHits.py 1809 common_id.py 1809 client.py 1809 syncclientcert.sh 1809 HttpsClientCertTunnelDomains.ini 1809 https_clientcertificate_tunneling.jsp 1809 httpsdecrypt_client_certificate_handling.jsp 1809 libuiauutil.so 1809 libHTTPSDecryption.so 1809 lg_remove_old_clientcert.sql 1809 ui_GetDiffCountsLogClientCertificateOnedayuser.sql 1809 ui_GetDiffLogClientCertificate.sql 1809 ui_GetCountsLogClientCertificatedomain.sql 1809 ui_GetDiffCountsLogClientCertificateSevendaydomain.sql 1809 ui_GetDiffLogClientCertificateuserdomain.sql 1809 ui_GetCountsLogClientCertificateOnedaydomain.sql 1809 ui_GetDiffCountsLogClientCertificateSevenday.sql 1809 ui_GetDiffLogClientCertificateuser.sql 1809 ui_GetCountsLogClientCertificateOneday.sql 1809 ui_GetDiffCountsLogClientCertificateSevendayuserdomain.sql 1809 ui_GetLogClientCertificatedomain.sql 1809 ui_GetCountsLogClientCertificateOnedayuserdomain.sql 1809 ui_GetDiffCountsLogClientCertificateSevendayuser.sql 1809 ui_GetLogClientCertificateOnedaydomain.sql 1809 ui_GetCountsLogClientCertificateOnedayuser.sql 1809 ui_GetDiffCountsLogClientCertificate.sql 1809 ui_GetLogClientCertificateOneday.sql 1809 ui_GetCountsLogClientCertificateSevendaydomain.sql 1809 ui_GetDiffCountsLogClientCertificateuserdomain.sql 1809 ui_GetLogClientCertificateOnedayuserdomain.sql 1809 ui_GetCountsLogClientCertificateSevenday.sql 1809 ui_GetDiffCountsLogClientCertificateuser.sql 1809 ui_GetLogClientCertificateOnedayuser.sql 1809 ui_GetCountsLogClientCertificateSevendayuserdomain.sql 1809 ui_GetDiffLogClientCertificatedomain.sql 1809 ui_GetLogClientCertificateSevendaydomain.sql 1809 ui_GetCountsLogClientCertificateSevendayuser.sql 1809 ui_GetDiffLogClientCertificateOnedaydomain.sql 1809 ui_GetLogClientCertificateSevenday.sql 1809 ui_GetCountsLogClientCertificate.sql 1809 ui_GetDiffLogClientCertificateOneday.sql 1809 ui_GetLogClientCertificateSevendayuserdomain.sql 1809 ui_GetCountsLogClientCertificateuserdomain.sql 1809 ui_GetDiffLogClientCertificateOnedayuserdomain.sql 1809 ui_GetLogClientCertificateSevendayuser.sql 1809 ui_GetCountsLogClientCertificateuser.sql 1809 ui_GetDiffLogClientCertificateOnedayuser.sql 1809 ui_GetLogClientCertificate.sql 1809 ui_GetDiffCountsLogClientCertificatedomain.sql 1809 ui_GetDiffLogClientCertificateSevendaydomain.sql 1809 ui_GetLogClientCertificateuserdomain.sql 1809 ui_GetDiffCountsLogClientCertificateOnedaydomain.sql 1809 ui_GetDiffLogClientCertificateSevenday.sql 1809 ui_GetLogClientCertificateuser.sql 1809 ui_GetDiffCountsLogClientCertificateOneday.sql 1809 ui_GetDiffLogClientCertificateSevendayuserdomain.sql 1809 ui_GetDiffCountsLogClientCertificateOnedayuserdomain.sql 1809 ui_GetDiffLogClientCertificateSevendayuser.sql 1809 left.jsp 1809 ha_proxy_active_active.jsp 1809 ha_proxy_active_standby.jsp 1809 i18n_warnmsg.js 1809 web.xml 1809 iwsvafw.sh 1809 ui_AddHaProxyDevice.sql 1809 ui_AddHaProxyEvent.sql 1809 ui_DeleteHaProxyAllDevice.sql 1809 ui_DeleteHaProxyDevice.sql 1809 ui_DeleteHaProxyEvent.sql 1809 ui_GetHaProxyDevice.sql 1809 ui_GetHaProxyDeviceCount.sql 1809 ui_GetHaProxyDeviceList.sql 1809 ui_GetHaProxyEventList.sql 1809 libcommoncache.so 1809 jscan.jar 1809 libIWSSAuthClient.so 1809 create_krb5.sh 1809 AuthDaemon 1809 LdapSyncTool 1809 libcommonldap.so 1809 test_configure 1809 http_config_user_idetification.jsp 1809 ldapUtil.js 1809 iwsvaAdmin.properties 1809 ransomware_dashboard.jsp 1809 iwsvaHttp.properties 1809 dashboard.html 1809 ca_converter.py 1809 urlblocking.jsp 1809 trustedurl.jsp 1809 commonurllist.js 1809 DiagnosticTool.sh 1809 ConfigCMP.py 1809 diagnostic_tool.ini 1809 httpsdecrypt_ssl_method.jsp 1809 LDAP_query_handler.py 1809 email_sender.py 1809 FtpDownload.sh 1809 libtmprotocols.so.2003317 1809 cache_helper.sh 1809 rcIwss 1809 IWSVA_6.5-SP1_Linux.tar 1809 wccpd_monitor.py 1809 report_task.py 1809 report_template.py 1809 notifications_smtp.jsp 1809 email_sender_logging.ini 1809 libtmuseng.so.1.0.1013 1809 db_table_convert_6.5sp1_to_6.5sp2.py 1809 agent_config.py 1809 rule_file_va6.5sp1_to_va6.5sp2.xml 1809 iwss-process 1809 S99ISproxy 1809 CollectProductInfo.sh 1809 CDT_Config.ini 1809 ftp_config_action.jsp 1809 ftp_config_dlp.jsp 1809 ftp_config_exception.jsp 1809 ftp_config_spyware.jsp 1809 report_action.jsp 1809 report_action.js 1809 report_engine.py 1809 report_config.py 1809 report_config.ini 1809 dashboard_settings.js 1809 S99ISappd 1809 ADAutoDetect 1809 tmskynet.crt 1809 libProductLibrary.so 1809 AutoSetupAlchemySettings 1809 northamerica 1809 config_backup_popup.jsp 1809 dtasagent 1809 lg_remove_old_ha_event.sql 1809 DbOldDataCleanup 1809 select_users_groups.js 1809 urlf_policy_list.jsp 1809 custom_defense.jsp 1809 support.jsp 1809 support_capture_packet.jsp 1809 support_diagnostic_tool.jsp 1809 support_verbose_log.jsp 1809 upload_sample_sizing.jsp 1809 risk_level.jsp 1809 query_blacklist.py 1809 query_ddi_blacklist.py 1809 S99ISdtasd 1809 test_connection.py 1809 get_sandbox_feedback_blacklists.xml 1809 nginx 1809 LDAPTest 1809 uihelper 1809 beuihelper 1809 cmd_check.json 1809 dw_cluster_setting.jsp 1809 dw_cluster_join.jsp 1809 top.jsp 1809 system_dashboard.jsp 1809 switchRole.jsp 1809 summary_hardware_status.jsp 1809 staticRoutes.jsp 1809 staticRouteEdit.jsp 1809 SSHConfig.jsp 1809 shutdown_progress.jsp 1809 restart_sw_progress.jsp 1809 replication_config.jsp 1809 reboot_progress.jsp 1809 modify_cluster_management.jsp 1809 mgmt_ipConfig.jsp 1809 mail_config_spam.jsp 1809 mail_config_scan.jsp 1809 mail_config_proxy.jsp 1809 http_config_captive_portal.jsp 1809 data_ipConfig.jsp 1809 config_date_time.jsp 1809 cluster_management_change_weight.jsp 1809 cluster_management.jsp 1809 bandwidth_control_get_status.jsp 1809 admin_patch_mgmt2.jsp 1809 admin_patch_mgmt.jsp 1809 timezone.jsp 1809 ftp_clientip.jsp 1809 access_control_settings.jsp 1809 migration.sh 1809 migration.sh 1809 migration.ini 1809 custom_category_url_add.jsp 1809 rb_java_urlf.txt 1809 statser2.py 1809 libtmctl.so.2.5.1033 1809 libtmdata.so.2.5.1033 1809 libtmengine.so.2.5.1033 1809 libtmfilter.so.2.5.1033 1809 libtmsecurity.so.2.5.1033 1809 libtmspn.so.2.5.1033 1809 bifconnect 1809 role_management.htm 1809 iptables-1.4.16.3.tgz 1809 kernel-lt-3.10.104-1.el6.elrepo.x86_64.rpm 1809 wccp_ipv6.sh 1809 i18n_log_dynamic.js 1809 https_clientcertificate_decrypt.jsp 1809 HttpsClientCertDecryp.ini 1809 socks_load_crond.sh 1809 login_account_add_modify.jsp 1809 rule_file_va6.5sp2_to_va6.5sp2.xml 1809 urlf_section_policy_rule.jsp 1809 urlf_custom_category.jsp 1809 libdaemonbase.so 1809 catalina.conf 1809 SecurityUI 1809 log_purge.py 1809 DB.py 1809 stats_engine.py 1809 service_uwsgi.py 1809 chart_handler.py 1809 report_template.js 1809 report_template.js 1809 IniRecover.sh 1809 enums.py 1809 CLFDict.ini.commonlog 1809 CLFDict.properties 1809 libfreebl3.so 1809 libfreeblpriv3.so 1809 libgtest1.so 1809 libnspr4.so 1809 libnss3.so 1809 libnssckbi.so 1809 libnssdbm3.so 1809 libnsssysinit.so 1809 libnssutil3.so 1809 libplc4.so 1809 libplds4.so 1809 libsmime3.so 1809 libsoftokn3.so 1809 libsqlite3.so 1809 libssl3.so 1809 syseventlogset.jsp 1809 login_accounts.htm 1809 10. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 11. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http:/www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide