<<<>>> Trend Micro, Inc. July 31, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.5 Service Pack 1 Hot Fix - Build 1321 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This hot fix was developed as a workaround or solution to a customer-reported problem. As such, this hot fix has received limited testing and has not been certified as an official product update. Consequently, THIS HOT FIX IS PROVIDED "AS IS." TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Hot Fix Release Information 1.1 Issues 1.2 Enhancements 1.3 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hot Fixes 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Hot Fix Release Information ====================================================================== 1.1 Issues =================================================================== This hot fix resolves the following issues: Issue 1: [Hot Fix 1321] (TT-322659) InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 1 does not support SHA-256 CA when it acts as a private Certificate Authority (CA). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix enables IWSVA 6.5 Service Pack 1 to support SHA-256 CA. ------------------------------------------------------------------- Issue 2: IWSVA 6.5 Service Pack 1 does NOT support TLS 1.1 and TLS 1.2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix upgrades the OpenSSL module in IWSVA 6.5 Service Pack 1 to support TLS 1.1 and TLS 1.2. ------------------------------------------------------------------- Issue 3: IWSVA 6.5 Service Pack 1 cannot sync the HTTPS exception list among multiple IWSVAs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hot fix enables IWSVA 6.5 Service Pack 1 to sync the HTTPS exception list using CCR to ensure that it can sync the list among multiple IWSVAs. ------------------------------------------------------------------- Issue 4 : IWSVA 6.5 Service Pack 1 does not allow users to customize notification messages for 5XX errors. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hot fix allows users to customize notification messages for 5xx errors. ------------------------------------------------------------------- Issue 5: IWSVA 6.5 Service Pack 1 FTP syslog does not support some tokens used in the HTTP syslog. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This hot fix enables the FTP syslog to support more tokens. ------------------------------------------------------------------- Issue 6: The IWSVA 6.5 Service Pack 1 raw log does not include the "X_forworded_for" and "Original_IP" headers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This hot fix enables IWSVA 6.5 Service Pack 1 to display the "X_forworded_for" and "Original_IP" headers in the raw log. ------------------------------------------------------------------- Issue 7: [Hot Fix 1321] (TT-325986) The Online Help (OLH) incorrectly indicates that the HTTPS port ACL is not available in ICAP mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This hot fix corrects the information on the OLH. 1.2 Enhancements =================================================================== There are no enhancements for this hot fix release. 1.3 Files Included in this Release =================================================================== A. Files for Current Issue ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- libdaemon.so 1321 svcmonitor 1321 isdelvd 1321 Files for Issue 1 ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- libHTTPSDecryption.so 1321 Files for Issue 2 ------------------------------------------------------------------ Filename Build No. ------------------------------------------------------------------- libdaemon.so 1321 libHTTPSDecription.so 1321 libcavium.so 1321 uniqueName 1321 Files for Issue 3 ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- https_exception_sync_tool.sh 1321 https_sync_tool.py 1321 iwsva_scp_except 1321 Files for Issue 4 ------------------------------------------------------------------ Filename Build No. ------------------------------------------------------------------- libhttpproxy.so 1321 500_internal_server_error_response.html 1321 502_bad_gateway_response.html 1321 503_connect_fail_response.html 1321 503_dns_fail_response.html 1321 504_dns_timeout_response.html 1321 504_server_timeout_response.html 1321 Files for Issue 5 ------------------------------------------------------------------ Filename Bu ild No. ------------------------------------------------------------------- daemon.so 1321 libftp.sp 1321 libhttpproxy.so 1321 libicap.so 1321 libsystemeventlog.so 1321 sysevtlog.dat 1321 Files for Issue 6 ------------------------------------------------------------------ Filename Build No. ------------------------------------------------------------------- libdaemon.so 1321 libftp.so 1321 libhttpproxy.so 1321 libicap.so 1321 IWSSPISigScan.so 1321 IWSSPINcie.so 1321 IWSSPIJavascan.so 1321 libiwsshelper.so 1321 IWSSPIUrlFilter.so 1321 IWSSPIDlpFilter.so 1321 IWSSPIDpi.so 1321 IWSSPIScanVsapi.so 1321 libsystemeventlog.so 1321 appd 1321 libuiauutil.so 1321 dtasagent 1321 libproductbase.so 1321 iwss_log_converter.py 1321 common_id.py 1321 log_query.py 1321 Files for Issue 7 ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- http_httpsport.htm 1321 B. Files for Previous Solutions ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- IWSSPIUrlFilter.so 1303 libhttpproxy.so 1303 libHTTPSDecryption.so 1303 appd 1305 libdaemonbase.so 1305 dtasagent 1305 client.py 1305 config_network_interface.jsp 1305 IWSSPIDlpFilter.so 1305 IWSSPIDpi.so 1305 IWSSPIJavascan.so 1305 IWSSPINcie.so 1305 IWSSPIScanVsapi.so 1305 IWSSPISigScan.so 1305 libftp.so 1305 libicap.so 1305 svcmonitor_dump.sh 1305 libtmsa.so 1305 libtmwk.so 1305 libuiauutil.so 1305 webConsole.jsp 1305 libcavium.so 1305 LdapSyncTool 1305 libcommonldap.so 1305 rule_file_va6.0_to_va6.0.xml 1305 rule_file_va6.0sp1_to_va6.0sp1.xml 1305 rule_file_va6.5_to_va6.5.xml 1305 rule_file_va6.5sp1_to_va6.5sp1.xml 1305 libtmuseng.so.1.0.1012 1305 iwss_log_converter.py 1305 logging.properties 1309 i18n_warnmsg.js 1309 pac_files_edit.jsp 1309 pac_files.jsp 1309 iwsvafw.sh 1309 IWSSGui.jar 1309 libICRCHdler.so 1313 libICRCHdler.so.1 1313 libtmsa.so 1313 libtmwk.so 1313 libdaemon.so 1313 libproductbase.so 1313 IWSSPIDlpFilter 1313 IWSSPIDpi.so 1313 IWSSPIJavascan.so 1313 IWSSPIScanVsapi.so 1313 IWSSPISigScan.so 1313 IWSSPIUrlFilter.so 1313 libhttpproxy.so 1313 libicap.so 1313 libuiauutil.so 1313 libReportLogging.so 1313 libProductLibrary.so 1313 libiwsshelper.so 1313 intscan.ini 1313 S98upgrade 1313 IWSSGui.jar 1313 2. Documentation Set ====================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Readme.txt - basic installation, known issues, release history and contact information o Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 3. System Requirements ====================================================================== There are no additional requirements for installing this hot fix. 4. Installation/Uninstallation ====================================================================== 4.1 Installation =================================================================== To install this hot fix: 1. Download the "iwsva_65_sp1_ar64_en_hfb1321.tgz" hot fix file to your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the "iwsva_65_sp1_ar64_en_hfb1321.tgz" hot fix file and click "Open". 6. Click "Upload". Your browser uploads the hot fix file to IWSVA which validates if the file is a legitimate hot fix. 7. Click "Install" to apply the hot fix and update IWSVA to build 1321. The HTTP and FTP services in IWSVA restart automatically. NOTE: Applying this hot fix interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 8. Clear the browser cache. 4.2 Uninstallation =================================================================== To uninstall the hot fix: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "hfb1321" and verify the hot fix ID and description in the confirmation page that appears. 4. Click "Uninstall" to remove hot fix 1321 and rollback IWSVA to the previous build. The HTTP and FTP services in IWSVA restart automatically. NOTE: Removing this hot fix interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this hot fix. 6. Known Issues ====================================================================== There are no known issues for this hot fix. 7. Release History ====================================================================== See the following web site for more information about updates to this product: http://www.trendmicro.com/download/product.asp?productid=86 7.1 Prior Hot Fixes =================================================================== Note: Only the new solutions were tested for this release. Prior hot fixes were tested at the time of their release. Hot Fix 1303 Issue 1: [Hot Fix 1303] (TT-321197) A parsing error prevents users from accessing a certain web site from computers protected by IWSVA 6.5 Service Pack 1 in ICAP mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix resolves the issue so that users can access the web site normally in affected computers. Issue 2: [Hot Fix 1303] (TT-321129) Builds of IWSVA 6.5 Service Pack 1 that are lower than the common build number of IWSVA 6.5 cannot register to Trend Micro Control Manager(TM) 6.0. This occurs because builds of IWSVA 6.5 Service Pack 1 are treated as builds of IWSVA 6.5 so IWSVA 6.5 Service Pack 1 build numbers that are lower than the common build number of IWSVA 6.5 are considered as out-dated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix ensures that any build of IWSVA 6.5 Service Pack 1 can successfully register to Control Manager 6.0. Issue 3: [Hot Fix 1303] (TT-318535) When the user identification feature of IWSVA 6.5 Service Pack 1 is enabled, certain client applications cannot perform authentication and will not be able to run. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This hot fix resolves the issue by enabling IWSVA 6.5 Service Pack 1 to skip authentication while processing HTTP requests when the user identification feature is enabled but the HTTP request does not have a "user-agent" header. Issue 4: [Hot Fix 1303] (TT-316742) The Server Name Identification feature does not work when IWSVA 6.5 Service Pack 1 is deployed with an upstream proxy server. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This hot fix ensures that the Server Name Identification feature works normally when IWSVA 6.5 Service Pack 1 is deployed with an upstream proxy server. Critical Patch 1305 Issue 1: (TT-000231) When the appd process closes, it may use resources that have already been released which may trigger a core dump issue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch prevents the appd process from using released resources while exiting to prevent the core dump issue. Issue 2: The iwssd process may trigger a core dump issue while accessing URLs that belong to one or more custom categories and use a multi-part format for downloads and uploads. This occurs because under this scenario, iwssd may release a memory block twice. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This critical patch prevents iwssd from releasing a memory block twice. Issue 3: When the log agent processes UserName information and a UserName uses double-byte characters, the log agent does not use Unicode to decode the UserName. This can trigger an error when the log agent attempts to check the UserName RBAC information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This critical patch enables the log agent to use Unicode to decode UserName information that contain DBCS characters. Issue 4: The iwssd process does not have a time out mechanism when it waits for scan results from the Script Analysis. This may trigger a core dump issue when there is a large number of files in the Script Analysis queue. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This critical patch prevents the core dump issue under the scenario described above. Issue 5: By default, the InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 1 web console uses HTTPS and a built-in certificate which users cannot replace. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This critical patch allows users to import their own certificates into IWSVA. Issue 6: IWSVA 6.5 Service Pack 1 uses OpenSSL 1.0.0j which is affected by several vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This critical patch updates the OpenSSL lib in IWSVA to the latest version. Issue 7: (TT-318441) By default, IWSVA 6.5 supports the "UserPrincipalName" value for authentication, however, the authentication may fail when users have configured multiple Active Directory (AD) servers. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This critical patch provides a way for users to prevent IWSVA 6.5 from converting the "UserPrincipalName" values to ensure that IWSVA 6.5 can perform authentication normally when multiple AD servers are configured. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 7: To disable "UserPrincipalName" conversion: a. Open the "LdapSetting.ini" file in the "/usr/iwss/commonldap/" folder." b. Add the "convert_prin=no" key in the "LDAP_Setting" section. [LDAP_Setting] convert_prin=no Note: To allow IWSVA 6.5 to convert "UserPrincipalName" values again, set "convert_print=yes". c. Save the changes and close the file. d. Run the following command: run cmd /etc/iscan/commonldap/LdapSyncTool.sh Issue 8: (TT-321097) By default, the scheduled configuration replication feature of IWSVA 6.5 Service Pack 1 replicates policies and configuration files, however, some users prefer to replicate policies only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This critical patch provides a way for users to configure the scheduled configuration replication feature to replicate policies only. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 8: To configure the scheduled configuration replication feature to replicate policies only: a. Open the "intscan.ini" file in the "/etc/iscan" folder on the CCR source machine. b. Add the "schedule_ccr_type=4" key in the "CCR" section. [CCR] schedule_ccr_type=4 c. Save the changes and close the file. d. Run the following command: /etc/iscan/S99IScanHttpd restart Issue 9: (TT-318351) Sometimes, Kerberos authentication fails and prevents IWSVA 6.5 Service Pack 1 from syncing with LDAP servers. This occurs when multiple AD servers have been specified in the "User Identification" page of the IWSVA 6.5 Service Pack 1 console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This critical patch ensures that IWSVA 6.5 Service Pack 1 can successfully run Kerberos authentication and sync with LDAP servers when multiple AD servers are specified in the "User Identification" page. Issue 10: (TT-318663) After migrating the configuration in IWSVA 6.5 Service Pack 1, encounter a duplicate key error while attempting to add or edit the exception list of an existing policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This critical patch updates the sequence of processes during migration to prevent the duplicate key error and to ensure that administrators can add or edit exception lists of existing policies successfully. Issue 11: (TT-314804) IWSVA 6.5 Service Pack 1 cannot block the Tor program even after users set it to block the application through the IWSVA web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This critical patch makes changes to the default settings of IWSVA 6.5 to enable the appd daemon to block programs properly. Issue 12: (TT-319892) When IWSVA 6.5 is configured to use an upstream proxy and its HTTPS decryption feature is enabled, users may not be able to access random HTTPS web sites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This critical patch ensures that users can access HTTPS web sites without issues when IWSVA is configured to use an upstream proxy and its HTTPS decryption feature is enabled. Issue 13: (TT-318221) The TMUSE engine stops unexpectedly when the Dynamic URL Categorization feature is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This critical patch resolves the issue by updating the TMUSE engine. Hot Fix 1309 Issue 1: End users cannot download the PAC file from the IWSVA 6.5 web console because the web browser does not trust the certificate of the IWSVA 6.5 web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix enables users to download the PAC file from the IWSVA 6.5 through HTTP. Issue 2: [Hot Fix 1309] (TT-322715) The "catalina.out" Tomcat log file in the IWSVA 6.5 web server may grow to a very large size. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix enables IWSVA 6.5 to clean this Tomcat log file regularly to ensure that it stays within the normal size range. Critical Patch 1313 Issue 1: (TT-318221) Some common modules in IWSVA 6.5 may stop unexpectedly and generate dump files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch updates the iCRC and SA common modules in IWSVA 6.5 to prevent these from stopping unexpectedly and generating dumb files. Issue 2: IWSVA 6.5 removes the XFF HTTP headers from customized text-based logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This critical patch ensures that IWSVA 6.5 does not delete XFF HTTP headers from customized text-based log files. Issue 3: The "client_skip_content" key setting may trigger certain vulnerabilities in IWSVA 6.5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This critical patch enables IWSVA 6.5 to clean the "client_skip_content" key setting to prevent the vulnerabilities. Issue 4: (TT-324504) Administrators encounter a S98upgrade script error when IWSVA starts up after being upgraded from version 6.5 to version 6.5 Service Pack 1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This critical patch corrects the corresponding script to ensure that it runs smoothly. Issue 5: (TT-323958) The last modified time information for a policy changes to the current time once users access the policy even when users did not make changes to the policy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This critical patch ensures that the last modified time information for policies change only when users make changes to the policy. Issue 6: (TT-321787) The migration script stops responding when it encounters a time skew issue between the configuration replication (CCR) source and receiver. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This critical patch resolves the issue. Hot Fix 1317 Issue: When IWSVA 6.5 works in ICAP deployment mode, it may not be able to respond to some ICAP requests and when this happens, clients receive service unavailable errors. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix enables IWSVA 6.5 to respond to ICAP requests normally. 8. Contact Information ====================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro by fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ====================================================================== As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With over 20 years of experience, Trend Micro provides top-ranked client, server, and cloud-based solutions that stop threats faster and protect data in physical, virtualized, and cloud environments. As new threats and vulnerabilities emerge, Trend Micro remains committed to helping customers secure data, ensure compliance, reduce costs, and safeguard business integrity. For more information, visit: http://www.trendmicro.com Trend Micro, the t-ball logo, InterScan, and Control Manager are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright 2015, Trend Micro Incorporated. All rights reserved. 10. License Agreement ====================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide